Contract Name:
SupraSValueFeedVerifier
Contract Source Code:
// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;
import "./BLS.sol";
import "./ISupraSValueFeed.sol";
import {EnumerableSet} from "./EnumerableSet.sol";
import {UUPSUpgradeable} from "../lib/openzeppelin-contracts/contracts/proxy/utils/UUPSUpgradeable.sol";
import {Ownable2StepUpgradeable} from "../lib/openzeppelin-contracts-upgradeable/contracts/access/Ownable2StepUpgradeable.sol";
import "../lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol";
/// @title Supra SMR Block Utilities
/// @notice This library contains the data structures and functions for hashing SMR blocks.
/// @dev This library is primarily used by the SupraSValueFeedVerifier contract.
library Smr {
/// @notice A vote is a block with a round number.
/// @dev The library assumes the round number is passed in little endian format
struct Vote {
MinBlock smrBlock;
// SPEC: smrBlock.round.to_le_bytes()
bytes8 roundLE;
}
/// @notice A partial SMR block containing the bare-minimum for hashing
struct MinBlock {
uint64 round;
uint128 timestamp;
bytes32 author;
bytes32 qcHash;
bytes32[] batchHashes;
}
/// @notice An SMR Transaction
struct MinTxn {
bytes32[] clusterHashes;
bytes32 sender;
bytes10 protocol;
bytes1 tx_sub_type;
}
/// @notice A partial SMR batch containing the bare-minimum for hashing
/// @dev The library assumes that txnHashes is a list of keccak256 hashes of abi encoded SMR transaction
struct MinBatch {
bytes10 protocol;
// SPEC: List of keccak256(Txn.clusterHashes, Txn.sender, Txn.protocol, Txn.tx_sub_type)
bytes32[] txnHashes;
}
/// @notice An SMR Signed Coherent Cluster
struct SignedCoherentCluster {
CoherentCluster cc;
bytes qc;
uint256 round;
Origin origin;
}
/// @notice An SMR Coherent Cluster containing the price data
struct CoherentCluster {
bytes32 dataHash;
uint256[] pair;
uint256[] prices;
uint256[] timestamp;
uint256[] decimals;
}
/// @notice An SMR Txn Sender
struct Origin {
bytes32 _publicKeyIdentity;
uint256 _pubMemberIndex;
uint256 _committeeIndex;
}
/// @notice Hash an SMR Transaction
/// @param txn The SMR transaction to hash
/// @return Hash of the SMR Transaction
function hashTxn(MinTxn memory txn) internal pure returns (bytes32) {
bytes memory clustersConcat = abi.encodePacked(txn.clusterHashes);
return keccak256(abi.encodePacked(clustersConcat, txn.sender, txn.protocol, txn.tx_sub_type));
}
/// @notice Hash an SMR Batch
/// @param batch The SMR batch to hash
/// @return Hash of the SMR Batch
function hashBatch(MinBatch memory batch) internal pure returns (bytes32) {
bytes32 txnsHash = keccak256(abi.encodePacked(batch.txnHashes));
return keccak256(abi.encodePacked(batch.protocol, txnsHash));
}
/// @notice Hash an SMR Vote
/// @param vote The SMR vote to hash
/// @return Hash of the SMR Vote
function hashVote(Vote memory vote) internal pure returns (bytes32) {
bytes32 batchesHash = keccak256(abi.encodePacked(vote.smrBlock.batchHashes));
bytes32 blockHash = keccak256(
abi.encodePacked(
vote.smrBlock.round, vote.smrBlock.timestamp, vote.smrBlock.author, vote.smrBlock.qcHash, batchesHash
)
);
return keccak256(abi.encodePacked(blockHash, vote.roundLE));
}
}
/// @title Supra Oracle Value Feed Verifier Contract
/// @notice This contract verifies Oracle SMR Transactions using BLS Signatures and stores the price data
/// @dev The storage is done in a separate contract called `SupraSValueFeedStorage`
contract SupraSValueFeedVerifier is Ownable2StepUpgradeable,UUPSUpgradeable {
/// @notice It is identification that is common for both client and contract
/// @dev It is BLS signature verification dependency mostly keccak256 hash of some input
bytes32 domain;
/// @notice The current contract authority
/// @dev It is the BN254 public key of the committee
uint256[4] publicKey;
ISupraSValueFeed public supraSValueFeedStorage;
using EnumerableSet for EnumerableSet.AddressSet;
using EnumerableSet for EnumerableSet.UintSet;
EnumerableSet.AddressSet private whitelistedFreeNodes;
/// @notice Currently Deprecated
/// @dev We need to keep this just to avoid storage collision
EnumerableSet.UintSet private hccPairs;
/// @dev Set of verified votes to minimize computation
mapping(bytes32 smrVoteHash => bool duplicateSmrVote) verifiedVotes;
/// @dev Set of processed transactions to prevent replay attacks
mapping(bytes32 smrTxnHash => bool duplicateSmrTxn) processedTxns;
uint256 internal blsPrecompileGasCost;
mapping(uint256 committee_id => uint256[4] public_key) private committee_public_key;
// Max Future time is 3sec from the current block time.
uint256 public constant TIME_DELTA_ALLOWANCE = 3000;
/// @notice It will put log to the individual free node wallets those added to the whitelist
/// @dev It will be emitted once the free node is added to the whitelist
/// @param freeNodeWalletAddress is the address through which free node wallet is to be whitelisted
event FreeNodeWhitelisted(address freeNodeWalletAddress);
/// @notice It will put log to the multiple free node wallets those added to the whitelist in bulk
/// @dev It will be emitted once multiple free nodes are added to the whitelist
/// @param freeNodeWallets is the array of address through which is multiple free nodes are to be whitelisted
event MultipleFreeNodesWhitelisted(address[] freeNodeWallets);
/// @notice It will put log to the individual free node wallets those removed from the whitelist
/// @dev It will be emitted once the free node is removed from the whitelist
/// @param freeNodeWallet is the address which to be removed from the whitelist
event FreeNodeRemovedFromWhitelist(address freeNodeWallet);
error InvalidBatch();
error InvalidTransaction();
error DuplicateCluster();
error ClusterNotVerified();
error BLSInvalidPublicKeyorSignaturePoints();
error BLSIncorrectInputMessaage();
error FreeNodeIsAlreadyWhitelisted();
error FreeNodeIsNotWhitelisted();
error InvalidOperation();
error IncorrectFutureUpdate(uint256 FutureLengthInMsecs);
event PublicKeyUpdated(uint256 committee_id, uint256[4] publicKey);
event PublicKeyUpdated(uint256[4] publicKey);
/// @dev disabling the initializers only for the implementaion contract
constructor() {
_disableInitializers();
}
/// @notice This function will work similar to Constructor as we cannot use constructor while using proxy
/// @dev Initialize the respective variables once and behaves similar to constructor
/// @param _domain This a part of the data on which BLS Signature will be made.
/// @param _supraSValueFeedStorage SupraSValueFeedStorage contract address
/// @param _publicKey BLS public key
/// @param _blsPrecompileGasCost amount of gas needed to verify the signature
function initialize(
bytes32 _domain,
address _supraSValueFeedStorage,
uint256[4] memory _publicKey,
uint256 _blsPrecompileGasCost
) public initializer {
Ownable2StepUpgradeable.__Ownable2Step_init();
domain = _domain;
supraSValueFeedStorage = ISupraSValueFeed(_supraSValueFeedStorage);
publicKey = _publicKey;
blsPrecompileGasCost = _blsPrecompileGasCost;
}
/// @notice Helper function for upgradibility
/// @dev While upgrading using UUPS proxy interface, when we call upgradeTo(address) function
/// @dev we need to check that only owner can upgrade
/// @param newImplementation address of the new implementation contract
function _authorizeUpgrade(address newImplementation) internal virtual override onlyOwner {}
/// @notice Verify and mark a vote as verified.
/// @param vote The vote to be verified.
/// @param sig The signature associated with the vote.
/// @dev This function verifies the given vote by checking if it has already been verified or if the signature is valid.
/// @dev If the vote is verified, it is marked as verified by updating the `verifiedVotes` mapping.
function requireVoteVerified(Smr.Vote memory vote, uint256[2] calldata sig) internal {
bytes32 smrVoteHash = Smr.hashVote(vote);
if (verifiedVotes[smrVoteHash]) {
return;
}
requireHashVerified_V1(bytes.concat(smrVoteHash), sig);
verifiedVotes[smrVoteHash] = true;
}
/// @notice Verify and process an Oracle Transaction
/// @dev The vote hash is cached to avoid re-verifying BLS signatures
/// @dev Each transaction contains price data for multiple pairs
/// @dev The price data is stored in a separate contract
/// @dev Stale price data is ignored
/// @param vote The SMR Vote the transaction is part of
/// @param smrBatch The SMR Batch the transaction is part of
/// @param smrTxn The SMR Transaction
/// @param sccR The Signed Coherent Cluster containing the price data
/// @param batchIdx The index of the batch in the vote
/// @param txnIdx The index of the transaction in the batch
/// @param clusterIdx the index of the EVM cluster hash in the transaction
/// @param sig The BLS signature of the vote, signed by the contract's authority
function processCluster(
Smr.Vote memory vote,
Smr.MinBatch memory smrBatch,
Smr.MinTxn memory smrTxn,
bytes calldata sccR,
uint256 batchIdx,
uint256 txnIdx,
uint256 clusterIdx,
uint256[2] calldata sig
) external {
requireVoteVerified(vote, sig);
bytes32 batchHash = Smr.hashBatch(smrBatch);
if (vote.smrBlock.batchHashes[batchIdx] != batchHash) {
revert InvalidBatch();
}
bytes32 txnHash = Smr.hashTxn(smrTxn);
if (smrBatch.txnHashes[txnIdx] != txnHash) {
revert InvalidTransaction();
}
if (processedTxns[txnHash]) {
revert DuplicateCluster();
}
processedTxns[txnHash] = true;
bytes32 sccHash = keccak256(sccR);
if (smrTxn.clusterHashes[clusterIdx] != sccHash) {
revert ClusterNotVerified();
}
Smr.SignedCoherentCluster memory scc = abi.decode(sccR, (Smr.SignedCoherentCluster));
uint256 round = scc.round;
uint256 maxFutureTimestamp = block.timestamp * 1000 + TIME_DELTA_ALLOWANCE;
for (uint256 i = 0; i < scc.cc.pair.length; ++i) {
uint256 pair = scc.cc.pair[i];
uint256 timestamp = scc.cc.timestamp[i];
uint256 prevRound = supraSValueFeedStorage.getRound(pair);
if (prevRound > round) {
continue;
} else if (round > maxFutureTimestamp) {
revert IncorrectFutureUpdate(round - block.timestamp * 1000);
}
packData(pair, round, scc.cc.decimals[i], timestamp, scc.cc.prices[i]);
}
}
/// @notice It helps to pack many data points into one single word (32 bytes)
/// @dev This function will take the required parameters, Will shift the value to its specific position
/// @dev For concatenating one value with another we are using unary OR operator
/// @dev Saving the Packed data into the SupraStorage Contract
/// @param _pair Pair identifier of the token pair
/// @param _round Round on which DORA nodes collects and post the pair data
/// @param _decimals Number of decimals that the price of the pair supports
/// @param _price Price of the pair
/// @param _time Last updated timestamp of the pair
function packData(uint256 _pair, uint256 _round, uint256 _decimals, uint256 _time, uint256 _price) internal {
uint256 r = uint256(_round) << 192;
r = r | _decimals << 184;
r = r | _time << 120;
r = r | _price << 24;
supraSValueFeedStorage.restrictedSetSupraStorage(_pair, bytes32(r));
}
/// @dev Requires the provided message to be verified using the contract's authority public key and BLS signature.
/// @param _message The message to be verified.
/// @param _signature The BLS signature of the message.
/// @dev This function verifies the BLS signature by calling the BLS precompile contract and checks if the message matches the provided signature.
/// @dev If the signature verification fails or if there is an issue with the BLS precompile contract call, the function reverts with an error.
function requireHashVerified_V1(bytes memory _message, uint256[2] calldata _signature) public view {
bool callSuccess;
bool checkSuccess;
(checkSuccess, callSuccess) =
BLS.verifySingle(_signature, publicKey, BLS.hashToPoint(domain, _message), blsPrecompileGasCost);
if (!callSuccess) {
revert BLSInvalidPublicKeyorSignaturePoints();
}
if (!checkSuccess) {
revert BLSIncorrectInputMessaage();
}
}
/// @dev Requires the provided message to be verified using the contract's authority public key and BLS signature.
/// @param _message The message to be verified.
/// @param _signature The BLS signature of the message.
/// @dev This function verifies the BLS signature by calling the BLS precompile contract and checks if the message matches the provided signature.
/// @dev If the signature verification fails or if there is an issue with the BLS precompile contract call, the function reverts with an error.
function requireHashVerified_V2(bytes32 _message, uint256[2] calldata _signature, uint256 committee_id)
public
view
{
bool callSuccess;
bool checkSuccess;
(checkSuccess, callSuccess) = BLS.verifySingle(
_signature,
committee_public_key[committee_id],
BLS.hashToPoint(domain, abi.encode(_message)),
blsPrecompileGasCost
);
if (!callSuccess) {
revert BLSInvalidPublicKeyorSignaturePoints();
}
if (!checkSuccess) {
revert BLSIncorrectInputMessaage();
}
}
/// @notice Update the contract authority
/// @dev WARN: The validity of the public key is not verified
/// @param _publicKey The new contract authority (BN254 public key)
// TODO: should be signed by old public key instead
function updatePublicKey(uint256 committee_id, uint256[4] memory _publicKey, bool new_committee) public onlyOwner {
if (new_committee && committee_public_key[committee_id][0] == 0) {
committee_public_key[committee_id] = _publicKey;
} else if (!new_committee && committee_public_key[committee_id][0] != 0) {
committee_public_key[committee_id] = _publicKey;
} else {
revert InvalidOperation();
}
emit PublicKeyUpdated(committee_id, _publicKey);
}
/// @notice Update the contract authority
/// @dev WARN: The validity of the public key is not verified
/// @param _publicKey The new contract authority (BN254 public key)
// TODO: should be signed by old public key instead
function updatePublicKey(uint256[4] memory _publicKey) public onlyOwner {
publicKey = _publicKey;
emit PublicKeyUpdated(_publicKey);
}
/// @notice get the current contract authority
/// @dev The BN254 public key of the Oracle Committee
/// @return The current contract authority
function checkPublicKey() external view returns (uint256[4] memory) {
return publicKey;
}
/// @notice get the current contract authority
/// @dev The BN254 public key of the Oracle Committee
/// @param committee_id The committee ID for which we need public key
/// @return The current contract authority
function checkCommitteePublicKey(uint256 committee_id) external view returns (uint256[4] memory) {
return committee_public_key[committee_id];
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import {ModexpInverse, ModexpSqrt} from "./ModExp.sol";
import {BNPairingPrecompileCostEstimator} from "./BNPairingPrecompileCostEstimator.sol";
library BLS {
uint256 private constant N = 21888242871839275222246405745257275088696311157297823662689037894645226208583;
uint256 private constant N_G2_X1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634;
uint256 private constant N_G2_X0 = 10857046999023057135944570762232829481370756359578518086990519993285655852781;
uint256 private constant N_G2_Y1 = 17805874995975841540914202342111839520379459829704422454583296818431106115052;
uint256 private constant N_G2_Y0 = 13392588948715843804641432497768002650278120570034223513918757245338268106653;
uint256 private constant Z0 = 0x0000000000000000b3c4d79d41a91759a9e4c7e359b6b89eaec68e62effffffd;
uint256 private constant Z1 = 0x000000000000000059e26bcea0d48bacd4f263f1acdb5c4f5763473177fffffe;
uint256 private constant T24 = 0x1000000000000000000000000000000000000000000000000;
uint256 private constant MASK24 = 0xffffffffffffffffffffffffffffffffffffffffffffffff;
address private constant COST_ESTIMATOR_ADDRESS = 0x079d8077C465BD0BF0FC502aD2B846757e415661;
function verifySingle(
uint256[2] memory signature,
uint256[4] memory pubkey,
uint256[2] memory message,
uint256 precompileGasCost
) internal view returns (bool, bool) {
uint256[12] memory input = [
signature[0],
signature[1],
N_G2_X1,
N_G2_X0,
N_G2_Y1,
N_G2_Y0,
message[0],
message[1],
pubkey[1],
pubkey[0],
pubkey[3],
pubkey[2]
];
uint256[1] memory out;
// uint256 precompileGasCost =
// BNPairingPrecompileCostEstimator(COST_ESTIMATOR_ADDRESS).getGasCost(
// 2
// );
bool callSuccess;
// solium-disable-next-line security/no-inline-assembly
assembly {
callSuccess := staticcall(precompileGasCost, 8, input, 384, out, 0x20)
}
if (!callSuccess) {
return (false, false);
}
return (out[0] != 0, true);
}
function verifyMultiple(uint256[2] memory signature, uint256[4][] memory pubkeys, uint256[2][] memory messages)
internal
view
returns (bool checkResult, bool callSuccess)
{
uint256 size = pubkeys.length;
require(size > 0, "BLS: number of public key is zero");
require(size == messages.length, "BLS: number of public keys and messages must be equal");
uint256 inputSize = (size + 1) * 6;
uint256[] memory input = new uint256[](inputSize);
input[0] = signature[0];
input[1] = signature[1];
input[2] = N_G2_X1;
input[3] = N_G2_X0;
input[4] = N_G2_Y1;
input[5] = N_G2_Y0;
for (uint256 i = 0; i < size; i++) {
input[i * 6 + 6] = messages[i][0];
input[i * 6 + 7] = messages[i][1];
input[i * 6 + 8] = pubkeys[i][1];
input[i * 6 + 9] = pubkeys[i][0];
input[i * 6 + 10] = pubkeys[i][3];
input[i * 6 + 11] = pubkeys[i][2];
}
uint256[1] memory out;
uint256 precompileGasCost = BNPairingPrecompileCostEstimator(COST_ESTIMATOR_ADDRESS).getGasCost(size + 1);
assembly {
callSuccess := staticcall(precompileGasCost, 8, add(input, 0x20), mul(inputSize, 0x20), out, 0x20)
}
if (!callSuccess) {
return (false, false);
}
return (out[0] != 0, true);
}
function hashToPoint(bytes32 domain, bytes memory message) internal view returns (uint256[2] memory) {
uint256[2] memory u = hashToField(domain, message);
uint256[2] memory p0 = mapToPoint(u[0]);
uint256[2] memory p1 = mapToPoint(u[1]);
uint256[4] memory bnAddInput;
bnAddInput[0] = p0[0];
bnAddInput[1] = p0[1];
bnAddInput[2] = p1[0];
bnAddInput[3] = p1[1];
bool success;
assembly {
success := staticcall(sub(gas(), 2000), 6, bnAddInput, 128, p0, 64)
switch success
case 0 { invalid() }
}
require(success, "BLS: bn add call failed");
return p0;
}
function mapToPoint(uint256 _x) internal pure returns (uint256[2] memory p) {
require(_x < N, "mapToPointFT: invalid field element");
uint256 x = _x;
(, bool decision) = sqrt(x);
uint256 a0 = mulmod(x, x, N);
a0 = addmod(a0, 4, N);
uint256 a1 = mulmod(x, Z0, N);
uint256 a2 = mulmod(a1, a0, N);
a2 = inverse(a2);
a1 = mulmod(a1, a1, N);
a1 = mulmod(a1, a2, N);
// x1
a1 = mulmod(x, a1, N);
x = addmod(Z1, N - a1, N);
// check curve
a1 = mulmod(x, x, N);
a1 = mulmod(a1, x, N);
a1 = addmod(a1, 3, N);
bool found;
(a1, found) = sqrt(a1);
if (found) {
if (!decision) {
a1 = N - a1;
}
return [x, a1];
}
// x2
x = N - addmod(x, 1, N);
// check curve
a1 = mulmod(x, x, N);
a1 = mulmod(a1, x, N);
a1 = addmod(a1, 3, N);
(a1, found) = sqrt(a1);
if (found) {
if (!decision) {
a1 = N - a1;
}
return [x, a1];
}
// x3
x = mulmod(a0, a0, N);
x = mulmod(x, x, N);
x = mulmod(x, a2, N);
x = mulmod(x, a2, N);
x = addmod(x, 1, N);
// must be on curve
a1 = mulmod(x, x, N);
a1 = mulmod(a1, x, N);
a1 = addmod(a1, 3, N);
(a1, found) = sqrt(a1);
require(found, "BLS: bad ft mapping implementation");
if (!decision) {
a1 = N - a1;
}
return [x, a1];
}
function isValidSignature(uint256[2] memory signature) internal pure returns (bool) {
if ((signature[0] >= N) || (signature[1] >= N)) {
return false;
} else {
return isOnCurveG1(signature);
}
}
function isOnCurveG1(uint256[2] memory point) internal pure returns (bool _isOnCurve) {
assembly {
let t0 := mload(point)
let t1 := mload(add(point, 32))
let t2 := mulmod(t0, t0, N)
t2 := mulmod(t2, t0, N)
t2 := addmod(t2, 3, N)
t1 := mulmod(t1, t1, N)
_isOnCurve := eq(t1, t2)
}
}
function isOnCurveG2(uint256[4] memory point) internal pure returns (bool _isOnCurve) {
assembly {
// x0, x1
let t0 := mload(point)
let t1 := mload(add(point, 32))
// x0 ^ 2
let t2 := mulmod(t0, t0, N)
// x1 ^ 2
let t3 := mulmod(t1, t1, N)
// 3 * x0 ^ 2
let t4 := add(add(t2, t2), t2)
// 3 * x1 ^ 2
let t5 := addmod(add(t3, t3), t3, N)
// x0 * (x0 ^ 2 - 3 * x1 ^ 2)
t2 := mulmod(add(t2, sub(N, t5)), t0, N)
// x1 * (3 * x0 ^ 2 - x1 ^ 2)
t3 := mulmod(add(t4, sub(N, t3)), t1, N)
// x ^ 3 + b
t0 := addmod(t2, 0x2b149d40ceb8aaae81be18991be06ac3b5b4c5e559dbefa33267e6dc24a138e5, N)
t1 := addmod(t3, 0x009713b03af0fed4cd2cafadeed8fdf4a74fa084e52d1852e4a2bd0685c315d2, N)
// y0, y1
t2 := mload(add(point, 64))
t3 := mload(add(point, 96))
t4 := mulmod(addmod(t2, t3, N), addmod(t2, sub(N, t3), N), N)
t3 := mulmod(shl(1, t2), t3, N)
_isOnCurve := and(eq(t0, t4), eq(t1, t3))
}
}
function sqrt(uint256 xx) internal pure returns (uint256 x, bool hasRoot) {
x = ModexpSqrt.run(xx);
hasRoot = mulmod(x, x, N) == xx;
}
function inverse(uint256 a) internal pure returns (uint256) {
return ModexpInverse.run(a);
}
function hashToField(bytes32 domain, bytes memory messages) internal pure returns (uint256[2] memory) {
bytes memory _msg = expandMsgTo96(domain, messages);
uint256 u0;
uint256 u1;
uint256 a0;
uint256 a1;
assembly {
let p := add(_msg, 24)
u1 := and(mload(p), MASK24)
p := add(_msg, 48)
u0 := and(mload(p), MASK24)
a0 := addmod(mulmod(u1, T24, N), u0, N)
p := add(_msg, 72)
u1 := and(mload(p), MASK24)
p := add(_msg, 96)
u0 := and(mload(p), MASK24)
a1 := addmod(mulmod(u1, T24, N), u0, N)
}
return [a0, a1];
}
function expandMsgTo96(bytes32 domain, bytes memory message) internal pure returns (bytes memory) {
uint256 t0 = message.length;
bytes memory msg0 = new bytes(32 + t0 + 64 + 4);
bytes memory out = new bytes(96);
assembly {
let p := add(msg0, 96)
for { let z := 0 } lt(z, t0) { z := add(z, 32) } { mstore(add(p, z), mload(add(message, add(z, 32)))) }
p := add(p, t0)
mstore8(p, 0)
p := add(p, 1)
mstore8(p, 96)
p := add(p, 1)
mstore8(p, 0)
p := add(p, 1)
mstore(p, domain)
p := add(p, 32)
mstore8(p, 32)
}
bytes32 b0 = sha256(msg0);
bytes32 bi;
t0 = 32 + 34;
assembly {
mstore(msg0, t0)
}
assembly {
mstore(add(msg0, 32), b0)
mstore8(add(msg0, 64), 1)
mstore(add(msg0, 65), domain)
mstore8(add(msg0, add(32, 65)), 32)
}
bi = sha256(msg0);
assembly {
mstore(add(out, 32), bi)
}
assembly {
let t := xor(b0, bi)
mstore(add(msg0, 32), t)
mstore8(add(msg0, 64), 2)
mstore(add(msg0, 65), domain)
mstore8(add(msg0, add(32, 65)), 32)
}
bi = sha256(msg0);
assembly {
mstore(add(out, 64), bi)
}
assembly {
let t := xor(b0, bi)
mstore(add(msg0, 32), t)
mstore8(add(msg0, 64), 3)
mstore(add(msg0, 65), domain)
mstore8(add(msg0, add(32, 65)), 32)
}
bi = sha256(msg0);
assembly {
mstore(add(out, 96), bi)
}
return out;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
interface ISupraSValueFeed {
struct priceFeed {
uint256 round;
uint256 decimals;
uint256 time;
uint256 price;
}
struct derivedData {
int256 roundDifference;
int256 timeDifference;
uint256 derivedPrice;
uint256 decimals;
}
function restrictedSetSupraStorage(uint256 _index, bytes32 _bytes) external;
function restrictedSetTimestamp(uint256 _tradingPair, uint256 timestamp) external;
function getTimestamp(uint256 _tradingPair) external view returns (uint256);
function getRound(uint256 _tradingPair) external view returns (uint256);
function getSvalue(uint64 _pairIndex) external view returns (bytes32, bool);
function getSvalues(uint64[] memory _pairIndexes) external view returns (bytes32[] memory, bool[] memory);
function getDerivedSvalue(uint256 _derivedPairId) external view returns (derivedData memory);
function getSvalue(uint256 _pairIndex) external view returns (priceFeed memory);
function getSvalues(uint256[] memory _pairIndexes) external view returns (priceFeed[] memory);
}
/**
* ###############################################################
* this is not exact replica of OpenZepplin implementation
* ###############################################################
*/
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity 0.8.24;
library EnumerableSet {
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* ###################################################################################
* :::: this is the new method added on top of openzepplin implementation ::::
* ###################################################################################
*/
function _clear(Set storage set) private returns (bool) {
for (uint256 i = 0; i < set._values.length; i++) {
delete set._indexes[set._values[i]];
}
delete set._values;
return true;
}
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastValue;
// Update the index for the moved value
set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
struct Bytes32Set {
Set _inner;
}
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
function clear(Bytes32Set storage set) internal returns (bool) {
return _clear(set._inner);
}
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
struct AddressSet {
Set _inner;
}
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
function clear(AddressSet storage set) internal returns (bool) {
return _clear(set._inner);
}
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
function clear(UintSet storage set) internal returns (bool) {
return _clear(set._inner);
}
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.0;
import "../../interfaces/draft-IERC1822.sol";
import "../ERC1967/ERC1967Upgrade.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*
* _Available since v4.1._
*/
abstract contract UUPSUpgradeable is IERC1822Proxiable, ERC1967Upgrade {
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
address private immutable __self = address(this);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
require(address(this) != __self, "Function must be called through delegatecall");
require(_getImplementation() == __self, "Function must be called through active proxy");
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall");
_;
}
/**
* @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual override notDelegated returns (bytes32) {
return _IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeTo(address newImplementation) public virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeTo} and {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal override onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable2Step.sol)
pragma solidity ^0.8.0;
import "./OwnableUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership} and {acceptOwnership}.
*
* This module is used through inheritance. It will make available all functions
* from parent (Ownable).
*/
abstract contract Ownable2StepUpgradeable is Initializable, OwnableUpgradeable {
function __Ownable2Step_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable2Step_init_unchained() internal onlyInitializing {
}
address private _pendingOwner;
event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);
/**
* @dev Returns the address of the pending owner.
*/
function pendingOwner() public view virtual returns (address) {
return _pendingOwner;
}
/**
* @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual override onlyOwner {
_pendingOwner = newOwner;
emit OwnershipTransferStarted(owner(), newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual override {
delete _pendingOwner;
super._transferOwnership(newOwner);
}
/**
* @dev The new owner accepts the ownership transfer.
*/
function acceptOwnership() public virtual {
address sender = _msgSender();
require(pendingOwner() == sender, "Ownable2Step: caller is not the new owner");
_transferOwnership(sender);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
library ModexpInverse {
function run(uint256 t2) internal pure returns (uint256 t0) {
// solium-disable-next-line security/no-inline-assembly
assembly {
let n := 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47
t0 := mulmod(t2, t2, n)
let t5 := mulmod(t0, t2, n)
let t1 := mulmod(t5, t0, n)
let t3 := mulmod(t5, t5, n)
let t8 := mulmod(t1, t0, n)
let t4 := mulmod(t3, t5, n)
let t6 := mulmod(t3, t1, n)
t0 := mulmod(t3, t3, n)
let t7 := mulmod(t8, t3, n)
t3 := mulmod(t4, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t7, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t7, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t7, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
}
}
}
library ModexpSqrt {
function run(uint256 t6) internal pure returns (uint256 t0) {
// solium-disable-next-line security/no-inline-assembly
assembly {
let n := 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47
t0 := mulmod(t6, t6, n)
let t4 := mulmod(t0, t6, n)
let t2 := mulmod(t4, t0, n)
let t3 := mulmod(t4, t4, n)
let t8 := mulmod(t2, t0, n)
let t1 := mulmod(t3, t4, n)
let t5 := mulmod(t3, t2, n)
t0 := mulmod(t3, t3, n)
let t7 := mulmod(t8, t3, n)
t3 := mulmod(t1, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t7, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t7, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t8, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t7, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t6, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t5, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t4, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t3, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t2, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t0, n)
t0 := mulmod(t0, t1, n)
t0 := mulmod(t0, t0, n)
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
contract BNPairingPrecompileCostEstimator {
uint256 public baseCost;
uint256 public perPairCost;
uint256 private constant G1_X = 1;
uint256 private constant G1_Y = 2;
uint256 private constant G2_X0 = 10857046999023057135944570762232829481370756359578518086990519993285655852781;
uint256 private constant G2_X1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634;
uint256 private constant G2_Y0 = 8495653923123431417604973247489272438418190587263600148770280649306958101930;
uint256 private constant G2_Y1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531;
uint256 private constant N_G2_Y0 = 13392588948715843804641432497768002650278120570034223513918757245338268106653;
uint256 private constant N_G2_Y1 = 17805874995975841540914202342111839520379459829704422454583296818431106115052;
function run() external {
_run();
}
function getGasCost(uint256 pairCount) external view returns (uint256) {
return pairCount * perPairCost + baseCost;
}
function _run() internal {
uint256 gasCost1Pair = _gasCost1Pair();
uint256 gasCost2Pair = _gasCost2Pair();
perPairCost = gasCost2Pair - gasCost1Pair;
baseCost = gasCost1Pair - perPairCost;
}
function _gasCost1Pair() internal view returns (uint256) {
uint256[6] memory input = [G1_X, G1_Y, G2_X1, G2_X0, G2_Y1, G2_Y0];
uint256[1] memory out;
bool callSuccess;
uint256 suppliedGas = gasleft() - 2000;
require(gasleft() > 2000, "BNPairingPrecompileCostEstimator: not enough gas, single pair");
uint256 gasT0 = gasleft();
assembly {
callSuccess := staticcall(suppliedGas, 8, input, 192, out, 0x20)
}
uint256 gasCost = gasT0 - gasleft();
require(callSuccess, "BNPairingPrecompileCostEstimator: single pair call is failed");
require(out[0] == 0, "BNPairingPrecompileCostEstimator: single pair call result must be 0");
return gasCost;
}
function _gasCost2Pair() internal view returns (uint256) {
uint256[12] memory input = [G1_X, G1_Y, G2_X1, G2_X0, G2_Y1, G2_Y0, G1_X, G1_Y, G2_X1, G2_X0, N_G2_Y1, N_G2_Y0];
uint256[1] memory out;
bool callSuccess;
uint256 suppliedGas = gasleft() - 2000;
require(gasleft() > 2000, "BNPairingPrecompileCostEstimator: not enough gas, couple pair");
uint256 gasT0 = gasleft();
assembly {
callSuccess := staticcall(suppliedGas, 8, input, 384, out, 0x20)
}
uint256 gasCost = gasT0 - gasleft();
require(callSuccess, "BNPairingPrecompileCostEstimator: couple pair call is failed");
require(out[0] == 1, "BNPairingPrecompileCostEstimator: couple pair call result must be 1");
return gasCost;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/IERC1967.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967Upgrade is IERC1967 {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
function __Ownable_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable_init_unchained() internal onlyInitializing {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.8.3._
*/
interface IERC1967 {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}