Contract Name:
WalletSimple
Contract Source Code:
File 1 of 1 : WalletSimple
// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.7.5;
/**
* Contract that exposes the needed erc20 token functions
*/
abstract contract ERC20Interface {
// Send _value amount of tokens to address _to
function transfer(address _to, uint256 _value)
public
virtual
returns (bool success);
// Get the account balance of another account with address _owner
function balanceOf(address _owner)
public
virtual
view
returns (uint256 balance);
}
/**
* Contract that will forward any incoming Ether to the creator of the contract
*
*/
contract Forwarder {
// Address to which any funds sent to this contract will be forwarded
address public parentAddress;
event ForwarderDeposited(address from, uint256 value, bytes data);
/**
* Initialize the contract, and sets the destination address to that of the creator
*/
function init(address _parentAddress) external onlyUninitialized {
parentAddress = _parentAddress;
this.flush();
}
/**
* Modifier that will execute internal code block only if the sender is the parent address
*/
modifier onlyParent {
require(msg.sender == parentAddress, "Only Parent");
_;
}
/**
* Modifier that will execute internal code block only if the contract has not been initialized yet
*/
modifier onlyUninitialized {
require(parentAddress == address(0x0), "Already initialized");
_;
}
/**
* Default function; Gets called when data is sent but does not match any other function
*/
fallback() external payable {
this.flush();
}
/**
* Default function; Gets called when Ether is deposited with no data, and forwards it to the parent address
*/
receive() external payable {
this.flush();
}
/**
* Execute a token transfer of the full balance from the forwarder token to the parent address
* @param tokenContractAddress the address of the erc20 token contract
*/
function flushTokens(address tokenContractAddress) external onlyParent {
ERC20Interface instance = ERC20Interface(tokenContractAddress);
address forwarderAddress = address(this);
uint256 forwarderBalance = instance.balanceOf(forwarderAddress);
if (forwarderBalance == 0) {
return;
}
require(
instance.transfer(parentAddress, forwarderBalance),
"Token flush failed"
);
}
/**
* Flush the entire balance of the contract to the parent address.
*/
function flush() external {
uint256 value = address(this).balance;
if (value == 0) {
return;
}
(bool success, ) = parentAddress.call{ value: value }("");
require(success, "Flush failed");
emit ForwarderDeposited(msg.sender, value, msg.data);
}
}
/**
*
* WalletSimple
* ============
*
* Basic multi-signer wallet designed for use in a co-signing environment where 2 signatures are required to move funds.
* Typically used in a 2-of-3 signing configuration. Uses ecrecover to allow for 2 signatures in a single transaction.
*
* The first signature is created on the operation hash (see Data Formats) and passed to sendMultiSig/sendMultiSigToken
* The signer is determined by verifyMultiSig().
*
* The second signature is created by the submitter of the transaction and determined by msg.signer.
*
* Data Formats
* ============
*
* The signature is created with ethereumjs-util.ecsign(operationHash).
* Like the eth_sign RPC call, it packs the values as a 65-byte array of [r, s, v].
* Unlike eth_sign, the message is not prefixed.
*
* The operationHash the result of keccak256(prefix, toAddress, value, data, expireTime).
* For ether transactions, `prefix` is "ETHER".
* For token transaction, `prefix` is "ERC20" and `data` is the tokenContractAddress.
*
*
*/
contract WalletSimple {
// Events
event Deposited(address from, uint256 value, bytes data);
event SafeModeActivated(address msgSender);
event Transacted(
address msgSender, // Address of the sender of the message initiating the transaction
address otherSigner, // Address of the signer (second signature) used to initiate the transaction
bytes32 operation, // Operation hash (see Data Formats)
address toAddress, // The address the transaction was sent to
uint256 value, // Amount of Wei sent to the address
bytes data // Data sent when invoking the transaction
);
event BatchTransfer(address sender, address recipient, uint256 value);
// this event shows the other signer and the operation hash that they signed
// specific batch transfer events are emitted in Batcher
event BatchTransacted(
address msgSender, // Address of the sender of the message initiating the transaction
address otherSigner, // Address of the signer (second signature) used to initiate the transaction
bytes32 operation // Operation hash (see Data Formats)
);
// Public fields
mapping(address => bool) public signers; // The addresses that can co-sign transactions on the wallet
bool public safeMode = false; // When active, wallet may only send to signer addresses
bool public initialized = false; // True if the contract has been initialized
// Internal fields
uint256 private lastSequenceId;
uint256 private constant MAX_SEQUENCE_ID_INCREASE = 10000;
/**
* Set up a simple multi-sig wallet by specifying the signers allowed to be used on this wallet.
* 2 signers will be required to send a transaction from this wallet.
* Note: The sender is NOT automatically added to the list of signers.
* Signers CANNOT be changed once they are set
*
* @param allowedSigners An array of signers on the wallet
*/
function init(address[] calldata allowedSigners) external onlyUninitialized {
require(allowedSigners.length == 3, "Invalid number of signers");
for (uint8 i = 0; i < allowedSigners.length; i++) {
require(allowedSigners[i] != address(0), "Invalid signer");
signers[allowedSigners[i]] = true;
}
initialized = true;
}
/**
* Get the network identifier that signers must sign over
* This provides protection signatures being replayed on other chains
* This must be a virtual function because chain-specific contracts will need
* to override with their own network ids. It also can't be a field
* to allow this contract to be used by proxy with delegatecall, which will
* not pick up on state variables
*/
function getNetworkId() internal virtual pure returns (string memory) {
return "ETHER";
}
/**
* Get the network identifier that signers must sign over for token transfers
* This provides protection signatures being replayed on other chains
* This must be a virtual function because chain-specific contracts will need
* to override with their own network ids. It also can't be a field
* to allow this contract to be used by proxy with delegatecall, which will
* not pick up on state variables
*/
function getTokenNetworkId() internal virtual pure returns (string memory) {
return "ERC20";
}
/**
* Get the network identifier that signers must sign over for batch transfers
* This provides protection signatures being replayed on other chains
* This must be a virtual function because chain-specific contracts will need
* to override with their own network ids. It also can't be a field
* to allow this contract to be used by proxy with delegatecall, which will
* not pick up on state variables
*/
function getBatchNetworkId() internal virtual pure returns (string memory) {
return "ETHER-Batch";
}
/**
* Determine if an address is a signer on this wallet
* @param signer address to check
* returns boolean indicating whether address is signer or not
*/
function isSigner(address signer) public view returns (bool) {
return signers[signer];
}
/**
* Modifier that will execute internal code block only if the sender is an authorized signer on this wallet
*/
modifier onlySigner {
require(isSigner(msg.sender), "Non-signer in onlySigner method");
_;
}
/**
* Modifier that will execute internal code block only if the contract has not been initialized yet
*/
modifier onlyUninitialized {
require(!initialized, "Contract already initialized");
_;
}
/**
* Gets called when a transaction is received with data that does not match any other method
*/
fallback() external payable {
if (msg.value > 0) {
// Fire deposited event if we are receiving funds
Deposited(msg.sender, msg.value, msg.data);
}
}
/**
* Gets called when a transaction is received with ether and no data
*/
receive() external payable {
if (msg.value > 0) {
// Fire deposited event if we are receiving funds
Deposited(msg.sender, msg.value, msg.data);
}
}
/**
* Execute a multi-signature transaction from this wallet using 2 signers: one from msg.sender and the other from ecrecover.
* Sequence IDs are numbers starting from 1. They are used to prevent replay attacks and may not be repeated.
*
* @param toAddress the destination address to send an outgoing transaction
* @param value the amount in Wei to be sent
* @param data the data to send to the toAddress when invoking the transaction
* @param expireTime the number of seconds since 1970 for which this transaction is valid
* @param sequenceId the unique sequence id obtainable from getNextSequenceId
* @param signature see Data Formats
*/
function sendMultiSig(
address toAddress,
uint256 value,
bytes calldata data,
uint256 expireTime,
uint256 sequenceId,
bytes calldata signature
) external onlySigner {
// Verify the other signer
bytes32 operationHash = keccak256(
abi.encodePacked(
getNetworkId(),
toAddress,
value,
data,
expireTime,
sequenceId
)
);
address otherSigner = verifyMultiSig(
toAddress,
operationHash,
signature,
expireTime,
sequenceId
);
// Success, send the transaction
(bool success, ) = toAddress.call{ value: value }(data);
require(success, "Call execution failed");
emit Transacted(
msg.sender,
otherSigner,
operationHash,
toAddress,
value,
data
);
}
/**
* Execute a batched multi-signature transaction from this wallet using 2 signers: one from msg.sender and the other from ecrecover.
* Sequence IDs are numbers starting from 1. They are used to prevent replay attacks and may not be repeated.
* The recipients and values to send are encoded in two arrays, where for index i, recipients[i] will be sent values[i].
*
* @param recipients The list of recipients to send to
* @param values The list of values to send to
* @param expireTime the number of seconds since 1970 for which this transaction is valid
* @param sequenceId the unique sequence id obtainable from getNextSequenceId
* @param signature see Data Formats
*/
function sendMultiSigBatch(
address[] calldata recipients,
uint256[] calldata values,
uint256 expireTime,
uint256 sequenceId,
bytes calldata signature
) external onlySigner {
require(recipients.length != 0, "Not enough recipients");
require(
recipients.length == values.length,
"Unequal recipients and values"
);
require(recipients.length < 256, "Too many recipients, max 255");
// Verify the other signer
bytes32 operationHash = keccak256(
abi.encodePacked(
getBatchNetworkId(),
recipients,
values,
expireTime,
sequenceId
)
);
// the first parameter (toAddress) is used to ensure transactions in safe mode only go to a signer
// if in safe mode, we should use normal sendMultiSig to recover, so this check will always fail if in safe mode
require(!safeMode, "Batch in safe mode");
address otherSigner = verifyMultiSig(
address(0x0),
operationHash,
signature,
expireTime,
sequenceId
);
batchTransfer(recipients, values);
emit BatchTransacted(msg.sender, otherSigner, operationHash);
}
/**
* Transfer funds in a batch to each of recipients
* @param recipients The list of recipients to send to
* @param values The list of values to send to recipients.
* The recipient with index i in recipients array will be sent values[i].
* Thus, recipients and values must be the same length
*/
function batchTransfer(
address[] calldata recipients,
uint256[] calldata values
) internal {
for (uint256 i = 0; i < recipients.length; i++) {
require(address(this).balance >= values[i], "Insufficient funds");
(bool success, ) = recipients[i].call{ value: values[i] }("");
require(success, "Call failed");
emit BatchTransfer(msg.sender, recipients[i], values[i]);
}
}
/**
* Execute a multi-signature token transfer from this wallet using 2 signers: one from msg.sender and the other from ecrecover.
* Sequence IDs are numbers starting from 1. They are used to prevent replay attacks and may not be repeated.
*
* @param toAddress the destination address to send an outgoing transaction
* @param value the amount in tokens to be sent
* @param tokenContractAddress the address of the erc20 token contract
* @param expireTime the number of seconds since 1970 for which this transaction is valid
* @param sequenceId the unique sequence id obtainable from getNextSequenceId
* @param signature see Data Formats
*/
function sendMultiSigToken(
address toAddress,
uint256 value,
address tokenContractAddress,
uint256 expireTime,
uint256 sequenceId,
bytes calldata signature
) external onlySigner {
// Verify the other signer
bytes32 operationHash = keccak256(
abi.encodePacked(
getTokenNetworkId(),
toAddress,
value,
tokenContractAddress,
expireTime,
sequenceId
)
);
verifyMultiSig(
toAddress,
operationHash,
signature,
expireTime,
sequenceId
);
ERC20Interface instance = ERC20Interface(tokenContractAddress);
require(instance.transfer(toAddress, value), "ERC20 Transfer call failed");
}
/**
* Execute a token flush from one of the forwarder addresses. This transfer needs only a single signature and can be done by any signer
*
* @param forwarderAddress the address of the forwarder address to flush the tokens from
* @param tokenContractAddress the address of the erc20 token contract
*/
function flushForwarderTokens(
address payable forwarderAddress,
address tokenContractAddress
) external onlySigner {
Forwarder forwarder = Forwarder(forwarderAddress);
forwarder.flushTokens(tokenContractAddress);
}
/**
* Do common multisig verification for both eth sends and erc20token transfers
*
* @param toAddress the destination address to send an outgoing transaction
* @param operationHash see Data Formats
* @param signature see Data Formats
* @param expireTime the number of seconds since 1970 for which this transaction is valid
* @param sequenceId the unique sequence id obtainable from getNextSequenceId
* returns address that has created the signature
*/
function verifyMultiSig(
address toAddress,
bytes32 operationHash,
bytes calldata signature,
uint256 expireTime,
uint256 sequenceId
) private returns (address) {
address otherSigner = recoverAddressFromSignature(operationHash, signature);
// Verify if we are in safe mode. In safe mode, the wallet can only send to signers
require(!safeMode || isSigner(toAddress), "External transfer in safe mode");
// Verify that the transaction has not expired
require(expireTime >= block.timestamp, "Transaction expired");
// Try to insert the sequence ID. Will revert if the sequence id was invalid
tryUpdateSequenceId(sequenceId);
require(isSigner(otherSigner), "Invalid signer");
require(otherSigner != msg.sender, "Signers cannot be equal");
return otherSigner;
}
/**
* Irrevocably puts contract into safe mode. When in this mode, transactions may only be sent to signing addresses.
*/
function activateSafeMode() external onlySigner {
safeMode = true;
SafeModeActivated(msg.sender);
}
/**
* Gets signer's address using ecrecover
* @param operationHash see Data Formats
* @param signature see Data Formats
* returns address recovered from the signature
*/
function recoverAddressFromSignature(
bytes32 operationHash,
bytes memory signature
) private pure returns (address) {
require(signature.length == 65, "Invalid signature - wrong length");
// We need to unpack the signature, which is given as an array of 65 bytes (like eth.sign)
bytes32 r;
bytes32 s;
uint8 v;
// solhint-disable-next-line
assembly {
r := mload(add(signature, 32))
s := mload(add(signature, 64))
v := and(mload(add(signature, 65)), 255)
}
if (v < 27) {
v += 27; // Ethereum versions are 27 or 28 as opposed to 0 or 1 which is submitted by some signing libs
}
// protect against signature malleability
// S value must be in the lower half orader
// reference: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/051d340171a93a3d401aaaea46b4b62fa81e5d7c/contracts/cryptography/ECDSA.sol#L53
require(uint256(s) <= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, "ECDSA: invalid signature 's' value");
// note that this returns 0 if the signature is invalid
// Since 0x0 can never be a signer, when the recovered signer address
// is checked against our signer list, that 0x0 will cause an invalid signer failure
return ecrecover(operationHash, v, r, s);
}
/**
* Verify that the sequence id is greater than the currently stored value and updates the stored value.
* By requiring sequence IDs to always increase, we ensure that the same signature can't be used twice.
* @param sequenceId The new sequenceId to use
*/
function tryUpdateSequenceId(uint256 sequenceId) private onlySigner {
require(sequenceId > lastSequenceId, "sequenceId is too low");
// Block sequence IDs which are much higher than the current
// This prevents people blocking the contract by using very large sequence IDs quickly
require(
sequenceId <= lastSequenceId + MAX_SEQUENCE_ID_INCREASE,
"sequenceId is too high"
);
lastSequenceId = sequenceId;
}
/**
* Gets the next available sequence ID for signing when using executeAndConfirm
* returns the sequenceId one higher than the one currently stored
*/
function getNextSequenceId() external view returns (uint256) {
return lastSequenceId + 1;
}
}