Transaction Hash:
Block:
12476927 at May-21-2021 09:34:45 AM +UTC
Transaction Fee:
0.00304695 ETH
$6.54
Gas Used:
67,710 Gas / 45 Gwei
Emitted Events:
| 320 |
DOOR.0xcab1cf17c190e4e2195a7b8f7b362023246fa774390432b4704ab6b29d56b07b( 0xcab1cf17c190e4e2195a7b8f7b362023246fa774390432b4704ab6b29d56b07b, 000000000000000000000000b82cc6f86f31fca599dcd4224d9b9905caea2e26, 0051d6832c31d5306dbdee122e1fb8bbd9f98ca78ebfe0f131e45baefbcc2fde, 000000000000000000000000dec3061a9c7038bcb92bccbbbb86578d2bbd0d4c )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x5FDCCA53...1058e27e9 | (Immutable X: Bridge) | ||||
| 0xDec3061A...D2bBD0d4c |
3.68945765859005741 Eth
Nonce: 1118
|
3.68641070859005741 Eth
Nonce: 1119
| 0.00304695 | ||
|
0xF20b3387...902360704
Miner
| (F2Pool) | 4,362.374440681686775153 Eth | 4,362.377487631686775153 Eth | 0.00304695 |
Execution Trace
DOOR.dd2414d4( )
StarkExchange.dd2414d4( )TokensAndRamping.registerUser( ethKey=0xb82Cc6F86F31fCa599dCD4224d9B9905CAeA2e26, starkKey=144595122372516554119446588696537016879627893485520113516935754319479451614, signature=0xE2EC2214C0FB83F7090A7F47669352C22EF0A68109B670966B8FEA3148D55C986F732B7F0C9FB993BF83443F7C37322C6B250A42D0F0787391F019CD0382E7E81B )-
Null: 0x000...005.00000000( ) -
Null: 0x000...001.52ba9fe8( )
-
File 1 of 3: DOOR
File 2 of 3: StarkExchange
File 3 of 3: TokensAndRamping
// File: node_modules\@openzeppelin\contracts\token\ERC20\IERC20.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
/*
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691
return msg.data;
}
}
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20 is Context, IERC20, IERC20Metadata {
mapping (address => uint256) private _balances;
mapping (address => mapping (address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* The defaut value of {decimals} is 18. To select a different value for
* {decimals} you should overload it.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor (string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5,05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the value {ERC20} uses, unless this function is
* overridden;
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual override returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(_msgSender(), recipient, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
_approve(_msgSender(), spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* Requirements:
*
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for ``sender``'s tokens of at least
* `amount`.
*/
function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(sender, recipient, amount);
uint256 currentAllowance = _allowances[sender][_msgSender()];
require(currentAllowance >= amount, "ERC20: transfer amount exceeds allowance");
_approve(sender, _msgSender(), currentAllowance - amount);
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender] + addedValue);
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
uint256 currentAllowance = _allowances[_msgSender()][spender];
require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
_approve(_msgSender(), spender, currentAllowance - subtractedValue);
return true;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/
function _transfer(address sender, address recipient, uint256 amount) internal virtual {
require(sender != address(0), "ERC20: transfer from the zero address");
require(recipient != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(sender, recipient, amount);
uint256 senderBalance = _balances[sender];
require(senderBalance >= amount, "ERC20: transfer amount exceeds balance");
_balances[sender] = senderBalance - amount;
_balances[recipient] += amount;
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `to` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
_beforeTokenTransfer(address(0), account, amount);
_totalSupply += amount;
_balances[account] += amount;
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: burn from the zero address");
_beforeTokenTransfer(account, address(0), amount);
uint256 accountBalance = _balances[account];
require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
_balances[account] = accountBalance - amount;
_totalSupply -= amount;
emit Transfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 amount) internal virtual {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be to transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual { }
}
contract DOOR is ERC20 {
constructor() ERC20("DOOR", "DOOR") {
uint256 initialSupply = 4000000000 * (10 ** 18);
_mint(msg.sender, initialSupply);
}
}File 2 of 3: StarkExchange
{"Common.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Common Utility librarries.\n I. Addresses (extending address).\n*/\nlibrary Addresses {\n function isContract(address account) internal view returns (bool) {\n uint256 size;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n size := extcodesize(account)\n }\n return size \u003e 0;\n }\n\n function performEthTransfer(address recipient, uint256 amount) internal {\n // solium-disable-next-line security/no-call-value\n (bool success, ) = recipient.call.value(amount)(\"\"); // NOLINT: low-level-calls.\n require(success, \"ETH_TRANSFER_FAILED\");\n }\n\n /*\n Safe wrapper around ERC20/ERC721 calls.\n This is required because many deployed ERC20 contracts don\u0027t return a value.\n See https://github.com/ethereum/solidity/issues/4116.\n */\n function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {\n require(isContract(tokenAddress), \"BAD_TOKEN_ADDRESS\");\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = tokenAddress.call(callData);\n // solium-disable-previous-line security/no-low-level-calls\n require(success, string(returndata));\n\n if (returndata.length \u003e 0) {\n require(abi.decode(returndata, (bool)), \"TOKEN_OPERATION_FAILED\");\n }\n }\n\n /*\n Similar to safeTokenContractCall, but always ignores the return value.\n\n Assumes some other method is used to detect the failures\n (e.g. balance is checked before and after the call).\n */\n function uncheckedTokenContractCall(address tokenAddress, bytes memory callData) internal {\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = tokenAddress.call(callData);\n // solium-disable-previous-line security/no-low-level-calls\n require(success, string(returndata));\n }\n\n}\n\n/*\n II. StarkExTypes - Common data types.\n*/\nlibrary StarkExTypes {\n\n // Structure representing a list of verifiers (validity/availability).\n // A statement is valid only if all the verifiers in the list agree on it.\n // Adding a verifier to the list is immediate - this is used for fast resolution of\n // any soundness issues.\n // Removing from the list is time-locked, to ensure that any user of the system\n // not content with the announced removal has ample time to leave the system before it is\n // removed.\n struct ApprovalChainData {\n address[] list;\n // Represents the time after which the verifier with the given address can be removed.\n // Removal of the verifier with address A is allowed only in the case the value\n // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] \u003c (current time).\n mapping (address =\u003e uint256) unlockedForRemovalTime;\n }\n\n}\n"},"GovernanceStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n\n struct GovernanceInfoStruct {\n mapping (address =\u003e bool) effectiveGovernors;\n address candidateGovernor;\n bool initialized;\n }\n\n // A map from a Governor tag to its own GovernanceInfoStruct.\n mapping (string =\u003e GovernanceInfoStruct) internal governanceInfo;\n}\n"},"Identity.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract Identity {\n\n /*\n Allows a caller, typically another contract,\n to ensure that the provided address is of the expected type and version.\n */\n function identify()\n external pure\n returns(string memory);\n}\n"},"IDispatcher.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Interface for generic dispatcher to use,\n which the concrete dispatcher must implement.\n\n I contains the functions that are specific to the concrete dispatcher instance.\n\n The interface is implemented as contract, because interface implies all methods external.\n*/\ncontract IDispatcher {\n\n function getSubContract(bytes4 selector) internal view returns (address);\n\n function setSubContractAddress(uint256 index, address subContract) internal;\n\n function getNumSubcontracts() internal pure returns (uint256);\n\n function validateSubContractIndex(uint256 index, address subContract) internal pure;\n\n /*\n Ensures initializer can be called. Reverts otherwise.\n */\n function initializationSentinel() internal view;\n}\n"},"IFactRegistry.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n The Fact Registry design pattern is a way to separate cryptographic verification from the\n business logic of the contract flow.\n\n A fact registry holds a hash table of verified \"facts\" which are represented by a hash of claims\n that the registry hash check and found valid. This table may be queried by accessing the\n isValid() function of the registry with a given hash.\n\n In addition, each fact registry exposes a registry specific function for submitting new claims\n together with their proofs. The information submitted varies from one registry to the other\n depending of the type of fact requiring verification.\n\n For further reading on the Fact Registry design pattern see this\n `StarkWare blog post \u003chttps://medium.com/starkware/the-fact-registry-a64aafb598b6\u003e`_.\n*/\ncontract IFactRegistry {\n /*\n Returns true if the given fact was previously registered in the contract.\n */\n function isValid(bytes32 fact)\n external view\n returns(bool);\n}\n"},"MainDispatcher.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"SubContractor.sol\";\nimport \"IDispatcher.sol\";\nimport \"Common.sol\";\nimport \"StorageSlots.sol\";\n\n\ncontract MainDispatcher is IDispatcher, StorageSlots {\n\n using Addresses for address;\n\n function() external payable {\n address subContractAddress = getSubContract(msg.sig);\n require(subContractAddress != address(0x0), \"NO_CONTRACT_FOR_FUNCTION\");\n\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n // Copy msg.data. We take full control of memory in this inline assembly\n // block because it will not return to Solidity code. We overwrite the\n // Solidity scratch pad at memory position 0.\n calldatacopy(0, 0, calldatasize)\n\n // Call the implementation.\n // out and outsize are 0 for now, as we don\"t know the out size yet.\n let result := delegatecall(gas, subContractAddress, 0, calldatasize, 0, 0)\n\n // Copy the returned data.\n returndatacopy(0, 0, returndatasize)\n\n switch result\n // delegatecall returns 0 on error.\n case 0 {\n revert(0, returndatasize)\n }\n default {\n return(0, returndatasize)\n }\n }\n }\n\n /*\n 1. Extract subcontracts.\n 2. Verify correct sub-contract initializer size.\n 3. Extract sub-contract initializer data.\n 4. Call sub-contract initializer.\n\n The init data bytes passed to initialize are structed as following:\n I. N slots (uin256 size) addresses of the deployed sub-contracts.\n II. An address of an external initialization contract (optional, or ZERO_ADDRESS).\n III. (Up to) N bytes sections of the sub-contracts initializers.\n\n If already initialized (i.e. upgrade) we expect the init data to be consistent with this.\n and if a different size of init data is expected when upgrading, the initializerSize should\n reflect this.\n\n If an external initializer contract is not used, ZERO_ADDRESS is passed in its slot.\n If the external initializer contract is used, all the remaining init data is passed to it,\n and internal initialization will not occur.\n\n External Initialization Contract\n --------------------------------\n External Initialization Contract (EIC) is a hook for custom initialization.\n Typically in an upgrade flow, the expected initialization contains only the addresses of\n the sub-contracts. Normal initialization of the sub-contracts is such that is not needed\n in an upgrade, and actually may be very dangerous, as changing of state on a working system\n may corrupt it.\n\n In the event that some state initialization is required, the EIC is a hook that allows this.\n It may be deployed and called specifically for this purpose.\n\n The address of the EIC must be provided (if at all) when a new implementation is added to\n a Proxy contract (as part of the initialization vector).\n Hence, it is considered part of the code open to reviewers prior to a time-locked upgrade.\n\n When a custom initialization is performed using an EIC,\n the main dispatcher initialize extracts and stores the sub-contracts addresses, and then\n yields to the EIC, skipping the rest of its initialization code.\n\n\n Flow of MainDispatcher initialize\n ---------------------------------\n 1. Extraction and assignment of subcontracts addresses\n Main dispatcher expects a valid and consistent set of addresses in the passed data.\n It validates that, extracts the addresses from the data, and validates that the addresses\n are of the expected type and order. Then those addresses are stored.\n\n 2. Extraction of EIC address\n The address of the EIC is extracted from the data.\n External Initializer Contract is optional. ZERO_ADDRESS indicates it is not used.\n\n 3a. EIC is used\n Dispatcher calls the EIC initialize function with the remaining data.\n Note - In this option 3b is not performed.\n\n 3b. EIC is not used\n If there is additional initialization data then:\n I. Sentitenl function is called to permit subcontracts initialization.\n II. Dispatcher loops through the subcontracts and for each one it extracts the\n initializing data and passes it to the subcontract\u0027s initialize function.\n\n */\n // NOLINTNEXTLINE: external-function.\n function initialize(bytes memory data) public {\n // Number of sub-contracts.\n uint256 nSubContracts = getNumSubcontracts();\n\n // We support currently 4 bits per contract, i.e. 16, reserving 00 leads to 15.\n require(nSubContracts \u003c= 15, \"TOO_MANY_SUB_CONTRACTS\");\n\n // Init data MUST include addresses for all sub-contracts.\n require(data.length \u003e= 32 * (nSubContracts + 1), \"SUB_CONTRACTS_NOT_PROVIDED\");\n\n // Ensure implementation is a valid contract.\n require(implementation().isContract(), \"INVALID_IMPLEMENTATION\");\n\n // Size of passed data, excluding sub-contract addresses.\n uint256 additionalDataSize = data.length - 32 * (nSubContracts + 1);\n\n // Sum of subcontract initializers. Aggregated for verification near the end.\n uint256 totalInitSizes = 0;\n\n // Offset (within data) of sub-contract initializer vector.\n // Just past the sub-contract addresses.\n uint256 initDataContractsOffset = 32 * (nSubContracts + 1);\n\n // 1. Extract \u0026 update contract addresses.\n for (uint256 nContract = 1; nContract \u003c= nSubContracts; nContract++) {\n address contractAddress;\n\n // Extract sub-contract address.\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n contractAddress := mload(add(data, mul(32, nContract)))\n }\n\n validateSubContractIndex(nContract, contractAddress);\n\n // Contracts are indexed from 1 and 0 is not in use here.\n setSubContractAddress(nContract, contractAddress);\n }\n\n // Check if we have an external initializer contract.\n address externalInitializerAddr;\n\n // 2. Extract sub-contract address, again. It\u0027s cheaper than reading from storage.\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n externalInitializerAddr := mload(add(data, mul(32, add(nSubContracts, 1))))\n }\n\n // 3(a). Yield to EIC initialization.\n if (externalInitializerAddr != address(0x0)) {\n callExternalInitializer(data, externalInitializerAddr, additionalDataSize);\n return;\n }\n\n // 3(b). Subcontracts initialization.\n // I. If no init data passed besides sub-contracts, return.\n if (additionalDataSize == 0) {\n return;\n }\n\n // Just to be on the safe side.\n assert(externalInitializerAddr == address(0x0));\n\n // II. Gate further initialization.\n initializationSentinel();\n\n // III. Loops through the subcontracts, extracts their data and calls their initializer.\n for (uint256 nContract = 1; nContract \u003c= nSubContracts; nContract++) {\n address contractAddress;\n\n // Extract sub-contract address, again. It\u0027s cheaper than reading from storage.\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n contractAddress := mload(add(data, mul(32, nContract)))\n }\n // The initializerSize returns the expected size, with respect also to the state status.\n // i.e. different size if it\u0027s a first init (clean state) or upgrade init (alive state).\n // NOLINTNEXTLINE: calls-loop.\n\n // The initializerSize is called via delegatecall, so that it can relate to the state,\n // and not only to the new contract code. (e.g. return 0 if state-intialized else 192).\n // solium-disable-next-line security/no-low-level-calls\n // NOLINTNEXTLINE: reentrancy-events low-level-calls calls-loop.\n (bool success, bytes memory returndata) = contractAddress.delegatecall(\n abi.encodeWithSelector(SubContractor(contractAddress).initializerSize.selector));\n require(success, string(returndata));\n uint256 initSize = abi.decode(returndata, (uint256));\n require(initSize \u003c= additionalDataSize, \"INVALID_INITIALIZER_SIZE\");\n require(totalInitSizes + initSize \u003c= additionalDataSize, \"INVALID_INITIALIZER_SIZE\");\n\n if (initSize == 0) {\n continue;\n }\n\n // Extract sub-contract init vector.\n bytes memory subContractInitData = new bytes(initSize);\n for (uint256 trgOffset = 32; trgOffset \u003c= initSize; trgOffset += 32) {\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n mstore(\n add(subContractInitData, trgOffset),\n mload(add(add(data, trgOffset), initDataContractsOffset))\n )\n }\n }\n\n // Call sub-contract initializer.\n // solium-disable-next-line security/no-low-level-calls\n // NOLINTNEXTLINE: low-level-calls.\n (success, returndata) = contractAddress.delegatecall(\n abi.encodeWithSelector(this.initialize.selector, subContractInitData)\n );\n require(success, string(returndata));\n totalInitSizes += initSize;\n initDataContractsOffset += initSize;\n }\n require(\n additionalDataSize == totalInitSizes,\n \"MISMATCHING_INIT_DATA_SIZE\");\n }\n\n function callExternalInitializer(\n bytes memory data,\n address externalInitializerAddr,\n uint256 dataSize)\n private {\n require(externalInitializerAddr.isContract(), \"NOT_A_CONTRACT\");\n require(dataSize \u003c= data.length, \"INVALID_DATA_SIZE\");\n bytes memory extInitData = new bytes(dataSize);\n\n // Prepare memcpy pointers.\n uint256 srcDataOffset = 32 + data.length - dataSize;\n uint256 srcData;\n uint256 trgData;\n\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n srcData := add(data, srcDataOffset)\n trgData := add(extInitData, 32)\n }\n\n // Copy initializer data to be passed to the EIC.\n for (uint256 seek = 0; seek \u003c dataSize; seek += 32) {\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n mstore(\n add(trgData, seek),\n mload(add(srcData, seek))\n )\n }\n }\n\n // solium-disable-next-line security/no-low-level-calls\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = externalInitializerAddr.delegatecall(\n abi.encodeWithSelector(this.initialize.selector, extInitData)\n );\n require(success, string(returndata));\n require(returndata.length == 0, string(returndata));\n }\n}\n"},"MainStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"IFactRegistry.sol\";\nimport \"ProxyStorage.sol\";\nimport \"Common.sol\";\n/*\n Holds ALL the main contract state (storage) variables.\n*/\ncontract MainStorage is ProxyStorage {\n\n IFactRegistry escapeVerifier_;\n\n // Global dex-frozen flag.\n bool stateFrozen; // NOLINT: constable-states.\n\n // Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze).\n uint256 unFreezeTime; // NOLINT: constable-states.\n\n // Pending deposits.\n // A map STARK key =\u003e asset id =\u003e vault id =\u003e quantized amount.\n mapping (uint256 =\u003e mapping (uint256 =\u003e mapping (uint256 =\u003e uint256))) pendingDeposits;\n\n // Cancellation requests.\n // A map STARK key =\u003e asset id =\u003e vault id =\u003e request timestamp.\n mapping (uint256 =\u003e mapping (uint256 =\u003e mapping (uint256 =\u003e uint256))) cancellationRequests;\n\n // Pending withdrawals.\n // A map STARK key =\u003e asset id =\u003e quantized amount.\n mapping (uint256 =\u003e mapping (uint256 =\u003e uint256)) pendingWithdrawals;\n\n // vault_id =\u003e escape used boolean.\n mapping (uint256 =\u003e bool) escapesUsed;\n\n // Number of escapes that were performed when frozen.\n uint256 escapesUsedCount; // NOLINT: constable-states.\n\n // Full withdrawal requests: stark key =\u003e vaultId =\u003e requestTime.\n // stark key =\u003e vaultId =\u003e requestTime.\n mapping (uint256 =\u003e mapping (uint256 =\u003e uint256)) fullWithdrawalRequests;\n\n // State sequence number.\n uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state.\n\n // Vaults Tree Root \u0026 Height.\n uint256 vaultRoot; // NOLINT: constable-states uninitialized-state.\n uint256 vaultTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n // Order Tree Root \u0026 Height.\n uint256 orderRoot; // NOLINT: constable-states uninitialized-state.\n uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n // True if and only if the address is allowed to add tokens.\n mapping (address =\u003e bool) tokenAdmins;\n\n // True if and only if the address is allowed to register users.\n mapping (address =\u003e bool) userAdmins;\n\n // True if and only if the address is an operator (allowed to update state).\n mapping (address =\u003e bool) operators;\n\n // Mapping of contract ID to asset data.\n mapping (uint256 =\u003e bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state.\n\n // Mapping of registered contract IDs.\n mapping (uint256 =\u003e bool) registeredAssetType; // NOLINT: uninitialized-state.\n\n // Mapping from contract ID to quantum.\n mapping (uint256 =\u003e uint256) assetTypeToQuantum; // NOLINT: uninitialized-state.\n\n // This mapping is no longer in use, remains for backwards compatibility.\n mapping (address =\u003e uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention.\n\n // Mapping from STARK public key to the Ethereum public key of its owner.\n mapping (uint256 =\u003e address) ethKeys; // NOLINT: uninitialized-state.\n\n // Timelocked state transition and availability verification chain.\n StarkExTypes.ApprovalChainData verifiersChain;\n StarkExTypes.ApprovalChainData availabilityVerifiersChain;\n\n // Batch id of last accepted proof.\n uint256 lastBatchId; // NOLINT: constable-states uninitialized-state.\n\n // Mapping between sub-contract index to sub-contract address.\n mapping(uint256 =\u003e address) subContracts; // NOLINT: uninitialized-state.\n\n // Onchain-data version configured for the system.\n // TODO(zuphit,01/01/2021): wrap this with an attribute class.\n uint256 onchainDataVersion; // NOLINT: constable-states uninitialized-state.\n}\n"},"ProxyStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n Holds the Proxy-specific state variables.\n This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n\n // Stores the hash of the initialization vector of the added implementation.\n // Upon upgradeTo the implementation, the initialization vector is verified\n // to be identical to the one submitted when adding the implementation.\n mapping (address =\u003e bytes32) internal initializationHash;\n\n // The time after which we can switch to the implementation.\n mapping (address =\u003e uint256) internal enabledTime;\n\n // A central storage of the flags whether implementation has been initialized.\n // Note - it can be used flexibly enough to accommodate multiple levels of initialization\n // (i.e. using different key salting schemes for different initialization levels).\n mapping (bytes32 =\u003e bool) internal initialized;\n}\n"},"StarkExchange.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MainStorage.sol\";\nimport \"MainDispatcher.sol\";\n\ncontract StarkExchange is MainStorage, MainDispatcher {\n string public constant VERSION = \"2.5.0\";\n\n uint256 constant SUBCONTRACT_BITS = 4;\n\n // Salt for a 7 bit unique spread of all relevant selectors. Pre-calculated.\n // ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------\n uint256 constant MAGIC_SALT = 45733;\n uint256 constant IDX_MAP_0 = 0x201220230201001000221220210222000000020303010211122120200003002;\n uint256 constant IDX_MAP_1 = 0x2100003002200010003000000300100220220203000020000101022100011100;\n // ---------- End of auto-generated code. ----------\n\n function validateSubContractIndex(uint256 index, address subContract) internal pure{\n string memory id = SubContractor(subContract).identify();\n bytes32 hashed_expected_id = keccak256(abi.encodePacked(expectedIdByIndex(index)));\n require(\n hashed_expected_id == keccak256(abi.encodePacked(id)),\n \"MISPLACED_INDEX_OR_BAD_CONTRACT_ID\");\n }\n\n function expectedIdByIndex(uint256 index)\n private pure returns (string memory id) {\n if (index == 1){\n id = \"StarkWare_AllVerifiers_2020_1\";\n } else if (index == 2){\n id = \"StarkWare_TokensAndRamping_2020_1\";\n } else if (index == 3){\n id = \"StarkWare_StarkExState_2020_1\";\n } else {\n revert(\"UNEXPECTED_INDEX\");\n }\n }\n\n function getNumSubcontracts() internal pure returns (uint256) {\n return 3;\n }\n\n function getSubContract(bytes4 selector)\n internal view returns (address) {\n uint256 location = 0x7F \u0026 uint256(keccak256(abi.encodePacked(selector, MAGIC_SALT)));\n uint256 subContractIdx;\n uint256 offset = SUBCONTRACT_BITS * location % 256;\n if (location \u003c 64) {\n subContractIdx = (IDX_MAP_0 \u003e\u003e offset) \u0026 0xF;\n } else {\n subContractIdx = (IDX_MAP_1 \u003e\u003e offset) \u0026 0xF;\n }\n return subContracts[subContractIdx];\n }\n\n function setSubContractAddress(uint256 index, address subContractAddress) internal {\n subContracts[index] = subContractAddress;\n }\n\n function initializationSentinel()\n internal view {\n string memory REVERT_MSG = \"INITIALIZATION_BLOCKED\";\n // This initializer sets roots etc. It must not be applied twice.\n // I.e. it can run only when the state is still empty.\n require(vaultRoot == 0, REVERT_MSG);\n require(vaultTreeHeight == 0, REVERT_MSG);\n require(orderRoot == 0, REVERT_MSG);\n require(orderTreeHeight == 0, REVERT_MSG);\n }\n}\n"},"StorageSlots.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/**\n StorageSlots holds the arbitrary storage slots used throughout the Proxy pattern.\n Storage address slots are a mechanism to define an arbitrary location, that will not be\n overlapped by the logical contracts.\n*/\ncontract StorageSlots {\n /*\n Returns the address of the current implementation.\n */\n // NOLINTNEXTLINE external-function.\n function implementation() public view returns(address _implementation) {\n bytes32 slot = IMPLEMENTATION_SLOT;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n _implementation := sload(slot)\n }\n }\n\n // Storage slot with the address of the current implementation.\n // The address of the slot is keccak256(\"StarkWare2019.implemntation-slot\").\n // We need to keep this variable stored outside of the commonly used space,\n // so that it\u0027s not overrun by the logical implementation (the proxied contract).\n bytes32 internal constant IMPLEMENTATION_SLOT =\n 0x177667240aeeea7e35eabe3a35e18306f336219e1386f7710a6bf8783f761b24;\n\n // This storage slot stores the finalization flag.\n // Once the value stored in this slot is set to non-zero\n // the proxy blocks implementation upgrades.\n // The current implementation is then referred to as Finalized.\n // Web3.solidityKeccak([\u0027string\u0027], [\"StarkWare2019.finalization-flag-slot\"]).\n bytes32 internal constant FINALIZED_STATE_SLOT =\n 0x7d433c6f837e8f93009937c466c82efbb5ba621fae36886d0cac433c5d0aa7d2;\n\n // Storage slot to hold the upgrade delay (time-lock).\n // The intention of this slot is to allow modification using an EIC.\n // Web3.solidityKeccak([\u0027string\u0027], [\u0027StarkWare.Upgradibility.Delay.Slot\u0027]).\n bytes32 public constant UPGRADE_DELAY_SLOT =\n 0xc21dbb3089fcb2c4f4c6a67854ab4db2b0f233ea4b21b21f912d52d18fc5db1f;\n}\n"},"SubContractor.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"Identity.sol\";\n\ncontract SubContractor is Identity {\n\n function initialize(bytes calldata data)\n external;\n\n function initializerSize()\n external view\n returns(uint256);\n\n}\n"}}File 3 of 3: TokensAndRamping
{"AcceptModifications.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"LibConstants.sol\";\nimport \"MAcceptModifications.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"MainStorage.sol\";\n\n/*\n Interface containing actions a verifier can invoke on the state.\n The contract containing the state should implement these and verify correctness.\n*/\ncontract AcceptModifications is\n MainStorage,\n LibConstants,\n MAcceptModifications,\n MTokenQuantization\n{\n event LogWithdrawalAllowed(\n uint256 starkKey,\n uint256 assetType,\n uint256 nonQuantizedAmount,\n uint256 quantizedAmount\n );\n\n event LogNftWithdrawalAllowed(uint256 starkKey, uint256 assetId);\n\n event LogMintableWithdrawalAllowed(\n uint256 starkKey,\n uint256 assetId,\n uint256 quantizedAmount\n );\n\n /*\n Transfers funds from the on-chain deposit area to the off-chain area.\n Implemented in the Deposits contracts.\n */\n function acceptDeposit(\n uint256 starkKey,\n uint256 vaultId,\n uint256 assetId,\n uint256 quantizedAmount\n ) internal {\n // Fetch deposit.\n require(\n pendingDeposits[starkKey][assetId][vaultId] \u003e= quantizedAmount,\n \"DEPOSIT_INSUFFICIENT\"\n );\n\n // Subtract accepted quantized amount.\n pendingDeposits[starkKey][assetId][vaultId] -= quantizedAmount;\n }\n\n /*\n Transfers funds from the off-chain area to the on-chain withdrawal area.\n */\n function allowWithdrawal(\n uint256 starkKey,\n uint256 assetId,\n uint256 quantizedAmount\n )\n internal\n {\n // Fetch withdrawal.\n uint256 withdrawal = pendingWithdrawals[starkKey][assetId];\n\n // Add accepted quantized amount.\n withdrawal += quantizedAmount;\n require(withdrawal \u003e= quantizedAmount, \"WITHDRAWAL_OVERFLOW\");\n\n // Store withdrawal.\n pendingWithdrawals[starkKey][assetId] = withdrawal;\n\n // Log event.\n uint256 presumedAssetType = assetId;\n if (registeredAssetType[presumedAssetType]) {\n emit LogWithdrawalAllowed(\n starkKey,\n presumedAssetType,\n fromQuantized(presumedAssetType, quantizedAmount),\n quantizedAmount\n );\n } else if(assetId == ((assetId \u0026 MASK_240) | MINTABLE_ASSET_ID_FLAG)) {\n emit LogMintableWithdrawalAllowed(\n starkKey,\n assetId,\n quantizedAmount\n );\n }\n else {\n // In ERC721 case, assetId is not the assetType.\n require(withdrawal \u003c= 1, \"INVALID_NFT_AMOUNT\");\n emit LogNftWithdrawalAllowed(starkKey, assetId);\n }\n }\n\n\n // Verifier authorizes withdrawal.\n function acceptWithdrawal(\n uint256 starkKey,\n uint256 assetId,\n uint256 quantizedAmount\n ) internal {\n allowWithdrawal(starkKey, assetId, quantizedAmount);\n }\n\n /*\n Implemented in the FullWithdrawal contracts.\n */\n function clearFullWithdrawalRequest(\n uint256 starkKey,\n uint256 vaultId\n )\n internal\n {\n // Reset escape request.\n fullWithdrawalRequests[starkKey][vaultId] = 0; // NOLINT: reentrancy-benign.\n }\n}\n"},"Common.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Common Utility librarries.\n I. Addresses (extending address).\n*/\nlibrary Addresses {\n function isContract(address account) internal view returns (bool) {\n uint256 size;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n size := extcodesize(account)\n }\n return size \u003e 0;\n }\n\n function performEthTransfer(address recipient, uint256 amount) internal {\n // solium-disable-next-line security/no-call-value\n (bool success, ) = recipient.call.value(amount)(\"\"); // NOLINT: low-level-calls.\n require(success, \"ETH_TRANSFER_FAILED\");\n }\n\n /*\n Safe wrapper around ERC20/ERC721 calls.\n This is required because many deployed ERC20 contracts don\u0027t return a value.\n See https://github.com/ethereum/solidity/issues/4116.\n */\n function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {\n require(isContract(tokenAddress), \"BAD_TOKEN_ADDRESS\");\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = tokenAddress.call(callData);\n // solium-disable-previous-line security/no-low-level-calls\n require(success, string(returndata));\n\n if (returndata.length \u003e 0) {\n require(abi.decode(returndata, (bool)), \"TOKEN_OPERATION_FAILED\");\n }\n }\n\n /*\n Similar to safeTokenContractCall, but always ignores the return value.\n\n Assumes some other method is used to detect the failures\n (e.g. balance is checked before and after the call).\n */\n function uncheckedTokenContractCall(address tokenAddress, bytes memory callData) internal {\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = tokenAddress.call(callData);\n // solium-disable-previous-line security/no-low-level-calls\n require(success, string(returndata));\n }\n\n}\n\n/*\n II. StarkExTypes - Common data types.\n*/\nlibrary StarkExTypes {\n\n // Structure representing a list of verifiers (validity/availability).\n // A statement is valid only if all the verifiers in the list agree on it.\n // Adding a verifier to the list is immediate - this is used for fast resolution of\n // any soundness issues.\n // Removing from the list is time-locked, to ensure that any user of the system\n // not content with the announced removal has ample time to leave the system before it is\n // removed.\n struct ApprovalChainData {\n address[] list;\n // Represents the time after which the verifier with the given address can be removed.\n // Removal of the verifier with address A is allowed only in the case the value\n // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] \u003c (current time).\n mapping (address =\u003e uint256) unlockedForRemovalTime;\n }\n\n}\n"},"Deposits.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"LibConstants.sol\";\nimport \"MAcceptModifications.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"MFreezable.sol\";\nimport \"MKeyGetters.sol\";\nimport \"MOperator.sol\";\nimport \"MTokens.sol\";\nimport \"MainStorage.sol\";\n\n/**\n For a user to perform a deposit to the contract two calls need to take place:\n\n 1. A call to an ERC20 contract, authorizing this contract to transfer funds on behalf of the user.\n 2. A call to :sol:func:`deposit` indicating the starkKey, amount, asset type and target vault ID to which to send the deposit.\n\n The amount should be quantized, according to the specific quantization defined for the asset type.\n\n The result of the operation, assuming all requirements are met, is that an amount of ERC20 tokens\n equaling the amount specified in the :sol:func:`deposit` call times the quantization factor is\n transferred on behalf of the user to the contract. In addition, the contract adds the funds to an\n accumulator of pending deposits for the provided user, asset ID and vault ID.\n\n Once a deposit is made, the exchange may include it in a proof which will result in addition\n of the amount(s) deposited to the off-chain vault with the specified ID. When the contract\n receives such valid proof, it deducts the transfered funds from the pending deposits for the\n specified Stark key, asset ID and vault ID.\n\n The exchange will not be able to move the deposited funds to the off-chain vault if the Stark key\n is not registered in the system.\n\n Until that point, the user may cancel the deposit by performing a time-locked cancel-deposit\n operation consisting of two calls:\n\n 1. A call to :sol:func:`depositCancel`, setting a timer to enable reclaiming the deposit. Until this timer expires the user cannot reclaim funds as the exchange may still be processing the deposit for inclusion in the off chain vault.\n 2. A call to :sol:func:`depositReclaim`, to perform the actual transfer of funds from the contract back to the ERC20 contract. This will only succeed if the timer set in the previous call has expired. The result should be the transfer of all funds not accounted for in proofs for off-chain inclusion, back to the user account on the ERC20 contract.\n\n Calling depositCancel and depositReclaim can only be done via an ethKey that is associated with\n that vault\u0027s starkKey. This is enforced by the contract.\n\n*/\ncontract Deposits is\n MainStorage,\n LibConstants,\n MAcceptModifications,\n MTokenQuantization,\n MTokenAssetData,\n MFreezable,\n MOperator,\n MKeyGetters,\n MTokens\n{\n event LogDeposit(\n address depositorEthKey,\n uint256 starkKey,\n uint256 vaultId,\n uint256 assetType,\n uint256 nonQuantizedAmount,\n uint256 quantizedAmount\n );\n\n event LogNftDeposit(\n address depositorEthKey,\n uint256 starkKey,\n uint256 vaultId,\n uint256 assetType,\n uint256 tokenId,\n uint256 assetId\n );\n\n event LogDepositCancel(uint256 starkKey, uint256 vaultId, uint256 assetId);\n\n event LogDepositCancelReclaimed(\n uint256 starkKey,\n uint256 vaultId,\n uint256 assetType,\n uint256 nonQuantizedAmount,\n uint256 quantizedAmount\n );\n\n event LogDepositNftCancelReclaimed(\n uint256 starkKey,\n uint256 vaultId,\n uint256 assetType,\n uint256 tokenId,\n uint256 assetId\n );\n\n function getDepositBalance(\n uint256 starkKey,\n uint256 assetId,\n uint256 vaultId\n ) external view returns (uint256 balance) {\n uint256 presumedAssetType = assetId;\n balance = fromQuantized(presumedAssetType, pendingDeposits[starkKey][assetId][vaultId]);\n }\n\n function getQuantizedDepositBalance(\n uint256 starkKey,\n uint256 assetId,\n uint256 vaultId\n ) external view returns (uint256 balance) {\n balance = pendingDeposits[starkKey][assetId][vaultId];\n }\n\n function depositNft(\n uint256 starkKey,\n uint256 assetType,\n uint256 vaultId,\n uint256 tokenId\n ) external notFrozen()\n {\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n // starkKey must be registered.\n require(ethKeys[starkKey] != ZERO_ADDRESS, \"INVALID_STARK_KEY\");\n require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n uint256 assetId = calculateNftAssetId(assetType, tokenId);\n\n // Update the balance.\n pendingDeposits[starkKey][assetId][vaultId] = 1;\n\n // Disable the cancellationRequest timeout when users deposit into their own account.\n if (isMsgSenderStarkKeyOwner(starkKey) \u0026\u0026\n cancellationRequests[starkKey][assetId][vaultId] != 0) {\n delete cancellationRequests[starkKey][assetId][vaultId];\n }\n\n // Transfer the tokens to the Deposit contract.\n transferInNft(assetType, tokenId);\n\n // Log event.\n emit LogNftDeposit(msg.sender, starkKey, vaultId, assetType, tokenId, assetId);\n }\n\n function getCancellationRequest(\n uint256 starkKey,\n uint256 assetId,\n uint256 vaultId\n ) external view returns (uint256 request) {\n request = cancellationRequests[starkKey][assetId][vaultId];\n }\n\n function depositERC20(\n uint256 starkKey,\n uint256 assetType,\n uint256 vaultId,\n uint256 quantizedAmount\n ) external\n {\n deposit(starkKey, assetType, vaultId, quantizedAmount);\n }\n\n function depositEth( // NOLINT: locked-ether.\n uint256 starkKey,\n uint256 assetType,\n uint256 vaultId\n ) external payable {\n require(isEther(assetType), \"INVALID_ASSET_TYPE\");\n deposit(starkKey, assetType, vaultId, toQuantized(assetType, msg.value));\n }\n\n function deposit(\n uint256 starkKey,\n uint256 assetType,\n uint256 vaultId,\n uint256 quantizedAmount\n ) public notFrozen()\n {\n // No need to verify amount \u003e 0, a deposit with amount = 0 can be used to undo cancellation.\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n // starkKey must be registered.\n require(ethKeys[starkKey] != ZERO_ADDRESS, \"INVALID_STARK_KEY\");\n require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n uint256 assetId = assetType;\n\n // Update the balance.\n pendingDeposits[starkKey][assetId][vaultId] += quantizedAmount;\n require(\n pendingDeposits[starkKey][assetId][vaultId] \u003e= quantizedAmount,\n \"DEPOSIT_OVERFLOW\"\n );\n\n // Disable the cancellationRequest timeout when users deposit into their own account.\n if (isMsgSenderStarkKeyOwner(starkKey) \u0026\u0026\n cancellationRequests[starkKey][assetId][vaultId] != 0) {\n delete cancellationRequests[starkKey][assetId][vaultId];\n }\n\n // Transfer the tokens to the Deposit contract.\n transferIn(assetType, quantizedAmount);\n\n // Log event.\n emit LogDeposit(\n msg.sender,\n starkKey,\n vaultId,\n assetType,\n fromQuantized(assetType, quantizedAmount),\n quantizedAmount\n );\n }\n\n function deposit( // NOLINT: locked-ether.\n uint256 starkKey,\n uint256 assetType,\n uint256 vaultId\n ) external payable {\n require(isEther(assetType), \"INVALID_ASSET_TYPE\");\n deposit(starkKey, assetType, vaultId, toQuantized(assetType, msg.value));\n }\n\n function depositCancel(\n uint256 starkKey,\n uint256 assetId,\n uint256 vaultId\n )\n external\n isSenderStarkKey(starkKey)\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n\n // Start the timeout.\n // solium-disable-next-line security/no-block-members\n cancellationRequests[starkKey][assetId][vaultId] = now;\n\n // Log event.\n emit LogDepositCancel(starkKey, vaultId, assetId);\n }\n\n function depositReclaim(\n uint256 starkKey,\n uint256 assetId,\n uint256 vaultId\n )\n external\n isSenderStarkKey(starkKey)\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n uint256 assetType = assetId;\n\n // Make sure enough time has passed.\n uint256 requestTime = cancellationRequests[starkKey][assetId][vaultId];\n require(requestTime != 0, \"DEPOSIT_NOT_CANCELED\");\n uint256 freeTime = requestTime + DEPOSIT_CANCEL_DELAY;\n assert(freeTime \u003e= DEPOSIT_CANCEL_DELAY);\n // solium-disable-next-line security/no-block-members\n require(now \u003e= freeTime, \"DEPOSIT_LOCKED\"); // NOLINT: timestamp.\n\n // Clear deposit.\n uint256 quantizedAmount = pendingDeposits[starkKey][assetId][vaultId];\n delete pendingDeposits[starkKey][assetId][vaultId];\n delete cancellationRequests[starkKey][assetId][vaultId];\n\n // Refund deposit.\n transferOut(msg.sender, assetType, quantizedAmount);\n\n // Log event.\n emit LogDepositCancelReclaimed(\n starkKey,\n vaultId,\n assetType,\n fromQuantized(assetType, quantizedAmount),\n quantizedAmount\n );\n }\n\n function depositNftReclaim(\n uint256 starkKey,\n uint256 assetType,\n uint256 vaultId,\n uint256 tokenId\n )\n external\n isSenderStarkKey(starkKey)\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n\n // assetId is the id for the deposits/withdrawals.\n // equivalent for the usage of assetType for ERC20.\n uint256 assetId = calculateNftAssetId(assetType, tokenId);\n\n // Make sure enough time has passed.\n uint256 requestTime = cancellationRequests[starkKey][assetId][vaultId];\n require(requestTime != 0, \"DEPOSIT_NOT_CANCELED\");\n uint256 freeTime = requestTime + DEPOSIT_CANCEL_DELAY;\n assert(freeTime \u003e= DEPOSIT_CANCEL_DELAY);\n // solium-disable-next-line security/no-block-members\n require(now \u003e= freeTime, \"DEPOSIT_LOCKED\"); // NOLINT: timestamp.\n\n // Clear deposit.\n uint256 amount = pendingDeposits[starkKey][assetId][vaultId];\n delete pendingDeposits[starkKey][assetId][vaultId];\n delete cancellationRequests[starkKey][assetId][vaultId];\n\n if (amount \u003e 0) {\n // Refund deposit.\n transferOutNft(msg.sender, assetType, tokenId);\n\n // Log event.\n emit LogDepositNftCancelReclaimed(starkKey, vaultId, assetType, tokenId, assetId);\n }\n }\n}\n"},"ERC721Receiver.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"IERC721Receiver.sol\";\n\n/*\n ERC721 token receiver interface\n EIP-721 requires any contract receiving ERC721 tokens to implement IERC721Receiver interface.\n By EIP, safeTransferFrom API of ERC721 shall call onERC721Received on the receiving contract.\n\n Have the receiving contract failed to respond as expected, the safeTransferFrom shall be reverted.\n\n Params:\n `operator` The address which called `safeTransferFrom` function\n `from` The address which previously owned the token\n `tokenId` The NFT identifier which is being transferred\n `data` Additional data with no specified format\n\n Returns: fixed value:`bytes4(keccak256(\"onERC721Received(address,address,uint256,bytes)\"))`.\n*/\ncontract ERC721Receiver is IERC721Receiver {\n // NOLINTNEXTLINE: external-function.\n function onERC721Received(\n address /*operator*/, // The address which called `safeTransferFrom` function.\n address /*from*/, // The address which previously owned the token.\n uint256 /*tokenId*/, // The NFT identifier which is being transferred.\n bytes memory /*data*/) // Additional data with no specified format.\n public returns (bytes4)\n {\n return this.onERC721Received.selector;\n }\n}\n"},"Freezable.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"LibConstants.sol\";\nimport \"MFreezable.sol\";\nimport \"MGovernance.sol\";\nimport \"MainStorage.sol\";\n\n/*\n Implements MFreezable.\n*/\ncontract Freezable is MainStorage, LibConstants, MGovernance, MFreezable {\n event LogFrozen();\n event LogUnFrozen();\n\n modifier notFrozen()\n {\n require(!stateFrozen, \"STATE_IS_FROZEN\");\n _;\n }\n\n modifier onlyFrozen()\n {\n require(stateFrozen, \"STATE_NOT_FROZEN\");\n _;\n }\n\n function isFrozen()\n external view\n returns (bool frozen) {\n frozen = stateFrozen;\n }\n\n function freeze()\n internal\n notFrozen()\n {\n // solium-disable-next-line security/no-block-members\n unFreezeTime = now + UNFREEZE_DELAY;\n\n // Update state.\n stateFrozen = true;\n\n // Log event.\n emit LogFrozen();\n }\n\n function unFreeze()\n external\n onlyFrozen()\n onlyGovernance()\n {\n // solium-disable-next-line security/no-block-members\n require(now \u003e= unFreezeTime, \"UNFREEZE_NOT_ALLOWED_YET\"); // NOLINT: timestamp.\n\n // Update state.\n stateFrozen = false;\n\n // Increment roots to invalidate them, w/o losing information.\n vaultRoot += 1;\n orderRoot += 1;\n\n // Log event.\n emit LogUnFrozen();\n }\n\n}\n"},"FullWithdrawals.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"LibConstants.sol\";\nimport \"MFreezable.sol\";\nimport \"MKeyGetters.sol\";\nimport \"MainStorage.sol\";\n\n/**\n At any point in time, a user may opt to perform a full withdrawal request for a given off-chain\n vault. Such a request is a different flow than the normal withdrawal flow\n (see :sol:mod:`Withdrawals`) in the following ways:\n\n 1. The user calls a contract function instead of calling an off-chain service API.\n 2. Upon the successful fulfillment of the operation, the entire vault balance is withdrawn, and it is effectively evicted (no longer belongs to the user). Hence, a full withdrawal request does not include an amount to withdraw.\n 3. Failure of the offchain exchange to service a full withdrawal request within a given timeframe gives the user the option to freeze the exchange disabling the ability to update its state.\n\n A full withdrawal operation is executed as follows:\n\n 1. The user submits a full withdrawal request by calling :sol:func:`fullWithdrawalRequest` with the vault ID to be withdrawn.\n 2. Under normal operation of the exchange service, the exchange submits a STARK proof indicating the fulfillment of the withdrawal from the vault.\n 3. If the exchange fails to service the request (does not submit a valid proof as above), upon the expiration of a :sol:cons:`FREEZE_GRACE_PERIOD`, the user is entitled to freeze the contract by calling :sol:func:`freezeRequest` and indicating the vaultId for which the full withdrawal request has not been serviced.\n 4. Upon acceptance of the proof above, the contract adds the withdrawn amount to an on-chain pending withdrawals account under the stark key of the vault owner and the appropriate asset ID. At the same time, the full withdrawal request is cleared.\n 5. The user may then withdraw this amount from the pending withdrawals account by calling the normal withdraw function (see :sol:mod:`Withdrawals`) to transfer the funds to the users Eth or ERC20 account (depending on the token type).\n\n If a user requests a full withdrawal for a vault that is not associated with the StarkKey of the\n user, the exchange may prove this and the full withdrawal request is cleared without any effect on\n the vault (and no funds will be released on-chain for withdrawal).\n\n Full withdrawal requests cannot be cancelled by a user.\n\n To avoid the potential attack of the exchange by a flood of full withdrawal requests, the rate of\n such requests must be limited. In the currently implementation, this is achieved by making the\n cost of the request exceed 1M gas.\n\n*/\ncontract FullWithdrawals is MainStorage, LibConstants, MFreezable, MKeyGetters {\n event LogFullWithdrawalRequest(uint256 starkKey, uint256 vaultId);\n\n function fullWithdrawalRequest(uint256 starkKey, uint256 vaultId) external notFrozen()\n isSenderStarkKey(starkKey) {\n // Verify vault ID in range.\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n\n // Start timer on escape request.\n // solium-disable-next-line security/no-block-members\n fullWithdrawalRequests[starkKey][vaultId] = now;\n\n // Log request.\n emit LogFullWithdrawalRequest(starkKey, vaultId);\n\n // Burn gas to prevent denial of service (too many requests per block).\n for (uint256 i = 0; i \u003c 22231; i++) {}\n // solium-disable-previous-line no-empty-blocks\n }\n\n function getFullWithdrawalRequest(uint256 starkKey, uint256 vaultId)\n external\n view\n returns (uint256 res)\n {\n // Return request value. Expect zero if the request doesn\u0027t exist or has been serviced, and\n // a non-zero value otherwise.\n res = fullWithdrawalRequests[starkKey][vaultId];\n }\n\n function freezeRequest(uint256 starkKey, uint256 vaultId) external notFrozen() {\n // Verify vaultId in range.\n require(vaultId \u003c= MAX_VAULT_ID, \"OUT_OF_RANGE_VAULT_ID\");\n\n // Load request time.\n uint256 requestTime = fullWithdrawalRequests[starkKey][vaultId];\n require(requestTime != 0, \"FULL_WITHDRAWAL_UNREQUESTED\");\n\n // Verify timer on escape request.\n uint256 freezeTime = requestTime + FREEZE_GRACE_PERIOD;\n assert(freezeTime \u003e= FREEZE_GRACE_PERIOD);\n // solium-disable-next-line security/no-block-members\n require(now \u003e= freezeTime, \"FULL_WITHDRAWAL_PENDING\"); // NOLINT: timestamp.\n\n // The only place this function is called.\n freeze();\n }\n}\n"},"Governance.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"GovernanceStorage.sol\";\nimport \"MGovernance.sol\";\n\n/*\n Implements Generic Governance, applicable for both proxy and main contract, and possibly others.\n Notes:\n 1. This class is virtual (getGovernanceTag is not implemented).\n 2. The use of the same function names by both the Proxy and a delegated implementation\n is not possible since calling the implementation functions is done via the default function\n of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)\n exposes mainIsGovernor, which calls the internal isGovernor method.\n*/\ncontract Governance is GovernanceStorage, MGovernance {\n event LogNominatedGovernor(address nominatedGovernor);\n event LogNewGovernorAccepted(address acceptedGovernor);\n event LogRemovedGovernor(address removedGovernor);\n event LogNominationCancelled();\n\n address internal constant ZERO_ADDRESS = address(0x0);\n\n /*\n Returns a string which uniquely identifies the type of the governance mechanism.\n */\n function getGovernanceTag()\n internal\n view\n returns (string memory);\n\n /*\n Returns the GovernanceInfoStruct associated with the governance tag.\n */\n function contractGovernanceInfo()\n internal\n view\n returns (GovernanceInfoStruct storage) {\n string memory tag = getGovernanceTag();\n GovernanceInfoStruct storage gub = governanceInfo[tag];\n require(gub.initialized, \"NOT_INITIALIZED\");\n return gub;\n }\n\n /*\n Current code intentionally prevents governance re-initialization.\n This may be a problem in an upgrade situation, in a case that the upgrade-to implementation\n performs an initialization (for real) and within that calls initGovernance().\n\n Possible workarounds:\n 1. Clearing the governance info altogether by changing the MAIN_GOVERNANCE_INFO_TAG.\n This will remove existing main governance information.\n 2. Modify the require part in this function, so that it will exit quietly\n when trying to re-initialize (uncomment the lines below).\n */\n function initGovernance()\n internal\n {\n string memory tag = getGovernanceTag();\n GovernanceInfoStruct storage gub = governanceInfo[tag];\n // TODO(Remo,01/09/2021): Consider un-commenting lines below.\n // if (gub.initialized) {\n // return;\n // }\n require(!gub.initialized, \"ALREADY_INITIALIZED\");\n gub.initialized = true; // to ensure addGovernor() won\u0027t fail.\n // Add the initial governer.\n addGovernor(msg.sender);\n }\n\n modifier onlyGovernance()\n {\n require(isGovernor(msg.sender), \"ONLY_GOVERNANCE\");\n _;\n }\n\n function isGovernor(address testGovernor)\n internal view\n returns (bool addressIsGovernor){\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n addressIsGovernor = gub.effectiveGovernors[testGovernor];\n }\n\n /*\n Cancels the nomination of a governor candidate.\n */\n function cancelNomination() internal onlyGovernance() {\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n gub.candidateGovernor = ZERO_ADDRESS;\n emit LogNominationCancelled();\n }\n\n function nominateNewGovernor(address newGovernor) internal onlyGovernance() {\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n gub.candidateGovernor = newGovernor;\n emit LogNominatedGovernor(newGovernor);\n }\n\n /*\n The addGovernor is called in two cases:\n 1. by acceptGovernance when a new governor accepts its role.\n 2. by initGovernance to add the initial governor.\n The difference is that the init path skips the nominate step\n that would fail because of the onlyGovernance modifier.\n */\n function addGovernor(address newGovernor) private {\n require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n gub.effectiveGovernors[newGovernor] = true;\n }\n\n function acceptGovernance()\n internal\n {\n // The new governor was proposed as a candidate by the current governor.\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n require(msg.sender == gub.candidateGovernor, \"ONLY_CANDIDATE_GOVERNOR\");\n\n // Update state.\n addGovernor(gub.candidateGovernor);\n gub.candidateGovernor = ZERO_ADDRESS;\n\n // Send a notification about the change of governor.\n emit LogNewGovernorAccepted(msg.sender);\n }\n\n /*\n Remove a governor from office.\n */\n function removeGovernor(address governorForRemoval) internal onlyGovernance() {\n require(msg.sender != governorForRemoval, \"GOVERNOR_SELF_REMOVE\");\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n require (isGovernor(governorForRemoval), \"NOT_GOVERNOR\");\n gub.effectiveGovernors[governorForRemoval] = false;\n emit LogRemovedGovernor(governorForRemoval);\n }\n}\n"},"GovernanceStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n\n struct GovernanceInfoStruct {\n mapping (address =\u003e bool) effectiveGovernors;\n address candidateGovernor;\n bool initialized;\n }\n\n // A map from a Governor tag to its own GovernanceInfoStruct.\n mapping (string =\u003e GovernanceInfoStruct) internal governanceInfo;\n}\n"},"Identity.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract Identity {\n\n /*\n Allows a caller, typically another contract,\n to ensure that the provided address is of the expected type and version.\n */\n function identify()\n external pure\n returns(string memory);\n}\n"},"IERC20.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Interface of the ERC20 standard as defined in the EIP. Does not include\n the optional functions; to access them see {ERC20Detailed}.\n*/\ninterface IERC20 {\n\n function totalSupply() external view returns (uint256);\n\n function balanceOf(address account) external view returns (uint256);\n\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n function approve(address spender, uint256 amount) external returns (bool);\n\n function transferFrom(address sender, address recipient, uint256 amount)\n external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n"},"IERC721Receiver.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract IERC721Receiver {\n function onERC721Received(address operator, address from, uint256 tokenId, bytes memory data)\n public returns (bytes4);\n}\n"},"IFactRegistry.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n The Fact Registry design pattern is a way to separate cryptographic verification from the\n business logic of the contract flow.\n\n A fact registry holds a hash table of verified \"facts\" which are represented by a hash of claims\n that the registry hash check and found valid. This table may be queried by accessing the\n isValid() function of the registry with a given hash.\n\n In addition, each fact registry exposes a registry specific function for submitting new claims\n together with their proofs. The information submitted varies from one registry to the other\n depending of the type of fact requiring verification.\n\n For further reading on the Fact Registry design pattern see this\n `StarkWare blog post \u003chttps://medium.com/starkware/the-fact-registry-a64aafb598b6\u003e`_.\n*/\ncontract IFactRegistry {\n /*\n Returns true if the given fact was previously registered in the contract.\n */\n function isValid(bytes32 fact)\n external view\n returns(bool);\n}\n"},"KeyGetters.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MainStorage.sol\";\nimport \"MKeyGetters.sol\";\n\n/*\n Implements MKeyGetters.\n*/\ncontract KeyGetters is MainStorage, MKeyGetters {\n function getEthKey(uint256 starkKey) public view returns (address ethKey) {\n // Fetch the user\u0027s Ethereum key.\n ethKey = ethKeys[starkKey];\n require(ethKey != address(0x0), \"USER_UNREGISTERED\");\n }\n\n function isMsgSenderStarkKeyOwner(uint256 starkKey) internal view returns (bool) {\n return msg.sender == getEthKey(starkKey);\n }\n\n modifier isSenderStarkKey(uint256 starkKey) {\n // Require the calling user to own the stark key.\n require(isMsgSenderStarkKeyOwner(starkKey), \"MISMATCHING_STARK_ETH_KEYS\");\n _;\n }\n}\n"},"LibConstants.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract LibConstants {\n // Durations for time locked mechanisms (in seconds).\n // Note that it is known that miners can manipulate block timestamps\n // up to a deviation of a few seconds.\n // This mechanism should not be used for fine grained timing.\n\n // The time required to cancel a deposit, in the case the operator does not move the funds\n // to the off-chain storage.\n uint256 public constant DEPOSIT_CANCEL_DELAY = 3 days;\n\n // The time required to freeze the exchange, in the case the operator does not execute a\n // requested full withdrawal.\n uint256 public constant FREEZE_GRACE_PERIOD = 7 days;\n\n // The time after which the exchange may be unfrozen after it froze. This should be enough time\n // for users to perform escape hatches to get back their funds.\n uint256 public constant UNFREEZE_DELAY = 365 days;\n\n // Maximal number of verifiers which may co-exist.\n uint256 public constant MAX_VERIFIER_COUNT = uint256(64);\n\n // The time required to remove a verifier in case of a verifier upgrade.\n uint256 public constant VERIFIER_REMOVAL_DELAY = FREEZE_GRACE_PERIOD + (21 days);\n\n uint256 constant MAX_VAULT_ID = 2**31 - 1;\n uint256 constant MAX_QUANTUM = 2**128 - 1;\n\n address constant ZERO_ADDRESS = address(0x0);\n\n uint256 constant K_MODULUS =\n 0x800000000000011000000000000000000000000000000000000000000000001;\n uint256 constant K_BETA =\n 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89;\n\n uint256 constant EXPIRATION_TIMESTAMP_BITS = 22;\n\n uint256 internal constant MASK_250 =\n 0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;\n uint256 internal constant MASK_240 =\n 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;\n uint256 internal constant MINTABLE_ASSET_ID_FLAG = 1\u003c\u003c250;\n}\n"},"MAcceptModifications.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Interface containing actions a verifier can invoke on the state.\n The contract containing the state should implement these and verify correctness.\n*/\ncontract MAcceptModifications {\n\n function acceptDeposit(\n uint256 starkKey,\n uint256 vaultId,\n uint256 assetId,\n uint256 quantizedAmount\n )\n internal;\n\n function allowWithdrawal(\n uint256 starkKey,\n uint256 assetId,\n uint256 quantizedAmount\n )\n internal;\n\n function acceptWithdrawal(\n uint256 starkKey,\n uint256 assetId,\n uint256 quantizedAmount\n )\n internal;\n\n function clearFullWithdrawalRequest(\n uint256 starkKey,\n uint256 vaultId\n )\n internal;\n}\n"},"MainGovernance.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"Governance.sol\";\n\n/**\n The StarkEx contract is governed by one or more Governors of which the initial one is the\n deployer of the contract.\n\n A governor has the sole authority to perform the following operations:\n\n 1. Nominate additional governors (:sol:func:`mainNominateNewGovernor`)\n 2. Remove other governors (:sol:func:`mainRemoveGovernor`)\n 3. Add new :sol:mod:`Verifiers` and :sol:mod:`AvailabilityVerifiers`\n 4. Remove :sol:mod:`Verifiers` and :sol:mod:`AvailabilityVerifiers` after a timelock allows it\n 5. Nominate Operators (see :sol:mod:`Operator`) and Token Administrators (see :sol:mod:`Tokens`)\n\n Adding governors is performed in a two step procedure:\n\n 1. First, an existing governor nominates a new governor (:sol:func:`mainNominateNewGovernor`)\n 2. Then, the new governor must accept governance to become a governor (:sol:func:`mainAcceptGovernance`)\n\n This two step procedure ensures that a governor public key cannot be nominated unless there is an\n entity that has the corresponding private key. This is intended to prevent errors in the addition\n process.\n\n The governor private key should typically be held in a secure cold wallet.\n*/\n/*\n Implements Governance for the StarkDex main contract.\n The wrapper methods (e.g. mainIsGovernor wrapping isGovernor) are needed to give\n the method unique names.\n Both Proxy and StarkExchange inherit from Governance. Thus, the logical contract method names\n must have unique names in order for the proxy to successfully delegate to them.\n*/\ncontract MainGovernance is Governance {\n\n // The tag is the sting key that is used in the Governance storage mapping.\n string public constant MAIN_GOVERNANCE_INFO_TAG = \"StarkEx.Main.2019.GovernorsInformation\";\n\n function getGovernanceTag()\n internal\n view\n returns (string memory tag) {\n tag = MAIN_GOVERNANCE_INFO_TAG;\n }\n\n function mainIsGovernor(address testGovernor) external view returns (bool) {\n return isGovernor(testGovernor);\n }\n\n function mainNominateNewGovernor(address newGovernor) external {\n nominateNewGovernor(newGovernor);\n }\n\n function mainRemoveGovernor(address governorForRemoval) external {\n removeGovernor(governorForRemoval);\n }\n\n function mainAcceptGovernance()\n external\n {\n acceptGovernance();\n }\n\n function mainCancelNomination() external {\n cancelNomination();\n }\n\n}\n"},"MainStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"IFactRegistry.sol\";\nimport \"ProxyStorage.sol\";\nimport \"Common.sol\";\n/*\n Holds ALL the main contract state (storage) variables.\n*/\ncontract MainStorage is ProxyStorage {\n\n IFactRegistry escapeVerifier_;\n\n // Global dex-frozen flag.\n bool stateFrozen; // NOLINT: constable-states.\n\n // Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze).\n uint256 unFreezeTime; // NOLINT: constable-states.\n\n // Pending deposits.\n // A map STARK key =\u003e asset id =\u003e vault id =\u003e quantized amount.\n mapping (uint256 =\u003e mapping (uint256 =\u003e mapping (uint256 =\u003e uint256))) pendingDeposits;\n\n // Cancellation requests.\n // A map STARK key =\u003e asset id =\u003e vault id =\u003e request timestamp.\n mapping (uint256 =\u003e mapping (uint256 =\u003e mapping (uint256 =\u003e uint256))) cancellationRequests;\n\n // Pending withdrawals.\n // A map STARK key =\u003e asset id =\u003e quantized amount.\n mapping (uint256 =\u003e mapping (uint256 =\u003e uint256)) pendingWithdrawals;\n\n // vault_id =\u003e escape used boolean.\n mapping (uint256 =\u003e bool) escapesUsed;\n\n // Number of escapes that were performed when frozen.\n uint256 escapesUsedCount; // NOLINT: constable-states.\n\n // Full withdrawal requests: stark key =\u003e vaultId =\u003e requestTime.\n // stark key =\u003e vaultId =\u003e requestTime.\n mapping (uint256 =\u003e mapping (uint256 =\u003e uint256)) fullWithdrawalRequests;\n\n // State sequence number.\n uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state.\n\n // Vaults Tree Root \u0026 Height.\n uint256 vaultRoot; // NOLINT: constable-states uninitialized-state.\n uint256 vaultTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n // Order Tree Root \u0026 Height.\n uint256 orderRoot; // NOLINT: constable-states uninitialized-state.\n uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n // True if and only if the address is allowed to add tokens.\n mapping (address =\u003e bool) tokenAdmins;\n\n // True if and only if the address is allowed to register users.\n mapping (address =\u003e bool) userAdmins;\n\n // True if and only if the address is an operator (allowed to update state).\n mapping (address =\u003e bool) operators;\n\n // Mapping of contract ID to asset data.\n mapping (uint256 =\u003e bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state.\n\n // Mapping of registered contract IDs.\n mapping (uint256 =\u003e bool) registeredAssetType; // NOLINT: uninitialized-state.\n\n // Mapping from contract ID to quantum.\n mapping (uint256 =\u003e uint256) assetTypeToQuantum; // NOLINT: uninitialized-state.\n\n // This mapping is no longer in use, remains for backwards compatibility.\n mapping (address =\u003e uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention.\n\n // Mapping from STARK public key to the Ethereum public key of its owner.\n mapping (uint256 =\u003e address) ethKeys; // NOLINT: uninitialized-state.\n\n // Timelocked state transition and availability verification chain.\n StarkExTypes.ApprovalChainData verifiersChain;\n StarkExTypes.ApprovalChainData availabilityVerifiersChain;\n\n // Batch id of last accepted proof.\n uint256 lastBatchId; // NOLINT: constable-states uninitialized-state.\n\n // Mapping between sub-contract index to sub-contract address.\n mapping(uint256 =\u003e address) subContracts; // NOLINT: uninitialized-state.\n\n // Onchain-data version configured for the system.\n // TODO(zuphit,01/01/2021): wrap this with an attribute class.\n uint256 onchainDataVersion; // NOLINT: constable-states uninitialized-state.\n}\n"},"MFreezable.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MFreezable {\n /*\n Forbids calling the function if the exchange is frozen.\n */\n modifier notFrozen()\n {\n // Pure modifier declarations are not supported. Instead we provide\n // a dummy definition.\n revert(\"UNIMPLEMENTED\");\n _;\n }\n\n /*\n Allows calling the function only if the exchange is frozen.\n */\n modifier onlyFrozen()\n {\n // Pure modifier declarations are not supported. Instead we provide\n // a dummy definition.\n revert(\"UNIMPLEMENTED\");\n _;\n }\n\n /*\n Freezes the exchange.\n */\n function freeze()\n internal;\n\n /*\n Returns true if the exchange is frozen.\n */\n function isFrozen()\n external view\n returns (bool);\n\n}\n"},"MGovernance.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MGovernance {\n /*\n Allows calling the function only by a Governor.\n */\n modifier onlyGovernance()\n {\n // Pure modifier declarations are not supported. Instead we provide\n // a dummy definition.\n revert(\"UNIMPLEMENTED\");\n _;\n }\n}\n"},"MKeyGetters.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MKeyGetters {\n // NOLINTNEXTLINE: external-function.\n function getEthKey(uint256 starkKey) public view returns (address ethKey);\n\n function isMsgSenderStarkKeyOwner(uint256 starkKey) internal view returns (bool);\n\n /*\n Allows calling the function only if starkKey is registered to msg.sender.\n */\n modifier isSenderStarkKey(uint256 starkKey)\n {\n // Pure modifier declarations are not supported. Instead we provide\n // a dummy definition.\n revert(\"UNIMPLEMENTED\");\n _;\n }\n}\n"},"MOperator.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MOperator {\n\n modifier onlyOperator()\n {\n // Pure modifier declarations are not supported. Instead we provide\n // a dummy definition.\n revert(\"UNIMPLEMENTED\");\n _;\n }\n\n function registerOperator(address newOperator)\n external;\n\n function unregisterOperator(address removedOperator)\n external;\n\n}\n"},"MTokenAssetData.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MTokenAssetData {\n\n // NOLINTNEXTLINE: external-function.\n function getAssetInfo(uint256 assetType)\n public\n view\n returns (bytes memory assetInfo);\n\n function extractTokenSelector(bytes memory assetInfo)\n internal\n pure\n returns (bytes4 selector);\n\n function isEther(uint256 assetType)\n internal\n view\n returns (bool);\n\n function isMintableAssetType(uint256 assetType)\n internal\n view\n returns (bool);\n\n function extractContractAddress(bytes memory assetInfo)\n internal\n pure\n returns (address _contract);\n\n function calculateNftAssetId(uint256 assetType, uint256 tokenId)\n internal\n pure\n returns(uint256 assetId);\n\n function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob)\n internal\n pure\n returns(uint256 assetId);\n\n}\n"},"MTokenQuantization.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MTokenQuantization {\n function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount)\n internal\n view\n returns (uint256 amount);\n\n // NOLINTNEXTLINE: external-function.\n function getQuantum(uint256 presumedAssetType)\n public\n view\n returns (uint256 quantum);\n\n function toQuantized(uint256 presumedAssetType, uint256 amount)\n internal\n view\n returns (uint256 quantizedAmount);\n}\n"},"MTokens.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MTokens {\n function transferIn(uint256 assetType, uint256 quantizedAmount) internal;\n\n function transferInNft(uint256 assetType, uint256 tokenId) internal;\n\n function transferOut(address payable recipient, uint256 assetType, uint256 quantizedAmount)\n internal;\n\n function transferOutNft(address recipient, uint256 assetType, uint256 tokenId) internal;\n\n function transferOutMint(\n uint256 assetType, uint256 quantizedAmount, bytes memory mintingBlob) internal;\n}\n"},"Operator.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MOperator.sol\";\nimport \"MGovernance.sol\";\nimport \"MainStorage.sol\";\n\n/**\n The Operator of the contract is the entity entitled to submit state update requests\n by calling :sol:func:`updateState`.\n\n An Operator may be instantly appointed or removed by the contract Governor\n (see :sol:mod:`MainGovernance`). Typically, the Operator is the hot wallet of the StarkEx service\n submitting proofs for state updates.\n*/\ncontract Operator is MainStorage, MGovernance, MOperator {\n event LogOperatorAdded(address operator);\n event LogOperatorRemoved(address operator);\n\n function initialize()\n internal\n {\n operators[msg.sender] = true;\n emit LogOperatorAdded(msg.sender);\n }\n\n modifier onlyOperator()\n {\n require(operators[msg.sender], \"ONLY_OPERATOR\");\n _;\n }\n\n function registerOperator(address newOperator)\n external\n onlyGovernance\n {\n operators[newOperator] = true;\n emit LogOperatorAdded(newOperator);\n }\n\n function unregisterOperator(address removedOperator)\n external\n onlyGovernance\n {\n operators[removedOperator] = false;\n emit LogOperatorRemoved(removedOperator);\n }\n\n function isOperator(address testedOperator) external view returns (bool) {\n return operators[testedOperator];\n }\n}\n"},"ProxyStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n Holds the Proxy-specific state variables.\n This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n\n // Stores the hash of the initialization vector of the added implementation.\n // Upon upgradeTo the implementation, the initialization vector is verified\n // to be identical to the one submitted when adding the implementation.\n mapping (address =\u003e bytes32) internal initializationHash;\n\n // The time after which we can switch to the implementation.\n mapping (address =\u003e uint256) internal enabledTime;\n\n // A central storage of the flags whether implementation has been initialized.\n // Note - it can be used flexibly enough to accommodate multiple levels of initialization\n // (i.e. using different key salting schemes for different initialization levels).\n mapping (bytes32 =\u003e bool) internal initialized;\n}\n"},"SubContractor.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"Identity.sol\";\n\ncontract SubContractor is Identity {\n\n function initialize(bytes calldata data)\n external;\n\n function initializerSize()\n external view\n returns(uint256);\n\n}\n"},"TokenAssetData.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MainStorage.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"LibConstants.sol\";\n\ncontract TokenAssetData is MainStorage, LibConstants, MTokenAssetData {\n bytes4 internal constant ERC20_SELECTOR = bytes4(keccak256(\"ERC20Token(address)\"));\n bytes4 internal constant ETH_SELECTOR = bytes4(keccak256(\"ETH()\"));\n bytes4 internal constant ERC721_SELECTOR = bytes4(keccak256(\"ERC721Token(address,uint256)\"));\n bytes4 internal constant MINTABLE_ERC20_SELECTOR =\n bytes4(keccak256(\"MintableERC20Token(address)\"));\n bytes4 internal constant MINTABLE_ERC721_SELECTOR =\n bytes4(keccak256(\"MintableERC721Token(address,uint256)\"));\n\n // The selector follows the 0x20 bytes assetInfo.length field.\n uint256 internal constant SELECTOR_OFFSET = 0x20;\n uint256 internal constant SELECTOR_SIZE = 4;\n uint256 internal constant TOKEN_CONTRACT_ADDRESS_OFFSET = SELECTOR_OFFSET + SELECTOR_SIZE;\n string internal constant NFT_ASSET_ID_PREFIX = \"NFT:\";\n string internal constant MINTABLE_PREFIX = \"MINTABLE:\";\n\n /*\n Extract the tokenSelector from assetInfo.\n\n Works like bytes4 tokenSelector = abi.decode(assetInfo, (bytes4))\n but does not revert when assetInfo.length \u003c SELECTOR_OFFSET.\n */\n function extractTokenSelector(bytes memory assetInfo) internal pure\n returns (bytes4 selector) {\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n selector := and(\n 0xffffffff00000000000000000000000000000000000000000000000000000000,\n mload(add(assetInfo, SELECTOR_OFFSET))\n )\n }\n }\n\n function getAssetInfo(uint256 assetType) public view returns (bytes memory assetInfo) {\n // Verify that the registration is set and valid.\n require(registeredAssetType[assetType], \"ASSET_TYPE_NOT_REGISTERED\");\n\n // Retrieve registration.\n assetInfo = assetTypeToAssetInfo[assetType];\n }\n\n function isEther(uint256 assetType) internal view returns (bool) {\n return extractTokenSelector(getAssetInfo(assetType)) == ETH_SELECTOR;\n }\n\n function isMintableAssetType(uint256 assetType) internal view returns (bool) {\n bytes4 tokenSelector = extractTokenSelector(getAssetInfo(assetType));\n return\n tokenSelector == MINTABLE_ERC20_SELECTOR ||\n tokenSelector == MINTABLE_ERC721_SELECTOR;\n }\n\n function extractContractAddress(bytes memory assetInfo)\n internal pure returns (address _contract) {\n uint256 offset = TOKEN_CONTRACT_ADDRESS_OFFSET;\n uint256 res;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n res := mload(add(assetInfo, offset))\n }\n _contract = address(res);\n }\n\n function calculateNftAssetId(uint256 assetType, uint256 tokenId)\n internal\n pure\n returns(uint256 assetId) {\n assetId = uint256(keccak256(abi.encodePacked(NFT_ASSET_ID_PREFIX, assetType, tokenId))) \u0026\n MASK_250;\n }\n\n function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob)\n internal\n pure\n returns(uint256 assetId) {\n uint256 blobHash = uint256(keccak256(mintingBlob));\n assetId = (uint256(keccak256(abi.encodePacked(MINTABLE_PREFIX ,assetType, blobHash)))\n \u0026 MASK_240) | MINTABLE_ASSET_ID_FLAG;\n }\n\n}\n"},"TokenQuantization.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MainStorage.sol\";\nimport \"MTokenQuantization.sol\";\n\n\ncontract TokenQuantization is MainStorage, MTokenQuantization {\n\n function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount)\n internal view returns (uint256 amount) {\n uint256 quantum = getQuantum(presumedAssetType);\n amount = quantizedAmount * quantum;\n require(amount / quantum == quantizedAmount, \"DEQUANTIZATION_OVERFLOW\");\n }\n\n function getQuantum(uint256 presumedAssetType) public view returns (uint256 quantum) {\n if (!registeredAssetType[presumedAssetType]) {\n // Default quantization, for NFTs etc.\n quantum = 1;\n } else {\n // Retrieve registration.\n quantum = assetTypeToQuantum[presumedAssetType];\n }\n }\n\n function toQuantized(uint256 presumedAssetType, uint256 amount)\n internal view returns (uint256 quantizedAmount) {\n uint256 quantum = getQuantum(presumedAssetType);\n require(amount % quantum == 0, \"INVALID_AMOUNT\");\n quantizedAmount = amount / quantum;\n }\n}\n"},"Tokens.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"Common.sol\";\nimport \"LibConstants.sol\";\nimport \"MGovernance.sol\";\nimport \"MTokens.sol\";\nimport \"TokenAssetData.sol\";\nimport \"TokenQuantization.sol\";\nimport \"IERC20.sol\";\nimport \"MainStorage.sol\";\n\n/**\n Registration of a new token (:sol:func:`registerToken`) entails defining a new asset type within\n the system, and associating it with an `assetInfo` array of\n bytes and a quantization factor (`quantum`).\n\n The `assetInfo` is a byte array, with a size depending on the token.\n For ETH, assetInfo is 4 bytes long. For ERC20 tokens, it is 36 bytes long.\n\n For each token type, the following constant 4-byte hash is defined, called the `selector`:\n\n | `ETH_SELECTOR = bytes4(keccak256(\"ETH()\"));`\n | `ERC20_SELECTOR = bytes4(keccak256(\"ERC20Token(address)\"));`\n | `ERC721_SELECTOR = bytes4(keccak256(\"ERC721Token(address,uint256)\"));`\n | `MINTABLE_ERC20_SELECTOR = bytes4(keccak256(\"MintableERC20Token(address)\"));`\n | `MINTABLE_ERC721_SELECTOR = bytes4(keccak256(\"MintableERC721Token(address,uint256)\"));`\n\n For each token type, `assetInfo` is defined as follows:\n\n\n The `quantum` quantization factor defines the multiplicative transformation from the native token\n denomination as a 256b unsigned integer to a 63b unsigned integer representation as used by the\n Stark exchange. Only amounts in the native representation that represent an integer number of\n quanta are allowed in the system.\n\n The asset type is restricted to be the result of a hash of the `assetInfo` and the\n `quantum` masked to 250 bits (to be less than the prime used) according to the following formula:\n\n | ``uint256 assetType = uint256(keccak256(abi.encodePacked(assetInfo, quantum))) \u0026``\n | ``0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;``\n\n Once registered, tokens cannot be removed from the system, as their IDs may be used by off-chain\n accounts.\n\n New tokens may only be registered by a Token Administrator. A Token Administrator may be instantly\n appointed or removed by the contract Governor (see :sol:mod:`MainGovernance`). Typically, the\n Token Administrator\u0027s private key should be kept in a cold wallet.\n*/\ncontract Tokens is\n MainStorage,\n LibConstants,\n MGovernance,\n TokenQuantization,\n TokenAssetData,\n MTokens\n{\n event LogTokenRegistered(uint256 assetType, bytes assetInfo);\n event LogTokenAdminAdded(address tokenAdmin);\n event LogTokenAdminRemoved(address tokenAdmin);\n\n using Addresses for address;\n using Addresses for address payable;\n\n modifier onlyTokensAdmin() {\n require(tokenAdmins[msg.sender], \"ONLY_TOKENS_ADMIN\");\n _;\n }\n\n function registerTokenAdmin(address newAdmin) external onlyGovernance() {\n tokenAdmins[newAdmin] = true;\n emit LogTokenAdminAdded(newAdmin);\n }\n\n function unregisterTokenAdmin(address oldAdmin) external onlyGovernance() {\n tokenAdmins[oldAdmin] = false;\n emit LogTokenAdminRemoved(oldAdmin);\n }\n\n function isTokenAdmin(address testedAdmin) external view returns (bool) {\n return tokenAdmins[testedAdmin];\n }\n\n\n function registerToken(uint256 assetType, bytes calldata assetInfo) external {\n registerToken(assetType, assetInfo, 1);\n }\n\n /*\n Registers a new asset to the system.\n Once added, it can not be removed and there is a limited number\n of slots available.\n */\n function registerToken(\n uint256 assetType,\n bytes memory assetInfo,\n uint256 quantum\n ) public onlyTokensAdmin() {\n // Make sure it is not invalid or already registered.\n require(!registeredAssetType[assetType], \"ASSET_ALREADY_REGISTERED\");\n require(assetType \u003c K_MODULUS, \"INVALID_ASSET_TYPE\");\n require(quantum \u003e 0, \"INVALID_QUANTUM\");\n require(quantum \u003c= MAX_QUANTUM, \"INVALID_QUANTUM\");\n require(assetInfo.length \u003e= SELECTOR_SIZE, \"INVALID_ASSET_STRING\");\n\n // Require that the assetType is the hash of the assetInfo and quantum truncated to 250 bits.\n uint256 enforcedId = uint256(keccak256(abi.encodePacked(assetInfo, quantum))) \u0026 MASK_250;\n require(assetType == enforcedId, \"INVALID_ASSET_TYPE\");\n\n // Add token to the in-storage structures.\n registeredAssetType[assetType] = true;\n assetTypeToAssetInfo[assetType] = assetInfo;\n assetTypeToQuantum[assetType] = quantum;\n\n bytes4 tokenSelector = extractTokenSelector(assetInfo);\n\n // Ensure the selector is of an asset type we know.\n require(\n tokenSelector == ETH_SELECTOR ||\n tokenSelector == ERC20_SELECTOR ||\n tokenSelector == ERC721_SELECTOR ||\n tokenSelector == MINTABLE_ERC20_SELECTOR ||\n tokenSelector == MINTABLE_ERC721_SELECTOR,\n \"UNSUPPORTED_TOKEN_TYPE\"\n );\n\n if (tokenSelector == ETH_SELECTOR) {\n // Assset info for ETH assetType is only a selector, i.e. 4 bytes length.\n require(assetInfo.length == 4, \"INVALID_ASSET_STRING\");\n } else {\n // Assset info for other asset types are a selector + uint256 concatanation.\n // We pass the address as a uint256 (zero padded),\n // thus its length is 0x04 + 0x20 = 0x24.\n require(assetInfo.length == 0x24, \"INVALID_ASSET_STRING\");\n address tokenAddress = extractContractAddress(assetInfo);\n require(tokenAddress.isContract(), \"BAD_TOKEN_ADDRESS\");\n if (tokenSelector == ERC721_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR) {\n require(quantum == 1, \"INVALID_NFT_QUANTUM\");\n }\n }\n\n // Log the registration of a new token.\n emit LogTokenRegistered(assetType, assetInfo);\n }\n\n /*\n Transfers funds from msg.sender to the exchange.\n */\n function transferIn(uint256 assetType, uint256 quantizedAmount) internal {\n bytes memory assetInfo = getAssetInfo(assetType);\n uint256 amount = fromQuantized(assetType, quantizedAmount);\n\n bytes4 tokenSelector = extractTokenSelector(assetInfo);\n if (tokenSelector == ERC20_SELECTOR) {\n address tokenAddress = extractContractAddress(assetInfo);\n IERC20 token = IERC20(tokenAddress);\n uint256 exchangeBalanceBefore = token.balanceOf(address(this));\n bytes memory callData = abi.encodeWithSelector(\n token.transferFrom.selector, msg.sender, address(this), amount);\n tokenAddress.safeTokenContractCall(callData);\n uint256 exchangeBalanceAfter = token.balanceOf(address(this));\n require(exchangeBalanceAfter \u003e= exchangeBalanceBefore, \"OVERFLOW\");\n // NOLINTNEXTLINE(incorrect-equality): strict equality needed.\n require(\n exchangeBalanceAfter == exchangeBalanceBefore + amount,\n \"INCORRECT_AMOUNT_TRANSFERRED\");\n } else if (tokenSelector == ETH_SELECTOR) {\n require(msg.value == amount, \"INCORRECT_DEPOSIT_AMOUNT\");\n } else {\n revert(\"UNSUPPORTED_TOKEN_TYPE\");\n }\n }\n\n function transferInNft(uint256 assetType, uint256 tokenId) internal {\n bytes memory assetInfo = getAssetInfo(assetType);\n\n bytes4 tokenSelector = extractTokenSelector(assetInfo);\n require(tokenSelector == ERC721_SELECTOR, \"NOT_ERC721_TOKEN\");\n address tokenAddress = extractContractAddress(assetInfo);\n tokenAddress.safeTokenContractCall(\n abi.encodeWithSignature(\n \"safeTransferFrom(address,address,uint256)\",\n msg.sender,\n address(this),\n tokenId\n )\n );\n }\n\n /*\n Transfers funds from the exchange to recipient.\n */\n function transferOut(\n address payable recipient,\n uint256 assetType,\n uint256 quantizedAmount\n ) internal {\n bytes memory assetInfo = getAssetInfo(assetType);\n uint256 amount = fromQuantized(assetType, quantizedAmount);\n\n bytes4 tokenSelector = extractTokenSelector(assetInfo);\n if (tokenSelector == ERC20_SELECTOR) {\n address tokenAddress = extractContractAddress(assetInfo);\n IERC20 token = IERC20(tokenAddress);\n uint256 exchangeBalanceBefore = token.balanceOf(address(this));\n bytes memory callData = abi.encodeWithSelector(\n token.transfer.selector, recipient, amount);\n tokenAddress.safeTokenContractCall(callData);\n uint256 exchangeBalanceAfter = token.balanceOf(address(this));\n require(exchangeBalanceAfter \u003c= exchangeBalanceBefore, \"UNDERFLOW\");\n // NOLINTNEXTLINE(incorrect-equality): strict equality needed.\n require(\n exchangeBalanceAfter == exchangeBalanceBefore - amount,\n \"INCORRECT_AMOUNT_TRANSFERRED\");\n } else if (tokenSelector == ETH_SELECTOR) {\n recipient.performEthTransfer(amount);\n } else {\n revert(\"UNSUPPORTED_TOKEN_TYPE\");\n }\n }\n\n /*\n Transfers NFT from the exchange to recipient.\n */\n function transferOutNft(address recipient, uint256 assetType, uint256 tokenId) internal {\n bytes memory assetInfo = getAssetInfo(assetType);\n bytes4 tokenSelector = extractTokenSelector(assetInfo);\n require(tokenSelector == ERC721_SELECTOR, \"NOT_ERC721_TOKEN\");\n address tokenAddress = extractContractAddress(assetInfo);\n tokenAddress.safeTokenContractCall(\n abi.encodeWithSignature(\n \"safeTransferFrom(address,address,uint256)\",\n address(this),\n recipient,\n tokenId\n )\n );\n }\n\n function transferOutMint(\n uint256 assetType,\n uint256 quantizedAmount,\n bytes memory mintingBlob) internal {\n uint256 amount = fromQuantized(assetType, quantizedAmount);\n address tokenAddress = extractContractAddress(getAssetInfo(assetType));\n tokenAddress.safeTokenContractCall(\n abi.encodeWithSignature(\n \"mintFor(address,uint256,bytes)\",\n msg.sender, amount, mintingBlob)\n );\n }\n}\n"},"TokensAndRamping.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"ERC721Receiver.sol\";\nimport \"Freezable.sol\";\nimport \"KeyGetters.sol\";\nimport \"Operator.sol\";\nimport \"Tokens.sol\";\nimport \"Users.sol\";\nimport \"MainGovernance.sol\";\nimport \"AcceptModifications.sol\";\nimport \"Deposits.sol\";\nimport \"FullWithdrawals.sol\";\nimport \"Withdrawals.sol\";\nimport \"SubContractor.sol\";\n\ncontract TokensAndRamping is\n ERC721Receiver,\n SubContractor,\n Operator,\n Freezable,\n MainGovernance,\n AcceptModifications,\n Tokens,\n KeyGetters,\n Users,\n Deposits,\n Withdrawals,\n FullWithdrawals\n{\n // TODO(Remo,01/01/2022): When the initialize embodied, place stateful upgrade prevention.\n function initialize(bytes calldata /* data */)\n external {\n revert(\"NOT_IMPLEMENTED\");\n }\n\n function initializerSize()\n external view\n returns(uint256){\n return 0;\n }\n\n function identify()\n external pure\n returns(string memory){\n return \"StarkWare_TokensAndRamping_2020_1\";\n }\n}\n"},"Users.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MainStorage.sol\";\nimport \"LibConstants.sol\";\nimport \"MGovernance.sol\";\nimport \"MKeyGetters.sol\";\n\n/**\n Users of the Stark Exchange are identified within the exchange by their Stark Key which is a\n public key defined over a Stark-friendly elliptic curve that is different from the standard\n Ethereum elliptic curve. These keys may be generated using the same private key used by the user\n on Ethereum.\n\n The Stark-friendly elliptic curve used is defined as follows:\n\n .. math:: y^2 = (x^3 + \\alpha \\cdot x + \\beta) \\% p\n\n where:\n\n .. math:: \\alpha = 1\n .. math:: \\beta = 3141592653589793238462643383279502884197169399375105820974944592307816406665\n .. math:: p = 3618502788666131213697322783095070105623107215331596699973092056135872020481\n\n In order to associate exchange users with Ethereum account addresses, an Ethereum address must be\n registered with the Stark Key on the exchange contract before any other user operation can take\n place.\n User registration is performed by calling :sol:func:`registerUser` with the selected Stark Key,\n representing an `x` coordinate on the Stark-friendly elliptic curve, and the `y` coordinate of\n the key on the curve (due to the nature of the curve, only two such possible `y` coordinates\n exist).\n\n The registration is accepted if the following holds:\n\n 1. The key registered is not zero and has not been registered in the past by the user or anyone else.\n 2. The key provided represents a valid point on the Stark-friendly elliptic curve.\n 3. The linkage between the provided Ethereum key and the selected Stark Key is signed by the User Admin (typically the exchange operator).\n\n If the above holds, the Stark Key is registered by the contract, mapping it to the Ethereum key.\n This mapping is later used to ensure that withdrawals from accounts mapped to the Stark Keys can\n only be performed by users authenticated with the associated Ethereum public keys (see :sol:mod:`Withdrawals`).\n*/\ncontract Users is MainStorage, LibConstants, MGovernance, MKeyGetters {\n event LogUserRegistered(address ethKey, uint256 starkKey, address sender);\n event LogUserAdminAdded(address userAdmin);\n event LogUserAdminRemoved(address userAdmin);\n\n function isOnCurve(uint256 starkKey) private view returns (bool) {\n uint256 xCubed = mulmod(mulmod(starkKey, starkKey, K_MODULUS), starkKey, K_MODULUS);\n return isQuadraticResidue(addmod(addmod(xCubed, starkKey, K_MODULUS), K_BETA, K_MODULUS));\n }\n\n function registerUserAdmin(address newAdmin) external onlyGovernance() {\n userAdmins[newAdmin] = true;\n emit LogUserAdminAdded(newAdmin);\n }\n\n function unregisterUserAdmin(address oldAdmin) external onlyGovernance() {\n userAdmins[oldAdmin] = false;\n emit LogUserAdminRemoved(oldAdmin);\n }\n\n function isUserAdmin(address testedAdmin) public view returns (bool) {\n return userAdmins[testedAdmin];\n }\n\n function registerUser(address ethKey, uint256 starkKey, bytes calldata signature) external {\n // Validate keys and availability.\n require(starkKey != 0, \"INVALID_STARK_KEY\");\n require(starkKey \u003c K_MODULUS, \"INVALID_STARK_KEY\");\n require(ethKey != ZERO_ADDRESS, \"INVALID_ETH_ADDRESS\");\n require(ethKeys[starkKey] == ZERO_ADDRESS, \"STARK_KEY_UNAVAILABLE\");\n require(isOnCurve(starkKey), \"INVALID_STARK_KEY\");\n require(signature.length == 65, \"INVALID_SIGNATURE\");\n\n bytes32 signedData = keccak256(abi.encodePacked(\"UserRegistration:\", ethKey, starkKey));\n\n bytes memory sig = signature;\n uint8 v = uint8(sig[64]);\n bytes32 r;\n bytes32 s;\n\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n r := mload(add(sig, 32))\n s := mload(add(sig, 64))\n }\n\n address signer = ecrecover(signedData, v, r, s);\n require(isUserAdmin(signer), \"INVALID_SIGNATURE\");\n\n // Update state.\n ethKeys[starkKey] = ethKey;\n\n // Log new user.\n emit LogUserRegistered(ethKey, starkKey, msg.sender);\n }\n\n function fieldPow(uint256 base, uint256 exponent) internal view returns (uint256) {\n // solium-disable-next-line security/no-low-level-calls\n // NOLINTNEXTLINE: low-level-calls reentrancy-events reentrancy-no-eth.\n (bool success, bytes memory returndata) = address(5).staticcall(\n abi.encode(0x20, 0x20, 0x20, base, exponent, K_MODULUS)\n );\n require(success, string(returndata));\n return abi.decode(returndata, (uint256));\n }\n\n function isQuadraticResidue(uint256 fieldElement) private view returns (bool) {\n return 1 == fieldPow(fieldElement, ((K_MODULUS - 1) / 2));\n }\n}\n"},"Withdrawals.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"MAcceptModifications.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"MFreezable.sol\";\nimport \"MOperator.sol\";\nimport \"MKeyGetters.sol\";\nimport \"MTokens.sol\";\nimport \"MainStorage.sol\";\n\n/**\n For a user to perform a withdrawal operation from the Stark Exchange during normal operation\n two calls are required:\n\n 1. A call to an offchain exchange API, requesting a withdrawal from a user account (vault).\n 2. A call to the on-chain :sol:func:`withdraw` function to perform the actual withdrawal of funds transferring them to the users Eth or ERC20 account (depending on the token type).\n\n For simplicity, hereafter it is assumed that all tokens are ERC20 tokens but the text below\n applies to Eth in the same manner.\n\n In the first call mentioned above, anyone can call the API to request the withdrawal of an\n amount from a given vault. Following the request, the exchange may include the withdrawal in a\n STARK proof. The submission of a proof then results in the addition of the amount(s) withdrawn to\n an on-chain pending withdrawals account under the stark key of the vault owner and the appropriate\n asset ID. At the same time, this also implies that this amount is deducted from the off-chain\n vault.\n\n Once the amount to be withdrawn has been transfered to the on-chain pending withdrawals account,\n the user may perform the second call mentioned above to complete the transfer of funds from the\n Stark Exchange contract to the appropriate ERC20 account. Only a user holding the Eth key\n corresponding to the Stark Key of a pending withdrawals account may perform this operation.\n\n It is possible that for multiple withdrawal calls to the API, a single withdrawal call to the\n contract may retrieve all funds, as long as they are all for the same asset ID.\n\n The result of the operation, assuming all requirements are met, is that an amount of ERC20 tokens\n in the pending withdrawal account times the quantization factor is transferred to the ERC20\n account of the user.\n\n A withdrawal request cannot be cancelled. Once funds reach the pending withdrawals account\n on-chain, they cannot be moved back into an off-chain vault before completion of the withdrawal\n to the ERC20 account of the user.\n\n In the event that the exchange reaches a frozen state the user may perform a withdrawal operation\n via an alternative flow, known as the \"Escape\" flow. In this flow, the API call above is replaced\n with an :sol:func:`escape` call to the on-chain contract (see :sol:mod:`Escapes`) proving the\n ownership of off-chain funds. If such proof is accepted, the user may proceed as above with\n the :sol:func:`withdraw` call to the contract to complete the operation.\n*/\ncontract Withdrawals is MainStorage, MAcceptModifications, MTokenQuantization, MTokenAssetData,\n MFreezable, MOperator, MKeyGetters, MTokens {\n event LogWithdrawalPerformed(\n uint256 starkKey,\n uint256 assetType,\n uint256 nonQuantizedAmount,\n uint256 quantizedAmount,\n address recipient\n );\n\n event LogNftWithdrawalPerformed(\n uint256 starkKey,\n uint256 assetType,\n uint256 tokenId,\n uint256 assetId,\n address recipient\n );\n\n event LogMintWithdrawalPerformed(\n uint256 starkKey,\n uint256 tokenId,\n uint256 nonQuantizedAmount,\n uint256 quantizedAmount,\n uint256 assetId\n );\n\n function getWithdrawalBalance(\n uint256 starkKey,\n uint256 assetId\n )\n external\n view\n returns (uint256 balance)\n {\n uint256 presumedAssetType = assetId;\n balance = fromQuantized(presumedAssetType, pendingWithdrawals[starkKey][assetId]);\n }\n\n /*\n Allows a user to withdraw accepted funds to a recipient\u0027s account.\n This function can be called normally while frozen.\n */\n function withdrawTo(uint256 starkKey, uint256 assetType, address payable recipient)\n public\n isSenderStarkKey(starkKey)\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n uint256 assetId = assetType;\n // Fetch and clear quantized amount.\n uint256 quantizedAmount = pendingWithdrawals[starkKey][assetId];\n pendingWithdrawals[starkKey][assetId] = 0;\n\n // Transfer funds.\n transferOut(recipient, assetType, quantizedAmount);\n emit LogWithdrawalPerformed(\n starkKey,\n assetType,\n fromQuantized(assetType, quantizedAmount),\n quantizedAmount,\n recipient\n );\n }\n\n /*\n Allows a user to withdraw accepted funds to its own account.\n This function can be called normally while frozen.\n */\n function withdraw(uint256 starkKey, uint256 assetType)\n external\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n withdrawTo(starkKey, assetType, msg.sender);\n }\n\n /*\n Allows a user to withdraw an accepted NFT to a recipient\u0027s account.\n This function can be called normally while frozen.\n */\n function withdrawNftTo(\n uint256 starkKey,\n uint256 assetType,\n uint256 tokenId,\n address recipient\n )\n public\n isSenderStarkKey(starkKey)\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n // Calculate assetId.\n uint256 assetId = calculateNftAssetId(assetType, tokenId);\n require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n require(pendingWithdrawals[starkKey][assetId] == 1, \"ILLEGAL_NFT_BALANCE\");\n pendingWithdrawals[starkKey][assetId] = 0;\n\n // Transfer funds.\n transferOutNft(recipient, assetType, tokenId);\n emit LogNftWithdrawalPerformed(starkKey, assetType, tokenId, assetId, recipient);\n }\n\n /*\n Allows a user to withdraw an accepted NFT to its own account.\n This function can be called normally while frozen.\n */\n function withdrawNft(\n uint256 starkKey,\n uint256 assetType,\n uint256 tokenId\n )\n external\n // No notFrozen modifier: This function can always be used, even when frozen.\n {\n withdrawNftTo(starkKey, assetType, tokenId, msg.sender);\n }\n\n function withdrawAndMint(\n uint256 starkKey,\n uint256 assetType,\n bytes calldata mintingBlob\n ) external isSenderStarkKey(starkKey) {\n require(registeredAssetType[assetType], \"INVALID_ASSET_TYPE\");\n require(isMintableAssetType(assetType), \"NON_MINTABLE_ASSET_TYPE\");\n uint256 assetId = calculateMintableAssetId(assetType, mintingBlob);\n require(pendingWithdrawals[starkKey][assetId] \u003e 0, \"NO_PENDING_WITHDRAWAL_BALANCE\");\n uint256 quantizedAmount = pendingWithdrawals[starkKey][assetId];\n pendingWithdrawals[starkKey][assetId] = 0;\n // Transfer funds.\n transferOutMint(assetType, quantizedAmount, mintingBlob);\n emit LogMintWithdrawalPerformed(\n starkKey, assetType, fromQuantized(assetType, quantizedAmount), quantizedAmount,\n assetId);\n }\n}\n"}}