Token Gyroscope 3CLP BUSD/USDC/USDT
Gaming
Sponsored
BC.Game - The Best Crypto Casino, 2000+ Slots, 200+ Token. Claim 1000,000 MaticDaily free Spin 50000 Matic ,760% Deposit Bonus, 20%Rakeback, And Get 1000000 Matic free bonus on BC.Game
BC.Game - The Best Crypto Casino, 2000+ Slots, 200+ Token. Claim 1000,000 MaticDaily free Spin 50000 Matic ,760% Deposit Bonus, 20%Rakeback, And Get 1000000 Matic free bonus on BC.Game
Polygon Sponsored slots available. Book your slot here!
Overview ERC-20
Price
$0.00 @ 0.000000 MATIC
Fully Diluted Market Cap
Total Supply:
101,384,393.023781 3CLP-BUSD-USDC-USDT
Holders:
2,038 addresses
Transfers:
-
Contract:
Decimals:
18
[ Download CSV Export ]
[ Download CSV Export ]
| # | Exchange | Pair | Price | 24H Volume | % Volume |
|---|
Contract Name:
Gyro3CLPPool
Compiler Version
v0.7.6+commit.7338295f
Optimization Enabled:
Yes with 200 runs
Other Settings:
default evmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity 0.7.6;
pragma experimental ABIEncoderV2;
import "../../libraries/GyroConfigKeys.sol";
import "../../interfaces/IGyroConfig.sol";
import "../../libraries/GyroPoolMath.sol";
import "../../libraries/GyroErrors.sol";
import "./ExtensibleBaseWeightedPool.sol";
import "./Gyro3CLPMath.sol";
import "./Gyro3CLPPoolErrors.sol";
import "../CappedLiquidity.sol";
import "../LocallyPausable.sol";
/**
* @dev Gyro Three Pool with immutable weights.
*/
// We derive from ExtensibleBaseWeightedPool and we override a large part of the functionality. In particular the
// weights are not used.
contract Gyro3CLPPool is ExtensibleBaseWeightedPool, CappedLiquidity, LocallyPausable {
using GyroFixedPoint for uint256;
using WeightedPoolUserDataHelpers for bytes;
uint256 private immutable _root3Alpha;
IGyroConfig public gyroConfig;
uint256 private constant _MAX_TOKENS = 3;
IERC20 internal immutable _token0;
IERC20 internal immutable _token1;
IERC20 internal immutable _token2;
// All token balances are normalized to behave as if the token had 18 decimals. We assume a token's decimals will
// not change throughout its lifetime, and store the corresponding scaling factor for each at construction time.
// These factors are always greater than or equal to one: tokens with more than 18 decimals are not supported.
uint256 internal immutable _scalingFactor0;
uint256 internal immutable _scalingFactor1;
uint256 internal immutable _scalingFactor2;
struct NewPoolConfigParams {
string name;
string symbol;
IERC20[] tokens;
uint256 swapFeePercentage;
uint256 root3Alpha;
address owner;
address capManager;
CapParams capParams;
address pauseManager;
}
struct NewPoolParams {
IVault vault;
address configAddress;
NewPoolConfigParams config;
uint256 pauseWindowDuration;
uint256 bufferPeriodDuration;
}
constructor(NewPoolParams memory params)
ExtensibleBaseWeightedPool(
params.vault,
params.config.name,
params.config.symbol,
params.config.tokens,
new address[](3),
params.config.swapFeePercentage,
params.pauseWindowDuration,
params.bufferPeriodDuration,
params.config.owner
)
CappedLiquidity(params.config.capManager, params.config.capParams)
LocallyPausable(params.config.pauseManager)
{
IERC20[] memory tokens = params.config.tokens;
_grequire(tokens.length == 3, Gyro3CLPPoolErrors.TOKENS_LENGTH_MUST_BE_3);
InputHelpers.ensureArrayIsSorted(tokens); // For uniqueness and required to make balance reconstruction work
_grequire(params.configAddress != address(0), GyroErrors.ZERO_ADDRESS);
_token0 = tokens[0];
_token1 = tokens[1];
_token2 = tokens[2];
_scalingFactor0 = _computeScalingFactor(tokens[0]);
_scalingFactor1 = _computeScalingFactor(tokens[1]);
_scalingFactor2 = _computeScalingFactor(tokens[2]);
// _require(params.config.root3Alpha < FixedPoint.ONE, Gyro3CLPPoolErrors.PRICE_BOUNDS_WRONG);
_grequire(
Gyro3CLPMath._MIN_ROOT_3_ALPHA <= params.config.root3Alpha && params.config.root3Alpha <= Gyro3CLPMath._MAX_ROOT_3_ALPHA,
Gyro3CLPPoolErrors.PRICE_BOUNDS_WRONG
);
_root3Alpha = params.config.root3Alpha;
gyroConfig = IGyroConfig(params.configAddress);
}
function getRoot3Alpha() external view returns (uint256) {
return _root3Alpha;
}
// We don't support weights at the moment; in other words, all tokens are always weighted equally and thus their
// normalized weights are all 1/3. This is what the functions return.
function _getNormalizedWeight(IERC20) internal view virtual override returns (uint256) {
return GyroFixedPoint.ONE / 3;
}
function _getNormalizedWeights() internal view virtual override returns (uint256[] memory) {
uint256[] memory normalizedWeights = new uint256[](3);
// prettier-ignore
{
normalizedWeights[0] = GyroFixedPoint.ONE/3;
normalizedWeights[1] = GyroFixedPoint.ONE/3;
normalizedWeights[2] = GyroFixedPoint.ONE/3;
}
return normalizedWeights;
}
/// @dev Since all weights are always the same, the max-weight token is arbitrary. We return token 0.
function _getNormalizedWeightsAndMaxWeightIndex() internal view virtual override returns (uint256[] memory, uint256) {
return (_getNormalizedWeights(), 0);
}
function _getMaxTokens() internal pure virtual override returns (uint256) {
return _MAX_TOKENS;
}
function _getTotalTokens() internal pure virtual override returns (uint256) {
return 3;
}
/**
* @dev Returns the scaling factor for one of the Pool's tokens. Reverts if `token` is not a token registered by the
* Pool.
*/
function _scalingFactor(IERC20 token) internal view virtual override returns (uint256 scalingFactor) {
if (token == _token0) {
scalingFactor = _scalingFactor0;
} else if (token == _token1) {
scalingFactor = _scalingFactor1;
} else if (token == _token2) {
scalingFactor = _scalingFactor2;
} else {
_revert(Errors.INVALID_TOKEN);
}
}
function _scalingFactors() internal view virtual override returns (uint256[] memory) {
uint256 totalTokens = _getTotalTokens();
uint256[] memory scalingFactors = new uint256[](totalTokens);
// prettier-ignore
{
scalingFactors[0] = _scalingFactor0;
scalingFactors[1] = _scalingFactor1;
scalingFactors[2] = _scalingFactor2;
}
return scalingFactors;
}
// on{Swap,Join,Exit}() toplevel entry points are not overloaded and taken from ExtensibleBaseWeightedPool. We
// override the lower-level functions.
function _onSwapGivenIn(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) internal view virtual override whenNotPaused returns (uint256) {
uint256 virtualOffset = _calculateVirtualOffset(swapRequest, currentBalanceTokenIn, currentBalanceTokenOut);
return _onSwapGivenIn(swapRequest, currentBalanceTokenIn, currentBalanceTokenOut, virtualOffset);
}
function _onSwapGivenOut(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) internal view virtual override whenNotPaused returns (uint256) {
uint256 virtualOffset = _calculateVirtualOffset(swapRequest, currentBalanceTokenIn, currentBalanceTokenOut);
return _onSwapGivenOut(swapRequest, currentBalanceTokenIn, currentBalanceTokenOut, virtualOffset);
}
/** @dev Given two tokens x, y, return the third one among the pool tokens that is neither x nor y. x, y do *not*
* have to be ordered, but they have to be among the tokens of this pool and they have to be different.
*/
function _getThirdToken(IERC20 x, IERC20 y) internal view returns (IERC20 tokenOther, uint256 scalingFactorOther) {
// Sort
if (x > y) (x, y) = (y, x);
// We exploit that the variables _token{0,1,2} are sorted.
if (x == _token0) {
if (y == _token1) return (_token2, _scalingFactor2);
if (y != _token2) _grequire(false, Gyro3CLPPoolErrors.TOKENS_NOT_AMONG_POOL_TOKENS);
return (_token1, _scalingFactor1);
}
if (!(x == _token1 && y == _token2)) _grequire(false, Gyro3CLPPoolErrors.TOKENS_NOT_AMONG_POOL_TOKENS);
return (_token0, _scalingFactor0);
}
/** @dev Reads the balance of a token from the balancer vault and returns the scaled amount. Smaller storage access
* compared to getVault().getPoolTokens().
*/
function _getScaledTokenBalance(IERC20 token, uint256 scalingFactor) internal view returns (uint256 balance) {
// Signature of getPoolTokenInfo(): (pool id, token) -> (cash, managed, lastChangeBlock, assetManager)
// and total amount = cash + managed. See balancer repo, PoolTokens.sol and BalanceAllocation.sol
(uint256 cash, uint256 managed, , ) = getVault().getPoolTokenInfo(getPoolId(), token);
balance = cash + managed; // can't overflow, see BalanceAllocation.sol::total() in the Balancer repo.
balance = balance.mulDown(scalingFactor);
}
/** @dev Calculate the offset that that takes real reserves to virtual reserves. Variant that uses the info given
* during swaps to query less from the vault and save gas.
*/
function _calculateVirtualOffset(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) private view returns (uint256 virtualOffset) {
// We exploit that everything is symmetric, so we don't have to know which balance is which here
uint256[] memory balances = new uint256[](3);
balances[0] = currentBalanceTokenIn;
balances[1] = currentBalanceTokenOut;
// Get the third token and query its balance.
// This needs to be scaled up, like in BasePool._upscaleArray(). The other balances are already scaled up.
(IERC20 token3, uint256 scalingFactor3) = _getThirdToken(swapRequest.tokenIn, swapRequest.tokenOut);
balances[2] = _getScaledTokenBalance(token3, scalingFactor3);
return _calculateVirtualOffset(balances);
}
/** @dev Calculate virtual offsets from scaled balances. Balances can be retrieved in the most gas-efficient way. */
function _calculateVirtualOffset(
uint256[] memory balances // Need to be already scaled up.
) private view returns (uint256 virtualOffset) {
uint256 root3Alpha = _root3Alpha;
uint256 invariant = Gyro3CLPMath._calculateInvariant(balances, root3Alpha);
virtualOffset = invariant.mulDown(root3Alpha);
}
/** @dev Get all balances in the pool, scaled by the appropriate scaling factors, in a relatively gas-efficient way.
*/
function _getAllBalances() private view returns (uint256[] memory balances) {
// The below is more gas-efficient than the following line because the token slots don't have to be read in the
// vault.
// (, uint256[] memory balances, ) = getVault().getPoolTokens(getPoolId());
balances = new uint256[](3);
balances[0] = _getScaledTokenBalance(_token0, _scalingFactor0);
balances[1] = _getScaledTokenBalance(_token1, _scalingFactor1);
balances[2] = _getScaledTokenBalance(_token2, _scalingFactor2);
return balances;
}
/** @dev Calculate the offset that that takes real reserves to virtual reserves. Uses only the info in the pool, but
* is rather expensive because a lot has to be queried from the vault.
*/
function _calculateVirtualOffset() private view returns (uint256 virtualOffset) {
return _calculateVirtualOffset(_getAllBalances());
}
function _calculateInvariant() private view returns (uint256 invariant) {
return Gyro3CLPMath._calculateInvariant(_getAllBalances(), _root3Alpha);
}
function _onSwapGivenIn(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut,
uint256 virtualOffset
) private pure returns (uint256) {
return Gyro3CLPMath._calcOutGivenIn(currentBalanceTokenIn, currentBalanceTokenOut, swapRequest.amount, virtualOffset);
}
function _onSwapGivenOut(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut,
uint256 virtualOffset
) private pure returns (uint256) {
return Gyro3CLPMath._calcInGivenOut(currentBalanceTokenIn, currentBalanceTokenOut, swapRequest.amount, virtualOffset);
}
/**
* @dev Called when the Pool is joined for the first time; that is, when the BPT total supply is zero.
*
* Returns the amount of BPT to mint and the token amounts the Pool will receive in return.
*
* Minted BPT will be sent to `recipient`, except for _MINIMUM_BPT, which will be deducted from this amount and sent
* to the zero address instead. This will cause that BPT to remain forever locked there, preventing total BTP from
* ever dropping below that value, and ensuring `_onInitializePool` can only be called once in the entire Pool's
* lifetime.
*
* The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will
* be downscaled (rounding up) before being returned to the Vault.
*/
function _onInitializePool(
bytes32,
address,
address,
uint256[] memory scalingFactors,
bytes memory userData
) internal override whenNotPaused returns (uint256, uint256[] memory) {
BaseWeightedPool.JoinKind kind = userData.joinKind();
_require(kind == BaseWeightedPool.JoinKind.INIT, Errors.UNINITIALIZED);
uint256[] memory amountsIn = userData.initialAmountsIn();
InputHelpers.ensureInputLengthMatch(amountsIn.length, 3);
_upscaleArray(amountsIn, scalingFactors);
uint256 invariantAfterJoin = Gyro3CLPMath._calculateInvariant(amountsIn, _root3Alpha);
// Set the initial BPT to the value of the invariant times the number of tokens. This makes BPT supply more
// consistent in Pools with similar compositions but different number of tokens.
// Note that the BPT supply also depends on the parameters of the pool.
uint256 bptAmountOut = Math.mul(invariantAfterJoin, 3);
_lastInvariant = invariantAfterJoin;
return (bptAmountOut, amountsIn);
}
/**
* @dev Called whenever the Pool is joined after the first initialization join (see `_onInitializePool`).
*
* Returns the amount of BPT to mint, the token amounts that the Pool will receive in return, and the number of
* tokens to pay in protocol swap fees.
*
* Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when
* performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.
*
* Minted BPT will be sent to `recipient`.
*
* The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will
* be downscaled (rounding up) before being returned to the Vault.
*
* protocolSwapFeePercentage argument is intentionally unused as protocol fees are handled in a different way
*/
function _onJoinPool(
bytes32,
address,
address recipient,
uint256[] memory balances,
uint256,
uint256, // protocolSwapFeePercentage, not used
uint256[] memory,
bytes memory userData
)
internal
override
returns (
uint256 bptAmountOut,
uint256[] memory amountsIn,
uint256[] memory dueProtocolFeeAmounts
)
{
// Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous join
// or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids spending gas
// accounting for them on each individual swap
uint256 root3Alpha = _root3Alpha;
uint256 invariantBeforeJoin = Gyro3CLPMath._calculateInvariant(balances, root3Alpha);
_distributeFees(invariantBeforeJoin);
(bptAmountOut, amountsIn) = _doJoin(balances, userData);
if (_capParams.capEnabled) {
_ensureCap(bptAmountOut, balanceOf(recipient), totalSupply());
}
// Since we pay fees in BPT, they have not changed the invariant and 'lastInvariant' is still consistent with
// 'balances'. Therefore, we can use a simplified method to update the invariant that does not require a full
// re-computation.
// Note: Should this be changed in the future, we also need to reduce the invariant proportionally by the total
// protocol fee factor.
_lastInvariant = GyroPoolMath.liquidityInvariantUpdate(invariantBeforeJoin, bptAmountOut, totalSupply(), true);
// returns a new uint256[](3) b/c Balancer vault is expecting a fee array, but fees paid in BPT instead
return (bptAmountOut, amountsIn, new uint256[](3));
}
function _doJoin(uint256[] memory balances, bytes memory userData) internal view returns (uint256 bptAmountOut, uint256[] memory amountsIn) {
BaseWeightedPool.JoinKind kind = userData.joinKind();
// We do NOT currently support unbalanced update, i.e., EXACT_TOKENS_IN_FOR_BPT_OUT or TOKEN_IN_FOR_EXACT_BPT_OUT
if (kind == BaseWeightedPool.JoinKind.ALL_TOKENS_IN_FOR_EXACT_BPT_OUT) {
(bptAmountOut, amountsIn) = _joinAllTokensInForExactBPTOut(balances, userData);
} else {
_revert(Errors.UNHANDLED_JOIN_KIND);
}
}
/**
* @dev Called whenever the Pool is exited.
*
* Returns the amount of BPT to burn, the token amounts for each Pool token that the Pool will grant in return, and
* the number of tokens to pay in protocol swap fees.
*
* Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when
* performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.
*
* BPT will be burnt from `sender`.
*
* The Pool will grant tokens to `recipient`. These amounts are considered upscaled and will be downscaled
* (rounding down) before being returned to the Vault.
*
* protocolSwapFeePercentage argument is intentionally unused as protocol fees are handled in a different way
*/
function _onExitPool(
bytes32,
address,
address,
uint256[] memory balances,
uint256,
uint256, // protocolSwapFeePercentage
uint256[] memory,
bytes memory userData
)
internal
override
returns (
uint256 bptAmountIn,
uint256[] memory amountsOut,
uint256[] memory dueProtocolFeeAmounts
)
{
// Exits are not completely disabled while the contract is paused: proportional exits (exact BPT in for tokens
// out) remain functional.
uint256 root3Alpha = _root3Alpha;
if (_isNotPaused()) {
// Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous
// join or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids
// spending gas calculating the fees on each individual swap.
uint256 invariantBeforeExit = Gyro3CLPMath._calculateInvariant(balances, root3Alpha);
_distributeFees(invariantBeforeExit);
(bptAmountIn, amountsOut) = _doExit(balances, userData);
// Since we pay fees in BPT, they have not changed the invariant and 'lastInvariant' is still consistent with
// 'balances'. Therefore, we can use a simplified method to update the invariant that does not require a full
// re-computation.
// Note: Should this be changed in the future, we also need to reduce the invariant proportionally by the
// total protocol fee factor.
_lastInvariant = GyroPoolMath.liquidityInvariantUpdate(invariantBeforeExit, bptAmountIn, totalSupply(), false);
} else {
// Note: If the contract is paused, swap protocol fee amounts are not charged and the oracle is not updated
// to avoid extra calculations and reduce the potential for errors.
(bptAmountIn, amountsOut) = _doExit(balances, userData);
// In the paused state, we do not recompute the invariant to reduce the potential for errors and to avoid
// lock-up in case the pool is in a state where the involved numerical method does not converge.
// Instead, we set the invariant such that any following (non-paused) join/exit will ignore and recompute it
// (see GyroPoolMath._calcProtocolFees())
_lastInvariant = type(uint256).max;
}
// returns a new uint256[](3) b/c Balancer vault is expecting a fee array, but fees paid in BPT instead
return (bptAmountIn, amountsOut, new uint256[](3));
}
/**
* @dev Returns the current value of the invariant.
*/
function getInvariant() public view override returns (uint256 invariant) {
return _calculateInvariant();
}
function _joinAllTokensInForExactBPTOut(uint256[] memory balances, bytes memory userData)
internal
view
override
returns (uint256, uint256[] memory)
{
uint256 bptAmountOut = userData.allTokensInForExactBptOut();
uint256[] memory amountsIn = GyroPoolMath._calcAllTokensInGivenExactBptOut(balances, bptAmountOut, totalSupply());
return (bptAmountOut, amountsIn);
}
function _doExit(uint256[] memory balances, bytes memory userData) internal view returns (uint256 bptAmountIn, uint256[] memory amountsOut) {
BaseWeightedPool.ExitKind kind = userData.exitKind();
// We do NOT support unbalanced exit at the moment, i.e., EXACT_BPT_IN_FOR_ONE_TOKEN_OUT or
// BPT_IN_FOR_EXACT_TOKENS_OUT.
if (kind == BaseWeightedPool.ExitKind.EXACT_BPT_IN_FOR_TOKENS_OUT) {
return _exitExactBPTInForTokensOut(balances, userData);
} else {
_revert(Errors.UNHANDLED_EXIT_KIND);
}
}
function _exitExactBPTInForTokensOut(uint256[] memory balances, bytes memory userData)
internal
view
override
returns (uint256, uint256[] memory)
{
// This exit function is the only one that is not disabled if the contract is paused: it remains unrestricted
// in an attempt to provide users with a mechanism to retrieve their tokens in case of an emergency.
// This particular exit function is the only one that remains available because it is the simplest one, and
// therefore the one with the lowest likelihood of errors.
uint256 bptAmountIn = userData.exactBptInForTokensOut();
// Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.
uint256[] memory amountsOut = GyroPoolMath._calcTokensOutGivenExactBptIn(balances, bptAmountIn, totalSupply());
return (bptAmountIn, amountsOut);
}
// Helpers
// Protocol Fee Helpers. These are the same functions as in Gyro2CLPPool.
/**
* @dev Computes and distributes fees between the Balancer and the Gyro treasury
* The fees are computed and distributed in BPT rather than using the
* Balancer regular distribution mechanism which would pay these in underlying
*/
function _distributeFees(uint256 invariantBeforeAction) internal {
// calculate Protocol fees in BPT
// _lastInvariant is the invariant logged at the end of the last liquidity update
// protocol fees are calculated on swap fees earned between liquidity updates
(uint256 gyroFees, uint256 balancerFees, address gyroTreasury, address balTreasury) = _getDueProtocolFeeAmounts(
_lastInvariant,
invariantBeforeAction
);
// Pay fees in BPT
_payFeesBpt(gyroFees, balancerFees, gyroTreasury, balTreasury);
}
/**
* @dev this function overrides inherited function to make sure it is never used
*/
function _getDueProtocolFeeAmounts(
uint256[] memory, // balances,
uint256[] memory, // normalizedWeights,
uint256, // maxWeightTokenIndex,
uint256, // previousInvariant,
uint256, // currentInvariant,
uint256 // protocolSwapFeePercentage
) internal pure override returns (uint256[] memory) {
revert("Not implemented");
}
/**
* @dev
* Note: This function is identical to that used in Gyro2CLPPool.sol.
* Calculates protocol fee amounts in BPT terms.
* protocolSwapFeePercentage is not used here b/c we take parameters from GyroConfig instead.
* Returns: BPT due to Gyro, BPT due to Balancer, receiving address for Gyro fees, receiving address for Balancer
* fees.
*/
function _getDueProtocolFeeAmounts(uint256 previousInvariant, uint256 currentInvariant)
internal
view
returns (
uint256,
uint256,
address,
address
)
{
(uint256 protocolSwapFeePerc, uint256 protocolFeeGyroPortion, address gyroTreasury, address balTreasury) = _getFeesMetadata();
// Early return if the protocol swap fee percentage is zero, saving gas.
if (protocolSwapFeePerc == 0) {
return (0, 0, gyroTreasury, balTreasury);
}
// Calculate fees in BPT
(uint256 gyroFees, uint256 balancerFees) = GyroPoolMath._calcProtocolFees(
previousInvariant,
currentInvariant,
totalSupply(),
protocolSwapFeePerc,
protocolFeeGyroPortion
);
return (gyroFees, balancerFees, gyroTreasury, balTreasury);
}
// Note: This function is identical to that used in Gyro2CLPPool.sol
function _payFeesBpt(
uint256 gyroFees,
uint256 balancerFees,
address gyroTreasury,
address balTreasury
) internal {
// Pay fees in BPT to gyro treasury
if (gyroFees > 0) {
_mintPoolTokens(gyroTreasury, gyroFees);
}
// Pay fees in BPT to bal treasury
if (balancerFees > 0) {
_mintPoolTokens(balTreasury, balancerFees);
}
}
// Note: This function is identical to that used in Gyro2CLPPool.sol
function _getFeesMetadata()
internal
view
returns (
uint256,
uint256,
address,
address
)
{
return (
gyroConfig.getUint(GyroConfigKeys.PROTOCOL_SWAP_FEE_PERC_KEY),
gyroConfig.getUint(GyroConfigKeys.PROTOCOL_FEE_GYRO_PORTION_KEY),
gyroConfig.getAddress(GyroConfigKeys.GYRO_TREASURY_KEY),
gyroConfig.getAddress(GyroConfigKeys.BAL_TREASURY_KEY)
);
}
function _setPausedState(bool paused) internal override {
_setPaused(paused);
}
}// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.7.6;
library GyroConfigKeys {
bytes32 public constant PROTOCOL_SWAP_FEE_PERC_KEY = "PROTOCOL_SWAP_FEE_PERC";
bytes32 public constant PROTOCOL_FEE_GYRO_PORTION_KEY = "PROTOCOL_FEE_GYRO_PORTION";
bytes32 public constant GYRO_TREASURY_KEY = "GYRO_TREASURY";
bytes32 public constant BAL_TREASURY_KEY = "BAL_TREASURY";
}// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.7.6;
/// @notice IGyroConfig stores the global configuration of the Gyroscope protocol
interface IGyroConfig {
/// @notice Event emitted every time a configuration is changed
event ConfigChanged(bytes32 key, uint256 previousValue, uint256 newValue);
event ConfigChanged(bytes32 key, address previousValue, address newValue);
/// @notice Returns a set of known configuration keys
function listKeys() external view returns (bytes32[] memory);
/// @notice Returns a uint256 value from the config
function getUint(bytes32 key) external view returns (uint256);
/// @notice Returns an address value from the config
function getAddress(bytes32 key) external view returns (address);
/// @notice Set a uint256 config
/// NOTE: We avoid overloading to avoid complications with some clients
function setUint(bytes32 key, uint256 newValue) external;
/// @notice Set an address config
function setAddress(bytes32 key, address newValue) external;
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity 0.7.6;
// import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "./GyroFixedPoint.sol";
import "@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
library GyroPoolMath {
using GyroFixedPoint for uint256;
uint256 private constant SQRT_1E_NEG_1 = 316227766016837933;
uint256 private constant SQRT_1E_NEG_3 = 31622776601683793;
uint256 private constant SQRT_1E_NEG_5 = 3162277660168379;
uint256 private constant SQRT_1E_NEG_7 = 316227766016837;
uint256 private constant SQRT_1E_NEG_9 = 31622776601683;
uint256 private constant SQRT_1E_NEG_11 = 3162277660168;
uint256 private constant SQRT_1E_NEG_13 = 316227766016;
uint256 private constant SQRT_1E_NEG_15 = 31622776601;
uint256 private constant SQRT_1E_NEG_17 = 3162277660;
// Note: this function is identical to that in WeightedMath.sol audited by Balancer
function _calcAllTokensInGivenExactBptOut(
uint256[] memory balances,
uint256 bptOut,
uint256 totalBPT
) internal pure returns (uint256[] memory amountsIn) {
/************************************************************************************
// tokensInForExactBptOut //
// / bptOut \ //
// amountsIn[i] = balances[i] * | ------------ | //
// \ totalBPT / //
************************************************************************************/
// We adjust the order of operations to minimize error amplification, assuming that
// balances[i], totalBPT > 1 (which is usually the case).
// Tokens in, so we round up overall.
amountsIn = new uint256[](balances.length);
for (uint256 i = 0; i < balances.length; i++) {
amountsIn[i] = balances[i].mulUp(bptOut).divUp(totalBPT);
}
return amountsIn;
}
// Note: this function is identical to that in WeightedMath.sol audited by Balancer
function _calcTokensOutGivenExactBptIn(
uint256[] memory balances,
uint256 bptIn,
uint256 totalBPT
) internal pure returns (uint256[] memory amountsOut) {
/**********************************************************************************************
// exactBPTInForTokensOut //
// (per token) //
// / bptIn \ //
// amountsOut[i] = balances[i] * | --------------------- | //
// \ totalBPT / //
**********************************************************************************************/
// We adjust the order of operations to minimize error amplification, assuming that
// balances[i], totalBPT > 1 (which is usually the case).
// Since we're computing an amount out, we round down overall. This means rounding down on both the
// multiplication and division.
amountsOut = new uint256[](balances.length);
for (uint256 i = 0; i < balances.length; i++) {
amountsOut[i] = balances[i].mulDown(bptIn).divDown(totalBPT);
}
return amountsOut;
}
/** @dev Calculates protocol fees due to Gyro and Balancer
* Note: we do this differently than normal Balancer pools by paying fees in BPT tokens
* b/c this is much more gas efficient than doing many transfers of underlying assets
* This function gets protocol fee parameters from GyroConfig
*/
function _calcProtocolFees(
uint256 previousInvariant,
uint256 currentInvariant,
uint256 currentBptSupply,
uint256 protocolSwapFeePerc,
uint256 protocolFeeGyroPortion
) internal pure returns (uint256, uint256) {
/*********************************************************************************
/* Protocol fee collection should decrease the invariant L by
* Delta L = protocolSwapFeePerc * (currentInvariant - previousInvariant)
* To take these fees in BPT LP shares, the protocol mints Delta S new LP shares where
* Delta S = S * Delta L / ( currentInvariant - Delta L )
* where S = current BPT supply
* The protocol then splits the fees (in BPT) considering protocolFeeGyroPortion
* See also the write-up, Proposition 7.
*********************************************************************************/
if (currentInvariant <= previousInvariant) {
// This shouldn't happen outside of rounding errors, but have this safeguard nonetheless to prevent the Pool
// from entering a locked state in which joins and exits revert while computing accumulated swap fees.
// NB: This condition is also used by the pools to indicate that _lastInvariant is invalid and should be ignored.
return (0, 0);
}
// Calculate due protocol fees in BPT terms
// We round down to prevent issues in the Pool's accounting, even if it means paying slightly less in protocol
// fees to the Vault.
// For the numerator, we need to round down delta L. Also for the denominator b/c subtracted
// Ordering multiplications for best fixed point precision considering that S and currentInvariant-previousInvariant could be large
uint256 numerator = (currentBptSupply.mulDown(currentInvariant.sub(previousInvariant))).mulDown(protocolSwapFeePerc);
uint256 diffInvariant = protocolSwapFeePerc.mulDown(currentInvariant.sub(previousInvariant));
uint256 denominator = currentInvariant.sub(diffInvariant);
uint256 deltaS = numerator.divDown(denominator);
// Split fees between Gyro and Balancer
uint256 gyroFees = protocolFeeGyroPortion.mulDown(deltaS);
uint256 balancerFees = deltaS.sub(gyroFees);
return (gyroFees, balancerFees);
}
/** @dev Implements square root algorithm using Newton's method and a first-guess optimisation **/
function _sqrt(uint256 input, uint256 tolerance) internal pure returns (uint256) {
if (input == 0) {
return 0;
}
uint256 guess = _makeInitialGuess(input);
// 7 iterations
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
guess = (guess + ((input * GyroFixedPoint.ONE) / guess)) / 2;
// Check in some epsilon range
// Check square is more or less correct
uint256 guessSquared = guess.mulDown(guess);
require(guessSquared <= input.add(guess.mulUp(tolerance)) && guessSquared >= input.sub(guess.mulUp(tolerance)), "_sqrt FAILED");
return guess;
}
// function _makeInitialGuess10(uint256 input) internal pure returns (uint256) {
// uint256 orderUpperBound = 72;
// uint256 orderLowerBound = 0;
// uint256 orderMiddle;
// orderMiddle = (orderUpperBound + orderLowerBound) / 2;
// while (orderUpperBound - orderLowerBound != 1) {
// if (10**orderMiddle > input) {
// orderUpperBound = orderMiddle;
// } else {
// orderLowerBound = orderMiddle;
// }
// }
// return 10**(orderUpperBound / 2);
// }
function _makeInitialGuess(uint256 input) internal pure returns (uint256) {
if (input >= GyroFixedPoint.ONE) {
return (1 << (_intLog2Halved(input / GyroFixedPoint.ONE))) * GyroFixedPoint.ONE;
} else {
if (input <= 10) {
return SQRT_1E_NEG_17;
}
if (input <= 1e2) {
return 1e10;
}
if (input <= 1e3) {
return SQRT_1E_NEG_15;
}
if (input <= 1e4) {
return 1e11;
}
if (input <= 1e5) {
return SQRT_1E_NEG_13;
}
if (input <= 1e6) {
return 1e12;
}
if (input <= 1e7) {
return SQRT_1E_NEG_11;
}
if (input <= 1e8) {
return 1e13;
}
if (input <= 1e9) {
return SQRT_1E_NEG_9;
}
if (input <= 1e10) {
return 1e14;
}
if (input <= 1e11) {
return SQRT_1E_NEG_7;
}
if (input <= 1e12) {
return 1e15;
}
if (input <= 1e13) {
return SQRT_1E_NEG_5;
}
if (input <= 1e14) {
return 1e16;
}
if (input <= 1e15) {
return SQRT_1E_NEG_3;
}
if (input <= 1e16) {
return 1e17;
}
if (input <= 1e17) {
return SQRT_1E_NEG_1;
}
return input;
}
}
function _intLog2Halved(uint256 x) public pure returns (uint256 n) {
if (x >= 1 << 128) {
x >>= 128;
n += 64;
}
if (x >= 1 << 64) {
x >>= 64;
n += 32;
}
if (x >= 1 << 32) {
x >>= 32;
n += 16;
}
if (x >= 1 << 16) {
x >>= 16;
n += 8;
}
if (x >= 1 << 8) {
x >>= 8;
n += 4;
}
if (x >= 1 << 4) {
x >>= 4;
n += 2;
}
if (x >= 1 << 2) {
x >>= 2;
n += 1;
}
}
/** @dev If liquidity update is proportional so that price stays the same ("balanced liquidity update"), then this
* returns the invariant after that change. This is more efficient than calling `calculateInvariant()` on the updated balances.
* `isIncreaseLiq` denotes the sign of the update. See the writeup, Corollary 3 in Section 3.1.3. */
function liquidityInvariantUpdate(
uint256 uinvariant,
uint256 changeBptSupply,
uint256 currentBptSupply,
bool isIncreaseLiq
) internal pure returns (uint256 unewInvariant) {
// change in invariant
if (isIncreaseLiq) {
// round new invariant up so that protocol fees not triggered
uint256 dL = uinvariant.mulUp(changeBptSupply).divUp(currentBptSupply);
unewInvariant = uinvariant.add(dL);
} else {
// round new invariant up (and so round dL down) so that protocol fees not triggered
uint256 dL = uinvariant.mulDown(changeBptSupply).divDown(currentBptSupply);
unewInvariant = uinvariant.sub(dL);
}
}
/** @dev If `deltaBalances` are such that, when changing `balances` by it, the price stays the same ("balanced
* liquidity update"), then this returns the invariant after that change. This is more efficient than calling
* `calculateInvariant()` on the updated balances. `isIncreaseLiq` denotes the sign of the update.
* See the writeup, Corollary 3 in Section 3.1.3.
*
* DEPRECATED and will go out of use and be removed once pending changes to the CEMM are merged. Use the other liquidityInvariantUpdate() function instead!
*/
function liquidityInvariantUpdate(
uint256[] memory balances,
uint256 uinvariant,
uint256[] memory deltaBalances,
bool isIncreaseLiq
) internal pure returns (uint256 unewInvariant) {
uint256 largestBalanceIndex;
uint256 largestBalance;
for (uint256 i = 0; i < balances.length; i++) {
if (balances[i] > largestBalance) {
largestBalance = balances[i];
largestBalanceIndex = i;
}
}
uint256 deltaInvariant = uinvariant.mulDown(deltaBalances[largestBalanceIndex]).divDown(balances[largestBalanceIndex]);
unewInvariant = isIncreaseLiq ? uinvariant.add(deltaInvariant) : uinvariant.sub(deltaInvariant);
}
}// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.7.0;
/**
* @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are
* supported.
* Uses the default 'BAL' prefix for the error code
*/
function _grequire(bool condition, uint256 errorCode) pure {
if (!condition) _grevert(errorCode);
}
/**
* @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are
* supported.
*/
function _grequire(
bool condition,
uint256 errorCode,
bytes3 prefix
) pure {
if (!condition) _grevert(errorCode, prefix);
}
/**
* @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.
* Uses the default 'BAL' prefix for the error code
*/
function _grevert(uint256 errorCode) pure {
_grevert(errorCode, 0x475952); // This is the raw byte representation of "GYR"
}
/**
* @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.
*/
function _grevert(uint256 errorCode, bytes3 prefix) pure {
uint256 prefixUint = uint256(uint24(prefix));
// We're going to dynamically create a revert string based on the error code, with the following format:
// 'BAL#{errorCode}'
// where the code is left-padded with zeroes to three digits (so they range from 000 to 999).
//
// We don't have revert strings embedded in the contract to save bytecode size: it takes much less space to store a
// number (8 to 16 bits) than the individual string characters.
//
// The dynamic string creation algorithm that follows could be implemented in Solidity, but assembly allows for a
// much denser implementation, again saving bytecode size. Given this function unconditionally reverts, this is a
// safe place to rely on it without worrying about how its usage might affect e.g. memory contents.
assembly {
// First, we need to compute the ASCII representation of the error code. We assume that it is in the 0-999
// range, so we only need to convert three digits. To convert the digits to ASCII, we add 0x30, the value for
// the '0' character.
let units := add(mod(errorCode, 10), 0x30)
errorCode := div(errorCode, 10)
let tenths := add(mod(errorCode, 10), 0x30)
errorCode := div(errorCode, 10)
let hundreds := add(mod(errorCode, 10), 0x30)
// With the individual characters, we can now construct the full string.
// We first append the '#' character (0x23) to the prefix. In the case of 'BAL', it results in 0x42414c23 ('BAL#')
// Then, we shift this by 24 (to provide space for the 3 bytes of the error code), and add the
// characters to it, each shifted by a multiple of 8.
// The revert reason is then shifted left by 200 bits (256 minus the length of the string, 7 characters * 8 bits
// per character = 56) to locate it in the most significant part of the 256 slot (the beginning of a byte
// array).
let formattedPrefix := shl(24, add(0x23, shl(8, prefixUint)))
let revertReason := shl(200, add(formattedPrefix, add(add(units, shl(8, tenths)), shl(16, hundreds))))
// We can now encode the reason in memory, which can be safely overwritten as we're about to revert. The encoded
// message will have the following layout:
// [ revert reason identifier ] [ string location offset ] [ string length ] [ string contents ]
// The Solidity revert reason identifier is 0x08c739a0, the function selector of the Error(string) function. We
// also write zeroes to the next 28 bytes of memory, but those are about to be overwritten.
mstore(0x0, 0x08c379a000000000000000000000000000000000000000000000000000000000)
// Next is the offset to the location of the string, which will be placed immediately after (20 bytes away).
mstore(0x04, 0x0000000000000000000000000000000000000000000000000000000000000020)
// The string length is fixed: 7 characters.
mstore(0x24, 7)
// Finally, the string itself is stored.
mstore(0x44, revertReason)
// Even if the string is only 7 bytes long, we need to return a full 32 byte slot containing it. The length of
// the encoded message is therefore 4 + 32 + 32 + 32 = 100.
revert(0, 100)
}
}
library GyroErrors {
uint256 internal constant ZERO_ADDRESS = 105;
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity 0.7.6;
pragma experimental ABIEncoderV2;
// import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "../../libraries/GyroFixedPoint.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import "@balancer-labs/v2-pool-utils/contracts/BaseMinimalSwapInfoPool.sol";
import "@balancer-labs/v2-pool-weighted/contracts/WeightedMath.sol";
import "@balancer-labs/v2-pool-weighted/contracts/WeightedPoolUserDataHelpers.sol";
/**
* @dev Base class for WeightedPools containing swap, join and exit logic, but leaving storage and management of
* the weights to subclasses. Derived contracts can choose to make weights immutable, mutable, or even dynamic
* based on local or external logic.
*/
abstract contract ExtensibleBaseWeightedPool is BaseMinimalSwapInfoPool {
using GyroFixedPoint for uint256;
using WeightedPoolUserDataHelpers for bytes;
uint256 internal _lastInvariant;
constructor(
IVault vault,
string memory name,
string memory symbol,
IERC20[] memory tokens,
address[] memory assetManagers,
uint256 swapFeePercentage,
uint256 pauseWindowDuration,
uint256 bufferPeriodDuration,
address owner
)
BasePool(
vault,
// Given BaseMinimalSwapInfoPool supports both of these specializations, and this Pool never registers or
// deregisters any tokens after construction, picking Two Token when the Pool only has two tokens is free
// gas savings.
tokens.length == 2 ? IVault.PoolSpecialization.TWO_TOKEN : IVault.PoolSpecialization.MINIMAL_SWAP_INFO,
name,
symbol,
tokens,
assetManagers,
swapFeePercentage,
pauseWindowDuration,
bufferPeriodDuration,
owner
)
{
// solhint-disable-previous-line no-empty-blocks
}
// Virtual functions
/**
* @dev Returns the normalized weight of `token`. Weights are fixed point numbers that sum to FixedPoint.ONE.
*/
function _getNormalizedWeight(IERC20 token) internal view virtual returns (uint256);
/**
* @dev Returns all normalized weights, in the same order as the Pool's tokens.
*/
function _getNormalizedWeights() internal view virtual returns (uint256[] memory);
/**
* @dev Returns all normalized weights, in the same order as the Pool's tokens, along with the index of the token
* with the highest weight.
*/
function _getNormalizedWeightsAndMaxWeightIndex() internal view virtual returns (uint256[] memory, uint256);
function getLastInvariant() public view virtual returns (uint256) {
return _lastInvariant;
}
/**
* @dev Returns the current value of the invariant.
*/
function getInvariant() public view virtual returns (uint256) {
(, uint256[] memory balances, ) = getVault().getPoolTokens(getPoolId());
// Since the Pool hooks always work with upscaled balances, we manually
// upscale here for consistency
_upscaleArray(balances, _scalingFactors());
(uint256[] memory normalizedWeights, ) = _getNormalizedWeightsAndMaxWeightIndex();
return WeightedMath._calculateInvariant(normalizedWeights, balances);
}
function getNormalizedWeights() external view returns (uint256[] memory) {
return _getNormalizedWeights();
}
// Base Pool handlers
// Swap
function _onSwapGivenIn(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) internal view virtual override whenNotPaused returns (uint256) {
// Swaps are disabled while the contract is paused.
return
WeightedMath._calcOutGivenIn(
currentBalanceTokenIn,
_getNormalizedWeight(swapRequest.tokenIn),
currentBalanceTokenOut,
_getNormalizedWeight(swapRequest.tokenOut),
swapRequest.amount
);
}
function _onSwapGivenOut(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) internal view virtual override whenNotPaused returns (uint256) {
// Swaps are disabled while the contract is paused.
return
WeightedMath._calcInGivenOut(
currentBalanceTokenIn,
_getNormalizedWeight(swapRequest.tokenIn),
currentBalanceTokenOut,
_getNormalizedWeight(swapRequest.tokenOut),
swapRequest.amount
);
}
// Initialize
function _onInitializePool(
bytes32,
address,
address,
uint256[] memory scalingFactors,
bytes memory userData
) internal virtual override whenNotPaused returns (uint256, uint256[] memory) {
// It would be strange for the Pool to be paused before it is initialized, but for consistency we prevent
// initialization in this case.
BaseWeightedPool.JoinKind kind = userData.joinKind();
_require(kind == BaseWeightedPool.JoinKind.INIT, Errors.UNINITIALIZED);
uint256[] memory amountsIn = userData.initialAmountsIn();
InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);
_upscaleArray(amountsIn, scalingFactors);
(uint256[] memory normalizedWeights, ) = _getNormalizedWeightsAndMaxWeightIndex();
uint256 invariantAfterJoin = WeightedMath._calculateInvariant(normalizedWeights, amountsIn);
// Set the initial BPT to the value of the invariant times the number of tokens. This makes BPT supply more
// consistent in Pools with similar compositions but different number of tokens.
uint256 bptAmountOut = Math.mul(invariantAfterJoin, _getTotalTokens());
_lastInvariant = invariantAfterJoin;
return (bptAmountOut, amountsIn);
}
// Join
function _onJoinPool(
bytes32,
address,
address,
uint256[] memory balances,
uint256,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytes memory userData
)
internal
virtual
override
whenNotPaused
returns (
uint256,
uint256[] memory,
uint256[] memory
)
{
// All joins are disabled while the contract is paused.
(uint256[] memory normalizedWeights, uint256 maxWeightTokenIndex) = _getNormalizedWeightsAndMaxWeightIndex();
// Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous join
// or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids spending gas
// computing them on each individual swap
uint256 invariantBeforeJoin = WeightedMath._calculateInvariant(normalizedWeights, balances);
uint256[] memory dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(
balances,
normalizedWeights,
maxWeightTokenIndex,
_lastInvariant,
invariantBeforeJoin,
protocolSwapFeePercentage
);
// Update current balances by subtracting the protocol fee amounts
_mutateAmounts(balances, dueProtocolFeeAmounts, FixedPoint.sub);
(uint256 bptAmountOut, uint256[] memory amountsIn) = _doJoin(balances, normalizedWeights, scalingFactors, userData);
// Update the invariant with the balances the Pool will have after the join, in order to compute the
// protocol swap fee amounts due in future joins and exits.
_lastInvariant = _invariantAfterJoin(balances, amountsIn, normalizedWeights);
return (bptAmountOut, amountsIn, dueProtocolFeeAmounts);
}
function _doJoin(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) internal returns (uint256, uint256[] memory) {
BaseWeightedPool.JoinKind kind = userData.joinKind();
if (kind == BaseWeightedPool.JoinKind.EXACT_TOKENS_IN_FOR_BPT_OUT) {
return _joinExactTokensInForBPTOut(balances, normalizedWeights, scalingFactors, userData);
} else if (kind == BaseWeightedPool.JoinKind.TOKEN_IN_FOR_EXACT_BPT_OUT) {
return _joinTokenInForExactBPTOut(balances, normalizedWeights, userData);
} else if (kind == BaseWeightedPool.JoinKind.ALL_TOKENS_IN_FOR_EXACT_BPT_OUT) {
return _joinAllTokensInForExactBPTOut(balances, userData);
} else {
_revert(Errors.UNHANDLED_JOIN_KIND);
}
}
function _joinExactTokensInForBPTOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) private returns (uint256, uint256[] memory) {
(uint256[] memory amountsIn, uint256 minBPTAmountOut) = userData.exactTokensInForBptOut();
InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);
_upscaleArray(amountsIn, scalingFactors);
(uint256 bptAmountOut, uint256[] memory swapFees) = WeightedMath._calcBptOutGivenExactTokensIn(
balances,
normalizedWeights,
amountsIn,
totalSupply(),
getSwapFeePercentage()
);
// Note that swapFees is already upscaled
_processSwapFeeAmounts(swapFees);
_require(bptAmountOut >= minBPTAmountOut, Errors.BPT_OUT_MIN_AMOUNT);
return (bptAmountOut, amountsIn);
}
function _joinTokenInForExactBPTOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
bytes memory userData
) private returns (uint256, uint256[] memory) {
(uint256 bptAmountOut, uint256 tokenIndex) = userData.tokenInForExactBptOut();
// Note that there is no maximum amountIn parameter: this is handled by `IVault.joinPool`.
_require(tokenIndex < _getTotalTokens(), Errors.OUT_OF_BOUNDS);
(uint256 amountIn, uint256 swapFee) = WeightedMath._calcTokenInGivenExactBptOut(
balances[tokenIndex],
normalizedWeights[tokenIndex],
bptAmountOut,
totalSupply(),
getSwapFeePercentage()
);
// Note that swapFee is already upscaled
_processSwapFeeAmount(tokenIndex, swapFee);
// We join in a single token, so we initialize amountsIn with zeros
uint256[] memory amountsIn = new uint256[](_getTotalTokens());
// And then assign the result to the selected token
amountsIn[tokenIndex] = amountIn;
return (bptAmountOut, amountsIn);
}
function _joinAllTokensInForExactBPTOut(uint256[] memory balances, bytes memory userData)
internal
view
virtual
returns (uint256, uint256[] memory)
{
uint256 bptAmountOut = userData.allTokensInForExactBptOut();
// Note that there is no maximum amountsIn parameter: this is handled by `IVault.joinPool`.
uint256[] memory amountsIn = WeightedMath._calcAllTokensInGivenExactBptOut(balances, bptAmountOut, totalSupply());
return (bptAmountOut, amountsIn);
}
// Exit
function _onExitPool(
bytes32,
address,
address,
uint256[] memory balances,
uint256,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytes memory userData
)
internal
virtual
override
returns (
uint256 bptAmountIn,
uint256[] memory amountsOut,
uint256[] memory dueProtocolFeeAmounts
)
{
(uint256[] memory normalizedWeights, uint256 maxWeightTokenIndex) = _getNormalizedWeightsAndMaxWeightIndex();
// Exits are not completely disabled while the contract is paused: proportional exits (exact BPT in for tokens
// out) remain functional.
if (_isNotPaused()) {
// Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous
// join or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids
// spending gas calculating the fees on each individual swap.
uint256 invariantBeforeExit = WeightedMath._calculateInvariant(normalizedWeights, balances);
dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(
balances,
normalizedWeights,
maxWeightTokenIndex,
_lastInvariant,
invariantBeforeExit,
protocolSwapFeePercentage
);
// Update current balances by subtracting the protocol fee amounts
_mutateAmounts(balances, dueProtocolFeeAmounts, GyroFixedPoint.sub);
} else {
// If the contract is paused, swap protocol fee amounts are not charged to avoid extra calculations and
// reduce the potential for errors.
dueProtocolFeeAmounts = new uint256[](_getTotalTokens());
}
(bptAmountIn, amountsOut) = _doExit(balances, normalizedWeights, scalingFactors, userData);
// Update the invariant with the balances the Pool will have after the exit, in order to compute the
// protocol swap fees due in future joins and exits.
_lastInvariant = _invariantAfterExit(balances, amountsOut, normalizedWeights);
return (bptAmountIn, amountsOut, dueProtocolFeeAmounts);
}
function _doExit(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) internal returns (uint256, uint256[] memory) {
BaseWeightedPool.ExitKind kind = userData.exitKind();
if (kind == BaseWeightedPool.ExitKind.EXACT_BPT_IN_FOR_ONE_TOKEN_OUT) {
return _exitExactBPTInForTokenOut(balances, normalizedWeights, userData);
} else if (kind == BaseWeightedPool.ExitKind.EXACT_BPT_IN_FOR_TOKENS_OUT) {
return _exitExactBPTInForTokensOut(balances, userData);
} else if (kind == BaseWeightedPool.ExitKind.BPT_IN_FOR_EXACT_TOKENS_OUT) {
return _exitBPTInForExactTokensOut(balances, normalizedWeights, scalingFactors, userData);
} else {
_revert(Errors.UNHANDLED_EXIT_KIND);
}
}
function _exitExactBPTInForTokenOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
bytes memory userData
) private whenNotPaused returns (uint256, uint256[] memory) {
// This exit function is disabled if the contract is paused.
(uint256 bptAmountIn, uint256 tokenIndex) = userData.exactBptInForTokenOut();
// Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.
_require(tokenIndex < _getTotalTokens(), Errors.OUT_OF_BOUNDS);
(uint256 amountOut, uint256 swapFee) = WeightedMath._calcTokenOutGivenExactBptIn(
balances[tokenIndex],
normalizedWeights[tokenIndex],
bptAmountIn,
totalSupply(),
getSwapFeePercentage()
);
// This is an exceptional situation in which the fee is charged on a token out instead of a token in.
// Note that swapFee is already upscaled.
_processSwapFeeAmount(tokenIndex, swapFee);
// We exit in a single token, so we initialize amountsOut with zeros
uint256[] memory amountsOut = new uint256[](_getTotalTokens());
// And then assign the result to the selected token
amountsOut[tokenIndex] = amountOut;
return (bptAmountIn, amountsOut);
}
function _exitExactBPTInForTokensOut(uint256[] memory balances, bytes memory userData) internal view virtual returns (uint256, uint256[] memory) {
// This exit function is the only one that is not disabled if the contract is paused: it remains unrestricted
// in an attempt to provide users with a mechanism to retrieve their tokens in case of an emergency.
// This particular exit function is the only one that remains available because it is the simplest one, and
// therefore the one with the lowest likelihood of errors.
uint256 bptAmountIn = userData.exactBptInForTokensOut();
// Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.
uint256[] memory amountsOut = WeightedMath._calcTokensOutGivenExactBptIn(balances, bptAmountIn, totalSupply());
return (bptAmountIn, amountsOut);
}
function _exitBPTInForExactTokensOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) private whenNotPaused returns (uint256, uint256[] memory) {
// This exit function is disabled if the contract is paused.
(uint256[] memory amountsOut, uint256 maxBPTAmountIn) = userData.bptInForExactTokensOut();
InputHelpers.ensureInputLengthMatch(amountsOut.length, _getTotalTokens());
_upscaleArray(amountsOut, scalingFactors);
(uint256 bptAmountIn, uint256[] memory swapFees) = WeightedMath._calcBptInGivenExactTokensOut(
balances,
normalizedWeights,
amountsOut,
totalSupply(),
getSwapFeePercentage()
);
_require(bptAmountIn <= maxBPTAmountIn, Errors.BPT_IN_MAX_AMOUNT);
// This is an exceptional situation in which the fee is charged on a token out instead of a token in.
// Note that swapFee is already upscaled.
_processSwapFeeAmounts(swapFees);
return (bptAmountIn, amountsOut);
}
// Helpers
function _getDueProtocolFeeAmounts(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256 maxWeightTokenIndex,
uint256 previousInvariant,
uint256 currentInvariant,
uint256 protocolSwapFeePercentage
) internal view virtual returns (uint256[] memory) {
// Initialize with zeros
uint256[] memory dueProtocolFeeAmounts = new uint256[](_getTotalTokens());
// Early return if the protocol swap fee percentage is zero, saving gas.
if (protocolSwapFeePercentage == 0) {
return dueProtocolFeeAmounts;
}
// The protocol swap fees are always paid using the token with the largest weight in the Pool. As this is the
// token that is expected to have the largest balance, using it to pay fees should not unbalance the Pool.
dueProtocolFeeAmounts[maxWeightTokenIndex] = WeightedMath._calcDueTokenProtocolSwapFeeAmount(
balances[maxWeightTokenIndex],
normalizedWeights[maxWeightTokenIndex],
previousInvariant,
currentInvariant,
protocolSwapFeePercentage
);
return dueProtocolFeeAmounts;
}
/**
* @dev Returns the value of the invariant given `balances`, assuming they are increased by `amountsIn`. All
* amounts are expected to be upscaled.
*/
function _invariantAfterJoin(
uint256[] memory balances,
uint256[] memory amountsIn,
uint256[] memory normalizedWeights
) private view returns (uint256) {
_mutateAmounts(balances, amountsIn, GyroFixedPoint.add);
return WeightedMath._calculateInvariant(normalizedWeights, balances);
}
function _invariantAfterExit(
uint256[] memory balances,
uint256[] memory amountsOut,
uint256[] memory normalizedWeights
) private view returns (uint256) {
_mutateAmounts(balances, amountsOut, GyroFixedPoint.sub);
return WeightedMath._calculateInvariant(normalizedWeights, balances);
}
/**
* @dev Mutates `amounts` by applying `mutation` with each entry in `arguments`.
*
* Equivalent to `amounts = amounts.map(mutation)`.
*/
function _mutateAmounts(
uint256[] memory toMutate,
uint256[] memory arguments,
function(uint256, uint256) pure returns (uint256) mutation
) internal view {
for (uint256 i = 0; i < _getTotalTokens(); ++i) {
toMutate[i] = mutation(toMutate[i], arguments[i]);
}
}
/**
* @dev This function returns the appreciation of one BPT relative to the
* underlying tokens. This starts at 1 when the pool is created and grows over time
*/
function getRate() public view returns (uint256) {
// The initial BPT supply is equal to the invariant times the number of tokens.
return Math.mul(getInvariant(), _getTotalTokens()).divDown(totalSupply());
}
}// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.7.6;
// import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import "./Gyro3CLPPoolErrors.sol";
import "../../libraries/GyroFixedPoint.sol";
import "../../libraries/GyroPoolMath.sol";
import "../../libraries/GyroErrors.sol";
// These functions start with an underscore, as if they were part of a contract and not a library. At some point this
// should be fixed.
// solhint-disable private-vars-leading-underscore
/** @dev Math routines for the "symmetric" 3CLP, i.e., the price bounds are [alpha, 1/alpha] for all three asset
* pairs. We pass the parameter root3Alpha = 3rd root of alpha. We don't need to compute root3Alpha; instead, we
* take this as the fundamental parameter and compute alpha = root3Alpha^3 where needed.
*
* A large part of this code is concerned with computing the invariant L from the real reserves, via Newton's method.
* This can be rather large and we need it to high precision. We apply various techniques to prevent an accumulation of
* errors. See the 2-CLP/3-CLP math paper (especially Appendix A) for context.
*
* Most calculations are unchecked and instead we impose some global bounds to ensure that they don't overflow. See the
* Overflow Analysis writeup for why this works.
*/
library Gyro3CLPMath {
using GyroFixedPoint for uint256;
using GyroPoolMath for uint256; // for the function number._sqrt(tolerance)
// Stopping criterion for the Newton iteration that computes the invariant:
// - Stop if the step width doesn't shrink anymore by at least a factor _INVARIANT_SHRINKING_FACTOR_PER_STEP.
// - but in any case, make at least _INVARIANT_MIN_ITERATIONS iterations. This is useful to compensate for a
// less-than-ideal starting point, which is important when alpha is small.
uint8 internal constant _INVARIANT_SHRINKING_FACTOR_PER_STEP = 8;
uint8 internal constant _INVARIANT_MIN_ITERATIONS = 5;
// Thresholds that prevent against numerical overflow and excessive inaccuracy:
uint256 internal constant _MAX_BALANCES = 1e29; // 1e11 = 100 billion, scaled
uint256 internal constant _MIN_ROOT_3_ALPHA = 0.15874010519681997e18; // 3rd root of 0.004, scaled
uint256 internal constant _MAX_ROOT_3_ALPHA = 0.9999666655554938e18; // 3rd root of 0.9999, scaled
// Threshold of l where the normal method of computing the newton step would overflow and we need a workaround.
uint256 internal constant _L_THRESHOLD_SIMPLE_NUMERICS = 2e31; // 2e13, scaled
// Threshold of l above which overflows may occur in the Newton iteration. This is far above the theoretically
// maximum possible (starting or solution or intermediate) value of l, so it would only ever be reached due to some
// other bug in the Newton iteration.
uint256 internal constant _L_MAX = 1e34; // 1e16, scaled
// Minimum value of l / L+, where L+ is the local minimum of the function f. This is significantly below the
// theoretically minimum possible (starting or solution or intermediate) value of l / L+, so it would only ever be
// reached due to a bug in the Newton iteration. We require this because otherwise, rounding errors in
// `divDownLarge()` may become significant.
uint256 internal constant _L_VS_LPLUS_MIN = 1.3e18; // 1.3, scaled
/** @dev The invariant L corresponding to the given balances and alpha. */
function _calculateInvariant(uint256[] memory balances, uint256 root3Alpha) internal pure returns (uint256 rootEst) {
if (!(balances[0] <= _MAX_BALANCES)) _grequire(false, Gyro3CLPPoolErrors.BALANCES_TOO_LARGE);
if (!(balances[1] <= _MAX_BALANCES)) _grequire(false, Gyro3CLPPoolErrors.BALANCES_TOO_LARGE);
if (!(balances[2] <= _MAX_BALANCES)) _grequire(false, Gyro3CLPPoolErrors.BALANCES_TOO_LARGE);
(uint256 a, uint256 mb, uint256 mc, uint256 md) = _calculateCubicTerms(balances, root3Alpha);
return _calculateCubic(a, mb, mc, md, root3Alpha);
}
/** @dev Prepares cubic coefficients for input to _calculateCubic().
* We will have a > 0, b < 0, c <= 0, and d <= 0 and return a, -b, -c, -d, all >= 0
* Terms come from cubic in Section 3.1.1.*/
function _calculateCubicTerms(uint256[] memory balances, uint256 root3Alpha)
internal
pure
returns (
uint256 a,
uint256 mb,
uint256 mc,
uint256 md
)
{
// Order of operations is chosen to minimize error amplification. This also duplicates some operations, but
// minimizing error is more important than saving gas at this point.
a = GyroFixedPoint.ONE - root3Alpha.mulDownU(root3Alpha).mulDownU(root3Alpha);
uint256 bterm = balances[0] + balances[1] + balances[2];
mb = bterm.mulDownU(root3Alpha).mulDownU(root3Alpha);
uint256 cterm = balances[0].mulDownU(balances[1]) + balances[1].mulDownU(balances[2]) + balances[2].mulDownU(balances[0]);
mc = cterm.mulDownU(root3Alpha);
md = balances[0].mulDownU(balances[1]).mulDownU(balances[2]);
}
/** @dev Calculate the maximal root of the polynomial a L^3 - mb L^2 - mc L - md.
* This root is always non-negative, and it is the unique positive root unless mb == mc == md == 0.
* This function and all following ones require that a = 1 - root3Alpha^3 like in _calculateCubicTerms(), i.e.,
* this *cannot* be used for *any* cubic equation. We do this because `a` carries an error and to be able to
* rearrange operations to reduce error accumulation.*/
function _calculateCubic(
uint256 a,
uint256 mb,
uint256 mc,
uint256 md,
uint256 root3Alpha
) internal pure returns (uint256 rootEst) {
uint256 l_lower;
(l_lower, rootEst) = _calculateCubicStartingPoint(a, mb, mc, md);
rootEst = _runNewtonIteration(mb, mc, md, root3Alpha, l_lower, rootEst);
// Sanity check; the Newton iteration does not check its own final result, only intermediate results.
if (!(rootEst <= _L_MAX)) _grequire(false, Gyro3CLPPoolErrors.INVARIANT_TOO_LARGE);
}
/** @dev (Minimum safe value, starting point for Newton iteration). Calibrated to the particular polynomial for
* computing the invariant. For values < l_lower, errors from rounding can amplify too much when l is large. This
* is only relevant for the branch of calcNewtonDelta() where rootEst > _L_THRESHOLD_SIMPLE_NUMERICS.
*/
function _calculateCubicStartingPoint(
uint256 a,
uint256 mb,
uint256 mc,
uint256 // md
) internal pure returns (uint256 l_lower, uint256 l0) {
uint256 radic = mb.mulUpU(mb) + a.mulUpU(mc * 3);
uint256 lplus = (mb + radic._sqrt(5)).divUpU(a * 3); // Upper local minimum
// This formula has been found computationally. It is exact for alpha -> 1, where the factor is 1.5. All
// factors > 1 are safe. For small alpha values, it is more efficient to fallback to a larger factor.
uint256 alpha = GyroFixedPoint.ONE - a; // We know that a is in [0, 1].
l0 = lplus.mulUpU(alpha >= 0.5e18 ? 1.5e18 : 2e18);
l_lower = lplus.mulUpU(_L_VS_LPLUS_MIN);
}
/** @dev Find a root of the given polynomial with the given starting point l.
* Safe iff l > the local minimum.
* Note that f(l) may be negative for the first iteration and will then be positive (up to rounding errors).
* f'(l) is always positive for the range of values we consider.
* See write-up, Appendix A.*/
function _runNewtonIteration(
uint256 mb,
uint256 mc,
uint256 md,
uint256 root3Alpha,
uint256 l_lower,
uint256 rootEst
) internal pure returns (uint256) {
uint256 deltaAbsPrev = 0;
for (uint256 iteration = 0; iteration < 255; ++iteration) {
// The delta to the next step can be positive or negative, and we represent its sign separately.
(uint256 deltaAbs, bool deltaIsPos) = _calcNewtonDelta(mb, mc, md, root3Alpha, l_lower, rootEst);
// Note: If we ever set _INVARIANT_MIN_ITERATIONS=0, the following should include `iteration >= 1`.
if (deltaAbs <= 1) return rootEst;
if (iteration >= _INVARIANT_MIN_ITERATIONS && deltaIsPos)
// This should mathematically never happen. Thus, the numerical error dominates at this point.
return rootEst;
if (iteration >= _INVARIANT_MIN_ITERATIONS && deltaAbs >= deltaAbsPrev / _INVARIANT_SHRINKING_FACTOR_PER_STEP) {
// The iteration has stalled and isn't making significant progress anymore.
return rootEst;
}
deltaAbsPrev = deltaAbs;
// Using checked versions of add/sub just to be extra sure
if (deltaIsPos) rootEst = rootEst.add(deltaAbs);
else rootEst = rootEst.sub(deltaAbs);
}
_grevert(Gyro3CLPPoolErrors.INVARIANT_DIDNT_CONVERGE);
}
/** @dev The Newton step -f(l)/f'(l), represented by its absolute value and its sign.
* Requires that l is sufficiently large (right of the local minimum) so that f' > 0.*/
function _calcNewtonDelta(
uint256 mb,
uint256 mc,
uint256 md,
uint256 root3Alpha,
uint256 l_lower,
uint256 rootEst
) internal pure returns (uint256 deltaAbs, bool deltaIsPos) {
if (!(rootEst <= _L_MAX)) _grequire(false, Gyro3CLPPoolErrors.INVARIANT_TOO_LARGE);
// Note: In principle, this check is only relevant for the `else` branch below. But if it's violated, this
// points to severe problems anyways, so we keep it here.
if (!(rootEst >= l_lower)) _grequire(false, Gyro3CLPPoolErrors.INVARIANT_UNDERFLOW);
uint256 rootEst2 = rootEst.mulDownU(rootEst);
// The following is equal to dfRootEst^3 * a but with the order of operations optimized for precision.
// Subtraction does not underflow since rootEst is chosen so that it's always above the (only) local minimum.
// SOMEDAY alternative with very slightly worse rounding and slightly lower gas:
// uint256 dfRootEst = 3 * rootEst2;
uint256 dfRootEst = (rootEst * 3).mulDown(rootEst);
dfRootEst = dfRootEst - dfRootEst.mulDownU(root3Alpha).mulDownU(root3Alpha).mulDownU(root3Alpha);
dfRootEst = dfRootEst - 2 * rootEst.mulDownU(mb) - mc;
// We distinguish two cases: Relatively small values of rootEst, where we can use simple operations, and larger
// values, where the simple operations may overflow and we need to use functions that compensate for that.
uint256 deltaMinus;
uint256 deltaPlus;
if (rootEst <= _L_THRESHOLD_SIMPLE_NUMERICS) {
// Calculations are ordered and grouped to minimize rounding error amplification.
deltaMinus = rootEst2.mulDownU(rootEst);
deltaMinus = deltaMinus - deltaMinus.mulDownU(root3Alpha).mulDownU(root3Alpha).mulDownU(root3Alpha);
deltaMinus = deltaMinus.divDownU(dfRootEst);
// NB: We could pull apart the different values here and reorder them in much the same way we did above to
// reduce errors. But tests show that this has no significant effect, and it would lead to more complex code
// and worse gas.
deltaPlus = rootEst2.mulDownU(mb);
deltaPlus = (deltaPlus + rootEst.mulDownU(mc)).divDownU(dfRootEst);
deltaPlus = deltaPlus + md.divDownU(dfRootEst);
} else {
// Same operations as above, but we replace some of the operations with their variants that work for larger
// numbers.
deltaMinus = rootEst2.mulDownLargeSmallU(rootEst);
deltaMinus = deltaMinus - deltaMinus.mulDownLargeSmallU(root3Alpha).mulDownLargeSmallU(root3Alpha).mulDownLargeSmallU(root3Alpha);
// NB: `divDownLarge()` is not exact, but `dfRootEst` is large enough so that the error is on the order of
// 1e-18. To see why, and why this doesn't overflow, see the Overflow Analysis writeup.
deltaMinus = deltaMinus.divDownLargeU(dfRootEst);
// We use mulDownLargeSmall() to prevent an overflow that can occur for large balances and alpha very
// close to 1.
deltaPlus = rootEst2.mulDownLargeSmallU(mb);
// NB: `divDownLarge()` is not exact, but `dfRootEst` is large enough so that the error is on the order of
// 1e-18. To see why, and why this doesn't overflow, see the Overflow Analysis writeup.
deltaPlus = deltaPlus + mc.mulDownU(rootEst);
deltaPlus = deltaPlus.divDownLargeU(dfRootEst, 1e12, 1e6);
deltaPlus = deltaPlus + md.divDownU(dfRootEst);
}
deltaIsPos = (deltaPlus >= deltaMinus);
deltaAbs = (deltaIsPos ? deltaPlus - deltaMinus : deltaMinus - deltaPlus);
}
/** @dev Computes how many tokens can be taken out of a pool if `amountIn` are sent, given the current balances and
* price bounds.
* See Proposition 13 in 3.1.4. In contrast to the proposition, we use two separate functions for trading given the
* out-amount and the in-amount, respectively.
* The virtualOffset argument depends on the computed invariant. While the calculation is very precise, small errors
* can occur. We add a very small margin to ensure that such errors are not to the detriment of the pool. */
function _calcOutGivenIn(
uint256 balanceIn,
uint256 balanceOut,
uint256 amountIn,
uint256 virtualOffset
) internal pure returns (uint256 amountOut) {
/**********************************************************************************************
// Described for X = `in' asset and Z = `out' asset, but equivalent for the other case //
// dX = incrX = amountIn > 0 //
// dZ = incrZ = amountOut < 0 //
// x = balanceIn x' = x + virtualOffset //
// z = balanceOut z' = z + virtualOffset //
// L = inv.Liq / x' * z' \ z' * dX //
// |dZ| = z' - | -------------------------- | = --------------- //
// x' = virtIn \ ( x' + dX) / x' + dX //
// z' = virtOut //
// Note that -dz > 0 is what the trader receives. //
// We exploit the fact that this formula is symmetric and does not depend on which asset is //
// which.
// We assume that the virtualOffset carries a relative +/- 3e-18 error due to the invariant //
// calculation add an appropriate safety margin. //
**********************************************************************************************/
{
// The factors in total lead to a multiplicative "safety margin" between the employed virtual offsets
// very slightly larger than 3e-18, compensating for the maximum multiplicative error in the invariant
// computation.
// SOMEDAY These factors could further be adjusted to compensate for potential errors in the invariant when
// the balances are very large. (likely not needed)
uint256 virtInOver = balanceIn + virtualOffset.mulUpU(GyroFixedPoint.ONE + 2);
uint256 virtOutUnder = balanceOut + virtualOffset.mulDownU(GyroFixedPoint.ONE - 1);
// Note that the user can define amountIn so we have to check for overflows
amountOut = virtOutUnder.mulDown(amountIn).divDown(virtInOver.add(amountIn));
}
// We need to ensure amountOut <= balanceOut manually
if (!(amountOut <= balanceOut)) _grequire(false, Gyro3CLPPoolErrors.ASSET_BOUNDS_EXCEEDED);
}
/** @dev Computes how many tokens must be sent to a pool in order to take `amountOut`, given the current balances
* and price bounds. See documentation for _calcOutGivenIn(), too. */
function _calcInGivenOut(
uint256 balanceIn,
uint256 balanceOut,
uint256 amountOut,
uint256 virtualOffset
) internal pure returns (uint256 amountIn) {
/**********************************************************************************************
// Described for X = `in' asset and Z = `out' asset, but equivalent for the other case //
// dX = incrX = amountIn > 0 //
// dZ = incrZ = amountOut < 0 //
// x = balanceIn x' = x + virtualOffset //
// z = balanceOut z' = z + virtualOffset //
// L = inv.Liq / x' * z' \ x' * dZ //
// dX = | -------------------------- | - x' = --------------- //
// x' = virtIn \ ( z' + dZ) / z' - dZ //
// z' = virtOut //
// Note that dz < 0 < dx. //
// We exploit the fact that this formula is symmetric and does not depend on which asset is //
// which.
// We assume that the virtualOffset carries a relative +/- 3e-18 error due to the invariant //
// calculation add an appropriate safety margin. //
**********************************************************************************************/
// We need to ensure manually that amountOut <= balanceOut.
if (!(amountOut <= balanceOut)) _grequire(false, Gyro3CLPPoolErrors.ASSET_BOUNDS_EXCEEDED);
{
// The factors in total lead to a multiplicative "safety margin" between the employed virtual offsets
// very slightly larger than 3e-18, compensating for the maximum multiplicative error in the invariant
// computation.
// SOMEDAY These factors could further be adjusted to compensate for potential errors in the invariant when
// the balances are very large. (likely not needed)
uint256 virtInOver = balanceIn + virtualOffset.mulUpU(GyroFixedPoint.ONE + 2);
uint256 virtOutUnder = balanceOut + virtualOffset.mulDownU(GyroFixedPoint.ONE - 1);
// Note that the user can define amountOut so we have to check for overflows
amountIn = virtInOver.mulUp(amountOut).divUp(virtOutUnder.sub(amountOut));
}
}
}// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.7.6;
// solhint-disable
library Gyro3CLPPoolErrors {
// Math
uint256 internal constant PRICE_BOUNDS_WRONG = 351;
uint256 internal constant INVARIANT_DIDNT_CONVERGE = 352;
uint256 internal constant ASSET_BOUNDS_EXCEEDED = 357; //NB this is the same as the E-CLP and 2-CLP
uint256 internal constant UNDERESTIMATE_INVARIANT_FAILED = 360;
uint256 internal constant INVARIANT_TOO_LARGE = 361;
uint256 internal constant BALANCES_TOO_LARGE = 362;
uint256 internal constant INVARIANT_UNDERFLOW = 363;
// Input
uint256 internal constant TOKENS_LENGTH_MUST_BE_3 = 353;
uint256 internal constant TOKENS_NOT_AMONG_POOL_TOKENS = 354;
}// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity 0.7.6;
pragma experimental ABIEncoderV2;
// import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "../libraries/GyroFixedPoint.sol";
import "../interfaces/ICappedLiquidity.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/IAuthentication.sol";
/** @dev Enables caps on i) per-LP and ii) total caps on the pool size. Caps are in terms of BPT tokens! Pool functions
* have to call _ensureCap() to enforce the cap.
*/
abstract contract CappedLiquidity is ICappedLiquidity {
using GyroFixedPoint for uint256;
string internal constant _OVER_GLOBAL_CAP = "over global liquidity cap";
string internal constant _OVER_ADDRESS_CAP = "over address liquidity cap";
string internal constant _NOT_AUTHORIZED = "not authorized";
string internal constant _UNCAPPED = "pool is uncapped";
CapParams internal _capParams;
address public override capManager;
constructor(address _capManager, CapParams memory params) {
require(_capManager != address(0), _NOT_AUTHORIZED);
capManager = _capManager;
_capParams.capEnabled = params.capEnabled;
_capParams.perAddressCap = params.perAddressCap;
_capParams.globalCap = params.globalCap;
}
function setCapManager(address _capManager) external {
require(msg.sender == capManager, _NOT_AUTHORIZED);
capManager = _capManager;
emit CapManagerUpdated(_capManager);
}
function capParams() external view override returns (CapParams memory) {
return _capParams;
}
function setCapParams(CapParams memory params) external override {
require(msg.sender == capManager, _NOT_AUTHORIZED);
require(_capParams.capEnabled, _UNCAPPED);
_capParams.capEnabled = params.capEnabled;
_capParams.perAddressCap = params.perAddressCap;
_capParams.globalCap = params.globalCap;
emit CapParamsUpdated(_capParams);
}
function _ensureCap(
uint256 amountMinted,
uint256 userBalance,
uint256 currentSupply
) internal view {
CapParams memory params = _capParams;
require(amountMinted.add(userBalance) <= params.perAddressCap, _OVER_ADDRESS_CAP);
require(amountMinted.add(currentSupply) <= params.globalCap, _OVER_GLOBAL_CAP);
}
}// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.7.6;
import "../interfaces/ILocallyPausable.sol";
import "../libraries/GyroErrors.sol";
/**
* @notice This contract is used to allow a pool to be paused directly, rather than going through Balancer's
* authentication system.
*/
abstract contract LocallyPausable is ILocallyPausable {
address public pauseManager;
string internal constant _NOT_PAUSE_MANAGER = "not pause manager";
constructor(address _pauseManager) {
_grequire(_pauseManager != address(0), GyroErrors.ZERO_ADDRESS);
pauseManager = _pauseManager;
}
/// @inheritdoc ILocallyPausable
function changePauseManager(address _pauseManager) external override {
address currentPauseManager = pauseManager;
require(currentPauseManager == msg.sender, _NOT_PAUSE_MANAGER);
pauseManager = _pauseManager;
emit PauseManagerChanged(currentPauseManager, _pauseManager);
}
/// @inheritdoc ILocallyPausable
function pause() external override {
require(pauseManager == msg.sender, _NOT_PAUSE_MANAGER);
_setPausedState(true);
emit PausedLocally();
}
/// @inheritdoc ILocallyPausable
function unpause() external override {
require(pauseManager == msg.sender, _NOT_PAUSE_MANAGER);
_setPausedState(false);
emit UnpausedLocally();
}
function _setPausedState(bool paused) internal virtual;
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "@balancer-labs/v2-solidity-utils/contracts/math/LogExpMath.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/BalancerErrors.sol";
import "@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
/* solhint-disable private-vars-leading-underscore */
// Gyroscope: Copied from Balancer's FixedPoint library. We added a few additional functions and made _require()s more
// gas-efficient.
// We renamed this to `GyroFixedPoint` to avoid name clashes with functions used in other Balancer libraries we use.
library GyroFixedPoint {
uint256 internal constant ONE = 1e18; // 18 decimal places
uint256 internal constant MIDDECIMAL = 1e9; // splits the fixed point decimals into two equal parts.
uint256 internal constant MAX_POW_RELATIVE_ERROR = 10000; // 10^(-14)
// Minimum base for the power function when the exponent is 'free' (larger than ONE).
uint256 internal constant MIN_POW_BASE_FREE_EXPONENT = 0.7e18;
function add(uint256 a, uint256 b) internal pure returns (uint256) {
// Fixed Point addition is the same as regular checked addition
uint256 c = a + b;
if (!(c >= a)) {
_require(false, Errors.ADD_OVERFLOW);
}
return c;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
// Fixed Point addition is the same as regular checked addition
if (!(b <= a)) {
_require(false, Errors.SUB_OVERFLOW);
}
uint256 c = a - b;
return c;
}
function mulDown(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 product = a * b;
if (!(a == 0 || product / a == b)) {
_require(false, Errors.MUL_OVERFLOW);
}
return product / ONE;
}
/// @dev "U" denotes version of the math function that does not check for overflows in order to save gas
function mulDownU(uint256 a, uint256 b) internal pure returns (uint256) {
return (a * b) / ONE;
}
function mulUp(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 product = a * b;
if (!(a == 0 || product / a == b)) {
_require(false, Errors.MUL_OVERFLOW);
}
if (product == 0) {
return 0;
}
// The traditional divUp formula is:
// divUp(x, y) := (x + y - 1) / y
// To avoid intermediate overflow in the addition, we distribute the division and get:
// divUp(x, y) := (x - 1) / y + 1
// Note that this requires x != 0, which we already tested for.
return ((product - 1) / ONE) + 1;
}
function mulUpU(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 product = a * b;
if (product == 0) {
return 0;
}
// The traditional divUp formula is:
// divUp(x, y) := (x + y - 1) / y
// To avoid intermediate overflow in the addition, we distribute the division and get:
// divUp(x, y) := (x - 1) / y + 1
// Note that this requires x != 0, which we already tested for.
return ((product - 1) / ONE) + 1;
}
function divDown(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
_require(false, Errors.ZERO_DIVISION);
}
if (a == 0) {
return 0;
}
uint256 aInflated = a * ONE;
if (!(aInflated / a == ONE)) {
_require(false, Errors.DIV_INTERNAL); // mul overflow
}
return aInflated / b;
}
function divDownU(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
_require(false, Errors.ZERO_DIVISION);
}
return (a * ONE) / b;
}
function divUp(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
_require(false, Errors.ZERO_DIVISION);
}
if (a == 0) {
return 0;
}
uint256 aInflated = a * ONE;
if (!(aInflated / a == ONE)) {
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow
}
// The traditional divUp formula is:
// divUp(x, y) := (x + y - 1) / y
// To avoid intermediate overflow in the addition, we distribute the division and get:
// divUp(x, y) := (x - 1) / y + 1
// Note that this requires x != 0, which we already tested for.
return ((aInflated - 1) / b) + 1;
}
function divUpU(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
_require(false, Errors.ZERO_DIVISION);
}
if (a == 0) {
return 0;
}
return ((a * ONE - 1) / b) + 1;
}
/**
* @dev Like mulDown(), but it also works in some situations where mulDown(a, b) would overflow because a * b is too
* large. We achieve this by splitting up `a` into its integer and its fractional part. `a` should be the bigger of
* the two numbers to achieve the best overflow guarantees.
* This won't overflow if both of
* - a * b ≤ 1.15e95 (raw values, i.e., a * b ≤ 1.15e59 with respect to the fixed-point values that they describe)
* - b ≤ 1.15e59 (raw values, i.e., a ≤ 1.15e41 with respect to the values that a describes)
* hold. That's better than mulDown(), where we would need a * b ≤ 1.15e77 approximately.
*/
function mulDownLargeSmall(uint256 a, uint256 b) internal pure returns (uint256) {
return add(Math.mul(a / ONE, b), mulDown(a % ONE, b));
}
function mulDownLargeSmallU(uint256 a, uint256 b) internal pure returns (uint256) {
return (a / ONE) * b + mulDownU(a % ONE, b);
}
/**
* @dev Like divDown(), but it also works when `a` would overflow in `divDown`. This is safe if both of
* - a ≤ 1.15e68 (raw, i.e., a ≤ 1.15e50 with respect to the value that is represented)
* - b ≥ 1e9 (raw, i.e., b ≥ 1e-9 with respect to the value represented)
* hold. For `divDown` it's 1.15e59 and 1.15e41, respectively.
* Introduces some rounding error that is relevant iff b is small.
*/
function divDownLarge(uint256 a, uint256 b) internal pure returns (uint256) {
return divDownLarge(a, b, MIDDECIMAL, MIDDECIMAL);
}
function divDownLargeU(uint256 a, uint256 b) internal pure returns (uint256) {
return divDownLargeU(a, b, MIDDECIMAL, MIDDECIMAL);
}
/**
* @dev Like divDown(), but it also works when `a` would overflow in `divDown`. d and e must be chosen such that
* d * e = 1e18 (raw numbers, or d * e = 1e-18 with respect to the numbers they represent in fixed point). Note that
* this requires d, e ≤ 1e18 (raw, or d, e ≤ 1 with respect to the numbers represented).
* This operation is safe if both of
* - a * d ≤ 1.15e77 (raw, i.e., a * d ≤ 1.15e41 with respect to the value that is represented)
* - b ≥ e (with respect to raw or represented numbers)
* hold.
* Introduces some rounding error that is relevant iff b is small and is proportional to e.
*/
function divDownLarge(
uint256 a,
uint256 b,
uint256 d,
uint256 e
) internal pure returns (uint256) {
return Math.divDown(Math.mul(a, d), Math.divUp(b, e));
}
/// @dev e is assumed to be non-zero, and so division by zero is not checked for it
function divDownLargeU(
uint256 a,
uint256 b,
uint256 d,
uint256 e
) internal pure returns (uint256) {
// (a * d) / (b / e)
if (b == 0) {
// In this case only, the denominator of the outer division is zero, and we revert
_require(false, Errors.ZERO_DIVISION);
}
uint256 denom = 1 + (b - 1) / e;
return (a * d) / denom;
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above
* the true value (that is, the error function expected - actual is always positive).
*/
function powDown(uint256 x, uint256 y) internal pure returns (uint256) {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
if (raw < maxError) {
return 0;
}
return sub(raw, maxError);
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below
* the true value (that is, the error function expected - actual is always negative).
*/
function powUp(uint256 x, uint256 y) internal pure returns (uint256) {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
return add(raw, maxError);
}
/**
* @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1.
*
* Useful when computing the complement for values with some level of relative error, as it strips this error and
* prevents intermediate negative values.
*/
function complement(uint256 x) internal pure returns (uint256) {
return (x < ONE) ? (ONE - x) : 0;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
import "../helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow checks.
* Adapted from OpenZeppelin's SafeMath library
*/
library Math {
/**
* @dev Returns the addition of two unsigned integers of 256 bits, reverting on overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the addition of two signed integers, reverting on overflow.
*/
function add(int256 a, int256 b) internal pure returns (int256) {
int256 c = a + b;
_require((b >= 0 && c >= a) || (b < 0 && c < a), Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers of 256 bits, reverting on overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
_require(b <= a, Errors.SUB_OVERFLOW);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the subtraction of two signed integers, reverting on overflow.
*/
function sub(int256 a, int256 b) internal pure returns (int256) {
int256 c = a - b;
_require((b >= 0 && c <= a) || (b < 0 && c > a), Errors.SUB_OVERFLOW);
return c;
}
/**
* @dev Returns the largest of two numbers of 256 bits.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers of 256 bits.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a * b;
_require(a == 0 || c / a == b, Errors.MUL_OVERFLOW);
return c;
}
function div(
uint256 a,
uint256 b,
bool roundUp
) internal pure returns (uint256) {
return roundUp ? divUp(a, b) : divDown(a, b);
}
function divDown(uint256 a, uint256 b) internal pure returns (uint256) {
_require(b != 0, Errors.ZERO_DIVISION);
return a / b;
}
function divUp(uint256 a, uint256 b) internal pure returns (uint256) {
_require(b != 0, Errors.ZERO_DIVISION);
if (a == 0) {
return 0;
} else {
return 1 + (a - 1) / b;
}
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "../openzeppelin/IERC20.sol";
import "./BalancerErrors.sol";
library InputHelpers {
function ensureInputLengthMatch(uint256 a, uint256 b) internal pure {
_require(a == b, Errors.INPUT_LENGTH_MISMATCH);
}
function ensureInputLengthMatch(
uint256 a,
uint256 b,
uint256 c
) internal pure {
_require(a == b && b == c, Errors.INPUT_LENGTH_MISMATCH);
}
function ensureArrayIsSorted(IERC20[] memory array) internal pure {
address[] memory addressArray;
// solhint-disable-next-line no-inline-assembly
assembly {
addressArray := array
}
ensureArrayIsSorted(addressArray);
}
function ensureArrayIsSorted(address[] memory array) internal pure {
if (array.length < 2) {
return;
}
address previous = array[0];
for (uint256 i = 1; i < array.length; ++i) {
address current = array[i];
_require(previous < current, Errors.UNSORTED_ARRAY);
previous = current;
}
}
}// SPDX-License-Identifier: MIT
// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
// documentation files (the “Software”), to deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to the following conditions:
// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
// Software.
// THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
pragma solidity ^0.7.0;
import "../helpers/BalancerErrors.sol";
/* solhint-disable */
/**
* @dev Exponentiation and logarithm functions for 18 decimal fixed point numbers (both base and exponent/argument).
*
* Exponentiation and logarithm with arbitrary bases (x^y and log_x(y)) are implemented by conversion to natural
* exponentiation and logarithm (where the base is Euler's number).
*
* @author Fernando Martinelli - @fernandomartinelli
* @author Sergio Yuhjtman - @sergioyuhjtman
* @author Daniel Fernandez - @dmf7z
*/
library LogExpMath {
// All fixed point multiplications and divisions are inlined. This means we need to divide by ONE when multiplying
// two numbers, and multiply by ONE when dividing them.
// All arguments and return values are 18 decimal fixed point numbers.
int256 constant ONE_18 = 1e18;
// Internally, intermediate values are computed with higher precision as 20 decimal fixed point numbers, and in the
// case of ln36, 36 decimals.
int256 constant ONE_20 = 1e20;
int256 constant ONE_36 = 1e36;
// The domain of natural exponentiation is bound by the word size and number of decimals used.
//
// Because internally the result will be stored using 20 decimals, the largest possible result is
// (2^255 - 1) / 10^20, which makes the largest exponent ln((2^255 - 1) / 10^20) = 130.700829182905140221.
// The smallest possible result is 10^(-18), which makes largest negative argument
// ln(10^(-18)) = -41.446531673892822312.
// We use 130.0 and -41.0 to have some safety margin.
int256 constant MAX_NATURAL_EXPONENT = 130e18;
int256 constant MIN_NATURAL_EXPONENT = -41e18;
// Bounds for ln_36's argument. Both ln(0.9) and ln(1.1) can be represented with 36 decimal places in a fixed point
// 256 bit integer.
int256 constant LN_36_LOWER_BOUND = ONE_18 - 1e17;
int256 constant LN_36_UPPER_BOUND = ONE_18 + 1e17;
uint256 constant MILD_EXPONENT_BOUND = 2**254 / uint256(ONE_20);
// 18 decimal constants
int256 constant x0 = 128000000000000000000; // 2ˆ7
int256 constant a0 = 38877084059945950922200000000000000000000000000000000000; // eˆ(x0) (no decimals)
int256 constant x1 = 64000000000000000000; // 2ˆ6
int256 constant a1 = 6235149080811616882910000000; // eˆ(x1) (no decimals)
// 20 decimal constants
int256 constant x2 = 3200000000000000000000; // 2ˆ5
int256 constant a2 = 7896296018268069516100000000000000; // eˆ(x2)
int256 constant x3 = 1600000000000000000000; // 2ˆ4
int256 constant a3 = 888611052050787263676000000; // eˆ(x3)
int256 constant x4 = 800000000000000000000; // 2ˆ3
int256 constant a4 = 298095798704172827474000; // eˆ(x4)
int256 constant x5 = 400000000000000000000; // 2ˆ2
int256 constant a5 = 5459815003314423907810; // eˆ(x5)
int256 constant x6 = 200000000000000000000; // 2ˆ1
int256 constant a6 = 738905609893065022723; // eˆ(x6)
int256 constant x7 = 100000000000000000000; // 2ˆ0
int256 constant a7 = 271828182845904523536; // eˆ(x7)
int256 constant x8 = 50000000000000000000; // 2ˆ-1
int256 constant a8 = 164872127070012814685; // eˆ(x8)
int256 constant x9 = 25000000000000000000; // 2ˆ-2
int256 constant a9 = 128402541668774148407; // eˆ(x9)
int256 constant x10 = 12500000000000000000; // 2ˆ-3
int256 constant a10 = 113314845306682631683; // eˆ(x10)
int256 constant x11 = 6250000000000000000; // 2ˆ-4
int256 constant a11 = 106449445891785942956; // eˆ(x11)
/**
* @dev Exponentiation (x^y) with unsigned 18 decimal fixed point base and exponent.
*
* Reverts if ln(x) * y is smaller than `MIN_NATURAL_EXPONENT`, or larger than `MAX_NATURAL_EXPONENT`.
*/
function pow(uint256 x, uint256 y) internal pure returns (uint256) {
if (y == 0) {
// We solve the 0^0 indetermination by making it equal one.
return uint256(ONE_18);
}
if (x == 0) {
return 0;
}
// Instead of computing x^y directly, we instead rely on the properties of logarithms and exponentiation to
// arrive at that result. In particular, exp(ln(x)) = x, and ln(x^y) = y * ln(x). This means
// x^y = exp(y * ln(x)).
// The ln function takes a signed value, so we need to make sure x fits in the signed 256 bit range.
_require(x < 2**255, Errors.X_OUT_OF_BOUNDS);
int256 x_int256 = int256(x);
// We will compute y * ln(x) in a single step. Depending on the value of x, we can either use ln or ln_36. In
// both cases, we leave the division by ONE_18 (due to fixed point multiplication) to the end.
// This prevents y * ln(x) from overflowing, and at the same time guarantees y fits in the signed 256 bit range.
_require(y < MILD_EXPONENT_BOUND, Errors.Y_OUT_OF_BOUNDS);
int256 y_int256 = int256(y);
int256 logx_times_y;
if (LN_36_LOWER_BOUND < x_int256 && x_int256 < LN_36_UPPER_BOUND) {
int256 ln_36_x = _ln_36(x_int256);
// ln_36_x has 36 decimal places, so multiplying by y_int256 isn't as straightforward, since we can't just
// bring y_int256 to 36 decimal places, as it might overflow. Instead, we perform two 18 decimal
// multiplications and add the results: one with the first 18 decimals of ln_36_x, and one with the
// (downscaled) last 18 decimals.
logx_times_y = ((ln_36_x / ONE_18) * y_int256 + ((ln_36_x % ONE_18) * y_int256) / ONE_18);
} else {
logx_times_y = _ln(x_int256) * y_int256;
}
logx_times_y /= ONE_18;
// Finally, we compute exp(y * ln(x)) to arrive at x^y
_require(
MIN_NATURAL_EXPONENT <= logx_times_y && logx_times_y <= MAX_NATURAL_EXPONENT,
Errors.PRODUCT_OUT_OF_BOUNDS
);
return uint256(exp(logx_times_y));
}
/**
* @dev Natural exponentiation (e^x) with signed 18 decimal fixed point exponent.
*
* Reverts if `x` is smaller than MIN_NATURAL_EXPONENT, or larger than `MAX_NATURAL_EXPONENT`.
*/
function exp(int256 x) internal pure returns (int256) {
_require(x >= MIN_NATURAL_EXPONENT && x <= MAX_NATURAL_EXPONENT, Errors.INVALID_EXPONENT);
if (x < 0) {
// We only handle positive exponents: e^(-x) is computed as 1 / e^x. We can safely make x positive since it
// fits in the signed 256 bit range (as it is larger than MIN_NATURAL_EXPONENT).
// Fixed point division requires multiplying by ONE_18.
return ((ONE_18 * ONE_18) / exp(-x));
}
// First, we use the fact that e^(x+y) = e^x * e^y to decompose x into a sum of powers of two, which we call x_n,
// where x_n == 2^(7 - n), and e^x_n = a_n has been precomputed. We choose the first x_n, x0, to equal 2^7
// because all larger powers are larger than MAX_NATURAL_EXPONENT, and therefore not present in the
// decomposition.
// At the end of this process we will have the product of all e^x_n = a_n that apply, and the remainder of this
// decomposition, which will be lower than the smallest x_n.
// exp(x) = k_0 * a_0 * k_1 * a_1 * ... + k_n * a_n * exp(remainder), where each k_n equals either 0 or 1.
// We mutate x by subtracting x_n, making it the remainder of the decomposition.
// The first two a_n (e^(2^7) and e^(2^6)) are too large if stored as 18 decimal numbers, and could cause
// intermediate overflows. Instead we store them as plain integers, with 0 decimals.
// Additionally, x0 + x1 is larger than MAX_NATURAL_EXPONENT, which means they will not both be present in the
// decomposition.
// For each x_n, we test if that term is present in the decomposition (if x is larger than it), and if so deduct
// it and compute the accumulated product.
int256 firstAN;
if (x >= x0) {
x -= x0;
firstAN = a0;
} else if (x >= x1) {
x -= x1;
firstAN = a1;
} else {
firstAN = 1; // One with no decimal places
}
// We now transform x into a 20 decimal fixed point number, to have enhanced precision when computing the
// smaller terms.
x *= 100;
// `product` is the accumulated product of all a_n (except a0 and a1), which starts at 20 decimal fixed point
// one. Recall that fixed point multiplication requires dividing by ONE_20.
int256 product = ONE_20;
if (x >= x2) {
x -= x2;
product = (product * a2) / ONE_20;
}
if (x >= x3) {
x -= x3;
product = (product * a3) / ONE_20;
}
if (x >= x4) {
x -= x4;
product = (product * a4) / ONE_20;
}
if (x >= x5) {
x -= x5;
product = (product * a5) / ONE_20;
}
if (x >= x6) {
x -= x6;
product = (product * a6) / ONE_20;
}
if (x >= x7) {
x -= x7;
product = (product * a7) / ONE_20;
}
if (x >= x8) {
x -= x8;
product = (product * a8) / ONE_20;
}
if (x >= x9) {
x -= x9;
product = (product * a9) / ONE_20;
}
// x10 and x11 are unnecessary here since we have high enough precision already.
// Now we need to compute e^x, where x is small (in particular, it is smaller than x9). We use the Taylor series
// expansion for e^x: 1 + x + (x^2 / 2!) + (x^3 / 3!) + ... + (x^n / n!).
int256 seriesSum = ONE_20; // The initial one in the sum, with 20 decimal places.
int256 term; // Each term in the sum, where the nth term is (x^n / n!).
// The first term is simply x.
term = x;
seriesSum += term;
// Each term (x^n / n!) equals the previous one times x, divided by n. Since x is a fixed point number,
// multiplying by it requires dividing by ONE_20, but dividing by the non-fixed point n values does not.
term = ((term * x) / ONE_20) / 2;
seriesSum += term;
term = ((term * x) / ONE_20) / 3;
seriesSum += term;
term = ((term * x) / ONE_20) / 4;
seriesSum += term;
term = ((term * x) / ONE_20) / 5;
seriesSum += term;
term = ((term * x) / ONE_20) / 6;
seriesSum += term;
term = ((term * x) / ONE_20) / 7;
seriesSum += term;
term = ((term * x) / ONE_20) / 8;
seriesSum += term;
term = ((term * x) / ONE_20) / 9;
seriesSum += term;
term = ((term * x) / ONE_20) / 10;
seriesSum += term;
term = ((term * x) / ONE_20) / 11;
seriesSum += term;
term = ((term * x) / ONE_20) / 12;
seriesSum += term;
// 12 Taylor terms are sufficient for 18 decimal precision.
// We now have the first a_n (with no decimals), and the product of all other a_n present, and the Taylor
// approximation of the exponentiation of the remainder (both with 20 decimals). All that remains is to multiply
// all three (one 20 decimal fixed point multiplication, dividing by ONE_20, and one integer multiplication),
// and then drop two digits to return an 18 decimal value.
return (((product * seriesSum) / ONE_20) * firstAN) / 100;
}
/**
* @dev Logarithm (log(arg, base), with signed 18 decimal fixed point base and argument.
*/
function log(int256 arg, int256 base) internal pure returns (int256) {
// This performs a simple base change: log(arg, base) = ln(arg) / ln(base).
// Both logBase and logArg are computed as 36 decimal fixed point numbers, either by using ln_36, or by
// upscaling.
int256 logBase;
if (LN_36_LOWER_BOUND < base && base < LN_36_UPPER_BOUND) {
logBase = _ln_36(base);
} else {
logBase = _ln(base) * ONE_18;
}
int256 logArg;
if (LN_36_LOWER_BOUND < arg && arg < LN_36_UPPER_BOUND) {
logArg = _ln_36(arg);
} else {
logArg = _ln(arg) * ONE_18;
}
// When dividing, we multiply by ONE_18 to arrive at a result with 18 decimal places
return (logArg * ONE_18) / logBase;
}
/**
* @dev Natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
*/
function ln(int256 a) internal pure returns (int256) {
// The real natural logarithm is not defined for negative numbers or zero.
_require(a > 0, Errors.OUT_OF_BOUNDS);
if (LN_36_LOWER_BOUND < a && a < LN_36_UPPER_BOUND) {
return _ln_36(a) / ONE_18;
} else {
return _ln(a);
}
}
/**
* @dev Internal natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
*/
function _ln(int256 a) private pure returns (int256) {
if (a < ONE_18) {
// Since ln(a^k) = k * ln(a), we can compute ln(a) as ln(a) = ln((1/a)^(-1)) = - ln((1/a)). If a is less
// than one, 1/a will be greater than one, and this if statement will not be entered in the recursive call.
// Fixed point division requires multiplying by ONE_18.
return (-_ln((ONE_18 * ONE_18) / a));
}
// First, we use the fact that ln^(a * b) = ln(a) + ln(b) to decompose ln(a) into a sum of powers of two, which
// we call x_n, where x_n == 2^(7 - n), which are the natural logarithm of precomputed quantities a_n (that is,
// ln(a_n) = x_n). We choose the first x_n, x0, to equal 2^7 because the exponential of all larger powers cannot
// be represented as 18 fixed point decimal numbers in 256 bits, and are therefore larger than a.
// At the end of this process we will have the sum of all x_n = ln(a_n) that apply, and the remainder of this
// decomposition, which will be lower than the smallest a_n.
// ln(a) = k_0 * x_0 + k_1 * x_1 + ... + k_n * x_n + ln(remainder), where each k_n equals either 0 or 1.
// We mutate a by subtracting a_n, making it the remainder of the decomposition.
// For reasons related to how `exp` works, the first two a_n (e^(2^7) and e^(2^6)) are not stored as fixed point
// numbers with 18 decimals, but instead as plain integers with 0 decimals, so we need to multiply them by
// ONE_18 to convert them to fixed point.
// For each a_n, we test if that term is present in the decomposition (if a is larger than it), and if so divide
// by it and compute the accumulated sum.
int256 sum = 0;
if (a >= a0 * ONE_18) {
a /= a0; // Integer, not fixed point division
sum += x0;
}
if (a >= a1 * ONE_18) {
a /= a1; // Integer, not fixed point division
sum += x1;
}
// All other a_n and x_n are stored as 20 digit fixed point numbers, so we convert the sum and a to this format.
sum *= 100;
a *= 100;
// Because further a_n are 20 digit fixed point numbers, we multiply by ONE_20 when dividing by them.
if (a >= a2) {
a = (a * ONE_20) / a2;
sum += x2;
}
if (a >= a3) {
a = (a * ONE_20) / a3;
sum += x3;
}
if (a >= a4) {
a = (a * ONE_20) / a4;
sum += x4;
}
if (a >= a5) {
a = (a * ONE_20) / a5;
sum += x5;
}
if (a >= a6) {
a = (a * ONE_20) / a6;
sum += x6;
}
if (a >= a7) {
a = (a * ONE_20) / a7;
sum += x7;
}
if (a >= a8) {
a = (a * ONE_20) / a8;
sum += x8;
}
if (a >= a9) {
a = (a * ONE_20) / a9;
sum += x9;
}
if (a >= a10) {
a = (a * ONE_20) / a10;
sum += x10;
}
if (a >= a11) {
a = (a * ONE_20) / a11;
sum += x11;
}
// a is now a small number (smaller than a_11, which roughly equals 1.06). This means we can use a Taylor series
// that converges rapidly for values of `a` close to one - the same one used in ln_36.
// Let z = (a - 1) / (a + 1).
// ln(a) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))
// Recall that 20 digit fixed point division requires multiplying by ONE_20, and multiplication requires
// division by ONE_20.
int256 z = ((a - ONE_20) * ONE_20) / (a + ONE_20);
int256 z_squared = (z * z) / ONE_20;
// num is the numerator of the series: the z^(2 * n + 1) term
int256 num = z;
// seriesSum holds the accumulated sum of each term in the series, starting with the initial z
int256 seriesSum = num;
// In each step, the numerator is multiplied by z^2
num = (num * z_squared) / ONE_20;
seriesSum += num / 3;
num = (num * z_squared) / ONE_20;
seriesSum += num / 5;
num = (num * z_squared) / ONE_20;
seriesSum += num / 7;
num = (num * z_squared) / ONE_20;
seriesSum += num / 9;
num = (num * z_squared) / ONE_20;
seriesSum += num / 11;
// 6 Taylor terms are sufficient for 36 decimal precision.
// Finally, we multiply by 2 (non fixed point) to compute ln(remainder)
seriesSum *= 2;
// We now have the sum of all x_n present, and the Taylor approximation of the logarithm of the remainder (both
// with 20 decimals). All that remains is to sum these two, and then drop two digits to return a 18 decimal
// value.
return (sum + seriesSum) / 100;
}
/**
* @dev Intrnal high precision (36 decimal places) natural logarithm (ln(x)) with signed 18 decimal fixed point argument,
* for x close to one.
*
* Should only be used if x is between LN_36_LOWER_BOUND and LN_36_UPPER_BOUND.
*/
function _ln_36(int256 x) private pure returns (int256) {
// Since ln(1) = 0, a value of x close to one will yield a very small result, which makes using 36 digits
// worthwhile.
// First, we transform x to a 36 digit fixed point value.
x *= ONE_18;
// We will use the following Taylor expansion, which converges very rapidly. Let z = (x - 1) / (x + 1).
// ln(x) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))
// Recall that 36 digit fixed point division requires multiplying by ONE_36, and multiplication requires
// division by ONE_36.
int256 z = ((x - ONE_36) * ONE_36) / (x + ONE_36);
int256 z_squared = (z * z) / ONE_36;
// num is the numerator of the series: the z^(2 * n + 1) term
int256 num = z;
// seriesSum holds the accumulated sum of each term in the series, starting with the initial z
int256 seriesSum = num;
// In each step, the numerator is multiplied by z^2
num = (num * z_squared) / ONE_36;
seriesSum += num / 3;
num = (num * z_squared) / ONE_36;
seriesSum += num / 5;
num = (num * z_squared) / ONE_36;
seriesSum += num / 7;
num = (num * z_squared) / ONE_36;
seriesSum += num / 9;
num = (num * z_squared) / ONE_36;
seriesSum += num / 11;
num = (num * z_squared) / ONE_36;
seriesSum += num / 13;
num = (num * z_squared) / ONE_36;
seriesSum += num / 15;
// 8 Taylor terms are sufficient for 36 decimal precision.
// All that remains is multiplying by 2 (non fixed point).
return seriesSum * 2;
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
// solhint-disable
/**
* @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are
* supported.
*/
function _require(bool condition, uint256 errorCode) pure {
if (!condition) _revert(errorCode);
}
/**
* @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.
*/
function _revert(uint256 errorCode) pure {
// We're going to dynamically create a revert string based on the error code, with the following format:
// 'BAL#{errorCode}'
// where the code is left-padded with zeroes to three digits (so they range from 000 to 999).
//
// We don't have revert strings embedded in the contract to save bytecode size: it takes much less space to store a
// number (8 to 16 bits) than the individual string characters.
//
// The dynamic string creation algorithm that follows could be implemented in Solidity, but assembly allows for a
// much denser implementation, again saving bytecode size. Given this function unconditionally reverts, this is a
// safe place to rely on it without worrying about how its usage might affect e.g. memory contents.
assembly {
// First, we need to compute the ASCII representation of the error code. We assume that it is in the 0-999
// range, so we only need to convert three digits. To convert the digits to ASCII, we add 0x30, the value for
// the '0' character.
let units := add(mod(errorCode, 10), 0x30)
errorCode := div(errorCode, 10)
let tenths := add(mod(errorCode, 10), 0x30)
errorCode := div(errorCode, 10)
let hundreds := add(mod(errorCode, 10), 0x30)
// With the individual characters, we can now construct the full string. The "BAL#" part is a known constant
// (0x42414c23): we simply shift this by 24 (to provide space for the 3 bytes of the error code), and add the
// characters to it, each shifted by a multiple of 8.
// The revert reason is then shifted left by 200 bits (256 minus the length of the string, 7 characters * 8 bits
// per character = 56) to locate it in the most significant part of the 256 slot (the beginning of a byte
// array).
let revertReason := shl(200, add(0x42414c23000000, add(add(units, shl(8, tenths)), shl(16, hundreds))))
// We can now encode the reason in memory, which can be safely overwritten as we're about to revert. The encoded
// message will have the following layout:
// [ revert reason identifier ] [ string location offset ] [ string length ] [ string contents ]
// The Solidity revert reason identifier is 0x08c739a0, the function selector of the Error(string) function. We
// also write zeroes to the next 28 bytes of memory, but those are about to be overwritten.
mstore(0x0, 0x08c379a000000000000000000000000000000000000000000000000000000000)
// Next is the offset to the location of the string, which will be placed immediately after (20 bytes away).
mstore(0x04, 0x0000000000000000000000000000000000000000000000000000000000000020)
// The string length is fixed: 7 characters.
mstore(0x24, 7)
// Finally, the string itself is stored.
mstore(0x44, revertReason)
// Even if the string is only 7 bytes long, we need to return a full 32 byte slot containing it. The length of
// the encoded message is therefore 4 + 32 + 32 + 32 = 100.
revert(0, 100)
}
}
library Errors {
// Math
uint256 internal constant ADD_OVERFLOW = 0;
uint256 internal constant SUB_OVERFLOW = 1;
uint256 internal constant SUB_UNDERFLOW = 2;
uint256 internal constant MUL_OVERFLOW = 3;
uint256 internal constant ZERO_DIVISION = 4;
uint256 internal constant DIV_INTERNAL = 5;
uint256 internal constant X_OUT_OF_BOUNDS = 6;
uint256 internal constant Y_OUT_OF_BOUNDS = 7;
uint256 internal constant PRODUCT_OUT_OF_BOUNDS = 8;
uint256 internal constant INVALID_EXPONENT = 9;
// Input
uint256 internal constant OUT_OF_BOUNDS = 100;
uint256 internal constant UNSORTED_ARRAY = 101;
uint256 internal constant UNSORTED_TOKENS = 102;
uint256 internal constant INPUT_LENGTH_MISMATCH = 103;
uint256 internal constant ZERO_TOKEN = 104;
// Shared pools
uint256 internal constant MIN_TOKENS = 200;
uint256 internal constant MAX_TOKENS = 201;
uint256 internal constant MAX_SWAP_FEE_PERCENTAGE = 202;
uint256 internal constant MIN_SWAP_FEE_PERCENTAGE = 203;
uint256 internal constant MINIMUM_BPT = 204;
uint256 internal constant CALLER_NOT_VAULT = 205;
uint256 internal constant UNINITIALIZED = 206;
uint256 internal constant BPT_IN_MAX_AMOUNT = 207;
uint256 internal constant BPT_OUT_MIN_AMOUNT = 208;
uint256 internal constant EXPIRED_PERMIT = 209;
uint256 internal constant NOT_TWO_TOKENS = 210;
// Pools
uint256 internal constant MIN_AMP = 300;
uint256 internal constant MAX_AMP = 301;
uint256 internal constant MIN_WEIGHT = 302;
uint256 internal constant MAX_STABLE_TOKENS = 303;
uint256 internal constant MAX_IN_RATIO = 304;
uint256 internal constant MAX_OUT_RATIO = 305;
uint256 internal constant MIN_BPT_IN_FOR_TOKEN_OUT = 306;
uint256 internal constant MAX_OUT_BPT_FOR_TOKEN_IN = 307;
uint256 internal constant NORMALIZED_WEIGHT_INVARIANT = 308;
uint256 internal constant INVALID_TOKEN = 309;
uint256 internal constant UNHANDLED_JOIN_KIND = 310;
uint256 internal constant ZERO_INVARIANT = 311;
uint256 internal constant ORACLE_INVALID_SECONDS_QUERY = 312;
uint256 internal constant ORACLE_NOT_INITIALIZED = 313;
uint256 internal constant ORACLE_QUERY_TOO_OLD = 314;
uint256 internal constant ORACLE_INVALID_INDEX = 315;
uint256 internal constant ORACLE_BAD_SECS = 316;
uint256 internal constant AMP_END_TIME_TOO_CLOSE = 317;
uint256 internal constant AMP_ONGOING_UPDATE = 318;
uint256 internal constant AMP_RATE_TOO_HIGH = 319;
uint256 internal constant AMP_NO_ONGOING_UPDATE = 320;
uint256 internal constant STABLE_INVARIANT_DIDNT_CONVERGE = 321;
uint256 internal constant STABLE_GET_BALANCE_DIDNT_CONVERGE = 322;
uint256 internal constant RELAYER_NOT_CONTRACT = 323;
uint256 internal constant BASE_POOL_RELAYER_NOT_CALLED = 324;
uint256 internal constant REBALANCING_RELAYER_REENTERED = 325;
uint256 internal constant GRADUAL_UPDATE_TIME_TRAVEL = 326;
uint256 internal constant SWAPS_DISABLED = 327;
uint256 internal constant CALLER_IS_NOT_LBP_OWNER = 328;
uint256 internal constant PRICE_RATE_OVERFLOW = 329;
uint256 internal constant INVALID_JOIN_EXIT_KIND_WHILE_SWAPS_DISABLED = 330;
uint256 internal constant WEIGHT_CHANGE_TOO_FAST = 331;
uint256 internal constant LOWER_GREATER_THAN_UPPER_TARGET = 332;
uint256 internal constant UPPER_TARGET_TOO_HIGH = 333;
uint256 internal constant UNHANDLED_BY_LINEAR_POOL = 334;
uint256 internal constant OUT_OF_TARGET_RANGE = 335;
uint256 internal constant UNHANDLED_EXIT_KIND = 336;
uint256 internal constant UNAUTHORIZED_EXIT = 337;
uint256 internal constant MAX_MANAGEMENT_SWAP_FEE_PERCENTAGE = 338;
uint256 internal constant UNHANDLED_BY_INVESTMENT_POOL = 339;
uint256 internal constant UNHANDLED_BY_PHANTOM_POOL = 340;
uint256 internal constant TOKEN_DOES_NOT_HAVE_RATE_PROVIDER = 341;
uint256 internal constant INVALID_INITIALIZATION = 342;
// Lib
uint256 internal constant REENTRANCY = 400;
uint256 internal constant SENDER_NOT_ALLOWED = 401;
uint256 internal constant PAUSED = 402;
uint256 internal constant PAUSE_WINDOW_EXPIRED = 403;
uint256 internal constant MAX_PAUSE_WINDOW_DURATION = 404;
uint256 internal constant MAX_BUFFER_PERIOD_DURATION = 405;
uint256 internal constant INSUFFICIENT_BALANCE = 406;
uint256 internal constant INSUFFICIENT_ALLOWANCE = 407;
uint256 internal constant ERC20_TRANSFER_FROM_ZERO_ADDRESS = 408;
uint256 internal constant ERC20_TRANSFER_TO_ZERO_ADDRESS = 409;
uint256 internal constant ERC20_MINT_TO_ZERO_ADDRESS = 410;
uint256 internal constant ERC20_BURN_FROM_ZERO_ADDRESS = 411;
uint256 internal constant ERC20_APPROVE_FROM_ZERO_ADDRESS = 412;
uint256 internal constant ERC20_APPROVE_TO_ZERO_ADDRESS = 413;
uint256 internal constant ERC20_TRANSFER_EXCEEDS_ALLOWANCE = 414;
uint256 internal constant ERC20_DECREASED_ALLOWANCE_BELOW_ZERO = 415;
uint256 internal constant ERC20_TRANSFER_EXCEEDS_BALANCE = 416;
uint256 internal constant ERC20_BURN_EXCEEDS_ALLOWANCE = 417;
uint256 internal constant SAFE_ERC20_CALL_FAILED = 418;
uint256 internal constant ADDRESS_INSUFFICIENT_BALANCE = 419;
uint256 internal constant ADDRESS_CANNOT_SEND_VALUE = 420;
uint256 internal constant SAFE_CAST_VALUE_CANT_FIT_INT256 = 421;
uint256 internal constant GRANT_SENDER_NOT_ADMIN = 422;
uint256 internal constant REVOKE_SENDER_NOT_ADMIN = 423;
uint256 internal constant RENOUNCE_SENDER_NOT_ALLOWED = 424;
uint256 internal constant BUFFER_PERIOD_EXPIRED = 425;
uint256 internal constant CALLER_IS_NOT_OWNER = 426;
uint256 internal constant NEW_OWNER_IS_ZERO = 427;
uint256 internal constant CODE_DEPLOYMENT_FAILED = 428;
uint256 internal constant CALL_TO_NON_CONTRACT = 429;
uint256 internal constant LOW_LEVEL_CALL_FAILED = 430;
// Vault
uint256 internal constant INVALID_POOL_ID = 500;
uint256 internal constant CALLER_NOT_POOL = 501;
uint256 internal constant SENDER_NOT_ASSET_MANAGER = 502;
uint256 internal constant USER_DOESNT_ALLOW_RELAYER = 503;
uint256 internal constant INVALID_SIGNATURE = 504;
uint256 internal constant EXIT_BELOW_MIN = 505;
uint256 internal constant JOIN_ABOVE_MAX = 506;
uint256 internal constant SWAP_LIMIT = 507;
uint256 internal constant SWAP_DEADLINE = 508;
uint256 internal constant CANNOT_SWAP_SAME_TOKEN = 509;
uint256 internal constant UNKNOWN_AMOUNT_IN_FIRST_SWAP = 510;
uint256 internal constant MALCONSTRUCTED_MULTIHOP_SWAP = 511;
uint256 internal constant INTERNAL_BALANCE_OVERFLOW = 512;
uint256 internal constant INSUFFICIENT_INTERNAL_BALANCE = 513;
uint256 internal constant INVALID_ETH_INTERNAL_BALANCE = 514;
uint256 internal constant INVALID_POST_LOAN_BALANCE = 515;
uint256 internal constant INSUFFICIENT_ETH = 516;
uint256 internal constant UNALLOCATED_ETH = 517;
uint256 internal constant ETH_TRANSFER = 518;
uint256 internal constant CANNOT_USE_ETH_SENTINEL = 519;
uint256 internal constant TOKENS_MISMATCH = 520;
uint256 internal constant TOKEN_NOT_REGISTERED = 521;
uint256 internal constant TOKEN_ALREADY_REGISTERED = 522;
uint256 internal constant TOKENS_ALREADY_SET = 523;
uint256 internal constant TOKENS_LENGTH_MUST_BE_2 = 524;
uint256 internal constant NONZERO_TOKEN_BALANCE = 525;
uint256 internal constant BALANCE_TOTAL_OVERFLOW = 526;
uint256 internal constant POOL_NO_TOKENS = 527;
uint256 internal constant INSUFFICIENT_FLASH_LOAN_BALANCE = 528;
// Fees
uint256 internal constant SWAP_FEE_PERCENTAGE_TOO_HIGH = 600;
uint256 internal constant FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH = 601;
uint256 internal constant INSUFFICIENT_FLASH_LOAN_FEE_AMOUNT = 602;
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "./BasePool.sol";
import "@balancer-labs/v2-vault/contracts/interfaces/IMinimalSwapInfoPool.sol";
/**
* @dev Extension of `BasePool`, adding a handler for `IMinimalSwapInfoPool.onSwap`.
*
* Derived contracts must call `BasePool`'s constructor, and implement `_onSwapGivenIn` and `_onSwapGivenOut` along with
* `BasePool`'s virtual functions. Inheriting from this contract lets derived contracts choose the Two Token or Minimal
* Swap Info specialization settings.
*/
abstract contract BaseMinimalSwapInfoPool is IMinimalSwapInfoPool, BasePool {
// Swap Hooks
function onSwap(
SwapRequest memory request,
uint256 balanceTokenIn,
uint256 balanceTokenOut
) public virtual override onlyVault(request.poolId) returns (uint256) {
uint256 scalingFactorTokenIn = _scalingFactor(request.tokenIn);
uint256 scalingFactorTokenOut = _scalingFactor(request.tokenOut);
if (request.kind == IVault.SwapKind.GIVEN_IN) {
// Fees are subtracted before scaling, to reduce the complexity of the rounding direction analysis.
uint256 amountInMinusSwapFees = _subtractSwapFeeAmount(request.amount);
// Process the (upscaled!) swap fee.
uint256 swapFee = request.amount - amountInMinusSwapFees;
_processSwapFeeAmount(request.tokenIn, _upscale(swapFee, scalingFactorTokenIn));
request.amount = amountInMinusSwapFees;
// All token amounts are upscaled.
balanceTokenIn = _upscale(balanceTokenIn, scalingFactorTokenIn);
balanceTokenOut = _upscale(balanceTokenOut, scalingFactorTokenOut);
request.amount = _upscale(request.amount, scalingFactorTokenIn);
uint256 amountOut = _onSwapGivenIn(request, balanceTokenIn, balanceTokenOut);
// amountOut tokens are exiting the Pool, so we round down.
return _downscaleDown(amountOut, scalingFactorTokenOut);
} else {
// All token amounts are upscaled.
balanceTokenIn = _upscale(balanceTokenIn, scalingFactorTokenIn);
balanceTokenOut = _upscale(balanceTokenOut, scalingFactorTokenOut);
request.amount = _upscale(request.amount, scalingFactorTokenOut);
uint256 amountIn = _onSwapGivenOut(request, balanceTokenIn, balanceTokenOut);
// amountIn tokens are entering the Pool, so we round up.
amountIn = _downscaleUp(amountIn, scalingFactorTokenIn);
// Fees are added after scaling happens, to reduce the complexity of the rounding direction analysis.
uint256 amountInPlusSwapFees = _addSwapFeeAmount(amountIn);
// Process the (upscaled!) swap fee.
uint256 swapFee = amountInPlusSwapFees - amountIn;
_processSwapFeeAmount(request.tokenIn, _upscale(swapFee, scalingFactorTokenIn));
return amountInPlusSwapFees;
}
}
/*
* @dev Called when a swap with the Pool occurs, where the amount of tokens entering the Pool is known.
*
* Returns the amount of tokens that will be taken from the Pool in return.
*
* All amounts inside `swapRequest`, `balanceTokenIn` and `balanceTokenOut` are upscaled. The swap fee has already
* been deducted from `swapRequest.amount`.
*
* The return value is also considered upscaled, and will be downscaled (rounding down) before returning it to the
* Vault.
*/
function _onSwapGivenIn(
SwapRequest memory swapRequest,
uint256 balanceTokenIn,
uint256 balanceTokenOut
) internal virtual returns (uint256);
/*
* @dev Called when a swap with the Pool occurs, where the amount of tokens exiting the Pool is known.
*
* Returns the amount of tokens that will be granted to the Pool in return.
*
* All amounts inside `swapRequest`, `balanceTokenIn` and `balanceTokenOut` are upscaled.
*
* The return value is also considered upscaled, and will be downscaled (rounding up) before applying the swap fee
* and returning it to the Vault.
*/
function _onSwapGivenOut(
SwapRequest memory swapRequest,
uint256 balanceTokenIn,
uint256 balanceTokenOut
) internal virtual returns (uint256);
/**
* @dev Called whenever a swap fee is charged. Implementations should call their parents via super, to ensure all
* implementations in the inheritance tree are called.
*
* Callers must call one of the three `_processSwapFeeAmount` functions when swap fees are computed,
* and upscale `amount`.
*/
function _processSwapFeeAmount(
uint256, /*index*/
uint256 /*amount*/
) internal virtual {
// solhint-disable-previous-line no-empty-blocks
}
function _processSwapFeeAmount(IERC20 token, uint256 amount) internal {
_processSwapFeeAmount(_tokenAddressToIndex(token), amount);
}
function _processSwapFeeAmounts(uint256[] memory amounts) internal {
InputHelpers.ensureInputLengthMatch(amounts.length, _getTotalTokens());
for (uint256 i = 0; i < _getTotalTokens(); ++i) {
_processSwapFeeAmount(i, amounts[i]);
}
}
/**
* @dev Returns the index of `token` in the Pool's token array (i.e. the one `vault.getPoolTokens()` would return).
*
* A trivial (and incorrect!) implementation is already provided for Pools that don't override
* `_processSwapFeeAmount` and skip the entire feature. However, Pools that do override `_processSwapFeeAmount`
* *must* override this function with a meaningful implementation.
*/
function _tokenAddressToIndex(
IERC20 /*token*/
) internal view virtual returns (uint256) {
return 0;
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
// These functions start with an underscore, as if they were part of a contract and not a library. At some point this
// should be fixed.
// solhint-disable private-vars-leading-underscore
library WeightedMath {
using FixedPoint for uint256;
// A minimum normalized weight imposes a maximum weight ratio. We need this due to limitations in the
// implementation of the power function, as these ratios are often exponents.
uint256 internal constant _MIN_WEIGHT = 0.01e18;
// Having a minimum normalized weight imposes a limit on the maximum number of tokens;
// i.e., the largest possible pool is one where all tokens have exactly the minimum weight.
uint256 internal constant _MAX_WEIGHTED_TOKENS = 100;
// Pool limits that arise from limitations in the fixed point power function (and the imposed 1:100 maximum weight
// ratio).
// Swap limits: amounts swapped may not be larger than this percentage of total balance.
uint256 internal constant _MAX_IN_RATIO = 0.3e18;
uint256 internal constant _MAX_OUT_RATIO = 0.3e18;
// Invariant growth limit: non-proportional joins cannot cause the invariant to increase by more than this ratio.
uint256 internal constant _MAX_INVARIANT_RATIO = 3e18;
// Invariant shrink limit: non-proportional exits cannot cause the invariant to decrease by less than this ratio.
uint256 internal constant _MIN_INVARIANT_RATIO = 0.7e18;
// About swap fees on joins and exits:
// Any join or exit that is not perfectly balanced (e.g. all single token joins or exits) is mathematically
// equivalent to a perfectly balanced join or exit followed by a series of swaps. Since these swaps would charge
// swap fees, it follows that (some) joins and exits should as well.
// On these operations, we split the token amounts in 'taxable' and 'non-taxable' portions, where the 'taxable' part
// is the one to which swap fees are applied.
// Invariant is used to collect protocol swap fees by comparing its value between two times.
// So we can round always to the same direction. It is also used to initiate the BPT amount
// and, because there is a minimum BPT, we round down the invariant.
function _calculateInvariant(uint256[] memory normalizedWeights, uint256[] memory balances)
internal
pure
returns (uint256 invariant)
{
/**********************************************************************************************
// invariant _____ //
// wi = weight index i | | wi //
// bi = balance index i | | bi ^ = i //
// i = invariant //
**********************************************************************************************/
invariant = FixedPoint.ONE;
for (uint256 i = 0; i < normalizedWeights.length; i++) {
invariant = invariant.mulDown(balances[i].powDown(normalizedWeights[i]));
}
_require(invariant > 0, Errors.ZERO_INVARIANT);
}
// Computes how many tokens can be taken out of a pool if `amountIn` are sent, given the
// current balances and weights.
function _calcOutGivenIn(
uint256 balanceIn,
uint256 weightIn,
uint256 balanceOut,
uint256 weightOut,
uint256 amountIn
) internal pure returns (uint256) {
/**********************************************************************************************
// outGivenIn //
// aO = amountOut //
// bO = balanceOut //
// bI = balanceIn / / bI \ (wI / wO) \ //
// aI = amountIn aO = bO * | 1 - | -------------------------- | ^ | //
// wI = weightIn \ \ ( bI + aI ) / / //
// wO = weightOut //
**********************************************************************************************/
// Amount out, so we round down overall.
// The multiplication rounds down, and the subtrahend (power) rounds up (so the base rounds up too).
// Because bI / (bI + aI) <= 1, the exponent rounds down.
// Cannot exceed maximum in ratio
_require(amountIn <= balanceIn.mulDown(_MAX_IN_RATIO), Errors.MAX_IN_RATIO);
uint256 denominator = balanceIn.add(amountIn);
uint256 base = balanceIn.divUp(denominator);
uint256 exponent = weightIn.divDown(weightOut);
uint256 power = base.powUp(exponent);
return balanceOut.mulDown(power.complement());
}
// Computes how many tokens must be sent to a pool in order to take `amountOut`, given the
// current balances and weights.
function _calcInGivenOut(
uint256 balanceIn,
uint256 weightIn,
uint256 balanceOut,
uint256 weightOut,
uint256 amountOut
) internal pure returns (uint256) {
/**********************************************************************************************
// inGivenOut //
// aO = amountOut //
// bO = balanceOut //
// bI = balanceIn / / bO \ (wO / wI) \ //
// aI = amountIn aI = bI * | | -------------------------- | ^ - 1 | //
// wI = weightIn \ \ ( bO - aO ) / / //
// wO = weightOut //
**********************************************************************************************/
// Amount in, so we round up overall.
// The multiplication rounds up, and the power rounds up (so the base rounds up too).
// Because b0 / (b0 - a0) >= 1, the exponent rounds up.
// Cannot exceed maximum out ratio
_require(amountOut <= balanceOut.mulDown(_MAX_OUT_RATIO), Errors.MAX_OUT_RATIO);
uint256 base = balanceOut.divUp(balanceOut.sub(amountOut));
uint256 exponent = weightOut.divUp(weightIn);
uint256 power = base.powUp(exponent);
// Because the base is larger than one (and the power rounds up), the power should always be larger than one, so
// the following subtraction should never revert.
uint256 ratio = power.sub(FixedPoint.ONE);
return balanceIn.mulUp(ratio);
}
function _calcBptOutGivenExactTokensIn(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory amountsIn,
uint256 bptTotalSupply,
uint256 swapFeePercentage
) internal pure returns (uint256, uint256[] memory) {
// BPT out, so we round down overall.
uint256[] memory balanceRatiosWithFee = new uint256[](amountsIn.length);
uint256 invariantRatioWithFees = 0;
for (uint256 i = 0; i < balances.length; i++) {
balanceRatiosWithFee[i] = balances[i].add(amountsIn[i]).divDown(balances[i]);
invariantRatioWithFees = invariantRatioWithFees.add(balanceRatiosWithFee[i].mulDown(normalizedWeights[i]));
}
(uint256 invariantRatio, uint256[] memory swapFees) = _computeJoinExactTokensInInvariantRatio(
balances,
normalizedWeights,
amountsIn,
balanceRatiosWithFee,
invariantRatioWithFees,
swapFeePercentage
);
uint256 bptOut = (invariantRatio > FixedPoint.ONE)
? bptTotalSupply.mulDown(invariantRatio.sub(FixedPoint.ONE))
: 0;
return (bptOut, swapFees);
}
/**
* @dev Intermediate function to avoid stack-too-deep errors.
*/
function _computeJoinExactTokensInInvariantRatio(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory amountsIn,
uint256[] memory balanceRatiosWithFee,
uint256 invariantRatioWithFees,
uint256 swapFeePercentage
) private pure returns (uint256 invariantRatio, uint256[] memory swapFees) {
// Swap fees are charged on all tokens that are being added in a larger proportion than the overall invariant
// increase.
swapFees = new uint256[](amountsIn.length);
invariantRatio = FixedPoint.ONE;
for (uint256 i = 0; i < balances.length; i++) {
uint256 amountInWithoutFee;
if (balanceRatiosWithFee[i] > invariantRatioWithFees) {
uint256 nonTaxableAmount = balances[i].mulDown(invariantRatioWithFees.sub(FixedPoint.ONE));
uint256 taxableAmount = amountsIn[i].sub(nonTaxableAmount);
uint256 swapFee = taxableAmount.mulUp(swapFeePercentage);
amountInWithoutFee = nonTaxableAmount.add(taxableAmount.sub(swapFee));
swapFees[i] = swapFee;
} else {
amountInWithoutFee = amountsIn[i];
}
uint256 balanceRatio = balances[i].add(amountInWithoutFee).divDown(balances[i]);
invariantRatio = invariantRatio.mulDown(balanceRatio.powDown(normalizedWeights[i]));
}
}
function _calcTokenInGivenExactBptOut(
uint256 balance,
uint256 normalizedWeight,
uint256 bptAmountOut,
uint256 bptTotalSupply,
uint256 swapFeePercentage
) internal pure returns (uint256 amountIn, uint256 swapFee) {
/******************************************************************************************
// tokenInForExactBPTOut //
// a = amountIn //
// b = balance / / totalBPT + bptOut \ (1 / w) \ //
// bptOut = bptAmountOut a = b * | | -------------------------- | ^ - 1 | //
// bpt = totalBPT \ \ totalBPT / / //
// w = weight //
******************************************************************************************/
// Token in, so we round up overall.
// Calculate the factor by which the invariant will increase after minting BPTAmountOut
uint256 invariantRatio = bptTotalSupply.add(bptAmountOut).divUp(bptTotalSupply);
_require(invariantRatio <= _MAX_INVARIANT_RATIO, Errors.MAX_OUT_BPT_FOR_TOKEN_IN);
// Calculate by how much the token balance has to increase to match the invariantRatio
uint256 balanceRatio = invariantRatio.powUp(FixedPoint.ONE.divUp(normalizedWeight));
uint256 amountInWithoutFee = balance.mulUp(balanceRatio.sub(FixedPoint.ONE));
// We can now compute how much extra balance is being deposited and used in virtual swaps, and charge swap fees
// accordingly.
uint256 taxablePercentage = normalizedWeight.complement();
uint256 taxableAmount = amountInWithoutFee.mulUp(taxablePercentage);
uint256 nonTaxableAmount = amountInWithoutFee.sub(taxableAmount);
uint256 taxableAmountPlusFees = taxableAmount.divUp(FixedPoint.ONE.sub(swapFeePercentage));
swapFee = taxableAmountPlusFees - taxableAmount;
amountIn = nonTaxableAmount.add(taxableAmountPlusFees);
}
function _calcAllTokensInGivenExactBptOut(
uint256[] memory balances,
uint256 bptAmountOut,
uint256 totalBPT
) internal pure returns (uint256[] memory) {
/************************************************************************************
// tokensInForExactBptOut //
// (per token) //
// aI = amountIn / bptOut \ //
// b = balance aI = b * | ------------ | //
// bptOut = bptAmountOut \ totalBPT / //
// bpt = totalBPT //
************************************************************************************/
// Tokens in, so we round up overall.
uint256 bptRatio = bptAmountOut.divUp(totalBPT);
uint256[] memory amountsIn = new uint256[](balances.length);
for (uint256 i = 0; i < balances.length; i++) {
amountsIn[i] = balances[i].mulUp(bptRatio);
}
return amountsIn;
}
function _calcBptInGivenExactTokensOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory amountsOut,
uint256 bptTotalSupply,
uint256 swapFeePercentage
) internal pure returns (uint256, uint256[] memory) {
// BPT in, so we round up overall.
uint256[] memory balanceRatiosWithoutFee = new uint256[](amountsOut.length);
uint256 invariantRatioWithoutFees = 0;
for (uint256 i = 0; i < balances.length; i++) {
balanceRatiosWithoutFee[i] = balances[i].sub(amountsOut[i]).divUp(balances[i]);
invariantRatioWithoutFees = invariantRatioWithoutFees.add(
balanceRatiosWithoutFee[i].mulUp(normalizedWeights[i])
);
}
(uint256 invariantRatio, uint256[] memory swapFees) = _computeExitExactTokensOutInvariantRatio(
balances,
normalizedWeights,
amountsOut,
balanceRatiosWithoutFee,
invariantRatioWithoutFees,
swapFeePercentage
);
uint256 bptIn = bptTotalSupply.mulUp(invariantRatio.complement());
return (bptIn, swapFees);
}
/**
* @dev Intermediate function to avoid stack-too-deep errors.
*/
function _computeExitExactTokensOutInvariantRatio(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory amountsOut,
uint256[] memory balanceRatiosWithoutFee,
uint256 invariantRatioWithoutFees,
uint256 swapFeePercentage
) private pure returns (uint256 invariantRatio, uint256[] memory swapFees) {
swapFees = new uint256[](amountsOut.length);
invariantRatio = FixedPoint.ONE;
for (uint256 i = 0; i < balances.length; i++) {
// Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it to
// 'token out'. This results in slightly larger price impact.
uint256 amountOutWithFee;
if (invariantRatioWithoutFees > balanceRatiosWithoutFee[i]) {
uint256 nonTaxableAmount = balances[i].mulDown(invariantRatioWithoutFees.complement());
uint256 taxableAmount = amountsOut[i].sub(nonTaxableAmount);
uint256 taxableAmountPlusFees = taxableAmount.divUp(FixedPoint.ONE.sub(swapFeePercentage));
swapFees[i] = taxableAmountPlusFees - taxableAmount;
amountOutWithFee = nonTaxableAmount.add(taxableAmountPlusFees);
} else {
amountOutWithFee = amountsOut[i];
}
uint256 balanceRatio = balances[i].sub(amountOutWithFee).divDown(balances[i]);
invariantRatio = invariantRatio.mulDown(balanceRatio.powDown(normalizedWeights[i]));
}
}
function _calcTokenOutGivenExactBptIn(
uint256 balance,
uint256 normalizedWeight,
uint256 bptAmountIn,
uint256 bptTotalSupply,
uint256 swapFeePercentage
) internal pure returns (uint256 amountOut, uint256 swapFee) {
/*****************************************************************************************
// exactBPTInForTokenOut //
// a = amountOut //
// b = balance / / totalBPT - bptIn \ (1 / w) \ //
// bptIn = bptAmountIn a = b * | 1 - | -------------------------- | ^ | //
// bpt = totalBPT \ \ totalBPT / / //
// w = weight //
*****************************************************************************************/
// Token out, so we round down overall. The multiplication rounds down, but the power rounds up (so the base
// rounds up). Because (totalBPT - bptIn) / totalBPT <= 1, the exponent rounds down.
// Calculate the factor by which the invariant will decrease after burning BPTAmountIn
uint256 invariantRatio = bptTotalSupply.sub(bptAmountIn).divUp(bptTotalSupply);
_require(invariantRatio >= _MIN_INVARIANT_RATIO, Errors.MIN_BPT_IN_FOR_TOKEN_OUT);
// Calculate by how much the token balance has to decrease to match invariantRatio
uint256 balanceRatio = invariantRatio.powUp(FixedPoint.ONE.divDown(normalizedWeight));
// Because of rounding up, balanceRatio can be greater than one. Using complement prevents reverts.
uint256 amountOutWithoutFee = balance.mulDown(balanceRatio.complement());
// We can now compute how much excess balance is being withdrawn as a result of the virtual swaps, which result
// in swap fees.
uint256 taxablePercentage = normalizedWeight.complement();
// Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it
// to 'token out'. This results in slightly larger price impact. Fees are rounded up.
uint256 taxableAmount = amountOutWithoutFee.mulUp(taxablePercentage);
uint256 nonTaxableAmount = amountOutWithoutFee.sub(taxableAmount);
swapFee = taxableAmount.mulUp(swapFeePercentage);
amountOut = nonTaxableAmount.add(taxableAmount.sub(swapFee));
}
function _calcTokensOutGivenExactBptIn(
uint256[] memory balances,
uint256 bptAmountIn,
uint256 totalBPT
) internal pure returns (uint256[] memory) {
/**********************************************************************************************
// exactBPTInForTokensOut //
// (per token) //
// aO = amountOut / bptIn \ //
// b = balance a0 = b * | --------------------- | //
// bptIn = bptAmountIn \ totalBPT / //
// bpt = totalBPT //
**********************************************************************************************/
// Since we're computing an amount out, we round down overall. This means rounding down on both the
// multiplication and division.
uint256 bptRatio = bptAmountIn.divDown(totalBPT);
uint256[] memory amountsOut = new uint256[](balances.length);
for (uint256 i = 0; i < balances.length; i++) {
amountsOut[i] = balances[i].mulDown(bptRatio);
}
return amountsOut;
}
function _calcDueTokenProtocolSwapFeeAmount(
uint256 balance,
uint256 normalizedWeight,
uint256 previousInvariant,
uint256 currentInvariant,
uint256 protocolSwapFeePercentage
) internal pure returns (uint256) {
/*********************************************************************************
/* protocolSwapFeePercentage * balanceToken * ( 1 - (previousInvariant / currentInvariant) ^ (1 / weightToken))
*********************************************************************************/
if (currentInvariant <= previousInvariant) {
// This shouldn't happen outside of rounding errors, but have this safeguard nonetheless to prevent the Pool
// from entering a locked state in which joins and exits revert while computing accumulated swap fees.
return 0;
}
// We round down to prevent issues in the Pool's accounting, even if it means paying slightly less in protocol
// fees to the Vault.
// Fee percentage and balance multiplications round down, while the subtrahend (power) rounds up (as does the
// base). Because previousInvariant / currentInvariant <= 1, the exponent rounds down.
uint256 base = previousInvariant.divUp(currentInvariant);
uint256 exponent = FixedPoint.ONE.divDown(normalizedWeight);
// Because the exponent is larger than one, the base of the power function has a lower bound. We cap to this
// value to avoid numeric issues, which means in the extreme case (where the invariant growth is larger than
// 1 / min exponent) the Pool will pay less in protocol fees than it should.
base = Math.max(base, FixedPoint.MIN_POW_BASE_FREE_EXPONENT);
uint256 power = base.powUp(exponent);
uint256 tokenAccruedFees = balance.mulDown(power.complement());
return tokenAccruedFees.mulDown(protocolSwapFeePercentage);
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/IERC20.sol";
import "./BaseWeightedPool.sol";
library WeightedPoolUserDataHelpers {
function joinKind(bytes memory self) internal pure returns (BaseWeightedPool.JoinKind) {
return abi.decode(self, (BaseWeightedPool.JoinKind));
}
function exitKind(bytes memory self) internal pure returns (BaseWeightedPool.ExitKind) {
return abi.decode(self, (BaseWeightedPool.ExitKind));
}
// Joins
function initialAmountsIn(bytes memory self) internal pure returns (uint256[] memory amountsIn) {
(, amountsIn) = abi.decode(self, (BaseWeightedPool.JoinKind, uint256[]));
}
function exactTokensInForBptOut(bytes memory self)
internal
pure
returns (uint256[] memory amountsIn, uint256 minBPTAmountOut)
{
(, amountsIn, minBPTAmountOut) = abi.decode(self, (BaseWeightedPool.JoinKind, uint256[], uint256));
}
function tokenInForExactBptOut(bytes memory self) internal pure returns (uint256 bptAmountOut, uint256 tokenIndex) {
(, bptAmountOut, tokenIndex) = abi.decode(self, (BaseWeightedPool.JoinKind, uint256, uint256));
}
function allTokensInForExactBptOut(bytes memory self) internal pure returns (uint256 bptAmountOut) {
(, bptAmountOut) = abi.decode(self, (BaseWeightedPool.JoinKind, uint256));
}
// Exits
function exactBptInForTokenOut(bytes memory self) internal pure returns (uint256 bptAmountIn, uint256 tokenIndex) {
(, bptAmountIn, tokenIndex) = abi.decode(self, (BaseWeightedPool.ExitKind, uint256, uint256));
}
function exactBptInForTokensOut(bytes memory self) internal pure returns (uint256 bptAmountIn) {
(, bptAmountIn) = abi.decode(self, (BaseWeightedPool.ExitKind, uint256));
}
function bptInForExactTokensOut(bytes memory self)
internal
pure
returns (uint256[] memory amountsOut, uint256 maxBPTAmountIn)
{
(, amountsOut, maxBPTAmountIn) = abi.decode(self, (BaseWeightedPool.ExitKind, uint256[], uint256));
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/TemporarilyPausable.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/WordCodec.sol";
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/ERC20.sol";
import "@balancer-labs/v2-vault/contracts/interfaces/IVault.sol";
import "@balancer-labs/v2-vault/contracts/interfaces/IBasePool.sol";
import "@balancer-labs/v2-asset-manager-utils/contracts/IAssetManager.sol";
import "./BalancerPoolToken.sol";
import "./BasePoolAuthorization.sol";
// solhint-disable max-states-count
/**
* @dev Reference implementation for the base layer of a Pool contract that manages a single Pool with optional
* Asset Managers, an admin-controlled swap fee percentage, and an emergency pause mechanism.
*
* Note that neither swap fees nor the pause mechanism are used by this contract. They are passed through so that
* derived contracts can use them via the `_addSwapFeeAmount` and `_subtractSwapFeeAmount` functions, and the
* `whenNotPaused` modifier.
*
* No admin permissions are checked here: instead, this contract delegates that to the Vault's own Authorizer.
*
* Because this contract doesn't implement the swap hooks, derived contracts should generally inherit from
* BaseGeneralPool or BaseMinimalSwapInfoPool. Otherwise, subclasses must inherit from the corresponding interfaces
* and implement the swap callbacks themselves.
*/
abstract contract BasePool is IBasePool, BasePoolAuthorization, BalancerPoolToken, TemporarilyPausable {
using WordCodec for bytes32;
using FixedPoint for uint256;
uint256 private constant _MIN_TOKENS = 2;
uint256 private constant _MINIMUM_BPT = 1e6;
// 1e18 corresponds to 1.0, or a 100% fee
uint256 private constant _MIN_SWAP_FEE_PERCENTAGE = 1e12; // 0.0001%
uint256 private constant _MAX_SWAP_FEE_PERCENTAGE = 1e17; // 10% - this fits in 64 bits
// Storage slot that can be used to store unrelated pieces of information. In particular, by default is used
// to store only the swap fee percentage of a pool. But it can be extended to store some more pieces of information.
// The swap fee percentage is stored in the most-significant 64 bits, therefore the remaining 192 bits can be
// used to store any other piece of information.
bytes32 private _miscData;
uint256 private constant _SWAP_FEE_PERCENTAGE_OFFSET = 192;
bytes32 private immutable _poolId;
event SwapFeePercentageChanged(uint256 swapFeePercentage);
constructor(
IVault vault,
IVault.PoolSpecialization specialization,
string memory name,
string memory symbol,
IERC20[] memory tokens,
address[] memory assetManagers,
uint256 swapFeePercentage,
uint256 pauseWindowDuration,
uint256 bufferPeriodDuration,
address owner
)
// Base Pools are expected to be deployed using factories. By using the factory address as the action
// disambiguator, we make all Pools deployed by the same factory share action identifiers. This allows for
// simpler management of permissions (such as being able to manage granting the 'set fee percentage' action in
// any Pool created by the same factory), while still making action identifiers unique among different factories
// if the selectors match, preventing accidental errors.
Authentication(bytes32(uint256(msg.sender)))
BalancerPoolToken(name, symbol, vault)
BasePoolAuthorization(owner)
TemporarilyPausable(pauseWindowDuration, bufferPeriodDuration)
{
_require(tokens.length >= _MIN_TOKENS, Errors.MIN_TOKENS);
_require(tokens.length <= _getMaxTokens(), Errors.MAX_TOKENS);
// The Vault only requires the token list to be ordered for the Two Token Pools specialization. However,
// to make the developer experience consistent, we are requiring this condition for all the native pools.
// Also, since these Pools will register tokens only once, we can ensure the Pool tokens will follow the same
// order. We rely on this property to make Pools simpler to write, as it lets us assume that the
// order of token-specific parameters (such as token weights) will not change.
InputHelpers.ensureArrayIsSorted(tokens);
_setSwapFeePercentage(swapFeePercentage);
bytes32 poolId = vault.registerPool(specialization);
vault.registerTokens(poolId, tokens, assetManagers);
// Set immutable state variables - these cannot be read from during construction
_poolId = poolId;
}
// Getters / Setters
function getPoolId() public view override returns (bytes32) {
return _poolId;
}
function _getTotalTokens() internal view virtual returns (uint256);
function _getMaxTokens() internal pure virtual returns (uint256);
function _getMinimumBpt() internal pure virtual returns (uint256) {
return _MINIMUM_BPT;
}
function getSwapFeePercentage() public view returns (uint256) {
return _miscData.decodeUint64(_SWAP_FEE_PERCENTAGE_OFFSET);
}
function setSwapFeePercentage(uint256 swapFeePercentage) external virtual authenticate whenNotPaused {
_setSwapFeePercentage(swapFeePercentage);
}
function _setSwapFeePercentage(uint256 swapFeePercentage) private {
_require(swapFeePercentage >= _MIN_SWAP_FEE_PERCENTAGE, Errors.MIN_SWAP_FEE_PERCENTAGE);
_require(swapFeePercentage <= _MAX_SWAP_FEE_PERCENTAGE, Errors.MAX_SWAP_FEE_PERCENTAGE);
_miscData = _miscData.insertUint64(swapFeePercentage, _SWAP_FEE_PERCENTAGE_OFFSET);
emit SwapFeePercentageChanged(swapFeePercentage);
}
function setAssetManagerPoolConfig(IERC20 token, bytes memory poolConfig)
public
virtual
authenticate
whenNotPaused
{
_setAssetManagerPoolConfig(token, poolConfig);
}
function _setAssetManagerPoolConfig(IERC20 token, bytes memory poolConfig) private {
bytes32 poolId = getPoolId();
(, , , address assetManager) = getVault().getPoolTokenInfo(poolId, token);
IAssetManager(assetManager).setConfig(poolId, poolConfig);
}
function setPaused(bool paused) external authenticate {
_setPaused(paused);
}
function _isOwnerOnlyAction(bytes32 actionId) internal view virtual override returns (bool) {
return
(actionId == getActionId(this.setSwapFeePercentage.selector)) ||
(actionId == getActionId(this.setAssetManagerPoolConfig.selector));
}
function _getMiscData() internal view returns (bytes32) {
return _miscData;
}
/**
* Inserts data into the least-significant 192 bits of the misc data storage slot.
* Note that the remaining 64 bits are used for the swap fee percentage and cannot be overloaded.
*/
function _setMiscData(bytes32 newData) internal {
_miscData = _miscData.insertBits192(newData, 0);
}
// Join / Exit Hooks
modifier onlyVault(bytes32 poolId) {
_require(msg.sender == address(getVault()), Errors.CALLER_NOT_VAULT);
_require(poolId == getPoolId(), Errors.INVALID_POOL_ID);
_;
}
function onJoinPool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData
) public virtual override onlyVault(poolId) returns (uint256[] memory, uint256[] memory) {
uint256[] memory scalingFactors = _scalingFactors();
if (totalSupply() == 0) {
(uint256 bptAmountOut, uint256[] memory amountsIn) = _onInitializePool(
poolId,
sender,
recipient,
scalingFactors,
userData
);
// On initialization, we lock _getMinimumBpt() by minting it for the zero address. This BPT acts as a
// minimum as it will never be burned, which reduces potential issues with rounding, and also prevents the
// Pool from ever being fully drained.
_require(bptAmountOut >= _getMinimumBpt(), Errors.MINIMUM_BPT);
_mintPoolTokens(address(0), _getMinimumBpt());
_mintPoolTokens(recipient, bptAmountOut - _getMinimumBpt());
// amountsIn are amounts entering the Pool, so we round up.
_downscaleUpArray(amountsIn, scalingFactors);
return (amountsIn, new uint256[](_getTotalTokens()));
} else {
_upscaleArray(balances, scalingFactors);
(uint256 bptAmountOut, uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts) = _onJoinPool(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
scalingFactors,
userData
);
// Note we no longer use `balances` after calling `_onJoinPool`, which may mutate it.
_mintPoolTokens(recipient, bptAmountOut);
// amountsIn are amounts entering the Pool, so we round up.
_downscaleUpArray(amountsIn, scalingFactors);
// dueProtocolFeeAmounts are amounts exiting the Pool, so we round down.
_downscaleDownArray(dueProtocolFeeAmounts, scalingFactors);
return (amountsIn, dueProtocolFeeAmounts);
}
}
function onExitPool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData
) public virtual override onlyVault(poolId) returns (uint256[] memory, uint256[] memory) {
uint256[] memory scalingFactors = _scalingFactors();
_upscaleArray(balances, scalingFactors);
(uint256 bptAmountIn, uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts) = _onExitPool(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
scalingFactors,
userData
);
// Note we no longer use `balances` after calling `_onExitPool`, which may mutate it.
_burnPoolTokens(sender, bptAmountIn);
// Both amountsOut and dueProtocolFeeAmounts are amounts exiting the Pool, so we round down.
_downscaleDownArray(amountsOut, scalingFactors);
_downscaleDownArray(dueProtocolFeeAmounts, scalingFactors);
return (amountsOut, dueProtocolFeeAmounts);
}
// Query functions
/**
* @dev Returns the amount of BPT that would be granted to `recipient` if the `onJoinPool` hook were called by the
* Vault with the same arguments, along with the number of tokens `sender` would have to supply.
*
* This function is not meant to be called directly, but rather from a helper contract that fetches current Vault
* data, such as the protocol swap fee percentage and Pool balances.
*
* Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must
* explicitly use eth_call instead of eth_sendTransaction.
*/
function queryJoin(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData
) external returns (uint256 bptOut, uint256[] memory amountsIn) {
InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens());
_queryAction(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
userData,
_onJoinPool,
_downscaleUpArray
);
// The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement,
// and we don't need to return anything here - it just silences compiler warnings.
return (bptOut, amountsIn);
}
/**
* @dev Returns the amount of BPT that would be burned from `sender` if the `onExitPool` hook were called by the
* Vault with the same arguments, along with the number of tokens `recipient` would receive.
*
* This function is not meant to be called directly, but rather from a helper contract that fetches current Vault
* data, such as the protocol swap fee percentage and Pool balances.
*
* Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must
* explicitly use eth_call instead of eth_sendTransaction.
*/
function queryExit(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData
) external returns (uint256 bptIn, uint256[] memory amountsOut) {
InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens());
_queryAction(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
userData,
_onExitPool,
_downscaleDownArray
);
// The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement,
// and we don't need to return anything here - it just silences compiler warnings.
return (bptIn, amountsOut);
}
// Internal hooks to be overridden by derived contracts - all token amounts (except BPT) in these interfaces are
// upscaled.
/**
* @dev Called when the Pool is joined for the first time; that is, when the BPT total supply is zero.
*
* Returns the amount of BPT to mint, and the token amounts the Pool will receive in return.
*
* Minted BPT will be sent to `recipient`, except for _getMinimumBpt(), which will be deducted from this amount and
* sent to the zero address instead. This will cause that BPT to remain forever locked there, preventing total BTP
* from ever dropping below that value, and ensuring `_onInitializePool` can only be called once in the entire
* Pool's lifetime.
*
* The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will
* be downscaled (rounding up) before being returned to the Vault.
*/
function _onInitializePool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory scalingFactors,
bytes memory userData
) internal virtual returns (uint256 bptAmountOut, uint256[] memory amountsIn);
/**
* @dev Called whenever the Pool is joined after the first initialization join (see `_onInitializePool`).
*
* Returns the amount of BPT to mint, the token amounts that the Pool will receive in return, and the number of
* tokens to pay in protocol swap fees.
*
* Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when
* performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.
*
* Minted BPT will be sent to `recipient`.
*
* The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will
* be downscaled (rounding up) before being returned to the Vault.
*
* Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onJoinPool`). These
* amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault.
*/
function _onJoinPool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytes memory userData
)
internal
virtual
returns (
uint256 bptAmountOut,
uint256[] memory amountsIn,
uint256[] memory dueProtocolFeeAmounts
);
/**
* @dev Called whenever the Pool is exited.
*
* Returns the amount of BPT to burn, the token amounts for each Pool token that the Pool will grant in return, and
* the number of tokens to pay in protocol swap fees.
*
* Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when
* performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.
*
* BPT will be burnt from `sender`.
*
* The Pool will grant tokens to `recipient`. These amounts are considered upscaled and will be downscaled
* (rounding down) before being returned to the Vault.
*
* Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onExitPool`). These
* amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault.
*/
function _onExitPool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytes memory userData
)
internal
virtual
returns (
uint256 bptAmountIn,
uint256[] memory amountsOut,
uint256[] memory dueProtocolFeeAmounts
);
// Internal functions
/**
* @dev Adds swap fee amount to `amount`, returning a higher value.
*/
function _addSwapFeeAmount(uint256 amount) internal view returns (uint256) {
// This returns amount + fee amount, so we round up (favoring a higher fee amount).
return amount.divUp(FixedPoint.ONE.sub(getSwapFeePercentage()));
}
/**
* @dev Subtracts swap fee amount from `amount`, returning a lower value.
*/
function _subtractSwapFeeAmount(uint256 amount) internal view returns (uint256) {
// This returns amount - fee amount, so we round up (favoring a higher fee amount).
uint256 feeAmount = amount.mulUp(getSwapFeePercentage());
return amount.sub(feeAmount);
}
// Scaling
/**
* @dev Returns a scaling factor that, when multiplied to a token amount for `token`, normalizes its balance as if
* it had 18 decimals.
*/
function _computeScalingFactor(IERC20 token) internal view returns (uint256) {
if (address(token) == address(this)) {
return FixedPoint.ONE;
}
// Tokens that don't implement the `decimals` method are not supported.
uint256 tokenDecimals = ERC20(address(token)).decimals();
// Tokens with more than 18 decimals are not supported.
uint256 decimalsDifference = Math.sub(18, tokenDecimals);
return FixedPoint.ONE * 10**decimalsDifference;
}
/**
* @dev Returns the scaling factor for one of the Pool's tokens. Reverts if `token` is not a token registered by the
* Pool.
*
* All scaling factors are fixed-point values with 18 decimals, to allow for this function to be overridden by
* derived contracts that need to apply further scaling, making these factors potentially non-integer.
*
* The largest 'base' scaling factor (i.e. in tokens with less than 18 decimals) is 10**18, which in fixed-point is
* 10**36. This value can be multiplied with a 112 bit Vault balance with no overflow by a factor of ~1e7, making
* even relatively 'large' factors safe to use.
*
* The 1e7 figure is the result of 2**256 / (1e18 * 1e18 * 2**112).
*/
function _scalingFactor(IERC20 token) internal view virtual returns (uint256);
/**
* @dev Same as `_scalingFactor()`, except for all registered tokens (in the same order as registered). The Vault
* will always pass balances in this order when calling any of the Pool hooks.
*/
function _scalingFactors() internal view virtual returns (uint256[] memory);
function getScalingFactors() external view returns (uint256[] memory) {
return _scalingFactors();
}
/**
* @dev Applies `scalingFactor` to `amount`, resulting in a larger or equal value depending on whether it needed
* scaling or not.
*/
function _upscale(uint256 amount, uint256 scalingFactor) internal pure returns (uint256) {
// Upscale rounding wouldn't necessarily always go in the same direction: in a swap for example the balance of
// token in should be rounded up, and that of token out rounded down. This is the only place where we round in
// the same direction for all amounts, as the impact of this rounding is expected to be minimal (and there's no
// rounding error unless `_scalingFactor()` is overriden).
return FixedPoint.mulDown(amount, scalingFactor);
}
/**
* @dev Same as `_upscale`, but for an entire array. This function does not return anything, but instead *mutates*
* the `amounts` array.
*/
function _upscaleArray(uint256[] memory amounts, uint256[] memory scalingFactors) internal view {
for (uint256 i = 0; i < _getTotalTokens(); ++i) {
amounts[i] = FixedPoint.mulDown(amounts[i], scalingFactors[i]);
}
}
/**
* @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on
* whether it needed scaling or not. The result is rounded down.
*/
function _downscaleDown(uint256 amount, uint256 scalingFactor) internal pure returns (uint256) {
return FixedPoint.divDown(amount, scalingFactor);
}
/**
* @dev Same as `_downscaleDown`, but for an entire array. This function does not return anything, but instead
* *mutates* the `amounts` array.
*/
function _downscaleDownArray(uint256[] memory amounts, uint256[] memory scalingFactors) internal view {
for (uint256 i = 0; i < _getTotalTokens(); ++i) {
amounts[i] = FixedPoint.divDown(amounts[i], scalingFactors[i]);
}
}
/**
* @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on
* whether it needed scaling or not. The result is rounded up.
*/
function _downscaleUp(uint256 amount, uint256 scalingFactor) internal pure returns (uint256) {
return FixedPoint.divUp(amount, scalingFactor);
}
/**
* @dev Same as `_downscaleUp`, but for an entire array. This function does not return anything, but instead
* *mutates* the `amounts` array.
*/
function _downscaleUpArray(uint256[] memory amounts, uint256[] memory scalingFactors) internal view {
for (uint256 i = 0; i < _getTotalTokens(); ++i) {
amounts[i] = FixedPoint.divUp(amounts[i], scalingFactors[i]);
}
}
function _getAuthorizer() internal view override returns (IAuthorizer) {
// Access control management is delegated to the Vault's Authorizer. This lets Balancer Governance manage which
// accounts can call permissioned functions: for example, to perform emergency pauses.
// If the owner is delegated, then *all* permissioned functions, including `setSwapFeePercentage`, will be under
// Governance control.
return getVault().getAuthorizer();
}
function _queryAction(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData,
function(bytes32, address, address, uint256[] memory, uint256, uint256, uint256[] memory, bytes memory)
internal
returns (uint256, uint256[] memory, uint256[] memory) _action,
function(uint256[] memory, uint256[] memory) internal view _downscaleArray
) private {
// This uses the same technique used by the Vault in queryBatchSwap. Refer to that function for a detailed
// explanation.
if (msg.sender != address(this)) {
// We perform an external call to ourselves, forwarding the same calldata. In this call, the else clause of
// the preceding if statement will be executed instead.
// solhint-disable-next-line avoid-low-level-calls
(bool success, ) = address(this).call(msg.data);
// solhint-disable-next-line no-inline-assembly
assembly {
// This call should always revert to decode the bpt and token amounts from the revert reason
switch success
case 0 {
// Note we are manually writing the memory slot 0. We can safely overwrite whatever is
// stored there as we take full control of the execution and then immediately return.
// We copy the first 4 bytes to check if it matches with the expected signature, otherwise
// there was another revert reason and we should forward it.
returndatacopy(0, 0, 0x04)
let error := and(mload(0), 0xffffffff00000000000000000000000000000000000000000000000000000000)
// If the first 4 bytes don't match with the expected signature, we forward the revert reason.
if eq(eq(error, 0x43adbafb00000000000000000000000000000000000000000000000000000000), 0) {
returndatacopy(0, 0, returndatasize())
revert(0, returndatasize())
}
// The returndata contains the signature, followed by the raw memory representation of the
// `bptAmount` and `tokenAmounts` (array: length + data). We need to return an ABI-encoded
// representation of these.
// An ABI-encoded response will include one additional field to indicate the starting offset of
// the `tokenAmounts` array. The `bptAmount` will be laid out in the first word of the
// returndata.
//
// In returndata:
// [ signature ][ bptAmount ][ tokenAmounts length ][ tokenAmounts values ]
// [ 4 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ]
//
// We now need to return (ABI-encoded values):
// [ bptAmount ][ tokeAmounts offset ][ tokenAmounts length ][ tokenAmounts values ]
// [ 32 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ]
// We copy 32 bytes for the `bptAmount` from returndata into memory.
// Note that we skip the first 4 bytes for the error signature
returndatacopy(0, 0x04, 32)
// The offsets are 32-bytes long, so the array of `tokenAmounts` will start after
// the initial 64 bytes.
mstore(0x20, 64)
// We now copy the raw memory array for the `tokenAmounts` from returndata into memory.
// Since bpt amount and offset take up 64 bytes, we start copying at address 0x40. We also
// skip the first 36 bytes from returndata, which correspond to the signature plus bpt amount.
returndatacopy(0x40, 0x24, sub(returndatasize(), 36))
// We finally return the ABI-encoded uint256 and the array, which has a total length equal to
// the size of returndata, plus the 32 bytes of the offset but without the 4 bytes of the
// error signature.
return(0, add(returndatasize(), 28))
}
default {
// This call should always revert, but we fail nonetheless if that didn't happen
invalid()
}
}
} else {
uint256[] memory scalingFactors = _scalingFactors();
_upscaleArray(balances, scalingFactors);
(uint256 bptAmount, uint256[] memory tokenAmounts, ) = _action(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
scalingFactors,
userData
);
_downscaleArray(tokenAmounts, scalingFactors);
// solhint-disable-next-line no-inline-assembly
assembly {
// We will return a raw representation of `bptAmount` and `tokenAmounts` in memory, which is composed of
// a 32-byte uint256, followed by a 32-byte for the array length, and finally the 32-byte uint256 values
// Because revert expects a size in bytes, we multiply the array length (stored at `tokenAmounts`) by 32
let size := mul(mload(tokenAmounts), 32)
// We store the `bptAmount` in the previous slot to the `tokenAmounts` array. We can make sure there
// will be at least one available slot due to how the memory scratch space works.
// We can safely overwrite whatever is stored in this slot as we will revert immediately after that.
let start := sub(tokenAmounts, 0x20)
mstore(start, bptAmount)
// We send one extra value for the error signature "QueryError(uint256,uint256[])" which is 0x43adbafb
// We use the previous slot to `bptAmount`.
mstore(sub(start, 0x20), 0x0000000000000000000000000000000000000000000000000000000043adbafb)
start := sub(start, 0x04)
// When copying from `tokenAmounts` into returndata, we copy the additional 68 bytes to also return
// the `bptAmount`, the array 's length, and the error signature.
revert(start, add(size, 68))
}
}
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "./IBasePool.sol";
/**
* @dev Pool contracts with the MinimalSwapInfo or TwoToken specialization settings should implement this interface.
*
* This is called by the Vault when a user calls `IVault.swap` or `IVault.batchSwap` to swap with this Pool.
* Returns the number of tokens the Pool will grant to the user in a 'given in' swap, or that the user will grant
* to the pool in a 'given out' swap.
*
* This can often be implemented by a `view` function, since many pricing algorithms don't need to track state
* changes in swaps. However, contracts implementing this in non-view functions should check that the caller is
* indeed the Vault.
*/
interface IMinimalSwapInfoPool is IBasePool {
function onSwap(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) external returns (uint256 amount);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "./LogExpMath.sol";
import "../helpers/BalancerErrors.sol";
/* solhint-disable private-vars-leading-underscore */
library FixedPoint {
uint256 internal constant ONE = 1e18; // 18 decimal places
uint256 internal constant MAX_POW_RELATIVE_ERROR = 10000; // 10^(-14)
// Minimum base for the power function when the exponent is 'free' (larger than ONE).
uint256 internal constant MIN_POW_BASE_FREE_EXPONENT = 0.7e18;
function add(uint256 a, uint256 b) internal pure returns (uint256) {
// Fixed Point addition is the same as regular checked addition
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
// Fixed Point addition is the same as regular checked addition
_require(b <= a, Errors.SUB_OVERFLOW);
uint256 c = a - b;
return c;
}
function mulDown(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 product = a * b;
_require(a == 0 || product / a == b, Errors.MUL_OVERFLOW);
return product / ONE;
}
function mulUp(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 product = a * b;
_require(a == 0 || product / a == b, Errors.MUL_OVERFLOW);
if (product == 0) {
return 0;
} else {
// The traditional divUp formula is:
// divUp(x, y) := (x + y - 1) / y
// To avoid intermediate overflow in the addition, we distribute the division and get:
// divUp(x, y) := (x - 1) / y + 1
// Note that this requires x != 0, which we already tested for.
return ((product - 1) / ONE) + 1;
}
}
function divDown(uint256 a, uint256 b) internal pure returns (uint256) {
_require(b != 0, Errors.ZERO_DIVISION);
if (a == 0) {
return 0;
} else {
uint256 aInflated = a * ONE;
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow
return aInflated / b;
}
}
function divUp(uint256 a, uint256 b) internal pure returns (uint256) {
_require(b != 0, Errors.ZERO_DIVISION);
if (a == 0) {
return 0;
} else {
uint256 aInflated = a * ONE;
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow
// The traditional divUp formula is:
// divUp(x, y) := (x + y - 1) / y
// To avoid intermediate overflow in the addition, we distribute the division and get:
// divUp(x, y) := (x - 1) / y + 1
// Note that this requires x != 0, which we already tested for.
return ((aInflated - 1) / b) + 1;
}
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above
* the true value (that is, the error function expected - actual is always positive).
*/
function powDown(uint256 x, uint256 y) internal pure returns (uint256) {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
if (raw < maxError) {
return 0;
} else {
return sub(raw, maxError);
}
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below
* the true value (that is, the error function expected - actual is always negative).
*/
function powUp(uint256 x, uint256 y) internal pure returns (uint256) {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
return add(raw, maxError);
}
/**
* @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1.
*
* Useful when computing the complement for values with some level of relative error, as it strips this error and
* prevents intermediate negative values.
*/
function complement(uint256 x) internal pure returns (uint256) {
return (x < ONE) ? (ONE - x) : 0;
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "./BalancerErrors.sol";
import "./ITemporarilyPausable.sol";
/**
* @dev Allows for a contract to be paused during an initial period after deployment, disabling functionality. Can be
* used as an emergency switch in case a security vulnerability or threat is identified.
*
* The contract can only be paused during the Pause Window, a period that starts at deployment. It can also be
* unpaused and repaused any number of times during this period. This is intended to serve as a safety measure: it lets
* system managers react quickly to potentially dangerous situations, knowing that this action is reversible if careful
* analysis later determines there was a false alarm.
*
* If the contract is paused when the Pause Window finishes, it will remain in the paused state through an additional
* Buffer Period, after which it will be automatically unpaused forever. This is to ensure there is always enough time
* to react to an emergency, even if the threat is discovered shortly before the Pause Window expires.
*
* Note that since the contract can only be paused within the Pause Window, unpausing during the Buffer Period is
* irreversible.
*/
abstract contract TemporarilyPausable is ITemporarilyPausable {
// The Pause Window and Buffer Period are timestamp-based: they should not be relied upon for sub-minute accuracy.
// solhint-disable not-rely-on-time
uint256 private constant _MAX_PAUSE_WINDOW_DURATION = 90 days;
uint256 private constant _MAX_BUFFER_PERIOD_DURATION = 30 days;
uint256 private immutable _pauseWindowEndTime;
uint256 private immutable _bufferPeriodEndTime;
bool private _paused;
constructor(uint256 pauseWindowDuration, uint256 bufferPeriodDuration) {
_require(pauseWindowDuration <= _MAX_PAUSE_WINDOW_DURATION, Errors.MAX_PAUSE_WINDOW_DURATION);
_require(bufferPeriodDuration <= _MAX_BUFFER_PERIOD_DURATION, Errors.MAX_BUFFER_PERIOD_DURATION);
uint256 pauseWindowEndTime = block.timestamp + pauseWindowDuration;
_pauseWindowEndTime = pauseWindowEndTime;
_bufferPeriodEndTime = pauseWindowEndTime + bufferPeriodDuration;
}
/**
* @dev Reverts if the contract is paused.
*/
modifier whenNotPaused() {
_ensureNotPaused();
_;
}
/**
* @dev Returns the current contract pause status, as well as the end times of the Pause Window and Buffer
* Period.
*/
function getPausedState()
external
view
override
returns (
bool paused,
uint256 pauseWindowEndTime,
uint256 bufferPeriodEndTime
)
{
paused = !_isNotPaused();
pauseWindowEndTime = _getPauseWindowEndTime();
bufferPeriodEndTime = _getBufferPeriodEndTime();
}
/**
* @dev Sets the pause state to `paused`. The contract can only be paused until the end of the Pause Window, and
* unpaused until the end of the Buffer Period.
*
* Once the Buffer Period expires, this function reverts unconditionally.
*/
function _setPaused(bool paused) internal {
if (paused) {
_require(block.timestamp < _getPauseWindowEndTime(), Errors.PAUSE_WINDOW_EXPIRED);
} else {
_require(block.timestamp < _getBufferPeriodEndTime(), Errors.BUFFER_PERIOD_EXPIRED);
}
_paused = paused;
emit PausedStateChanged(paused);
}
/**
* @dev Reverts if the contract is paused.
*/
function _ensureNotPaused() internal view {
_require(_isNotPaused(), Errors.PAUSED);
}
/**
* @dev Returns true if the contract is unpaused.
*
* Once the Buffer Period expires, the gas cost of calling this function is reduced dramatically, as storage is no
* longer accessed.
*/
function _isNotPaused() internal view returns (bool) {
// After the Buffer Period, the (inexpensive) timestamp check short-circuits the storage access.
return block.timestamp > _getBufferPeriodEndTime() || !_paused;
}
// These getters lead to reduced bytecode size by inlining the immutable variables in a single place.
function _getPauseWindowEndTime() private view returns (uint256) {
return _pauseWindowEndTime;
}
function _getBufferPeriodEndTime() private view returns (uint256) {
return _bufferPeriodEndTime;
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
/**
* @dev Library for encoding and decoding values stored inside a 256 bit word. Typically used to pack multiple values in
* a single storage slot, saving gas by performing less storage accesses.
*
* Each value is defined by its size and the least significant bit in the word, also known as offset. For example, two
* 128 bit values may be encoded in a word by assigning one an offset of 0, and the other an offset of 128.
*
* We could use Solidity structs to pack values together in a single storage slot instead of relying on a custom and
* error-prone library, but unfortunately Solidity only allows for structs to live in either storage, calldata or
* memory. Because a memory struct uses not just memory but also a slot in the stack (to store its memory location),
* using memory for word-sized values (i.e. of 256 bits or less) is strictly less gas performant, and doesn't even
* prevent stack-too-deep issues. This is compounded by the fact that Balancer contracts typically are memory-intensive,
* and the cost of accesing memory increases quadratically with the number of allocated words. Manual packing and
* unpacking is therefore the preferred approach.
*/
library WordCodec {
// Masks are values with the least significant N bits set. They can be used to extract an encoded value from a word,
// or to insert a new one replacing the old.
uint256 private constant _MASK_1 = 2**(1) - 1;
uint256 private constant _MASK_5 = 2**(5) - 1;
uint256 private constant _MASK_7 = 2**(7) - 1;
uint256 private constant _MASK_10 = 2**(10) - 1;
uint256 private constant _MASK_16 = 2**(16) - 1;
uint256 private constant _MASK_22 = 2**(22) - 1;
uint256 private constant _MASK_31 = 2**(31) - 1;
uint256 private constant _MASK_32 = 2**(32) - 1;
uint256 private constant _MASK_53 = 2**(53) - 1;
uint256 private constant _MASK_64 = 2**(64) - 1;
uint256 private constant _MASK_128 = 2**(128) - 1;
uint256 private constant _MASK_192 = 2**(192) - 1;
// Largest positive values that can be represented as N bits signed integers.
int256 private constant _MAX_INT_22 = 2**(21) - 1;
int256 private constant _MAX_INT_53 = 2**(52) - 1;
// In-place insertion
/**
* @dev Inserts a boolean value shifted by an offset into a 256 bit word, replacing the old value. Returns the new
* word.
*/
function insertBool(
bytes32 word,
bool value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_1 << offset));
return clearedWord | bytes32(uint256(value ? 1 : 0) << offset);
}
// Unsigned
/**
* @dev Inserts a 5 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` only uses its least significant 5 bits, otherwise it may overwrite sibling bytes.
*/
function insertUint5(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_5 << offset));
return clearedWord | bytes32(value << offset);
}
/**
* @dev Inserts a 7 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` only uses its least significant 7 bits, otherwise it may overwrite sibling bytes.
*/
function insertUint7(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_7 << offset));
return clearedWord | bytes32(value << offset);
}
/**
* @dev Inserts a 10 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` only uses its least significant 10 bits, otherwise it may overwrite sibling bytes.
*/
function insertUint10(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_10 << offset));
return clearedWord | bytes32(value << offset);
}
/**
* @dev Inserts a 16 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value.
* Returns the new word.
*
* Assumes `value` only uses its least significant 16 bits, otherwise it may overwrite sibling bytes.
*/
function insertUint16(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_16 << offset));
return clearedWord | bytes32(value << offset);
}
/**
* @dev Inserts a 31 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` can be represented using 31 bits.
*/
function insertUint31(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_31 << offset));
return clearedWord | bytes32(value << offset);
}
/**
* @dev Inserts a 32 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` only uses its least significant 32 bits, otherwise it may overwrite sibling bytes.
*/
function insertUint32(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_32 << offset));
return clearedWord | bytes32(value << offset);
}
/**
* @dev Inserts a 64 bit unsigned integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` only uses its least significant 64 bits, otherwise it may overwrite sibling bytes.
*/
function insertUint64(
bytes32 word,
uint256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_64 << offset));
return clearedWord | bytes32(value << offset);
}
// Signed
/**
* @dev Inserts a 22 bits signed integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` can be represented using 22 bits.
*/
function insertInt22(
bytes32 word,
int256 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_22 << offset));
// Integer values need masking to remove the upper bits of negative values.
return clearedWord | bytes32((uint256(value) & _MASK_22) << offset);
}
// Bytes
/**
* @dev Inserts 192 bit shifted by an offset into a 256 bit word, replacing the old value. Returns the new word.
*
* Assumes `value` can be represented using 192 bits.
*/
function insertBits192(
bytes32 word,
bytes32 value,
uint256 offset
) internal pure returns (bytes32) {
bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_192 << offset));
return clearedWord | bytes32((uint256(value) & _MASK_192) << offset);
}
// Encoding
// Unsigned
/**
* @dev Encodes an unsigned integer shifted by an offset. This performs no size checks: it is up to the caller to
* ensure that the values are bounded.
*
* The return value can be logically ORed with other encoded values to form a 256 bit word.
*/
function encodeUint(uint256 value, uint256 offset) internal pure returns (bytes32) {
return bytes32(value << offset);
}
// Signed
/**
* @dev Encodes a 22 bits signed integer shifted by an offset.
*
* The return value can be logically ORed with other encoded values to form a 256 bit word.
*/
function encodeInt22(int256 value, uint256 offset) internal pure returns (bytes32) {
// Integer values need masking to remove the upper bits of negative values.
return bytes32((uint256(value) & _MASK_22) << offset);
}
/**
* @dev Encodes a 53 bits signed integer shifted by an offset.
*
* The return value can be logically ORed with other encoded values to form a 256 bit word.
*/
function encodeInt53(int256 value, uint256 offset) internal pure returns (bytes32) {
// Integer values need masking to remove the upper bits of negative values.
return bytes32((uint256(value) & _MASK_53) << offset);
}
// Decoding
/**
* @dev Decodes and returns a boolean shifted by an offset from a 256 bit word.
*/
function decodeBool(bytes32 word, uint256 offset) internal pure returns (bool) {
return (uint256(word >> offset) & _MASK_1) == 1;
}
// Unsigned
/**
* @dev Decodes and returns a 5 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint5(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_5;
}
/**
* @dev Decodes and returns a 7 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint7(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_7;
}
/**
* @dev Decodes and returns a 10 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint10(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_10;
}
/**
* @dev Decodes and returns a 16 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint16(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_16;
}
/**
* @dev Decodes and returns a 31 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint31(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_31;
}
/**
* @dev Decodes and returns a 32 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint32(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_32;
}
/**
* @dev Decodes and returns a 64 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint64(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_64;
}
/**
* @dev Decodes and returns a 128 bit unsigned integer shifted by an offset from a 256 bit word.
*/
function decodeUint128(bytes32 word, uint256 offset) internal pure returns (uint256) {
return uint256(word >> offset) & _MASK_128;
}
// Signed
/**
* @dev Decodes and returns a 22 bits signed integer shifted by an offset from a 256 bit word.
*/
function decodeInt22(bytes32 word, uint256 offset) internal pure returns (int256) {
int256 value = int256(uint256(word >> offset) & _MASK_22);
// In case the decoded value is greater than the max positive integer that can be represented with 22 bits,
// we know it was originally a negative integer. Therefore, we mask it to restore the sign in the 256 bit
// representation.
return value > _MAX_INT_22 ? (value | int256(~_MASK_22)) : value;
}
/**
* @dev Decodes and returns a 53 bits signed integer shifted by an offset from a 256 bit word.
*/
function decodeInt53(bytes32 word, uint256 offset) internal pure returns (int256) {
int256 value = int256(uint256(word >> offset) & _MASK_53);
// In case the decoded value is greater than the max positive integer that can be represented with 53 bits,
// we know it was originally a negative integer. Therefore, we mask it to restore the sign in the 256 bit
// representation.
return value > _MAX_INT_53 ? (value | int256(~_MASK_53)) : value;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
import "../helpers/BalancerErrors.sol";
import "./IERC20.sol";
import "./SafeMath.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20 is IERC20 {
using SafeMath for uint256;
mapping(address => uint256) private _balances;
mapping(address => mapping(address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
uint8 private _decimals;
/**
* @dev Sets the values for {name} and {symbol}, initializes {decimals} with
* a default value of 18.
*
* To select a different value for {decimals}, use {_setupDecimals}.
*
* All three of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
_decimals = 18;
}
/**
* @dev Returns the name of the token.
*/
function name() public view returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5,05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is
* called.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view returns (uint8) {
return _decimals;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(msg.sender, recipient, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
_approve(msg.sender, spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* Requirements:
*
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for ``sender``'s tokens of at least
* `amount`.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) public virtual override returns (bool) {
_transfer(sender, recipient, amount);
_approve(
sender,
msg.sender,
_allowances[sender][msg.sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE)
);
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
_approve(
msg.sender,
spender,
_allowances[msg.sender][spender].sub(subtractedValue, Errors.ERC20_DECREASED_ALLOWANCE_BELOW_ZERO)
);
return true;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/
function _transfer(
address sender,
address recipient,
uint256 amount
) internal virtual {
_require(sender != address(0), Errors.ERC20_TRANSFER_FROM_ZERO_ADDRESS);
_require(recipient != address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS);
_beforeTokenTransfer(sender, recipient, amount);
_balances[sender] = _balances[sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_BALANCE);
_balances[recipient] = _balances[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `to` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
_beforeTokenTransfer(address(0), account, amount);
_totalSupply = _totalSupply.add(amount);
_balances[account] = _balances[account].add(amount);
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
_require(account != address(0), Errors.ERC20_BURN_FROM_ZERO_ADDRESS);
_beforeTokenTransfer(account, address(0), amount);
_balances[account] = _balances[account].sub(amount, Errors.ERC20_BURN_EXCEEDS_ALLOWANCE);
_totalSupply = _totalSupply.sub(amount);
emit Transfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(
address owner,
address spender,
uint256 amount
) internal virtual {
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Sets {decimals} to a value other than the default one of 18.
*
* WARNING: This function should only be called from the constructor. Most
* applications that interact with token contracts will not expect
* {decimals} to ever change, and may work incorrectly if it does.
*/
function _setupDecimals(uint8 decimals_) internal {
_decimals = decimals_;
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be to transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(
address from,
address to,
uint256 amount
) internal virtual {}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma experimental ABIEncoderV2;
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/IERC20.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/ISignaturesValidator.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/ITemporarilyPausable.sol";
import "@balancer-labs/v2-solidity-utils/contracts/misc/IWETH.sol";
import "./IAsset.sol";
import "./IAuthorizer.sol";
import "./IFlashLoanRecipient.sol";
import "./IProtocolFeesCollector.sol";
pragma solidity ^0.7.0;
/**
* @dev Full external interface for the Vault core contract - no external or public methods exist in the contract that
* don't override one of these declarations.
*/
interface IVault is ISignaturesValidator, ITemporarilyPausable {
// Generalities about the Vault:
//
// - Whenever documentation refers to 'tokens', it strictly refers to ERC20-compliant token contracts. Tokens are
// transferred out of the Vault by calling the `IERC20.transfer` function, and transferred in by calling
// `IERC20.transferFrom`. In these cases, the sender must have previously allowed the Vault to use their tokens by
// calling `IERC20.approve`. The only deviation from the ERC20 standard that is supported is functions not returning
// a boolean value: in these scenarios, a non-reverting call is assumed to be successful.
//
// - All non-view functions in the Vault are non-reentrant: calling them while another one is mid-execution (e.g.
// while execution control is transferred to a token contract during a swap) will result in a revert. View
// functions can be called in a re-reentrant way, but doing so might cause them to return inconsistent results.
// Contracts calling view functions in the Vault must make sure the Vault has not already been entered.
//
// - View functions revert if referring to either unregistered Pools, or unregistered tokens for registered Pools.
// Authorizer
//
// Some system actions are permissioned, like setting and collecting protocol fees. This permissioning system exists
// outside of the Vault in the Authorizer contract: the Vault simply calls the Authorizer to check if the caller
// can perform a given action.
/**
* @dev Returns the Vault's Authorizer.
*/
function getAuthorizer() external view returns (IAuthorizer);
/**
* @dev Sets a new Authorizer for the Vault. The caller must be allowed by the current Authorizer to do this.
*
* Emits an `AuthorizerChanged` event.
*/
function setAuthorizer(IAuthorizer newAuthorizer) external;
/**
* @dev Emitted when a new authorizer is set by `setAuthorizer`.
*/
event AuthorizerChanged(IAuthorizer indexed newAuthorizer);
// Relayers
//
// Additionally, it is possible for an account to perform certain actions on behalf of another one, using their
// Vault ERC20 allowance and Internal Balance. These accounts are said to be 'relayers' for these Vault functions,
// and are expected to be smart contracts with sound authentication mechanisms. For an account to be able to wield
// this power, two things must occur:
// - The Authorizer must grant the account the permission to be a relayer for the relevant Vault function. This
// means that Balancer governance must approve each individual contract to act as a relayer for the intended
// functions.
// - Each user must approve the relayer to act on their behalf.
// This double protection means users cannot be tricked into approving malicious relayers (because they will not
// have been allowed by the Authorizer via governance), nor can malicious relayers approved by a compromised
// Authorizer or governance drain user funds, since they would also need to be approved by each individual user.
/**
* @dev Returns true if `user` has approved `relayer` to act as a relayer for them.
*/
function hasApprovedRelayer(address user, address relayer) external view returns (bool);
/**
* @dev Allows `relayer` to act as a relayer for `sender` if `approved` is true, and disallows it otherwise.
*
* Emits a `RelayerApprovalChanged` event.
*/
function setRelayerApproval(
address sender,
address relayer,
bool approved
) external;
/**
* @dev Emitted every time a relayer is approved or disapproved by `setRelayerApproval`.
*/
event RelayerApprovalChanged(address indexed relayer, address indexed sender, bool approved);
// Internal Balance
//
// Users can deposit tokens into the Vault, where they are allocated to their Internal Balance, and later
// transferred or withdrawn. It can also be used as a source of tokens when joining Pools, as a destination
// when exiting them, and as either when performing swaps. This usage of Internal Balance results in greatly reduced
// gas costs when compared to relying on plain ERC20 transfers, leading to large savings for frequent users.
//
// Internal Balance management features batching, which means a single contract call can be used to perform multiple
// operations of different kinds, with different senders and recipients, at once.
/**
* @dev Returns `user`'s Internal Balance for a set of tokens.
*/
function getInternalBalance(address user, IERC20[] memory tokens) external view returns (uint256[] memory);
/**
* @dev Performs a set of user balance operations, which involve Internal Balance (deposit, withdraw or transfer)
* and plain ERC20 transfers using the Vault's allowance. This last feature is particularly useful for relayers, as
* it lets integrators reuse a user's Vault allowance.
*
* For each operation, if the caller is not `sender`, it must be an authorized relayer for them.
*/
function manageUserBalance(UserBalanceOp[] memory ops) external payable;
/**
* @dev Data for `manageUserBalance` operations, which include the possibility for ETH to be sent and received
without manual WETH wrapping or unwrapping.
*/
struct UserBalanceOp {
UserBalanceOpKind kind;
IAsset asset;
uint256 amount;
address sender;
address payable recipient;
}
// There are four possible operations in `manageUserBalance`:
//
// - DEPOSIT_INTERNAL
// Increases the Internal Balance of the `recipient` account by transferring tokens from the corresponding
// `sender`. The sender must have allowed the Vault to use their tokens via `IERC20.approve()`.
//
// ETH can be used by passing the ETH sentinel value as the asset and forwarding ETH in the call: it will be wrapped
// and deposited as WETH. Any ETH amount remaining will be sent back to the caller (not the sender, which is
// relevant for relayers).
//
// Emits an `InternalBalanceChanged` event.
//
//
// - WITHDRAW_INTERNAL
// Decreases the Internal Balance of the `sender` account by transferring tokens to the `recipient`.
//
// ETH can be used by passing the ETH sentinel value as the asset. This will deduct WETH instead, unwrap it and send
// it to the recipient as ETH.
//
// Emits an `InternalBalanceChanged` event.
//
//
// - TRANSFER_INTERNAL
// Transfers tokens from the Internal Balance of the `sender` account to the Internal Balance of `recipient`.
//
// Reverts if the ETH sentinel value is passed.
//
// Emits an `InternalBalanceChanged` event.
//
//
// - TRANSFER_EXTERNAL
// Transfers tokens from `sender` to `recipient`, using the Vault's ERC20 allowance. This is typically used by
// relayers, as it lets them reuse a user's Vault allowance.
//
// Reverts if the ETH sentinel value is passed.
//
// Emits an `ExternalBalanceTransfer` event.
enum UserBalanceOpKind { DEPOSIT_INTERNAL, WITHDRAW_INTERNAL, TRANSFER_INTERNAL, TRANSFER_EXTERNAL }
/**
* @dev Emitted when a user's Internal Balance changes, either from calls to `manageUserBalance`, or through
* interacting with Pools using Internal Balance.
*
* Because Internal Balance works exclusively with ERC20 tokens, ETH deposits and withdrawals will use the WETH
* address.
*/
event InternalBalanceChanged(address indexed user, IERC20 indexed token, int256 delta);
/**
* @dev Emitted when a user's Vault ERC20 allowance is used by the Vault to transfer tokens to an external account.
*/
event ExternalBalanceTransfer(IERC20 indexed token, address indexed sender, address recipient, uint256 amount);
// Pools
//
// There are three specialization settings for Pools, which allow for cheaper swaps at the cost of reduced
// functionality:
//
// - General: no specialization, suited for all Pools. IGeneralPool is used for swap request callbacks, passing the
// balance of all tokens in the Pool. These Pools have the largest swap costs (because of the extra storage reads),
// which increase with the number of registered tokens.
//
// - Minimal Swap Info: IMinimalSwapInfoPool is used instead of IGeneralPool, which saves gas by only passing the
// balance of the two tokens involved in the swap. This is suitable for some pricing algorithms, like the weighted
// constant product one popularized by Balancer V1. Swap costs are smaller compared to general Pools, and are
// independent of the number of registered tokens.
//
// - Two Token: only allows two tokens to be registered. This achieves the lowest possible swap gas cost. Like
// minimal swap info Pools, these are called via IMinimalSwapInfoPool.
enum PoolSpecialization { GENERAL, MINIMAL_SWAP_INFO, TWO_TOKEN }
/**
* @dev Registers the caller account as a Pool with a given specialization setting. Returns the Pool's ID, which
* is used in all Pool-related functions. Pools cannot be deregistered, nor can the Pool's specialization be
* changed.
*
* The caller is expected to be a smart contract that implements either `IGeneralPool` or `IMinimalSwapInfoPool`,
* depending on the chosen specialization setting. This contract is known as the Pool's contract.
*
* Note that the same contract may register itself as multiple Pools with unique Pool IDs, or in other words,
* multiple Pools may share the same contract.
*
* Emits a `PoolRegistered` event.
*/
function registerPool(PoolSpecialization specialization) external returns (bytes32);
/**
* @dev Emitted when a Pool is registered by calling `registerPool`.
*/
event PoolRegistered(bytes32 indexed poolId, address indexed poolAddress, PoolSpecialization specialization);
/**
* @dev Returns a Pool's contract address and specialization setting.
*/
function getPool(bytes32 poolId) external view returns (address, PoolSpecialization);
/**
* @dev Registers `tokens` for the `poolId` Pool. Must be called by the Pool's contract.
*
* Pools can only interact with tokens they have registered. Users join a Pool by transferring registered tokens,
* exit by receiving registered tokens, and can only swap registered tokens.
*
* Each token can only be registered once. For Pools with the Two Token specialization, `tokens` must have a length
* of two, that is, both tokens must be registered in the same `registerTokens` call, and they must be sorted in
* ascending order.
*
* The `tokens` and `assetManagers` arrays must have the same length, and each entry in these indicates the Asset
* Manager for the corresponding token. Asset Managers can manage a Pool's tokens via `managePoolBalance`,
* depositing and withdrawing them directly, and can even set their balance to arbitrary amounts. They are therefore
* expected to be highly secured smart contracts with sound design principles, and the decision to register an
* Asset Manager should not be made lightly.
*
* Pools can choose not to assign an Asset Manager to a given token by passing in the zero address. Once an Asset
* Manager is set, it cannot be changed except by deregistering the associated token and registering again with a
* different Asset Manager.
*
* Emits a `TokensRegistered` event.
*/
function registerTokens(
bytes32 poolId,
IERC20[] memory tokens,
address[] memory assetManagers
) external;
/**
* @dev Emitted when a Pool registers tokens by calling `registerTokens`.
*/
event TokensRegistered(bytes32 indexed poolId, IERC20[] tokens, address[] assetManagers);
/**
* @dev Deregisters `tokens` for the `poolId` Pool. Must be called by the Pool's contract.
*
* Only registered tokens (via `registerTokens`) can be deregistered. Additionally, they must have zero total
* balance. For Pools with the Two Token specialization, `tokens` must have a length of two, that is, both tokens
* must be deregistered in the same `deregisterTokens` call.
*
* A deregistered token can be re-registered later on, possibly with a different Asset Manager.
*
* Emits a `TokensDeregistered` event.
*/
function deregisterTokens(bytes32 poolId, IERC20[] memory tokens) external;
/**
* @dev Emitted when a Pool deregisters tokens by calling `deregisterTokens`.
*/
event TokensDeregistered(bytes32 indexed poolId, IERC20[] tokens);
/**
* @dev Returns detailed information for a Pool's registered token.
*
* `cash` is the number of tokens the Vault currently holds for the Pool. `managed` is the number of tokens
* withdrawn and held outside the Vault by the Pool's token Asset Manager. The Pool's total balance for `token`
* equals the sum of `cash` and `managed`.
*
* Internally, `cash` and `managed` are stored using 112 bits. No action can ever cause a Pool's token `cash`,
* `managed` or `total` balance to be greater than 2^112 - 1.
*
* `lastChangeBlock` is the number of the block in which `token`'s total balance was last modified (via either a
* join, exit, swap, or Asset Manager update). This value is useful to avoid so-called 'sandwich attacks', for
* example when developing price oracles. A change of zero (e.g. caused by a swap with amount zero) is considered a
* change for this purpose, and will update `lastChangeBlock`.
*
* `assetManager` is the Pool's token Asset Manager.
*/
function getPoolTokenInfo(bytes32 poolId, IERC20 token)
external
view
returns (
uint256 cash,
uint256 managed,
uint256 lastChangeBlock,
address assetManager
);
/**
* @dev Returns a Pool's registered tokens, the total balance for each, and the latest block when *any* of
* the tokens' `balances` changed.
*
* The order of the `tokens` array is the same order that will be used in `joinPool`, `exitPool`, as well as in all
* Pool hooks (where applicable). Calls to `registerTokens` and `deregisterTokens` may change this order.
*
* If a Pool only registers tokens once, and these are sorted in ascending order, they will be stored in the same
* order as passed to `registerTokens`.
*
* Total balances include both tokens held by the Vault and those withdrawn by the Pool's Asset Managers. These are
* the amounts used by joins, exits and swaps. For a detailed breakdown of token balances, use `getPoolTokenInfo`
* instead.
*/
function getPoolTokens(bytes32 poolId)
external
view
returns (
IERC20[] memory tokens,
uint256[] memory balances,
uint256 lastChangeBlock
);
/**
* @dev Called by users to join a Pool, which transfers tokens from `sender` into the Pool's balance. This will
* trigger custom Pool behavior, which will typically grant something in return to `recipient` - often tokenized
* Pool shares.
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* The `assets` and `maxAmountsIn` arrays must have the same length, and each entry indicates the maximum amount
* to send for each asset. The amounts to send are decided by the Pool and not the Vault: it just enforces
* these maximums.
*
* If joining a Pool that holds WETH, it is possible to send ETH directly: the Vault will do the wrapping. To enable
* this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead of the
* WETH address. Note that it is not possible to combine ETH and WETH in the same join. Any excess ETH will be sent
* back to the caller (not the sender, which is important for relayers).
*
* `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when
* interacting with Pools that register and deregister tokens frequently. If sending ETH however, the array must be
* sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the final
* `assets` array might not be sorted. Pools with no registered tokens cannot be joined.
*
* If `fromInternalBalance` is true, the caller's Internal Balance will be preferred: ERC20 transfers will only
* be made for the difference between the requested amount and Internal Balance (if any). Note that ETH cannot be
* withdrawn from Internal Balance: attempting to do so will trigger a revert.
*
* This causes the Vault to call the `IBasePool.onJoinPool` hook on the Pool's contract, where Pools implement
* their own custom logic. This typically requires additional information from the user (such as the expected number
* of Pool shares). This can be encoded in the `userData` argument, which is ignored by the Vault and passed
* directly to the Pool's contract, as is `recipient`.
*
* Emits a `PoolBalanceChanged` event.
*/
function joinPool(
bytes32 poolId,
address sender,
address recipient,
JoinPoolRequest memory request
) external payable;
struct JoinPoolRequest {
IAsset[] assets;
uint256[] maxAmountsIn;
bytes userData;
bool fromInternalBalance;
}
/**
* @dev Called by users to exit a Pool, which transfers tokens from the Pool's balance to `recipient`. This will
* trigger custom Pool behavior, which will typically ask for something in return from `sender` - often tokenized
* Pool shares. The amount of tokens that can be withdrawn is limited by the Pool's `cash` balance (see
* `getPoolTokenInfo`).
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* The `tokens` and `minAmountsOut` arrays must have the same length, and each entry in these indicates the minimum
* token amount to receive for each token contract. The amounts to send are decided by the Pool and not the Vault:
* it just enforces these minimums.
*
* If exiting a Pool that holds WETH, it is possible to receive ETH directly: the Vault will do the unwrapping. To
* enable this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead
* of the WETH address. Note that it is not possible to combine ETH and WETH in the same exit.
*
* `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when
* interacting with Pools that register and deregister tokens frequently. If receiving ETH however, the array must
* be sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the
* final `assets` array might not be sorted. Pools with no registered tokens cannot be exited.
*
* If `toInternalBalance` is true, the tokens will be deposited to `recipient`'s Internal Balance. Otherwise,
* an ERC20 transfer will be performed. Note that ETH cannot be deposited to Internal Balance: attempting to
* do so will trigger a revert.
*
* `minAmountsOut` is the minimum amount of tokens the user expects to get out of the Pool, for each token in the
* `tokens` array. This array must match the Pool's registered tokens.
*
* This causes the Vault to call the `IBasePool.onExitPool` hook on the Pool's contract, where Pools implement
* their own custom logic. This typically requires additional information from the user (such as the expected number
* of Pool shares to return). This can be encoded in the `userData` argument, which is ignored by the Vault and
* passed directly to the Pool's contract.
*
* Emits a `PoolBalanceChanged` event.
*/
function exitPool(
bytes32 poolId,
address sender,
address payable recipient,
ExitPoolRequest memory request
) external;
struct ExitPoolRequest {
IAsset[] assets;
uint256[] minAmountsOut;
bytes userData;
bool toInternalBalance;
}
/**
* @dev Emitted when a user joins or exits a Pool by calling `joinPool` or `exitPool`, respectively.
*/
event PoolBalanceChanged(
bytes32 indexed poolId,
address indexed liquidityProvider,
IERC20[] tokens,
int256[] deltas,
uint256[] protocolFeeAmounts
);
enum PoolBalanceChangeKind { JOIN, EXIT }
// Swaps
//
// Users can swap tokens with Pools by calling the `swap` and `batchSwap` functions. To do this,
// they need not trust Pool contracts in any way: all security checks are made by the Vault. They must however be
// aware of the Pools' pricing algorithms in order to estimate the prices Pools will quote.
//
// The `swap` function executes a single swap, while `batchSwap` can perform multiple swaps in sequence.
// In each individual swap, tokens of one kind are sent from the sender to the Pool (this is the 'token in'),
// and tokens of another kind are sent from the Pool to the recipient in exchange (this is the 'token out').
// More complex swaps, such as one token in to multiple tokens out can be achieved by batching together
// individual swaps.
//
// There are two swap kinds:
// - 'given in' swaps, where the amount of tokens in (sent to the Pool) is known, and the Pool determines (via the
// `onSwap` hook) the amount of tokens out (to send to the recipient).
// - 'given out' swaps, where the amount of tokens out (received from the Pool) is known, and the Pool determines
// (via the `onSwap` hook) the amount of tokens in (to receive from the sender).
//
// Additionally, it is possible to chain swaps using a placeholder input amount, which the Vault replaces with
// the calculated output of the previous swap. If the previous swap was 'given in', this will be the calculated
// tokenOut amount. If the previous swap was 'given out', it will use the calculated tokenIn amount. These extended
// swaps are known as 'multihop' swaps, since they 'hop' through a number of intermediate tokens before arriving at
// the final intended token.
//
// In all cases, tokens are only transferred in and out of the Vault (or withdrawn from and deposited into Internal
// Balance) after all individual swaps have been completed, and the net token balance change computed. This makes
// certain swap patterns, such as multihops, or swaps that interact with the same token pair in multiple Pools, cost
// much less gas than they would otherwise.
//
// It also means that under certain conditions it is possible to perform arbitrage by swapping with multiple
// Pools in a way that results in net token movement out of the Vault (profit), with no tokens being sent in (only
// updating the Pool's internal accounting).
//
// To protect users from front-running or the market changing rapidly, they supply a list of 'limits' for each token
// involved in the swap, where either the maximum number of tokens to send (by passing a positive value) or the
// minimum amount of tokens to receive (by passing a negative value) is specified.
//
// Additionally, a 'deadline' timestamp can also be provided, forcing the swap to fail if it occurs after
// this point in time (e.g. if the transaction failed to be included in a block promptly).
//
// If interacting with Pools that hold WETH, it is possible to both send and receive ETH directly: the Vault will do
// the wrapping and unwrapping. To enable this mechanism, the IAsset sentinel value (the zero address) must be
// passed in the `assets` array instead of the WETH address. Note that it is possible to combine ETH and WETH in the
// same swap. Any excess ETH will be sent back to the caller (not the sender, which is relevant for relayers).
//
// Finally, Internal Balance can be used when either sending or receiving tokens.
enum SwapKind { GIVEN_IN, GIVEN_OUT }
/**
* @dev Performs a swap with a single Pool.
*
* If the swap is 'given in' (the number of tokens to send to the Pool is known), it returns the amount of tokens
* taken from the Pool, which must be greater than or equal to `limit`.
*
* If the swap is 'given out' (the number of tokens to take from the Pool is known), it returns the amount of tokens
* sent to the Pool, which must be less than or equal to `limit`.
*
* Internal Balance usage and the recipient are determined by the `funds` struct.
*
* Emits a `Swap` event.
*/
function swap(
SingleSwap memory singleSwap,
FundManagement memory funds,
uint256 limit,
uint256 deadline
) external payable returns (uint256);
/**
* @dev Data for a single swap executed by `swap`. `amount` is either `amountIn` or `amountOut` depending on
* the `kind` value.
*
* `assetIn` and `assetOut` are either token addresses, or the IAsset sentinel value for ETH (the zero address).
* Note that Pools never interact with ETH directly: it will be wrapped to or unwrapped from WETH by the Vault.
*
* The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be
* used to extend swap behavior.
*/
struct SingleSwap {
bytes32 poolId;
SwapKind kind;
IAsset assetIn;
IAsset assetOut;
uint256 amount;
bytes userData;
}
/**
* @dev Performs a series of swaps with one or multiple Pools. In each individual swap, the caller determines either
* the amount of tokens sent to or received from the Pool, depending on the `kind` value.
*
* Returns an array with the net Vault asset balance deltas. Positive amounts represent tokens (or ETH) sent to the
* Vault, and negative amounts represent tokens (or ETH) sent by the Vault. Each delta corresponds to the asset at
* the same index in the `assets` array.
*
* Swaps are executed sequentially, in the order specified by the `swaps` array. Each array element describes a
* Pool, the token to be sent to this Pool, the token to receive from it, and an amount that is either `amountIn` or
* `amountOut` depending on the swap kind.
*
* Multihop swaps can be executed by passing an `amount` value of zero for a swap. This will cause the amount in/out
* of the previous swap to be used as the amount in for the current one. In a 'given in' swap, 'tokenIn' must equal
* the previous swap's `tokenOut`. For a 'given out' swap, `tokenOut` must equal the previous swap's `tokenIn`.
*
* The `assets` array contains the addresses of all assets involved in the swaps. These are either token addresses,
* or the IAsset sentinel value for ETH (the zero address). Each entry in the `swaps` array specifies tokens in and
* out by referencing an index in `assets`. Note that Pools never interact with ETH directly: it will be wrapped to
* or unwrapped from WETH by the Vault.
*
* Internal Balance usage, sender, and recipient are determined by the `funds` struct. The `limits` array specifies
* the minimum or maximum amount of each token the vault is allowed to transfer.
*
* `batchSwap` can be used to make a single swap, like `swap` does, but doing so requires more gas than the
* equivalent `swap` call.
*
* Emits `Swap` events.
*/
function batchSwap(
SwapKind kind,
BatchSwapStep[] memory swaps,
IAsset[] memory assets,
FundManagement memory funds,
int256[] memory limits,
uint256 deadline
) external payable returns (int256[] memory);
/**
* @dev Data for each individual swap executed by `batchSwap`. The asset in and out fields are indexes into the
* `assets` array passed to that function, and ETH assets are converted to WETH.
*
* If `amount` is zero, the multihop mechanism is used to determine the actual amount based on the amount in/out
* from the previous swap, depending on the swap kind.
*
* The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be
* used to extend swap behavior.
*/
struct BatchSwapStep {
bytes32 poolId;
uint256 assetInIndex;
uint256 assetOutIndex;
uint256 amount;
bytes userData;
}
/**
* @dev Emitted for each individual swap performed by `swap` or `batchSwap`.
*/
event Swap(
bytes32 indexed poolId,
IERC20 indexed tokenIn,
IERC20 indexed tokenOut,
uint256 amountIn,
uint256 amountOut
);
/**
* @dev All tokens in a swap are either sent from the `sender` account to the Vault, or from the Vault to the
* `recipient` account.
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* If `fromInternalBalance` is true, the `sender`'s Internal Balance will be preferred, performing an ERC20
* transfer for the difference between the requested amount and the User's Internal Balance (if any). The `sender`
* must have allowed the Vault to use their tokens via `IERC20.approve()`. This matches the behavior of
* `joinPool`.
*
* If `toInternalBalance` is true, tokens will be deposited to `recipient`'s internal balance instead of
* transferred. This matches the behavior of `exitPool`.
*
* Note that ETH cannot be deposited to or withdrawn from Internal Balance: attempting to do so will trigger a
* revert.
*/
struct FundManagement {
address sender;
bool fromInternalBalance;
address payable recipient;
bool toInternalBalance;
}
/**
* @dev Simulates a call to `batchSwap`, returning an array of Vault asset deltas. Calls to `swap` cannot be
* simulated directly, but an equivalent `batchSwap` call can and will yield the exact same result.
*
* Each element in the array corresponds to the asset at the same index, and indicates the number of tokens (or ETH)
* the Vault would take from the sender (if positive) or send to the recipient (if negative). The arguments it
* receives are the same that an equivalent `batchSwap` call would receive.
*
* Unlike `batchSwap`, this function performs no checks on the sender or recipient field in the `funds` struct.
* This makes it suitable to be called by off-chain applications via eth_call without needing to hold tokens,
* approve them for the Vault, or even know a user's address.
*
* Note that this function is not 'view' (due to implementation details): the client code must explicitly execute
* eth_call instead of eth_sendTransaction.
*/
function queryBatchSwap(
SwapKind kind,
BatchSwapStep[] memory swaps,
IAsset[] memory assets,
FundManagement memory funds
) external returns (int256[] memory assetDeltas);
// Flash Loans
/**
* @dev Performs a 'flash loan', sending tokens to `recipient`, executing the `receiveFlashLoan` hook on it,
* and then reverting unless the tokens plus a proportional protocol fee have been returned.
*
* The `tokens` and `amounts` arrays must have the same length, and each entry in these indicates the loan amount
* for each token contract. `tokens` must be sorted in ascending order.
*
* The 'userData' field is ignored by the Vault, and forwarded as-is to `recipient` as part of the
* `receiveFlashLoan` call.
*
* Emits `FlashLoan` events.
*/
function flashLoan(
IFlashLoanRecipient recipient,
IERC20[] memory tokens,
uint256[] memory amounts,
bytes memory userData
) external;
/**
* @dev Emitted for each individual flash loan performed by `flashLoan`.
*/
event FlashLoan(IFlashLoanRecipient indexed recipient, IERC20 indexed token, uint256 amount, uint256 feeAmount);
// Asset Management
//
// Each token registered for a Pool can be assigned an Asset Manager, which is able to freely withdraw the Pool's
// tokens from the Vault, deposit them, or assign arbitrary values to its `managed` balance (see
// `getPoolTokenInfo`). This makes them extremely powerful and dangerous. Even if an Asset Manager only directly
// controls one of the tokens in a Pool, a malicious manager could set that token's balance to manipulate the
// prices of the other tokens, and then drain the Pool with swaps. The risk of using Asset Managers is therefore
// not constrained to the tokens they are managing, but extends to the entire Pool's holdings.
//
// However, a properly designed Asset Manager smart contract can be safely used for the Pool's benefit,
// for example by lending unused tokens out for interest, or using them to participate in voting protocols.
//
// This concept is unrelated to the IAsset interface.
/**
* @dev Performs a set of Pool balance operations, which may be either withdrawals, deposits or updates.
*
* Pool Balance management features batching, which means a single contract call can be used to perform multiple
* operations of different kinds, with different Pools and tokens, at once.
*
* For each operation, the caller must be registered as the Asset Manager for `token` in `poolId`.
*/
function managePoolBalance(PoolBalanceOp[] memory ops) external;
struct PoolBalanceOp {
PoolBalanceOpKind kind;
bytes32 poolId;
IERC20 token;
uint256 amount;
}
/**
* Withdrawals decrease the Pool's cash, but increase its managed balance, leaving the total balance unchanged.
*
* Deposits increase the Pool's cash, but decrease its managed balance, leaving the total balance unchanged.
*
* Updates don't affect the Pool's cash balance, but because the managed balance changes, it does alter the total.
* The external amount can be either increased or decreased by this call (i.e., reporting a gain or a loss).
*/
enum PoolBalanceOpKind { WITHDRAW, DEPOSIT, UPDATE }
/**
* @dev Emitted when a Pool's token Asset Manager alters its balance via `managePoolBalance`.
*/
event PoolBalanceManaged(
bytes32 indexed poolId,
address indexed assetManager,
IERC20 indexed token,
int256 cashDelta,
int256 managedDelta
);
// Protocol Fees
//
// Some operations cause the Vault to collect tokens in the form of protocol fees, which can then be withdrawn by
// permissioned accounts.
//
// There are two kinds of protocol fees:
//
// - flash loan fees: charged on all flash loans, as a percentage of the amounts lent.
//
// - swap fees: a percentage of the fees charged by Pools when performing swaps. For a number of reasons, including
// swap gas costs and interface simplicity, protocol swap fees are not charged on each individual swap. Rather,
// Pools are expected to keep track of how much they have charged in swap fees, and pay any outstanding debts to the
// Vault when they are joined or exited. This prevents users from joining a Pool with unpaid debt, as well as
// exiting a Pool in debt without first paying their share.
/**
* @dev Returns the current protocol fee module.
*/
function getProtocolFeesCollector() external view returns (IProtocolFeesCollector);
/**
* @dev Safety mechanism to pause most Vault operations in the event of an emergency - typically detection of an
* error in some part of the system.
*
* The Vault can only be paused during an initial time period, after which pausing is forever disabled.
*
* While the contract is paused, the following features are disabled:
* - depositing and transferring internal balance
* - transferring external balance (using the Vault's allowance)
* - swaps
* - joining Pools
* - Asset Manager interactions
*
* Internal Balance can still be withdrawn, and Pools exited.
*/
function setPaused(bool paused) external;
/**
* @dev Returns the Vault's WETH instance.
*/
function WETH() external view returns (IWETH);
// solhint-disable-previous-line func-name-mixedcase
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "./IVault.sol";
import "./IPoolSwapStructs.sol";
/**
* @dev Interface for adding and removing liquidity that all Pool contracts should implement. Note that this is not
* the complete Pool contract interface, as it is missing the swap hooks. Pool contracts should also inherit from
* either IGeneralPool or IMinimalSwapInfoPool
*/
interface IBasePool is IPoolSwapStructs {
/**
* @dev Called by the Vault when a user calls `IVault.joinPool` to add liquidity to this Pool. Returns how many of
* each registered token the user should provide, as well as the amount of protocol fees the Pool owes to the Vault.
* The Vault will then take tokens from `sender` and add them to the Pool's balances, as well as collect
* the reported amount in protocol fees, which the pool should calculate based on `protocolSwapFeePercentage`.
*
* Protocol fees are reported and charged on join events so that the Pool is free of debt whenever new users join.
*
* `sender` is the account performing the join (from which tokens will be withdrawn), and `recipient` is the account
* designated to receive any benefits (typically pool shares). `balances` contains the total balances
* for each token the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.
*
* `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total
* balance.
*
* `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of
* join (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)
*
* Contracts implementing this function should check that the caller is indeed the Vault before performing any
* state-changing operations, such as minting pool shares.
*/
function onJoinPool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData
) external returns (uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts);
/**
* @dev Called by the Vault when a user calls `IVault.exitPool` to remove liquidity from this Pool. Returns how many
* tokens the Vault should deduct from the Pool's balances, as well as the amount of protocol fees the Pool owes
* to the Vault. The Vault will then take tokens from the Pool's balances and send them to `recipient`,
* as well as collect the reported amount in protocol fees, which the Pool should calculate based on
* `protocolSwapFeePercentage`.
*
* Protocol fees are charged on exit events to guarantee that users exiting the Pool have paid their share.
*
* `sender` is the account performing the exit (typically the pool shareholder), and `recipient` is the account
* to which the Vault will send the proceeds. `balances` contains the total token balances for each token
* the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.
*
* `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total
* balance.
*
* `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of
* exit (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)
*
* Contracts implementing this function should check that the caller is indeed the Vault before performing any
* state-changing operations, such as burning pool shares.
*/
function onExitPool(
bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytes memory userData
) external returns (uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts);
function getPoolId() external view returns (bytes32);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/IERC20.sol";
interface IAssetManager {
/**
* @notice Emitted when asset manager is rebalanced
*/
event Rebalance(bytes32 poolId);
/**
* @notice Sets the config
*/
function setConfig(bytes32 poolId, bytes calldata config) external;
/**
* Note: No function to read the asset manager config is included in IAssetManager
* as the signature is expected to vary between asset manager implementations
*/
/**
* @notice Returns the asset manager's token
*/
function getToken() external view returns (IERC20);
/**
* @return the current assets under management of this asset manager
*/
function getAUM(bytes32 poolId) external view returns (uint256);
/**
* @return poolCash - The up-to-date cash balance of the pool
* @return poolManaged - The up-to-date managed balance of the pool
*/
function getPoolBalances(bytes32 poolId) external view returns (uint256 poolCash, uint256 poolManaged);
/**
* @return The difference in tokens between the target investment
* and the currently invested amount (i.e. the amount that can be invested)
*/
function maxInvestableBalance(bytes32 poolId) external view returns (int256);
/**
* @notice Updates the Vault on the value of the pool's investment returns
*/
function updateBalanceOfPool(bytes32 poolId) external;
/**
* @notice Determines whether the pool should rebalance given the provided balances
*/
function shouldRebalance(uint256 cash, uint256 managed) external view returns (bool);
/**
* @notice Rebalances funds between the pool and the asset manager to maintain target investment percentage.
* @param poolId - the poolId of the pool to be rebalanced
* @param force - a boolean representing whether a rebalance should be forced even when the pool is near balance
*/
function rebalance(bytes32 poolId, bool force) external;
/**
* @notice allows an authorized rebalancer to remove capital to facilitate large withdrawals
* @param poolId - the poolId of the pool to withdraw funds back to
* @param amount - the amount of tokens to withdraw back to the pool
*/
function capitalOut(bytes32 poolId, uint256 amount) external;
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/ERC20.sol";
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/ERC20Permit.sol";
import "@balancer-labs/v2-vault/contracts/interfaces/IVault.sol";
/**
* @title Highly opinionated token implementation
* @author Balancer Labs
* @dev
* - Includes functions to increase and decrease allowance as a workaround
* for the well-known issue with `approve`:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* - Allows for 'infinite allowance', where an allowance of 0xff..ff is not
* decreased by calls to transferFrom
* - Lets a token holder use `transferFrom` to send their own tokens,
* without first setting allowance
* - Emits 'Approval' events whenever allowance is changed by `transferFrom`
* - Assigns infinite allowance for all token holders to the Vault
*/
contract BalancerPoolToken is ERC20, ERC20Permit {
IVault private immutable _vault;
constructor(
string memory tokenName,
string memory tokenSymbol,
IVault vault
) ERC20(tokenName, tokenSymbol) ERC20Permit(tokenName) {
_vault = vault;
}
function getVault() public view returns (IVault) {
return _vault;
}
// Overrides
/**
* @dev Override to grant the Vault infinite allowance, causing for Pool Tokens to not require approval.
*
* This is sound as the Vault already provides authorization mechanisms when initiation token transfers, which this
* contract inherits.
*/
function allowance(address owner, address spender) public view override returns (uint256) {
if (spender == address(getVault())) {
return uint256(-1);
} else {
return super.allowance(owner, spender);
}
}
/**
* @dev Override to allow for 'infinite allowance' and let the token owner use `transferFrom` with no self-allowance
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) public override returns (bool) {
uint256 currentAllowance = allowance(sender, msg.sender);
_require(msg.sender == sender || currentAllowance >= amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE);
_transfer(sender, recipient, amount);
if (msg.sender != sender && currentAllowance != uint256(-1)) {
// Because of the previous require, we know that if msg.sender != sender then currentAllowance >= amount
_approve(sender, msg.sender, currentAllowance - amount);
}
return true;
}
/**
* @dev Override to allow decreasing allowance by more than the current amount (setting it to zero)
*/
function decreaseAllowance(address spender, uint256 amount) public override returns (bool) {
uint256 currentAllowance = allowance(msg.sender, spender);
if (amount >= currentAllowance) {
_approve(msg.sender, spender, 0);
} else {
// No risk of underflow due to if condition
_approve(msg.sender, spender, currentAllowance - amount);
}
return true;
}
// Internal functions
function _mintPoolTokens(address recipient, uint256 amount) internal {
_mint(recipient, amount);
}
function _burnPoolTokens(address sender, uint256 amount) internal {
_burn(sender, amount);
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "@balancer-labs/v2-solidity-utils/contracts/helpers/Authentication.sol";
import "@balancer-labs/v2-vault/contracts/interfaces/IAuthorizer.sol";
import "./BasePool.sol";
/**
* @dev Base authorization layer implementation for Pools.
*
* The owner account can call some of the permissioned functions - access control of the rest is delegated to the
* Authorizer. Note that this owner is immutable: more sophisticated permission schemes, such as multiple ownership,
* granular roles, etc., could be built on top of this by making the owner a smart contract.
*
* Access control of all other permissioned functions is delegated to an Authorizer. It is also possible to delegate
* control of *all* permissioned functions to the Authorizer by setting the owner address to `_DELEGATE_OWNER`.
*/
abstract contract BasePoolAuthorization is Authentication {
address private immutable _owner;
address private constant _DELEGATE_OWNER = 0xBA1BA1ba1BA1bA1bA1Ba1BA1ba1BA1bA1ba1ba1B;
constructor(address owner) {
_owner = owner;
}
function getOwner() public view returns (address) {
return _owner;
}
function getAuthorizer() external view returns (IAuthorizer) {
return _getAuthorizer();
}
function _canPerform(bytes32 actionId, address account) internal view override returns (bool) {
if ((getOwner() != _DELEGATE_OWNER) && _isOwnerOnlyAction(actionId)) {
// Only the owner can perform "owner only" actions, unless the owner is delegated.
return msg.sender == getOwner();
} else {
// Non-owner actions are always processed via the Authorizer, as "owner only" ones are when delegated.
return _getAuthorizer().canPerform(actionId, account, address(this));
}
}
function _isOwnerOnlyAction(bytes32 actionId) internal view virtual returns (bool);
function _getAuthorizer() internal view virtual returns (IAuthorizer);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
/**
* @dev Interface for the TemporarilyPausable helper.
*/
interface ITemporarilyPausable {
/**
* @dev Emitted every time the pause state changes by `_setPaused`.
*/
event PausedStateChanged(bool paused);
/**
* @dev Returns the current paused state.
*/
function getPausedState()
external
view
returns (
bool paused,
uint256 pauseWindowEndTime,
uint256 bufferPeriodEndTime
);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
import "../helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, Errors.SUB_OVERFLOW);
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b, uint256 errorCode) internal pure returns (uint256) {
_require(b <= a, errorCode);
uint256 c = a - b;
return c;
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
/**
* @dev Interface for the SignatureValidator helper, used to support meta-transactions.
*/
interface ISignaturesValidator {
/**
* @dev Returns the EIP712 domain separator.
*/
function getDomainSeparator() external view returns (bytes32);
/**
* @dev Returns the next nonce used by an address to sign messages.
*/
function getNextNonce(address user) external view returns (uint256);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "../openzeppelin/IERC20.sol";
/**
* @dev Interface for WETH9.
* See https://github.com/gnosis/canonical-weth/blob/0dd1ea3e295eef916d0c6223ec63141137d22d67/contracts/WETH9.sol
*/
interface IWETH is IERC20 {
function deposit() external payable;
function withdraw(uint256 amount) external;
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
/**
* @dev This is an empty interface used to represent either ERC20-conforming token contracts or ETH (using the zero
* address sentinel value). We're just relying on the fact that `interface` can be used to declare new address-like
* types.
*
* This concept is unrelated to a Pool's Asset Managers.
*/
interface IAsset {
// solhint-disable-previous-line no-empty-blocks
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
interface IAuthorizer {
/**
* @dev Returns true if `account` can perform the action described by `actionId` in the contract `where`.
*/
function canPerform(
bytes32 actionId,
address account,
address where
) external view returns (bool);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
// Inspired by Aave Protocol's IFlashLoanReceiver.
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/IERC20.sol";
interface IFlashLoanRecipient {
/**
* @dev When `flashLoan` is called on the Vault, it invokes the `receiveFlashLoan` hook on the recipient.
*
* At the time of the call, the Vault will have transferred `amounts` for `tokens` to the recipient. Before this
* call returns, the recipient must have transferred `amounts` plus `feeAmounts` for each token back to the
* Vault, or else the entire flash loan will revert.
*
* `userData` is the same value passed in the `IVault.flashLoan` call.
*/
function receiveFlashLoan(
IERC20[] memory tokens,
uint256[] memory amounts,
uint256[] memory feeAmounts,
bytes memory userData
) external;
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/IERC20.sol";
import "./IVault.sol";
import "./IAuthorizer.sol";
interface IProtocolFeesCollector {
event SwapFeePercentageChanged(uint256 newSwapFeePercentage);
event FlashLoanFeePercentageChanged(uint256 newFlashLoanFeePercentage);
function withdrawCollectedFees(
IERC20[] calldata tokens,
uint256[] calldata amounts,
address recipient
) external;
function setSwapFeePercentage(uint256 newSwapFeePercentage) external;
function setFlashLoanFeePercentage(uint256 newFlashLoanFeePercentage) external;
function getSwapFeePercentage() external view returns (uint256);
function getFlashLoanFeePercentage() external view returns (uint256);
function getCollectedFeeAmounts(IERC20[] memory tokens) external view returns (uint256[] memory feeAmounts);
function getAuthorizer() external view returns (IAuthorizer);
function vault() external view returns (IVault);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "@balancer-labs/v2-solidity-utils/contracts/openzeppelin/IERC20.sol";
import "./IVault.sol";
interface IPoolSwapStructs {
// This is not really an interface - it just defines common structs used by other interfaces: IGeneralPool and
// IMinimalSwapInfoPool.
//
// This data structure represents a request for a token swap, where `kind` indicates the swap type ('given in' or
// 'given out') which indicates whether or not the amount sent by the pool is known.
//
// The pool receives `tokenIn` and sends `tokenOut`. `amount` is the number of `tokenIn` tokens the pool will take
// in, or the number of `tokenOut` tokens the Pool will send out, depending on the given swap `kind`.
//
// All other fields are not strictly necessary for most swaps, but are provided to support advanced scenarios in
// some Pools.
//
// `poolId` is the ID of the Pool involved in the swap - this is useful for Pool contracts that implement more than
// one Pool.
//
// The meaning of `lastChangeBlock` depends on the Pool specialization:
// - Two Token or Minimal Swap Info: the last block in which either `tokenIn` or `tokenOut` changed its total
// balance.
// - General: the last block in which *any* of the Pool's registered tokens changed its total balance.
//
// `from` is the origin address for the funds the Pool receives, and `to` is the destination address
// where the Pool sends the outgoing tokens.
//
// `userData` is extra data provided by the caller - typically a signature from a trusted party.
struct SwapRequest {
IVault.SwapKind kind;
IERC20 tokenIn;
IERC20 tokenOut;
uint256 amount;
// Misc data
bytes32 poolId;
uint256 lastChangeBlock;
address from;
address to;
bytes userData;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
import "./ERC20.sol";
import "./IERC20Permit.sol";
import "./EIP712.sol";
/**
* @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* _Available since v3.4._
*/
abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712 {
mapping(address => uint256) private _nonces;
// solhint-disable-next-line var-name-mixedcase
bytes32 private immutable _PERMIT_TYPEHASH =
keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC20 token name.
*/
constructor(string memory name) EIP712(name, "1") {}
/**
* @dev See {IERC20Permit-permit}.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual override {
// solhint-disable-next-line not-rely-on-time
_require(block.timestamp <= deadline, Errors.EXPIRED_PERMIT);
uint256 nonce = _nonces[owner];
bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, value, nonce, deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ecrecover(hash, v, r, s);
_require((signer != address(0)) && (signer == owner), Errors.INVALID_SIGNATURE);
_nonces[owner] = nonce + 1;
_approve(owner, spender, value);
}
/**
* @dev See {IERC20Permit-nonces}.
*/
function nonces(address owner) public view override returns (uint256) {
return _nonces[owner];
}
/**
* @dev See {IERC20Permit-DOMAIN_SEPARATOR}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view override returns (bytes32) {
return _domainSeparatorV4();
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over `owner`'s tokens,
* given `owner`'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for `permit`, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* _Available since v3.4._
*/
abstract contract EIP712 {
/* solhint-disable var-name-mixedcase */
bytes32 private immutable _HASHED_NAME;
bytes32 private immutable _HASHED_VERSION;
bytes32 private immutable _TYPE_HASH;
/* solhint-enable var-name-mixedcase */
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
constructor(string memory name, string memory version) {
_HASHED_NAME = keccak256(bytes(name));
_HASHED_VERSION = keccak256(bytes(version));
_TYPE_HASH = keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view virtual returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, _getChainId(), address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return keccak256(abi.encodePacked("\x19\x01", _domainSeparatorV4(), structHash));
}
function _getChainId() private view returns (uint256 chainId) {
// Silence state mutability warning without generating bytecode.
// See https://github.com/ethereum/solidity/issues/10090#issuecomment-741789128 and
// https://github.com/ethereum/solidity/issues/2691
this;
// solhint-disable-next-line no-inline-assembly
assembly {
chainId := chainid()
}
}
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
import "./BalancerErrors.sol";
import "./IAuthentication.sol";
/**
* @dev Building block for performing access control on external functions.
*
* This contract is used via the `authenticate` modifier (or the `_authenticateCaller` function), which can be applied
* to external functions to only make them callable by authorized accounts.
*
* Derived contracts must implement the `_canPerform` function, which holds the actual access control logic.
*/
abstract contract Authentication is IAuthentication {
bytes32 private immutable _actionIdDisambiguator;
/**
* @dev The main purpose of the `actionIdDisambiguator` is to prevent accidental function selector collisions in
* multi contract systems.
*
* There are two main uses for it:
* - if the contract is a singleton, any unique identifier can be used to make the associated action identifiers
* unique. The contract's own address is a good option.
* - if the contract belongs to a family that shares action identifiers for the same functions, an identifier
* shared by the entire family (and no other contract) should be used instead.
*/
constructor(bytes32 actionIdDisambiguator) {
_actionIdDisambiguator = actionIdDisambiguator;
}
/**
* @dev Reverts unless the caller is allowed to call this function. Should only be applied to external functions.
*/
modifier authenticate() {
_authenticateCaller();
_;
}
/**
* @dev Reverts unless the caller is allowed to call the entry point function.
*/
function _authenticateCaller() internal view {
bytes32 actionId = getActionId(msg.sig);
_require(_canPerform(actionId, msg.sender), Errors.SENDER_NOT_ALLOWED);
}
function getActionId(bytes4 selector) public view override returns (bytes32) {
// Each external function is dynamically assigned an action identifier as the hash of the disambiguator and the
// function selector. Disambiguation is necessary to avoid potential collisions in the function selectors of
// multiple contracts.
return keccak256(abi.encodePacked(_actionIdDisambiguator, selector));
}
function _canPerform(bytes32 actionId, address user) internal view virtual returns (bool);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
interface IAuthentication {
/**
* @dev Returns the action identifier associated with the external function described by `selector`.
*/
function getActionId(bytes4 selector) external view returns (bytes32);
}// SPDX-License-Identifier: GPL-3.0-or-later
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import "@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import "@balancer-labs/v2-pool-utils/contracts/BaseMinimalSwapInfoPool.sol";
import "./WeightedMath.sol";
import "./WeightedPoolUserDataHelpers.sol";
/**
* @dev Base class for WeightedPools containing swap, join and exit logic, but leaving storage and management of
* the weights to subclasses. Derived contracts can choose to make weights immutable, mutable, or even dynamic
* based on local or external logic.
*/
abstract contract BaseWeightedPool is BaseMinimalSwapInfoPool {
using FixedPoint for uint256;
using WeightedPoolUserDataHelpers for bytes;
uint256 private _lastInvariant;
// For backwards compatibility, make sure new join and exit kinds are added at the end of the enum.
enum JoinKind { INIT, EXACT_TOKENS_IN_FOR_BPT_OUT, TOKEN_IN_FOR_EXACT_BPT_OUT, ALL_TOKENS_IN_FOR_EXACT_BPT_OUT }
enum ExitKind {
EXACT_BPT_IN_FOR_ONE_TOKEN_OUT,
EXACT_BPT_IN_FOR_TOKENS_OUT,
BPT_IN_FOR_EXACT_TOKENS_OUT,
MANAGEMENT_FEE_TOKENS_OUT // for InvestmentPool
}
constructor(
IVault vault,
string memory name,
string memory symbol,
IERC20[] memory tokens,
address[] memory assetManagers,
uint256 swapFeePercentage,
uint256 pauseWindowDuration,
uint256 bufferPeriodDuration,
address owner
)
BasePool(
vault,
// Given BaseMinimalSwapInfoPool supports both of these specializations, and this Pool never registers or
// deregisters any tokens after construction, picking Two Token when the Pool only has two tokens is free
// gas savings.
tokens.length == 2 ? IVault.PoolSpecialization.TWO_TOKEN : IVault.PoolSpecialization.MINIMAL_SWAP_INFO,
name,
symbol,
tokens,
assetManagers,
swapFeePercentage,
pauseWindowDuration,
bufferPeriodDuration,
owner
)
{
// solhint-disable-previous-line no-empty-blocks
}
// Virtual functions
/**
* @dev Returns the normalized weight of `token`. Weights are fixed point numbers that sum to FixedPoint.ONE.
*/
function _getNormalizedWeight(IERC20 token) internal view virtual returns (uint256);
/**
* @dev Returns all normalized weights, in the same order as the Pool's tokens.
*/
function _getNormalizedWeights() internal view virtual returns (uint256[] memory);
/**
* @dev Returns all normalized weights, in the same order as the Pool's tokens, along with the index of the token
* with the highest weight.
*/
function _getNormalizedWeightsAndMaxWeightIndex() internal view virtual returns (uint256[] memory, uint256);
function getLastInvariant() public view virtual returns (uint256) {
return _lastInvariant;
}
/**
* @dev Returns the current value of the invariant.
*/
function getInvariant() public view returns (uint256) {
(, uint256[] memory balances, ) = getVault().getPoolTokens(getPoolId());
// Since the Pool hooks always work with upscaled balances, we manually
// upscale here for consistency
_upscaleArray(balances, _scalingFactors());
(uint256[] memory normalizedWeights, ) = _getNormalizedWeightsAndMaxWeightIndex();
return WeightedMath._calculateInvariant(normalizedWeights, balances);
}
function getNormalizedWeights() external view returns (uint256[] memory) {
return _getNormalizedWeights();
}
// Base Pool handlers
// Swap
function _onSwapGivenIn(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) internal view virtual override whenNotPaused returns (uint256) {
// Swaps are disabled while the contract is paused.
return
WeightedMath._calcOutGivenIn(
currentBalanceTokenIn,
_getNormalizedWeight(swapRequest.tokenIn),
currentBalanceTokenOut,
_getNormalizedWeight(swapRequest.tokenOut),
swapRequest.amount
);
}
function _onSwapGivenOut(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) internal view virtual override whenNotPaused returns (uint256) {
// Swaps are disabled while the contract is paused.
return
WeightedMath._calcInGivenOut(
currentBalanceTokenIn,
_getNormalizedWeight(swapRequest.tokenIn),
currentBalanceTokenOut,
_getNormalizedWeight(swapRequest.tokenOut),
swapRequest.amount
);
}
// Initialize
function _onInitializePool(
bytes32,
address,
address,
uint256[] memory scalingFactors,
bytes memory userData
) internal virtual override whenNotPaused returns (uint256, uint256[] memory) {
// It would be strange for the Pool to be paused before it is initialized, but for consistency we prevent
// initialization in this case.
JoinKind kind = userData.joinKind();
_require(kind == JoinKind.INIT, Errors.UNINITIALIZED);
uint256[] memory amountsIn = userData.initialAmountsIn();
InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);
_upscaleArray(amountsIn, scalingFactors);
(uint256[] memory normalizedWeights, ) = _getNormalizedWeightsAndMaxWeightIndex();
uint256 invariantAfterJoin = WeightedMath._calculateInvariant(normalizedWeights, amountsIn);
// Set the initial BPT to the value of the invariant times the number of tokens. This makes BPT supply more
// consistent in Pools with similar compositions but different number of tokens.
uint256 bptAmountOut = Math.mul(invariantAfterJoin, _getTotalTokens());
_lastInvariant = invariantAfterJoin;
return (bptAmountOut, amountsIn);
}
// Join
function _onJoinPool(
bytes32,
address,
address,
uint256[] memory balances,
uint256,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytes memory userData
)
internal
virtual
override
whenNotPaused
returns (
uint256,
uint256[] memory,
uint256[] memory
)
{
// All joins are disabled while the contract is paused.
(uint256[] memory normalizedWeights, uint256 maxWeightTokenIndex) = _getNormalizedWeightsAndMaxWeightIndex();
// Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous join
// or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids spending gas
// computing them on each individual swap
uint256 invariantBeforeJoin = WeightedMath._calculateInvariant(normalizedWeights, balances);
uint256[] memory dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(
balances,
normalizedWeights,
maxWeightTokenIndex,
_lastInvariant,
invariantBeforeJoin,
protocolSwapFeePercentage
);
// Update current balances by subtracting the protocol fee amounts
_mutateAmounts(balances, dueProtocolFeeAmounts, FixedPoint.sub);
(uint256 bptAmountOut, uint256[] memory amountsIn) = _doJoin(
balances,
normalizedWeights,
scalingFactors,
userData
);
// Update the invariant with the balances the Pool will have after the join, in order to compute the
// protocol swap fee amounts due in future joins and exits.
_lastInvariant = _invariantAfterJoin(balances, amountsIn, normalizedWeights);
return (bptAmountOut, amountsIn, dueProtocolFeeAmounts);
}
function _doJoin(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) internal returns (uint256, uint256[] memory) {
JoinKind kind = userData.joinKind();
if (kind == JoinKind.EXACT_TOKENS_IN_FOR_BPT_OUT) {
return _joinExactTokensInForBPTOut(balances, normalizedWeights, scalingFactors, userData);
} else if (kind == JoinKind.TOKEN_IN_FOR_EXACT_BPT_OUT) {
return _joinTokenInForExactBPTOut(balances, normalizedWeights, userData);
} else if (kind == JoinKind.ALL_TOKENS_IN_FOR_EXACT_BPT_OUT) {
return _joinAllTokensInForExactBPTOut(balances, userData);
} else {
_revert(Errors.UNHANDLED_JOIN_KIND);
}
}
function _joinExactTokensInForBPTOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) private returns (uint256, uint256[] memory) {
(uint256[] memory amountsIn, uint256 minBPTAmountOut) = userData.exactTokensInForBptOut();
InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);
_upscaleArray(amountsIn, scalingFactors);
(uint256 bptAmountOut, uint256[] memory swapFees) = WeightedMath._calcBptOutGivenExactTokensIn(
balances,
normalizedWeights,
amountsIn,
totalSupply(),
getSwapFeePercentage()
);
// Note that swapFees is already upscaled
_processSwapFeeAmounts(swapFees);
_require(bptAmountOut >= minBPTAmountOut, Errors.BPT_OUT_MIN_AMOUNT);
return (bptAmountOut, amountsIn);
}
function _joinTokenInForExactBPTOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
bytes memory userData
) private returns (uint256, uint256[] memory) {
(uint256 bptAmountOut, uint256 tokenIndex) = userData.tokenInForExactBptOut();
// Note that there is no maximum amountIn parameter: this is handled by `IVault.joinPool`.
_require(tokenIndex < _getTotalTokens(), Errors.OUT_OF_BOUNDS);
(uint256 amountIn, uint256 swapFee) = WeightedMath._calcTokenInGivenExactBptOut(
balances[tokenIndex],
normalizedWeights[tokenIndex],
bptAmountOut,
totalSupply(),
getSwapFeePercentage()
);
// Note that swapFee is already upscaled
_processSwapFeeAmount(tokenIndex, swapFee);
// We join in a single token, so we initialize amountsIn with zeros
uint256[] memory amountsIn = new uint256[](_getTotalTokens());
// And then assign the result to the selected token
amountsIn[tokenIndex] = amountIn;
return (bptAmountOut, amountsIn);
}
function _joinAllTokensInForExactBPTOut(uint256[] memory balances, bytes memory userData)
private
view
returns (uint256, uint256[] memory)
{
uint256 bptAmountOut = userData.allTokensInForExactBptOut();
// Note that there is no maximum amountsIn parameter: this is handled by `IVault.joinPool`.
uint256[] memory amountsIn = WeightedMath._calcAllTokensInGivenExactBptOut(
balances,
bptAmountOut,
totalSupply()
);
return (bptAmountOut, amountsIn);
}
// Exit
function _onExitPool(
bytes32,
address,
address,
uint256[] memory balances,
uint256,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytes memory userData
)
internal
virtual
override
returns (
uint256 bptAmountIn,
uint256[] memory amountsOut,
uint256[] memory dueProtocolFeeAmounts
)
{
(uint256[] memory normalizedWeights, uint256 maxWeightTokenIndex) = _getNormalizedWeightsAndMaxWeightIndex();
// Exits are not completely disabled while the contract is paused: proportional exits (exact BPT in for tokens
// out) remain functional.
if (_isNotPaused()) {
// Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous
// join or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids
// spending gas calculating the fees on each individual swap.
uint256 invariantBeforeExit = WeightedMath._calculateInvariant(normalizedWeights, balances);
dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(
balances,
normalizedWeights,
maxWeightTokenIndex,
_lastInvariant,
invariantBeforeExit,
protocolSwapFeePercentage
);
// Update current balances by subtracting the protocol fee amounts
_mutateAmounts(balances, dueProtocolFeeAmounts, FixedPoint.sub);
} else {
// If the contract is paused, swap protocol fee amounts are not charged to avoid extra calculations and
// reduce the potential for errors.
dueProtocolFeeAmounts = new uint256[](_getTotalTokens());
}
(bptAmountIn, amountsOut) = _doExit(balances, normalizedWeights, scalingFactors, userData);
// Update the invariant with the balances the Pool will have after the exit, in order to compute the
// protocol swap fees due in future joins and exits.
_lastInvariant = _invariantAfterExit(balances, amountsOut, normalizedWeights);
return (bptAmountIn, amountsOut, dueProtocolFeeAmounts);
}
function _doExit(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) internal returns (uint256, uint256[] memory) {
ExitKind kind = userData.exitKind();
if (kind == ExitKind.EXACT_BPT_IN_FOR_ONE_TOKEN_OUT) {
return _exitExactBPTInForTokenOut(balances, normalizedWeights, userData);
} else if (kind == ExitKind.EXACT_BPT_IN_FOR_TOKENS_OUT) {
return _exitExactBPTInForTokensOut(balances, userData);
} else if (kind == ExitKind.BPT_IN_FOR_EXACT_TOKENS_OUT) {
return _exitBPTInForExactTokensOut(balances, normalizedWeights, scalingFactors, userData);
} else {
_revert(Errors.UNHANDLED_EXIT_KIND);
}
}
function _exitExactBPTInForTokenOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
bytes memory userData
) private whenNotPaused returns (uint256, uint256[] memory) {
// This exit function is disabled if the contract is paused.
(uint256 bptAmountIn, uint256 tokenIndex) = userData.exactBptInForTokenOut();
// Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.
_require(tokenIndex < _getTotalTokens(), Errors.OUT_OF_BOUNDS);
(uint256 amountOut, uint256 swapFee) = WeightedMath._calcTokenOutGivenExactBptIn(
balances[tokenIndex],
normalizedWeights[tokenIndex],
bptAmountIn,
totalSupply(),
getSwapFeePercentage()
);
// This is an exceptional situation in which the fee is charged on a token out instead of a token in.
// Note that swapFee is already upscaled.
_processSwapFeeAmount(tokenIndex, swapFee);
// We exit in a single token, so we initialize amountsOut with zeros
uint256[] memory amountsOut = new uint256[](_getTotalTokens());
// And then assign the result to the selected token
amountsOut[tokenIndex] = amountOut;
return (bptAmountIn, amountsOut);
}
function _exitExactBPTInForTokensOut(uint256[] memory balances, bytes memory userData)
private
view
returns (uint256, uint256[] memory)
{
// This exit function is the only one that is not disabled if the contract is paused: it remains unrestricted
// in an attempt to provide users with a mechanism to retrieve their tokens in case of an emergency.
// This particular exit function is the only one that remains available because it is the simplest one, and
// therefore the one with the lowest likelihood of errors.
uint256 bptAmountIn = userData.exactBptInForTokensOut();
// Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.
uint256[] memory amountsOut = WeightedMath._calcTokensOutGivenExactBptIn(balances, bptAmountIn, totalSupply());
return (bptAmountIn, amountsOut);
}
function _exitBPTInForExactTokensOut(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256[] memory scalingFactors,
bytes memory userData
) private whenNotPaused returns (uint256, uint256[] memory) {
// This exit function is disabled if the contract is paused.
(uint256[] memory amountsOut, uint256 maxBPTAmountIn) = userData.bptInForExactTokensOut();
InputHelpers.ensureInputLengthMatch(amountsOut.length, _getTotalTokens());
_upscaleArray(amountsOut, scalingFactors);
(uint256 bptAmountIn, uint256[] memory swapFees) = WeightedMath._calcBptInGivenExactTokensOut(
balances,
normalizedWeights,
amountsOut,
totalSupply(),
getSwapFeePercentage()
);
_require(bptAmountIn <= maxBPTAmountIn, Errors.BPT_IN_MAX_AMOUNT);
// This is an exceptional situation in which the fee is charged on a token out instead of a token in.
// Note that swapFee is already upscaled.
_processSwapFeeAmounts(swapFees);
return (bptAmountIn, amountsOut);
}
// Helpers
function _getDueProtocolFeeAmounts(
uint256[] memory balances,
uint256[] memory normalizedWeights,
uint256 maxWeightTokenIndex,
uint256 previousInvariant,
uint256 currentInvariant,
uint256 protocolSwapFeePercentage
) private view returns (uint256[] memory) {
// Initialize with zeros
uint256[] memory dueProtocolFeeAmounts = new uint256[](_getTotalTokens());
// Early return if the protocol swap fee percentage is zero, saving gas.
if (protocolSwapFeePercentage == 0) {
return dueProtocolFeeAmounts;
}
// The protocol swap fees are always paid using the token with the largest weight in the Pool. As this is the
// token that is expected to have the largest balance, using it to pay fees should not unbalance the Pool.
dueProtocolFeeAmounts[maxWeightTokenIndex] = WeightedMath._calcDueTokenProtocolSwapFeeAmount(
balances[maxWeightTokenIndex],
normalizedWeights[maxWeightTokenIndex],
previousInvariant,
currentInvariant,
protocolSwapFeePercentage
);
return dueProtocolFeeAmounts;
}
/**
* @dev Returns the value of the invariant given `balances`, assuming they are increased by `amountsIn`. All
* amounts are expected to be upscaled.
*/
function _invariantAfterJoin(
uint256[] memory balances,
uint256[] memory amountsIn,
uint256[] memory normalizedWeights
) private view returns (uint256) {
_mutateAmounts(balances, amountsIn, FixedPoint.add);
return WeightedMath._calculateInvariant(normalizedWeights, balances);
}
function _invariantAfterExit(
uint256[] memory balances,
uint256[] memory amountsOut,
uint256[] memory normalizedWeights
) private view returns (uint256) {
_mutateAmounts(balances, amountsOut, FixedPoint.sub);
return WeightedMath._calculateInvariant(normalizedWeights, balances);
}
/**
* @dev Mutates `amounts` by applying `mutation` with each entry in `arguments`.
*
* Equivalent to `amounts = amounts.map(mutation)`.
*/
function _mutateAmounts(
uint256[] memory toMutate,
uint256[] memory arguments,
function(uint256, uint256) pure returns (uint256) mutation
) private view {
for (uint256 i = 0; i < _getTotalTokens(); ++i) {
toMutate[i] = mutation(toMutate[i], arguments[i]);
}
}
/**
* @dev This function returns the appreciation of one BPT relative to the
* underlying tokens. This starts at 1 when the pool is created and grows over time
*/
function getRate() public view returns (uint256) {
// The initial BPT supply is equal to the invariant times the number of tokens.
return Math.mul(getInvariant(), _getTotalTokens()).divDown(totalSupply());
}
}// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity 0.7.6;
pragma experimental ABIEncoderV2;
interface ICappedLiquidity {
event CapParamsUpdated(CapParams params);
event CapManagerUpdated(address capManager);
struct CapParams {
bool capEnabled;
uint120 perAddressCap;
uint128 globalCap;
}
function setCapParams(CapParams memory params) external;
function capParams() external view returns (CapParams memory);
function capManager() external view returns (address);
}// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.7.0;
interface ILocallyPausable {
event PausedLocally();
event UnpausedLocally();
event PauseManagerChanged(address oldPauseManager, address newPauseManager);
/// @notice Changes the account that is allowed to pause a pool.
function changePauseManager(address _pauseManager) external;
/// @notice Pauses the pool.
/// Can only be called by the pause manager.
function pause() external;
/// @notice Unpauses the pool.
/// Can only be called by the pause manager.
function unpause() external;
}{
"optimizer": {
"enabled": true,
"runs": 200
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"libraries": {}
}Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
[{"inputs":[{"components":[{"internalType":"contract IVault","name":"vault","type":"address"},{"internalType":"address","name":"configAddress","type":"address"},{"components":[{"internalType":"string","name":"name","type":"string"},{"internalType":"string","name":"symbol","type":"string"},{"internalType":"contract IERC20[]","name":"tokens","type":"address[]"},{"internalType":"uint256","name":"swapFeePercentage","type":"uint256"},{"internalType":"uint256","name":"root3Alpha","type":"uint256"},{"internalType":"address","name":"owner","type":"address"},{"internalType":"address","name":"capManager","type":"address"},{"components":[{"internalType":"bool","name":"capEnabled","type":"bool"},{"internalType":"uint120","name":"perAddressCap","type":"uint120"},{"internalType":"uint128","name":"globalCap","type":"uint128"}],"internalType":"struct ICappedLiquidity.CapParams","name":"capParams","type":"tuple"},{"internalType":"address","name":"pauseManager","type":"address"}],"internalType":"struct Gyro3CLPPool.NewPoolConfigParams","name":"config","type":"tuple"},{"internalType":"uint256","name":"pauseWindowDuration","type":"uint256"},{"internalType":"uint256","name":"bufferPeriodDuration","type":"uint256"}],"internalType":"struct Gyro3CLPPool.NewPoolParams","name":"params","type":"tuple"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"owner","type":"address"},{"indexed":true,"internalType":"address","name":"spender","type":"address"},{"indexed":false,"internalType":"uint256","name":"value","type":"uint256"}],"name":"Approval","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"capManager","type":"address"}],"name":"CapManagerUpdated","type":"event"},{"anonymous":false,"inputs":[{"components":[{"internalType":"bool","name":"capEnabled","type":"bool"},{"internalType":"uint120","name":"perAddressCap","type":"uint120"},{"internalType":"uint128","name":"globalCap","type":"uint128"}],"indexed":false,"internalType":"struct ICappedLiquidity.CapParams","name":"params","type":"tuple"}],"name":"CapParamsUpdated","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"oldPauseManager","type":"address"},{"indexed":false,"internalType":"address","name":"newPauseManager","type":"address"}],"name":"PauseManagerChanged","type":"event"},{"anonymous":false,"inputs":[],"name":"PausedLocally","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bool","name":"paused","type":"bool"}],"name":"PausedStateChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"swapFeePercentage","type":"uint256"}],"name":"SwapFeePercentageChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"from","type":"address"},{"indexed":true,"internalType":"address","name":"to","type":"address"},{"indexed":false,"internalType":"uint256","name":"value","type":"uint256"}],"name":"Transfer","type":"event"},{"anonymous":false,"inputs":[],"name":"UnpausedLocally","type":"event"},{"inputs":[],"name":"DOMAIN_SEPARATOR","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"owner","type":"address"},{"internalType":"address","name":"spender","type":"address"}],"name":"allowance","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"spender","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"approve","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"balanceOf","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"capManager","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"capParams","outputs":[{"components":[{"internalType":"bool","name":"capEnabled","type":"bool"},{"internalType":"uint120","name":"perAddressCap","type":"uint120"},{"internalType":"uint128","name":"globalCap","type":"uint128"}],"internalType":"struct ICappedLiquidity.CapParams","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_pauseManager","type":"address"}],"name":"changePauseManager","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"decimals","outputs":[{"internalType":"uint8","name":"","type":"uint8"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"spender","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"decreaseAllowance","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes4","name":"selector","type":"bytes4"}],"name":"getActionId","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getAuthorizer","outputs":[{"internalType":"contract IAuthorizer","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getInvariant","outputs":[{"internalType":"uint256","name":"invariant","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getLastInvariant","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getNormalizedWeights","outputs":[{"internalType":"uint256[]","name":"","type":"uint256[]"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getPausedState","outputs":[{"internalType":"bool","name":"paused","type":"bool"},{"internalType":"uint256","name":"pauseWindowEndTime","type":"uint256"},{"internalType":"uint256","name":"bufferPeriodEndTime","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getPoolId","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getRate","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getRoot3Alpha","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getScalingFactors","outputs":[{"internalType":"uint256[]","name":"","type":"uint256[]"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getSwapFeePercentage","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getVault","outputs":[{"internalType":"contract IVault","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"gyroConfig","outputs":[{"internalType":"contract IGyroConfig","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"spender","type":"address"},{"internalType":"uint256","name":"addedValue","type":"uint256"}],"name":"increaseAllowance","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"name","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"owner","type":"address"}],"name":"nonces","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"poolId","type":"bytes32"},{"internalType":"address","name":"sender","type":"address"},{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256[]","name":"balances","type":"uint256[]"},{"internalType":"uint256","name":"lastChangeBlock","type":"uint256"},{"internalType":"uint256","name":"protocolSwapFeePercentage","type":"uint256"},{"internalType":"bytes","name":"userData","type":"bytes"}],"name":"onExitPool","outputs":[{"internalType":"uint256[]","name":"","type":"uint256[]"},{"internalType":"uint256[]","name":"","type":"uint256[]"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"poolId","type":"bytes32"},{"internalType":"address","name":"sender","type":"address"},{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256[]","name":"balances","type":"uint256[]"},{"internalType":"uint256","name":"lastChangeBlock","type":"uint256"},{"internalType":"uint256","name":"protocolSwapFeePercentage","type":"uint256"},{"internalType":"bytes","name":"userData","type":"bytes"}],"name":"onJoinPool","outputs":[{"internalType":"uint256[]","name":"","type":"uint256[]"},{"internalType":"uint256[]","name":"","type":"uint256[]"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"components":[{"internalType":"enum IVault.SwapKind","name":"kind","type":"uint8"},{"internalType":"contract IERC20","name":"tokenIn","type":"address"},{"internalType":"contract IERC20","name":"tokenOut","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"bytes32","name":"poolId","type":"bytes32"},{"internalType":"uint256","name":"lastChangeBlock","type":"uint256"},{"internalType":"address","name":"from","type":"address"},{"internalType":"address","name":"to","type":"address"},{"internalType":"bytes","name":"userData","type":"bytes"}],"internalType":"struct IPoolSwapStructs.SwapRequest","name":"request","type":"tuple"},{"internalType":"uint256","name":"balanceTokenIn","type":"uint256"},{"internalType":"uint256","name":"balanceTokenOut","type":"uint256"}],"name":"onSwap","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"pause","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"pauseManager","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"owner","type":"address"},{"internalType":"address","name":"spender","type":"address"},{"internalType":"uint256","name":"value","type":"uint256"},{"internalType":"uint256","name":"deadline","type":"uint256"},{"internalType":"uint8","name":"v","type":"uint8"},{"internalType":"bytes32","name":"r","type":"bytes32"},{"internalType":"bytes32","name":"s","type":"bytes32"}],"name":"permit","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"poolId","type":"bytes32"},{"internalType":"address","name":"sender","type":"address"},{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256[]","name":"balances","type":"uint256[]"},{"internalType":"uint256","name":"lastChangeBlock","type":"uint256"},{"internalType":"uint256","name":"protocolSwapFeePercentage","type":"uint256"},{"internalType":"bytes","name":"userData","type":"bytes"}],"name":"queryExit","outputs":[{"internalType":"uint256","name":"bptIn","type":"uint256"},{"internalType":"uint256[]","name":"amountsOut","type":"uint256[]"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"poolId","type":"bytes32"},{"internalType":"address","name":"sender","type":"address"},{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256[]","name":"balances","type":"uint256[]"},{"internalType":"uint256","name":"lastChangeBlock","type":"uint256"},{"internalType":"uint256","name":"protocolSwapFeePercentage","type":"uint256"},{"internalType":"bytes","name":"userData","type":"bytes"}],"name":"queryJoin","outputs":[{"internalType":"uint256","name":"bptOut","type":"uint256"},{"internalType":"uint256[]","name":"amountsIn","type":"uint256[]"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"contract IERC20","name":"token","type":"address"},{"internalType":"bytes","name":"poolConfig","type":"bytes"}],"name":"setAssetManagerPoolConfig","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_capManager","type":"address"}],"name":"setCapManager","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"components":[{"internalType":"bool","name":"capEnabled","type":"bool"},{"internalType":"uint120","name":"perAddressCap","type":"uint120"},{"internalType":"uint128","name":"globalCap","type":"uint128"}],"internalType":"struct ICappedLiquidity.CapParams","name":"params","type":"tuple"}],"name":"setCapParams","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bool","name":"paused","type":"bool"}],"name":"setPaused","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"swapFeePercentage","type":"uint256"}],"name":"setSwapFeePercentage","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"symbol","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"totalSupply","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"transfer","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"sender","type":"address"},{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"transferFrom","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"unpause","outputs":[],"stateMutability":"nonpayable","type":"function"}]Contract Creation Code
6102a06040527f6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9610120523480156200003757600080fd5b50604051620058ee380380620058ee8339810160408190526200005a9162000c97565b60408181015161010081015160c082015160e0830151855184516020860151958701518751600380825260808201909952959794969395929491939290918160200160208202803683370190505088604001516060015189606001518a608001518b6040015160a00151888651600214620000d7576001620000da565b60025b8989898989898989828289898d8280604051806040016040528060018152602001603160f81b81525085858a336001600160a01b031660001b806080818152505050806001600160a01b031660a0816001600160a01b031660601b815250505081600390805190602001906200015292919062000936565b5080516200016890600490602084019062000936565b505060058054601260ff1990911617905550815160209283012060c052805191012060e052507f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f6101005260601b6001600160601b0319166101405250620001db90506276a7008311156101946200061f565b620001ef62278d008211156101956200061f565b429091016101608190520161018052855162000211906002111560c86200061f565b6200022b6200021f62000634565b8751111560c96200061f565b62000241866200063960201b620013951760201c565b6200024c8462000645565b6040516309b2760f60e01b81526000906001600160a01b038c16906309b2760f906200027d908d9060040162000e17565b602060405180830381600087803b1580156200029857600080fd5b505af1158015620002ad573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190620002d3919062000c7e565b604051633354e3e960e11b81529091506001600160a01b038c16906366a9c7d290620003089084908b908b9060040162000d7d565b600060405180830381600087803b1580156200032357600080fd5b505af115801562000338573d6000803e3d6000fd5b50505050806101a08181525050505050505050505050505050505050505050505060006001600160a01b0316826001600160a01b031614156040518060400160405280600e81526020016d1b9bdd08185d5d1a1bdc9a5e995960921b81525090620003c15760405162461bcd60e51b8152600401620003b8919062000e2c565b60405180910390fd5b50600b80546001600160a01b0319166001600160a01b039384161790558051600a8054602084015160409094015160ff1990911692151592909217610100600160801b0319166101006001600160781b0390941693909302929092176001600160801b03908116600160801b91909216021790556200044690821615156069620006d1565b600c80546001600160a01b0319166001600160a01b0392909216919091179055604081810151015180516200048190600314610161620006d1565b62000497816200063960201b620013951760201c565b6020820151620004b4906001600160a01b031615156069620006d1565b80600081518110620004c257fe5b60200260200101516001600160a01b03166101e0816001600160a01b031660601b8152505080600181518110620004f557fe5b60200260200101516001600160a01b0316610200816001600160a01b031660601b81525050806002815181106200052857fe5b60200260200101516001600160a01b0316610220816001600160a01b031660601b8152505062000573816000815181106200055f57fe5b6020026020010151620006e260201b60201c565b6102405280516200058c90829060019081106200055f57fe5b610260528051620005a590829060029081106200055f57fe5b61028052604082015160800151620005e890670233f548dddd560211801590620005df5750670de098625faac3a883604001516080015111155b61015f620006d1565b506040810151608001516101c05260200151600d80546001600160a01b0319166001600160a01b0390921691909117905562000ed7565b8162000630576200063081620007b6565b5050565b600390565b80620006308162000809565b6200065a64e8d4a5100082101560cb6200061f565b6200067267016345785d8a000082111560ca6200061f565b620006918160c06008546200089660201b6200139f179092919060201c565b6008556040517fa9ba3ffe0b6c366b81232caab38605a0699ad5398d6cce76f91ee809e322dafc90620006c690839062000e61565b60405180910390a150565b8162000630576200063081620008ab565b60006001600160a01b038216301415620007065750670de0b6b3a7640000620007b1565b6000826001600160a01b031663313ce5676040518163ffffffff1660e01b815260040160206040518083038186803b1580156200074257600080fd5b505afa15801562000757573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906200077d919062000d53565b60ff16905060006200079c601283620008bd60201b620013b41760201c565b905080600a0a670de0b6b3a764000002925050505b919050565b62461bcd60e51b6000908152602060045260076024526642414c23000030600a808404818106603090810160081b95839006959095019082900491820690940160101b939093010160c81b604452606490fd5b6002815110156200081a5762000893565b6000816000815181106200082a57fe5b602002602001015190506000600190505b8251811015620008905760008382815181106200085457fe5b6020026020010151905062000885816001600160a01b0316846001600160a01b03161060656200061f60201b60201c565b91506001016200083b565b50505b50565b6001600160401b03811b1992909216911b1790565b62000893816223aca960e91b620008d5565b6000620008cf8383111560016200061f565b50900390565b62461bcd60e51b600090815260206004526007602452600a808404818106603090810160081b958390069590950190829004918206850160101b01602363ffffff0060e086901c160160181b0190930160c81b60445260e882901c90606490fd5b828054600181600116156101000203166002900490600052602060002090601f0160209004810192826200096e5760008555620009b9565b82601f106200098957805160ff1916838001178555620009b9565b82800160010185558215620009b9579182015b82811115620009b95782518255916020019190600101906200099c565b50620009c7929150620009cb565b5090565b5b80821115620009c75760008155600101620009cc565b8051620007b18162000ec1565b600082601f83011262000a00578081fd5b815160206001600160401b0382111562000a1657fe5b80820262000a2682820162000e6a565b83815282810190868401838801850189101562000a41578687fd5b8693505b8584101562000a7057805162000a5b8162000ec1565b83526001939093019291840191840162000a45565b50979650505050505050565b600082601f83011262000a8d578081fd5b81516001600160401b0381111562000aa157fe5b62000ab6601f8201601f191660200162000e6a565b81815284602083860101111562000acb578283fd5b62000ade82602083016020870162000e8e565b949350505050565b60006060828403121562000af8578081fd5b604051606081016001600160401b038111828210171562000b1557fe5b80604052508091508251801515811462000b2e57600080fd5b815260208301516001600160781b038116811462000b4b57600080fd5b602082015260408301516001600160801b038116811462000b6b57600080fd5b6040919091015292915050565b6000610160828403121562000b8b578081fd5b62000b9861012062000e6a565b82519091506001600160401b038082111562000bb357600080fd5b62000bc18583860162000a7c565b8352602084015191508082111562000bd857600080fd5b62000be68583860162000a7c565b6020840152604084015191508082111562000c0057600080fd5b5062000c0f84828501620009ef565b604083015250606082015160608201526080820151608082015262000c3760a08301620009e2565b60a082015262000c4a60c08301620009e2565b60c082015262000c5e8360e0840162000ae6565b60e082015262000c726101408301620009e2565b61010082015292915050565b60006020828403121562000c90578081fd5b5051919050565b60006020828403121562000ca9578081fd5b81516001600160401b038082111562000cc0578283fd5b9083019060a0828603121562000cd4578283fd5b60405160a08101818110838211171562000cea57fe5b60405262000cf883620009e2565b815262000d0860208401620009e2565b602082015260408301518281111562000d1f578485fd5b62000d2d8782860162000b78565b604083015250606083015160608201526080830151608082015280935050505092915050565b60006020828403121562000d65578081fd5b815160ff8116811462000d76578182fd5b9392505050565b60006060820185835260206060818501528186518084526080860191508288019350845b8181101562000dc85784516001600160a01b03168352938301939183019160010162000da1565b505084810360408601528551808252908201925081860190845b8181101562000e095782516001600160a01b03168552938301939183019160010162000de2565b509298975050505050505050565b602081016003831062000e2657fe5b91905290565b600060208252825180602084015262000e4d81604085016020870162000e8e565b601f01601f19169190910160400192915050565b90815260200190565b6040518181016001600160401b038111828210171562000e8657fe5b604052919050565b60005b8381101562000eab57818101518382015260200162000e91565b8381111562000ebb576000848401525b50505050565b6001600160a01b03811681146200089357600080fd5b60805160a05160601c60c05160e05161010051610120516101405160601c61016051610180516101a0516101c0516101e05160601c6102005160601c6102205160601c6102405161026051610280516148d36200101b600039806116045280611f035280612aed528061312e5250806115ca5280611ea25280612a8a52806131be5250806115905280611e415280612a27528061328a525080611ec85280612acc528061310b52806131545280613220525080611e675280612a6952806130d0528061319b52806131e4525080611e065280612a065280613096528061326852508061132c52806119b35280611ce8528061208b5280612158528061335b5250806107a35250806115195250806114f5525080610e365250806110ba52508061173b52508061177d52508061175c525080610e12525080610d9752506148d36000f3fe608060405234801561001057600080fd5b50600436106102745760003560e01c806374f3b009116101515780639d2c110c116100c3578063c0ff1a1511610087578063c0ff1a1514610500578063d505accf14610508578063d5c096c41461051b578063d60ca6031461052e578063dd62ed3e14610536578063f89f27ed1461054957610274565b80639d2c110c146104b7578063a457c2d7146104ca578063a9059cbb146104dd578063aaabadc5146104f0578063abd13afe146104f857610274565b8063851c1bb311610115578063851c1bb31461047157806387ec681714610484578063893d20e8146104975780638d928af81461049f57806395d89b41146104a75780639b02cdde146104af57610274565b806374f3b0091461040f57806376e54a46146104305780637ecebe00146104435780638002df18146104565780638456cb591461046957610274565b806338fff2d0116101ea57806350dd6ed9116101ae57806350dd6ed9146103b057806355c67628146103c35780636028bfd4146103cb578063679aefce146103ec5780636d785a87146103f457806370a08231146103fc57610274565b806338fff2d014610363578063395093511461036b5780633aeae0d31461037e5780633f4ba83a1461039357806344bbdb551461039b57610274565b80631c0de0511161023c5780631c0de051146102f45780631dd746ea1461030b57806323b872dd14610320578063313ce567146103335780633644e5151461034857806338e9922e1461035057610274565b806306fdde0314610279578063095ea7b3146102975780630e608b30146102b757806316c38b3c146102cc57806318160ddd146102df575b600080fd5b610281610551565b60405161028e91906147cb565b60405180910390f35b6102aa6102a53660046142e5565b6105e7565b60405161028e919061476f565b6102ca6102c53660046141c0565b6105fe565b005b6102ca6102da366004614310565b6106af565b6102e76106c3565b60405161028e9190614792565b6102fc6106c9565b60405161028e9392919061477a565b6103136106f2565b60405161028e9190614737565b6102aa61032e366004614230565b610701565b61033b610775565b60405161028e9190614857565b6102e761077e565b6102ca61035e36600461461e565b610788565b6102e76107a1565b6102aa6103793660046142e5565b6107c5565b610386610800565b60405161028e91906147de565b6102ca61084b565b6103a3610940565b60405161028e9190614723565b6102ca6103be36600461445d565b61094f565b6102e761096d565b6103de6103d936600461432a565b61097e565b60405161028e92919061483e565b6102e76109b5565b6103a36109e0565b6102e761040a3660046141c0565b6109ef565b61042261041d36600461432a565b610a0e565b60405161028e92919061474a565b6102ca61043e3660046144aa565b610ab1565b6102e76104513660046141c0565b610bd8565b6102ca6104643660046141c0565b610bf3565b6102ca610cd9565b6102e761047f366004614435565b610d91565b6103de61049236600461432a565b610dea565b6103a3610e10565b6103a3610e34565b610281610e58565b6102e7610eb9565b6102e76104c5366004614528565b610ebf565b6102aa6104d83660046142e5565b61101d565b6102aa6104eb3660046142e5565b61105b565b6103a3611068565b6103a3611072565b6102e7611081565b6102ca610516366004614270565b61108b565b61042261052936600461432a565b6111fb565b6102e761132a565b6102e76105443660046141f8565b61134e565b61031361138b565b60038054604080516020601f60026000196101006001881615020190951694909404938401819004810282018101909252828152606093909290918301828280156105dd5780601f106105b2576101008083540402835291602001916105dd565b820191906000526020600020905b8154815290600101906020018083116105c057829003601f168201915b5050505050905090565b60006105f43384846113ca565b5060015b92915050565b600b5460408051808201909152600e81526d1b9bdd08185d5d1a1bdc9a5e995960921b6020820152906001600160a01b031633146106585760405162461bcd60e51b815260040161064f91906147cb565b60405180910390fd5b50600b80546001600160a01b0319166001600160a01b0383161790556040517fb8fd9afc34c38fcd13b9a3b7646482eb1fddcefb40af2c70609972816eba3208906106a4908390614723565b60405180910390a150565b6106b761142c565b6106c08161145a565b50565b60025490565b60008060006106d66114d6565b1592506106e16114f3565b91506106eb611517565b9050909192565b60606106fc61153b565b905090565b60008061070e853361134e565b9050610732336001600160a01b038716148061072a5750838210155b61019e611641565b61073d85858561164f565b336001600160a01b0386161480159061075857506000198114155b1561076a5761076a85338584036113ca565b506001949350505050565b60055460ff1690565b60006106fc611737565b61079061142c565b6107986117f5565b6106c08161180a565b7f000000000000000000000000000000000000000000000000000000000000000090565b3360008181526001602090815260408083206001600160a01b038716845290915281205490916105f49185906107fb9086611875565b6113ca565b610808614112565b5060408051606081018252600a5460ff81161515825261010081046001600160781b03166020830152600160801b90046001600160801b03169181019190915290565b600c546040805180820190915260118152703737ba103830bab9b29036b0b730b3b2b960791b6020820152906001600160a01b0316331461090a5760405162461bcd60e51b81526004018080602001828103825283818151815260200191508051906020019080838360005b838110156108cf5781810151838201526020016108b7565b50505050905090810190601f1680156108fc5780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b5061091560006106b7565b6040517f215385c8bfc731925ec8068d7baa50f6b6f34417cc7804f7273dc2c0b3db279090600090a1565b600d546001600160a01b031681565b61095761142c565b61095f6117f5565b610969828261188e565b5050565b6008546000906106fc9060c061198d565b60006060610994865161098f61199a565b61199f565b6109a9898989898989896119ac611a70611ad6565b97509795505050505050565b60006106fc6109c26106c3565b6109da6109cd611081565b6109d561199a565b611bf8565b90611c1c565b600b546001600160a01b031681565b6001600160a01b0381166000908152602081905260409020545b919050565b60608088610a38610a1d610e34565b6001600160a01b0316336001600160a01b03161460cd611641565b610a4d610a436107a1565b82146101f4611641565b6000610a5761153b565b9050610a638882611c76565b6000806000610a788e8e8e8e8e8e8a8f6119ac565b925092509250610a888d84611cd7565b610a928285611a70565b610a9c8185611a70565b909550935050505b5097509795505050505050565b600b5460408051808201909152600e81526d1b9bdd08185d5d1a1bdc9a5e995960921b6020820152906001600160a01b03163314610b025760405162461bcd60e51b815260040161064f91906147cb565b50600a5460408051808201909152601081526f1c1bdbdb081a5cc81d5b98d85c1c195960821b60208201529060ff16610b4e5760405162461bcd60e51b815260040161064f91906147cb565b508051600a8054602084015160408086015160ff19909316941515949094176fffffffffffffffffffffffffffffff0019166101006001600160781b0390921691909102176001600160801b03908116600160801b919092160217815590517f2abf5970d7bc1a2b36eaae52dd2cc353edb0337c7284ef8a01973081b4e04424916106a491614813565b6001600160a01b031660009081526006602052604090205490565b600c546040805180820190915260118152703737ba103830bab9b29036b0b730b3b2b960791b60208201526001600160a01b0390911690338214610c785760405162461bcd60e51b81526020600482018181528351602484015283519092839260449091019190850190808383600083156108cf5781810151838201526020016108b7565b50600c80546001600160a01b0319166001600160a01b03848116918217909255604080519284168352602083019190915280517f1ffccd1fa96f4fb3415df8048a0fd107344e262d2d246c85105e2a3f8f3e81989281900390910190a15050565b600c546040805180820190915260118152703737ba103830bab9b29036b0b730b3b2b960791b6020820152906001600160a01b03163314610d5b5760405162461bcd60e51b81526020600482018181528351602484015283519092839260449091019190850190808383600083156108cf5781810151838201526020016108b7565b50610d6660016106b7565b6040517f681eace576127d0553b224436a09801fb47d042942cbff59d7d4ff04d8fa03d790600090a1565b604080517f00000000000000000000000000000000000000000000000000000000000000006020808301919091526001600160e01b03198416828401528251602481840301815260449092019092528051910120919050565b60006060610dfb865161098f61199a565b6109a989898989898989611ce1611da1611ad6565b7f000000000000000000000000000000000000000000000000000000000000000090565b7f000000000000000000000000000000000000000000000000000000000000000090565b60048054604080516020601f60026000196101006001881615020190951694909404938401819004810282018101909252828152606093909290918301828280156105dd5780601f106105b2576101008083540402835291602001916105dd565b60095490565b60008360800151610ed1610a1d610e34565b610edc610a436107a1565b6000610eeb8660200151611e02565b90506000610efc8760400151611e02565b9050600087516001811115610f0d57fe5b1415610f9d576000610f228860600151611f32565b90506000818960600151039050610f468960200151610f418387611f53565b611f5f565b60608901829052610f578885611f53565b9750610f638784611f53565b9650610f73896060015185611f53565b60608a01526000610f858a8a8a611f71565b9050610f918185611f9f565b96505050505050611015565b610fa78683611f53565b9550610fb38582611f53565b9450610fc3876060015182611f53565b60608801526000610fd5888888611fab565b9050610fe18184611fd0565b90506000610fee82611fdc565b9050600082820390506110098a60200151610f418388611f53565b50945061101592505050565b509392505050565b60008061102a338561134e565b90508083106110445761103f338560006113ca565b611051565b61105133858584036113ca565b5060019392505050565b60006105f433848461164f565b60006106fc612002565b600c546001600160a01b031681565b60006106fc61207c565b6110998442111560d1611641565b6001600160a01b0380881660008181526006602090815260408083205481517f00000000000000000000000000000000000000000000000000000000000000008185015280830195909552948b166060850152608084018a905260a0840185905260c08085018a90528151808603909101815260e09094019052825192019190912090611125826120af565b9050600060018288888860405160008152602001604052604051808581526020018460ff1681526020018381526020018281526020019450505050506020604051602081039080840390855afa158015611183573d6000803e3d6000fd5b5050604051601f19015191506111c590506001600160a01b038216158015906111bd57508b6001600160a01b0316826001600160a01b0316145b6101f8611641565b6001600160a01b038b1660009081526006602052604090206001850190556111ee8b8b8b6113ca565b5050505050505050505050565b6060808861120a610a1d610e34565b611215610a436107a1565b600061121f61153b565b90506112296106c3565b6112da5760008061123d8d8d8d868b6120fb565b9150915061125661124c6121a2565b83101560cc611641565b61126860006112636121a2565b6121a9565b61127b8b6112746121a2565b84036121a9565b6112858184611da1565b8061128e61199a565b6001600160401b03811180156112a357600080fd5b506040519080825280602002602001820160405280156112cd578160200160208202803683370190505b5095509550505050610aa4565b6112e48882611c76565b60008060006112f98e8e8e8e8e8e8a8f611ce1565b9250925092506113098c846121a9565b6113138285611da1565b61131d8185611a70565b9095509350610aa4915050565b7f000000000000000000000000000000000000000000000000000000000000000090565b6000611358610e34565b6001600160a01b0316826001600160a01b0316141561137a57506000196105f8565b61138483836121b3565b90506105f8565b60606106fc6121de565b8061096981612275565b6001600160401b03811b1992909216911b1790565b60006113c4838311156001611641565b50900390565b6001600160a01b03808416600081815260016020908152604080832094871680845294825291829020859055815185815291517f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b9259281900390910190a3505050565b60006114436000356001600160e01b031916610d91565b90506106c061145282336122ee565b610191611641565b801561147a5761147561146b6114f3565b4210610193611641565b61148f565b61148f611485611517565b42106101a9611641565b6007805482151560ff19909116811790915560408051918252517f9e3a5e37224532dea67b89face185703738a228a6e8a23dee546960180d3be649181900360200190a150565b60006114e0611517565b4211806106fc57505060075460ff161590565b7f000000000000000000000000000000000000000000000000000000000000000090565b7f000000000000000000000000000000000000000000000000000000000000000090565b6060600061154761199a565b90506000816001600160401b038111801561156157600080fd5b5060405190808252806020026020018201604052801561158b578160200160208202803683370190505b5090507f0000000000000000000000000000000000000000000000000000000000000000816000815181106115bc57fe5b6020026020010181815250507f0000000000000000000000000000000000000000000000000000000000000000816001815181106115f657fe5b6020026020010181815250507f00000000000000000000000000000000000000000000000000000000000000008160028151811061163057fe5b602090810291909101015291505090565b8161096957610969816123f0565b6116666001600160a01b0384161515610198611641565b61167d6001600160a01b0383161515610199611641565b611688838383611ad1565b6001600160a01b0383166000908152602081905260409020546116ae90826101a0612443565b6001600160a01b0380851660009081526020819052604080822093909355908416815220546116dd9082611875565b6001600160a01b038084166000818152602081815260409182902094909455805185815290519193928716927fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef92918290030190a3505050565b60007f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000006117a4612459565b3060405160200180868152602001858152602001848152602001838152602001826001600160a01b031681526020019550505050505060405160208183030381529060405280519060200120905090565b6118086118006114d6565b610192611641565b565b61181d64e8d4a5100082101560cb611641565b61183367016345785d8a000082111560ca611641565b600854611842908260c061139f565b6008556040517fa9ba3ffe0b6c366b81232caab38605a0699ad5398d6cce76f91ee809e322dafc906106a4908390614792565b60008282016118878482101583611641565b9392505050565b60006118986107a1565b905060006118a4610e34565b6001600160a01b031663b05f8e4883866040518363ffffffff1660e01b81526004016118d19291906147b4565b60806040518083038186803b1580156118e957600080fd5b505afa1580156118fd573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190611921919061464e565b604051630639cdb560e21b81529094506001600160a01b03851693506318e736d4925061195591508590879060040161479b565b600060405180830381600087803b15801561196f57600080fd5b505af1158015611983573d6000803e3d6000fd5b5050505050505050565b1c6001600160401b031690565b600390565b6109698183146067611641565b60006060807f00000000000000000000000000000000000000000000000000000000000000006119da6114d6565b15611a225760006119eb8a8361245d565b90506119f681612531565b611a008a8761255e565b9095509350611a198186611a126106c3565b60006125ab565b60095550611a38565b611a2c898661255e565b60001960095590945092505b604080516003808252608082019092528591859190602082016060803683370190505093509350935050985098509895505050505050565b60005b611a7b61199a565b811015611ad157611ab2838281518110611a9157fe5b6020026020010151838381518110611aa557fe5b6020026020010151612605565b838281518110611abe57fe5b6020908102919091010152600101611a73565b505050565b333014611b94576000306001600160a01b0316600036604051611afa929190614713565b6000604051808303816000865af19150503d8060008114611b37576040519150601f19603f3d011682016040523d82523d6000602084013e611b3c565b606091505b505090508060008114611b4b57fe5b60046000803e6000516001600160e01b0319166343adbafb60e01b8114611b76573d6000803e3d6000fd5b506020600460003e604060205260243d03602460403e601c3d016000f35b6000611b9e61153b565b9050611baa8782611c76565b600080611bc18c8c8c8c8c8c898d8d63ffffffff16565b5091509150611bd481848663ffffffff16565b8051601f1982018390526343adbafb603f1983015260200260231982016044820181fd5b6000828202611887841580611c15575083858381611c1257fe5b04145b6003611641565b600081611c2f57611c2f60006004611641565b82611c3c575060006105f8565b670de0b6b3a764000083810290848281611c5257fe5b0414611c6457611c6460006005611641565b828181611c6d57fe5b04949350505050565b60005b611c8161199a565b811015611ad157611cb8838281518110611c9757fe5b6020026020010151838381518110611cab57fe5b6020026020010151612656565b838281518110611cc457fe5b6020908102919091010152600101611c79565b610969828261267f565b60006060807f000000000000000000000000000000000000000000000000000000000000000083611d128a8361245d565b9050611d1d81612531565b611d278a87612736565b600a54919650945060ff1615611d5157611d5185611d448d6109ef565b611d4c6106c3565b61277a565b611d658186611d5e6106c3565b60016125ab565b60095560408051600380825260808201909252869186919060208201606080368337019050509450945094505050985098509895505050505050565b60005b611dac61199a565b811015611ad157611de3838281518110611dc257fe5b6020026020010151838381518110611dd657fe5b602002602001015161288c565b838281518110611def57fe5b6020908102919091010152600101611da4565b60007f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316826001600160a01b03161415611e6557507f0000000000000000000000000000000000000000000000000000000000000000610a09565b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316826001600160a01b03161415611ec657507f0000000000000000000000000000000000000000000000000000000000000000610a09565b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316826001600160a01b03161415611f2757507f0000000000000000000000000000000000000000000000000000000000000000610a09565b610a096101356123f0565b600080611f47611f4061096d565b84906128da565b905061188783826113b4565b60006118878383612656565b610969611f6b83612916565b82610969565b6000611f7b6117f5565b6000611f8885858561291c565b9050611f96858585846129bb565b95945050505050565b60006118878383612605565b6000611fb56117f5565b6000611fc285858561291c565b9050611f96858585846129cd565b6000611887838361288c565b60006105f8611ffb611fec61096d565b670de0b6b3a7640000906113b4565b839061288c565b600061200c610e34565b6001600160a01b031663aaabadc56040518163ffffffff1660e01b815260040160206040518083038186803b15801561204457600080fd5b505afa158015612058573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906106fc91906141dc565b60006106fc6120896129df565b7f000000000000000000000000000000000000000000000000000000000000000061245d565b60006120b9611737565b82604051602001808061190160f01b81525060020183815260200182815260200192505050604051602081830303815290604052805190602001209050919050565b600060606121076117f5565b600061211284612b2d565b905061212d600082600381111561212557fe5b1460ce611641565b600061213885612b4c565b90506121468151600361199f565b6121508187611c76565b600061217c827f000000000000000000000000000000000000000000000000000000000000000061245d565b9050600061218b826003611bf8565b6009929092555093509150505b9550959350505050565b620f424090565b6109698282612c00565b6001600160a01b03918216600090815260016020908152604080832093909416825291909152205490565b60408051600380825260808201909252606091600091906020820184803683370190505090506003670de0b6b3a7640000048160008151811061221d57fe5b60209081029190910101526003670de0b6b3a7640000048160018151811061224157fe5b60209081029190910101526003670de0b6b3a7640000048160028151811061226557fe5b6020908102919091010152905090565b600281511015612284576106c0565b60008160008151811061229357fe5b602002602001015190506000600190505b8251811015611ad15760008382815181106122bb57fe5b602002602001015190506122e4816001600160a01b0316846001600160a01b0316106065611641565b91506001016122a4565b600073ba1ba1ba1ba1ba1ba1ba1ba1ba1ba1ba1ba1ba1b61230d610e10565b6001600160a01b031614158015612328575061232883612c95565b1561235057612335610e10565b6001600160a01b0316336001600160a01b03161490506105f8565b612358612002565b6001600160a01b0316639be2a8848484306040518463ffffffff1660e01b815260040180848152602001836001600160a01b03168152602001826001600160a01b03168152602001935050505060206040518083038186803b1580156123bd57600080fd5b505afa1580156123d1573d6000803e3d6000fd5b505050506040513d60208110156123e757600080fd5b505190506105f8565b62461bcd60e51b6000908152602060045260076024526642414c23000030600a808404818106603090810160081b95839006959095019082900491820690940160101b939093010160c81b604452606490fd5b60006124528484111583611641565b5050900390565b4690565b60006c01431e0fae6d7217caa00000008360008151811061247a57fe5b6020026020010151111561249557612495600061016a612cc7565b6c01431e0fae6d7217caa0000000836001815181106124b057fe5b602002602001015111156124cb576124cb600061016a612cc7565b6c01431e0fae6d7217caa0000000836002815181106124e657fe5b6020026020010151111561250157612501600061016a612cc7565b6000806000806125118787612cd5565b9350935093509350612526848484848a612e24565b979650505050505050565b60008060008061254360095486612e75565b935093509350935061255784848484612ede565b5050505050565b60006060600061256d84612b2d565b9050600181600381111561257d57fe5b14156125975761258d8585612f04565b92509250506125a4565b6125a26101506123f0565b505b9250929050565b600081156125dd5760006125c9846125c38888612f36565b90612f8b565b90506125d58682612fe8565b9150506125fd565b60006125ed846109da8888613000565b90506125f9868261302a565b9150505b949350505050565b60006126148215156004611641565b82612621575060006105f8565b670de0b6b3a7640000838102906126449085838161263b57fe5b04146005611641565b82818161264d57fe5b049150506105f8565b6000828202612670841580611c15575083858381611c1257fe5b670de0b6b3a764000081611c6d565b6126966001600160a01b038316151561019b611641565b6126a282600083611ad1565b6001600160a01b0382166000908152602081905260409020546126c890826101a1612443565b6001600160a01b0383166000908152602081905260409020556002546126ee9082613040565b6002556040805182815290516000916001600160a01b038516917fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef9181900360200190a35050565b60006060600061274584612b2d565b9050600381600381111561275557fe5b141561276f57612765858561304e565b90935091506125a2565b6125a26101366123f0565b60408051606081018252600a5460ff81161515825261010081046001600160781b031660208301819052600160801b9091046001600160801b031692820192909252906127c78585612fe8565b11156040518060400160405280601a81526020017f6f7665722061646472657373206c6971756964697479206361700000000000008152509061281d5760405162461bcd60e51b815260040161064f91906147cb565b5060408101516001600160801b03166128368584612fe8565b11156040518060400160405280601981526020017f6f76657220676c6f62616c206c69717569646974792063617000000000000000815250906125575760405162461bcd60e51b815260040161064f91906147cb565b600061289b8215156004611641565b826128a8575060006105f8565b670de0b6b3a7640000838102906128c29085838161263b57fe5b8260018203816128ce57fe5b046001019150506105f8565b60008282026128f4841580611c15575083858381611c1257fe5b806129035760009150506105f8565b670de0b6b3a764000060001982016128ce565b50600090565b6040805160038082526080820190925260009182919060208201606080368337019050509050838160008151811061295057fe5b602002602001018181525050828160018151811061296a57fe5b60200260200101818152505060008061298b87602001518860400151613073565b9150915061299982826132b0565b836002815181106129a657fe5b60200260200101818152505061252683613357565b6000611f968484876060015185613391565b6000611f9684848760600151856133f2565b60408051600380825260808201909252606091602082018380368337019050509050612a4b7f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000006132b0565b81600081518110612a5857fe5b602002602001018181525050612aae7f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000006132b0565b81600181518110612abb57fe5b602002602001018181525050612b117f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000006132b0565b81600281518110612b1e57fe5b60200260200101818152505090565b6000818060200190516020811015612b4457600080fd5b505192915050565b6060818060200190516040811015612b6357600080fd5b815160208301805160405192949293830192919084640100000000821115612b8a57600080fd5b908301906020820185811115612b9f57600080fd5b8251866020820283011164010000000082111715612bbc57600080fd5b82525081516020918201928201910280838360005b83811015612be9578181015183820152602001612bd1565b505050509190910160405250929695505050505050565b612c0c60008383611ad1565b600254612c199082611875565b6002556001600160a01b038216600090815260208190526040902054612c3f9082611875565b6001600160a01b0383166000818152602081815260408083209490945583518581529351929391927fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef9281900390910190a35050565b6000612ca7631c74c91760e11b610d91565b8214806105f85750612cbf6350dd6ed960e01b610d91565b909114919050565b816109695761096981613450565b6000808080612cee85612ce88180613460565b90613460565b670de0b6b3a7640000039350600086600281518110612d0957fe5b602002602001015187600181518110612d1e57fe5b602002602001015188600081518110612d3357fe5b602002602001015101019050612d5686612ce8888461346090919063ffffffff16565b93506000612d9588600081518110612d6a57fe5b602002602001015189600281518110612d7f57fe5b602002602001015161346090919063ffffffff16565b612dba89600281518110612da557fe5b60200260200101518a600181518110612d7f57fe5b612ddf8a600181518110612dca57fe5b60200260200101518b600081518110612d7f57fe5b01019050612ded8188613460565b9350612e1788600281518110612dff57fe5b6020026020010151612ce88a600181518110612dca57fe5b9250505092959194509250565b600080612e3387878787613477565b92509050612e4586868686858761351c565b91506e01ed09bead87c0378d8e6400000000821115612e6b57612e6b6000610169612cc7565b5095945050505050565b600080600080600080600080612e896135e0565b93509350935093508360001415612eae57600097508796509094509250612ed5915050565b600080612ec58c8c612ebe6106c3565b898961384f565b909a509850929650909450505050505b92959194509250565b8315612eee57612eee82856121a9565b8215612efe57612efe81846121a9565b50505050565b600060606000612f13846138e8565b90506000612f298683612f246106c3565b61390a565b9196919550909350505050565b6000828202831580612f50575082848281612f4d57fe5b04145b612f6057612f6060006003611641565b80612f6f5760009150506105f8565b670de0b6b3a764000060001982015b0460010191505092915050565b600081612f9e57612f9e60006004611641565b82612fab575060006105f8565b670de0b6b3a764000083810290848281612fc157fe5b0414612fdc57612fdc670de0b6b3a764000085838161263b57fe5b826001820381612f7e57fe5b60008282018381101561188757611887600080611641565b600082820283158061301a57508284828161301757fe5b04145b6126705761267060006003611641565b6000828211156113c4576113c460006001611641565b600061188783836001612443565b60006060600061305d846138e8565b90506000612f29868361306e6106c3565b6139a5565b600080826001600160a01b0316846001600160a01b03161115613094579192915b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316846001600160a01b031614156131e2577f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316836001600160a01b0316141561315257507f000000000000000000000000000000000000000000000000000000000000000090507f00000000000000000000000000000000000000000000000000000000000000006125a4565b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316836001600160a01b031614613198576131986000610162612cc7565b507f000000000000000000000000000000000000000000000000000000000000000090507f00000000000000000000000000000000000000000000000000000000000000006125a4565b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316846001600160a01b031614801561325457507f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316836001600160a01b0316145b613265576132656000610162612cc7565b507f0000000000000000000000000000000000000000000000000000000000000000937f00000000000000000000000000000000000000000000000000000000000000009350915050565b60008060006132bd610e34565b6001600160a01b031663b05f8e486132d36107a1565b876040518363ffffffff1660e01b81526004016132f19291906147b4565b60806040518083038186803b15801561330957600080fd5b505afa15801561331d573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190613341919061464e565b505081810194509092509050611f968385613000565b60007f000000000000000000000000000000000000000000000000000000000000000081613385848361245d565b90506125fd8183613000565b6000806133a683670de0b6b3a7640002613a40565b8601905060006133be84670de0b6b3a763ffff613460565b860190506133d96133cf8387612fe8565b6109da8388613000565b92505050838111156125fd576125fd6000610165612cc7565b600083831115613409576134096000610165612cc7565b600061341d83670de0b6b3a7640002613a40565b86019050600061343584670de0b6b3a763ffff613460565b86019050612526613446828761302a565b6125c38488612f36565b6106c0816223aca960e91b613a54565b6000670de0b6b3a76400008383025b049392505050565b600080806134888760038702613a40565b6134928780613a40565b01905060006134b1600389026134a9846005613ab5565b890190613c43565b9050670de0b6b3a76400008890036134fa6706f05b59d3b200008210156134e057671bc16d674ec800006134ea565b6714d1120d7b1600005b83906001600160401b0316613a40565b935061350e8267120a871cc0020000613a40565b945050505094509492505050565b600080805b60ff8110156135c85760008061353b8b8b8b8b8b8b613c85565b915091506001821161355357859450505050506135d6565b600583108015906135615750805b1561357257859450505050506135d6565b600583108015906135865750600884048210155b1561359757859450505050506135d6565b81935080156135b1576135aa8683612fe8565b95506135be565b6135bb868361302a565b95505b5050600101613521565b506135d4610160613450565b505b9695505050505050565b600d5460405163bd02d0f560e01b81526000918291829182916001600160a01b039091169063bd02d0f590613632907550524f544f434f4c5f535741505f4645455f5045524360501b90600401614792565b60206040518083038186803b15801561364a57600080fd5b505afa15801561365e573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906136829190614636565b600d5460405163bd02d0f560e01b81526001600160a01b039091169063bd02d0f5906136d2907f50524f544f434f4c5f4645455f4759524f5f504f5254494f4e0000000000000090600401614792565b60206040518083038186803b1580156136ea57600080fd5b505afa1580156136fe573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906137229190614636565b600d546040516321f8a72160e01b81526001600160a01b03909116906321f8a72190613762906c4759524f5f545245415355525960981b90600401614792565b60206040518083038186803b15801561377a57600080fd5b505afa15801561378e573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906137b291906141dc565b600d546040516321f8a72160e01b81526001600160a01b03909116906321f8a721906137f1906b42414c5f545245415355525960a01b90600401614792565b60206040518083038186803b15801561380957600080fd5b505afa15801561381d573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061384191906141dc565b935093509350935090919293565b60008086861161386457506000905080612198565b60006138848561387e6138778a8c61302a565b8990613000565b90613000565b9050600061389c613895898b61302a565b8790613000565b905060006138aa898361302a565b905060006138b88483611c1c565b905060006138c68883613000565b905060006138d4838361302a565b919d919c50909a5050505050505050505050565b60008180602001905160408110156138ff57600080fd5b506020015192915050565b606083516001600160401b038111801561392357600080fd5b5060405190808252806020026020018201604052801561394d578160200160208202803683370190505b50905060005b845181101561101557613986836109da8688858151811061397057fe5b602002602001015161300090919063ffffffff16565b82828151811061399257fe5b6020908102919091010152600101613953565b606083516001600160401b03811180156139be57600080fd5b506040519080825280602002602001820160405280156139e8578160200160208202803683370190505b50905060005b845181101561101557613a21836125c386888581518110613a0b57fe5b6020026020010151612f3690919063ffffffff16565b828281518110613a2d57fe5b60209081029190910101526001016139ee565b600082820280612f6f5760009150506105f8565b62461bcd60e51b600090815260206004526007602452600a808404818106603090810160081b958390069590950190829004918206850160101b01602363ffffff0060e086901c160160181b0190930160c81b60445260e882901c90606490fd5b600082613ac4575060006105f8565b6000613acf84613e0e565b9050600281670de0b6b3a7640000860281613ae657fe5b04820181613af057fe5b049050600281670de0b6b3a7640000860281613b0857fe5b04820181613b1257fe5b049050600281670de0b6b3a7640000860281613b2a57fe5b04820181613b3457fe5b049050600281670de0b6b3a7640000860281613b4c57fe5b04820181613b5657fe5b049050600281670de0b6b3a7640000860281613b6e57fe5b04820181613b7857fe5b049050600281670de0b6b3a7640000860281613b9057fe5b04820181613b9a57fe5b049050600281670de0b6b3a7640000860281613bb257fe5b04820181613bbc57fe5b0490506000613bcb8280613000565b9050613be1613bda8386612f36565b8690612fe8565b8111158015613c035750613bff613bf88386612f36565b869061302a565b8110155b611015576040805162461bcd60e51b815260206004820152600c60248201526b17dcdc5c9d0811905253115160a21b604482015290519081900360640190fd5b600081613c5657613c5660006004611641565b82613c63575060006105f8565b816001670de0b6b3a764000085020381613c7957fe5b04600101905092915050565b6000806e01ed09bead87c0378d8e6400000000831115613cac57613cac6000610169612cc7565b83831015613cc157613cc1600061016b612cc7565b6000613ccd8480613460565b90506000613cde6003860286613000565b9050613cf087612ce881818582613460565b900388613cfd868c613460565b600202909103036000806cfc6f7c40458122964d000000008711613d7b57613d258488613460565b9150613d3789612ce881818682613460565b90910390613d458284613fe0565b9150613d51848d613460565b9050613d6983613d61898e613460565b830190613fe0565b9050613d758a84613fe0565b01613de6565b613d858488614006565b9150613d9d89613d9781818682614006565b90614006565b90910390613dab8284614031565b9150613db7848d614006565b9050613dc38b88613460565b01613dd8818464e8d4a51000620f424061403f565b9050613de48a84613fe0565b015b81811015945084613df957808203613dfd565b8181035b955050505050965096945050505050565b6000670de0b6b3a76400008210613e3b57670de0b6b3a7640000613e3381840461407c565b1b9050610a09565b600a8211613e4e575063bc7c871c610a09565b60648211613e6257506402540be400610a09565b6103e88211613e77575064075cdd4719610a09565b6127108211613e8c575064174876e800610a09565b620186a08211613ea257506449a0a4c700610a09565b620f42408211613eb8575064e8d4a51000610a09565b629896808211613ecf57506502e0466fc608610a09565b6305f5e1008211613ee757506509184e72a000610a09565b633b9aca008211613eff5750651cc2c05dbc53610a09565b6402540be4008211613f185750655af3107a4000610a09565b64174876e8008211613f32575066011f9b83a95b45610a09565b64e8d4a510008211613f4c575066038d7ea4c68000610a09565b6509184e72a0008211613f675750660b3c13249d90bb610a09565b655af3107a40008211613f825750662386f26fc10000610a09565b66038d7ea4c680008211613f9e5750667058bf6e27a751610a09565b662386f26fc100008211613fbb575067016345785d8a0000610a09565b67016345785d8a00008211613fd95750670463777a4d8c892d610a09565b5080610a09565b600081613ff357613ff360006004611641565b81670de0b6b3a764000084028161346f57fe5b600061401c670de0b6b3a7640000840683613460565b82670de0b6b3a7640000850402019392505050565b60006118878383633b9aca00805b6000836140525761405260006004611641565b600082600186038161406057fe5b046001019050808487028161407157fe5b049695505050505050565b6000600160801b82106140945760809190911c906040015b6801000000000000000082106140af5760409190911c906020015b64010000000082106140c65760209190911c906010015b6201000082106140db5760109190911c906008015b61010082106140ef5760089190911c906004015b601082106141025760049190911c906002015b60048210610a0957600101919050565b604080516060810182526000808252602082018190529181019190915290565b8035610a0981614888565b80358015158114610a0957600080fd5b600082601f83011261415d578081fd5b81356001600160401b0381111561417057fe5b614183601f8201601f1916602001614865565b818152846020838601011115614197578283fd5b816020850160208301379081016020019190915292915050565b803560028110610a0957600080fd5b6000602082840312156141d1578081fd5b813561188781614888565b6000602082840312156141ed578081fd5b815161188781614888565b6000806040838503121561420a578081fd5b823561421581614888565b9150602083013561422581614888565b809150509250929050565b600080600060608486031215614244578081fd5b833561424f81614888565b9250602084013561425f81614888565b929592945050506040919091013590565b600080600080600080600060e0888a03121561428a578283fd5b873561429581614888565b965060208801356142a581614888565b95506040880135945060608801359350608088013560ff811681146142c8578384fd5b9699959850939692959460a0840135945060c09093013592915050565b600080604083850312156142f7578182fd5b823561430281614888565b946020939093013593505050565b600060208284031215614321578081fd5b6118878261413d565b600080600080600080600060e0888a031215614344578081fd5b87359650602088013561435681614888565b9550604088013561436681614888565b945060608801356001600160401b0380821115614381578283fd5b818a0191508a601f830112614394578283fd5b8135818111156143a057fe5b602081026143b060208201614865565b80838252602082019150602086018f60208589010111156143cf578788fd5b8796505b848710156143f2578035835260019690960195602092830192016143d3565b50985050505060808a0135945060a08a0135935060c08a0135915080821115614419578283fd5b506144268a828b0161414d565b91505092959891949750929550565b600060208284031215614446578081fd5b81356001600160e01b031981168114611887578182fd5b6000806040838503121561446f578182fd5b823561447a81614888565b915060208301356001600160401b03811115614494578182fd5b6144a08582860161414d565b9150509250929050565b6000606082840312156144bb578081fd5b604051606081018181106001600160401b03821117156144d757fe5b6040526144e38361413d565b815260208301356001600160781b03811681146144fe578283fd5b602082015260408301356001600160801b038116811461451c578283fd5b60408201529392505050565b60008060006060848603121561453c578081fd5b83356001600160401b0380821115614552578283fd5b8186019150610120808389031215614568578384fd5b61457181614865565b905061457c836141b1565b815261458a60208401614132565b602082015261459b60408401614132565b6040820152606083013560608201526080830135608082015260a083013560a08201526145ca60c08401614132565b60c08201526145db60e08401614132565b60e082015261010080840135838111156145f3578586fd5b6145ff8a82870161414d565b9183019190915250976020870135975060409096013595945050505050565b60006020828403121561462f578081fd5b5035919050565b600060208284031215614647578081fd5b5051919050565b60008060008060808587031215614663578182fd5b845193506020850151925060408501519150606085015161468381614888565b939692955090935050565b6000815180845260208085019450808401835b838110156146bd578151875295820195908201906001016146a1565b509495945050505050565b60008151808452815b818110156146ed576020818501810151868301820152016146d1565b818111156146fe5782602083870101525b50601f01601f19169290920160200192915050565b6000828483379101908152919050565b6001600160a01b0391909116815260200190565b600060208252611887602083018461468e565b60006040825261475d604083018561468e565b8281036020840152611f96818561468e565b901515815260200190565b92151583526020830191909152604082015260600190565b90815260200190565b6000838252604060208301526125fd60408301846146c8565b9182526001600160a01b0316602082015260400190565b60006020825261188760208301846146c8565b8151151581526020808301516001600160781b0316908201526040918201516001600160801b03169181019190915260600190565b905460ff811615158252600881901c6001600160781b0316602083015260801c604082015260600190565b6000838252604060208301526125fd604083018461468e565b60ff91909116815260200190565b6040518181016001600160401b038111828210171561488057fe5b604052919050565b6001600160a01b03811681146106c057600080fdfea264697066735822122053c29bf23fd3187fa9300c323eb80a728b8d02fb979cca00c7a0340cbcb4f60a64736f6c634300070600330000000000000000000000000000000000000000000000000000000000000020000000000000000000000000ba12222222228d8ba445958a75a0704d566bf2c8000000000000000000000000fdc2e9e03f515804744a40d0f8d25c16e93fbe6700000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000076a7000000000000000000000000000000000000000000000000000000000000278d00000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000001e0000000000000000000000000000000000000000000000000000110d9316ec0000000000000000000000000000000000000000000000000000ddeeff45500c000000000000000000000000000ef63c5cedec9d53911162bed5ce8956ae570387b000000000000000000000000ef63c5cedec9d53911162bed5ce8956ae570387b0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000211b083e39661a4b000000000000000000000000000000000000000000000000a5872952e06beac5c80000000000000000000000000000148b36e4f96914550145b72e9dbcd514048cafed000000000000000000000000000000000000000000000000000000000000001d4779726f73636f70652033434c5020425553442f555344432f55534454000000000000000000000000000000000000000000000000000000000000000000001333434c502d425553442d555344432d555344540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000002791bca1f2de4661ed88a30c99a7a9449aa841740000000000000000000000009c9e5fd8bbc25984b178fdce6117defa39d2db39000000000000000000000000c2132d05d31c914a87c6611c10748aeb04b58e8f
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000ba12222222228d8ba445958a75a0704d566bf2c8000000000000000000000000fdc2e9e03f515804744a40d0f8d25c16e93fbe6700000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000076a7000000000000000000000000000000000000000000000000000000000000278d00000000000000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000001e0000000000000000000000000000000000000000000000000000110d9316ec0000000000000000000000000000000000000000000000000000ddeeff45500c000000000000000000000000000ef63c5cedec9d53911162bed5ce8956ae570387b000000000000000000000000ef63c5cedec9d53911162bed5ce8956ae570387b0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000211b083e39661a4b000000000000000000000000000000000000000000000000a5872952e06beac5c80000000000000000000000000000148b36e4f96914550145b72e9dbcd514048cafed000000000000000000000000000000000000000000000000000000000000001d4779726f73636f70652033434c5020425553442f555344432f55534454000000000000000000000000000000000000000000000000000000000000000000001333434c502d425553442d555344432d555344540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000002791bca1f2de4661ed88a30c99a7a9449aa841740000000000000000000000009c9e5fd8bbc25984b178fdce6117defa39d2db39000000000000000000000000c2132d05d31c914a87c6611c10748aeb04b58e8f
-----Decoded View---------------
Arg [0] : params (tuple): System.Collections.Generic.List`1[Nethereum.ABI.FunctionEncoding.ParameterOutput]
-----Encoded View---------------
25 Constructor Arguments found :
Arg [0] : 0000000000000000000000000000000000000000000000000000000000000020
Arg [1] : 000000000000000000000000ba12222222228d8ba445958a75a0704d566bf2c8
Arg [2] : 000000000000000000000000fdc2e9e03f515804744a40d0f8d25c16e93fbe67
Arg [3] : 00000000000000000000000000000000000000000000000000000000000000a0
Arg [4] : 000000000000000000000000000000000000000000000000000000000076a700
Arg [5] : 0000000000000000000000000000000000000000000000000000000000278d00
Arg [6] : 0000000000000000000000000000000000000000000000000000000000000160
Arg [7] : 00000000000000000000000000000000000000000000000000000000000001a0
Arg [8] : 00000000000000000000000000000000000000000000000000000000000001e0
Arg [9] : 000000000000000000000000000000000000000000000000000110d9316ec000
Arg [10] : 0000000000000000000000000000000000000000000000000ddeeff45500c000
Arg [11] : 000000000000000000000000ef63c5cedec9d53911162bed5ce8956ae570387b
Arg [12] : 000000000000000000000000ef63c5cedec9d53911162bed5ce8956ae570387b
Arg [13] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [14] : 000000000000000000000000000000000000000000211b083e39661a4b000000
Arg [15] : 000000000000000000000000000000000000000000a5872952e06beac5c80000
Arg [16] : 000000000000000000000000148b36e4f96914550145b72e9dbcd514048cafed
Arg [17] : 000000000000000000000000000000000000000000000000000000000000001d
Arg [18] : 4779726f73636f70652033434c5020425553442f555344432f55534454000000
Arg [19] : 0000000000000000000000000000000000000000000000000000000000000013
Arg [20] : 33434c502d425553442d555344432d5553445400000000000000000000000000
Arg [21] : 0000000000000000000000000000000000000000000000000000000000000003
Arg [22] : 0000000000000000000000002791bca1f2de4661ed88a30c99a7a9449aa84174
Arg [23] : 0000000000000000000000009c9e5fd8bbc25984b178fdce6117defa39d2db39
Arg [24] : 000000000000000000000000c2132d05d31c914a87c6611c10748aeb04b58e8f