Contract Source Code:
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { PausableUpgradeable } from "../lib/evm-m-extensions/lib/common/lib/openzeppelin-contracts-upgradeable/contracts/utils/PausableUpgradeable.sol";
import { MYieldToOne } from "../lib/evm-m-extensions/src/projects/yieldToOne/MYieldToOne.sol";
import { IMUSD } from "./IMUSD.sol";
/**
* @title MUSD
* @notice M extension for the MUSD token.
* @author M0 Labs
*/
contract MUSD is IMUSD, MYieldToOne, PausableUpgradeable {
/* ============ Variables ============ */
/// @inheritdoc IMUSD
bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
/// @inheritdoc IMUSD
bytes32 public constant FORCED_TRANSFER_MANAGER_ROLE = keccak256("FORCED_TRANSFER_MANAGER_ROLE");
/* ============ Constructor ============ */
/**
* @custom:oz-upgrades-unsafe-allow constructor
* @notice Constructs MUSD Implementation contract
* @dev `_disableInitializers()` is called in the inherited MExtension's constructor.
* @param mToken The address of the MToken
* @param swapFacility The address of the SwapFacility
*/
constructor(address mToken, address swapFacility) MYieldToOne(mToken, swapFacility) {}
/* ============ Initializer ============ */
/**
* @dev Initializes the MUSD token.
* @param yieldRecipient The address of a yield destination.
* @param admin The address of an admin.
* @param freezeManager The address of a freeze manager.
* @param yieldRecipientManager The address of a yield recipient setter.
* @param pauser The address of a pauser.
*/
function initialize(
address yieldRecipient,
address admin,
address freezeManager,
address yieldRecipientManager,
address pauser,
address forcedTransferManager
) external initializer {
if (pauser == address(0)) revert ZeroPauser();
if (forcedTransferManager == address(0)) revert ZeroForcedTransferManager();
__MYieldToOne_init("MetaMask USD", "mUSD", yieldRecipient, admin, freezeManager, yieldRecipientManager);
__Pausable_init();
_grantRole(PAUSER_ROLE, pauser);
_grantRole(FORCED_TRANSFER_MANAGER_ROLE, forcedTransferManager);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IMUSD
function pause() external onlyRole(PAUSER_ROLE) {
_pause();
}
/// @inheritdoc IMUSD
function unpause() external onlyRole(PAUSER_ROLE) {
_unpause();
}
/// @inheritdoc IMUSD
function forceTransfer(
address frozenAccount,
address recipient,
uint256 amount
) external onlyRole(FORCED_TRANSFER_MANAGER_ROLE) {
_forceTransfer(frozenAccount, recipient, amount);
}
/// @inheritdoc IMUSD
function forceTransfers(
address[] calldata frozenAccounts,
address[] calldata recipients,
uint256[] calldata amounts
) external onlyRole(FORCED_TRANSFER_MANAGER_ROLE) {
if (frozenAccounts.length != recipients.length || frozenAccounts.length != amounts.length) {
revert ArrayLengthMismatch();
}
for (uint256 i; i < frozenAccounts.length; ++i) {
_forceTransfer(frozenAccounts[i], recipients[i], amounts[i]);
}
}
/* ============ Hooks For Internal Interactive Functions ============ */
/**
* @dev Hook called before wrapping M into mUSD.
* @param account The account from which M is deposited.
* @param recipient The account receiving the minted mUSD.
* @param amount The amount of tokens to wrap.
*/
function _beforeWrap(address account, address recipient, uint256 amount) internal view override {
_requireNotPaused();
super._beforeWrap(account, recipient, amount);
}
/**
* @dev Hook called before unwrapping mUSD.
* @param account The account from which mUSD is burned.
* @param amount The amount of tokens to unwrap.
*/
function _beforeUnwrap(address account, uint256 amount) internal view override {
_requireNotPaused();
super._beforeUnwrap(account, amount);
}
/**
* @dev Hook called before transferring mUSD.
* @param sender The address from which the tokens are being transferred.
* @param recipient The address to which the tokens are being transferred.
* @param amount The amount of tokens to transfer.
*/
function _beforeTransfer(address sender, address recipient, uint256 amount) internal view override {
_requireNotPaused();
super._beforeTransfer(sender, recipient, amount);
}
/**
* @dev Hook called before claiming yield.
* @dev MUST only be callable by the `YIELD_RECIPIENT_MANAGER_ROLE`.
* @dev Addresses with the `YIELD_RECIPIENT_MANAGER_ROLE`
* are still able to claim yield when the contract is paused.
*/
function _beforeClaimYield() internal view override onlyRole(YIELD_RECIPIENT_MANAGER_ROLE) {}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Internal ERC20 force transfer function to seize funds from a frozen account.
* @param frozenAccount The frozen account from which tokens are seized.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
* @dev Force transfer is only allowed for frozen accounts.
* @dev No `_beforeTransfer` checks apply to forced transfers; ignore checks for paused and frozen states.
* @dev Since this function can only be called by the `FORCED_TRANSFER_MANAGER_ROLE`,
* we do not check if the recipient is frozen.
*/
function _forceTransfer(address frozenAccount, address recipient, uint256 amount) internal {
_revertIfInvalidRecipient(recipient);
_revertIfNotFrozen(frozenAccount);
emit Transfer(frozenAccount, recipient, amount);
emit ForcedTransfer(frozenAccount, recipient, msg.sender, amount);
if (amount == 0) return;
_revertIfInsufficientBalance(frozenAccount, balanceOf(frozenAccount), amount);
_update(frozenAccount, recipient, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Pausable
struct PausableStorage {
bool _paused;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;
function _getPausableStorage() private pure returns (PausableStorage storage $) {
assembly {
$.slot := PausableStorageLocation
}
}
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
function __Pausable_init() internal onlyInitializing {
}
function __Pausable_init_unchained() internal onlyInitializing {
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
PausableStorage storage $ = _getPausableStorage();
return $._paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
emit Unpaused(_msgSender());
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { IERC20 } from "../../../lib/common/src/interfaces/IERC20.sol";
import { IMYieldToOne } from "./IMYieldToOne.sol";
import { Freezable } from "../../components/Freezable.sol";
import { MExtension } from "../../MExtension.sol";
abstract contract MYieldToOneStorageLayout {
/// @custom:storage-location erc7201:M0.storage.MYieldToOne
struct MYieldToOneStorageStruct {
uint256 totalSupply;
address yieldRecipient;
mapping(address account => uint256 balance) balanceOf;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.MYieldToOne")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _M_YIELD_TO_ONE_STORAGE_LOCATION =
0xee2f6fc7e2e5879b17985791e0d12536cba689bda43c77b8911497248f4af100;
function _getMYieldToOneStorageLocation() internal pure returns (MYieldToOneStorageStruct storage $) {
assembly {
$.slot := _M_YIELD_TO_ONE_STORAGE_LOCATION
}
}
}
/**
* @title MYieldToOne
* @notice Upgradeable ERC20 Token contract for wrapping M into a non-rebasing token
* with yield claimable by a single recipient.
* @author M0 Labs
*/
contract MYieldToOne is IMYieldToOne, MYieldToOneStorageLayout, MExtension, Freezable {
/* ============ Variables ============ */
/// @inheritdoc IMYieldToOne
bytes32 public constant YIELD_RECIPIENT_MANAGER_ROLE = keccak256("YIELD_RECIPIENT_MANAGER_ROLE");
/* ============ Constructor ============ */
/**
* @custom:oz-upgrades-unsafe-allow constructor
* @notice Constructs MYieldToOne Implementation contract
* @dev Sets immutable storage.
* @param mToken The address of $M token.
* @param swapFacility The address of Swap Facility.
*/
constructor(address mToken, address swapFacility) MExtension(mToken, swapFacility) {}
/* ============ Initializer ============ */
/**
* @dev Initializes the M extension token with yield claimable by a single recipient.
* @param name The name of the token (e.g. "M Yield to One").
* @param symbol The symbol of the token (e.g. "MYO").
* @param yieldRecipient_ The address of a yield destination.
* @param admin The address of an admin.
* @param freezeManager The address of a freeze manager.
* @param yieldRecipientManager The address of a yield recipient setter.
*/
function initialize(
string memory name,
string memory symbol,
address yieldRecipient_,
address admin,
address freezeManager,
address yieldRecipientManager
) public virtual initializer {
__MYieldToOne_init(name, symbol, yieldRecipient_, admin, freezeManager, yieldRecipientManager);
}
/**
* @notice Initializes the MYieldToOne token.
* @param name The name of the token (e.g. "M Yield to One").
* @param symbol The symbol of the token (e.g. "MYO").
* @param yieldRecipient_ The address of a yield destination.
* @param admin The address of an admin.
* @param freezeManager The address of a freeze manager.
* @param yieldRecipientManager The address of a yield recipient setter.
*/
function __MYieldToOne_init(
string memory name,
string memory symbol,
address yieldRecipient_,
address admin,
address freezeManager,
address yieldRecipientManager
) internal onlyInitializing {
if (yieldRecipientManager == address(0)) revert ZeroYieldRecipientManager();
if (admin == address(0)) revert ZeroAdmin();
__MExtension_init(name, symbol);
__Freezable_init(freezeManager);
_setYieldRecipient(yieldRecipient_);
_grantRole(DEFAULT_ADMIN_ROLE, admin);
_grantRole(YIELD_RECIPIENT_MANAGER_ROLE, yieldRecipientManager);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IMYieldToOne
function claimYield() public returns (uint256) {
_beforeClaimYield();
uint256 yield_ = yield();
if (yield_ == 0) return 0;
emit YieldClaimed(yield_);
_mint(yieldRecipient(), yield_);
return yield_;
}
/// @inheritdoc IMYieldToOne
function setYieldRecipient(address account) external onlyRole(YIELD_RECIPIENT_MANAGER_ROLE) {
// Claim yield for the previous yield recipient.
claimYield();
_setYieldRecipient(account);
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC20
function balanceOf(address account) public view override returns (uint256) {
return _getMYieldToOneStorageLocation().balanceOf[account];
}
/// @inheritdoc IERC20
function totalSupply() public view returns (uint256) {
return _getMYieldToOneStorageLocation().totalSupply;
}
/// @inheritdoc IMYieldToOne
function yield() public view returns (uint256) {
unchecked {
uint256 balance_ = _mBalanceOf(address(this));
uint256 totalSupply_ = totalSupply();
return balance_ > totalSupply_ ? balance_ - totalSupply_ : 0;
}
}
/// @inheritdoc IMYieldToOne
function yieldRecipient() public view returns (address) {
return _getMYieldToOneStorageLocation().yieldRecipient;
}
/* ============ Hooks For Internal Interactive Functions ============ */
/**
* @dev Hooks called before approval of M extension spend.
* @param account The account from which M is deposited.
* @param spender The account spending M Extension token.
*/
function _beforeApprove(address account, address spender, uint256 /* amount */) internal view virtual override {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
_revertIfFrozen($, account);
_revertIfFrozen($, spender);
}
/**
* @dev Hooks called before wrapping M into M Extension token.
* @param account The account from which M is deposited.
* @param recipient The account receiving the minted M Extension token.
*/
function _beforeWrap(address account, address recipient, uint256 /* amount */) internal view virtual override {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
_revertIfFrozen($, account);
_revertIfFrozen($, recipient);
}
/**
* @dev Hook called before unwrapping M Extension token.
* @param account The account from which M Extension token is burned.
*/
function _beforeUnwrap(address account, uint256 /* amount */) internal view virtual override {
_revertIfFrozen(_getFreezableStorageLocation(), account);
}
/**
* @dev Hook called before transferring M Extension token.
* @param sender The address from which the tokens are being transferred.
* @param recipient The address to which the tokens are being transferred.
*/
function _beforeTransfer(address sender, address recipient, uint256 /* amount */) internal view virtual override {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
_revertIfFrozen($, msg.sender);
_revertIfFrozen($, sender);
_revertIfFrozen($, recipient);
}
/**
* @dev Hook called before claiming yield from the M Extension token. To be overridden in derived extensions.
*/
function _beforeClaimYield() internal view virtual {}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Mints `amount` tokens to `recipient`.
* @param recipient The address whose account balance will be incremented.
* @param amount The present amount of tokens to mint.`
*/
function _mint(address recipient, uint256 amount) internal override {
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
// NOTE: Can be `unchecked` because the max amount of $M is never greater than `type(uint240).max`.
unchecked {
$.balanceOf[recipient] += amount;
$.totalSupply += amount;
}
emit Transfer(address(0), recipient, amount);
}
/**
* @dev Burns `amount` tokens from `account`.
* @param account The address whose account balance will be decremented.
* @param amount The present amount of tokens to burn.
*/
function _burn(address account, uint256 amount) internal override {
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
// NOTE: Can be `unchecked` because `_revertIfInsufficientBalance` is used in MExtension.
unchecked {
$.balanceOf[account] -= amount;
$.totalSupply -= amount;
}
emit Transfer(account, address(0), amount);
}
/**
* @dev Internal ERC20 transfer function that needs to be implemented by the inheriting contract.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _update(address sender, address recipient, uint256 amount) internal override {
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
// NOTE: Can be `unchecked` because `_revertIfInsufficientBalance` for `sender` is used in MExtension.
unchecked {
$.balanceOf[sender] -= amount;
$.balanceOf[recipient] += amount;
}
}
/**
* @dev Sets the yield recipient.
* @param yieldRecipient_ The address of the new yield recipient.
*/
function _setYieldRecipient(address yieldRecipient_) internal {
if (yieldRecipient_ == address(0)) revert ZeroYieldRecipient();
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
if (yieldRecipient_ == $.yieldRecipient) return;
$.yieldRecipient = yieldRecipient_;
emit YieldRecipientSet(yieldRecipient_);
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title MUSD Interface
* @author M0 Labs
*
*/
interface IMUSD {
/* ============ Events ============ */
/**
* @notice Emitted when tokens are forcefully transferred from a frozen account.
* @param frozenAccount The address of the frozen account.
* @param recipient The address of the recipient.
* @param forcedTransferManager The address of the force transfer manager that triggered the event.
* @param amount The amount of tokens transferred.
*/
event ForcedTransfer(
address indexed frozenAccount,
address indexed recipient,
address indexed forcedTransferManager,
uint256 amount
);
/* ============ Custom Errors ============ */
/// @notice Emitted in constructor if Pauser is 0x0.
error ZeroPauser();
/// @notice Emitted in constructor if Force Transfer Manager is 0x0.
error ZeroForcedTransferManager();
/// @notice Emitted when the length of the input arrays do not match in `forceTransfer` method.
error ArrayLengthMismatch();
/* ============ Interactive Functions ============ */
/**
* @notice Pauses the contract.
* @dev Can only be called by an account with the PAUSER_ROLE.
* @dev When paused, wrap/unwrap and transfer of tokens are disabled.
* Approval is still enabled to allow users to change their allowances.
* Addresses with the FORCED_TRANSFER_MANAGER_ROLE can still transfer tokens from frozen accounts.
* Addresses with the FREEZE_MANAGER_ROLE can still freeze and unfreeze accounts.
* Addresses with the YIELD_RECIPIENT_MANAGER_ROLE can still claim yield.
*/
function pause() external;
/**
* @notice Unpauses the contract.
* @dev Can only be called by an account with the PAUSER_ROLE.
*/
function unpause() external;
/**
* @notice Forcefully transfers tokens from a frozen account to a recipient.
* @dev Can only be called by an account with the FORCED_TRANSFER_MANAGER_ROLE.
* @param frozenAccount The address of the frozen account.
* @param recipient The address of the recipient.
* @param amount The amount of tokens to transfer.
*/
function forceTransfer(address frozenAccount, address recipient, uint256 amount) external;
/**
* @notice Forcefully transfers tokens from frozen accounts to recipients.
* @dev Can only be called by an account with the FORCED_TRANSFER_MANAGER_ROLE.
* @param frozenAccounts The addresses of the frozen accounts.
* @param recipients The addresses of the recipients.
* @param amounts The amounts of tokens to transfer.
*/
function forceTransfers(
address[] calldata frozenAccounts,
address[] calldata recipients,
uint256[] calldata amounts
) external;
/* ============ View/Pure Functions ============ */
/// @notice The role that can pause and unpause the contract.
function PAUSER_ROLE() external view returns (bytes32);
/// @notice The role that can force transfer tokens from frozen accounts.
function FORCED_TRANSFER_MANAGER_ROLE() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reinitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Pointer to storage slot. Allows integrators to override it with a custom storage location.
*
* NOTE: Consider following the ERC-7201 formula to derive storage locations.
*/
function _initializableStorageSlot() internal pure virtual returns (bytes32) {
return INITIALIZABLE_STORAGE;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
bytes32 slot = _initializableStorageSlot();
assembly {
$.slot := slot
}
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
/**
* @title ERC20 Token Standard.
* @author M^0 Labs
* @dev The interface as defined by EIP-20: https://eips.ethereum.org/EIPS/eip-20
*/
interface IERC20 {
/* ============ Events ============ */
/**
* @notice Emitted when `spender` has been approved for `amount` of the token balance of `account`.
* @param account The address of the account.
* @param spender The address of the spender being approved for the allowance.
* @param amount The amount of the allowance being approved.
*/
event Approval(address indexed account, address indexed spender, uint256 amount);
/**
* @notice Emitted when `amount` tokens is transferred from `sender` to `recipient`.
* @param sender The address of the sender who's token balance is decremented.
* @param recipient The address of the recipient who's token balance is incremented.
* @param amount The amount of tokens being transferred.
*/
event Transfer(address indexed sender, address indexed recipient, uint256 amount);
/* ============ Interactive Functions ============ */
/**
* @notice Allows a calling account to approve `spender` to spend up to `amount` of its token balance.
* @dev MUST emit an `Approval` event.
* @param spender The address of the account being allowed to spend up to the allowed amount.
* @param amount The amount of the allowance being approved.
* @return Whether or not the approval was successful.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @notice Allows a calling account to transfer `amount` tokens to `recipient`.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return Whether or not the transfer was successful.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @notice Allows a calling account to transfer `amount` tokens from `sender`, with allowance, to a `recipient`.
* @param sender The address of the sender who's token balance will be decremented.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return Whether or not the transfer was successful.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/* ============ View/Pure Functions ============ */
/**
* @notice Returns the allowance `spender` is allowed to spend on behalf of `account`.
* @param account The address of the account who's token balance `spender` is allowed to spend.
* @param spender The address of an account allowed to spend on behalf of `account`.
* @return The amount `spender` can spend on behalf of `account`.
*/
function allowance(address account, address spender) external view returns (uint256);
/**
* @notice Returns the token balance of `account`.
* @param account The address of some account.
* @return The token balance of `account`.
*/
function balanceOf(address account) external view returns (uint256);
/// @notice Returns the number of decimals UIs should assume all amounts have.
function decimals() external view returns (uint8);
/// @notice Returns the name of the contract/token.
function name() external view returns (string memory);
/// @notice Returns the symbol of the token.
function symbol() external view returns (string memory);
/// @notice Returns the current total supply of the token.
function totalSupply() external view returns (uint256);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title M Extension where all yield is claimable by a single recipient.
* @author M0 Labs
*/
interface IMYieldToOne {
/* ============ Events ============ */
/**
* @notice Emitted when this contract's excess M is claimed.
* @param yield The amount of M yield claimed.
*/
event YieldClaimed(uint256 yield);
/**
* @notice Emitted when the yield recipient is set.
* @param yieldRecipient The address of the new yield recipient.
*/
event YieldRecipientSet(address indexed yieldRecipient);
/* ============ Custom Errors ============ */
/// @notice Emitted in constructor if Yield Recipient is 0x0.
error ZeroYieldRecipient();
/// @notice Emitted in constructor if Yield Recipient Manager is 0x0.
error ZeroYieldRecipientManager();
/// @notice Emitted in constructor if Admin is 0x0.
error ZeroAdmin();
/* ============ Interactive Functions ============ */
/// @notice Claims accrued yield to yield recipient.
function claimYield() external returns (uint256);
/**
* @notice Sets the yield recipient.
* @dev MUST only be callable by the YIELD_RECIPIENT_MANAGER_ROLE.
* @dev SHOULD revert if `yieldRecipient` is 0x0.
* @dev SHOULD return early if the `yieldRecipient` is already the actual yield recipient.
* @param yieldRecipient The address of the new yield recipient.
*/
function setYieldRecipient(address yieldRecipient) external;
/* ============ View/Pure Functions ============ */
/// @notice The role that can manage the yield recipient.
function YIELD_RECIPIENT_MANAGER_ROLE() external view returns (bytes32);
/// @notice The amount of accrued yield.
function yield() external view returns (uint256);
/// @notice The address of the yield recipient.
function yieldRecipient() external view returns (address);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import {
AccessControlUpgradeable
} from "../../lib/common/lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlUpgradeable.sol";
import { IFreezable } from "./IFreezable.sol";
abstract contract FreezableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.Freezable
struct FreezableStorageStruct {
mapping(address account => bool isFrozen) isFrozen;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.Freezable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _FREEZABLE_STORAGE_LOCATION =
0x2fd5767309dce890c526ace85d7fe164825199d7dcd99c33588befc51b32ce00;
function _getFreezableStorageLocation() internal pure returns (FreezableStorageStruct storage $) {
assembly {
$.slot := _FREEZABLE_STORAGE_LOCATION
}
}
}
/**
* @title Freezable
* @notice Upgradeable contract that allows for the freezing of accounts.
* @dev This contract is used to prevent certain accounts from interacting with the contract.
* @author M0 Labs
*/
abstract contract Freezable is IFreezable, FreezableStorageLayout, AccessControlUpgradeable {
/* ============ Variables ============ */
/// @inheritdoc IFreezable
bytes32 public constant FREEZE_MANAGER_ROLE = keccak256("FREEZE_MANAGER_ROLE");
/* ============ Initializer ============ */
/**
* @notice Initializes the contract with the given freeze manager.
* @param freezeManager The address of a freeze manager.
*/
function __Freezable_init(address freezeManager) internal onlyInitializing {
if (freezeManager == address(0)) revert ZeroFreezeManager();
_grantRole(FREEZE_MANAGER_ROLE, freezeManager);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IFreezable
function freeze(address account) external onlyRole(FREEZE_MANAGER_ROLE) {
_freeze(_getFreezableStorageLocation(), account);
}
/// @inheritdoc IFreezable
function freezeAccounts(address[] calldata accounts) external onlyRole(FREEZE_MANAGER_ROLE) {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
for (uint256 i; i < accounts.length; ++i) {
_freeze($, accounts[i]);
}
}
/// @inheritdoc IFreezable
function unfreeze(address account) external onlyRole(FREEZE_MANAGER_ROLE) {
_unfreeze(_getFreezableStorageLocation(), account);
}
/// @inheritdoc IFreezable
function unfreezeAccounts(address[] calldata accounts) external onlyRole(FREEZE_MANAGER_ROLE) {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
for (uint256 i; i < accounts.length; ++i) {
_unfreeze($, accounts[i]);
}
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IFreezable
function isFrozen(address account) public view returns (bool) {
return _getFreezableStorageLocation().isFrozen[account];
}
/* ============ Internal Interactive Functions ============ */
/**
* @notice Internal function that freezes an account.
* @param $ The storage location of the freezable contract.
* @param account The account to freeze.
*/
function _freeze(FreezableStorageStruct storage $, address account) internal {
_revertIfFrozen($, account);
$.isFrozen[account] = true;
emit Frozen(account, block.timestamp);
}
/**
* @notice Internal function that unfreezes an account.
* @param $ The storage location of the freezable contract.
* @param account The account to unfreeze.
*/
function _unfreeze(FreezableStorageStruct storage $, address account) internal {
_revertIfNotFrozen($, account);
$.isFrozen[account] = false;
emit Unfrozen(account, block.timestamp);
}
/* ============ Internal View/Pure Functions ============ */
/**
* @notice Internal function that reverts if an account is frozen.
* @param $ The storage location of the freezable contract.
* @param account The account to check.
*/
function _revertIfFrozen(FreezableStorageStruct storage $, address account) internal view {
if ($.isFrozen[account]) revert AccountFrozen(account);
}
/**
* @notice Internal function that reverts if an account is frozen.
* @param account The account to check.
*/
function _revertIfFrozen(address account) internal view {
if (_getFreezableStorageLocation().isFrozen[account]) revert AccountFrozen(account);
}
/**
* @notice Internal function that reverts if an account is not frozen.
* @param $ The storage location of the freezable contract.
* @param account The account to check.
*/
function _revertIfNotFrozen(FreezableStorageStruct storage $, address account) internal view {
if (!$.isFrozen[account]) revert AccountNotFrozen(account);
}
/**
* @notice Internal function that reverts if an account is not frozen.
* @param account The account to check.
*/
function _revertIfNotFrozen(address account) internal view {
if (!_getFreezableStorageLocation().isFrozen[account]) revert AccountNotFrozen(account);
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { ERC20ExtendedUpgradeable } from "../lib/common/src/ERC20ExtendedUpgradeable.sol";
import { IERC20 } from "../lib/common/src/interfaces/IERC20.sol";
import { IMTokenLike } from "./interfaces/IMTokenLike.sol";
import { IMExtension } from "./interfaces/IMExtension.sol";
import { ISwapFacility } from "./swap/interfaces/ISwapFacility.sol";
/**
* @title MExtension
* @notice Upgradeable ERC20 Token contract for wrapping M into a non-rebasing token.
* @author M0 Labs
*/
abstract contract MExtension is IMExtension, ERC20ExtendedUpgradeable {
/* ============ Variables ============ */
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
/// @inheritdoc IMExtension
address public immutable mToken;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
/// @inheritdoc IMExtension
address public immutable swapFacility;
/* ============ Modifiers ============ */
/// @dev Modifier to check if caller is SwapFacility.
modifier onlySwapFacility() {
if (msg.sender != swapFacility) revert NotSwapFacility();
_;
}
/* ============ Constructor ============ */
/**
* @custom:oz-upgrades-unsafe-allow constructor
* @notice Constructs MExtension Implementation contract
* @dev Sets immutable storage.
* @param mToken_ The address of $M token.
* @param swapFacility_ The address of Swap Facility.
*/
constructor(address mToken_, address swapFacility_) {
_disableInitializers();
if ((mToken = mToken_) == address(0)) revert ZeroMToken();
if ((swapFacility = swapFacility_) == address(0)) revert ZeroSwapFacility();
}
/* ============ Initializer ============ */
/**
* @notice Initializes the generic M extension token.
* @param name The name of the token (e.g. "HALO USD").
* @param symbol The symbol of the token (e.g. "HUSD").
*/
function __MExtension_init(string memory name, string memory symbol) internal onlyInitializing {
__ERC20ExtendedUpgradeable_init(name, symbol, 6);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IMExtension
function wrap(address recipient, uint256 amount) external onlySwapFacility {
// NOTE: `msg.sender` is always SwapFacility contract.
// `ISwapFacility.msgSender()` is used to ensure that the original caller is passed to `_beforeWrap`.
_wrap(ISwapFacility(msg.sender).msgSender(), recipient, amount);
}
/// @inheritdoc IMExtension
function unwrap(address /* recipient */, uint256 amount) external onlySwapFacility {
// NOTE: `msg.sender` is always SwapFacility contract.
// `ISwapFacility.msgSender()` is used to ensure that the original caller is passed to `_beforeUnwrap`.
// NOTE: `recipient` is not used in this function as the $M is always sent to SwapFacility contract.
_unwrap(ISwapFacility(msg.sender).msgSender(), amount);
}
/// @inheritdoc IMExtension
function enableEarning() external virtual {
if (isEarningEnabled()) revert EarningIsEnabled();
emit EarningEnabled(currentIndex());
IMTokenLike(mToken).startEarning();
}
/// @inheritdoc IMExtension
function disableEarning() external virtual {
if (!isEarningEnabled()) revert EarningIsDisabled();
emit EarningDisabled(currentIndex());
IMTokenLike(mToken).stopEarning(address(this));
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IMExtension
function currentIndex() public view virtual returns (uint128) {
return IMTokenLike(mToken).currentIndex();
}
/// @inheritdoc IMExtension
function isEarningEnabled() public view virtual returns (bool) {
return IMTokenLike(mToken).isEarning(address(this));
}
/// @inheritdoc IERC20
function balanceOf(address account) public view virtual returns (uint256);
/* ============ Hooks For Internal Interactive Functions ============ */
/**
* @dev Hook called before approval of M Extension token.
* @param account The sender's address.
* @param spender The spender address.
* @param amount The amount to be approved.
*/
function _beforeApprove(address account, address spender, uint256 amount) internal virtual {}
/**
* @dev Hook called before wrapping M into M Extension token.
* @param account The account from which M is deposited.
* @param recipient The account receiving the minted M Extension token.
* @param amount The amount of M deposited.
*/
function _beforeWrap(address account, address recipient, uint256 amount) internal virtual {}
/**
* @dev Hook called before unwrapping M Extension token.
* @param account The account from which M Extension token is burned.
* @param amount The amount of M Extension token burned.
*/
function _beforeUnwrap(address account, uint256 amount) internal virtual {}
/**
* @dev Hook called before transferring M Extension token.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _beforeTransfer(address sender, address recipient, uint256 amount) internal virtual {}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Approve `spender` to spend `amount` of tokens from `account`.
* @param account The address approving the allowance.
* @param spender The address approved to spend the tokens.
* @param amount The amount of tokens being approved for spending.
*/
function _approve(address account, address spender, uint256 amount) internal override {
// NOTE: Add extension-specific checks before approval.
_beforeApprove(account, spender, amount);
super._approve(account, spender, amount);
}
/**
* @dev Wraps `amount` M from `account` into M Extension for `recipient`.
* @param account The original caller of SwapFacility functions.
* @param recipient The account receiving the minted M Extension token.
* @param amount The amount of M deposited.
*/
function _wrap(address account, address recipient, uint256 amount) internal {
_revertIfInvalidRecipient(recipient);
_revertIfInsufficientAmount(amount);
// NOTE: Add extension-specific checks before wrapping.
_beforeWrap(account, recipient, amount);
// NOTE: `msg.sender` is always SwapFacility contract.
// NOTE: The behavior of `IMTokenLike.transferFrom` is known, so its return can be ignored.
IMTokenLike(mToken).transferFrom(msg.sender, address(this), amount);
// NOTE: This method is overridden by the inheriting M Extension contract.
// NOTE: Mints precise amount of $M Extension token to `recipient`.
// Option 1: $M transfer from an $M earner to another $M earner ($M Extension in earning state): rounds up → rounds up,
// 0, 1, or XX extra wei may be locked in M Extension compared to the minted amount of $M Extension token.
// Option 2: $M transfer from an $M non-earner to an $M earner ($M Extension in earning state): precise $M transfer → rounds down,
// 0, -1, or -XX wei may be locked in $M Extension compared to the minted amount of $M Extension token.
//
_mint(recipient, amount);
}
/**
* @dev Unwraps `amount` M Extension token from `account` into $M and transfers to SwapFacility.
* @param account The original caller of SwapFacility functions.
* @param amount The amount of M Extension token burned.
*/
function _unwrap(address account, uint256 amount) internal {
_revertIfInsufficientAmount(amount);
// NOTE: Add extension-specific checks before unwrapping.
_beforeUnwrap(account, amount);
_revertIfInsufficientBalance(msg.sender, balanceOf(msg.sender), amount);
// NOTE: This method will be overridden by the inheriting M Extension contract.
// NOTE: Computes the actual decrease in the $M balance of the $M Extension contract.
// Option 1: $M transfer from an $M earner ($M Extension in earning state) to another $M earner: round up → rounds up.
// Option 2: $M transfer from an $M earner ($M Extension in earning state) to an $M non-earner: round up → precise $M transfer.
// In both cases, 0, 1, or XX extra wei may be deducted from the $M Extension contract's $M balance compared to the burned amount of $M Extension token.
// NOTE: Always burn from SwapFacility as it is the only contract that can call this function.
_burn(msg.sender, amount);
// NOTE: The behavior of `IMTokenLike.transfer` is known, so its return can be ignored.
// NOTE: `msg.sender` is always SwapFacility contract.
IMTokenLike(mToken).transfer(msg.sender, amount);
}
/**
* @dev Mints `amount` tokens to `recipient`.
* @param recipient The address to which the tokens will be minted.
* @param amount The amount of tokens to mint.
*/
function _mint(address recipient, uint256 amount) internal virtual;
/**
* @dev Burns `amount` tokens from `account`.
* @param account The address from which the tokens will be burned.
* @param amount The amount of tokens to burn.
*/
function _burn(address account, uint256 amount) internal virtual;
/**
* @dev Internal ERC20 transfer function that needs to be implemented by the inheriting contract.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _update(address sender, address recipient, uint256 amount) internal virtual;
/**
* @dev Internal ERC20 transfer function that needs to be implemented by the inheriting contract.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _transfer(address sender, address recipient, uint256 amount) internal override {
_revertIfInvalidRecipient(recipient);
// NOTE: Add extension-specific checks before transfers.
_beforeTransfer(sender, recipient, amount);
emit Transfer(sender, recipient, amount);
if (amount == 0) return;
_revertIfInsufficientBalance(sender, balanceOf(sender), amount);
// NOTE: This method will be overridden by the inheriting M Extension contract.
_update(sender, recipient, amount);
}
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Returns the M Token balance of `account`.
* @param account The account being queried.
* @return balance The M Token balance of the account.
*/
function _mBalanceOf(address account) internal view returns (uint256) {
return IMTokenLike(mToken).balanceOf(account);
}
/**
* @dev Reverts if `recipient` is address(0).
* @param recipient Address of a recipient.
*/
function _revertIfInvalidRecipient(address recipient) internal pure {
if (recipient == address(0)) revert InvalidRecipient(recipient);
}
/**
* @dev Reverts if `amount` is equal to 0.
* @param amount Amount of token.
*/
function _revertIfInsufficientAmount(uint256 amount) internal pure {
if (amount == 0) revert InsufficientAmount(amount);
}
/**
* @dev Reverts if `account` balance is below `amount`.
* @param account Address of an account.
* @param balance Balance of an account.
* @param amount Amount to transfer or burn.
*/
function _revertIfInsufficientBalance(address account, uint256 balance, uint256 amount) internal pure {
if (balance < amount) revert InsufficientBalance(account, balance, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
struct AccessControlStorage {
mapping(bytes32 role => RoleData) _roles;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
assembly {
$.slot := AccessControlStorageLocation
}
}
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
AccessControlStorage storage $ = _getAccessControlStorage();
bytes32 previousAdminRole = getRoleAdmin(role);
$._roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (!hasRole(role, account)) {
$._roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` from `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (hasRole(role, account)) {
$._roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title Freezable interface.
* @author M0 Labs
*/
interface IFreezable {
/* ============ Events ============ */
/**
* @notice Emitted when an account is frozen.
* @param account The address of the frozen account.
* @param timestamp The timestamp at which the account was frozen.
*/
event Frozen(address indexed account, uint256 timestamp);
/**
* @notice Emitted when an account is unfrozen.
* @param account The address of the unfrozen account.
* @param timestamp The timestamp at which the account was unfrozen.
*/
event Unfrozen(address indexed account, uint256 timestamp);
/* ============ Errors ============ */
/**
* @notice Emitted when a frozen account attempts to interact with the contract.
* @param account The address of the frozen account.
*/
error AccountFrozen(address account);
/**
* @notice Emitted when trying to unfreeze a non-frozen account.
* @param account The address of the account that is not frozen.
*/
error AccountNotFrozen(address account);
/// @notice Emitted if no freeze manager is set.
error ZeroFreezeManager();
/* ============ Interactive Functions ============ */
/**
* @notice Freezes an account.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if the account is already frozen.
* @param account The address of the account to freeze.
*/
function freeze(address account) external;
/**
* @notice Freezes multiple accounts.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if any of the accounts are already frozen.
* @param accounts The list of addresses to freeze.
*/
function freezeAccounts(address[] calldata accounts) external;
/**
* @notice Unfreezes an account.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if the account is not frozen.
* @param account The address of the account to unfreeze.
*/
function unfreeze(address account) external;
/**
* @notice Unfreezes multiple accounts.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if any of the accounts are not frozen.
* @param accounts The list of addresses to unfreeze.
*/
function unfreezeAccounts(address[] calldata accounts) external;
/* ============ View/Pure Functions ============ */
/// @notice The role that can manage the freezelist.
function FREEZE_MANAGER_ROLE() external view returns (bytes32);
/**
* @notice Returns whether an account is frozen or not.
* @param account The address of the account to check.
* @return True if the account is frozen, false otherwise.
*/
function isFrozen(address account) external view returns (bool);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { ERC3009Upgradeable } from "./ERC3009Upgradeable.sol";
import { IERC20 } from "./interfaces/IERC20.sol";
import { IERC20Extended } from "./interfaces/IERC20Extended.sol";
abstract contract ERC20ExtendedUpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.ERC20Extended
struct ERC20ExtendedStorageStruct {
mapping(address account => mapping(address spender => uint256 allowance)) allowance;
uint8 decimals;
string symbol;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.ERC20Extended")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _ERC20_EXTENDED_STORAGE_LOCATION =
0xcbbe23efb65c1eaba394256c463812c20abdb5376e247eba1d0e1e92054da100;
function _getERC20ExtendedStorageLocation() internal pure returns (ERC20ExtendedStorageStruct storage $) {
assembly {
$.slot := _ERC20_EXTENDED_STORAGE_LOCATION
}
}
}
/**
* @title An upgradeable ERC20 token extended with EIP-2612 permits for signed approvals
* (via EIP-712 and with EIP-1271 and EIP-5267 compatibility).
* @author M0 Labs
*/
abstract contract ERC20ExtendedUpgradeable is
ERC20ExtendedUpgradeableStorageLayout,
ERC3009Upgradeable,
IERC20Extended
{
/* ============ Variables ============ */
/**
* @inheritdoc IERC20Extended
* @dev Keeping this constant, despite `permit` parameter name differences, to ensure max EIP-2612 compatibility.
* keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)")
*/
bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
/* ============ Initializer ============ */
function __ERC20ExtendedUpgradeable_init(
string memory name_,
string memory symbol_,
uint8 decimals_
) internal onlyInitializing {
__ERC3009Upgradeable_init(name_);
ERC20ExtendedStorageStruct storage $ = _getERC20ExtendedStorageLocation();
$.decimals = decimals_;
$.symbol = symbol_;
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IERC20
function approve(address spender_, uint256 amount_) external returns (bool) {
_approve(msg.sender, spender_, amount_);
return true;
}
/// @inheritdoc IERC20Extended
function permit(
address owner_,
address spender_,
uint256 value_,
uint256 deadline_,
uint8 v_,
bytes32 r_,
bytes32 s_
) external {
_revertIfInvalidSignature(owner_, _permitAndGetDigest(owner_, spender_, value_, deadline_), v_, r_, s_);
}
/// @inheritdoc IERC20Extended
function permit(
address owner_,
address spender_,
uint256 value_,
uint256 deadline_,
bytes memory signature_
) external {
_revertIfInvalidSignature(owner_, _permitAndGetDigest(owner_, spender_, value_, deadline_), signature_);
}
/// @inheritdoc IERC20
function transfer(address recipient_, uint256 amount_) external returns (bool) {
_transfer(msg.sender, recipient_, amount_);
return true;
}
/// @inheritdoc IERC20
function transferFrom(address sender_, address recipient_, uint256 amount_) external returns (bool) {
ERC20ExtendedStorageStruct storage $ = _getERC20ExtendedStorageLocation();
uint256 spenderAllowance_ = $.allowance[sender_][msg.sender]; // Cache `spenderAllowance_` to stack.
if (spenderAllowance_ != type(uint256).max) {
if (spenderAllowance_ < amount_) revert InsufficientAllowance(msg.sender, spenderAllowance_, amount_);
unchecked {
_setAllowance($, sender_, msg.sender, spenderAllowance_ - amount_);
}
}
_transfer(sender_, recipient_, amount_);
return true;
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC20
function allowance(address account, address spender) public view returns (uint256) {
return _getERC20ExtendedStorageLocation().allowance[account][spender];
}
/// @inheritdoc IERC20
function decimals() external view virtual returns (uint8) {
return _getERC20ExtendedStorageLocation().decimals;
}
/// @inheritdoc IERC20
function name() external view virtual returns (string memory) {
return _getERC712ExtendedStorageLocation().name;
}
/// @inheritdoc IERC20
function symbol() external view virtual returns (string memory) {
return _getERC20ExtendedStorageLocation().symbol;
}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Approve `spender_` to spend `amount_` of tokens from `account_`.
* @param account_ The address approving the allowance.
* @param spender_ The address approved to spend the tokens.
* @param amount_ The amount of tokens being approved for spending.
*/
function _approve(address account_, address spender_, uint256 amount_) internal virtual {
_setAllowance(_getERC20ExtendedStorageLocation(), account_, spender_, amount_);
emit Approval(account_, spender_, amount_);
}
/**
* @dev Set the `amount_` of tokens `spender_` is allowed to spend from `account_`.
* @param $ ERC20Extended storage location.
* @param account_ The address for which the allowance is set.
* @param spender_ The address allowed to spend the tokens.
* @param amount_ The amount of tokens being allowed for spending.
*/
function _setAllowance(
ERC20ExtendedStorageStruct storage $,
address account_,
address spender_,
uint256 amount_
) internal virtual {
$.allowance[account_][spender_] = amount_;
}
/**
* @dev Performs the approval based on the permit info, validates the deadline, and returns the digest.
* @param owner_ The address of the account approving the allowance.
* @param spender_ The address of the account being allowed to spend the tokens.
* @param amount_ The amount of tokens being approved for spending.
* @param deadline_ The deadline by which the signature must be used.
* @return digest_ The EIP-712 digest of the permit.
*/
function _permitAndGetDigest(
address owner_,
address spender_,
uint256 amount_,
uint256 deadline_
) internal virtual returns (bytes32) {
_revertIfExpired(deadline_);
_approve(owner_, spender_, amount_);
unchecked {
// Nonce realistically cannot overflow.
return
_getDigest(
keccak256(
abi.encode(
PERMIT_TYPEHASH,
owner_,
spender_,
amount_,
_getStatefulERC712ExtendedStorageLocation().nonces[owner_]++,
deadline_
)
)
);
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title Subset of M Token interface required for source contracts.
* @author M0 Labs
*/
interface IMTokenLike {
/* ============ Custom Errors ============ */
/// @notice Emitted when calling `stopEarning` for an account approved as earner by TTG.
error IsApprovedEarner();
/// @notice Emitted when calling `startEarning` for an account not approved as earner by TTG.
error NotApprovedEarner();
/* ============ Interactive Functions ============ */
/**
* @notice Allows a calling account to approve `spender` to spend up to `amount` of its token balance.
* @dev MUST emit an `Approval` event.
* @param spender The address of the account being allowed to spend up to the allowed amount.
* @param amount The amount of the allowance being approved.
* @return Whether or not the approval was successful.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function permit(address owner, address spender, uint256 value, uint256 deadline, bytes memory signature) external;
/**
* @notice Allows a calling account to transfer `amount` tokens to `recipient`.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return success Whether or not the transfer was successful.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @notice Allows a calling account to transfer `amount` tokens from `sender`, with allowance, to a `recipient`.
* @param sender The address of the sender who's token balance will be decremented.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return success Whether or not the transfer was successful.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/// @notice Starts earning for caller if allowed by the Registrar.
function startEarning() external;
/**
* @notice Stops earning for `account`.
* @dev MUST revert if `account` is an approved earner in TTG Registrar.
* @param account The account to stop earning for.
*/
function stopEarning(address account) external;
/* ============ View/Pure Functions ============ */
/**
* @notice Checks if account is an earner.
* @param account The account to check.
* @return earning True if account is an earner, false otherwise.
*/
function isEarning(address account) external view returns (bool);
/**
* @notice Returns the token balance of `account`.
* @param account The address of some account.
* @return balance The token balance of `account`.
*/
function balanceOf(address account) external view returns (uint256);
/// @notice The current index that would be written to storage if `updateIndex` is called.
function currentIndex() external view returns (uint128);
/// @notice The current value of earner rate in basis points.
function earnerRate() external view returns (uint32);
/// @notice Returns the EIP712 domain separator used in the encoding of a signed digest.
function DOMAIN_SEPARATOR() external view returns (bytes32);
/// @notice Returns the EIP712 typehash used in the encoding of the digest for the permit function.
function PERMIT_TYPEHASH() external view returns (bytes32);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { IERC20Extended } from "../../lib/common/src/interfaces/IERC20Extended.sol";
/**
* @title M Extension interface extending Extended ERC20,
* includes additional enable/disable earnings and index logic.
* @author M0 Labs
*/
interface IMExtension is IERC20Extended {
/* ============ Events ============ */
/**
* @notice Emitted when M extension earning is enabled.
* @param index The index at the moment earning is enabled.
*/
event EarningEnabled(uint128 index);
/**
* @notice Emitted when M extension earning is disabled.
* @param index The index at the moment earning is disabled.
*/
event EarningDisabled(uint128 index);
/* ============ Custom Errors ============ */
/// @notice Emitted when performing an operation that is not allowed when earning is disabled.
error EarningIsDisabled();
/// @notice Emitted when performing an operation that is not allowed when earning is enabled.
error EarningIsEnabled();
/**
* @notice Emitted when there is insufficient balance to decrement from `account`.
* @param account The account with insufficient balance.
* @param balance The balance of the account.
* @param amount The amount to decrement.
*/
error InsufficientBalance(address account, uint256 balance, uint256 amount);
/// @notice Emitted in constructor if M Token is 0x0.
error ZeroMToken();
/// @notice Emitted in constructor if Swap Facility is 0x0.
error ZeroSwapFacility();
/// @notice Emitted in `wrap` and `unwrap` functions if the caller is not the Swap Facility.
error NotSwapFacility();
/* ============ Interactive Functions ============ */
/**
* @notice Enables earning of extension token if allowed by the TTG Registrar and if it has never been done.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function enableEarning() external;
/**
* @notice Disables earning of extension token if disallowed by the TTG Registrar and if it has never been done.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function disableEarning() external;
/**
* @notice Wraps `amount` M from the caller into extension token for `recipient`.
* @dev Can only be called by the SwapFacility.
* @param recipient The account receiving the minted M extension token.
* @param amount The amount of M extension token minted.
*/
function wrap(address recipient, uint256 amount) external;
/**
* @notice Unwraps `amount` extension token from the caller into M for `recipient`.
* @dev Can only be called by the SwapFacility.
* @param recipient The account receiving the withdrawn M,
* it will always be the SwapFacility (keep `recipient` for backward compatibility).
* @param amount The amount of M extension token burned.
*/
function unwrap(address recipient, uint256 amount) external;
/* ============ View/Pure Functions ============ */
/// @notice The address of the M Token contract.
function mToken() external view returns (address);
/// @notice The address of the SwapFacility contract.
function swapFacility() external view returns (address);
/**
* @notice Whether M extension earning is enabled.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function isEarningEnabled() external view returns (bool);
/**
* @notice Returns the current index for M extension earnings.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function currentIndex() external view returns (uint128);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title Swap Facility interface.
* @author M0 Labs
*/
interface ISwapFacility {
/* ============ Events ============ */
/**
* @notice Emitted when $M Extension is swapped for another $M Extension.
* @param extensionIn The address of the input $M Extension.
* @param extensionOut The address of the output $M Extension.
* @param amount The amount swapped.
* @param recipient The address to receive the output $M Extension token.
*/
event Swapped(address indexed extensionIn, address indexed extensionOut, uint256 amount, address indexed recipient);
/**
* @notice Emitted when $M token is swapped for $M Extension.
* @param extensionOut The address of the output $M Extension.
* @param amount The amount swapped.
* @param recipient The address to receive the output $M Extension token.
*/
event SwappedInM(address indexed extensionOut, uint256 amount, address indexed recipient);
/**
* @notice Emitted when $M Extension is swapped for $M token.
* @param extensionIn The address of the input $M Extension.
* @param amount The amount swapped.
* @param recipient The address to receive the $M token.
*/
event SwappedOutM(address indexed extensionIn, uint256 amount, address indexed recipient);
/**
* @notice Emitted when an $M Extension is set as permissioned or not.
* @param extension The address of an $M Extension.
* @param allowed True if the extension is allowed, false otherwise.
*/
event PermissionedExtensionSet(address indexed extension, bool allowed);
/**
* @notice Emitted when a `swapper` is allowed or not to swap the permissioned `extension` from/to M.
* @param extension The address of an $M extension.
* @param swapper The address of the swapper.
* @param allowed True if the swapper is allowed, false otherwise.
*/
event PermissionedMSwapperSet(address indexed extension, address indexed swapper, bool allowed);
/* ============ Custom Errors ============ */
/// @notice Thrown in the constructor if $M Token is 0x0.
error ZeroMToken();
/// @notice Thrown in the constructor if Registrar is 0x0.
error ZeroRegistrar();
/// @notice Thrown in `setPermissionedMSwapper()` if the $M extension is 0x0.
error ZeroExtension();
/// @notice Thrown in `setPermissionedMSwapper()` if the swapper is 0x0.
error ZeroSwapper();
/// @notice Thrown in `swap` and `swapM` functions if the extension is not TTG approved earner.
error NotApprovedExtension(address extension);
/// @notice Thrown in `swapInM` and `swapOutM` functions if `swapper` is not approved to swap a permissioned `extension`.
error NotApprovedPermissionedSwapper(address extension, address swapper);
/// @notice Thrown in `swapInM` and `swapOutM` functions if `swapper` is not approved to swap the `extension`.
error NotApprovedSwapper(address extension, address swapper);
/// @notice Thrown in `swap` function if the extension is permissioned.
error PermissionedExtension(address extension);
/* ============ Interactive Functions ============ */
/**
* @notice Swaps one $M Extension to another.
* @param extensionIn The address of the $M Extension to swap from.
* @param extensionOut The address of the $M Extension to swap to.
* @param amount The amount to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
*/
function swap(address extensionIn, address extensionOut, uint256 amount, address recipient) external;
/**
* @notice Swaps one $M Extension to another using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param extensionOut The address of the $M Extension to swap to.
* @param amount The amount to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function swapWithPermit(
address extensionIn,
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Swaps one $M Extension to another using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param extensionOut The address of the $M Extension to swap to.
* @param amount The amount to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function swapWithPermit(
address extensionIn,
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
bytes calldata signature
) external;
/**
* @notice Swaps $M token to $M Extension.
* @param extensionOut The address of the M Extension to swap to.
* @param amount The amount of $M token to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
*/
function swapInM(address extensionOut, uint256 amount, address recipient) external;
/**
* @notice Swaps $M token to $M Extension using permit.
* @param extensionOut The address of the M Extension to swap to.
* @param amount The amount of $M token to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function swapInMWithPermit(
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Swaps $M token to $M Extension using permit.
* @param extensionOut The address of the M Extension to swap to.
* @param amount The amount of $M token to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function swapInMWithPermit(
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
bytes calldata signature
) external;
/**
* @notice Swaps $M Extension to $M token.
* @param extensionIn The address of the $M Extension to swap from.
* @param amount The amount of $M Extension tokens to swap.
* @param recipient The address to receive $M tokens.
*/
function swapOutM(address extensionIn, uint256 amount, address recipient) external;
/**
* @notice Swaps $M Extension to $M token using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param amount The amount of $M Extension tokens to swap.
* @param recipient The address to receive $M tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function swapOutMWithPermit(
address extensionIn,
uint256 amount,
address recipient,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Swaps $M Extension to $M token using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param amount The amount of $M Extension tokens to swap.
* @param recipient The address to receive $M tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function swapOutMWithPermit(
address extensionIn,
uint256 amount,
address recipient,
uint256 deadline,
bytes calldata signature
) external;
/**
* @notice Sets whether the `extension` is permissioned.
* @dev MUST only be callable by an address with the `DEFAULT_ADMIN_ROLE` role.
* @param extension The address of an $M Extension.
* @param permissioned True if the extension is permissioned, false otherwise.
*/
function setPermissionedExtension(address extension, bool permissioned) external;
/**
* @notice Sets whether `swapper` is allowed to swap the permissioned `extension` from/to M.
* @dev MUST only be callable by an address with the `DEFAULT_ADMIN_ROLE` role.
* @param extension The address of an extension to set permission for.
* @param swapper The address of the swapper to set permission for.
* @param allowed True if the swapper is allowed, false otherwise.
*/
function setPermissionedMSwapper(address extension, address swapper, bool allowed) external;
/* ============ View/Pure Functions ============ */
/// @notice The address of the $M Token contract.
function mToken() external view returns (address mToken);
/// @notice The address of the Registrar.
function registrar() external view returns (address registrar);
/**
* @notice Returns the address that called `swap` or `swapM`
* @dev Must be used instead of `msg.sender` in $M Extensions contracts to get the original sender.
*/
function msgSender() external view returns (address msgSender);
/**
* @notice Checks if the extension is permissioned.
* @param extension The extension address to check.
* @return true if allowed, false otherwise.
*/
function isPermissionedExtension(address extension) external view returns (bool);
/**
* @notice Checks if `swapper` is allowed to swap the permissioned extension from/to M.
* @param extension The $M extension address.
* @param swapper The swapper address to check.
* @return true if allowed, false otherwise.
*/
function isPermissionedMSwapper(address extension, address swapper) external view returns (bool);
/**
* @notice Checks if `swapper` is allowed to swap the permissionless (common) extension from/to M.
* @param swapper The swapper address to check.
* @return true if allowed, false otherwise.
*/
function isMSwapper(address swapper) external view returns (bool);
/// @notice The parameter name in the Registrar that defines the earners list.
function EARNERS_LIST_NAME() external pure returns (bytes32);
/// @notice The parameter name in the Registrar that defines whether to ignore the earners list.
function EARNERS_LIST_IGNORED_KEY() external pure returns (bytes32);
/// @notice Swapper role for permissioned extensions.
function M_SWAPPER_ROLE() external pure returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (access/IAccessControl.sol)
pragma solidity ^0.8.20;
/**
* @dev External interface of AccessControl declared to support ERC-165 detection.
*/
interface IAccessControl {
/**
* @dev The `account` is missing a role.
*/
error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);
/**
* @dev The caller of a function is not the expected one.
*
* NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.
*/
error AccessControlBadConfirmation();
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted to signal this.
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call. This account bears the admin role (for the granted role).
* Expected in cases where the role was granted using the internal {AccessControl-_grantRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*/
function renounceRole(bytes32 role, address callerConfirmation) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/ERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*/
abstract contract ERC165Upgradeable is Initializable, IERC165 {
function __ERC165_init() internal onlyInitializing {
}
function __ERC165_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { Initializable } from "../lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol";
import { IERC3009 } from "./interfaces/IERC3009.sol";
import { StatefulERC712Upgradeable } from "./StatefulERC712Upgradeable.sol";
abstract contract ERC3009UpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.ERC3009
struct ERC3009StorageStruct {
mapping(address authorizer => mapping(bytes32 nonce => bool isNonceUsed)) authorizationState;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.ERC3009")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _ERC3009_STORAGE_LOCATION =
0x1116a1d33aa5fb91b2652b3b0fdb63704173742d6dbecaf4256ebe33a4888600;
function _getERC3009StorageLocation() internal pure returns (ERC3009StorageStruct storage $) {
assembly {
$.slot := _ERC3009_STORAGE_LOCATION
}
}
}
/**
* @title ERC3009 implementation allowing the transfer of fungible assets via a signed authorization.
* @author M0 Labs
* @dev Inherits from ERC712ExtendedUpgradeable and StatefulERC712Upgradeable.
*/
abstract contract ERC3009Upgradeable is IERC3009, ERC3009UpgradeableStorageLayout, StatefulERC712Upgradeable {
/* ============ Variables ============ */
// solhint-disable-next-line max-line-length
/// @dev keccak256("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
/// @inheritdoc IERC3009
bytes32 public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH =
0x7c7c6cdb67a18743f49ec6fa9b35f50d52ed05cbed4cc592e13b44501c1a2267;
// solhint-disable-next-line max-line-length
/// @dev keccak256("ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
/// @inheritdoc IERC3009
bytes32 public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH =
0xd099cc98ef71107a616c4f0f941f04c322d8e254fe26b3c6668db87aae413de8;
/**
* @inheritdoc IERC3009
* @dev keccak256("CancelAuthorization(address authorizer,bytes32 nonce)")
*/
bytes32 public constant CANCEL_AUTHORIZATION_TYPEHASH =
0x158b0a9edf7a828aad02f63cd515c68ef2f50ba807396f6d12842833a1597429;
/* ============ Initializer ============ */
/**
* @notice Initializes the ERC3009Upgradeable contract.
* @param name_ The name of the contract.
*/
function __ERC3009Upgradeable_init(string memory name_) internal onlyInitializing {
__StatefulERC712ExtendedUpgradeable_init(name_);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IERC3009
function transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes memory signature_
) external {
_revertIfInvalidSignature(
from_,
_getTransferWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
signature_
);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes32 r_,
bytes32 vs_
) external {
_revertIfInvalidSignature(
from_,
_getTransferWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
r_,
vs_
);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
uint8 v_,
bytes32 r_,
bytes32 s_
) external {
_revertIfInvalidSignature(
from_,
_getTransferWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
v_,
r_,
s_
);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes memory signature_
) external {
_revertIfInvalidSignature(
from_,
_getReceiveWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
signature_
);
_receiveWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes32 r_,
bytes32 vs_
) external {
_revertIfInvalidSignature(
from_,
_getReceiveWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
r_,
vs_
);
_receiveWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
uint8 v_,
bytes32 r_,
bytes32 s_
) external {
_revertIfInvalidSignature(
from_,
_getReceiveWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
v_,
r_,
s_
);
_receiveWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function cancelAuthorization(address authorizer_, bytes32 nonce_, bytes memory signature_) external {
_revertIfInvalidSignature(authorizer_, _getCancelAuthorizationDigest(authorizer_, nonce_), signature_);
_cancelAuthorization(authorizer_, nonce_);
}
/// @inheritdoc IERC3009
function cancelAuthorization(address authorizer_, bytes32 nonce_, bytes32 r_, bytes32 vs_) external {
_revertIfInvalidSignature(authorizer_, _getCancelAuthorizationDigest(authorizer_, nonce_), r_, vs_);
_cancelAuthorization(authorizer_, nonce_);
}
/// @inheritdoc IERC3009
function cancelAuthorization(address authorizer_, bytes32 nonce_, uint8 v_, bytes32 r_, bytes32 s_) external {
_revertIfInvalidSignature(authorizer_, _getCancelAuthorizationDigest(authorizer_, nonce_), v_, r_, s_);
_cancelAuthorization(authorizer_, nonce_);
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC3009
function authorizationState(address authorizer, bytes32 nonce) public view returns (bool) {
return _getERC3009StorageLocation().authorizationState[authorizer][nonce];
}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Common transfer function used by `transferWithAuthorization` and `_receiveWithAuthorization`.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
*/
function _transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal {
if (block.timestamp <= validAfter_) revert AuthorizationNotYetValid(block.timestamp, validAfter_);
if (block.timestamp >= validBefore_) revert AuthorizationExpired(block.timestamp, validBefore_);
_revertIfAuthorizationAlreadyUsed(from_, nonce_);
_getERC3009StorageLocation().authorizationState[from_][nonce_] = true;
emit AuthorizationUsed(from_, nonce_);
_transfer(from_, to_, value_);
}
/**
* @dev Common receive function used by `receiveWithAuthorization`.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
*/
function _receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal {
if (msg.sender != to_) revert CallerMustBePayee(msg.sender, to_);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/**
* @dev Common cancel function used by `cancelAuthorization`.
* @param authorizer_ Authorizer's address.
* @param nonce_ Nonce of the authorization.
*/
function _cancelAuthorization(address authorizer_, bytes32 nonce_) internal {
_revertIfAuthorizationAlreadyUsed(authorizer_, nonce_);
_getERC3009StorageLocation().authorizationState[authorizer_][nonce_] = true;
emit AuthorizationCanceled(authorizer_, nonce_);
}
/**
* @dev Internal ERC20 transfer function that needs to be implemented by the inheriting contract.
* @param sender_ The sender's address.
* @param recipient_ The recipient's address.
* @param amount_ The amount to be transferred.
*/
function _transfer(address sender_, address recipient_, uint256 amount_) internal virtual;
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Returns the internal EIP-712 digest of a transferWithAuthorization call.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
* @return The internal EIP-712 digest.
*/
function _getTransferWithAuthorizationDigest(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal view returns (bytes32) {
return
_getDigest(
keccak256(
abi.encode(
TRANSFER_WITH_AUTHORIZATION_TYPEHASH,
from_,
to_,
value_,
validAfter_,
validBefore_,
nonce_
)
)
);
}
/**
* @dev Returns the internal EIP-712 digest of a receiveWithAuthorization call.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
* @return The internal EIP-712 digest.
*/
function _getReceiveWithAuthorizationDigest(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal view returns (bytes32) {
return
_getDigest(
keccak256(
abi.encode(
RECEIVE_WITH_AUTHORIZATION_TYPEHASH,
from_,
to_,
value_,
validAfter_,
validBefore_,
nonce_
)
)
);
}
/**
* @dev Returns the internal EIP-712 digest of a cancelAuthorization call.
* @param authorizer_ Authorizer's address.
* @param nonce_ Nonce of the authorization.
* @return The internal EIP-712 digest.
*/
function _getCancelAuthorizationDigest(address authorizer_, bytes32 nonce_) internal view returns (bytes32) {
return _getDigest(keccak256(abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer_, nonce_)));
}
/**
* @dev Reverts if the authorization is already used.
* @param authorizer_ The authorizer's address.
* @param nonce_ The nonce of the authorization.
*/
function _revertIfAuthorizationAlreadyUsed(address authorizer_, bytes32 nonce_) internal view {
if (authorizationState(authorizer_, nonce_)) revert AuthorizationAlreadyUsed(authorizer_, nonce_);
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC20 } from "./IERC20.sol";
import { IERC3009 } from "./IERC3009.sol";
/**
* @title An ERC20 token extended with EIP-2612 permits for signed approvals (via EIP-712
* and with EIP-1271 compatibility), and extended with EIP-3009 transfer with authorization (via EIP-712).
* @author M^0 Labs
* @dev The additional interface as defined by EIP-2612: https://eips.ethereum.org/EIPS/eip-2612
*/
interface IERC20Extended is IERC20, IERC3009 {
/* ============ Custom Errors ============ */
/**
* @notice Revert message when spender's allowance is not sufficient.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @notice Revert message emitted when the transferred amount is insufficient.
* @param amount Amount transferred.
*/
error InsufficientAmount(uint256 amount);
/**
* @notice Revert message emitted when the recipient of a token is invalid.
* @param recipient Address of the invalid recipient.
*/
error InvalidRecipient(address recipient);
/* ============ Interactive Functions ============ */
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function permit(address owner, address spender, uint256 value, uint256 deadline, bytes memory signature) external;
/* ============ View/Pure Functions ============ */
/// @notice Returns the EIP712 typehash used in the encoding of the digest for the permit function.
function PERMIT_TYPEHASH() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/IERC165.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IStatefulERC712 } from "./IStatefulERC712.sol";
/**
* @title Transfer via signed authorization following EIP-3009 standard.
* @author M^0 Labs
* @dev The interface as defined by EIP-3009: https://eips.ethereum.org/EIPS/eip-3009
*/
interface IERC3009 is IStatefulERC712 {
/* ============ Events ============ */
/**
* @notice Emitted when an authorization has been canceled.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the canceled authorization.
*/
event AuthorizationCanceled(address indexed authorizer, bytes32 indexed nonce);
/**
* @notice Emitted when an authorization has been used.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the used authorization.
*/
event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce);
/* ============ Custom Errors ============ */
/**
* @notice Emitted when an authorization has already been used.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the used authorization.
*/
error AuthorizationAlreadyUsed(address authorizer, bytes32 nonce);
/**
* @notice Emitted when an authorization is expired.
* @param timestamp Timestamp at which the transaction was submitted.
* @param validBefore Timestamp before which the authorization would have been valid.
*/
error AuthorizationExpired(uint256 timestamp, uint256 validBefore);
/**
* @notice Emitted when an authorization is not yet valid.
* @param timestamp Timestamp at which the transaction was submitted.
* @param validAfter Timestamp after which the authorization will be valid.
*/
error AuthorizationNotYetValid(uint256 timestamp, uint256 validAfter);
/**
* @notice Emitted when the caller of `receiveWithAuthorization` is not the payee.
* @param caller Caller's address.
* @param payee Payee's address.
*/
error CallerMustBePayee(address caller, address payee);
/* ============ Interactive Functions ============ */
/**
* @notice Execute a transfer with a signed authorization.
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) external;
/**
* @notice Execute a transfer with a signed authorization.
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes32 r,
bytes32 vs
) external;
/**
* @notice Execute a transfer with a signed authorization.
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param v v of the signature.
* @param r r of the signature.
* @param s s of the signature.
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Receive a transfer with a signed authorization from the payer.
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks.
* (See security considerations)
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) external;
/**
* @notice Receive a transfer with a signed authorization from the payer.
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks.
* (See security considerations)
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes32 r,
bytes32 vs
) external;
/**
* @notice Receive a transfer with a signed authorization from the payer.
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks.
* (See security considerations)
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param v v of the signature.
* @param r r of the signature.
* @param s s of the signature.
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Attempt to cancel an authorization.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
*/
function cancelAuthorization(address authorizer, bytes32 nonce, bytes memory signature) external;
/**
* @notice Attempt to cancel an authorization.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
*/
function cancelAuthorization(address authorizer, bytes32 nonce, bytes32 r, bytes32 vs) external;
/**
* @notice Attempt to cancel an authorization.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @param v v of the signature.
* @param r r of the signature.
* @param s s of the signature.
*/
function cancelAuthorization(address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s) external;
/* ============ View/Pure Functions ============ */
/**
* @notice Returns the state of an authorization.
* @dev Nonces are randomly generated 32-byte data unique to the authorizer's address
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @return True if the nonce is used.
*/
function authorizationState(address authorizer, bytes32 nonce) external view returns (bool);
/// @notice Returns `transferWithAuthorization` typehash.
function TRANSFER_WITH_AUTHORIZATION_TYPEHASH() external view returns (bytes32);
/// @notice Returns `receiveWithAuthorization` typehash.
function RECEIVE_WITH_AUTHORIZATION_TYPEHASH() external view returns (bytes32);
/// @notice Returns `cancelAuthorization` typehash.
function CANCEL_AUTHORIZATION_TYPEHASH() external view returns (bytes32);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IStatefulERC712 } from "./interfaces/IStatefulERC712.sol";
import { ERC712ExtendedUpgradeable } from "./ERC712ExtendedUpgradeable.sol";
abstract contract StatefulERC712ExtendedUpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.StatefulERC712Extended
struct StatefulERC712ExtendedStorageStruct {
mapping(address account => uint256 nonce) nonces; // Nonces for all signatures.
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.StatefulERC712Extended")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _STATEFUL_ERC712_EXTENDED_STORAGE_LOCATION =
0x1b21ba3f0a2135d61c468900b54084f04af8111bce0f8bbb6ab8c46d11afbd00;
function _getStatefulERC712ExtendedStorageLocation()
internal
pure
returns (StatefulERC712ExtendedStorageStruct storage $)
{
assembly {
$.slot := _STATEFUL_ERC712_EXTENDED_STORAGE_LOCATION
}
}
}
/**
* @title Stateful and upgradeable extension for EIP-712 typed structured data hashing and signing with nonces.
* @author M0 Labs
* @dev An abstract implementation to satisfy stateful EIP-712 with nonces.
*/
abstract contract StatefulERC712Upgradeable is
StatefulERC712ExtendedUpgradeableStorageLayout,
IStatefulERC712,
ERC712ExtendedUpgradeable
{
/* ============ Initializer ============ */
/**
* @notice Initializes the StatefulERC712Upgradeable contract.
* @param name The name of the contract.
*/
function __StatefulERC712ExtendedUpgradeable_init(string memory name) internal onlyInitializing {
__ERC712ExtendedUpgradeable_init(name);
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IStatefulERC712
function nonces(address account) external view returns (uint256) {
return _getStatefulERC712ExtendedStorageLocation().nonces[account];
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC712Extended } from "./IERC712Extended.sol";
/**
* @title Stateful Extension for EIP-712 typed structured data hashing and signing with nonces.
* @author M^0 Labs
*/
interface IStatefulERC712 is IERC712Extended {
/* ============ Custom Errors ============ */
/**
* @notice Revert message when a signing account's nonce is not the expected current nonce.
* @param nonce The nonce used in the signature.
* @param expectedNonce The expected nonce to be used in a signature by the signing account.
*/
error InvalidAccountNonce(uint256 nonce, uint256 expectedNonce);
/* ============ View/Pure Functions ============ */
/**
* @notice Returns the next nonce to be used in a signature by `account`.
* @param account The address of some account.
* @return nonce The next nonce to be used in a signature by `account`.
*/
function nonces(address account) external view returns (uint256 nonce);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { Initializable } from "../lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol";
import { IERC712 } from "./interfaces/IERC712.sol";
import { IERC712Extended } from "./interfaces/IERC712Extended.sol";
import { SignatureChecker } from "./libs/SignatureChecker.sol";
abstract contract ERC712ExtendedUpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.ERC712Extended
struct ERC712ExtendedStorageStruct {
uint256 initialChainId;
bytes32 initialDomainSeparator;
string name;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.ERC712Extended")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _ERC712_EXTENDED_STORAGE_LOCATION =
0x103ce0bed7138196cdb0d79ef04042681b16e7a2c58d74b78443c813042ea100;
function _getERC712ExtendedStorageLocation() internal pure returns (ERC712ExtendedStorageStruct storage $) {
assembly {
$.slot := _ERC712_EXTENDED_STORAGE_LOCATION
}
}
}
/**
* @title Typed structured data hashing and signing via EIP-712, extended by EIP-5267.
* @author M0 Labs
* @dev An abstract implementation to satisfy EIP-712: https://eips.ethereum.org/EIPS/eip-712
*/
abstract contract ERC712ExtendedUpgradeable is ERC712ExtendedUpgradeableStorageLayout, IERC712Extended, Initializable {
/* ============ Variables ============ */
/// @dev keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
bytes32 internal constant _EIP712_DOMAIN_HASH = 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
/// @dev keccak256("1")
bytes32 internal constant _EIP712_VERSION_HASH = 0xc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc6;
/* ============ Initializer ============ */
/**
* @notice Initializes the ERC712ExtendedUpgradeable contract.
* @param name_ The name of the contract.
*/
function __ERC712ExtendedUpgradeable_init(string memory name_) internal onlyInitializing {
ERC712ExtendedStorageStruct storage $ = _getERC712ExtendedStorageLocation();
$.name = name_;
$.initialChainId = block.chainid;
$.initialDomainSeparator = _getDomainSeparator();
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC712Extended
function eip712Domain()
external
view
virtual
returns (
bytes1 fields_,
string memory name_,
string memory version_,
uint256 chainId_,
address verifyingContract_,
bytes32 salt_,
uint256[] memory extensions_
)
{
return (
hex"0f", // 01111
_getERC712ExtendedStorageLocation().name,
"1",
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
/// @inheritdoc IERC712
function DOMAIN_SEPARATOR() public view virtual returns (bytes32) {
ERC712ExtendedStorageStruct storage $ = _getERC712ExtendedStorageLocation();
return block.chainid == $.initialChainId ? $.initialDomainSeparator : _getDomainSeparator();
}
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Computes the EIP-712 domain separator.
* @return The EIP-712 domain separator.
*/
function _getDomainSeparator() internal view returns (bytes32) {
return
keccak256(
abi.encode(
_EIP712_DOMAIN_HASH,
keccak256(bytes(_getERC712ExtendedStorageLocation().name)),
_EIP712_VERSION_HASH,
block.chainid,
address(this)
)
);
}
/**
* @dev Returns the digest to be signed, via EIP-712, given an internal digest (i.e. hash struct).
* @param internalDigest_ The internal digest.
* @return The digest to be signed.
*/
function _getDigest(bytes32 internalDigest_) internal view returns (bytes32) {
return keccak256(abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR(), internalDigest_));
}
/**
* @dev Revert if the signature is expired.
* @param expiry_ Timestamp at which the signature expires or max uint256 for no expiry.
*/
function _revertIfExpired(uint256 expiry_) internal view {
if (block.timestamp > expiry_) revert SignatureExpired(expiry_, block.timestamp);
}
/**
* @dev Revert if the signature is invalid.
* @dev We first validate if the signature is a valid ECDSA signature and return early if it is the case.
* Then, we validate if it is a valid ERC-1271 signature, and return early if it is the case.
* If not, we revert with the error from the ECDSA signature validation.
* @param signer_ The signer of the signature.
* @param digest_ The digest that was signed.
* @param signature_ The signature.
*/
function _revertIfInvalidSignature(address signer_, bytes32 digest_, bytes memory signature_) internal view {
SignatureChecker.Error error_ = SignatureChecker.validateECDSASignature(signer_, digest_, signature_);
if (error_ == SignatureChecker.Error.NoError) return;
if (SignatureChecker.isValidERC1271Signature(signer_, digest_, signature_)) return;
_revertIfError(error_);
}
/**
* @dev Returns the signer of a signed digest, via EIP-712, and reverts if the signature is invalid.
* @param digest_ The digest that was signed.
* @param v_ v of the signature.
* @param r_ r of the signature.
* @param s_ s of the signature.
* @return signer_ The signer of the digest.
*/
function _getSignerAndRevertIfInvalidSignature(
bytes32 digest_,
uint8 v_,
bytes32 r_,
bytes32 s_
) internal pure returns (address signer_) {
SignatureChecker.Error error_;
(error_, signer_) = SignatureChecker.recoverECDSASigner(digest_, v_, r_, s_);
_revertIfError(error_);
}
/**
* @dev Revert if the signature is invalid.
* @param signer_ The signer of the signature.
* @param digest_ The digest that was signed.
* @param r_ An ECDSA/secp256k1 signature parameter.
* @param vs_ An ECDSA/secp256k1 short signature parameter.
*/
function _revertIfInvalidSignature(address signer_, bytes32 digest_, bytes32 r_, bytes32 vs_) internal pure {
_revertIfError(SignatureChecker.validateECDSASignature(signer_, digest_, r_, vs_));
}
/**
* @dev Revert if the signature is invalid.
* @param signer_ The signer of the signature.
* @param digest_ The digest that was signed.
* @param v_ v of the signature.
* @param r_ r of the signature.
* @param s_ s of the signature.
*/
function _revertIfInvalidSignature(
address signer_,
bytes32 digest_,
uint8 v_,
bytes32 r_,
bytes32 s_
) internal pure {
_revertIfError(SignatureChecker.validateECDSASignature(signer_, digest_, v_, r_, s_));
}
/**
* @dev Revert if error.
* @param error_ The SignatureChecker Error enum.
*/
function _revertIfError(SignatureChecker.Error error_) private pure {
if (error_ == SignatureChecker.Error.NoError) return;
if (error_ == SignatureChecker.Error.InvalidSignature) revert InvalidSignature();
if (error_ == SignatureChecker.Error.InvalidSignatureLength) revert InvalidSignatureLength();
if (error_ == SignatureChecker.Error.InvalidSignatureS) revert InvalidSignatureS();
if (error_ == SignatureChecker.Error.InvalidSignatureV) revert InvalidSignatureV();
if (error_ == SignatureChecker.Error.SignerMismatch) revert SignerMismatch();
revert InvalidSignature();
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC712 } from "./IERC712.sol";
/**
* @title EIP-712 extended by EIP-5267.
* @author M^0 Labs
* @dev The additional interface as defined by EIP-5267: https://eips.ethereum.org/EIPS/eip-5267
*/
interface IERC712Extended is IERC712 {
/* ============ Events ============ */
/// @notice MAY be emitted to signal that the domain could have changed.
event EIP712DomainChanged();
/* ============ View/Pure Functions ============ */
/// @notice Returns the fields and values that describe the domain separator used by this contract for EIP-712.
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
/**
* @title Typed structured data hashing and signing via EIP-712.
* @author M^0 Labs
* @dev The interface as defined by EIP-712: https://eips.ethereum.org/EIPS/eip-712
*/
interface IERC712 {
/* ============ Custom Errors ============ */
/// @notice Revert message when an invalid signature is detected.
error InvalidSignature();
/// @notice Revert message when a signature with invalid length is detected.
error InvalidSignatureLength();
/// @notice Revert message when the S portion of a signature is invalid.
error InvalidSignatureS();
/// @notice Revert message when the V portion of a signature is invalid.
error InvalidSignatureV();
/**
* @notice Revert message when a signature is being used beyond its deadline (i.e. expiry).
* @param deadline The last timestamp where the signature is still valid.
* @param timestamp The current timestamp.
*/
error SignatureExpired(uint256 deadline, uint256 timestamp);
/// @notice Revert message when a recovered signer does not match the account being purported to have signed.
error SignerMismatch();
/* ============ View/Pure Functions ============ */
/// @notice Returns the EIP712 domain separator used in the encoding of a signed digest.
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC1271 } from "../interfaces/IERC1271.sol";
/**
* @title A library to handle ECDSA/secp256k1 and ERC1271 signatures, individually or in arbitrarily in combination.
* @author M^0 Labs
*/
library SignatureChecker {
/* ============ Enums ============ */
/**
* @notice An enum representing the possible errors that can be emitted during signature validation.
* @param NoError No error occurred during signature validation.
* @param InvalidSignature The signature is invalid.
* @param InvalidSignatureLength The signature length is invalid.
* @param InvalidSignatureS The signature parameter S is invalid.
* @param InvalidSignatureV The signature parameter V is invalid.
* @param SignerMismatch The signer does not match the recovered signer.
*/
enum Error {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV,
SignerMismatch
}
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Returns whether a signature is valid (ECDSA/secp256k1 or ERC1271) for a signer and digest.
* @dev Signatures must not be used as unique identifiers since the `ecrecover` EVM opcode
* allows for malleable (non-unique) signatures.
* See https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array signature.
* @return Whether the signature is valid or not.
*/
function isValidSignature(address signer, bytes32 digest, bytes memory signature) internal view returns (bool) {
return isValidECDSASignature(signer, digest, signature) || isValidERC1271Signature(signer, digest, signature);
}
/**
* @dev Returns whether an ERC1271 signature is valid for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array ERC1271 signature.
* @return Whether the signature is valid or not.
*/
function isValidERC1271Signature(
address signer,
bytes32 digest,
bytes memory signature
) internal view returns (bool) {
(bool success_, bytes memory result_) = signer.staticcall(
abi.encodeCall(IERC1271.isValidSignature, (digest, signature))
);
return
success_ &&
result_.length >= 32 &&
abi.decode(result_, (bytes32)) == bytes32(IERC1271.isValidSignature.selector);
}
/**
* @dev Decodes an ECDSA/secp256k1 signature from a byte array to standard v, r, and s parameters.
* @param signature A byte array ECDSA/secp256k1 signature.
* @return v An ECDSA/secp256k1 signature parameter.
* @return r An ECDSA/secp256k1 signature parameter.
* @return s An ECDSA/secp256k1 signature parameter.
*/
function decodeECDSASignature(bytes memory signature) internal pure returns (uint8 v, bytes32 r, bytes32 s) {
// ecrecover takes the signature parameters, and they can be decoded using assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
}
/**
* @dev Decodes an ECDSA/secp256k1 short signature as defined by EIP2098
* from a byte array to standard v, r, and s parameters.
* @param signature A byte array ECDSA/secp256k1 short signature.
* @return r An ECDSA/secp256k1 signature parameter.
* @return vs An ECDSA/secp256k1 short signature parameter.
*/
function decodeShortECDSASignature(bytes memory signature) internal pure returns (bytes32 r, bytes32 vs) {
// ecrecover takes the signature parameters, and they can be decoded using assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
vs := mload(add(signature, 0x40))
}
}
/**
* @dev Returns whether an ECDSA/secp256k1 signature is valid for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
* @return Whether the signature is valid or not.
*/
function isValidECDSASignature(
address signer,
bytes32 digest,
bytes memory signature
) internal pure returns (bool) {
if (signature.length == 64) {
(bytes32 r, bytes32 vs) = decodeShortECDSASignature(signature);
return isValidECDSASignature(signer, digest, r, vs);
}
return validateECDSASignature(signer, digest, signature) == Error.NoError;
}
/**
* @dev Returns whether an ECDSA/secp256k1 short signature is valid for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
* @return Whether the signature is valid or not.
*/
function isValidECDSASignature(address signer, bytes32 digest, bytes32 r, bytes32 vs) internal pure returns (bool) {
return validateECDSASignature(signer, digest, r, vs) == Error.NoError;
}
/**
* @dev Returns the signer of an ECDSA/secp256k1 signature for some digest.
* @param digest The hash of the data that was signed.
* @param signature A byte array ECDSA/secp256k1 signature.
* @return An error, if any, that occurred during the signer recovery.
* @return The address of the account recovered form the signature (0 if error).
*/
function recoverECDSASigner(bytes32 digest, bytes memory signature) internal pure returns (Error, address) {
if (signature.length != 65) return (Error.InvalidSignatureLength, address(0));
(uint8 v, bytes32 r, bytes32 s) = decodeECDSASignature(signature);
return recoverECDSASigner(digest, v, r, s);
}
/**
* @dev Returns the signer of an ECDSA/secp256k1 short signature for some digest.
* @dev See https://eips.ethereum.org/EIPS/eip-2098
* @param digest The hash of the data that was signed.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
* @return An error, if any, that occurred during the signer recovery.
* @return The address of the account recovered form the signature (0 if error).
*/
function recoverECDSASigner(bytes32 digest, bytes32 r, bytes32 vs) internal pure returns (Error, address) {
unchecked {
// We do not check for an overflow here since the shift operation results in 0 or 1.
uint8 v = uint8((uint256(vs) >> 255) + 27);
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
return recoverECDSASigner(digest, v, r, s);
}
}
/**
* @dev Returns the signer of an ECDSA/secp256k1 signature for some digest.
* @param digest The hash of the data that was signed.
* @param v An ECDSA/secp256k1 signature parameter.
* @param r An ECDSA/secp256k1 signature parameter.
* @param s An ECDSA/secp256k1 signature parameter.
* @return An error, if any, that occurred during the signer recovery.
* @return signer The address of the account recovered form the signature (0 if error).
*/
function recoverECDSASigner(
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (Error, address signer) {
// Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}.
if (uint256(s) > uint256(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0))
return (Error.InvalidSignatureS, address(0));
if (v != 27 && v != 28) return (Error.InvalidSignatureV, address(0));
signer = ecrecover(digest, v, r, s);
return (signer == address(0)) ? (Error.InvalidSignature, address(0)) : (Error.NoError, signer);
}
/**
* @dev Returns an error, if any, in validating an ECDSA/secp256k1 signature for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array ERC1271 signature.
* @return An error, if any, that occurred during the signer recovery.
*/
function validateECDSASignature(
address signer,
bytes32 digest,
bytes memory signature
) internal pure returns (Error) {
(Error recoverError, address recoveredSigner) = recoverECDSASigner(digest, signature);
return (recoverError == Error.NoError) ? validateRecoveredSigner(signer, recoveredSigner) : recoverError;
}
/**
* @dev Returns an error, if any, in validating an ECDSA/secp256k1 short signature for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
* @return An error, if any, that occurred during the signer recovery.
*/
function validateECDSASignature(
address signer,
bytes32 digest,
bytes32 r,
bytes32 vs
) internal pure returns (Error) {
(Error recoverError, address recoveredSigner) = recoverECDSASigner(digest, r, vs);
return (recoverError == Error.NoError) ? validateRecoveredSigner(signer, recoveredSigner) : recoverError;
}
/**
* @dev Returns an error, if any, in validating an ECDSA/secp256k1 signature for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param v An ECDSA/secp256k1 signature parameter.
* @param r An ECDSA/secp256k1 signature parameter.
* @param s An ECDSA/secp256k1 signature parameter.
* @return An error, if any, that occurred during the signer recovery.
*/
function validateECDSASignature(
address signer,
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (Error) {
(Error recoverError, address recoveredSigner) = recoverECDSASigner(digest, v, r, s);
return (recoverError == Error.NoError) ? validateRecoveredSigner(signer, recoveredSigner) : recoverError;
}
/**
* @dev Returns an error if `signer` is not `recoveredSigner`.
* @param signer The address of the some signer.
* @param recoveredSigner The address of the some recoveredSigner.
* @return An error if `signer` is not `recoveredSigner`.
*/
function validateRecoveredSigner(address signer, address recoveredSigner) internal pure returns (Error) {
return (signer == recoveredSigner) ? Error.NoError : Error.SignerMismatch;
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
/**
* @title Standard Signature Validation Method for Contracts via EIP-1271.
* @author M^0 Labs
* @dev The interface as defined by EIP-1271: https://eips.ethereum.org/EIPS/eip-1271
*/
interface IERC1271 {
/**
* @dev Returns a specific magic value if the provided signature is valid for the provided digest.
* @param digest Hash of the data purported to have been signed.
* @param signature Signature byte array associated with the digest.
* @return magicValue Magic value 0x1626ba7e if the signature is valid.
*/
function isValidSignature(bytes32 digest, bytes memory signature) external view returns (bytes4 magicValue);
}