Created
December 5, 2019 17:03
-
-
Save sohkai/3403832e5cd7647f90f0bc5c84e6253a to your computer and use it in GitHub Desktop.
Aragon 0.8 - Agent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// See https://etherscan.io/address/0x88aFC2Fbb10504865598Ac67Ef5A17A1C5EeBA4b#code | |
/** | |
*Submitted for verification at Etherscan.io on 2019-09-10 | |
*/ | |
// File: contracts/standards/ERC1271.sol | |
pragma solidity 0.4.24; | |
// ERC1271 on Feb 12th, 2019: https://github.com/ethereum/EIPs/blob/a97dc434930d0ccc4461c97d8c7a920dc585adf2/EIPS/eip-1271.md | |
// Using `isValidSignature(bytes32,bytes)` even though the standard still hasn't been modified | |
// Rationale: https://github.com/ethereum/EIPs/issues/1271#issuecomment-462719728 | |
contract ERC1271 { | |
bytes4 constant public ERC1271_INTERFACE_ID = 0xfb855dc9; // this.isValidSignature.selector | |
bytes4 constant public ERC1271_RETURN_VALID_SIGNATURE = 0x20c13b0b; // TODO: Likely needs to be updated | |
bytes4 constant public ERC1271_RETURN_INVALID_SIGNATURE = 0x00000000; | |
/** | |
* @dev Function must be implemented by deriving contract | |
* @param _hash Arbitrary length data signed on the behalf of address(this) | |
* @param _signature Signature byte array associated with _data | |
* @return A bytes4 magic value 0x20c13b0b if the signature check passes, 0x00000000 if not | |
* | |
* MUST NOT modify state (using STATICCALL for solc < 0.5, view modifier for solc > 0.5) | |
* MUST allow external calls | |
*/ | |
function isValidSignature(bytes32 _hash, bytes memory _signature) public view returns (bytes4); | |
function returnIsValidSignatureMagicNumber(bool isValid) internal pure returns (bytes4) { | |
return isValid ? ERC1271_RETURN_VALID_SIGNATURE : ERC1271_RETURN_INVALID_SIGNATURE; | |
} | |
} | |
contract ERC1271Bytes is ERC1271 { | |
/** | |
* @dev Default behavior of `isValidSignature(bytes,bytes)`, can be overloaded for custom validation | |
* @param _data Arbitrary length data signed on the behalf of address(this) | |
* @param _signature Signature byte array associated with _data | |
* @return A bytes4 magic value 0x20c13b0b if the signature check passes, 0x00000000 if not | |
* | |
* MUST NOT modify state (using STATICCALL for solc < 0.5, view modifier for solc > 0.5) | |
* MUST allow external calls | |
*/ | |
function isValidSignature(bytes _data, bytes _signature) public view returns (bytes4) { | |
return isValidSignature(keccak256(_data), _signature); | |
} | |
} | |
// File: contracts/SignatureValidator.sol | |
pragma solidity 0.4.24; | |
// Inspired by https://github.com/horizon-games/multi-token-standard/blob/319740cf2a78b8816269ae49a09c537b3fd7303b/contracts/utils/SignatureValidator.sol | |
// This should probably be moved into aOS: https://github.com/aragon/aragonOS/pull/442 | |
library SignatureValidator { | |
enum SignatureMode { | |
Invalid, // 0x00 | |
EIP712, // 0x01 | |
EthSign, // 0x02 | |
ERC1271, // 0x03 | |
NMode // 0x04, to check if mode is specified, leave at the end | |
} | |
// bytes4(keccak256("isValidSignature(bytes,bytes)") | |
bytes4 public constant ERC1271_RETURN_VALID_SIGNATURE = 0x20c13b0b; | |
uint256 internal constant ERC1271_ISVALIDSIG_MAX_GAS = 250000; | |
string private constant ERROR_INVALID_LENGTH_POP_BYTE = "SIGVAL_INVALID_LENGTH_POP_BYTE"; | |
/// @dev Validates that a hash was signed by a specified signer. | |
/// @param hash Hash which was signed. | |
/// @param signer Address of the signer. | |
/// @param signature ECDSA signature along with the mode (0 = Invalid, 1 = EIP712, 2 = EthSign, 3 = ERC1271) {mode}{r}{s}{v}. | |
/// @return Returns whether signature is from a specified user. | |
function isValidSignature(bytes32 hash, address signer, bytes signature) internal view returns (bool) { | |
if (signature.length == 0) { | |
return false; | |
} | |
uint8 modeByte = uint8(signature[0]); | |
if (modeByte >= uint8(SignatureMode.NMode)) { | |
return false; | |
} | |
SignatureMode mode = SignatureMode(modeByte); | |
if (mode == SignatureMode.EIP712) { | |
return ecVerify(hash, signer, signature); | |
} else if (mode == SignatureMode.EthSign) { | |
return ecVerify( | |
keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash)), | |
signer, | |
signature | |
); | |
} else if (mode == SignatureMode.ERC1271) { | |
// Pop the mode byte before sending it down the validation chain | |
return safeIsValidSignature(signer, hash, popFirstByte(signature)); | |
} else { | |
return false; | |
} | |
} | |
function ecVerify(bytes32 hash, address signer, bytes memory signature) private pure returns (bool) { | |
(bool badSig, bytes32 r, bytes32 s, uint8 v) = unpackEcSig(signature); | |
if (badSig) { | |
return false; | |
} | |
return signer == ecrecover(hash, v, r, s); | |
} | |
function unpackEcSig(bytes memory signature) private pure returns (bool badSig, bytes32 r, bytes32 s, uint8 v) { | |
if (signature.length != 66) { | |
badSig = true; | |
return; | |
} | |
v = uint8(signature[65]); | |
assembly { | |
r := mload(add(signature, 33)) | |
s := mload(add(signature, 65)) | |
} | |
// Allow signature version to be 0 or 1 | |
if (v < 27) { | |
v += 27; | |
} | |
if (v != 27 && v != 28) { | |
badSig = true; | |
} | |
} | |
function popFirstByte(bytes memory input) private pure returns (bytes memory output) { | |
uint256 inputLength = input.length; | |
require(inputLength > 0, ERROR_INVALID_LENGTH_POP_BYTE); | |
output = new bytes(inputLength - 1); | |
if (output.length == 0) { | |
return output; | |
} | |
uint256 inputPointer; | |
uint256 outputPointer; | |
assembly { | |
inputPointer := add(input, 0x21) | |
outputPointer := add(output, 0x20) | |
} | |
memcpy(outputPointer, inputPointer, output.length); | |
} | |
function safeIsValidSignature(address validator, bytes32 hash, bytes memory signature) private view returns (bool) { | |
bytes memory data = abi.encodeWithSelector(ERC1271(validator).isValidSignature.selector, hash, signature); | |
bytes4 erc1271Return = safeBytes4StaticCall(validator, data, ERC1271_ISVALIDSIG_MAX_GAS); | |
return erc1271Return == ERC1271_RETURN_VALID_SIGNATURE; | |
} | |
function safeBytes4StaticCall(address target, bytes data, uint256 maxGas) private view returns (bytes4 ret) { | |
uint256 gasLeft = gasleft(); | |
uint256 callGas = gasLeft > maxGas ? maxGas : gasLeft; | |
bool ok; | |
assembly { | |
ok := staticcall(callGas, target, add(data, 0x20), mload(data), 0, 0) | |
} | |
if (!ok) { | |
return; | |
} | |
uint256 size; | |
assembly { size := returndatasize } | |
if (size != 32) { | |
return; | |
} | |
assembly { | |
let ptr := mload(0x40) // get next free memory ptr | |
returndatacopy(ptr, 0, size) // copy return from above `staticcall` | |
ret := mload(ptr) // read data at ptr and set it to be returned | |
} | |
return ret; | |
} | |
// From: https://github.com/Arachnid/solidity-stringutils/blob/01e955c1d6/src/strings.sol | |
function memcpy(uint256 dest, uint256 src, uint256 len) private pure { | |
// Copy word-length chunks while possible | |
for (; len >= 32; len -= 32) { | |
assembly { | |
mstore(dest, mload(src)) | |
} | |
dest += 32; | |
src += 32; | |
} | |
// Copy remaining bytes | |
uint mask = 256 ** (32 - len) - 1; | |
assembly { | |
let srcpart := and(mload(src), not(mask)) | |
let destpart := and(mload(dest), mask) | |
mstore(dest, or(destpart, srcpart)) | |
} | |
} | |
} | |
// File: contracts/standards/IERC165.sol | |
pragma solidity 0.4.24; | |
interface IERC165 { | |
function supportsInterface(bytes4 interfaceId) external pure returns (bool); | |
} | |
// File: @aragon/os/contracts/common/UnstructuredStorage.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
library UnstructuredStorage { | |
function getStorageBool(bytes32 position) internal view returns (bool data) { | |
assembly { data := sload(position) } | |
} | |
function getStorageAddress(bytes32 position) internal view returns (address data) { | |
assembly { data := sload(position) } | |
} | |
function getStorageBytes32(bytes32 position) internal view returns (bytes32 data) { | |
assembly { data := sload(position) } | |
} | |
function getStorageUint256(bytes32 position) internal view returns (uint256 data) { | |
assembly { data := sload(position) } | |
} | |
function setStorageBool(bytes32 position, bool data) internal { | |
assembly { sstore(position, data) } | |
} | |
function setStorageAddress(bytes32 position, address data) internal { | |
assembly { sstore(position, data) } | |
} | |
function setStorageBytes32(bytes32 position, bytes32 data) internal { | |
assembly { sstore(position, data) } | |
} | |
function setStorageUint256(bytes32 position, uint256 data) internal { | |
assembly { sstore(position, data) } | |
} | |
} | |
// File: @aragon/os/contracts/acl/IACL.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
interface IACL { | |
function initialize(address permissionsCreator) external; | |
// TODO: this should be external | |
// See https://github.com/ethereum/solidity/issues/4832 | |
function hasPermission(address who, address where, bytes32 what, bytes how) public view returns (bool); | |
} | |
// File: @aragon/os/contracts/common/IVaultRecoverable.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
interface IVaultRecoverable { | |
event RecoverToVault(address indexed vault, address indexed token, uint256 amount); | |
function transferToVault(address token) external; | |
function allowRecoverability(address token) external view returns (bool); | |
function getRecoveryVault() external view returns (address); | |
} | |
// File: @aragon/os/contracts/kernel/IKernel.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
interface IKernelEvents { | |
event SetApp(bytes32 indexed namespace, bytes32 indexed appId, address app); | |
} | |
// This should be an interface, but interfaces can't inherit yet :( | |
contract IKernel is IKernelEvents, IVaultRecoverable { | |
function acl() public view returns (IACL); | |
function hasPermission(address who, address where, bytes32 what, bytes how) public view returns (bool); | |
function setApp(bytes32 namespace, bytes32 appId, address app) public; | |
function getApp(bytes32 namespace, bytes32 appId) public view returns (address); | |
} | |
// File: @aragon/os/contracts/apps/AppStorage.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract AppStorage { | |
using UnstructuredStorage for bytes32; | |
/* Hardcoded constants to save gas | |
bytes32 internal constant KERNEL_POSITION = keccak256("aragonOS.appStorage.kernel"); | |
bytes32 internal constant APP_ID_POSITION = keccak256("aragonOS.appStorage.appId"); | |
*/ | |
bytes32 internal constant KERNEL_POSITION = 0x4172f0f7d2289153072b0a6ca36959e0cbe2efc3afe50fc81636caa96338137b; | |
bytes32 internal constant APP_ID_POSITION = 0xd625496217aa6a3453eecb9c3489dc5a53e6c67b444329ea2b2cbc9ff547639b; | |
function kernel() public view returns (IKernel) { | |
return IKernel(KERNEL_POSITION.getStorageAddress()); | |
} | |
function appId() public view returns (bytes32) { | |
return APP_ID_POSITION.getStorageBytes32(); | |
} | |
function setKernel(IKernel _kernel) internal { | |
KERNEL_POSITION.setStorageAddress(address(_kernel)); | |
} | |
function setAppId(bytes32 _appId) internal { | |
APP_ID_POSITION.setStorageBytes32(_appId); | |
} | |
} | |
// File: @aragon/os/contracts/acl/ACLSyntaxSugar.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract ACLSyntaxSugar { | |
function arr() internal pure returns (uint256[]) { | |
return new uint256[](0); | |
} | |
function arr(bytes32 _a) internal pure returns (uint256[] r) { | |
return arr(uint256(_a)); | |
} | |
function arr(bytes32 _a, bytes32 _b) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), uint256(_b)); | |
} | |
function arr(address _a) internal pure returns (uint256[] r) { | |
return arr(uint256(_a)); | |
} | |
function arr(address _a, address _b) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), uint256(_b)); | |
} | |
function arr(address _a, uint256 _b, uint256 _c) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), _b, _c); | |
} | |
function arr(address _a, uint256 _b, uint256 _c, uint256 _d) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), _b, _c, _d); | |
} | |
function arr(address _a, uint256 _b) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), uint256(_b)); | |
} | |
function arr(address _a, address _b, uint256 _c, uint256 _d, uint256 _e) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), uint256(_b), _c, _d, _e); | |
} | |
function arr(address _a, address _b, address _c) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), uint256(_b), uint256(_c)); | |
} | |
function arr(address _a, address _b, uint256 _c) internal pure returns (uint256[] r) { | |
return arr(uint256(_a), uint256(_b), uint256(_c)); | |
} | |
function arr(uint256 _a) internal pure returns (uint256[] r) { | |
r = new uint256[](1); | |
r[0] = _a; | |
} | |
function arr(uint256 _a, uint256 _b) internal pure returns (uint256[] r) { | |
r = new uint256[](2); | |
r[0] = _a; | |
r[1] = _b; | |
} | |
function arr(uint256 _a, uint256 _b, uint256 _c) internal pure returns (uint256[] r) { | |
r = new uint256[](3); | |
r[0] = _a; | |
r[1] = _b; | |
r[2] = _c; | |
} | |
function arr(uint256 _a, uint256 _b, uint256 _c, uint256 _d) internal pure returns (uint256[] r) { | |
r = new uint256[](4); | |
r[0] = _a; | |
r[1] = _b; | |
r[2] = _c; | |
r[3] = _d; | |
} | |
function arr(uint256 _a, uint256 _b, uint256 _c, uint256 _d, uint256 _e) internal pure returns (uint256[] r) { | |
r = new uint256[](5); | |
r[0] = _a; | |
r[1] = _b; | |
r[2] = _c; | |
r[3] = _d; | |
r[4] = _e; | |
} | |
} | |
contract ACLHelpers { | |
function decodeParamOp(uint256 _x) internal pure returns (uint8 b) { | |
return uint8(_x >> (8 * 30)); | |
} | |
function decodeParamId(uint256 _x) internal pure returns (uint8 b) { | |
return uint8(_x >> (8 * 31)); | |
} | |
function decodeParamsList(uint256 _x) internal pure returns (uint32 a, uint32 b, uint32 c) { | |
a = uint32(_x); | |
b = uint32(_x >> (8 * 4)); | |
c = uint32(_x >> (8 * 8)); | |
} | |
} | |
// File: @aragon/os/contracts/common/Uint256Helpers.sol | |
pragma solidity ^0.4.24; | |
library Uint256Helpers { | |
uint256 private constant MAX_UINT64 = uint64(-1); | |
string private constant ERROR_NUMBER_TOO_BIG = "UINT64_NUMBER_TOO_BIG"; | |
function toUint64(uint256 a) internal pure returns (uint64) { | |
require(a <= MAX_UINT64, ERROR_NUMBER_TOO_BIG); | |
return uint64(a); | |
} | |
} | |
// File: @aragon/os/contracts/common/TimeHelpers.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract TimeHelpers { | |
using Uint256Helpers for uint256; | |
/** | |
* @dev Returns the current block number. | |
* Using a function rather than `block.number` allows us to easily mock the block number in | |
* tests. | |
*/ | |
function getBlockNumber() internal view returns (uint256) { | |
return block.number; | |
} | |
/** | |
* @dev Returns the current block number, converted to uint64. | |
* Using a function rather than `block.number` allows us to easily mock the block number in | |
* tests. | |
*/ | |
function getBlockNumber64() internal view returns (uint64) { | |
return getBlockNumber().toUint64(); | |
} | |
/** | |
* @dev Returns the current timestamp. | |
* Using a function rather than `block.timestamp` allows us to easily mock it in | |
* tests. | |
*/ | |
function getTimestamp() internal view returns (uint256) { | |
return block.timestamp; // solium-disable-line security/no-block-members | |
} | |
/** | |
* @dev Returns the current timestamp, converted to uint64. | |
* Using a function rather than `block.timestamp` allows us to easily mock it in | |
* tests. | |
*/ | |
function getTimestamp64() internal view returns (uint64) { | |
return getTimestamp().toUint64(); | |
} | |
} | |
// File: @aragon/os/contracts/common/Initializable.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract Initializable is TimeHelpers { | |
using UnstructuredStorage for bytes32; | |
// keccak256("aragonOS.initializable.initializationBlock") | |
bytes32 internal constant INITIALIZATION_BLOCK_POSITION = 0xebb05b386a8d34882b8711d156f463690983dc47815980fb82aeeff1aa43579e; | |
string private constant ERROR_ALREADY_INITIALIZED = "INIT_ALREADY_INITIALIZED"; | |
string private constant ERROR_NOT_INITIALIZED = "INIT_NOT_INITIALIZED"; | |
modifier onlyInit { | |
require(getInitializationBlock() == 0, ERROR_ALREADY_INITIALIZED); | |
_; | |
} | |
modifier isInitialized { | |
require(hasInitialized(), ERROR_NOT_INITIALIZED); | |
_; | |
} | |
/** | |
* @return Block number in which the contract was initialized | |
*/ | |
function getInitializationBlock() public view returns (uint256) { | |
return INITIALIZATION_BLOCK_POSITION.getStorageUint256(); | |
} | |
/** | |
* @return Whether the contract has been initialized by the time of the current block | |
*/ | |
function hasInitialized() public view returns (bool) { | |
uint256 initializationBlock = getInitializationBlock(); | |
return initializationBlock != 0 && getBlockNumber() >= initializationBlock; | |
} | |
/** | |
* @dev Function to be called by top level contract after initialization has finished. | |
*/ | |
function initialized() internal onlyInit { | |
INITIALIZATION_BLOCK_POSITION.setStorageUint256(getBlockNumber()); | |
} | |
/** | |
* @dev Function to be called by top level contract after initialization to enable the contract | |
* at a future block number rather than immediately. | |
*/ | |
function initializedAt(uint256 _blockNumber) internal onlyInit { | |
INITIALIZATION_BLOCK_POSITION.setStorageUint256(_blockNumber); | |
} | |
} | |
// File: @aragon/os/contracts/common/Petrifiable.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract Petrifiable is Initializable { | |
// Use block UINT256_MAX (which should be never) as the initializable date | |
uint256 internal constant PETRIFIED_BLOCK = uint256(-1); | |
function isPetrified() public view returns (bool) { | |
return getInitializationBlock() == PETRIFIED_BLOCK; | |
} | |
/** | |
* @dev Function to be called by top level contract to prevent being initialized. | |
* Useful for freezing base contracts when they're used behind proxies. | |
*/ | |
function petrify() internal onlyInit { | |
initializedAt(PETRIFIED_BLOCK); | |
} | |
} | |
// File: @aragon/os/contracts/common/Autopetrified.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract Autopetrified is Petrifiable { | |
constructor() public { | |
// Immediately petrify base (non-proxy) instances of inherited contracts on deploy. | |
// This renders them uninitializable (and unusable without a proxy). | |
petrify(); | |
} | |
} | |
// File: @aragon/os/contracts/common/ConversionHelpers.sol | |
pragma solidity ^0.4.24; | |
library ConversionHelpers { | |
string private constant ERROR_IMPROPER_LENGTH = "CONVERSION_IMPROPER_LENGTH"; | |
function dangerouslyCastUintArrayToBytes(uint256[] memory _input) internal pure returns (bytes memory output) { | |
// Force cast the uint256[] into a bytes array, by overwriting its length | |
// Note that the bytes array doesn't need to be initialized as we immediately overwrite it | |
// with the input and a new length. The input becomes invalid from this point forward. | |
uint256 byteLength = _input.length * 32; | |
assembly { | |
output := _input | |
mstore(output, byteLength) | |
} | |
} | |
function dangerouslyCastBytesToUintArray(bytes memory _input) internal pure returns (uint256[] memory output) { | |
// Force cast the bytes array into a uint256[], by overwriting its length | |
// Note that the uint256[] doesn't need to be initialized as we immediately overwrite it | |
// with the input and a new length. The input becomes invalid from this point forward. | |
uint256 intsLength = _input.length / 32; | |
require(_input.length == intsLength * 32, ERROR_IMPROPER_LENGTH); | |
assembly { | |
output := _input | |
mstore(output, intsLength) | |
} | |
} | |
} | |
// File: @aragon/os/contracts/common/ReentrancyGuard.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract ReentrancyGuard { | |
using UnstructuredStorage for bytes32; | |
/* Hardcoded constants to save gas | |
bytes32 internal constant REENTRANCY_MUTEX_POSITION = keccak256("aragonOS.reentrancyGuard.mutex"); | |
*/ | |
bytes32 private constant REENTRANCY_MUTEX_POSITION = 0xe855346402235fdd185c890e68d2c4ecad599b88587635ee285bce2fda58dacb; | |
string private constant ERROR_REENTRANT = "REENTRANCY_REENTRANT_CALL"; | |
modifier nonReentrant() { | |
// Ensure mutex is unlocked | |
require(!REENTRANCY_MUTEX_POSITION.getStorageBool(), ERROR_REENTRANT); | |
// Lock mutex before function call | |
REENTRANCY_MUTEX_POSITION.setStorageBool(true); | |
// Perform function call | |
_; | |
// Unlock mutex after function call | |
REENTRANCY_MUTEX_POSITION.setStorageBool(false); | |
} | |
} | |
// File: @aragon/os/contracts/lib/token/ERC20.sol | |
// See https://github.com/OpenZeppelin/openzeppelin-solidity/blob/a9f910d34f0ab33a1ae5e714f69f9596a02b4d91/contracts/token/ERC20/ERC20.sol | |
pragma solidity ^0.4.24; | |
/** | |
* @title ERC20 interface | |
* @dev see https://github.com/ethereum/EIPs/issues/20 | |
*/ | |
contract ERC20 { | |
function totalSupply() public view returns (uint256); | |
function balanceOf(address _who) public view returns (uint256); | |
function allowance(address _owner, address _spender) | |
public view returns (uint256); | |
function transfer(address _to, uint256 _value) public returns (bool); | |
function approve(address _spender, uint256 _value) | |
public returns (bool); | |
function transferFrom(address _from, address _to, uint256 _value) | |
public returns (bool); | |
event Transfer( | |
address indexed from, | |
address indexed to, | |
uint256 value | |
); | |
event Approval( | |
address indexed owner, | |
address indexed spender, | |
uint256 value | |
); | |
} | |
// File: @aragon/os/contracts/common/EtherTokenConstant.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
// aragonOS and aragon-apps rely on address(0) to denote native ETH, in | |
// contracts where both tokens and ETH are accepted | |
contract EtherTokenConstant { | |
address internal constant ETH = address(0); | |
} | |
// File: @aragon/os/contracts/common/IsContract.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract IsContract { | |
/* | |
* NOTE: this should NEVER be used for authentication | |
* (see pitfalls: https://github.com/fergarrui/ethereum-security/tree/master/contracts/extcodesize). | |
* | |
* This is only intended to be used as a sanity check that an address is actually a contract, | |
* RATHER THAN an address not being a contract. | |
*/ | |
function isContract(address _target) internal view returns (bool) { | |
if (_target == address(0)) { | |
return false; | |
} | |
uint256 size; | |
assembly { size := extcodesize(_target) } | |
return size > 0; | |
} | |
} | |
// File: @aragon/os/contracts/common/SafeERC20.sol | |
// Inspired by AdEx (https://github.com/AdExNetwork/adex-protocol-eth/blob/b9df617829661a7518ee10f4cb6c4108659dd6d5/contracts/libs/SafeERC20.sol) | |
// and 0x (https://github.com/0xProject/0x-monorepo/blob/737d1dc54d72872e24abce5a1dbe1b66d35fa21a/contracts/protocol/contracts/protocol/AssetProxy/ERC20Proxy.sol#L143) | |
pragma solidity ^0.4.24; | |
library SafeERC20 { | |
// Before 0.5, solidity has a mismatch between `address.transfer()` and `token.transfer()`: | |
// https://github.com/ethereum/solidity/issues/3544 | |
bytes4 private constant TRANSFER_SELECTOR = 0xa9059cbb; | |
string private constant ERROR_TOKEN_BALANCE_REVERTED = "SAFE_ERC_20_BALANCE_REVERTED"; | |
string private constant ERROR_TOKEN_ALLOWANCE_REVERTED = "SAFE_ERC_20_ALLOWANCE_REVERTED"; | |
function invokeAndCheckSuccess(address _addr, bytes memory _calldata) | |
private | |
returns (bool) | |
{ | |
bool ret; | |
assembly { | |
let ptr := mload(0x40) // free memory pointer | |
let success := call( | |
gas, // forward all gas | |
_addr, // address | |
0, // no value | |
add(_calldata, 0x20), // calldata start | |
mload(_calldata), // calldata length | |
ptr, // write output over free memory | |
0x20 // uint256 return | |
) | |
if gt(success, 0) { | |
// Check number of bytes returned from last function call | |
switch returndatasize | |
// No bytes returned: assume success | |
case 0 { | |
ret := 1 | |
} | |
// 32 bytes returned: check if non-zero | |
case 0x20 { | |
// Only return success if returned data was true | |
// Already have output in ptr | |
ret := eq(mload(ptr), 1) | |
} | |
// Not sure what was returned: don't mark as success | |
default { } | |
} | |
} | |
return ret; | |
} | |
function staticInvoke(address _addr, bytes memory _calldata) | |
private | |
view | |
returns (bool, uint256) | |
{ | |
bool success; | |
uint256 ret; | |
assembly { | |
let ptr := mload(0x40) // free memory pointer | |
success := staticcall( | |
gas, // forward all gas | |
_addr, // address | |
add(_calldata, 0x20), // calldata start | |
mload(_calldata), // calldata length | |
ptr, // write output over free memory | |
0x20 // uint256 return | |
) | |
if gt(success, 0) { | |
ret := mload(ptr) | |
} | |
} | |
return (success, ret); | |
} | |
/** | |
* @dev Same as a standards-compliant ERC20.transfer() that never reverts (returns false). | |
* Note that this makes an external call to the token. | |
*/ | |
function safeTransfer(ERC20 _token, address _to, uint256 _amount) internal returns (bool) { | |
bytes memory transferCallData = abi.encodeWithSelector( | |
TRANSFER_SELECTOR, | |
_to, | |
_amount | |
); | |
return invokeAndCheckSuccess(_token, transferCallData); | |
} | |
/** | |
* @dev Same as a standards-compliant ERC20.transferFrom() that never reverts (returns false). | |
* Note that this makes an external call to the token. | |
*/ | |
function safeTransferFrom(ERC20 _token, address _from, address _to, uint256 _amount) internal returns (bool) { | |
bytes memory transferFromCallData = abi.encodeWithSelector( | |
_token.transferFrom.selector, | |
_from, | |
_to, | |
_amount | |
); | |
return invokeAndCheckSuccess(_token, transferFromCallData); | |
} | |
/** | |
* @dev Same as a standards-compliant ERC20.approve() that never reverts (returns false). | |
* Note that this makes an external call to the token. | |
*/ | |
function safeApprove(ERC20 _token, address _spender, uint256 _amount) internal returns (bool) { | |
bytes memory approveCallData = abi.encodeWithSelector( | |
_token.approve.selector, | |
_spender, | |
_amount | |
); | |
return invokeAndCheckSuccess(_token, approveCallData); | |
} | |
/** | |
* @dev Static call into ERC20.balanceOf(). | |
* Reverts if the call fails for some reason (should never fail). | |
*/ | |
function staticBalanceOf(ERC20 _token, address _owner) internal view returns (uint256) { | |
bytes memory balanceOfCallData = abi.encodeWithSelector( | |
_token.balanceOf.selector, | |
_owner | |
); | |
(bool success, uint256 tokenBalance) = staticInvoke(_token, balanceOfCallData); | |
require(success, ERROR_TOKEN_BALANCE_REVERTED); | |
return tokenBalance; | |
} | |
/** | |
* @dev Static call into ERC20.allowance(). | |
* Reverts if the call fails for some reason (should never fail). | |
*/ | |
function staticAllowance(ERC20 _token, address _owner, address _spender) internal view returns (uint256) { | |
bytes memory allowanceCallData = abi.encodeWithSelector( | |
_token.allowance.selector, | |
_owner, | |
_spender | |
); | |
(bool success, uint256 allowance) = staticInvoke(_token, allowanceCallData); | |
require(success, ERROR_TOKEN_ALLOWANCE_REVERTED); | |
return allowance; | |
} | |
/** | |
* @dev Static call into ERC20.totalSupply(). | |
* Reverts if the call fails for some reason (should never fail). | |
*/ | |
function staticTotalSupply(ERC20 _token) internal view returns (uint256) { | |
bytes memory totalSupplyCallData = abi.encodeWithSelector(_token.totalSupply.selector); | |
(bool success, uint256 totalSupply) = staticInvoke(_token, totalSupplyCallData); | |
require(success, ERROR_TOKEN_ALLOWANCE_REVERTED); | |
return totalSupply; | |
} | |
} | |
// File: @aragon/os/contracts/common/VaultRecoverable.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract VaultRecoverable is IVaultRecoverable, EtherTokenConstant, IsContract { | |
using SafeERC20 for ERC20; | |
string private constant ERROR_DISALLOWED = "RECOVER_DISALLOWED"; | |
string private constant ERROR_VAULT_NOT_CONTRACT = "RECOVER_VAULT_NOT_CONTRACT"; | |
string private constant ERROR_TOKEN_TRANSFER_FAILED = "RECOVER_TOKEN_TRANSFER_FAILED"; | |
/** | |
* @notice Send funds to recovery Vault. This contract should never receive funds, | |
* but in case it does, this function allows one to recover them. | |
* @param _token Token balance to be sent to recovery vault. | |
*/ | |
function transferToVault(address _token) external { | |
require(allowRecoverability(_token), ERROR_DISALLOWED); | |
address vault = getRecoveryVault(); | |
require(isContract(vault), ERROR_VAULT_NOT_CONTRACT); | |
uint256 balance; | |
if (_token == ETH) { | |
balance = address(this).balance; | |
vault.transfer(balance); | |
} else { | |
ERC20 token = ERC20(_token); | |
balance = token.staticBalanceOf(this); | |
require(token.safeTransfer(vault, balance), ERROR_TOKEN_TRANSFER_FAILED); | |
} | |
emit RecoverToVault(vault, _token, balance); | |
} | |
/** | |
* @dev By default deriving from AragonApp makes it recoverable | |
* @param token Token address that would be recovered | |
* @return bool whether the app allows the recovery | |
*/ | |
function allowRecoverability(address token) public view returns (bool) { | |
return true; | |
} | |
// Cast non-implemented interface to be public so we can use it internally | |
function getRecoveryVault() public view returns (address); | |
} | |
// File: @aragon/os/contracts/evmscript/IEVMScriptExecutor.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
interface IEVMScriptExecutor { | |
function execScript(bytes script, bytes input, address[] blacklist) external returns (bytes); | |
function executorType() external pure returns (bytes32); | |
} | |
// File: @aragon/os/contracts/evmscript/IEVMScriptRegistry.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract EVMScriptRegistryConstants { | |
/* Hardcoded constants to save gas | |
bytes32 internal constant EVMSCRIPT_REGISTRY_APP_ID = apmNamehash("evmreg"); | |
*/ | |
bytes32 internal constant EVMSCRIPT_REGISTRY_APP_ID = 0xddbcfd564f642ab5627cf68b9b7d374fb4f8a36e941a75d89c87998cef03bd61; | |
} | |
interface IEVMScriptRegistry { | |
function addScriptExecutor(IEVMScriptExecutor executor) external returns (uint id); | |
function disableScriptExecutor(uint256 executorId) external; | |
// TODO: this should be external | |
// See https://github.com/ethereum/solidity/issues/4832 | |
function getScriptExecutor(bytes script) public view returns (IEVMScriptExecutor); | |
} | |
// File: @aragon/os/contracts/kernel/KernelConstants.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract KernelAppIds { | |
/* Hardcoded constants to save gas | |
bytes32 internal constant KERNEL_CORE_APP_ID = apmNamehash("kernel"); | |
bytes32 internal constant KERNEL_DEFAULT_ACL_APP_ID = apmNamehash("acl"); | |
bytes32 internal constant KERNEL_DEFAULT_VAULT_APP_ID = apmNamehash("vault"); | |
*/ | |
bytes32 internal constant KERNEL_CORE_APP_ID = 0x3b4bf6bf3ad5000ecf0f989d5befde585c6860fea3e574a4fab4c49d1c177d9c; | |
bytes32 internal constant KERNEL_DEFAULT_ACL_APP_ID = 0xe3262375f45a6e2026b7e7b18c2b807434f2508fe1a2a3dfb493c7df8f4aad6a; | |
bytes32 internal constant KERNEL_DEFAULT_VAULT_APP_ID = 0x7e852e0fcfce6551c13800f1e7476f982525c2b5277ba14b24339c68416336d1; | |
} | |
contract KernelNamespaceConstants { | |
/* Hardcoded constants to save gas | |
bytes32 internal constant KERNEL_CORE_NAMESPACE = keccak256("core"); | |
bytes32 internal constant KERNEL_APP_BASES_NAMESPACE = keccak256("base"); | |
bytes32 internal constant KERNEL_APP_ADDR_NAMESPACE = keccak256("app"); | |
*/ | |
bytes32 internal constant KERNEL_CORE_NAMESPACE = 0xc681a85306374a5ab27f0bbc385296a54bcd314a1948b6cf61c4ea1bc44bb9f8; | |
bytes32 internal constant KERNEL_APP_BASES_NAMESPACE = 0xf1f3eb40f5bc1ad1344716ced8b8a0431d840b5783aea1fd01786bc26f35ac0f; | |
bytes32 internal constant KERNEL_APP_ADDR_NAMESPACE = 0xd6f028ca0e8edb4a8c9757ca4fdccab25fa1e0317da1188108f7d2dee14902fb; | |
} | |
// File: @aragon/os/contracts/evmscript/EVMScriptRunner.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
contract EVMScriptRunner is AppStorage, Initializable, EVMScriptRegistryConstants, KernelNamespaceConstants { | |
string private constant ERROR_EXECUTOR_UNAVAILABLE = "EVMRUN_EXECUTOR_UNAVAILABLE"; | |
string private constant ERROR_PROTECTED_STATE_MODIFIED = "EVMRUN_PROTECTED_STATE_MODIFIED"; | |
/* This is manually crafted in assembly | |
string private constant ERROR_EXECUTOR_INVALID_RETURN = "EVMRUN_EXECUTOR_INVALID_RETURN"; | |
*/ | |
event ScriptResult(address indexed executor, bytes script, bytes input, bytes returnData); | |
function getEVMScriptExecutor(bytes _script) public view returns (IEVMScriptExecutor) { | |
return IEVMScriptExecutor(getEVMScriptRegistry().getScriptExecutor(_script)); | |
} | |
function getEVMScriptRegistry() public view returns (IEVMScriptRegistry) { | |
address registryAddr = kernel().getApp(KERNEL_APP_ADDR_NAMESPACE, EVMSCRIPT_REGISTRY_APP_ID); | |
return IEVMScriptRegistry(registryAddr); | |
} | |
function runScript(bytes _script, bytes _input, address[] _blacklist) | |
internal | |
isInitialized | |
protectState | |
returns (bytes) | |
{ | |
IEVMScriptExecutor executor = getEVMScriptExecutor(_script); | |
require(address(executor) != address(0), ERROR_EXECUTOR_UNAVAILABLE); | |
bytes4 sig = executor.execScript.selector; | |
bytes memory data = abi.encodeWithSelector(sig, _script, _input, _blacklist); | |
bytes memory output; | |
assembly { | |
let success := delegatecall( | |
gas, // forward all gas | |
executor, // address | |
add(data, 0x20), // calldata start | |
mload(data), // calldata length | |
0, // don't write output (we'll handle this ourselves) | |
0 // don't write output | |
) | |
output := mload(0x40) // free mem ptr get | |
switch success | |
case 0 { | |
// If the call errored, forward its full error data | |
returndatacopy(output, 0, returndatasize) | |
revert(output, returndatasize) | |
} | |
default { | |
switch gt(returndatasize, 0x3f) | |
case 0 { | |
// Need at least 0x40 bytes returned for properly ABI-encoded bytes values, | |
// revert with "EVMRUN_EXECUTOR_INVALID_RETURN" | |
// See remix: doing a `revert("EVMRUN_EXECUTOR_INVALID_RETURN")` always results in | |
// this memory layout | |
mstore(output, 0x08c379a000000000000000000000000000000000000000000000000000000000) // error identifier | |
mstore(add(output, 0x04), 0x0000000000000000000000000000000000000000000000000000000000000020) // starting offset | |
mstore(add(output, 0x24), 0x000000000000000000000000000000000000000000000000000000000000001e) // reason length | |
mstore(add(output, 0x44), 0x45564d52554e5f4558454355544f525f494e56414c49445f52455455524e0000) // reason | |
revert(output, 100) // 100 = 4 + 3 * 32 (error identifier + 3 words for the ABI encoded error) | |
} | |
default { | |
// Copy result | |
// | |
// Needs to perform an ABI decode for the expected `bytes` return type of | |
// `executor.execScript()` as solidity will automatically ABI encode the returned bytes as: | |
// [ position of the first dynamic length return value = 0x20 (32 bytes) ] | |
// [ output length (32 bytes) ] | |
// [ output content (N bytes) ] | |
// | |
// Perform the ABI decode by ignoring the first 32 bytes of the return data | |
let copysize := sub(returndatasize, 0x20) | |
returndatacopy(output, 0x20, copysize) | |
mstore(0x40, add(output, copysize)) // free mem ptr set | |
} | |
} | |
} | |
emit ScriptResult(address(executor), _script, _input, output); | |
return output; | |
} | |
modifier protectState { | |
address preKernel = address(kernel()); | |
bytes32 preAppId = appId(); | |
_; // exec | |
require(address(kernel()) == preKernel, ERROR_PROTECTED_STATE_MODIFIED); | |
require(appId() == preAppId, ERROR_PROTECTED_STATE_MODIFIED); | |
} | |
} | |
// File: @aragon/os/contracts/apps/AragonApp.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
// Contracts inheriting from AragonApp are, by default, immediately petrified upon deployment so | |
// that they can never be initialized. | |
// Unless overriden, this behaviour enforces those contracts to be usable only behind an AppProxy. | |
// ReentrancyGuard, EVMScriptRunner, and ACLSyntaxSugar are not directly used by this contract, but | |
// are included so that they are automatically usable by subclassing contracts | |
contract AragonApp is AppStorage, Autopetrified, VaultRecoverable, ReentrancyGuard, EVMScriptRunner, ACLSyntaxSugar { | |
string private constant ERROR_AUTH_FAILED = "APP_AUTH_FAILED"; | |
modifier auth(bytes32 _role) { | |
require(canPerform(msg.sender, _role, new uint256[](0)), ERROR_AUTH_FAILED); | |
_; | |
} | |
modifier authP(bytes32 _role, uint256[] _params) { | |
require(canPerform(msg.sender, _role, _params), ERROR_AUTH_FAILED); | |
_; | |
} | |
/** | |
* @dev Check whether an action can be performed by a sender for a particular role on this app | |
* @param _sender Sender of the call | |
* @param _role Role on this app | |
* @param _params Permission params for the role | |
* @return Boolean indicating whether the sender has the permissions to perform the action. | |
* Always returns false if the app hasn't been initialized yet. | |
*/ | |
function canPerform(address _sender, bytes32 _role, uint256[] _params) public view returns (bool) { | |
if (!hasInitialized()) { | |
return false; | |
} | |
IKernel linkedKernel = kernel(); | |
if (address(linkedKernel) == address(0)) { | |
return false; | |
} | |
return linkedKernel.hasPermission( | |
_sender, | |
address(this), | |
_role, | |
ConversionHelpers.dangerouslyCastUintArrayToBytes(_params) | |
); | |
} | |
/** | |
* @dev Get the recovery vault for the app | |
* @return Recovery vault address for the app | |
*/ | |
function getRecoveryVault() public view returns (address) { | |
// Funds recovery via a vault is only available when used with a kernel | |
return kernel().getRecoveryVault(); // if kernel is not set, it will revert | |
} | |
} | |
// File: @aragon/os/contracts/common/DepositableStorage.sol | |
pragma solidity 0.4.24; | |
contract DepositableStorage { | |
using UnstructuredStorage for bytes32; | |
// keccak256("aragonOS.depositableStorage.depositable") | |
bytes32 internal constant DEPOSITABLE_POSITION = 0x665fd576fbbe6f247aff98f5c94a561e3f71ec2d3c988d56f12d342396c50cea; | |
function isDepositable() public view returns (bool) { | |
return DEPOSITABLE_POSITION.getStorageBool(); | |
} | |
function setDepositable(bool _depositable) internal { | |
DEPOSITABLE_POSITION.setStorageBool(_depositable); | |
} | |
} | |
// File: @aragon/apps-vault/contracts/Vault.sol | |
pragma solidity 0.4.24; | |
contract Vault is EtherTokenConstant, AragonApp, DepositableStorage { | |
using SafeERC20 for ERC20; | |
bytes32 public constant TRANSFER_ROLE = keccak256("TRANSFER_ROLE"); | |
string private constant ERROR_DATA_NON_ZERO = "VAULT_DATA_NON_ZERO"; | |
string private constant ERROR_NOT_DEPOSITABLE = "VAULT_NOT_DEPOSITABLE"; | |
string private constant ERROR_DEPOSIT_VALUE_ZERO = "VAULT_DEPOSIT_VALUE_ZERO"; | |
string private constant ERROR_TRANSFER_VALUE_ZERO = "VAULT_TRANSFER_VALUE_ZERO"; | |
string private constant ERROR_SEND_REVERTED = "VAULT_SEND_REVERTED"; | |
string private constant ERROR_VALUE_MISMATCH = "VAULT_VALUE_MISMATCH"; | |
string private constant ERROR_TOKEN_TRANSFER_FROM_REVERTED = "VAULT_TOKEN_TRANSFER_FROM_REVERT"; | |
string private constant ERROR_TOKEN_TRANSFER_REVERTED = "VAULT_TOKEN_TRANSFER_REVERTED"; | |
event VaultTransfer(address indexed token, address indexed to, uint256 amount); | |
event VaultDeposit(address indexed token, address indexed sender, uint256 amount); | |
/** | |
* @dev On a normal send() or transfer() this fallback is never executed as it will be | |
* intercepted by the Proxy (see aragonOS#281) | |
*/ | |
function () external payable isInitialized { | |
require(msg.data.length == 0, ERROR_DATA_NON_ZERO); | |
_deposit(ETH, msg.value); | |
} | |
/** | |
* @notice Initialize Vault app | |
* @dev As an AragonApp it needs to be initialized in order for roles (`auth` and `authP`) to work | |
*/ | |
function initialize() external onlyInit { | |
initialized(); | |
setDepositable(true); | |
} | |
/** | |
* @notice Deposit `_value` `_token` to the vault | |
* @param _token Address of the token being transferred | |
* @param _value Amount of tokens being transferred | |
*/ | |
function deposit(address _token, uint256 _value) external payable isInitialized { | |
_deposit(_token, _value); | |
} | |
/** | |
* @notice Transfer `_value` `_token` from the Vault to `_to` | |
* @param _token Address of the token being transferred | |
* @param _to Address of the recipient of tokens | |
* @param _value Amount of tokens being transferred | |
*/ | |
/* solium-disable-next-line function-order */ | |
function transfer(address _token, address _to, uint256 _value) | |
external | |
authP(TRANSFER_ROLE, arr(_token, _to, _value)) | |
{ | |
require(_value > 0, ERROR_TRANSFER_VALUE_ZERO); | |
if (_token == ETH) { | |
require(_to.send(_value), ERROR_SEND_REVERTED); | |
} else { | |
require(ERC20(_token).safeTransfer(_to, _value), ERROR_TOKEN_TRANSFER_REVERTED); | |
} | |
emit VaultTransfer(_token, _to, _value); | |
} | |
function balance(address _token) public view returns (uint256) { | |
if (_token == ETH) { | |
return address(this).balance; | |
} else { | |
return ERC20(_token).staticBalanceOf(address(this)); | |
} | |
} | |
/** | |
* @dev Disable recovery escape hatch, as it could be used | |
* maliciously to transfer funds away from the vault | |
*/ | |
function allowRecoverability(address) public view returns (bool) { | |
return false; | |
} | |
function _deposit(address _token, uint256 _value) internal { | |
require(isDepositable(), ERROR_NOT_DEPOSITABLE); | |
require(_value > 0, ERROR_DEPOSIT_VALUE_ZERO); | |
if (_token == ETH) { | |
// Deposit is implicit in this case | |
require(msg.value == _value, ERROR_VALUE_MISMATCH); | |
} else { | |
require( | |
ERC20(_token).safeTransferFrom(msg.sender, address(this), _value), | |
ERROR_TOKEN_TRANSFER_FROM_REVERTED | |
); | |
} | |
emit VaultDeposit(_token, msg.sender, _value); | |
} | |
} | |
// File: @aragon/os/contracts/common/IForwarder.sol | |
/* | |
* SPDX-License-Identitifer: MIT | |
*/ | |
pragma solidity ^0.4.24; | |
interface IForwarder { | |
function isForwarder() external pure returns (bool); | |
// TODO: this should be external | |
// See https://github.com/ethereum/solidity/issues/4832 | |
function canForward(address sender, bytes evmCallScript) public view returns (bool); | |
// TODO: this should be external | |
// See https://github.com/ethereum/solidity/issues/4832 | |
function forward(bytes evmCallScript) public; | |
} | |
// File: contracts/Agent.sol | |
/* | |
* SPDX-License-Identitifer: GPL-3.0-or-later | |
*/ | |
pragma solidity 0.4.24; | |
contract Agent is IERC165, ERC1271Bytes, IForwarder, IsContract, Vault { | |
/* Hardcoded constants to save gas | |
bytes32 public constant EXECUTE_ROLE = keccak256("EXECUTE_ROLE"); | |
bytes32 public constant SAFE_EXECUTE_ROLE = keccak256("SAFE_EXECUTE_ROLE"); | |
bytes32 public constant ADD_PROTECTED_TOKEN_ROLE = keccak256("ADD_PROTECTED_TOKEN_ROLE"); | |
bytes32 public constant REMOVE_PROTECTED_TOKEN_ROLE = keccak256("REMOVE_PROTECTED_TOKEN_ROLE"); | |
bytes32 public constant ADD_PRESIGNED_HASH_ROLE = keccak256("ADD_PRESIGNED_HASH_ROLE"); | |
bytes32 public constant DESIGNATE_SIGNER_ROLE = keccak256("DESIGNATE_SIGNER_ROLE"); | |
bytes32 public constant RUN_SCRIPT_ROLE = keccak256("RUN_SCRIPT_ROLE"); | |
*/ | |
bytes32 public constant EXECUTE_ROLE = 0xcebf517aa4440d1d125e0355aae64401211d0848a23c02cc5d29a14822580ba4; | |
bytes32 public constant SAFE_EXECUTE_ROLE = 0x0a1ad7b87f5846153c6d5a1f761d71c7d0cfd122384f56066cd33239b7933694; | |
bytes32 public constant ADD_PROTECTED_TOKEN_ROLE = 0x6eb2a499556bfa2872f5aa15812b956cc4a71b4d64eb3553f7073c7e41415aaa; | |
bytes32 public constant REMOVE_PROTECTED_TOKEN_ROLE = 0x71eee93d500f6f065e38b27d242a756466a00a52a1dbcd6b4260f01a8640402a; | |
bytes32 public constant ADD_PRESIGNED_HASH_ROLE = 0x0b29780bb523a130b3b01f231ef49ed2fa2781645591a0b0a44ca98f15a5994c; | |
bytes32 public constant DESIGNATE_SIGNER_ROLE = 0x23ce341656c3f14df6692eebd4757791e33662b7dcf9970c8308303da5472b7c; | |
bytes32 public constant RUN_SCRIPT_ROLE = 0xb421f7ad7646747f3051c50c0b8e2377839296cd4973e27f63821d73e390338f; | |
uint256 public constant PROTECTED_TOKENS_CAP = 10; | |
bytes4 private constant ERC165_INTERFACE_ID = 0x01ffc9a7; | |
string private constant ERROR_TARGET_PROTECTED = "AGENT_TARGET_PROTECTED"; | |
string private constant ERROR_PROTECTED_TOKENS_MODIFIED = "AGENT_PROTECTED_TOKENS_MODIFIED"; | |
string private constant ERROR_PROTECTED_BALANCE_LOWERED = "AGENT_PROTECTED_BALANCE_LOWERED"; | |
string private constant ERROR_TOKENS_CAP_REACHED = "AGENT_TOKENS_CAP_REACHED"; | |
string private constant ERROR_TOKEN_NOT_ERC20 = "AGENT_TOKEN_NOT_ERC20"; | |
string private constant ERROR_TOKEN_ALREADY_PROTECTED = "AGENT_TOKEN_ALREADY_PROTECTED"; | |
string private constant ERROR_TOKEN_NOT_PROTECTED = "AGENT_TOKEN_NOT_PROTECTED"; | |
string private constant ERROR_DESIGNATED_TO_SELF = "AGENT_DESIGNATED_TO_SELF"; | |
string private constant ERROR_CAN_NOT_FORWARD = "AGENT_CAN_NOT_FORWARD"; | |
mapping (bytes32 => bool) public isPresigned; | |
address public designatedSigner; | |
address[] public protectedTokens; | |
event SafeExecute(address indexed sender, address indexed target, bytes data); | |
event Execute(address indexed sender, address indexed target, uint256 ethValue, bytes data); | |
event AddProtectedToken(address indexed token); | |
event RemoveProtectedToken(address indexed token); | |
event PresignHash(address indexed sender, bytes32 indexed hash); | |
event SetDesignatedSigner(address indexed sender, address indexed oldSigner, address indexed newSigner); | |
/** | |
* @notice Execute '`@radspec(_target, _data)`' on `_target``_ethValue == 0 ? '' : ' (Sending' + @tokenAmount(0x0000000000000000000000000000000000000000, _ethValue) + ')'` | |
* @param _target Address where the action is being executed | |
* @param _ethValue Amount of ETH from the contract that is sent with the action | |
* @param _data Calldata for the action | |
* @return Exits call frame forwarding the return data of the executed call (either error or success data) | |
*/ | |
function execute(address _target, uint256 _ethValue, bytes _data) | |
external // This function MUST always be external as the function performs a low level return, exiting the Agent app execution context | |
authP(EXECUTE_ROLE, arr(_target, _ethValue, uint256(_getSig(_data)))) // bytes4 casted as uint256 sets the bytes as the LSBs | |
{ | |
bool result = _target.call.value(_ethValue)(_data); | |
if (result) { | |
emit Execute(msg.sender, _target, _ethValue, _data); | |
} | |
assembly { | |
let ptr := mload(0x40) | |
returndatacopy(ptr, 0, returndatasize) | |
// revert instead of invalid() bc if the underlying call failed with invalid() it already wasted gas. | |
// if the call returned error data, forward it | |
switch result case 0 { revert(ptr, returndatasize) } | |
default { return(ptr, returndatasize) } | |
} | |
} | |
/** | |
* @notice Execute '`@radspec(_target, _data)`' on `_target` ensuring that protected tokens can't be spent | |
* @param _target Address where the action is being executed | |
* @param _data Calldata for the action | |
* @return Exits call frame forwarding the return data of the executed call (either error or success data) | |
*/ | |
function safeExecute(address _target, bytes _data) | |
external // This function MUST always be external as the function performs a low level return, exiting the Agent app execution context | |
authP(SAFE_EXECUTE_ROLE, arr(_target, uint256(_getSig(_data)))) // bytes4 casted as uint256 sets the bytes as the LSBs | |
{ | |
uint256 protectedTokensLength = protectedTokens.length; | |
address[] memory protectedTokens_ = new address[](protectedTokensLength); | |
uint256[] memory balances = new uint256[](protectedTokensLength); | |
for (uint256 i = 0; i < protectedTokensLength; i++) { | |
address token = protectedTokens[i]; | |
require(_target != token, ERROR_TARGET_PROTECTED); | |
// we copy the protected tokens array to check whether the storage array has been modified during the underlying call | |
protectedTokens_[i] = token; | |
// we copy the balances to check whether they have been modified during the underlying call | |
balances[i] = balance(token); | |
} | |
bool result = _target.call(_data); | |
bytes32 ptr; | |
uint256 size; | |
assembly { | |
size := returndatasize | |
ptr := mload(0x40) | |
mstore(0x40, add(ptr, returndatasize)) | |
returndatacopy(ptr, 0, returndatasize) | |
} | |
if (result) { | |
// if the underlying call has succeeded, we check that the protected tokens | |
// and their balances have not been modified and return the call's return data | |
require(protectedTokens.length == protectedTokensLength, ERROR_PROTECTED_TOKENS_MODIFIED); | |
for (uint256 j = 0; j < protectedTokensLength; j++) { | |
require(protectedTokens[j] == protectedTokens_[j], ERROR_PROTECTED_TOKENS_MODIFIED); | |
require(balance(protectedTokens[j]) >= balances[j], ERROR_PROTECTED_BALANCE_LOWERED); | |
} | |
emit SafeExecute(msg.sender, _target, _data); | |
assembly { | |
return(ptr, size) | |
} | |
} else { | |
// if the underlying call has failed, we revert and forward returned error data | |
assembly { | |
revert(ptr, size) | |
} | |
} | |
} | |
/** | |
* @notice Add `_token.symbol(): string` to the list of protected tokens | |
* @param _token Address of the token to be protected | |
*/ | |
function addProtectedToken(address _token) external authP(ADD_PROTECTED_TOKEN_ROLE, arr(_token)) { | |
require(protectedTokens.length < PROTECTED_TOKENS_CAP, ERROR_TOKENS_CAP_REACHED); | |
require(_isERC20(_token), ERROR_TOKEN_NOT_ERC20); | |
require(!_tokenIsProtected(_token), ERROR_TOKEN_ALREADY_PROTECTED); | |
_addProtectedToken(_token); | |
} | |
/** | |
* @notice Remove `_token.symbol(): string` from the list of protected tokens | |
* @param _token Address of the token to be unprotected | |
*/ | |
function removeProtectedToken(address _token) external authP(REMOVE_PROTECTED_TOKEN_ROLE, arr(_token)) { | |
require(_tokenIsProtected(_token), ERROR_TOKEN_NOT_PROTECTED); | |
_removeProtectedToken(_token); | |
} | |
/** | |
* @notice Pre-sign hash `_hash` | |
* @param _hash Hash that will be considered signed regardless of the signature checked with 'isValidSignature()' | |
*/ | |
function presignHash(bytes32 _hash) | |
external | |
authP(ADD_PRESIGNED_HASH_ROLE, arr(_hash)) | |
{ | |
isPresigned[_hash] = true; | |
emit PresignHash(msg.sender, _hash); | |
} | |
/** | |
* @notice Set `_designatedSigner` as the designated signer of the app, which will be able to sign messages on behalf of the app | |
* @param _designatedSigner Address that will be able to sign messages on behalf of the app | |
*/ | |
function setDesignatedSigner(address _designatedSigner) | |
external | |
authP(DESIGNATE_SIGNER_ROLE, arr(_designatedSigner)) | |
{ | |
// Prevent an infinite loop by setting the app itself as its designated signer. | |
// An undetectable loop can be created by setting a different contract as the | |
// designated signer which calls back into `isValidSignature`. | |
// Given that `isValidSignature` is always called with just 50k gas, the max | |
// damage of the loop is wasting 50k gas. | |
require(_designatedSigner != address(this), ERROR_DESIGNATED_TO_SELF); | |
address oldDesignatedSigner = designatedSigner; | |
designatedSigner = _designatedSigner; | |
emit SetDesignatedSigner(msg.sender, oldDesignatedSigner, _designatedSigner); | |
} | |
// Forwarding fns | |
/** | |
* @notice Tells whether the Agent app is a forwarder or not | |
* @dev IForwarder interface conformance | |
* @return Always true | |
*/ | |
function isForwarder() external pure returns (bool) { | |
return true; | |
} | |
/** | |
* @notice Execute the script as the Agent app | |
* @dev IForwarder interface conformance. Forwards any token holder action. | |
* @param _evmScript Script being executed | |
*/ | |
function forward(bytes _evmScript) public { | |
require(canForward(msg.sender, _evmScript), ERROR_CAN_NOT_FORWARD); | |
bytes memory input = ""; // no input | |
address[] memory blacklist = new address[](0); // no addr blacklist, can interact with anything | |
runScript(_evmScript, input, blacklist); | |
// We don't need to emit an event here as EVMScriptRunner will emit ScriptResult if successful | |
} | |
/** | |
* @notice Tells whether `_sender` can forward actions or not | |
* @dev IForwarder interface conformance | |
* @param _sender Address of the account intending to forward an action | |
* @return True if the given address can run scripts, false otherwise | |
*/ | |
function canForward(address _sender, bytes _evmScript) public view returns (bool) { | |
// Note that `canPerform()` implicitly does an initialization check itself | |
return canPerform(_sender, RUN_SCRIPT_ROLE, arr(_getScriptACLParam(_evmScript))); | |
} | |
// ERC-165 conformance | |
/** | |
* @notice Tells whether this contract supports a given ERC-165 interface | |
* @param _interfaceId Interface bytes to check | |
* @return True if this contract supports the interface | |
*/ | |
function supportsInterface(bytes4 _interfaceId) external pure returns (bool) { | |
return | |
_interfaceId == ERC1271_INTERFACE_ID || | |
_interfaceId == ERC165_INTERFACE_ID; | |
} | |
// ERC-1271 conformance | |
/** | |
* @notice Tells whether a signature is seen as valid by this contract through ERC-1271 | |
* @param _hash Arbitrary length data signed on the behalf of address (this) | |
* @param _signature Signature byte array associated with _data | |
* @return The ERC-1271 magic value if the signature is valid | |
*/ | |
function isValidSignature(bytes32 _hash, bytes _signature) public view returns (bytes4) { | |
// Short-circuit in case the hash was presigned. Optimization as performing calls | |
// and ecrecover is more expensive than an SLOAD. | |
if (isPresigned[_hash]) { | |
return returnIsValidSignatureMagicNumber(true); | |
} | |
bool isValid; | |
if (designatedSigner == address(0)) { | |
isValid = false; | |
} else { | |
isValid = SignatureValidator.isValidSignature(_hash, designatedSigner, _signature); | |
} | |
return returnIsValidSignatureMagicNumber(isValid); | |
} | |
// Getters | |
function getProtectedTokensLength() public view isInitialized returns (uint256) { | |
return protectedTokens.length; | |
} | |
// Internal fns | |
function _addProtectedToken(address _token) internal { | |
protectedTokens.push(_token); | |
emit AddProtectedToken(_token); | |
} | |
function _removeProtectedToken(address _token) internal { | |
protectedTokens[_protectedTokenIndex(_token)] = protectedTokens[protectedTokens.length - 1]; | |
protectedTokens.length--; | |
emit RemoveProtectedToken(_token); | |
} | |
function _isERC20(address _token) internal view returns (bool) { | |
if (!isContract(_token)) { | |
return false; | |
} | |
// Throwaway sanity check to make sure the token's `balanceOf()` does not error (for now) | |
balance(_token); | |
return true; | |
} | |
function _protectedTokenIndex(address _token) internal view returns (uint256) { | |
for (uint i = 0; i < protectedTokens.length; i++) { | |
if (protectedTokens[i] == _token) { | |
return i; | |
} | |
} | |
revert(ERROR_TOKEN_NOT_PROTECTED); | |
} | |
function _tokenIsProtected(address _token) internal view returns (bool) { | |
for (uint256 i = 0; i < protectedTokens.length; i++) { | |
if (protectedTokens[i] == _token) { | |
return true; | |
} | |
} | |
return false; | |
} | |
function _getScriptACLParam(bytes _evmScript) internal pure returns (uint256) { | |
return uint256(keccak256(abi.encodePacked(_evmScript))); | |
} | |
function _getSig(bytes _data) internal pure returns (bytes4 sig) { | |
if (_data.length < 4) { | |
return; | |
} | |
assembly { sig := mload(add(_data, 0x20)) } | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment