pragma solidity ^0.6.0;
pragma experimental ABIEncoderV2;
/**
* @title Initializable
*
* @dev Helper contract to support initializer functions. To use it, replace
* the constructor with a function that has the `initializer` modifier.
* WARNING: Unlike constructors, initializer functions must be manually
* invoked. This applies both to deploying an Initializable contract, as well
* as extending an Initializable contract via inheritance.
* WARNING: When used with inheritance, manual care must be taken to not invoke
* a parent initializer twice, or ensure that all initializers are idempotent,
* because this is not dealt with automatically as with constructors.
*/
contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
*/
bool private initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private initializing;
/**
* @dev Modifier to use in the initializer function of a contract.
*/
modifier initializer() {
require(initializing || isConstructor() || !initialized, "Contract instance has already been initialized");
bool isTopLevelCall = !initializing;
if (isTopLevelCall) {
initializing = true;
initialized = true;
}
_;
if (isTopLevelCall) {
initializing = false;
}
}
/// @dev Returns true if and only if the function is running in the constructor
function isConstructor() private view returns (bool) {
// extcodesize checks the size of the code stored in an address, and
// address returns the current address. Since the code is still not
// deployed when running a constructor, any checks on its code size will
// yield zero, making it an effective way to detect if a contract is
// under construction or not.
address self = address(this);
uint256 cs;
assembly { cs := extcodesize(self) }
return cs == 0;
}
// Reserved storage space to allow for layout changes in the future.
uint256[50] private ______gap;
}
/*
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with GSN meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
contract ContextUpgradeSafe is Initializable {
// Empty internal constructor, to prevent people from mistakenly deploying
// an instance of this contract, which should be used via inheritance.
function __Context_init() internal initializer {
__Context_init_unchained();
}
function __Context_init_unchained() internal initializer {
}
function _msgSender() internal view virtual returns (address payable) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes memory) {
this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691
return msg.data;
}
uint256[50] private __gap;
}
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow, so we distribute
return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2);
}
}
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
function sub0(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a - b : 0;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return div(a, b, "SafeMath: division by zero");
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts with custom message on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
// Solidity only automatically asserts when dividing by 0
require(b > 0, errorMessage);
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts with custom message when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b != 0, errorMessage);
return a % b;
}
}
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*/
function isContract(address account) internal view returns (bool) {
// According to EIP-1052, 0x0 is the value returned for not-yet created accounts
// and 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 is returned
// for accounts without code, i.e. `keccak256('')`
bytes32 codehash;
bytes32 accountHash = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470;
// solhint-disable-next-line no-inline-assembly
assembly { codehash := extcodehash(account) }
return (codehash != accountHash && codehash != 0x0);
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
// solhint-disable-next-line avoid-low-level-calls, avoid-call-value
(bool success, ) = recipient.call{ value: amount }("");
require(success, "Address: unable to send value, recipient may have reverted");
}
}
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20MinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20UpgradeSafe is Initializable, ContextUpgradeSafe, IERC20 {
using SafeMath for uint256;
using Address for address;
mapping (address => uint256) internal _balances;
mapping (address => mapping (address => uint256)) private _allowances;
uint256 internal _totalSupply;
string private _name;
string private _symbol;
uint8 private _decimals;
/**
* @dev Sets the values for {name} and {symbol}, initializes {decimals} with
* a default value of 18.
*
* To select a different value for {decimals}, use {_setupDecimals}.
*
* All three of these values are immutable: they can only be set once during
* construction.
*/
function __ERC20_init(string memory name, string memory symbol) internal initializer {
__Context_init_unchained();
__ERC20_init_unchained(name, symbol);
}
function __ERC20_init_unchained(string memory name, string memory symbol) internal initializer {
_name = name;
_symbol = symbol;
_decimals = 18;
}
/**
* @dev Returns the name of the token.
*/
function name() public view returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5,05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is
* called.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view returns (uint8) {
return _decimals;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(_msgSender(), recipient, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
_approve(_msgSender(), spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20};
*
* Requirements:
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for ``sender``'s tokens of at least
* `amount`.
*/
function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(sender, recipient, amount);
if(sender != _msgSender() && _allowances[sender][_msgSender()] != uint(-1))
_approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "ERC20: transfer amount exceeds allowance"));
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue));
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, "ERC20: decreased allowance below zero"));
return true;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/
function _transfer(address sender, address recipient, uint256 amount) internal virtual {
require(sender != address(0), "ERC20: transfer from the zero address");
require(recipient != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(sender, recipient, amount);
_balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance");
_balances[recipient] = _balances[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements
*
* - `to` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
_beforeTokenTransfer(address(0), account, amount);
_totalSupply = _totalSupply.add(amount);
_balances[account] = _balances[account].add(amount);
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: burn from the zero address");
_beforeTokenTransfer(account, address(0), amount);
_balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance");
_totalSupply = _totalSupply.sub(amount);
emit Transfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.
*
* This is internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 amount) internal virtual {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Sets {decimals} to a value other than the default one of 18.
*
* WARNING: This function should only be called from the constructor. Most
* applications that interact with token contracts will not expect
* {decimals} to ever change, and may work incorrectly if it does.
*/
function _setupDecimals(uint8 decimals_) internal {
_decimals = decimals_;
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be to transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual { }
uint256[44] private __gap;
}
/**
* @dev Extension of {ERC20} that adds a cap to the supply of tokens.
*/
abstract contract ERC20CappedUpgradeSafe is Initializable, ERC20UpgradeSafe {
uint256 private _cap;
/**
* @dev Sets the value of the `cap`. This value is immutable, it can only be
* set once during construction.
*/
function __ERC20Capped_init(uint256 cap) internal initializer {
__Context_init_unchained();
__ERC20Capped_init_unchained(cap);
}
function __ERC20Capped_init_unchained(uint256 cap) internal initializer {
require(cap > 0, "ERC20Capped: cap is 0");
_cap = cap;
}
/**
* @dev Returns the cap on the token's total supply.
*/
function cap() public view returns (uint256) {
return _cap;
}
/**
* @dev See {ERC20-_beforeTokenTransfer}.
*
* Requirements:
*
* - minted tokens must not cause the total supply to go over the cap.
*/
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override {
super._beforeTokenTransfer(from, to, amount);
if (from == address(0)) { // When minting tokens
require(totalSupply().add(amount) <= _cap, "ERC20Capped: cap exceeded");
}
}
uint256[49] private __gap;
}
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for ERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using SafeMath for uint256;
using Address for address;
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
function safeApprove(IERC20 token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
// solhint-disable-next-line max-line-length
require((value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 newAllowance = token.allowance(address(this), spender).add(value);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves.
// A Solidity high level call has three parts:
// 1. The target address is checked to verify it contains contract code
// 2. The call itself is made, and success asserted
// 3. The return value is decoded, which in turn checks the size of the returned data.
// solhint-disable-next-line max-line-length
require(address(token).isContract(), "SafeERC20: call to non-contract");
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = address(token).call(data);
require(success, "SafeERC20: low-level call failed");
if (returndata.length > 0) { // Return data is optional
// solhint-disable-next-line max-line-length
require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
}
}
contract Governable is Initializable {
address public governor;
event GovernorshipTransferred(address indexed previousGovernor, address indexed newGovernor);
/**
* @dev Contract initializer.
* called once by the factory at time of deployment
*/
function __Governable_init_unchained(address governor_) virtual public initializer {
governor = governor_;
emit GovernorshipTransferred(address(0), governor);
}
modifier governance() {
require(msg.sender == governor);
_;
}
/**
* @dev Allows the current governor to relinquish control of the contract.
* @notice Renouncing to governorship will leave the contract without an governor.
* It will not be possible to call the functions with the `governance`
* modifier anymore.
*/
function renounceGovernorship() public governance {
emit GovernorshipTransferred(governor, address(0));
governor = address(0);
}
/**
* @dev Allows the current governor to transfer control of the contract to a newGovernor.
* @param newGovernor The address to transfer governorship to.
*/
function transferGovernorship(address newGovernor) public governance {
_transferGovernorship(newGovernor);
}
/**
* @dev Transfers control of the contract to a newGovernor.
* @param newGovernor The address to transfer governorship to.
*/
function _transferGovernorship(address newGovernor) internal {
require(newGovernor != address(0));
emit GovernorshipTransferred(governor, newGovernor);
governor = newGovernor;
}
}
contract Configurable is Governable {
mapping (bytes32 => uint) internal config;
function getConfig(bytes32 key) public view returns (uint) {
return config[key];
}
function getConfigI(bytes32 key, uint index) public view returns (uint) {
return config[bytes32(uint(key) ^ index)];
}
function getConfigA(bytes32 key, address addr) public view returns (uint) {
return config[bytes32(uint(key) ^ uint(addr))];
}
function _setConfig(bytes32 key, uint value) internal {
if(config[key] != value)
config[key] = value;
}
function _setConfigI(bytes32 key, uint index, uint value) internal {
_setConfig(bytes32(uint(key) ^ index), value);
}
function _setConfigA(bytes32 key, address addr, uint value) internal {
_setConfig(bytes32(uint(key) ^ uint(addr)), value);
}
function setConfig(bytes32 key, uint value) external governance {
_setConfig(key, value);
}
function setConfigI(bytes32 key, uint index, uint value) external governance {
_setConfig(bytes32(uint(key) ^ index), value);
}
function setConfigA(bytes32 key, address addr, uint value) public governance {
_setConfig(bytes32(uint(key) ^ uint(addr)), value);
}
}
contract Offering is Configurable {
using SafeMath for uint;
using SafeERC20 for IERC20;
bytes32 internal constant _quota_ = 'quota';
bytes32 internal constant _volume_ = 'volume';
bytes32 internal constant _unlocked_ = 'unlocked';
bytes32 internal constant _ratioUnlockFirst_= 'ratioUnlockFirst';
bytes32 internal constant _ratio_ = 'ratio';
bytes32 internal constant _isSeed_ = 'isSeed';
bytes32 internal constant _public_ = 'public';
bytes32 internal constant _recipient_ = 'recipient';
bytes32 internal constant _time_ = 'time';
uint internal constant _timeOfferBegin_ = 0;
uint internal constant _timeOfferEnd_ = 1;
uint internal constant _timeUnlockFirst_ = 2;
uint internal constant _timeUnlockBegin_ = 3;
uint internal constant _timeUnlockEnd_ = 4;
IERC20 public currency;
IERC20 public token;
function __Offering_init(address governor_, address currency_, address token_, address public_, address recipient_, uint[5] memory times_) external initializer {
__Governable_init_unchained(governor_);
__Offering_init_unchained(currency_, token_, public_, recipient_, times_);
}
function __Offering_init_unchained(address currency_, address token_, address public_, address recipient_, uint[5] memory times_) public governance {
currency = IERC20(currency_);
token = IERC20(token_);
_setConfigI(_ratio_, 0, 30000000000000); // for kol
_setConfigI(_ratio_, 1, 40000000000000); // for seed
_setConfig(_public_, uint(public_));
_setConfig(_recipient_, uint(recipient_));
_setConfig(_ratioUnlockFirst_, 0.25 ether); // 25%
for(uint i=0; i<times_.length; i++)
_setConfigI(_time_, i, times_[i]);
}
function fixTotalVolume(uint total_1, uint total0) external governance {
_setConfigA(_volume_, address(-1), total_1);
_setConfigA(_volume_, address(0), total0);
}
function setQuota(address addr, uint amount, bool isSeed) public governance {
uint oldVol = getConfigA(_quota_, addr).mul(getConfigI(_ratio_, getConfigA(_isSeed_, addr)));
_setConfigA(_quota_, addr, amount);
if(isSeed)
_setConfigA(_isSeed_, addr, 1);
uint volume = amount.mul(getConfigI(_ratio_, isSeed ? 1 : 0));
uint totalVolume = getConfigA(_volume_, address(-1)).add(volume).sub(oldVol);
require(totalVolume <= token.balanceOf(address(this)), 'out of quota');
_setConfigA(_volume_, address(-1), totalVolume);
}
function setQuotas(address[] memory addrs, uint[] memory amounts, bool isSeed) public {
for(uint i=0; i<addrs.length; i++)
setQuota(addrs[i], amounts[i], isSeed);
}
function getQuota(address addr) public view returns (uint) {
return getConfigA(_quota_, addr);
}
function offer() external {
require(now >= getConfigI(_time_, _timeOfferBegin_), 'Not begin');
require(now <= getConfigI(_time_, _timeOfferEnd_), 'EXPIRED');
uint quota = getConfigA(_quota_, msg.sender);
require(quota > 0, 'no quota');
require(currency.allowance(msg.sender, address(this)) >= quota, 'allowance not enough');
require(currency.balanceOf(msg.sender) >= quota, 'balance not enough');
require(getConfigA(_volume_, msg.sender) == 0, 'offered already');
currency.safeTransferFrom(msg.sender, address(config[_recipient_]), quota);
uint volume = quota.mul(getConfigI(_ratio_, getConfigA(_isSeed_, msg.sender)));
_setConfigA(_volume_, msg.sender, volume);
_setConfigA(_volume_, address(0), volume.add(getConfigA(_volume_, address(0))));
}
function settleRemain() external {
require(now > getConfigI(_time_, _timeOfferEnd_), 'It is not time');
token.safeTransfer(address(config[_public_]), token.balanceOf(address(this)).add(getConfigA(_unlocked_, address(0))).sub(getConfigA(_volume_, address(0))));
}
function getVolume(address addr) public view returns (uint) {
return getConfigA(_volume_, addr);
}
function unlockCapacity(address addr) public view returns (uint c) {
uint timeUnlockFirst = getConfigI(_time_, _timeUnlockFirst_);
if(timeUnlockFirst == 0 || now < timeUnlockFirst)
return 0;
uint timeUnlockBegin = getConfigI(_time_, _timeUnlockBegin_);
uint timeUnlockEnd = getConfigI(_time_, _timeUnlockEnd_);
uint volume = getConfigA(_volume_, addr);
uint ratioUnlockFirst = getConfig(_ratioUnlockFirst_);
c = volume.mul(ratioUnlockFirst).div(1e18);
if(now >= timeUnlockEnd)
c = volume;
else if(now > timeUnlockBegin)
c = volume.sub(c).mul(now.sub(timeUnlockBegin)).div(timeUnlockEnd.sub(timeUnlockBegin)).add(c);
return c.sub(getConfigA(_unlocked_, addr));
}
function unlock() public {
uint c = unlockCapacity(msg.sender);
_setConfigA(_unlocked_, msg.sender, getConfigA(_unlocked_, msg.sender).add(c));
_setConfigA(_unlocked_, address(0), getConfigA(_unlocked_, address(0)).add(c));
token.safeTransfer(msg.sender, c);
}
function unlocked(address addr) public view returns (uint) {
return getConfigA(_unlocked_, addr);
}
fallback() external {
unlock();
}
}
contract Timelock is Configurable {
using SafeMath for uint;
using SafeERC20 for IERC20;
IERC20 public token;
address public recipient;
uint public begin;
uint public span;
uint public times;
uint public total;
function start(address _token, address _recipient, uint _begin, uint _span, uint _times) external governance {
require(address(token) == address(0), 'already start');
token = IERC20(_token);
recipient = _recipient;
begin = _begin;
span = _span;
times = _times;
total = token.balanceOf(address(this));
}
function unlockCapacity() public view returns (uint) {
if(begin == 0 || now < begin)
return 0;
for(uint i=1; i<=times; i++)
if(now < span.mul(i).div(times).add(begin))
return token.balanceOf(address(this)).sub(total.mul(times.sub(i)).div(times));
return token.balanceOf(address(this));
}
function unlock() public {
token.safeTransfer(recipient, unlockCapacity());
}
fallback() external {
unlock();
}
}
contract Constants {
bytes32 internal constant _TokenMapped_ = 'TokenMapped';
bytes32 internal constant _MappableToken_ = 'MappableToken';
bytes32 internal constant _MappingToken_ = 'MappingToken';
bytes32 internal constant _fee_ = 'fee';
bytes32 internal constant _feeCreate_ = 'feeCreate';
bytes32 internal constant _feeTo_ = 'feeTo';
bytes32 internal constant _minSignatures_ = 'minSignatures';
bytes32 internal constant _uniswapRounter_ = 'uniswapRounter';
function _chainId() internal pure returns (uint id) {
assembly { id := chainid() }
}
}
struct Signature {
address signatory;
uint8 v;
bytes32 r;
bytes32 s;
}
abstract contract MappingBase is ContextUpgradeSafe, Constants {
using SafeMath for uint;
bytes32 public constant RECEIVE_TYPEHASH = keccak256("Receive(uint256 fromChainId,address to,uint256 nonce,uint256 volume,address signatory)");
bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,uint256 chainId,address verifyingContract)");
bytes32 internal _DOMAIN_SEPARATOR;
function DOMAIN_SEPARATOR() virtual public view returns (bytes32) { return _DOMAIN_SEPARATOR; }
address public factory;
uint256 public mainChainId;
address public token;
address public creator;
mapping (address => uint) public authQuotaOf; // signatory => quota
mapping (uint => mapping (address => uint)) public sentCount; // toChainId => to => sentCount
mapping (uint => mapping (address => mapping (uint => uint))) public sent; // toChainId => to => nonce => volume
mapping (uint => mapping (address => mapping (uint => uint))) public received; // fromChainId => to => nonce => volume
modifier onlyFactory {
require(msg.sender == factory, 'Only called by Factory');
_;
}
function increaseAuthQuotas(address[] memory signatorys, uint[] memory increments) virtual external returns (uint[] memory quotas) {
require(signatorys.length == increments.length, 'two array lenth not equal');
quotas = new uint[](signatorys.length);
for(uint i=0; i<signatorys.length; i++)
quotas[i] = increaseAuthQuota(signatorys[i], increments[i]);
}
function increaseAuthQuota(address signatory, uint increment) virtual public onlyFactory returns (uint quota) {
quota = authQuotaOf[signatory].add(increment);
authQuotaOf[signatory] = quota;
emit IncreaseAuthQuota(signatory, increment, quota);
}
event IncreaseAuthQuota(address indexed signatory, uint increment, uint quota);
function decreaseAuthQuotas(address[] memory signatorys, uint[] memory decrements) virtual external returns (uint[] memory quotas) {
require(signatorys.length == decrements.length, 'two array lenth not equal');
quotas = new uint[](signatorys.length);
for(uint i=0; i<signatorys.length; i++)
quotas[i] = decreaseAuthQuota(signatorys[i], decrements[i]);
}
function decreaseAuthQuota(address signatory, uint decrement) virtual public onlyFactory returns (uint quota) {
quota = authQuotaOf[signatory];
if(quota < decrement)
decrement = quota;
return _decreaseAuthQuota(signatory, decrement);
}
function _decreaseAuthQuota(address signatory, uint decrement) virtual internal returns (uint quota) {
quota = authQuotaOf[signatory].sub(decrement);
authQuotaOf[signatory] = quota;
emit DecreaseAuthQuota(signatory, decrement, quota);
}
event DecreaseAuthQuota(address indexed signatory, uint decrement, uint quota);
function needApprove() virtual public pure returns (bool);
function send(uint toChainId, address to, uint volume) virtual external payable returns (uint nonce) {
return sendFrom(_msgSender(), toChainId, to, volume);
}
function sendFrom(address from, uint toChainId, address to, uint volume) virtual public payable returns (uint nonce) {
_chargeFee();
_sendFrom(from, volume);
nonce = sentCount[toChainId][to]++;
sent[toChainId][to][nonce] = volume;
emit Send(from, toChainId, to, nonce, volume);
}
event Send(address indexed from, uint indexed toChainId, address indexed to, uint nonce, uint volume);
function _sendFrom(address from, uint volume) virtual internal;
function receive(uint256 fromChainId, address to, uint256 nonce, uint256 volume, Signature[] memory signatures) virtual external payable {
_chargeFee();
require(received[fromChainId][to][nonce] == 0, 'withdrawn already');
uint N = signatures.length;
require(N >= Configurable(factory).getConfig(_minSignatures_), 'too few signatures');
for(uint i=0; i<N; i++) {
for(uint j=0; j<i; j++)
require(signatures[i].signatory != signatures[j].signatory, 'repetitive signatory');
bytes32 structHash = keccak256(abi.encode(RECEIVE_TYPEHASH, fromChainId, to, nonce, volume, signatures[i].signatory));
bytes32 digest = keccak256(abi.encodePacked("\x19\x01", _DOMAIN_SEPARATOR, structHash));
address signatory = ecrecover(digest, signatures[i].v, signatures[i].r, signatures[i].s);
require(signatory != address(0), "invalid signature");
require(signatory == signatures[i].signatory, "unauthorized");
_decreaseAuthQuota(signatures[i].signatory, volume);
emit Authorize(fromChainId, to, nonce, volume, signatory);
}
received[fromChainId][to][nonce] = volume;
_receive(to, volume);
emit Receive(fromChainId, to, nonce, volume);
}
event Receive(uint256 indexed fromChainId, address indexed to, uint256 indexed nonce, uint256 volume);
event Authorize(uint256 fromChainId, address indexed to, uint256 indexed nonce, uint256 volume, address indexed signatory);
function _receive(address to, uint256 volume) virtual internal;
function _chargeFee() virtual internal {
require(msg.value >= Configurable(factory).getConfig(_fee_), 'fee is too low');
address payable feeTo = address(Configurable(factory).getConfig(_feeTo_));
if(feeTo == address(0))
feeTo = address(uint160(factory));
feeTo.transfer(msg.value);
emit ChargeFee(_msgSender(), feeTo, msg.value);
}
event ChargeFee(address indexed from, address indexed to, uint value);
uint256[50] private __gap;
}
abstract contract Permit {
// keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
function DOMAIN_SEPARATOR() virtual public view returns (bytes32);
mapping (address => uint) public nonces;
function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external {
require(deadline >= block.timestamp, 'permit EXPIRED');
bytes32 digest = keccak256(
abi.encodePacked(
'\x19\x01',
DOMAIN_SEPARATOR(),
keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline))
)
);
address recoveredAddress = ecrecover(digest, v, r, s);
require(recoveredAddress != address(0) && recoveredAddress == owner, 'permit INVALID_SIGNATURE');
_approve(owner, spender, value);
}
function _approve(address owner, address spender, uint256 amount) internal virtual;
uint256[50] private __gap;
}
contract MappableToken is Permit, ERC20UpgradeSafe, MappingBase {
function __MappableToken_init(address factory_, address creator_, string memory name_, string memory symbol_, uint8 decimals_, uint256 totalSupply_) external initializer {
__Context_init_unchained();
__ERC20_init_unchained(name_, symbol_);
_setupDecimals(decimals_);
_mint(creator_, totalSupply_);
__MappableToken_init_unchained(factory_, creator_);
}
function __MappableToken_init_unchained(address factory_, address creator_) public initializer {
factory = factory_;
mainChainId = _chainId();
token = address(0);
creator = creator_;
_DOMAIN_SEPARATOR = keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes(name())), _chainId(), address(this)));
}
function DOMAIN_SEPARATOR() virtual override(Permit, MappingBase) public view returns (bytes32) {
return MappingBase.DOMAIN_SEPARATOR();
}
function _approve(address owner, address spender, uint256 amount) virtual override(Permit, ERC20UpgradeSafe) internal {
return ERC20UpgradeSafe._approve(owner, spender, amount);
}
function totalMapped() virtual public view returns (uint) {
return balanceOf(address(this));
}
function needApprove() virtual override public pure returns (bool) {
return false;
}
function _sendFrom(address from, uint volume) virtual override internal {
transferFrom(from, address(this), volume);
}
function _receive(address to, uint256 volume) virtual override internal {
_transfer(address(this), to, volume);
}
uint256[50] private __gap;
}
contract SST is MappableToken {
function __SST_init(address creator_, address factory_, address mine_, address mine2_, address eco_, address team_, address seed_, address private_, address public_, address lbp_, address liqudity_, address dev_) external initializer {
__Context_init_unchained();
__ERC20_init_unchained("SilverStarter", "SST");
__MappableToken_init_unchained(factory_, creator_);
__SST_init_unchained(mine_, mine2_, eco_, team_, seed_, private_, public_, lbp_, liqudity_, dev_);
}
function __SST_init_unchained(address mine_, address mine2_, address eco_, address team_, address seed_, address private_, address public_, address lbp_, address liqudity_, address dev_) public initializer {
_mint(mine_, 30_000 * 10 ** uint256(decimals()));
_mint(mine2_, 35_000 * 10 ** uint256(decimals()));
_mint(eco_, 10_000 * 10 ** uint256(decimals()));
_mint(team_, 10_000 * 10 ** uint256(decimals()));
_mint(seed_, 5_000 * 10 ** uint256(decimals()));
_mint(private_, 5_000 * 10 ** uint256(decimals()));
_mint(public_, 1_000 * 10 ** uint256(decimals()));
_mint(lbp_, 1_000 * 10 ** uint256(decimals()));
_mint(liqudity_, 2_990 * 10 ** uint256(decimals()));
_mint(dev_, 1_0 * 10 ** uint256(decimals()));
}
}
contract SSTLOCK is ERC20UpgradeSafe, Configurable {
using SafeERC20 for IERC20;
address public token;
uint public firstTime;
uint public firstRatio;
uint public begin;
uint public end;
mapping (address => uint) internal _beginBalances;
function __SSTLOCK_init(address governor_) public initializer {
__Governable_init_unchained(governor_);
__Context_init_unchained();
__ERC20_init_unchained("SST LOCKing", "SSTLOCK");
_setupDecimals(18);
}
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override {
if(from != address(0) && to != address(0)) {
uint beginAmount = amount.mul(_beginBalances[from]).div(_balances[from]);
_beginBalances[from] = _beginBalances[from].sub(beginAmount);
_beginBalances[to] = _beginBalances[to].add(beginAmount);
}else if(to != address(0)) // _mint
_beginBalances[to] = _beginBalances[to].add(amount);
}
function startUnlock(address _token, address recipient, uint _firstTime, uint _firstRatio, uint _begin, uint _end) external governance {
token = _token;
_setupDecimals(ERC20UpgradeSafe(token).decimals());
_mint(recipient, IERC20(token).balanceOf(address(this)).sub(_totalSupply));
firstTime = _firstTime;
firstRatio = _firstRatio;
begin = _begin;
end = _end;
}
function unlockCapacity(address holder) public view returns (uint) {
if(now < firstTime)
return 0;
return _balances[holder].sub(_beginBalances[holder].mul(uint(1e18).sub(firstRatio)).div(1e18).mul(end.sub(Math.min(Math.max(begin, now), end))).div(end.sub(begin)));
}
function unlock() public {
uint amount = unlockCapacity(msg.sender);
_burn(msg.sender, amount);
IERC20(token).safeTransfer(msg.sender, amount);
}
fallback() external {
unlock();
}
}
