Contract Name:
PayrollFactory
Contract Source Code:
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "./IAccessControl.sol";
import {Context} from "../utils/Context.sol";
import {ERC165} from "../utils/introspection/ERC165.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControl is Context, IAccessControl, ERC165 {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
mapping(bytes32 role => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
return _roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
if (!hasRole(role, account)) {
_roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
if (hasRole(role, account)) {
_roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/IAccessControl.sol)
pragma solidity ^0.8.20;
/**
* @dev External interface of AccessControl declared to support ERC-165 detection.
*/
interface IAccessControl {
/**
* @dev The `account` is missing a role.
*/
error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);
/**
* @dev The caller of a function is not the expected one.
*
* NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.
*/
error AccessControlBadConfirmation();
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call. This account bears the admin role (for the granted role).
* Expected in cases where the role was granted using the internal {AccessControl-_grantRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*/
function renounceRole(bytes32 role, address callerConfirmation) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC1363.sol)
pragma solidity ^0.8.20;
import {IERC20} from "./IERC20.sol";
import {IERC165} from "./IERC165.sol";
/**
* @title IERC1363
* @dev Interface of the ERC-1363 standard as defined in the https://eips.ethereum.org/EIPS/eip-1363[ERC-1363].
*
* Defines an extension interface for ERC-20 tokens that supports executing code on a recipient contract
* after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single transaction.
*/
interface IERC1363 is IERC20, IERC165 {
/*
* Note: the ERC-165 identifier for this interface is 0xb0202a11.
* 0xb0202a11 ===
* bytes4(keccak256('transferAndCall(address,uint256)')) ^
* bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^
* bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^
* bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^
* bytes4(keccak256('approveAndCall(address,uint256)')) ^
* bytes4(keccak256('approveAndCall(address,uint256,bytes)'))
*/
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferAndCall(address to, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @param data Additional data with no specified format, sent in call to `to`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param from The address which you want to send tokens from.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferFromAndCall(address from, address to, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param from The address which you want to send tokens from.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @param data Additional data with no specified format, sent in call to `to`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferFromAndCall(address from, address to, uint256 value, bytes calldata data) external returns (bool);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
* @param spender The address which will spend the funds.
* @param value The amount of tokens to be spent.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function approveAndCall(address spender, uint256 value) external returns (bool);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
* @param spender The address which will spend the funds.
* @param value The amount of tokens to be spent.
* @param data Additional data with no specified format, sent in call to `spender`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function approveAndCall(address spender, uint256 value, bytes calldata data) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "../utils/introspection/IERC165.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../token/ERC20/IERC20.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-20 standard as defined in the ERC.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC1363} from "../../../interfaces/IERC1363.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC-20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
/**
* @dev An operation with an ERC-20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*
* NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
* only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
* set here.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
safeTransfer(token, to, value);
} else if (!token.transferAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target
* has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferFromAndCallRelaxed(
IERC1363 token,
address from,
address to,
uint256 value,
bytes memory data
) internal {
if (to.code.length == 0) {
safeTransferFrom(token, from, to, value);
} else if (!token.transferFromAndCall(from, to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.
* Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}
* once without retrying, and relies on the returned value to be true.
*
* Reverts if the returned value is other than `true`.
*/
function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
forceApprove(token, to, value);
} else if (!token.approveAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
// bubble errors
if iszero(success) {
let ptr := mload(0x40)
returndatacopy(ptr, 0, returndatasize())
revert(ptr, returndatasize())
}
returnSize := returndatasize()
returnValue := mload(0)
}
if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
bool success;
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
returnSize := returndatasize()
returnValue := mload(0)
}
return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/ERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/IERC165.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract Pausable is Context {
bool private _paused;
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Initializes the contract in unpaused state.
*/
constructor() {
_paused = false;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.28;
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
import {PayrollManagement} from "./PayrollManagement.sol";
contract PayrollFactory is AccessControl {
// Custom errors
error PayrollExists(); // Thrown when a payroll contract already exists for an employer
error InvalidAddress(); // Thrown when an invalid address is provided
error PayrollNotFound(); // Thrown when no payroll contract is found for an employer
error NotApprovedEmployer(); // Thrown when an employer is not approved by the admin
error InvalidPayrollContract(); // Thrown when an invalid payroll contract address is provided
// Roles
bytes32 public constant FACTORY_ADMIN = keccak256("FACTORY_ADMIN"); // Role for factory admin
// State variables
mapping(address => address) public employerToPayrollContract; // employer => payroll contract address
mapping(address => bool) public isPayrollContract; // contract address => whether it is a payroll contract
mapping(address => bool) public approvedEmployers; // employer => whether they are approved by the admin
address public immutable usdcToken; // USDC token address
// Events
event PayrollContractCreated(
address indexed employer,
address indexed payrollContract
); // Emitted when a new payroll contract is created
event EmployerApproved(address indexed employer); // Emitted when an employer is approved by the admin
event AIAgentRoleGranted(address indexed payrollContract, address indexed aiAgent); // Emitted when AI_AGENT_ROLE is granted
event PayrollContractPaused(address indexed payrollContract); // Emitted when a payroll contract is paused
event PayrollContractUnpaused(address indexed payrollContract); // Emitted when a payroll contract is unpaused
/**
* @dev Constructor to initialize the factory.
* @param _usdcToken Address of the USDC token contract.
*/
constructor(address _usdcToken) {
if (_usdcToken == address(0)) revert InvalidAddress(); // Ensure USDC token address is valid
// Grant roles to the deployer
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
_grantRole(FACTORY_ADMIN, msg.sender);
usdcToken = _usdcToken; // Initialize USDC token address
}
/**
* @dev Approves an employer to deploy their payroll contract.
* @param _employer Address of the employer to approve.
*/
function approveEmployer(address _employer) external onlyRole(FACTORY_ADMIN) {
if (_employer == address(0)) revert InvalidAddress(); // Ensure employer address is valid
approvedEmployers[_employer] = true; // Approve the employer
emit EmployerApproved(_employer); // Emit event
}
/**
* @dev Deploys a new PayrollManagement contract for an employer.
* @return address The address of the deployed payroll contract.
*/
function createPayrollContract() external returns (address) {
// Checks
if (!approvedEmployers[msg.sender]) revert NotApprovedEmployer();
if (employerToPayrollContract[msg.sender] != address(0)) revert PayrollExists();
// Effects
PayrollManagement payrollContract = new PayrollManagement(usdcToken);
address payrollAddress = address(payrollContract);
employerToPayrollContract[msg.sender] = payrollAddress;
isPayrollContract[payrollAddress] = true;
// Events
emit PayrollContractCreated(msg.sender, payrollAddress);
// Interactions
payrollContract.grantRole(payrollContract.ADMIN_ROLE(), address(this));
payrollContract.grantRole(payrollContract.EMPLOYER_ROLE(), msg.sender);
return payrollAddress;
}
/**
* @dev Grants the AI_AGENT_ROLE to an address in a specific payroll contract.
* @param _payrollContract Address of the payroll contract.
* @param _aiAgent Address of the AI agent.
*/
function grantAIAgentRole(address _payrollContract, address _aiAgent) external onlyRole(FACTORY_ADMIN) {
// Checks
if (_payrollContract == address(0) || _aiAgent == address(0)) revert InvalidAddress();
if (!isPayrollContract[_payrollContract]) revert InvalidPayrollContract();
// Events
emit AIAgentRoleGranted(_payrollContract, _aiAgent);
// Interactions
PayrollManagement payrollContract = PayrollManagement(_payrollContract);
payrollContract.grantRole(payrollContract.AI_AGENT_ROLE(), _aiAgent);
}
/**
* @dev Retrieves the payroll contract address for a given employer.
* @param _employer Address of the employer.
* @return address The address of the payroll contract.
*/
function getPayrollContract(address _employer) external view returns (address) {
if (_employer == address(0)) revert InvalidAddress(); // Validate employer address
address payrollAddress = employerToPayrollContract[_employer];
if (payrollAddress == address(0)) revert PayrollNotFound(); // Ensure payroll contract exists
return payrollAddress;
}
/**
* @dev Checks if an address is a valid payroll contract.
* @param _contract Address to verify.
* @return bool True if the address is a valid payroll contract.
*/
function isValidPayrollContract(address _contract) external view returns (bool) {
return isPayrollContract[_contract]; // Return whether the address is a payroll contract
}
/**
* @dev Pauses a payroll contract (only callable by the factory admin).
* @param _payrollContract Address of the payroll contract to pause.
*/
function pausePayrollContract(address _payrollContract) external onlyRole(FACTORY_ADMIN) {
// Checks
if (_payrollContract == address(0)) revert InvalidAddress();
if (!isPayrollContract[_payrollContract]) revert InvalidPayrollContract();
// Events
emit PayrollContractPaused(_payrollContract);
// Interactions
PayrollManagement payrollContract = PayrollManagement(_payrollContract);
payrollContract.pause();
}
/**
* @dev Unpauses a payroll contract (only callable by the factory admin).
* @param _payrollContract Address of the payroll contract to unpause.
*/
function unpausePayrollContract(address _payrollContract) external onlyRole(FACTORY_ADMIN) {
// Checks
if (_payrollContract == address(0)) revert InvalidAddress();
if (!isPayrollContract[_payrollContract]) revert InvalidPayrollContract();
// Events
emit PayrollContractUnpaused(_payrollContract);
// Interactions
PayrollManagement payrollContract = PayrollManagement(_payrollContract);
payrollContract.unpause();
}
/**
* @dev Retrieves the list of employees for a given employer.
* @param _employer Address of the employer.
* @return uint256[] Array of employee IDs.
*/
function getEmployerEmployees(address _employer) external view returns (uint256[] memory) {
if (_employer == address(0)) revert InvalidAddress(); // Validate employer address
address payrollContract = employerToPayrollContract[_employer];
if (payrollContract == address(0)) revert PayrollNotFound(); // Ensure payroll contract exists
return PayrollManagement(payrollContract).getEmployerEmployees(_employer);
}
/**
* @dev Retrieves details of a specific employee for a given employer.
* @param _employer Address of the employer.
* @param _employeeId ID of the employee.
* @return employeeId Employee ID.
* @return walletAddress Employee wallet address.
* @return salary Employee salary.
* @return joiningDate Employee joining date.
* @return isActive Whether the employee is active.
*/
function getEmployeeDetails(address _employer, uint256 _employeeId)
external
view
returns (
uint256 employeeId,
address walletAddress,
uint256 salary,
uint256 joiningDate,
bool isActive
)
{
if (_employer == address(0)) revert InvalidAddress();
address payrollContract = employerToPayrollContract[_employer];
if (payrollContract == address(0)) revert PayrollNotFound();
(employeeId, walletAddress, salary, joiningDate, isActive) =
PayrollManagement(payrollContract).getEmployeeDetails(_employer, _employeeId);
}
/**
* @dev Retrieves the balance of a given employer.
* @param _employer Address of the employer.
* @return uint256 Employer's balance.
*/
function getEmployerBalance(address _employer) external view returns (uint256) {
if (_employer == address(0)) revert InvalidAddress(); // Validate employer address
address payrollContract = employerToPayrollContract[_employer];
if (payrollContract == address(0)) revert PayrollNotFound(); // Ensure payroll contract exists
return PayrollManagement(payrollContract).getEmployerBalance(_employer);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.28;
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
import {Pausable} from "@openzeppelin/contracts/utils/Pausable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
contract PayrollManagement is AccessControl, Pausable {
using SafeERC20 for IERC20;
// Custom errors
error InvalidAddress(); // Thrown when an invalid address is provided
error EmployeeAlreadyExists(); // Thrown when an employee already exists
error EmployeeNotFound(); // Thrown when an employee is not found
error UnauthorizedAccess(); // Thrown when unauthorized access is attempted
error InvalidPayrollCycle(); // Thrown when an invalid payroll cycle is provided
error InsufficientBalance(); // Thrown when there are insufficient funds
error TransferFailed(); // Thrown when a token transfer fails
error PayrollAlreadyProcessed(); // Thrown when payroll is already processed
error ZeroAmount(); // Thrown when a zero amount is provided
// Roles
bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE"); // Role for admin
bytes32 public constant EMPLOYER_ROLE = keccak256("EMPLOYER_ROLE"); // Role for employer
bytes32 public constant AI_AGENT_ROLE = keccak256("AI_AGENT_ROLE"); // Role for AI agent
// Immutable USDC token contract
IERC20 public immutable usdcToken;
// Structs
struct Employee {
uint256 employeeId; // Unique ID for the employee
address walletAddress; // Employee's wallet address
uint256 salary; // Monthly salary in USDC (6 decimals)
uint256 joiningDate; // Date when the employee joined
bool isActive; // Whether the employee is active
}
struct PayrollCycle {
uint256 cycleId; // Unique ID for the payroll cycle
uint256 startDate; // Start date of the payroll cycle
uint256 endDate; // End date of the payroll cycle
bool isProcessed; // Whether the payroll cycle has been processed
}
// State variables
mapping(address => mapping(uint256 => Employee)) public employeesByEmployer; // employer => employeeId => Employee
mapping(address => uint256[]) public employerEmployees; // employer => employeeIds[]
mapping(address => mapping(uint256 => PayrollCycle[])) public employeePayrollCycles; // employer => employeeId => PayrollCycle[]
mapping(address => uint256) public employeeCounter; // employer => counter for employee IDs
mapping(address => uint256) public employerBalances; // employer => deposited funds
// Events
event EmployeeAdded(address indexed employer, uint256 indexed employeeId, address walletAddress); // Emitted when an employee is added
event EmployeeUpdated(address indexed employer, uint256 indexed employeeId); // Emitted when an employee is updated
event EmployeeDeactivated(address indexed employer, uint256 indexed employeeId); // Emitted when an employee is deactivated
event PayrollCycleCreated(address indexed employer, uint256 indexed employeeId, uint256 cycleId, uint256 startDate, uint256 endDate); // Emitted when a payroll cycle is created
event SalaryPaid(address indexed employer, uint256 indexed employeeId, uint256 amount); // Emitted when salary is paid
event FundsAdded(address indexed employer, uint256 amount); // Emitted when funds are added
// Constructor
constructor(address _usdcToken) {
if (_usdcToken == address(0)) revert InvalidAddress(); // Ensure USDC token address is valid
usdcToken = IERC20(_usdcToken); // Initialize USDC token
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender); // Grant admin role to the deployer
}
// Modifiers
modifier onlyEmployerOf(uint256 _employeeId) {
if (employeesByEmployer[msg.sender][_employeeId].walletAddress == address(0))
revert EmployeeNotFound(); // Ensure the employee exists under the employer
_;
}
// Functions
/**
* @dev Adds a new employee for the employer.
* @param _walletAddress The wallet address of the employee.
* @param _salary The monthly salary of the employee in USDC.
* @return The ID of the newly added employee.
*/
function addEmployee(
address _walletAddress,
uint256 _salary
) external onlyRole(EMPLOYER_ROLE) returns (uint256) {
if (_walletAddress == address(0)) revert InvalidAddress(); // Ensure wallet address is valid
uint256 newEmployeeId = ++employeeCounter[msg.sender]; // Increment employee counter
// Create a new employee
Employee storage newEmployee = employeesByEmployer[msg.sender][newEmployeeId];
newEmployee.employeeId = newEmployeeId;
newEmployee.walletAddress = _walletAddress;
newEmployee.salary = _salary;
newEmployee.joiningDate = block.timestamp;
newEmployee.isActive = true;
// Add employee ID to the employer's list
employerEmployees[msg.sender].push(newEmployeeId);
emit EmployeeAdded(msg.sender, newEmployeeId, _walletAddress); // Emit event
return newEmployeeId;
}
/**
* @dev Creates a new payroll cycle for an employee.
* @param _employeeId The ID of the employee.
* @param _startDate The start date of the payroll cycle.
* @param _endDate The end date of the payroll cycle.
*/
function createPayrollCycle(
uint256 _employeeId,
uint256 _startDate,
uint256 _endDate
) external onlyRole(EMPLOYER_ROLE) onlyEmployerOf(_employeeId) {
// Check if employee is active
Employee storage employee = employeesByEmployer[msg.sender][_employeeId];
if (!employee.isActive) revert EmployeeNotFound();
// Validate cycle dates
if (_startDate >= _endDate) revert InvalidPayrollCycle();
PayrollCycle[] storage cycles = employeePayrollCycles[msg.sender][_employeeId];
uint256 cycleId = cycles.length;
// Add the new payroll cycle
cycles.push(PayrollCycle({
cycleId: cycleId,
startDate: _startDate,
endDate: _endDate,
isProcessed: false
}));
emit PayrollCycleCreated(msg.sender, _employeeId, cycleId, _startDate, _endDate);
}
/**
* @dev Processes payroll for an employee in a specific cycle.
* @param _employeeId The ID of the employee.
* @param _cycleId The ID of the payroll cycle.
*/
function processPayroll(
uint256 _employeeId,
uint256 _cycleId
) external onlyRole(EMPLOYER_ROLE) onlyEmployerOf(_employeeId) whenNotPaused {
Employee storage employee = employeesByEmployer[msg.sender][_employeeId];
if (!employee.isActive) revert EmployeeNotFound(); // Ensure employee is active
PayrollCycle storage cycle = employeePayrollCycles[msg.sender][_employeeId][_cycleId];
if (cycle.isProcessed) revert PayrollAlreadyProcessed(); // Ensure payroll is not already processed
if (block.timestamp < cycle.startDate || block.timestamp > cycle.endDate)
revert InvalidPayrollCycle(); // Ensure current time is within the payroll cycle
uint256 salaryAmount = employee.salary;
if (employerBalances[msg.sender] < salaryAmount)
revert InsufficientBalance(); // Ensure sufficient balance
// Mark payroll as processed and deduct salary from employer's balance
cycle.isProcessed = true;
employerBalances[msg.sender] -= salaryAmount;
// Transfer salary to employee
usdcToken.safeTransfer(employee.walletAddress, salaryAmount);
emit SalaryPaid(msg.sender, _employeeId, salaryAmount); // Emit event
}
/**
* @dev Adds funds to the employer's balance.
* @param _amount The amount of USDC to add.
*/
function addFunds(uint256 _amount) external onlyRole(EMPLOYER_ROLE) {
if (_amount == 0) revert ZeroAmount(); // Ensure amount is not zero
// Check if contract has sufficient allowance
uint256 allowance = usdcToken.allowance(msg.sender, address(this));
if (allowance < _amount) revert("Insufficient allowance");
// Transfer USDC to contract
usdcToken.safeTransferFrom(msg.sender, address(this), _amount);
// Update employer's balance
employerBalances[msg.sender] += _amount;
emit FundsAdded(msg.sender, _amount);
}
/**
* @dev Deactivates an employee.
* @param _employeeId The ID of the employee.
*/
function deactivateEmployee(uint256 _employeeId)
external
onlyRole(EMPLOYER_ROLE)
onlyEmployerOf(_employeeId)
{
employeesByEmployer[msg.sender][_employeeId].isActive = false; // Deactivate employee
emit EmployeeDeactivated(msg.sender, _employeeId); // Emit event
}
/**
* @dev Pauses the contract (admin only).
*/
function pause() external onlyRole(ADMIN_ROLE) {
_pause();
}
/**
* @dev Unpauses the contract (admin only).
*/
function unpause() external onlyRole(ADMIN_ROLE) {
_unpause();
}
/**
* @dev Allows the AI agent to process payroll.
* @param _employer Address of the employer.
* @param _employeeId The ID of the employee.
* @param _cycleId The ID of the payroll cycle.
*/
function processPayrollAsAI(
address _employer,
uint256 _employeeId,
uint256 _cycleId
) external onlyRole(AI_AGENT_ROLE) whenNotPaused {
Employee storage employee = employeesByEmployer[_employer][_employeeId];
if (!employee.isActive) revert EmployeeNotFound(); // Ensure employee is active
PayrollCycle storage cycle = employeePayrollCycles[_employer][_employeeId][_cycleId];
if (cycle.isProcessed) revert PayrollAlreadyProcessed(); // Ensure payroll is not already processed
if (block.timestamp < cycle.startDate || block.timestamp > cycle.endDate)
revert InvalidPayrollCycle(); // Ensure current time is within the payroll cycle
uint256 salaryAmount = employee.salary;
if (employerBalances[_employer] < salaryAmount)
revert InsufficientBalance(); // Ensure sufficient balance
// Mark payroll as processed and deduct salary from employer's balance
cycle.isProcessed = true;
employerBalances[_employer] -= salaryAmount;
// Transfer salary to employee
usdcToken.safeTransfer(employee.walletAddress, salaryAmount);
emit SalaryPaid(_employer, _employeeId, salaryAmount); // Emit event
}
/**
* @dev Returns the employer's current balance stored in the contract.
* @param _employer The address of the employer.
* @return The employer's USDC balance.
*/
function getEmployerBalance(address _employer) external view returns (uint256) {
return employerBalances[_employer];
}
/**
* @dev Returns the list of employee IDs for a given employer.
* @param _employer The address of the employer.
* @return An array of employee IDs.
*/
function getEmployerEmployees(address _employer) external view returns (uint256[] memory) {
return employerEmployees[_employer];
}
/**
* @dev Returns detailed information for a given employee.
* @param _employer The address of the employer.
* @param _employeeId The ID of the employee.
* @return employeeId The employee's ID.
* @return walletAddress The employee's wallet address.
* @return salary The employee's salary in USDC.
* @return joiningDate The timestamp when the employee joined.
* @return isActive Whether the employee is currently active.
*/
function getEmployeeDetails(address _employer, uint256 _employeeId)
external
view
returns (
uint256 employeeId,
address walletAddress,
uint256 salary,
uint256 joiningDate,
bool isActive
)
{
Employee memory emp = employeesByEmployer[_employer][_employeeId];
return (emp.employeeId, emp.walletAddress, emp.salary, emp.joiningDate, emp.isActive);
}
}