@keep-network/tbtc-v2 0.1.1-dev.6 → 0.1.1-dev.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/README.adoc +12 -0
  2. package/artifacts/Bank.json +752 -0
  3. package/artifacts/Bridge.json +3962 -0
  4. package/artifacts/Deposit.json +117 -0
  5. package/artifacts/DepositSweep.json +76 -0
  6. package/artifacts/EcdsaDkgValidator.json +532 -0
  7. package/artifacts/EcdsaInactivity.json +156 -0
  8. package/artifacts/Fraud.json +154 -0
  9. package/artifacts/KeepRegistry.json +99 -0
  10. package/artifacts/KeepStake.json +286 -0
  11. package/artifacts/KeepToken.json +711 -0
  12. package/artifacts/KeepTokenStaking.json +483 -0
  13. package/artifacts/MovingFunds.json +227 -0
  14. package/artifacts/NuCypherStakingEscrow.json +256 -0
  15. package/artifacts/NuCypherToken.json +711 -0
  16. package/artifacts/RandomBeaconStub.json +141 -0
  17. package/artifacts/Redemption.json +162 -0
  18. package/artifacts/ReimbursementPool.json +509 -0
  19. package/artifacts/Relay.json +123 -0
  20. package/artifacts/SortitionPool.json +944 -0
  21. package/artifacts/T.json +1148 -0
  22. package/artifacts/TBTC.json +27 -26
  23. package/artifacts/TBTCToken.json +27 -26
  24. package/artifacts/TokenStaking.json +2288 -0
  25. package/artifacts/TokenholderGovernor.json +1795 -0
  26. package/artifacts/TokenholderTimelock.json +1058 -0
  27. package/artifacts/VendingMachine.json +30 -29
  28. package/artifacts/VendingMachineKeep.json +400 -0
  29. package/artifacts/VendingMachineNuCypher.json +400 -0
  30. package/artifacts/WalletRegistry.json +2709 -0
  31. package/artifacts/WalletRegistryGovernance.json +2364 -0
  32. package/artifacts/Wallets.json +186 -0
  33. package/artifacts/solcInputs/05c98d94f96a77da7702c7818a8cadac.json +227 -0
  34. package/build/contracts/GovernanceUtils.sol/GovernanceUtils.dbg.json +1 -1
  35. package/build/contracts/GovernanceUtils.sol/GovernanceUtils.json +2 -2
  36. package/build/contracts/bank/Bank.sol/Bank.dbg.json +1 -1
  37. package/build/contracts/bank/Bank.sol/Bank.json +20 -2
  38. package/build/contracts/bridge/BitcoinTx.sol/BitcoinTx.dbg.json +4 -0
  39. package/build/contracts/bridge/BitcoinTx.sol/BitcoinTx.json +10 -0
  40. package/build/contracts/bridge/Bridge.sol/Bridge.dbg.json +1 -1
  41. package/build/contracts/bridge/Bridge.sol/Bridge.json +2470 -132
  42. package/build/contracts/bridge/BridgeState.sol/BridgeState.dbg.json +4 -0
  43. package/build/contracts/bridge/BridgeState.sol/BridgeState.json +220 -0
  44. package/build/contracts/bridge/Deposit.sol/Deposit.dbg.json +4 -0
  45. package/build/contracts/bridge/Deposit.sol/Deposit.json +72 -0
  46. package/build/contracts/bridge/DepositSweep.sol/DepositSweep.dbg.json +4 -0
  47. package/build/contracts/bridge/DepositSweep.sol/DepositSweep.json +30 -0
  48. package/build/contracts/bridge/EcdsaLib.sol/EcdsaLib.dbg.json +4 -0
  49. package/build/contracts/bridge/EcdsaLib.sol/EcdsaLib.json +10 -0
  50. package/build/contracts/bridge/Fraud.sol/Fraud.dbg.json +4 -0
  51. package/build/contracts/bridge/Fraud.sol/Fraud.json +86 -0
  52. package/build/contracts/bridge/Heartbeat.sol/Heartbeat.dbg.json +4 -0
  53. package/build/contracts/bridge/Heartbeat.sol/Heartbeat.json +10 -0
  54. package/build/contracts/bridge/IRelay.sol/IRelay.dbg.json +4 -0
  55. package/build/contracts/bridge/IRelay.sol/IRelay.json +37 -0
  56. package/build/contracts/bridge/MovingFunds.sol/MovingFunds.dbg.json +4 -0
  57. package/build/contracts/bridge/MovingFunds.sol/MovingFunds.json +125 -0
  58. package/build/contracts/bridge/Redemption.sol/OutboundTx.dbg.json +4 -0
  59. package/build/contracts/bridge/Redemption.sol/OutboundTx.json +10 -0
  60. package/build/contracts/bridge/Redemption.sol/Redemption.dbg.json +4 -0
  61. package/build/contracts/bridge/Redemption.sol/Redemption.json +92 -0
  62. package/build/contracts/bridge/VendingMachine.sol/VendingMachine.dbg.json +1 -1
  63. package/build/contracts/bridge/VendingMachine.sol/VendingMachine.json +2 -2
  64. package/build/contracts/bridge/Wallets.sol/Wallets.dbg.json +4 -0
  65. package/build/contracts/bridge/Wallets.sol/Wallets.json +112 -0
  66. package/build/contracts/token/TBTC.sol/TBTC.dbg.json +1 -1
  67. package/build/contracts/token/TBTC.sol/TBTC.json +2 -2
  68. package/build/contracts/vault/DonationVault.sol/DonationVault.dbg.json +4 -0
  69. package/build/contracts/vault/DonationVault.sol/DonationVault.json +103 -0
  70. package/build/contracts/vault/IVault.sol/IVault.dbg.json +1 -1
  71. package/build/contracts/vault/IVault.sol/IVault.json +19 -1
  72. package/build/contracts/vault/TBTCVault.sol/TBTCVault.dbg.json +1 -1
  73. package/build/contracts/vault/TBTCVault.sol/TBTCVault.json +36 -18
  74. package/contracts/GovernanceUtils.sol +1 -1
  75. package/contracts/bank/Bank.sol +34 -18
  76. package/contracts/bridge/BitcoinTx.sol +318 -0
  77. package/contracts/bridge/Bridge.sol +1527 -247
  78. package/contracts/bridge/BridgeState.sol +698 -0
  79. package/contracts/bridge/Deposit.sol +266 -0
  80. package/contracts/bridge/DepositSweep.sol +514 -0
  81. package/contracts/bridge/EcdsaLib.sol +45 -0
  82. package/contracts/bridge/Fraud.sol +508 -0
  83. package/contracts/bridge/Heartbeat.sol +107 -0
  84. package/contracts/bridge/IRelay.sol +28 -0
  85. package/contracts/bridge/MovingFunds.sol +1034 -0
  86. package/contracts/bridge/Redemption.sol +868 -0
  87. package/contracts/bridge/VendingMachine.sol +1 -1
  88. package/contracts/bridge/Wallets.sol +550 -0
  89. package/contracts/token/TBTC.sol +1 -1
  90. package/contracts/vault/DonationVault.sol +125 -0
  91. package/contracts/vault/IVault.sol +32 -10
  92. package/contracts/vault/TBTCVault.sol +20 -2
  93. package/deploy/00_resolve_relay.ts +28 -0
  94. package/deploy/04_deploy_bank.ts +27 -0
  95. package/deploy/05_deploy_bridge.ts +67 -0
  96. package/deploy/06_bank_update_bridge.ts +19 -0
  97. package/deploy/07_transfer_ownership.ts +15 -0
  98. package/deploy/08_transfer_governance.ts +20 -0
  99. package/export.json +15711 -475
  100. package/package.json +27 -24
  101. package/artifacts/solcInputs/c4fd2c31cc58f5fe0cc586dd84a84b60.json +0 -125
package/artifacts/solcInputs/c4fd2c31cc58f5fe0cc586dd84a84b60.json DELETED
@@ -1,125 +0,0 @@
1
- {
2
- "language": "Solidity",
3
- "sources": {
4
- "contracts/bank/Bank.sol": {
5
- "content": "// SPDX-License-Identifier: MIT\n\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n\npragma solidity 0.8.4;\n\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\n\nimport \"../vault/IVault.sol\";\n\n/// @title Bitcoin Bank\n/// @notice Bank is a central component tracking Bitcoin balances. Balances can\n/// be transferred between holders and holders can approve their\n/// balances to be spent by others. Balances in the Bank are updated for\n/// depositors who deposit their Bitcoin into the Bridge and only the\n/// Bridge can increase balances.\n/// @dev Bank is a governable contract and the Governance can upgrade the Bridge\n/// address.\ncontract Bank is Ownable {\n address public bridge;\n\n /// @notice The balance of a given account in the Bank. Zero by default.\n mapping(address => uint256) public balanceOf;\n\n /// @notice The remaining amount of balance a spender will be\n /// allowed to transfer on behalf of an owner using\n /// `transferBalanceFrom`. Zero by default.\n mapping(address => mapping(address => uint256)) public allowance;\n\n /// @notice Returns the current nonce for EIP2612 permission for the\n /// provided balance owner for a replay protection. Used to\n /// construct EIP2612 signature provided to `permit` function.\n mapping(address => uint256) public nonce;\n\n uint256 public immutable cachedChainId;\n bytes32 public immutable cachedDomainSeparator;\n\n /// @notice Returns EIP2612 Permit message hash. Used to construct EIP2612\n /// signature provided to `permit` function.\n bytes32 public constant PERMIT_TYPEHASH =\n keccak256(\n \"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)\"\n );\n\n event BalanceTransferred(\n address indexed from,\n address indexed to,\n uint256 amount\n );\n\n event BalanceApproved(\n address indexed owner,\n address indexed spender,\n uint256 amount\n );\n\n event BalanceIncreased(address indexed owner, uint256 amount);\n\n event BalanceDecreased(address indexed owner, uint256 amount);\n\n event BridgeUpdated(address newBridge);\n\n modifier onlyBridge() {\n require(msg.sender == address(bridge), \"Caller is not the bridge\");\n _;\n }\n\n constructor() {\n cachedChainId = block.chainid;\n cachedDomainSeparator = buildDomainSeparator();\n }\n\n /// @notice Allows the Governance to upgrade the Bridge address.\n /// @dev The function does not implement any governance delay and does not\n /// check the status of the Bridge. The Governance implementation needs\n /// to ensure all requirements for the upgrade are satisfied before\n /// executing this function.\n function updateBridge(address _bridge) external onlyOwner {\n require(_bridge != address(0), \"Bridge address must not be 0x0\");\n bridge = _bridge;\n emit BridgeUpdated(_bridge);\n }\n\n /// @notice Moves the given `amount` of balance from the caller to\n /// `recipient`.\n /// @dev Requirements:\n /// - `recipient` cannot be the zero address,\n /// - the caller must have a balance of at least `amount`.\n function transferBalance(address recipient, uint256 amount) external {\n _transferBalance(msg.sender, recipient, amount);\n }\n\n /// @notice Sets `amount` as the allowance of `spender` over the caller's\n /// balance.\n /// @dev If the `amount` is set to `type(uint256).max` then\n /// `transferBalanceFrom` will not reduce an allowance.\n /// Beware that changing an allowance with this function brings the\n /// risk that someone may use both the old and the new allowance by\n /// unfortunate transaction ordering. Please use\n /// `increaseBalanceAllowance` and `decreaseBalanceAllowance` to\n /// eliminate the risk.\n function approveBalance(address spender, uint256 amount) external {\n _approveBalance(msg.sender, spender, amount);\n }\n\n /// @notice Atomically increases the balance allowance granted to `spender`\n /// by the caller by the given `addedValue`.\n function increaseBalanceAllowance(address spender, uint256 addedValue)\n external\n {\n _approveBalance(\n msg.sender,\n spender,\n allowance[msg.sender][spender] + addedValue\n );\n }\n\n /// @notice Atomically decreases the balance allowance granted to `spender`\n /// by the caller by the given `subtractedValue`.\n function decreaseBalanceAllowance(address spender, uint256 subtractedValue)\n external\n {\n uint256 currentAllowance = allowance[msg.sender][spender];\n require(\n currentAllowance >= subtractedValue,\n \"Can not decrease balance allowance below zero\"\n );\n unchecked {\n _approveBalance(\n msg.sender,\n spender,\n currentAllowance - subtractedValue\n );\n }\n }\n\n /// @notice Moves `amount` of balance from `spender` to `recipient` using the\n /// allowance mechanism. `amount` is then deducted from the caller's\n /// allowance unless the allowance was made for `type(uint256).max`.\n /// @dev Requirements:\n /// - `recipient` cannot be the zero address,\n /// - `spender` must have a balance of at least `amount`,\n /// - the caller must have allowance for `spender`'s balance of at\n /// least `amount`.\n function transferBalanceFrom(\n address spender,\n address recipient,\n uint256 amount\n ) external {\n uint256 currentAllowance = allowance[spender][msg.sender];\n if (currentAllowance != type(uint256).max) {\n require(\n currentAllowance >= amount,\n \"Transfer amount exceeds allowance\"\n );\n unchecked {\n _approveBalance(spender, msg.sender, currentAllowance - amount);\n }\n }\n _transferBalance(spender, recipient, amount);\n }\n\n /// @notice EIP2612 approval made with secp256k1 signature.\n /// Users can authorize a transfer of their balance with a signature\n /// conforming EIP712 standard, rather than an on-chain transaction\n /// from their address. Anyone can submit this signature on the\n /// user's behalf by calling the permit function, paying gas fees,\n /// and possibly performing other actions in the same transaction.\n /// @dev The deadline argument can be set to `type(uint256).max to create\n /// permits that effectively never expire. If the `amount` is set\n /// to `type(uint256).max` then `transferBalanceFrom` will not\n /// reduce an allowance. Beware that changing an allowance with this\n /// function brings the risk that someone may use both the old and the\n /// new allowance by unfortunate transaction ordering. Please use\n /// `increaseBalanceAllowance` and `decreaseBalanceAllowance` to\n /// eliminate the risk.\n function permit(\n address owner,\n address spender,\n uint256 amount,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external {\n /* solhint-disable-next-line not-rely-on-time */\n require(deadline >= block.timestamp, \"Permission expired\");\n\n // Validate `s` and `v` values for a malleability concern described in EIP2.\n // Only signatures with `s` value in the lower half of the secp256k1\n // curve's order and `v` value of 27 or 28 are considered valid.\n require(\n uint256(s) <=\n 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,\n \"Invalid signature 's' value\"\n );\n require(v == 27 || v == 28, \"Invalid signature 'v' value\");\n\n bytes32 digest =\n keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR(),\n keccak256(\n abi.encode(\n PERMIT_TYPEHASH,\n owner,\n spender,\n amount,\n nonce[owner]++,\n deadline\n )\n )\n )\n );\n address recoveredAddress = ecrecover(digest, v, r, s);\n require(\n recoveredAddress != address(0) && recoveredAddress == owner,\n \"Invalid signature\"\n );\n _approveBalance(owner, spender, amount);\n }\n\n /// @notice Increases balances of the provided `recipients` by the provided\n /// `amounts`. Can only be called by the Bridge.\n /// @dev Requirements:\n /// - length of `recipients` and `amounts` must be the same.\n function increaseBalances(\n address[] calldata recipients,\n uint256[] calldata amounts\n ) external onlyBridge {\n require(\n recipients.length == amounts.length,\n \"Arrays must have the same length\"\n );\n for (uint256 i = 0; i < recipients.length; i++) {\n _increaseBalance(recipients[i], amounts[i]);\n }\n }\n\n /// @notice Increases balance of the provided `recipient` by the provided\n /// `amount`. Can only be called by the Bridge.\n function increaseBalance(address recipient, uint256 amount)\n external\n onlyBridge\n {\n _increaseBalance(recipient, amount);\n }\n\n /// @notice Increases the given smart contract `vault`'s balance and\n /// notifies the `vault` contract. Called by the Bridge after\n /// the deposits routed by depositors to that `vault` have been\n /// swept by the Bridge. This way, the depositor does not have to\n /// issue a separate transaction to the `vault` contract.\n /// Can be called only by the Bridge.\n /// @dev Requirements:\n /// - `vault` must implement `IVault` interface,\n /// - length of `depositors` and `depositedAmounts` must be the same.\n /// @param vault Address of `IVault` recipient contract\n /// @param depositors Addresses of depositors whose deposits have been swept\n /// @param depositedAmounts Amounts deposited by individual depositors and\n /// swept. The `vault`'s balance in the Bank will be increased by the\n /// sum of all elements in this array.\n function increaseBalanceAndCall(\n address vault,\n address[] calldata depositors,\n uint256[] calldata depositedAmounts\n ) external onlyBridge {\n require(\n depositors.length == depositedAmounts.length,\n \"Arrays must have the same length\"\n );\n uint256 totalAmount = 0;\n for (uint256 i = 0; i < depositedAmounts.length; i++) {\n totalAmount += depositedAmounts[i];\n }\n _increaseBalance(vault, totalAmount);\n IVault(vault).onBalanceIncreased(depositors, depositedAmounts);\n }\n\n /// @notice Decreases caller's balance by the provided `amount`. There is no\n /// way to restore the balance so do not call this function unless\n /// you really know what you are doing!\n function decreaseBalance(uint256 amount) external {\n balanceOf[msg.sender] -= amount;\n emit BalanceDecreased(msg.sender, amount);\n }\n\n /// @notice Returns hash of EIP712 Domain struct with `TBTC Bank` as\n /// a signing domain and Bank contract as a verifying contract.\n /// Used to construct EIP2612 signature provided to `permit`\n /// function.\n /* solhint-disable-next-line func-name-mixedcase */\n function DOMAIN_SEPARATOR() public view returns (bytes32) {\n // As explained in EIP-2612, if the DOMAIN_SEPARATOR contains the\n // chainId and is defined at contract deployment instead of\n // reconstructed for every signature, there is a risk of possible replay\n // attacks between chains in the event of a future chain split.\n // To address this issue, we check the cached chain ID against the\n // current one and in case they are different, we build domain separator\n // from scratch.\n if (block.chainid == cachedChainId) {\n return cachedDomainSeparator;\n } else {\n return buildDomainSeparator();\n }\n }\n\n function _increaseBalance(address recipient, uint256 amount) internal {\n require(\n recipient != address(this),\n \"Can not increase balance for Bank\"\n );\n balanceOf[recipient] += amount;\n emit BalanceIncreased(recipient, amount);\n }\n\n function _transferBalance(\n address spender,\n address recipient,\n uint256 amount\n ) private {\n require(\n recipient != address(0),\n \"Can not transfer to the zero address\"\n );\n require(\n recipient != address(this),\n \"Can not transfer to the Bank address\"\n );\n\n uint256 spenderBalance = balanceOf[spender];\n require(spenderBalance >= amount, \"Transfer amount exceeds balance\");\n unchecked {balanceOf[spender] = spenderBalance - amount;}\n balanceOf[recipient] += amount;\n emit BalanceTransferred(spender, recipient, amount);\n }\n\n function _approveBalance(\n address owner,\n address spender,\n uint256 amount\n ) private {\n require(spender != address(0), \"Can not approve to the zero address\");\n allowance[owner][spender] = amount;\n emit BalanceApproved(owner, spender, amount);\n }\n\n function buildDomainSeparator() private view returns (bytes32) {\n return\n keccak256(\n abi.encode(\n keccak256(\n \"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\"\n ),\n keccak256(bytes(\"TBTC Bank\")),\n keccak256(bytes(\"1\")),\n block.chainid,\n address(this)\n )\n );\n }\n}\n"
6
- },
7
- "@openzeppelin/contracts/access/Ownable.sol": {
8
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _setOwner(_msgSender());\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n _;\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions anymore. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby removing any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _setOwner(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _setOwner(newOwner);\n }\n\n function _setOwner(address newOwner) private {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n"
9
- },
10
- "contracts/vault/IVault.sol": {
11
- "content": "// SPDX-License-Identifier: MIT\n\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n\npragma solidity 0.8.4;\n\n/// @title Bank Vault interface\n/// @notice `IVault` is an interface for a smart contract consuming Bank\n/// balances allowing the smart contract to receive Bank balances right\n/// after sweeping the deposit by the Bridge. This method allows the\n/// depositor to route their deposit revealed to the Bridge to the\n/// particular smart contract in the same transaction the deposit is\n/// revealed. This way, the depositor does not have to execute\n/// additional transaction after the deposit gets swept by the Bridge.\ninterface IVault {\n /// @notice Called by the Bank in `increaseBalanceAndCall` function after\n /// increasing the balance in the Bank for the vault.\n /// @param depositors Addresses of depositors whose deposits have been swept\n /// @param depositedAmounts Amounts deposited by individual depositors and\n /// swept\n /// @dev The implementation must ensure this function can only be called\n /// by the Bank.\n function onBalanceIncreased(\n address[] calldata depositors,\n uint256[] calldata depositedAmounts\n ) external;\n}\n"
12
- },
13
- "@openzeppelin/contracts/utils/Context.sol": {
14
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n"
15
- },
16
- "contracts/vault/TBTCVault.sol": {
17
- "content": "// SPDX-License-Identifier: MIT\n\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n\npragma solidity 0.8.4;\n\nimport \"./IVault.sol\";\nimport \"../bank/Bank.sol\";\nimport \"../token/TBTC.sol\";\n\n/// @title TBTC application vault\n/// @notice TBTC is a fully Bitcoin-backed ERC-20 token pegged to the price of\n/// Bitcoin. It facilitates Bitcoin holders to act on the Ethereum\n/// blockchain and access the decentralized finance (DeFi) ecosystem.\n/// TBTC Vault mints and redeems TBTC based on Bitcoin balances in the\n/// Bank.\n/// @dev TBTC Vault is the owner of TBTC token contract and is the only contract\n/// minting the token.\ncontract TBTCVault is IVault {\n Bank public bank;\n TBTC public tbtcToken;\n\n event Minted(address indexed to, uint256 amount);\n\n event Redeemed(address indexed from, uint256 amount);\n\n modifier onlyBank() {\n require(msg.sender == address(bank), \"Caller is not the Bank\");\n _;\n }\n\n constructor(Bank _bank, TBTC _tbtcToken) {\n require(\n address(_bank) != address(0),\n \"Bank can not be the zero address\"\n );\n\n require(\n address(_tbtcToken) != address(0),\n \"TBTC token can not be the zero address\"\n );\n\n bank = _bank;\n tbtcToken = _tbtcToken;\n }\n\n /// @notice Transfers the given `amount` of the Bank balance from caller\n /// to TBTC Vault, and mints `amount` of TBTC to the caller.\n /// @dev TBTC Vault must have an allowance for caller's balance in the Bank\n /// for at least `amount`.\n /// @param amount Amount of TBTC to mint\n function mint(uint256 amount) external {\n address minter = msg.sender;\n require(\n bank.balanceOf(minter) >= amount,\n \"Amount exceeds balance in the bank\"\n );\n _mint(minter, amount);\n bank.transferBalanceFrom(minter, address(this), amount);\n }\n\n /// @notice Mints the same amount of TBTC as the deposited amount for each\n /// depositor in the array. Can only be called by the Bank after the\n /// Bridge swept deposits and Bank increased balance for the\n /// vault.\n /// @dev Fails if `depositors` array is empty. Expects the length of\n /// `depositors` and `depositedAmounts` is the same.\n function onBalanceIncreased(\n address[] calldata depositors,\n uint256[] calldata depositedAmounts\n ) external override onlyBank {\n require(depositors.length != 0, \"No depositors specified\");\n for (uint256 i = 0; i < depositors.length; i++) {\n _mint(depositors[i], depositedAmounts[i]);\n }\n }\n\n /// @notice Burns `amount` of TBTC from the caller's account and transfers\n /// `amount` back to the caller's balance in the Bank.\n /// @dev Caller must have at least `amount` of TBTC approved to\n /// TBTC Vault.\n /// @param amount Amount of TBTC to redeem\n function redeem(uint256 amount) external {\n _redeem(msg.sender, amount);\n }\n\n /// @notice Burns `amount` of TBTC from the caller's account and transfers\n /// `amount` back to the caller's balance in the Bank.\n /// @dev This function is doing the same as `redeem` but it allows to\n /// execute redemption without an additional approval transaction.\n /// The function can be called only via `approveAndCall` of TBTC token.\n /// @param from TBTC token holder executing redemption\n /// @param amount Amount of TBTC to redeem\n /// @param token TBTC token address\n function receiveApproval(\n address from,\n uint256 amount,\n address token,\n bytes calldata\n ) external {\n require(token == address(tbtcToken), \"Token is not TBTC\");\n require(msg.sender == token, \"Only TBTC caller allowed\");\n _redeem(from, amount);\n }\n\n // slither-disable-next-line calls-loop\n function _mint(address minter, uint256 amount) internal {\n emit Minted(minter, amount);\n tbtcToken.mint(minter, amount);\n }\n\n function _redeem(address redeemer, uint256 amount) internal {\n emit Redeemed(redeemer, amount);\n tbtcToken.burnFrom(redeemer, amount);\n bank.transferBalance(redeemer, amount);\n }\n}\n"
18
- },
19
- "contracts/token/TBTC.sol": {
20
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.4;\n\nimport \"@thesis/solidity-contracts/contracts/token/ERC20WithPermit.sol\";\nimport \"@thesis/solidity-contracts/contracts/token/MisfundRecovery.sol\";\n\ncontract TBTC is ERC20WithPermit, MisfundRecovery {\n constructor() ERC20WithPermit(\"tBTC v2\", \"tBTC\") {}\n}\n"
21
- },
22
- "@thesis/solidity-contracts/contracts/token/ERC20WithPermit.sol": {
23
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.4;\n\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\n\nimport \"./IERC20WithPermit.sol\";\nimport \"./IReceiveApproval.sol\";\n\n/// @title ERC20WithPermit\n/// @notice Burnable ERC20 token with EIP2612 permit functionality. User can\n/// authorize a transfer of their token with a signature conforming\n/// EIP712 standard instead of an on-chain transaction from their\n/// address. Anyone can submit this signature on the user's behalf by\n/// calling the permit function, as specified in EIP2612 standard,\n/// paying gas fees, and possibly performing other actions in the same\n/// transaction.\ncontract ERC20WithPermit is IERC20WithPermit, Ownable {\n /// @notice The amount of tokens owned by the given account.\n mapping(address => uint256) public override balanceOf;\n\n /// @notice The remaining number of tokens that spender will be\n /// allowed to spend on behalf of owner through `transferFrom` and\n /// `burnFrom`. This is zero by default.\n mapping(address => mapping(address => uint256)) public override allowance;\n\n /// @notice Returns the current nonce for EIP2612 permission for the\n /// provided token owner for a replay protection. Used to construct\n /// EIP2612 signature provided to `permit` function.\n mapping(address => uint256) public override nonce;\n\n uint256 public immutable cachedChainId;\n bytes32 public immutable cachedDomainSeparator;\n\n /// @notice Returns EIP2612 Permit message hash. Used to construct EIP2612\n /// signature provided to `permit` function.\n bytes32 public constant override PERMIT_TYPEHASH =\n keccak256(\n \"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)\"\n );\n\n /// @notice The amount of tokens in existence.\n uint256 public override totalSupply;\n\n /// @notice The name of the token.\n string public override name;\n\n /// @notice The symbol of the token.\n string public override symbol;\n\n /// @notice The decimals places of the token.\n uint8 public constant override decimals = 18;\n\n constructor(string memory _name, string memory _symbol) {\n name = _name;\n symbol = _symbol;\n\n cachedChainId = block.chainid;\n cachedDomainSeparator = buildDomainSeparator();\n }\n\n /// @notice Moves `amount` tokens from the caller's account to `recipient`.\n /// @return True if the operation succeeded, reverts otherwise.\n /// @dev Requirements:\n /// - `recipient` cannot be the zero address,\n /// - the caller must have a balance of at least `amount`.\n function transfer(address recipient, uint256 amount)\n external\n override\n returns (bool)\n {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\n\n /// @notice Moves `amount` tokens from `spender` to `recipient` using the\n /// allowance mechanism. `amount` is then deducted from the caller's\n /// allowance unless the allowance was made for `type(uint256).max`.\n /// @return True if the operation succeeded, reverts otherwise.\n /// @dev Requirements:\n /// - `spender` and `recipient` cannot be the zero address,\n /// - `spender` must have a balance of at least `amount`,\n /// - the caller must have allowance for `spender`'s tokens of at least\n /// `amount`.\n function transferFrom(\n address spender,\n address recipient,\n uint256 amount\n ) external override returns (bool) {\n uint256 currentAllowance = allowance[spender][msg.sender];\n if (currentAllowance != type(uint256).max) {\n require(\n currentAllowance >= amount,\n \"Transfer amount exceeds allowance\"\n );\n _approve(spender, msg.sender, currentAllowance - amount);\n }\n _transfer(spender, recipient, amount);\n return true;\n }\n\n /// @notice EIP2612 approval made with secp256k1 signature.\n /// Users can authorize a transfer of their tokens with a signature\n /// conforming EIP712 standard, rather than an on-chain transaction\n /// from their address. Anyone can submit this signature on the\n /// user's behalf by calling the permit function, paying gas fees,\n /// and possibly performing other actions in the same transaction.\n /// @dev The deadline argument can be set to `type(uint256).max to create\n /// permits that effectively never expire. If the `amount` is set\n /// to `type(uint256).max` then `transferFrom` and `burnFrom` will\n /// not reduce an allowance.\n function permit(\n address owner,\n address spender,\n uint256 amount,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external override {\n /* solhint-disable-next-line not-rely-on-time */\n require(deadline >= block.timestamp, \"Permission expired\");\n\n // Validate `s` and `v` values for a malleability concern described in EIP2.\n // Only signatures with `s` value in the lower half of the secp256k1\n // curve's order and `v` value of 27 or 28 are considered valid.\n require(\n uint256(s) <=\n 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,\n \"Invalid signature 's' value\"\n );\n require(v == 27 || v == 28, \"Invalid signature 'v' value\");\n\n bytes32 digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR(),\n keccak256(\n abi.encode(\n PERMIT_TYPEHASH,\n owner,\n spender,\n amount,\n nonce[owner]++,\n deadline\n )\n )\n )\n );\n address recoveredAddress = ecrecover(digest, v, r, s);\n require(\n recoveredAddress != address(0) && recoveredAddress == owner,\n \"Invalid signature\"\n );\n _approve(owner, spender, amount);\n }\n\n /// @notice Creates `amount` tokens and assigns them to `account`,\n /// increasing the total supply.\n /// @dev Requirements:\n /// - `recipient` cannot be the zero address.\n function mint(address recipient, uint256 amount) external onlyOwner {\n require(recipient != address(0), \"Mint to the zero address\");\n\n beforeTokenTransfer(address(0), recipient, amount);\n\n totalSupply += amount;\n balanceOf[recipient] += amount;\n emit Transfer(address(0), recipient, amount);\n }\n\n /// @notice Destroys `amount` tokens from the caller.\n /// @dev Requirements:\n /// - the caller must have a balance of at least `amount`.\n function burn(uint256 amount) external override {\n _burn(msg.sender, amount);\n }\n\n /// @notice Destroys `amount` of tokens from `account` using the allowance\n /// mechanism. `amount` is then deducted from the caller's allowance\n /// unless the allowance was made for `type(uint256).max`.\n /// @dev Requirements:\n /// - `account` must have a balance of at least `amount`,\n /// - the caller must have allowance for `account`'s tokens of at least\n /// `amount`.\n function burnFrom(address account, uint256 amount) external override {\n uint256 currentAllowance = allowance[account][msg.sender];\n if (currentAllowance != type(uint256).max) {\n require(\n currentAllowance >= amount,\n \"Burn amount exceeds allowance\"\n );\n _approve(account, msg.sender, currentAllowance - amount);\n }\n _burn(account, amount);\n }\n\n /// @notice Calls `receiveApproval` function on spender previously approving\n /// the spender to withdraw from the caller multiple times, up to\n /// the `amount` amount. If this function is called again, it\n /// overwrites the current allowance with `amount`. Reverts if the\n /// approval reverted or if `receiveApproval` call on the spender\n /// reverted.\n /// @return True if both approval and `receiveApproval` calls succeeded.\n /// @dev If the `amount` is set to `type(uint256).max` then\n /// `transferFrom` and `burnFrom` will not reduce an allowance.\n function approveAndCall(\n address spender,\n uint256 amount,\n bytes memory extraData\n ) external override returns (bool) {\n if (approve(spender, amount)) {\n IReceiveApproval(spender).receiveApproval(\n msg.sender,\n amount,\n address(this),\n extraData\n );\n return true;\n }\n return false;\n }\n\n /// @notice Sets `amount` as the allowance of `spender` over the caller's\n /// tokens.\n /// @return True if the operation succeeded.\n /// @dev If the `amount` is set to `type(uint256).max` then\n /// `transferFrom` and `burnFrom` will not reduce an allowance.\n /// Beware that changing an allowance with this method brings the risk\n /// that someone may use both the old and the new allowance by\n /// unfortunate transaction ordering. One possible solution to mitigate\n /// this race condition is to first reduce the spender's allowance to 0\n /// and set the desired value afterwards:\n /// https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n function approve(address spender, uint256 amount)\n public\n override\n returns (bool)\n {\n _approve(msg.sender, spender, amount);\n return true;\n }\n\n /// @notice Returns hash of EIP712 Domain struct with the token name as\n /// a signing domain and token contract as a verifying contract.\n /// Used to construct EIP2612 signature provided to `permit`\n /// function.\n /* solhint-disable-next-line func-name-mixedcase */\n function DOMAIN_SEPARATOR() public view override returns (bytes32) {\n // As explained in EIP-2612, if the DOMAIN_SEPARATOR contains the\n // chainId and is defined at contract deployment instead of\n // reconstructed for every signature, there is a risk of possible replay\n // attacks between chains in the event of a future chain split.\n // To address this issue, we check the cached chain ID against the\n // current one and in case they are different, we build domain separator\n // from scratch.\n if (block.chainid == cachedChainId) {\n return cachedDomainSeparator;\n } else {\n return buildDomainSeparator();\n }\n }\n\n /// @dev Hook that is called before any transfer of tokens. This includes\n /// minting and burning.\n ///\n /// Calling conditions:\n /// - when `from` and `to` are both non-zero, `amount` of `from`'s tokens\n /// will be to transferred to `to`.\n /// - when `from` is zero, `amount` tokens will be minted for `to`.\n /// - when `to` is zero, `amount` of ``from``'s tokens will be burned.\n /// - `from` and `to` are never both zero.\n // slither-disable-next-line dead-code\n function beforeTokenTransfer(\n address from,\n address to,\n uint256 amount\n ) internal virtual {}\n\n function _burn(address account, uint256 amount) internal {\n uint256 currentBalance = balanceOf[account];\n require(currentBalance >= amount, \"Burn amount exceeds balance\");\n\n beforeTokenTransfer(account, address(0), amount);\n\n balanceOf[account] = currentBalance - amount;\n totalSupply -= amount;\n emit Transfer(account, address(0), amount);\n }\n\n function _transfer(\n address spender,\n address recipient,\n uint256 amount\n ) private {\n require(spender != address(0), \"Transfer from the zero address\");\n require(recipient != address(0), \"Transfer to the zero address\");\n require(recipient != address(this), \"Transfer to the token address\");\n\n beforeTokenTransfer(spender, recipient, amount);\n\n uint256 spenderBalance = balanceOf[spender];\n require(spenderBalance >= amount, \"Transfer amount exceeds balance\");\n balanceOf[spender] = spenderBalance - amount;\n balanceOf[recipient] += amount;\n emit Transfer(spender, recipient, amount);\n }\n\n function _approve(\n address owner,\n address spender,\n uint256 amount\n ) private {\n require(owner != address(0), \"Approve from the zero address\");\n require(spender != address(0), \"Approve to the zero address\");\n allowance[owner][spender] = amount;\n emit Approval(owner, spender, amount);\n }\n\n function buildDomainSeparator() private view returns (bytes32) {\n return\n keccak256(\n abi.encode(\n keccak256(\n \"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\"\n ),\n keccak256(bytes(name)),\n keccak256(bytes(\"1\")),\n block.chainid,\n address(this)\n )\n );\n }\n}\n"
24
- },
25
- "@thesis/solidity-contracts/contracts/token/MisfundRecovery.sol": {
26
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.4;\n\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC721/IERC721.sol\";\n\n/// @title MisfundRecovery\n/// @notice Allows the owner of the token contract extending MisfundRecovery\n/// to recover any ERC20 and ERC721 sent mistakenly to the token\n/// contract address.\ncontract MisfundRecovery is Ownable {\n using SafeERC20 for IERC20;\n\n function recoverERC20(\n IERC20 token,\n address recipient,\n uint256 amount\n ) external onlyOwner {\n token.safeTransfer(recipient, amount);\n }\n\n function recoverERC721(\n IERC721 token,\n address recipient,\n uint256 tokenId,\n bytes calldata data\n ) external onlyOwner {\n token.safeTransferFrom(address(this), recipient, tokenId, data);\n }\n}\n"
27
- },
28
- "@thesis/solidity-contracts/contracts/token/IERC20WithPermit.sol": {
29
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.4;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol\";\n\nimport \"./IApproveAndCall.sol\";\n\n/// @title IERC20WithPermit\n/// @notice Burnable ERC20 token with EIP2612 permit functionality. User can\n/// authorize a transfer of their token with a signature conforming\n/// EIP712 standard instead of an on-chain transaction from their\n/// address. Anyone can submit this signature on the user's behalf by\n/// calling the permit function, as specified in EIP2612 standard,\n/// paying gas fees, and possibly performing other actions in the same\n/// transaction.\ninterface IERC20WithPermit is IERC20, IERC20Metadata, IApproveAndCall {\n /// @notice EIP2612 approval made with secp256k1 signature.\n /// Users can authorize a transfer of their tokens with a signature\n /// conforming EIP712 standard, rather than an on-chain transaction\n /// from their address. Anyone can submit this signature on the\n /// user's behalf by calling the permit function, paying gas fees,\n /// and possibly performing other actions in the same transaction.\n /// @dev The deadline argument can be set to `type(uint256).max to create\n /// permits that effectively never expire.\n function permit(\n address owner,\n address spender,\n uint256 amount,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /// @notice Destroys `amount` tokens from the caller.\n function burn(uint256 amount) external;\n\n /// @notice Destroys `amount` of tokens from `account`, deducting the amount\n /// from caller's allowance.\n function burnFrom(address account, uint256 amount) external;\n\n /// @notice Returns hash of EIP712 Domain struct with the token name as\n /// a signing domain and token contract as a verifying contract.\n /// Used to construct EIP2612 signature provided to `permit`\n /// function.\n /* solhint-disable-next-line func-name-mixedcase */\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n\n /// @notice Returns the current nonce for EIP2612 permission for the\n /// provided token owner for a replay protection. Used to construct\n /// EIP2612 signature provided to `permit` function.\n function nonce(address owner) external view returns (uint256);\n\n /// @notice Returns EIP2612 Permit message hash. Used to construct EIP2612\n /// signature provided to `permit` function.\n /* solhint-disable-next-line func-name-mixedcase */\n function PERMIT_TYPEHASH() external pure returns (bytes32);\n}\n"
30
- },
31
- "@thesis/solidity-contracts/contracts/token/IReceiveApproval.sol": {
32
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.4;\n\n/// @notice An interface that should be implemented by contracts supporting\n/// `approveAndCall`/`receiveApproval` pattern.\ninterface IReceiveApproval {\n /// @notice Receives approval to spend tokens. Called as a result of\n /// `approveAndCall` call on the token.\n function receiveApproval(\n address from,\n uint256 amount,\n address token,\n bytes calldata extraData\n ) external;\n}\n"
33
- },
34
- "@openzeppelin/contracts/token/ERC20/IERC20.sol": {
35
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(\n address sender,\n address recipient,\n uint256 amount\n ) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n"
36
- },
37
- "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol": {
38
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\n\n/**\n * @dev Interface for the optional metadata functions from the ERC20 standard.\n *\n * _Available since v4.1._\n */\ninterface IERC20Metadata is IERC20 {\n /**\n * @dev Returns the name of the token.\n */\n function name() external view returns (string memory);\n\n /**\n * @dev Returns the symbol of the token.\n */\n function symbol() external view returns (string memory);\n\n /**\n * @dev Returns the decimals places of the token.\n */\n function decimals() external view returns (uint8);\n}\n"
39
- },
40
- "@thesis/solidity-contracts/contracts/token/IApproveAndCall.sol": {
41
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.4;\n\n/// @notice An interface that should be implemented by tokens supporting\n/// `approveAndCall`/`receiveApproval` pattern.\ninterface IApproveAndCall {\n /// @notice Executes `receiveApproval` function on spender as specified in\n /// `IReceiveApproval` interface. Approves spender to withdraw from\n /// the caller multiple times, up to the `amount`. If this\n /// function is called again, it overwrites the current allowance\n /// with `amount`. Reverts if the approval reverted or if\n /// `receiveApproval` call on the spender reverted.\n function approveAndCall(\n address spender,\n uint256 amount,\n bytes memory extraData\n ) external returns (bool);\n}\n"
42
- },
43
- "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": {
44
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\nimport \"../../../utils/Address.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using Address for address;\n\n function safeTransfer(\n IERC20 token,\n address to,\n uint256 value\n ) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(\n IERC20 token,\n address from,\n address to,\n uint256 value\n ) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(\n IERC20 token,\n address spender,\n uint256 value\n ) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(\n IERC20 token,\n address spender,\n uint256 value\n ) internal {\n uint256 newAllowance = token.allowance(address(this), spender) + value;\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(\n IERC20 token,\n address spender,\n uint256 value\n ) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n uint256 newAllowance = oldAllowance - value;\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length > 0) {\n // Return data is optional\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n"
45
- },
46
- "@openzeppelin/contracts/token/ERC721/IERC721.sol": {
47
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"../../utils/introspection/IERC165.sol\";\n\n/**\n * @dev Required interface of an ERC721 compliant contract.\n */\ninterface IERC721 is IERC165 {\n /**\n * @dev Emitted when `tokenId` token is transferred from `from` to `to`.\n */\n event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);\n\n /**\n * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.\n */\n event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);\n\n /**\n * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.\n */\n event ApprovalForAll(address indexed owner, address indexed operator, bool approved);\n\n /**\n * @dev Returns the number of tokens in ``owner``'s account.\n */\n function balanceOf(address owner) external view returns (uint256 balance);\n\n /**\n * @dev Returns the owner of the `tokenId` token.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function ownerOf(uint256 tokenId) external view returns (address owner);\n\n /**\n * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients\n * are aware of the ERC721 protocol to prevent tokens from being forever locked.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must exist and be owned by `from`.\n * - If the caller is not `from`, it must be have been allowed to move this token by either {approve} or {setApprovalForAll}.\n * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.\n *\n * Emits a {Transfer} event.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId\n ) external;\n\n /**\n * @dev Transfers `tokenId` token from `from` to `to`.\n *\n * WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must be owned by `from`.\n * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(\n address from,\n address to,\n uint256 tokenId\n ) external;\n\n /**\n * @dev Gives permission to `to` to transfer `tokenId` token to another account.\n * The approval is cleared when the token is transferred.\n *\n * Only a single account can be approved at a time, so approving the zero address clears previous approvals.\n *\n * Requirements:\n *\n * - The caller must own the token or be an approved operator.\n * - `tokenId` must exist.\n *\n * Emits an {Approval} event.\n */\n function approve(address to, uint256 tokenId) external;\n\n /**\n * @dev Returns the account approved for `tokenId` token.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function getApproved(uint256 tokenId) external view returns (address operator);\n\n /**\n * @dev Approve or remove `operator` as an operator for the caller.\n * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.\n *\n * Requirements:\n *\n * - The `operator` cannot be the caller.\n *\n * Emits an {ApprovalForAll} event.\n */\n function setApprovalForAll(address operator, bool _approved) external;\n\n /**\n * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.\n *\n * See {setApprovalForAll}\n */\n function isApprovedForAll(address owner, address operator) external view returns (bool);\n\n /**\n * @dev Safely transfers `tokenId` token from `from` to `to`.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must exist and be owned by `from`.\n * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.\n * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.\n *\n * Emits a {Transfer} event.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId,\n bytes calldata data\n ) external;\n}\n"
48
- },
49
- "@openzeppelin/contracts/utils/Address.sol": {
50
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n assembly {\n size := extcodesize(account)\n }\n return size > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) private pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n"
51
- },
52
- "@openzeppelin/contracts/utils/introspection/IERC165.sol": {
53
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC165 standard, as defined in the\n * https://eips.ethereum.org/EIPS/eip-165[EIP].\n *\n * Implementers can declare support of contract interfaces, which can then be\n * queried by others ({ERC165Checker}).\n *\n * For an implementation, see {ERC165}.\n */\ninterface IERC165 {\n /**\n * @dev Returns true if this contract implements the interface defined by\n * `interfaceId`. See the corresponding\n * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]\n * to learn more about how these ids are created.\n *\n * This function call must use less than 30 000 gas.\n */\n function supportsInterface(bytes4 interfaceId) external view returns (bool);\n}\n"
54
- },
55
- "contracts/test/ReceiveApprovalStub.sol": {
56
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.4;\n\nimport \"../token/TBTC.sol\";\n\ncontract ReceiveApprovalStub is IReceiveApproval {\n bool public shouldRevert;\n\n event ApprovalReceived(\n address from,\n uint256 value,\n address token,\n bytes extraData\n );\n\n function receiveApproval(\n address from,\n uint256 value,\n address token,\n bytes calldata extraData\n ) external override {\n if (shouldRevert) {\n revert(\"i am your father luke\");\n }\n\n emit ApprovalReceived(from, value, token, extraData);\n }\n\n function setShouldRevert(bool _shouldRevert) external {\n shouldRevert = _shouldRevert;\n }\n}\n"
57
- },
58
- "@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol": {
59
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"../IERC721.sol\";\n\n/**\n * @title ERC-721 Non-Fungible Token Standard, optional metadata extension\n * @dev See https://eips.ethereum.org/EIPS/eip-721\n */\ninterface IERC721Metadata is IERC721 {\n /**\n * @dev Returns the token collection name.\n */\n function name() external view returns (string memory);\n\n /**\n * @dev Returns the token collection symbol.\n */\n function symbol() external view returns (string memory);\n\n /**\n * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.\n */\n function tokenURI(uint256 tokenId) external view returns (string memory);\n}\n"
60
- },
61
- "@openzeppelin/contracts/token/ERC721/ERC721.sol": {
62
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"./IERC721.sol\";\nimport \"./IERC721Receiver.sol\";\nimport \"./extensions/IERC721Metadata.sol\";\nimport \"../../utils/Address.sol\";\nimport \"../../utils/Context.sol\";\nimport \"../../utils/Strings.sol\";\nimport \"../../utils/introspection/ERC165.sol\";\n\n/**\n * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including\n * the Metadata extension, but not including the Enumerable extension, which is available separately as\n * {ERC721Enumerable}.\n */\ncontract ERC721 is Context, ERC165, IERC721, IERC721Metadata {\n using Address for address;\n using Strings for uint256;\n\n // Token name\n string private _name;\n\n // Token symbol\n string private _symbol;\n\n // Mapping from token ID to owner address\n mapping(uint256 => address) private _owners;\n\n // Mapping owner address to token count\n mapping(address => uint256) private _balances;\n\n // Mapping from token ID to approved address\n mapping(uint256 => address) private _tokenApprovals;\n\n // Mapping from owner to operator approvals\n mapping(address => mapping(address => bool)) private _operatorApprovals;\n\n /**\n * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.\n */\n constructor(string memory name_, string memory symbol_) {\n _name = name_;\n _symbol = symbol_;\n }\n\n /**\n * @dev See {IERC165-supportsInterface}.\n */\n function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {\n return\n interfaceId == type(IERC721).interfaceId ||\n interfaceId == type(IERC721Metadata).interfaceId ||\n super.supportsInterface(interfaceId);\n }\n\n /**\n * @dev See {IERC721-balanceOf}.\n */\n function balanceOf(address owner) public view virtual override returns (uint256) {\n require(owner != address(0), \"ERC721: balance query for the zero address\");\n return _balances[owner];\n }\n\n /**\n * @dev See {IERC721-ownerOf}.\n */\n function ownerOf(uint256 tokenId) public view virtual override returns (address) {\n address owner = _owners[tokenId];\n require(owner != address(0), \"ERC721: owner query for nonexistent token\");\n return owner;\n }\n\n /**\n * @dev See {IERC721Metadata-name}.\n */\n function name() public view virtual override returns (string memory) {\n return _name;\n }\n\n /**\n * @dev See {IERC721Metadata-symbol}.\n */\n function symbol() public view virtual override returns (string memory) {\n return _symbol;\n }\n\n /**\n * @dev See {IERC721Metadata-tokenURI}.\n */\n function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {\n require(_exists(tokenId), \"ERC721Metadata: URI query for nonexistent token\");\n\n string memory baseURI = _baseURI();\n return bytes(baseURI).length > 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : \"\";\n }\n\n /**\n * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each\n * token will be the concatenation of the `baseURI` and the `tokenId`. Empty\n * by default, can be overriden in child contracts.\n */\n function _baseURI() internal view virtual returns (string memory) {\n return \"\";\n }\n\n /**\n * @dev See {IERC721-approve}.\n */\n function approve(address to, uint256 tokenId) public virtual override {\n address owner = ERC721.ownerOf(tokenId);\n require(to != owner, \"ERC721: approval to current owner\");\n\n require(\n _msgSender() == owner || isApprovedForAll(owner, _msgSender()),\n \"ERC721: approve caller is not owner nor approved for all\"\n );\n\n _approve(to, tokenId);\n }\n\n /**\n * @dev See {IERC721-getApproved}.\n */\n function getApproved(uint256 tokenId) public view virtual override returns (address) {\n require(_exists(tokenId), \"ERC721: approved query for nonexistent token\");\n\n return _tokenApprovals[tokenId];\n }\n\n /**\n * @dev See {IERC721-setApprovalForAll}.\n */\n function setApprovalForAll(address operator, bool approved) public virtual override {\n require(operator != _msgSender(), \"ERC721: approve to caller\");\n\n _operatorApprovals[_msgSender()][operator] = approved;\n emit ApprovalForAll(_msgSender(), operator, approved);\n }\n\n /**\n * @dev See {IERC721-isApprovedForAll}.\n */\n function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) {\n return _operatorApprovals[owner][operator];\n }\n\n /**\n * @dev See {IERC721-transferFrom}.\n */\n function transferFrom(\n address from,\n address to,\n uint256 tokenId\n ) public virtual override {\n //solhint-disable-next-line max-line-length\n require(_isApprovedOrOwner(_msgSender(), tokenId), \"ERC721: transfer caller is not owner nor approved\");\n\n _transfer(from, to, tokenId);\n }\n\n /**\n * @dev See {IERC721-safeTransferFrom}.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId\n ) public virtual override {\n safeTransferFrom(from, to, tokenId, \"\");\n }\n\n /**\n * @dev See {IERC721-safeTransferFrom}.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId,\n bytes memory _data\n ) public virtual override {\n require(_isApprovedOrOwner(_msgSender(), tokenId), \"ERC721: transfer caller is not owner nor approved\");\n _safeTransfer(from, to, tokenId, _data);\n }\n\n /**\n * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients\n * are aware of the ERC721 protocol to prevent tokens from being forever locked.\n *\n * `_data` is additional data, it has no specified format and it is sent in call to `to`.\n *\n * This internal function is equivalent to {safeTransferFrom}, and can be used to e.g.\n * implement alternative mechanisms to perform token transfer, such as signature-based.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must exist and be owned by `from`.\n * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.\n *\n * Emits a {Transfer} event.\n */\n function _safeTransfer(\n address from,\n address to,\n uint256 tokenId,\n bytes memory _data\n ) internal virtual {\n _transfer(from, to, tokenId);\n require(_checkOnERC721Received(from, to, tokenId, _data), \"ERC721: transfer to non ERC721Receiver implementer\");\n }\n\n /**\n * @dev Returns whether `tokenId` exists.\n *\n * Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}.\n *\n * Tokens start existing when they are minted (`_mint`),\n * and stop existing when they are burned (`_burn`).\n */\n function _exists(uint256 tokenId) internal view virtual returns (bool) {\n return _owners[tokenId] != address(0);\n }\n\n /**\n * @dev Returns whether `spender` is allowed to manage `tokenId`.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function _isApprovedOrOwner(address spender, uint256 tokenId) internal view virtual returns (bool) {\n require(_exists(tokenId), \"ERC721: operator query for nonexistent token\");\n address owner = ERC721.ownerOf(tokenId);\n return (spender == owner || getApproved(tokenId) == spender || isApprovedForAll(owner, spender));\n }\n\n /**\n * @dev Safely mints `tokenId` and transfers it to `to`.\n *\n * Requirements:\n *\n * - `tokenId` must not exist.\n * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.\n *\n * Emits a {Transfer} event.\n */\n function _safeMint(address to, uint256 tokenId) internal virtual {\n _safeMint(to, tokenId, \"\");\n }\n\n /**\n * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is\n * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.\n */\n function _safeMint(\n address to,\n uint256 tokenId,\n bytes memory _data\n ) internal virtual {\n _mint(to, tokenId);\n require(\n _checkOnERC721Received(address(0), to, tokenId, _data),\n \"ERC721: transfer to non ERC721Receiver implementer\"\n );\n }\n\n /**\n * @dev Mints `tokenId` and transfers it to `to`.\n *\n * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible\n *\n * Requirements:\n *\n * - `tokenId` must not exist.\n * - `to` cannot be the zero address.\n *\n * Emits a {Transfer} event.\n */\n function _mint(address to, uint256 tokenId) internal virtual {\n require(to != address(0), \"ERC721: mint to the zero address\");\n require(!_exists(tokenId), \"ERC721: token already minted\");\n\n _beforeTokenTransfer(address(0), to, tokenId);\n\n _balances[to] += 1;\n _owners[tokenId] = to;\n\n emit Transfer(address(0), to, tokenId);\n }\n\n /**\n * @dev Destroys `tokenId`.\n * The approval is cleared when the token is burned.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n *\n * Emits a {Transfer} event.\n */\n function _burn(uint256 tokenId) internal virtual {\n address owner = ERC721.ownerOf(tokenId);\n\n _beforeTokenTransfer(owner, address(0), tokenId);\n\n // Clear approvals\n _approve(address(0), tokenId);\n\n _balances[owner] -= 1;\n delete _owners[tokenId];\n\n emit Transfer(owner, address(0), tokenId);\n }\n\n /**\n * @dev Transfers `tokenId` from `from` to `to`.\n * As opposed to {transferFrom}, this imposes no restrictions on msg.sender.\n *\n * Requirements:\n *\n * - `to` cannot be the zero address.\n * - `tokenId` token must be owned by `from`.\n *\n * Emits a {Transfer} event.\n */\n function _transfer(\n address from,\n address to,\n uint256 tokenId\n ) internal virtual {\n require(ERC721.ownerOf(tokenId) == from, \"ERC721: transfer of token that is not own\");\n require(to != address(0), \"ERC721: transfer to the zero address\");\n\n _beforeTokenTransfer(from, to, tokenId);\n\n // Clear approvals from the previous owner\n _approve(address(0), tokenId);\n\n _balances[from] -= 1;\n _balances[to] += 1;\n _owners[tokenId] = to;\n\n emit Transfer(from, to, tokenId);\n }\n\n /**\n * @dev Approve `to` to operate on `tokenId`\n *\n * Emits a {Approval} event.\n */\n function _approve(address to, uint256 tokenId) internal virtual {\n _tokenApprovals[tokenId] = to;\n emit Approval(ERC721.ownerOf(tokenId), to, tokenId);\n }\n\n /**\n * @dev Internal function to invoke {IERC721Receiver-onERC721Received} on a target address.\n * The call is not executed if the target address is not a contract.\n *\n * @param from address representing the previous owner of the given token ID\n * @param to target address that will receive the tokens\n * @param tokenId uint256 ID of the token to be transferred\n * @param _data bytes optional data to send along with the call\n * @return bool whether the call correctly returned the expected magic value\n */\n function _checkOnERC721Received(\n address from,\n address to,\n uint256 tokenId,\n bytes memory _data\n ) private returns (bool) {\n if (to.isContract()) {\n try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, _data) returns (bytes4 retval) {\n return retval == IERC721Receiver(to).onERC721Received.selector;\n } catch (bytes memory reason) {\n if (reason.length == 0) {\n revert(\"ERC721: transfer to non ERC721Receiver implementer\");\n } else {\n assembly {\n revert(add(32, reason), mload(reason))\n }\n }\n }\n } else {\n return true;\n }\n }\n\n /**\n * @dev Hook that is called before any token transfer. This includes minting\n * and burning.\n *\n * Calling conditions:\n *\n * - When `from` and `to` are both non-zero, ``from``'s `tokenId` will be\n * transferred to `to`.\n * - When `from` is zero, `tokenId` will be minted for `to`.\n * - When `to` is zero, ``from``'s `tokenId` will be burned.\n * - `from` and `to` are never both zero.\n *\n * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].\n */\n function _beforeTokenTransfer(\n address from,\n address to,\n uint256 tokenId\n ) internal virtual {}\n}\n"
63
- },
64
- "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol": {
65
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\n/**\n * @title ERC721 token receiver interface\n * @dev Interface for any contract that wants to support safeTransfers\n * from ERC721 asset contracts.\n */\ninterface IERC721Receiver {\n /**\n * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}\n * by `operator` from `from`, this function is called.\n *\n * It must return its Solidity selector to confirm the token transfer.\n * If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.\n *\n * The selector can be obtained in Solidity with `IERC721.onERC721Received.selector`.\n */\n function onERC721Received(\n address operator,\n address from,\n uint256 tokenId,\n bytes calldata data\n ) external returns (bytes4);\n}\n"
66
- },
67
- "@openzeppelin/contracts/utils/Strings.sol": {
68
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _HEX_SYMBOLS = \"0123456789abcdef\";\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n // Inspired by OraclizeAPI's implementation - MIT licence\n // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol\n\n if (value == 0) {\n return \"0\";\n }\n uint256 temp = value;\n uint256 digits;\n while (temp != 0) {\n digits++;\n temp /= 10;\n }\n bytes memory buffer = new bytes(digits);\n while (value != 0) {\n digits -= 1;\n buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));\n value /= 10;\n }\n return string(buffer);\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n if (value == 0) {\n return \"0x00\";\n }\n uint256 temp = value;\n uint256 length = 0;\n while (temp != 0) {\n length++;\n temp >>= 8;\n }\n return toHexString(value, length);\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _HEX_SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n}\n"
69
- },
70
- "@openzeppelin/contracts/utils/introspection/ERC165.sol": {
71
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.8.0;\n\nimport \"./IERC165.sol\";\n\n/**\n * @dev Implementation of the {IERC165} interface.\n *\n * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check\n * for the additional interface id that will be supported. For example:\n *\n * ```solidity\n * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {\n * return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);\n * }\n * ```\n *\n * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.\n */\nabstract contract ERC165 is IERC165 {\n /**\n * @dev See {IERC165-supportsInterface}.\n */\n function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {\n return interfaceId == type(IERC165).interfaceId;\n }\n}\n"
72
- },
73
- "contracts/test/TestERC20.sol": {
74
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.4;\n\nimport \"@thesis/solidity-contracts/contracts/token/ERC20WithPermit.sol\";\n\ncontract TestERC20 is ERC20WithPermit {\n string public constant NAME = \"Test ERC20 Token\";\n string public constant SYMBOL = \"TT\";\n\n constructor() ERC20WithPermit(NAME, SYMBOL) {}\n}\n"
75
- },
76
- "contracts/bridge/VendingMachine.sol": {
77
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.4;\n\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@thesis/solidity-contracts/contracts/token/IReceiveApproval.sol\";\n\nimport \"../token/TBTC.sol\";\nimport \"../GovernanceUtils.sol\";\n\n/// @title TBTC v2 Vending Machine\n/// @notice The Vending Machine is the owner of TBTC v2 token and can mint\n/// TBTC v2 tokens in 1:1 ratio from TBTC v1 tokens with TBTC v1\n/// deposited in the contract as collateral. TBTC v2 can be\n/// unminted back to TBTC v1 with or without a fee - fee parameter is\n/// controlled by the Governance. This implementation acts as a bridge\n/// between TBTC v1 and TBTC v2 token, allowing to mint TBTC v2 before\n/// the system is ready and fully operational without sacrificing any\n/// security guarantees and decentralization of the project.\n/// Vending Machine can be upgraded in a two-step, governance-controlled\n/// process. The new version of the Vending Machine will receive the\n/// ownership of TBTC v2 token and entire TBTC v1 balance stored as\n/// collateral. It is expected that this process will be executed before\n/// the v2 system launch. There is an optional unmint fee with a value\n/// that can be updated in a two-step, governance-controlled process.\n/// All governable parameters are controlled by two roles: update\n/// initiator and finalizer. There is a separate initiator role for\n/// unmint fee update and vending machine upgrade. The initiator\n/// proposes the change by initiating the update and the finalizer\n/// (contract owner) may approve it by finalizing the change after the\n/// governance delay passes.\ncontract VendingMachine is Ownable, IReceiveApproval {\n using SafeERC20 for IERC20;\n using SafeERC20 for TBTC;\n\n /// @notice The time delay that needs to pass between initializing and\n /// finalizing update of any governable parameter in this contract.\n uint256 public constant GOVERNANCE_DELAY = 7 days;\n\n /// @notice Divisor for precision purposes. Used to represent fractions\n /// in parameter values.\n uint256 public constant FLOATING_POINT_DIVISOR = 1e18;\n\n IERC20 public immutable tbtcV1;\n TBTC public immutable tbtcV2;\n\n /// @notice The fee for unminting TBTC v2 back into TBTC v1 represented as\n /// 1e18 precision fraction. The fee is proportional to the amount\n /// being unminted and added on the top of the amount being unminted.\n /// To calculate the fee value, the amount being unminted needs\n /// to be multiplied by `unmintFee` and divided by 1e18.\n /// For example, `unmintFee` set to 1000000000000000\n /// means that 0.001 of the amount being unminted needs to be paid\n /// to the `VendingMachine` as an unminting fee on the top of the\n /// amount being unminted.\n uint256 public unmintFee;\n uint256 public newUnmintFee;\n uint256 public unmintFeeUpdateInitiatedTimestamp;\n address public unmintFeeUpdateInitiator;\n\n /// @notice The address of a new vending machine. Set only when the upgrade\n /// process is pending. Once the upgrade gets finalized, the new\n /// vending machine will become an owner of TBTC v2 token.\n address public newVendingMachine;\n uint256 public vendingMachineUpgradeInitiatedTimestamp;\n address public vendingMachineUpgradeInitiator;\n\n event UnmintFeeUpdateInitiated(uint256 newUnmintFee, uint256 timestamp);\n event UnmintFeeUpdated(uint256 newUnmintFee);\n\n event VendingMachineUpgradeInitiated(\n address newVendingMachine,\n uint256 timestamp\n );\n event VendingMachineUpgraded(address newVendingMachine);\n\n event Minted(address indexed recipient, uint256 amount);\n event Unminted(address indexed recipient, uint256 amount, uint256 fee);\n\n modifier only(address authorizedCaller) {\n require(msg.sender == authorizedCaller, \"Caller is not authorized\");\n _;\n }\n\n modifier onlyAfterGovernanceDelay(uint256 changeInitiatedTimestamp) {\n GovernanceUtils.onlyAfterGovernanceDelay(\n changeInitiatedTimestamp,\n GOVERNANCE_DELAY\n );\n _;\n }\n\n constructor(\n IERC20 _tbtcV1,\n TBTC _tbtcV2,\n uint256 _unmintFee\n ) {\n tbtcV1 = _tbtcV1;\n tbtcV2 = _tbtcV2;\n unmintFee = _unmintFee;\n\n unmintFeeUpdateInitiator = msg.sender;\n vendingMachineUpgradeInitiator = msg.sender;\n }\n\n /// @notice Mints TBTC v2 to the caller from TBTC v1 with 1:1 ratio.\n /// The caller needs to have at least `amount` of TBTC v1 balance\n /// approved for transfer to the `VendingMachine` before calling\n /// this function.\n /// @param amount The amount of TBTC v2 to mint from TBTC v1\n function mint(uint256 amount) external {\n _mint(msg.sender, amount);\n }\n\n /// @notice Mints TBTC v2 to `from` address from TBTC v1 with 1:1 ratio.\n /// `from` address needs to have at least `amount` of TBTC v1\n /// balance approved for transfer to the `VendingMachine` before\n /// calling this function.\n /// @dev This function is a shortcut for approve + mint. Only TBTC v1\n /// caller is allowed and only TBTC v1 is allowed as a token to\n /// transfer.\n /// @param from TBTC v1 token holder minting TBTC v2 tokens\n /// @param amount The amount of TBTC v2 to mint from TBTC v1\n /// @param token TBTC v1 token address\n function receiveApproval(\n address from,\n uint256 amount,\n address token,\n bytes calldata\n ) external override {\n require(token == address(tbtcV1), \"Token is not TBTC v1\");\n require(msg.sender == address(tbtcV1), \"Only TBTC v1 caller allowed\");\n _mint(from, amount);\n }\n\n /// @notice Unmints TBTC v2 from the caller into TBTC v1. Depending on\n /// `unmintFee` value, may require paying an additional unmint fee\n /// in TBTC v2 in addition to the amount being unminted. To see\n /// what is the value of the fee, please call `unmintFeeFor(amount)`\n /// function. The caller needs to have at least\n /// `amount + unmintFeeFor(amount)` of TBTC v2 balance approved for\n /// transfer to the `VendingMachine` before calling this function.\n /// @param amount The amount of TBTC v2 to unmint to TBTC v1\n function unmint(uint256 amount) external {\n uint256 fee = unmintFeeFor(amount);\n emit Unminted(msg.sender, amount, fee);\n\n require(\n tbtcV2.balanceOf(msg.sender) >= amount + fee,\n \"Amount + fee exceeds TBTC v2 balance\"\n );\n\n tbtcV2.safeTransferFrom(msg.sender, address(this), fee);\n tbtcV2.burnFrom(msg.sender, amount);\n tbtcV1.safeTransfer(msg.sender, amount);\n }\n\n /// @notice Allows the Governance to withdraw unmint fees accumulated by\n /// `VendingMachine`.\n /// @param recipient The address receiving the fees\n /// @param amount The amount of fees in TBTC v2 to withdraw\n function withdrawFees(address recipient, uint256 amount)\n external\n onlyOwner\n {\n tbtcV2.safeTransfer(recipient, amount);\n }\n\n /// @notice Initiates unmint fee update process. The update process needs to\n /// be finalized with a call to `finalizeUnmintFeeUpdate` function\n /// after the `GOVERNANCE_DELAY` passes. Only unmint fee update\n /// initiator role can initiate the update.\n /// @param _newUnmintFee The new unmint fee\n function initiateUnmintFeeUpdate(uint256 _newUnmintFee)\n external\n only(unmintFeeUpdateInitiator)\n {\n /* solhint-disable-next-line not-rely-on-time */\n emit UnmintFeeUpdateInitiated(_newUnmintFee, block.timestamp);\n newUnmintFee = _newUnmintFee;\n /* solhint-disable-next-line not-rely-on-time */\n unmintFeeUpdateInitiatedTimestamp = block.timestamp;\n }\n\n /// @notice Allows the contract owner to finalize unmint fee update process.\n /// The update process needs to be first initiated with a call to\n /// `initiateUnmintFeeUpdate` and the `GOVERNANCE_DELAY` needs to\n /// pass.\n function finalizeUnmintFeeUpdate()\n external\n onlyOwner\n onlyAfterGovernanceDelay(unmintFeeUpdateInitiatedTimestamp)\n {\n emit UnmintFeeUpdated(newUnmintFee);\n unmintFee = newUnmintFee;\n newUnmintFee = 0;\n unmintFeeUpdateInitiatedTimestamp = 0;\n }\n\n /// @notice Initiates vending machine upgrade process. The upgrade process\n /// needs to be finalized with a call to\n /// `finalizeVendingMachineUpgrade` function after the\n /// `GOVERNANCE_DELAY` passes. Only vending machine upgrade\n /// initiator role can initiate the upgrade.\n /// @param _newVendingMachine The new vending machine address\n function initiateVendingMachineUpgrade(address _newVendingMachine)\n external\n only(vendingMachineUpgradeInitiator)\n {\n require(\n _newVendingMachine != address(0),\n \"New VendingMachine cannot be zero address\"\n );\n\n emit VendingMachineUpgradeInitiated(\n _newVendingMachine,\n /* solhint-disable-next-line not-rely-on-time */\n block.timestamp\n );\n newVendingMachine = _newVendingMachine;\n /* solhint-disable-next-line not-rely-on-time */\n vendingMachineUpgradeInitiatedTimestamp = block.timestamp;\n }\n\n /// @notice Allows the contract owner to finalize vending machine upgrade\n /// process. The upgrade process needs to be first initiated with a\n /// call to `initiateVendingMachineUpgrade` and the `GOVERNANCE_DELAY`\n /// needs to pass. Once the upgrade is finalized, the new vending\n /// machine will become an owner of TBTC v2 token and all TBTC v1\n /// held by this contract will be transferred to the new vending\n /// machine.\n function finalizeVendingMachineUpgrade()\n external\n onlyOwner\n onlyAfterGovernanceDelay(vendingMachineUpgradeInitiatedTimestamp)\n {\n emit VendingMachineUpgraded(newVendingMachine);\n //slither-disable-next-line reentrancy-no-eth\n tbtcV2.transferOwnership(newVendingMachine);\n tbtcV1.safeTransfer(newVendingMachine, tbtcV1.balanceOf(address(this)));\n newVendingMachine = address(0);\n vendingMachineUpgradeInitiatedTimestamp = 0;\n }\n\n /// @notice Transfers unmint fee update initiator role to another address.\n /// Can be called only by the current unmint fee update initiator.\n /// @param newInitiator The new unmint fee update initiator\n function transferUnmintFeeUpdateInitiatorRole(address newInitiator)\n external\n only(unmintFeeUpdateInitiator)\n {\n require(\n newInitiator != address(0),\n \"New initiator must not be zero address\"\n );\n unmintFeeUpdateInitiator = newInitiator;\n }\n\n /// @notice Transfers vending machine upgrade initiator role to another\n /// address. Can be called only by the current vending machine\n /// upgrade initiator.\n /// @param newInitiator The new vending machine upgrade initator\n function transferVendingMachineUpgradeInitiatorRole(address newInitiator)\n external\n only(vendingMachineUpgradeInitiator)\n {\n require(\n newInitiator != address(0),\n \"New initiator must not be zero address\"\n );\n vendingMachineUpgradeInitiator = newInitiator;\n }\n\n /// @notice Get the remaining time that needs to pass until unmint fee\n /// update can be finalized by the Governance. If the update has\n /// not been initiated, the function reverts.\n function getRemainingUnmintFeeUpdateTime() external view returns (uint256) {\n return\n GovernanceUtils.getRemainingGovernanceDelay(\n unmintFeeUpdateInitiatedTimestamp,\n GOVERNANCE_DELAY\n );\n }\n\n /// @notice Get the remaining time that needs to pass until vending machine\n /// upgrade can be finalized by the Governance. If the upgrade has\n /// not been initiated, the function reverts.\n function getRemainingVendingMachineUpgradeTime()\n external\n view\n returns (uint256)\n {\n return\n GovernanceUtils.getRemainingGovernanceDelay(\n vendingMachineUpgradeInitiatedTimestamp,\n GOVERNANCE_DELAY\n );\n }\n\n /// @notice Calculates the fee that needs to be paid to the `VendingMachine`\n /// to unmint the given amount of TBTC v2 back into TBTC v1.\n function unmintFeeFor(uint256 amount) public view returns (uint256) {\n return (amount * unmintFee) / FLOATING_POINT_DIVISOR;\n }\n\n function _mint(address tokenOwner, uint256 amount) internal {\n emit Minted(tokenOwner, amount);\n tbtcV1.safeTransferFrom(tokenOwner, address(this), amount);\n tbtcV2.mint(tokenOwner, amount);\n }\n}\n"
78
- },
79
- "contracts/GovernanceUtils.sol": {
80
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.4;\n\nlibrary GovernanceUtils {\n /// @notice Reverts if the governance delay has not passed since\n /// the change initiated time or if the change has not been\n /// initiated.\n /// @param changeInitiatedTimestamp The timestamp at which the change has\n /// been initiated.\n /// @param delay Governance delay.\n function onlyAfterGovernanceDelay(\n uint256 changeInitiatedTimestamp,\n uint256 delay\n ) internal view {\n require(changeInitiatedTimestamp > 0, \"Change not initiated\");\n require(\n /* solhint-disable-next-line not-rely-on-time */\n block.timestamp - changeInitiatedTimestamp >= delay,\n \"Governance delay has not elapsed\"\n );\n }\n\n /// @notice Gets the time remaining until the governable parameter update\n /// can be committed.\n /// @param changeInitiatedTimestamp Timestamp indicating the beginning of\n /// the change\n /// @param delay Governance delay\n /// @return Remaining time in seconds\n function getRemainingGovernanceDelay(\n uint256 changeInitiatedTimestamp,\n uint256 delay\n ) internal view returns (uint256) {\n require(changeInitiatedTimestamp > 0, \"Change not initiated\");\n /* solhint-disable-next-line not-rely-on-time */\n uint256 elapsed = block.timestamp - changeInitiatedTimestamp;\n if (elapsed >= delay) {\n return 0;\n } else {\n return delay - elapsed;\n }\n }\n}\n"
81
- },
82
- "contracts/test/TestERC721.sol": {
83
- "content": "// SPDX-License-Identifier: MIT\n\npragma solidity 0.8.4;\n\nimport \"@openzeppelin/contracts/token/ERC721/ERC721.sol\";\n\ncontract TestERC721 is ERC721 {\n string public constant NAME = \"Test ERC721 Token\";\n string public constant SYMBOL = \"TT\";\n\n constructor() ERC721(NAME, SYMBOL) {}\n\n function mint(address to, uint256 tokenId) public {\n _mint(to, tokenId);\n }\n}\n"
84
- },
85
- "contracts/bridge/Bridge.sol": {
86
- "content": "// SPDX-License-Identifier: MIT\n\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ██████████████ ▐████▌ ██████████████\n// ██████████████ ▐████▌ ██████████████\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n// ▐████▌ ▐████▌\n\npragma solidity 0.8.4;\n\nimport {BTCUtils} from \"@keep-network/bitcoin-spv-sol/contracts/BTCUtils.sol\";\nimport {BytesLib} from \"@keep-network/bitcoin-spv-sol/contracts/BytesLib.sol\";\n\n/// @title BTC Bridge\n/// @notice Bridge manages BTC deposit and redemption and is increasing and\n/// decreasing balances in the Bank as a result of BTC deposit and\n/// redemption operations.\n///\n/// Depositors send BTC funds to the most-recently-created-wallet of the\n/// bridge using pay-to-script-hash (P2SH) or\n/// pay-to-witness-script-hash (P2WSH) which contains hashed\n/// information about the depositor’s minting Ethereum address. Then,\n/// the depositor reveals their desired Ethereum minting address to the\n/// Ethereum chain. The Bridge listens for these sorts of messages and\n/// when it gets one, it checks the Bitcoin network to make sure the\n/// funds line up. If they do, the off-chain wallet may decide to pick\n/// this transaction for sweeping, and when the sweep operation is\n/// confirmed on the Bitcoin network, the wallet informs the Bridge\n/// about the sweep increasing appropriate balances in the Bank.\n/// @dev Bridge is an upgradeable component of the Bank.\ncontract Bridge {\n using BTCUtils for bytes;\n using BytesLib for bytes;\n\n /// @notice Represents Bitcoin transaction data as described in:\n /// https://developer.bitcoin.org/reference/transactions.html#raw-transaction-format\n struct TxInfo {\n // Transaction version number (4-byte LE).\n bytes4 version;\n // All transaction inputs prepended by the number of inputs encoded\n // as a compactSize uint. Single vector item looks as follows:\n // https://developer.bitcoin.org/reference/transactions.html#txin-a-transaction-input-non-coinbase\n // though SegWit inputs don't contain the signature script (scriptSig).\n // All encoded input transaction hashes are little-endian.\n bytes inputVector;\n // All transaction outputs prepended by the number of outputs encoded\n // as a compactSize uint. Single vector item looks as follows:\n // https://developer.bitcoin.org/reference/transactions.html#txout-a-transaction-output\n bytes outputVector;\n // Transaction locktime (4-byte LE).\n bytes4 locktime;\n }\n\n /// @notice Represents data which must be revealed by the depositor during\n /// deposit reveal.\n struct RevealInfo {\n // Index of the funding output belonging to the funding transaction.\n uint8 fundingOutputIndex;\n // Ethereum depositor address.\n address depositor;\n // The blinding factor as 8 bytes. Byte endianness doesn't matter\n // as this factor is not interpreted as uint.\n bytes8 blindingFactor;\n // The compressed Bitcoin public key (33 bytes and 02 or 03 prefix)\n // of the deposit's wallet hashed in the HASH160 Bitcoin opcode style.\n bytes20 walletPubKeyHash;\n // The compressed Bitcoin public key (33 bytes and 02 or 03 prefix)\n // that can be used to make the deposit refund after the refund\n // locktime passes. Hashed in the HASH160 Bitcoin opcode style.\n bytes20 refundPubKeyHash;\n // The refund locktime (4-byte LE). Interpreted according to locktime\n // parsing rules described in:\n // https://developer.bitcoin.org/devguide/transactions.html#locktime-and-sequence-number\n // and used with OP_CHECKLOCKTIMEVERIFY opcode as described in:\n // https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki\n bytes4 refundLocktime;\n // Address of the tBTC vault.\n address vault;\n }\n\n /// @notice Represents tBTC deposit data.\n struct DepositInfo {\n // Ethereum depositor address.\n address depositor;\n // Deposit amount in satoshi (8-byte LE). For example:\n // 0.0001 BTC = 10000 satoshi = 0x1027000000000000\n bytes8 amount;\n // UNIX timestamp the deposit was revealed at.\n uint32 revealedAt;\n // Address of the tBTC vault.\n address vault;\n }\n\n /// @notice Collection of all unswept deposits indexed by\n /// keccak256(fundingTxHash | fundingOutputIndex).\n /// The fundingTxHash is LE bytes32 and fundingOutputIndex an uint8.\n /// This mapping may contain valid and invalid deposits and the\n /// wallet is responsible for validating them before attempting to\n /// execute a sweep.\n ///\n /// TODO: Explore the possibility of storing just a hash of DepositInfo.\n mapping(uint256 => DepositInfo) public unswept;\n\n event DepositRevealed(\n bytes32 fundingTxHash,\n uint8 fundingOutputIndex,\n address depositor,\n bytes8 blindingFactor,\n bytes20 walletPubKeyHash,\n bytes20 refundPubKeyHash,\n bytes4 refundLocktime\n );\n\n /// @notice Used by the depositor to reveal information about their P2(W)SH\n /// Bitcoin deposit to the Bridge on Ethereum chain. The off-chain\n /// wallet listens for revealed deposit events and may decide to\n /// include the revealed deposit in the next executed sweep.\n /// Information about the Bitcoin deposit can be revealed before or\n /// after the Bitcoin transaction with P2(W)SH deposit is mined on\n /// the Bitcoin chain. Worth noting the gas cost of this function\n /// scales with the number of P2(W)SH transaction inputs and\n /// outputs.\n /// @param fundingTx Bitcoin funding transaction data.\n /// @param reveal Deposit reveal data.\n /// @dev Requirements:\n /// - `reveal.fundingOutputIndex` must point to the actual P2(W)SH\n /// output of the BTC deposit transaction\n /// - `reveal.depositor` must be the Ethereum address used in the\n /// P2(W)SH BTC deposit transaction,\n /// - `reveal.blindingFactor` must be the blinding factor used in the\n /// P2(W)SH BTC deposit transaction,\n /// - `reveal.walletPubKeyHash` must be the wallet pub key hash used in\n /// the P2(W)SH BTC deposit transaction,\n /// - `reveal.refundPubKeyHash` must be the refund pub key hash used in\n /// the P2(W)SH BTC deposit transaction,\n /// - `reveal.refundLocktime` must be the refund locktime used in the\n /// P2(W)SH BTC deposit transaction,\n /// - BTC deposit for the given `fundingTxHash`, `fundingOutputIndex`\n /// can be revealed only one time.\n ///\n /// If any of these requirements is not met, the wallet _must_ refuse\n /// to sweep the deposit and the depositor has to wait until the\n /// deposit script unlocks to receive their BTC back.\n function revealDeposit(\n TxInfo calldata fundingTx,\n RevealInfo calldata reveal\n ) external {\n bytes memory expectedScript =\n abi.encodePacked(\n hex\"14\", // Byte length of depositor Ethereum address.\n reveal.depositor,\n hex\"75\", // OP_DROP\n hex\"08\", // Byte length of blinding factor value.\n reveal.blindingFactor,\n hex\"75\", // OP_DROP\n hex\"76\", // OP_DUP\n hex\"a9\", // OP_HASH160\n hex\"14\", // Byte length of a compressed Bitcoin public key hash.\n reveal.walletPubKeyHash,\n hex\"87\", // OP_EQUAL\n hex\"63\", // OP_IF\n hex\"ac\", // OP_CHECKSIG\n hex\"67\", // OP_ELSE\n hex\"76\", // OP_DUP\n hex\"a9\", // OP_HASH160\n hex\"14\", // Byte length of a compressed Bitcoin public key hash.\n reveal.refundPubKeyHash,\n hex\"88\", // OP_EQUALVERIFY\n hex\"04\", // Byte length of refund locktime value.\n reveal.refundLocktime,\n hex\"b1\", // OP_CHECKLOCKTIMEVERIFY\n hex\"75\", // OP_DROP\n hex\"ac\", // OP_CHECKSIG\n hex\"68\" // OP_ENDIF\n );\n\n bytes memory fundingOutput =\n fundingTx.outputVector.extractOutputAtIndex(\n reveal.fundingOutputIndex\n );\n bytes memory fundingOutputHash = fundingOutput.extractHash();\n\n if (fundingOutputHash.length == 20) {\n // A 20-byte output hash is used by P2SH. That hash is constructed\n // by applying OP_HASH160 on the locking script. A 20-byte output\n // hash is used as well by P2PKH and P2WPKH (OP_HASH160 on the\n // public key). However, since we compare the actual output hash\n // with an expected locking script hash, this check will succeed only\n // for P2SH transaction type with expected script hash value. For\n // P2PKH and P2WPKH, it will fail on the output hash comparison with\n // the expected locking script hash.\n require(\n keccak256(fundingOutputHash) ==\n keccak256(expectedScript.hash160()),\n \"Wrong 20-byte script hash\"\n );\n } else if (fundingOutputHash.length == 32) {\n // A 32-byte output hash is used by P2WSH. That hash is constructed\n // by applying OP_HASH256 on the locking script.\n require(\n fundingOutputHash.toBytes32() == expectedScript.hash256(),\n \"Wrong 32-byte script hash\"\n );\n } else {\n revert(\"Wrong script hash length\");\n }\n\n // Resulting TX hash is in native Bitcoin little-endian format.\n bytes32 fundingTxHash =\n abi\n .encodePacked(\n fundingTx\n .version,\n fundingTx\n .inputVector,\n fundingTx\n .outputVector,\n fundingTx\n .locktime\n )\n .hash256();\n\n DepositInfo storage deposit =\n unswept[\n uint256(\n keccak256(\n abi.encodePacked(\n fundingTxHash,\n reveal.fundingOutputIndex\n )\n )\n )\n ];\n require(deposit.revealedAt == 0, \"Deposit already revealed\");\n\n bytes8 fundingOutputAmount;\n /* solhint-disable-next-line no-inline-assembly */\n assembly {\n // First 8 bytes (little-endian) of the funding output represents\n // its value. To take the value, we need to jump over the first\n // word determining the array length, load the array, and trim it\n // by putting it to a bytes8.\n fundingOutputAmount := mload(add(fundingOutput, 32))\n }\n\n deposit.amount = fundingOutputAmount;\n deposit.depositor = reveal.depositor;\n /* solhint-disable-next-line not-rely-on-time */\n deposit.revealedAt = uint32(block.timestamp);\n deposit.vault = reveal.vault;\n\n emit DepositRevealed(\n fundingTxHash,\n reveal.fundingOutputIndex,\n reveal.depositor,\n reveal.blindingFactor,\n reveal.walletPubKeyHash,\n reveal.refundPubKeyHash,\n reveal.refundLocktime\n );\n }\n\n /// @notice Used by the wallet to prove the BTC deposit sweep transaction\n /// and to update Bank balances accordingly. Sweep is only accepted\n /// if it satisfies SPV proof.\n ///\n /// The function is performing Bank balance updates by first\n /// computing the Bitcoin fee for the sweep transaction. The fee is\n /// divided evenly between all swept deposits. Each depositor\n /// receives a balance in the bank equal to the amount inferred\n /// during the reveal transaction, minus their fee share.\n ///\n /// It is possible to prove the given sweep only one time.\n /// @param sweepTx Bitcoin sweep transaction data.\n /// @param merkleProof The merkle proof of transaction inclusion in a block.\n /// @param txIndexInBlock Transaction index in the block (0-indexed).\n /// @param bitcoinHeaders Single bytestring of 80-byte bitcoin headers,\n /// lowest height first.\n function sweep(\n TxInfo calldata sweepTx,\n bytes memory merkleProof,\n uint256 txIndexInBlock,\n bytes memory bitcoinHeaders\n ) external {\n // TODO We need to read `fundingTxHash`, `fundingOutputIndex` from\n // `sweepTx.inputVector`. We then hash them to obtain deposit\n // identifier and read DepositInfo. From DepositInfo we know what\n // amount was inferred during deposit reveal transaction and we\n // use that amount to update their Bank balance, minus fee.\n //\n // TODO We need to validate if the sum in the output minus the\n // amount from the previous wallet balance input minus fees is\n // equal to the amount by which Bank balances were increased.\n //\n // TODO We need to validate `sweepTx.outputVector` to see if the balance\n // was not transferred away from the wallet before increasing\n // balances in the bank.\n //\n // TODO Delete deposit from unswept mapping or mark it as swept\n // depending on the gas costs. Alternatively, do not allow to\n // use the same TX input vector twice. Sweep should be provable\n // only one time.\n }\n\n // TODO It is possible a malicious wallet can sweep deposits that can not\n // be later proved on Ethereum. For example, a deposit with\n // an incorrect amount revealed. We need to provide a function for honest\n // depositors, next to sweep, to prove their swept balances on Ethereum\n // selectively, based on deposits they have earlier received.\n // (UPDATE PR #90: Is it still the case since amounts are inferred?)\n}\n"
87
- },
88
- "@keep-network/bitcoin-spv-sol/contracts/BTCUtils.sol": {
89
- "content": "pragma solidity ^0.8.4;\n\n/** @title BitcoinSPV */\n/** @author Summa (https://summa.one) */\n\nimport {BytesLib} from \"./BytesLib.sol\";\nimport {SafeMath} from \"./SafeMath.sol\";\n\nlibrary BTCUtils {\n using BytesLib for bytes;\n using SafeMath for uint256;\n\n // The target at minimum Difficulty. Also the target of the genesis block\n uint256 public constant DIFF1_TARGET = 0xffff0000000000000000000000000000000000000000000000000000;\n\n uint256 public constant RETARGET_PERIOD = 2 * 7 * 24 * 60 * 60; // 2 weeks in seconds\n uint256 public constant RETARGET_PERIOD_BLOCKS = 2016; // 2 weeks in blocks\n\n uint256 public constant ERR_BAD_ARG = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;\n\n /* ***** */\n /* UTILS */\n /* ***** */\n\n /// @notice Determines the length of a VarInt in bytes\n /// @dev A VarInt of >1 byte is prefixed with a flag indicating its length\n /// @param _flag The first byte of a VarInt\n /// @return The number of non-flag bytes in the VarInt\n function determineVarIntDataLength(bytes memory _flag) internal pure returns (uint8) {\n if (uint8(_flag[0]) == 0xff) {\n return 8; // one-byte flag, 8 bytes data\n }\n if (uint8(_flag[0]) == 0xfe) {\n return 4; // one-byte flag, 4 bytes data\n }\n if (uint8(_flag[0]) == 0xfd) {\n return 2; // one-byte flag, 2 bytes data\n }\n\n return 0; // flag is data\n }\n\n /// @notice Parse a VarInt into its data length and the number it represents\n /// @dev Useful for Parsing Vins and Vouts. Returns ERR_BAD_ARG if insufficient bytes.\n /// Caller SHOULD explicitly handle this case (or bubble it up)\n /// @param _b A byte-string starting with a VarInt\n /// @return number of bytes in the encoding (not counting the tag), the encoded int\n function parseVarInt(bytes memory _b) internal pure returns (uint256, uint256) {\n uint8 _dataLen = determineVarIntDataLength(_b);\n\n if (_dataLen == 0) {\n return (0, uint8(_b[0]));\n }\n if (_b.length < 1 + _dataLen) {\n return (ERR_BAD_ARG, 0);\n }\n uint256 _number = bytesToUint(reverseEndianness(_b.slice(1, _dataLen)));\n return (_dataLen, _number);\n }\n\n /// @notice Changes the endianness of a byte array\n /// @dev Returns a new, backwards, bytes\n /// @param _b The bytes to reverse\n /// @return The reversed bytes\n function reverseEndianness(bytes memory _b) internal pure returns (bytes memory) {\n bytes memory _newValue = new bytes(_b.length);\n\n for (uint i = 0; i < _b.length; i++) {\n _newValue[_b.length - i - 1] = _b[i];\n }\n\n return _newValue;\n }\n\n /// @notice Changes the endianness of a uint256\n /// @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n /// @param _b The unsigned integer to reverse\n /// @return v The reversed value\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v >> 8) & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) << 8);\n // swap 2-byte long pairs\n v = ((v >> 16) & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) << 16);\n // swap 4-byte long pairs\n v = ((v >> 32) & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) << 32);\n // swap 8-byte long pairs\n v = ((v >> 64) & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) << 64);\n // swap 16-byte long pairs\n v = (v >> 128) | (v << 128);\n }\n\n /// @notice Converts big-endian bytes to a uint\n /// @dev Traverses the byte array and sums the bytes\n /// @param _b The big-endian bytes-encoded integer\n /// @return The integer representation\n function bytesToUint(bytes memory _b) internal pure returns (uint256) {\n uint256 _number;\n\n for (uint i = 0; i < _b.length; i++) {\n _number = _number + uint8(_b[i]) * (2 ** (8 * (_b.length - (i + 1))));\n }\n\n return _number;\n }\n\n /// @notice Get the last _num bytes from a byte array\n /// @param _b The byte array to slice\n /// @param _num The number of bytes to extract from the end\n /// @return The last _num bytes of _b\n function lastBytes(bytes memory _b, uint256 _num) internal pure returns (bytes memory) {\n uint256 _start = _b.length.sub(_num);\n\n return _b.slice(_start, _num);\n }\n\n /// @notice Implements bitcoin's hash160 (rmd160(sha2()))\n /// @dev abi.encodePacked changes the return to bytes instead of bytes32\n /// @param _b The pre-image\n /// @return The digest\n function hash160(bytes memory _b) internal pure returns (bytes memory) {\n return abi.encodePacked(ripemd160(abi.encodePacked(sha256(_b))));\n }\n\n /// @notice Implements bitcoin's hash256 (double sha2)\n /// @dev abi.encodePacked changes the return to bytes instead of bytes32\n /// @param _b The pre-image\n /// @return The digest\n function hash256(bytes memory _b) internal pure returns (bytes32) {\n return sha256(abi.encodePacked(sha256(_b)));\n }\n\n /// @notice Implements bitcoin's hash256 (double sha2)\n /// @dev sha2 is precompiled smart contract located at address(2)\n /// @param _b The pre-image\n /// @return res The digest\n function hash256View(bytes memory _b) internal view returns (bytes32 res) {\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, add(_b, 32), mload(_b), ptr, 32))\n pop(staticcall(gas(), 2, ptr, 32, ptr, 32))\n res := mload(ptr)\n }\n }\n\n /* ************ */\n /* Legacy Input */\n /* ************ */\n\n /// @notice Extracts the nth input from the vin (0-indexed)\n /// @dev Iterates over the vin. If you need to extract several, write a custom function\n /// @param _vin The vin as a tightly-packed byte array\n /// @param _index The 0-indexed location of the input to extract\n /// @return The input as a byte array\n function extractInputAtIndex(bytes memory _vin, uint256 _index) internal pure returns (bytes memory) {\n uint256 _varIntDataLen;\n uint256 _nIns;\n\n (_varIntDataLen, _nIns) = parseVarInt(_vin);\n require(_varIntDataLen != ERR_BAD_ARG, \"Read overrun during VarInt parsing\");\n require(_index < _nIns, \"Vin read overrun\");\n\n bytes memory _remaining;\n\n uint256 _len = 0;\n uint256 _offset = 1 + _varIntDataLen;\n\n for (uint256 _i = 0; _i < _index; _i ++) {\n _remaining = _vin.slice(_offset, _vin.length - _offset);\n _len = determineInputLength(_remaining);\n require(_len != ERR_BAD_ARG, \"Bad VarInt in scriptSig\");\n _offset = _offset + _len;\n }\n\n _remaining = _vin.slice(_offset, _vin.length - _offset);\n _len = determineInputLength(_remaining);\n require(_len != ERR_BAD_ARG, \"Bad VarInt in scriptSig\");\n return _vin.slice(_offset, _len);\n }\n\n /// @notice Determines whether an input is legacy\n /// @dev False if no scriptSig, otherwise True\n /// @param _input The input\n /// @return True for legacy, False for witness\n function isLegacyInput(bytes memory _input) internal pure returns (bool) {\n return _input.keccak256Slice(36, 1) != keccak256(hex\"00\");\n }\n\n /// @notice Determines the length of a scriptSig in an input\n /// @dev Will return 0 if passed a witness input.\n /// @param _input The LEGACY input\n /// @return The length of the script sig\n function extractScriptSigLen(bytes memory _input) internal pure returns (uint256, uint256) {\n if (_input.length < 37) {\n return (ERR_BAD_ARG, 0);\n }\n bytes memory _afterOutpoint = _input.slice(36, _input.length - 36);\n\n uint256 _varIntDataLen;\n uint256 _scriptSigLen;\n (_varIntDataLen, _scriptSigLen) = parseVarInt(_afterOutpoint);\n\n return (_varIntDataLen, _scriptSigLen);\n }\n\n /// @notice Determines the length of an input from its scriptSig\n /// @dev 36 for outpoint, 1 for scriptSig length, 4 for sequence\n /// @param _input The input\n /// @return The length of the input in bytes\n function determineInputLength(bytes memory _input) internal pure returns (uint256) {\n uint256 _varIntDataLen;\n uint256 _scriptSigLen;\n (_varIntDataLen, _scriptSigLen) = extractScriptSigLen(_input);\n if (_varIntDataLen == ERR_BAD_ARG) {\n return ERR_BAD_ARG;\n }\n\n return 36 + 1 + _varIntDataLen + _scriptSigLen + 4;\n }\n\n /// @notice Extracts the LE sequence bytes from an input\n /// @dev Sequence is used for relative time locks\n /// @param _input The LEGACY input\n /// @return The sequence bytes (LE uint)\n function extractSequenceLELegacy(bytes memory _input) internal pure returns (bytes memory) {\n uint256 _varIntDataLen;\n uint256 _scriptSigLen;\n (_varIntDataLen, _scriptSigLen) = extractScriptSigLen(_input);\n require(_varIntDataLen != ERR_BAD_ARG, \"Bad VarInt in scriptSig\");\n return _input.slice(36 + 1 + _varIntDataLen + _scriptSigLen, 4);\n }\n\n /// @notice Extracts the sequence from the input\n /// @dev Sequence is a 4-byte little-endian number\n /// @param _input The LEGACY input\n /// @return The sequence number (big-endian uint)\n function extractSequenceLegacy(bytes memory _input) internal pure returns (uint32) {\n bytes memory _leSeqence = extractSequenceLELegacy(_input);\n bytes memory _beSequence = reverseEndianness(_leSeqence);\n return uint32(bytesToUint(_beSequence));\n }\n /// @notice Extracts the VarInt-prepended scriptSig from the input in a tx\n /// @dev Will return hex\"00\" if passed a witness input\n /// @param _input The LEGACY input\n /// @return The length-prepended scriptSig\n function extractScriptSig(bytes memory _input) internal pure returns (bytes memory) {\n uint256 _varIntDataLen;\n uint256 _scriptSigLen;\n (_varIntDataLen, _scriptSigLen) = extractScriptSigLen(_input);\n require(_varIntDataLen != ERR_BAD_ARG, \"Bad VarInt in scriptSig\");\n return _input.slice(36, 1 + _varIntDataLen + _scriptSigLen);\n }\n\n\n /* ************* */\n /* Witness Input */\n /* ************* */\n\n /// @notice Extracts the LE sequence bytes from an input\n /// @dev Sequence is used for relative time locks\n /// @param _input The WITNESS input\n /// @return The sequence bytes (LE uint)\n function extractSequenceLEWitness(bytes memory _input) internal pure returns (bytes memory) {\n return _input.slice(37, 4);\n }\n\n /// @notice Extracts the sequence from the input in a tx\n /// @dev Sequence is a 4-byte little-endian number\n /// @param _input The WITNESS input\n /// @return The sequence number (big-endian uint)\n function extractSequenceWitness(bytes memory _input) internal pure returns (uint32) {\n bytes memory _leSeqence = extractSequenceLEWitness(_input);\n bytes memory _inputeSequence = reverseEndianness(_leSeqence);\n return uint32(bytesToUint(_inputeSequence));\n }\n\n /// @notice Extracts the outpoint from the input in a tx\n /// @dev 32-byte tx id with 4-byte index\n /// @param _input The input\n /// @return The outpoint (LE bytes of prev tx hash + LE bytes of prev tx index)\n function extractOutpoint(bytes memory _input) internal pure returns (bytes memory) {\n return _input.slice(0, 36);\n }\n\n /// @notice Extracts the outpoint tx id from an input\n /// @dev 32-byte tx id\n /// @param _input The input\n /// @return The tx id (little-endian bytes)\n function extractInputTxIdLE(bytes memory _input) internal pure returns (bytes32) {\n return _input.slice(0, 32).toBytes32();\n }\n\n /// @notice Extracts the LE tx input index from the input in a tx\n /// @dev 4-byte tx index\n /// @param _input The input\n /// @return The tx index (little-endian bytes)\n function extractTxIndexLE(bytes memory _input) internal pure returns (bytes memory) {\n return _input.slice(32, 4);\n }\n\n /* ****** */\n /* Output */\n /* ****** */\n\n /// @notice Determines the length of an output\n /// @dev Works with any properly formatted output\n /// @param _output The output\n /// @return The length indicated by the prefix, error if invalid length\n function determineOutputLength(bytes memory _output) internal pure returns (uint256) {\n if (_output.length < 9) {\n return ERR_BAD_ARG;\n }\n bytes memory _afterValue = _output.slice(8, _output.length - 8);\n\n uint256 _varIntDataLen;\n uint256 _scriptPubkeyLength;\n (_varIntDataLen, _scriptPubkeyLength) = parseVarInt(_afterValue);\n\n if (_varIntDataLen == ERR_BAD_ARG) {\n return ERR_BAD_ARG;\n }\n\n // 8-byte value, 1-byte for tag itself\n return 8 + 1 + _varIntDataLen + _scriptPubkeyLength;\n }\n\n /// @notice Extracts the output at a given index in the TxOuts vector\n /// @dev Iterates over the vout. If you need to extract multiple, write a custom function\n /// @param _vout The _vout to extract from\n /// @param _index The 0-indexed location of the output to extract\n /// @return The specified output\n function extractOutputAtIndex(bytes memory _vout, uint256 _index) internal pure returns (bytes memory) {\n uint256 _varIntDataLen;\n uint256 _nOuts;\n\n (_varIntDataLen, _nOuts) = parseVarInt(_vout);\n require(_varIntDataLen != ERR_BAD_ARG, \"Read overrun during VarInt parsing\");\n require(_index < _nOuts, \"Vout read overrun\");\n\n bytes memory _remaining;\n\n uint256 _len = 0;\n uint256 _offset = 1 + _varIntDataLen;\n\n for (uint256 _i = 0; _i < _index; _i ++) {\n _remaining = _vout.slice(_offset, _vout.length - _offset);\n _len = determineOutputLength(_remaining);\n require(_len != ERR_BAD_ARG, \"Bad VarInt in scriptPubkey\");\n _offset += _len;\n }\n\n _remaining = _vout.slice(_offset, _vout.length - _offset);\n _len = determineOutputLength(_remaining);\n require(_len != ERR_BAD_ARG, \"Bad VarInt in scriptPubkey\");\n return _vout.slice(_offset, _len);\n }\n\n /// @notice Extracts the value bytes from the output in a tx\n /// @dev Value is an 8-byte little-endian number\n /// @param _output The output\n /// @return The output value as LE bytes\n function extractValueLE(bytes memory _output) internal pure returns (bytes memory) {\n return _output.slice(0, 8);\n }\n\n /// @notice Extracts the value from the output in a tx\n /// @dev Value is an 8-byte little-endian number\n /// @param _output The output\n /// @return The output value\n function extractValue(bytes memory _output) internal pure returns (uint64) {\n bytes memory _leValue = extractValueLE(_output);\n bytes memory _beValue = reverseEndianness(_leValue);\n return uint64(bytesToUint(_beValue));\n }\n\n /// @notice Extracts the data from an op return output\n /// @dev Returns hex\"\" if no data or not an op return\n /// @param _output The output\n /// @return Any data contained in the opreturn output, null if not an op return\n function extractOpReturnData(bytes memory _output) internal pure returns (bytes memory) {\n if (_output.keccak256Slice(9, 1) != keccak256(hex\"6a\")) {\n return hex\"\";\n }\n bytes memory _dataLen = _output.slice(10, 1);\n return _output.slice(11, bytesToUint(_dataLen));\n }\n\n /// @notice Extracts the hash from the output script\n /// @dev Determines type by the length prefix and validates format\n /// @param _output The output\n /// @return The hash committed to by the pk_script, or null for errors\n function extractHash(bytes memory _output) internal pure returns (bytes memory) {\n uint8 _scriptLen = uint8(_output[8]);\n\n // don't have to worry about overflow here.\n // if _scriptLen + 9 overflows, then output.length would have to be < 9\n // for this check to pass. if it's < 9, then we errored when assigning\n // _scriptLen\n if (_scriptLen + 9 != _output.length) {\n return hex\"\";\n }\n\n if (uint8(_output[9]) == 0) {\n if (_scriptLen < 2) {\n return hex\"\";\n }\n uint256 _payloadLen = uint8(_output[10]);\n // Check for maliciously formatted witness outputs.\n // No need to worry about underflow as long b/c of the `< 2` check\n if (_payloadLen != _scriptLen - 2 || (_payloadLen != 0x20 && _payloadLen != 0x14)) {\n return hex\"\";\n }\n return _output.slice(11, _payloadLen);\n } else {\n bytes32 _tag = _output.keccak256Slice(8, 3);\n // p2pkh\n if (_tag == keccak256(hex\"1976a9\")) {\n // Check for maliciously formatted p2pkh\n // No need to worry about underflow, b/c of _scriptLen check\n if (uint8(_output[11]) != 0x14 ||\n _output.keccak256Slice(_output.length - 2, 2) != keccak256(hex\"88ac\")) {\n return hex\"\";\n }\n return _output.slice(12, 20);\n //p2sh\n } else if (_tag == keccak256(hex\"17a914\")) {\n // Check for maliciously formatted p2sh\n // No need to worry about underflow, b/c of _scriptLen check\n if (uint8(_output[_output.length - 1]) != 0x87) {\n return hex\"\";\n }\n return _output.slice(11, 20);\n }\n }\n return hex\"\"; /* NB: will trigger on OPRETURN and any non-standard that doesn't overrun */\n }\n\n /* ********** */\n /* Witness TX */\n /* ********** */\n\n\n /// @notice Checks that the vin passed up is properly formatted\n /// @dev Consider a vin with a valid vout in its scriptsig\n /// @param _vin Raw bytes length-prefixed input vector\n /// @return True if it represents a validly formatted vin\n function validateVin(bytes memory _vin) internal pure returns (bool) {\n uint256 _varIntDataLen;\n uint256 _nIns;\n\n (_varIntDataLen, _nIns) = parseVarInt(_vin);\n\n // Not valid if it says there are too many or no inputs\n if (_nIns == 0 || _varIntDataLen == ERR_BAD_ARG) {\n return false;\n }\n\n uint256 _offset = 1 + _varIntDataLen;\n\n for (uint256 i = 0; i < _nIns; i++) {\n // If we're at the end, but still expect more\n if (_offset >= _vin.length) {\n return false;\n }\n\n // Grab the next input and determine its length.\n bytes memory _next = _vin.slice(_offset, _vin.length - _offset);\n uint256 _nextLen = determineInputLength(_next);\n if (_nextLen == ERR_BAD_ARG) {\n return false;\n }\n\n // Increase the offset by that much\n _offset += _nextLen;\n }\n\n // Returns false if we're not exactly at the end\n return _offset == _vin.length;\n }\n\n /// @notice Checks that the vout passed up is properly formatted\n /// @dev Consider a vout with a valid scriptpubkey\n /// @param _vout Raw bytes length-prefixed output vector\n /// @return True if it represents a validly formatted vout\n function validateVout(bytes memory _vout) internal pure returns (bool) {\n uint256 _varIntDataLen;\n uint256 _nOuts;\n\n (_varIntDataLen, _nOuts) = parseVarInt(_vout);\n\n // Not valid if it says there are too many or no outputs\n if (_nOuts == 0 || _varIntDataLen == ERR_BAD_ARG) {\n return false;\n }\n\n uint256 _offset = 1 + _varIntDataLen;\n\n for (uint256 i = 0; i < _nOuts; i++) {\n // If we're at the end, but still expect more\n if (_offset >= _vout.length) {\n return false;\n }\n\n // Grab the next output and determine its length.\n // Increase the offset by that much\n bytes memory _next = _vout.slice(_offset, _vout.length - _offset);\n uint256 _nextLen = determineOutputLength(_next);\n if (_nextLen == ERR_BAD_ARG) {\n return false;\n }\n\n _offset += _nextLen;\n }\n\n // Returns false if we're not exactly at the end\n return _offset == _vout.length;\n }\n\n\n\n /* ************ */\n /* Block Header */\n /* ************ */\n\n /// @notice Extracts the transaction merkle root from a block header\n /// @dev Use verifyHash256Merkle to verify proofs with this root\n /// @param _header The header\n /// @return The merkle root (little-endian)\n function extractMerkleRootLE(bytes memory _header) internal pure returns (bytes memory) {\n return _header.slice(36, 32);\n }\n\n /// @notice Extracts the target from a block header\n /// @dev Target is a 256-bit number encoded as a 3-byte mantissa and 1-byte exponent\n /// @param _header The header\n /// @return The target threshold\n function extractTarget(bytes memory _header) internal pure returns (uint256) {\n bytes memory _m = _header.slice(72, 3);\n uint8 _e = uint8(_header[75]);\n uint256 _mantissa = bytesToUint(reverseEndianness(_m));\n uint _exponent = _e - 3;\n\n return _mantissa * (256 ** _exponent);\n }\n\n /// @notice Calculate difficulty from the difficulty 1 target and current target\n /// @dev Difficulty 1 is 0x1d00ffff on mainnet and testnet\n /// @dev Difficulty 1 is a 256-bit number encoded as a 3-byte mantissa and 1-byte exponent\n /// @param _target The current target\n /// @return The block difficulty (bdiff)\n function calculateDifficulty(uint256 _target) internal pure returns (uint256) {\n // Difficulty 1 calculated from 0x1d00ffff\n return DIFF1_TARGET.div(_target);\n }\n\n /// @notice Extracts the previous block's hash from a block header\n /// @dev Block headers do NOT include block number :(\n /// @param _header The header\n /// @return The previous block's hash (little-endian)\n function extractPrevBlockLE(bytes memory _header) internal pure returns (bytes memory) {\n return _header.slice(4, 32);\n }\n\n /// @notice Extracts the timestamp from a block header\n /// @dev Time is not 100% reliable\n /// @param _header The header\n /// @return The timestamp (little-endian bytes)\n function extractTimestampLE(bytes memory _header) internal pure returns (bytes memory) {\n return _header.slice(68, 4);\n }\n\n /// @notice Extracts the timestamp from a block header\n /// @dev Time is not 100% reliable\n /// @param _header The header\n /// @return The timestamp (uint)\n function extractTimestamp(bytes memory _header) internal pure returns (uint32) {\n return uint32(bytesToUint(reverseEndianness(extractTimestampLE(_header))));\n }\n\n /// @notice Extracts the expected difficulty from a block header\n /// @dev Does NOT verify the work\n /// @param _header The header\n /// @return The difficulty as an integer\n function extractDifficulty(bytes memory _header) internal pure returns (uint256) {\n return calculateDifficulty(extractTarget(_header));\n }\n\n /// @notice Concatenates and hashes two inputs for merkle proving\n /// @param _a The first hash\n /// @param _b The second hash\n /// @return The double-sha256 of the concatenated hashes\n function _hash256MerkleStep(bytes memory _a, bytes memory _b) internal pure returns (bytes32) {\n return hash256(abi.encodePacked(_a, _b));\n }\n\n /// @notice Verifies a Bitcoin-style merkle tree\n /// @dev Leaves are 0-indexed.\n /// @param _proof The proof. Tightly packed LE sha256 hashes. The last hash is the root\n /// @param _index The index of the leaf\n /// @return true if the proof is valid, else false\n function verifyHash256Merkle(bytes memory _proof, uint _index) internal pure returns (bool) {\n // Not an even number of hashes\n if (_proof.length % 32 != 0) {\n return false;\n }\n\n // Special case for coinbase-only blocks\n if (_proof.length == 32) {\n return true;\n }\n\n // Should never occur\n if (_proof.length == 64) {\n return false;\n }\n\n uint _idx = _index;\n bytes32 _root = _proof.slice(_proof.length - 32, 32).toBytes32();\n bytes32 _current = _proof.slice(0, 32).toBytes32();\n\n for (uint i = 1; i < (_proof.length.div(32)) - 1; i++) {\n if (_idx % 2 == 1) {\n _current = _hash256MerkleStep(_proof.slice(i * 32, 32), abi.encodePacked(_current));\n } else {\n _current = _hash256MerkleStep(abi.encodePacked(_current), _proof.slice(i * 32, 32));\n }\n _idx = _idx >> 1;\n }\n return _current == _root;\n }\n\n /*\n NB: https://github.com/bitcoin/bitcoin/blob/78dae8caccd82cfbfd76557f1fb7d7557c7b5edb/src/pow.cpp#L49-L72\n NB: We get a full-bitlength target from this. For comparison with\n header-encoded targets we need to mask it with the header target\n e.g. (full & truncated) == truncated\n */\n /// @notice performs the bitcoin difficulty retarget\n /// @dev implements the Bitcoin algorithm precisely\n /// @param _previousTarget the target of the previous period\n /// @param _firstTimestamp the timestamp of the first block in the difficulty period\n /// @param _secondTimestamp the timestamp of the last block in the difficulty period\n /// @return the new period's target threshold\n function retargetAlgorithm(\n uint256 _previousTarget,\n uint256 _firstTimestamp,\n uint256 _secondTimestamp\n ) internal pure returns (uint256) {\n uint256 _elapsedTime = _secondTimestamp.sub(_firstTimestamp);\n\n // Normalize ratio to factor of 4 if very long or very short\n if (_elapsedTime < RETARGET_PERIOD.div(4)) {\n _elapsedTime = RETARGET_PERIOD.div(4);\n }\n if (_elapsedTime > RETARGET_PERIOD.mul(4)) {\n _elapsedTime = RETARGET_PERIOD.mul(4);\n }\n\n /*\n NB: high targets e.g. ffff0020 can cause overflows here\n so we divide it by 256**2, then multiply by 256**2 later\n we know the target is evenly divisible by 256**2, so this isn't an issue\n */\n\n uint256 _adjusted = _previousTarget.div(65536).mul(_elapsedTime);\n return _adjusted.div(RETARGET_PERIOD).mul(65536);\n }\n}\n"
90
- },
91
- "@keep-network/bitcoin-spv-sol/contracts/BytesLib.sol": {
92
- "content": "pragma solidity ^0.8.4;\n\n/*\n\nhttps://github.com/GNSPS/solidity-bytes-utils/\n\nThis is free and unencumbered software released into the public domain.\n\nAnyone is free to copy, modify, publish, use, compile, sell, or\ndistribute this software, either in source code form or as a compiled\nbinary, for any purpose, commercial or non-commercial, and by any\nmeans.\n\nIn jurisdictions that recognize copyright laws, the author or authors\nof this software dedicate any and all copyright interest in the\nsoftware to the public domain. We make this dedication for the benefit\nof the public at large and to the detriment of our heirs and\nsuccessors. We intend this dedication to be an overt act of\nrelinquishment in perpetuity of all present and future rights to this\nsoftware under copyright law.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR\nOTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,\nARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR\nOTHER DEALINGS IN THE SOFTWARE.\n\nFor more information, please refer to <https://unlicense.org>\n*/\n\n\n/** @title BytesLib **/\n/** @author https://github.com/GNSPS **/\n\nlibrary BytesLib {\n function concat(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bytes memory) {\n bytes memory tempBytes;\n\n assembly {\n // Get a location of some free memory and store it in tempBytes as\n // Solidity does for memory variables.\n tempBytes := mload(0x40)\n\n // Store the length of the first bytes array at the beginning of\n // the memory for tempBytes.\n let length := mload(_preBytes)\n mstore(tempBytes, length)\n\n // Maintain a memory counter for the current write location in the\n // temp bytes array by adding the 32 bytes for the array length to\n // the starting location.\n let mc := add(tempBytes, 0x20)\n // Stop copying when the memory counter reaches the length of the\n // first bytes array.\n let end := add(mc, length)\n\n for {\n // Initialize a copy counter to the start of the _preBytes data,\n // 32 bytes into its memory.\n let cc := add(_preBytes, 0x20)\n } lt(mc, end) {\n // Increase both counters by 32 bytes each iteration.\n mc := add(mc, 0x20)\n cc := add(cc, 0x20)\n } {\n // Write the _preBytes data into the tempBytes memory 32 bytes\n // at a time.\n mstore(mc, mload(cc))\n }\n\n // Add the length of _postBytes to the current length of tempBytes\n // and store it as the new length in the first 32 bytes of the\n // tempBytes memory.\n length := mload(_postBytes)\n mstore(tempBytes, add(length, mload(tempBytes)))\n\n // Move the memory counter back from a multiple of 0x20 to the\n // actual end of the _preBytes data.\n mc := end\n // Stop copying when the memory counter reaches the new combined\n // length of the arrays.\n end := add(mc, length)\n\n for {\n let cc := add(_postBytes, 0x20)\n } lt(mc, end) {\n mc := add(mc, 0x20)\n cc := add(cc, 0x20)\n } {\n mstore(mc, mload(cc))\n }\n\n // Update the free-memory pointer by padding our last write location\n // to 32 bytes: add 31 bytes to the end of tempBytes to move to the\n // next 32 byte block, then round down to the nearest multiple of\n // 32. If the sum of the length of the two arrays is zero then add\n // one before rounding down to leave a blank 32 bytes (the length block with 0).\n mstore(0x40, and(\n add(add(end, iszero(add(length, mload(_preBytes)))), 31),\n not(31) // Round down to the nearest 32 bytes.\n ))\n }\n\n return tempBytes;\n }\n\n function concatStorage(bytes storage _preBytes, bytes memory _postBytes) internal {\n assembly {\n // Read the first 32 bytes of _preBytes storage, which is the length\n // of the array. (We don't need to use the offset into the slot\n // because arrays use the entire slot.)\n let fslot := sload(_preBytes.slot)\n // Arrays of 31 bytes or less have an even value in their slot,\n // while longer arrays have an odd value. The actual length is\n // the slot divided by two for odd values, and the lowest order\n // byte divided by two for even values.\n // If the slot is even, bitwise and the slot with 255 and divide by\n // two to get the length. If the slot is odd, bitwise and the slot\n // with -1 and divide by two.\n let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)\n let mlength := mload(_postBytes)\n let newlength := add(slength, mlength)\n // slength can contain both the length and contents of the array\n // if length < 32 bytes so let's prepare for that\n // v. http://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage\n switch add(lt(slength, 32), lt(newlength, 32))\n case 2 {\n // Since the new array still fits in the slot, we just need to\n // update the contents of the slot.\n // uint256(bytes_storage) = uint256(bytes_storage) + uint256(bytes_memory) + new_length\n sstore(\n _preBytes.slot,\n // all the modifications to the slot are inside this\n // next block\n add(\n // we can just add to the slot contents because the\n // bytes we want to change are the LSBs\n fslot,\n add(\n mul(\n div(\n // load the bytes from memory\n mload(add(_postBytes, 0x20)),\n // zero all bytes to the right\n exp(0x100, sub(32, mlength))\n ),\n // and now shift left the number of bytes to\n // leave space for the length in the slot\n exp(0x100, sub(32, newlength))\n ),\n // increase length by the double of the memory\n // bytes length\n mul(mlength, 2)\n )\n )\n )\n }\n case 1 {\n // The stored value fits in the slot, but the combined value\n // will exceed it.\n // get the keccak hash to get the contents of the array\n mstore(0x0, _preBytes.slot)\n let sc := add(keccak256(0x0, 0x20), div(slength, 32))\n\n // save new length\n sstore(_preBytes.slot, add(mul(newlength, 2), 1))\n\n // The contents of the _postBytes array start 32 bytes into\n // the structure. Our first read should obtain the `submod`\n // bytes that can fit into the unused space in the last word\n // of the stored array. To get this, we read 32 bytes starting\n // from `submod`, so the data we read overlaps with the array\n // contents by `submod` bytes. Masking the lowest-order\n // `submod` bytes allows us to add that value directly to the\n // stored value.\n\n let submod := sub(32, slength)\n let mc := add(_postBytes, submod)\n let end := add(_postBytes, mlength)\n let mask := sub(exp(0x100, submod), 1)\n\n sstore(\n sc,\n add(\n and(\n fslot,\n 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00\n ),\n and(mload(mc), mask)\n )\n )\n\n for {\n mc := add(mc, 0x20)\n sc := add(sc, 1)\n } lt(mc, end) {\n sc := add(sc, 1)\n mc := add(mc, 0x20)\n } {\n sstore(sc, mload(mc))\n }\n\n mask := exp(0x100, sub(mc, end))\n\n sstore(sc, mul(div(mload(mc), mask), mask))\n }\n default {\n // get the keccak hash to get the contents of the array\n mstore(0x0, _preBytes.slot)\n // Start copying to the last used word of the stored array.\n let sc := add(keccak256(0x0, 0x20), div(slength, 32))\n\n // save new length\n sstore(_preBytes.slot, add(mul(newlength, 2), 1))\n\n // Copy over the first `submod` bytes of the new data as in\n // case 1 above.\n let slengthmod := mod(slength, 32)\n let mlengthmod := mod(mlength, 32)\n let submod := sub(32, slengthmod)\n let mc := add(_postBytes, submod)\n let end := add(_postBytes, mlength)\n let mask := sub(exp(0x100, submod), 1)\n\n sstore(sc, add(sload(sc), and(mload(mc), mask)))\n\n for {\n sc := add(sc, 1)\n mc := add(mc, 0x20)\n } lt(mc, end) {\n sc := add(sc, 1)\n mc := add(mc, 0x20)\n } {\n sstore(sc, mload(mc))\n }\n\n mask := exp(0x100, sub(mc, end))\n\n sstore(sc, mul(div(mload(mc), mask), mask))\n }\n }\n }\n\n function slice(bytes memory _bytes, uint _start, uint _length) internal pure returns (bytes memory res) {\n if (_length == 0) {\n return hex\"\";\n }\n uint _end = _start + _length;\n require(_end > _start && _bytes.length >= _end, \"Slice out of bounds\");\n\n assembly {\n // Alloc bytes array with additional 32 bytes afterspace and assign it's size\n res := mload(0x40)\n mstore(0x40, add(add(res, 64), _length))\n mstore(res, _length)\n\n // Compute distance between source and destination pointers\n let diff := sub(res, add(_bytes, _start))\n\n for {\n let src := add(add(_bytes, 32), _start)\n let end := add(src, _length)\n } lt(src, end) {\n src := add(src, 32)\n } {\n mstore(add(src, diff), mload(src))\n }\n }\n }\n\n function toAddress(bytes memory _bytes, uint _start) internal pure returns (address) {\n uint _totalLen = _start + 20;\n require(_totalLen > _start && _bytes.length >= _totalLen, \"Address conversion out of bounds.\");\n address tempAddress;\n\n assembly {\n tempAddress := div(mload(add(add(_bytes, 0x20), _start)), 0x1000000000000000000000000)\n }\n\n return tempAddress;\n }\n\n function toUint(bytes memory _bytes, uint _start) internal pure returns (uint256) {\n uint _totalLen = _start + 32;\n require(_totalLen > _start && _bytes.length >= _totalLen, \"Uint conversion out of bounds.\");\n uint256 tempUint;\n\n assembly {\n tempUint := mload(add(add(_bytes, 0x20), _start))\n }\n\n return tempUint;\n }\n\n function equal(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bool) {\n bool success = true;\n\n assembly {\n let length := mload(_preBytes)\n\n // if lengths don't match the arrays are not equal\n switch eq(length, mload(_postBytes))\n case 1 {\n // cb is a circuit breaker in the for loop since there's\n // no said feature for inline assembly loops\n // cb = 1 - don't breaker\n // cb = 0 - break\n let cb := 1\n\n let mc := add(_preBytes, 0x20)\n let end := add(mc, length)\n\n for {\n let cc := add(_postBytes, 0x20)\n // the next line is the loop condition:\n // while(uint(mc < end) + cb == 2)\n } eq(add(lt(mc, end), cb), 2) {\n mc := add(mc, 0x20)\n cc := add(cc, 0x20)\n } {\n // if any of these checks fails then arrays are not equal\n if iszero(eq(mload(mc), mload(cc))) {\n // unsuccess:\n success := 0\n cb := 0\n }\n }\n }\n default {\n // unsuccess:\n success := 0\n }\n }\n\n return success;\n }\n\n function equalStorage(bytes storage _preBytes, bytes memory _postBytes) internal view returns (bool) {\n bool success = true;\n\n assembly {\n // we know _preBytes_offset is 0\n let fslot := sload(_preBytes.slot)\n // Decode the length of the stored array like in concatStorage().\n let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)\n let mlength := mload(_postBytes)\n\n // if lengths don't match the arrays are not equal\n switch eq(slength, mlength)\n case 1 {\n // slength can contain both the length and contents of the array\n // if length < 32 bytes so let's prepare for that\n // v. http://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage\n if iszero(iszero(slength)) {\n switch lt(slength, 32)\n case 1 {\n // blank the last byte which is the length\n fslot := mul(div(fslot, 0x100), 0x100)\n\n if iszero(eq(fslot, mload(add(_postBytes, 0x20)))) {\n // unsuccess:\n success := 0\n }\n }\n default {\n // cb is a circuit breaker in the for loop since there's\n // no said feature for inline assembly loops\n // cb = 1 - don't breaker\n // cb = 0 - break\n let cb := 1\n\n // get the keccak hash to get the contents of the array\n mstore(0x0, _preBytes.slot)\n let sc := keccak256(0x0, 0x20)\n\n let mc := add(_postBytes, 0x20)\n let end := add(mc, mlength)\n\n // the next line is the loop condition:\n // while(uint(mc < end) + cb == 2)\n for {} eq(add(lt(mc, end), cb), 2) {\n sc := add(sc, 1)\n mc := add(mc, 0x20)\n } {\n if iszero(eq(sload(sc), mload(mc))) {\n // unsuccess:\n success := 0\n cb := 0\n }\n }\n }\n }\n }\n default {\n // unsuccess:\n success := 0\n }\n }\n\n return success;\n }\n\n function toBytes32(bytes memory _source) pure internal returns (bytes32 result) {\n if (_source.length == 0) {\n return 0x0;\n }\n\n assembly {\n result := mload(add(_source, 32))\n }\n }\n\n function keccak256Slice(bytes memory _bytes, uint _start, uint _length) pure internal returns (bytes32 result) {\n uint _end = _start + _length;\n require(_end > _start && _bytes.length >= _end, \"Slice out of bounds\");\n\n assembly {\n result := keccak256(add(add(_bytes, 32), _start), _length)\n }\n }\n}\n"
93
- },
94
- "@keep-network/bitcoin-spv-sol/contracts/SafeMath.sol": {
95
- "content": "pragma solidity ^0.8.4;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\n\n/**\n * @title SafeMath\n * @dev Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 _a, uint256 _b) internal pure returns (uint256 c) {\n // Gas optimization: this is cheaper than asserting 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (_a == 0) {\n return 0;\n }\n\n c = _a * _b;\n require(c / _a == _b, \"Overflow during multiplication.\");\n return c;\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 _a, uint256 _b) internal pure returns (uint256) {\n // assert(_b > 0); // Solidity automatically throws when dividing by 0\n // uint256 c = _a / _b;\n // assert(_a == _b * c + _a % _b); // There is no case in which this doesn't hold\n return _a / _b;\n }\n\n /**\n * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 _a, uint256 _b) internal pure returns (uint256) {\n require(_b <= _a, \"Underflow during subtraction.\");\n return _a - _b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint256 _a, uint256 _b) internal pure returns (uint256 c) {\n c = _a + _b;\n require(c >= _a, \"Overflow during addition.\");\n return c;\n }\n}\n"
96
- }
97
- },
98
- "settings": {
99
- "optimizer": {
100
- "enabled": false,
101
- "runs": 200
102
- },
103
- "outputSelection": {
104
- "*": {
105
- "*": [
106
- "abi",
107
- "evm.bytecode",
108
- "evm.deployedBytecode",
109
- "evm.methodIdentifiers",
110
- "metadata",
111
- "devdoc",
112
- "userdoc",
113
- "storageLayout",
114
- "evm.gasEstimates"
115
- ],
116
- "": [
117
- "ast"
118
- ]
119
- }
120
- },
121
- "metadata": {
122
- "useLiteralContent": true
123
- }
124
- }
125
- }