Transaction Hash:
Block:
23368254 at Sep-15-2025 11:42:59 AM +UTC
Transaction Fee:
0.000028684276533045 ETH
$0.06
Gas Used:
54,495 Gas / 0.526365291 Gwei
Emitted Events:
| 493 |
BeaconProxy.0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925( 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925, 0x0000000000000000000000001bfae4e0d74ebf9262aabb6e391f36e3498966fc, 0x000000000000000000000000888888888889758f76e7103c6cbf23abbf58f946, 0000000000000000000000000000000000000000000000bdfb3250f538baad5f )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x1BFae4e0...3498966Fc |
0.020622111079263 Eth
Nonce: 239
|
0.020593426802729955 Eth
Nonce: 240
| 0.000028684276533045 | ||
|
0x4838B106...B0BAD5f97
Miner
| (Titan Builder) | 16.684698175758179295 Eth | 16.684698537659474295 Eth | 0.000000361901295 | |
| 0xDCD0f5ab...f88349124 |
Execution Trace
BeaconProxy.095ea7b3( )
BeaconProxy.095ea7b3( )
-
BeaconProxyFactory.STATICCALL( ) -
Vault.approve( spender=0x888888888889758F76e7103c6CbF23ABbF58F946, value=3504535248797609667935 ) => ( True )
File 1 of 3: BeaconProxy
File 2 of 3: BeaconProxyFactory
File 3 of 3: Vault
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/BeaconProxy.sol)
pragma solidity ^0.8.20;
import {IBeacon} from "./IBeacon.sol";
import {Proxy} from "../Proxy.sol";
import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol";
/**
* @dev This contract implements a proxy that gets the implementation address for each call from an {UpgradeableBeacon}.
*
* The beacon address can only be set once during construction, and cannot be changed afterwards. It is stored in an
* immutable variable to avoid unnecessary storage reads, and also in the beacon storage slot specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] so that it can be accessed externally.
*
* CAUTION: Since the beacon address can never be changed, you must ensure that you either control the beacon, or trust
* the beacon to not upgrade the implementation maliciously.
*
* IMPORTANT: Do not use the implementation logic to modify the beacon storage slot. Doing so would leave the proxy in
* an inconsistent state where the beacon storage slot does not match the beacon address.
*/
contract BeaconProxy is Proxy {
// An immutable address for the beacon to avoid unnecessary SLOADs before each delegate call.
address private immutable _beacon;
/**
* @dev Initializes the proxy with `beacon`.
*
* If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. This
* will typically be an encoded function call, and allows initializing the storage of the proxy like a Solidity
* constructor.
*
* Requirements:
*
* - `beacon` must be a contract with the interface {IBeacon}.
* - If `data` is empty, `msg.value` must be zero.
*/
constructor(address beacon, bytes memory data) payable {
ERC1967Utils.upgradeBeaconToAndCall(beacon, data);
_beacon = beacon;
}
/**
* @dev Returns the current implementation address of the associated beacon.
*/
function _implementation() internal view virtual override returns (address) {
return IBeacon(_getBeacon()).implementation();
}
/**
* @dev Returns the beacon.
*/
function _getBeacon() internal view virtual returns (address) {
return _beacon;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.20;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {UpgradeableBeacon} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)
pragma solidity ^0.8.20;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback
* function and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Utils.sol)
pragma solidity ^0.8.20;
import {IBeacon} from "../beacon/IBeacon.sol";
import {Address} from "../../utils/Address.sol";
import {StorageSlot} from "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*/
library ERC1967Utils {
// We re-declare ERC-1967 events here because they can't be used directly from IERC1967.
// This will be fixed in Solidity 0.8.21. At that point we should remove these events.
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev The `implementation` of the proxy is invalid.
*/
error ERC1967InvalidImplementation(address implementation);
/**
* @dev The `admin` of the proxy is invalid.
*/
error ERC1967InvalidAdmin(address admin);
/**
* @dev The `beacon` of the proxy is invalid.
*/
error ERC1967InvalidBeacon(address beacon);
/**
* @dev An upgrade function sees `msg.value > 0` that may be lost.
*/
error ERC1967NonPayable();
/**
* @dev Returns the current implementation address.
*/
function getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
if (newImplementation.code.length == 0) {
revert ERC1967InvalidImplementation(newImplementation);
}
StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Performs implementation upgrade with additional setup call if data is nonempty.
* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
* to avoid stuck value in the contract.
*
* Emits an {IERC1967-Upgraded} event.
*/
function upgradeToAndCall(address newImplementation, bytes memory data) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
if (data.length > 0) {
Address.functionDelegateCall(newImplementation, data);
} else {
_checkNonPayable();
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
* the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
*/
function getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
if (newAdmin == address(0)) {
revert ERC1967InvalidAdmin(address(0));
}
StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {IERC1967-AdminChanged} event.
*/
function changeAdmin(address newAdmin) internal {
emit AdminChanged(getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
if (newBeacon.code.length == 0) {
revert ERC1967InvalidBeacon(newBeacon);
}
StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;
address beaconImplementation = IBeacon(newBeacon).implementation();
if (beaconImplementation.code.length == 0) {
revert ERC1967InvalidImplementation(beaconImplementation);
}
}
/**
* @dev Change the beacon and trigger a setup call if data is nonempty.
* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
* to avoid stuck value in the contract.
*
* Emits an {IERC1967-BeaconUpgraded} event.
*
* CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
* it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
* efficiency.
*/
function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
} else {
_checkNonPayable();
}
}
/**
* @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
* if an upgrade doesn't perform an initialization call.
*/
function _checkNonPayable() private {
if (msg.value > 0) {
revert ERC1967NonPayable();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
pragma solidity ^0.8.20;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/
error AddressInsufficientBalance(address account);
/**
* @dev There's no code at `target` (it is not a contract).
*/
error AddressEmptyCode(address target);
/**
* @dev A call to an address target failed. The target may have reverted.
*/
error FailedInnerCall();
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
if (address(this).balance < amount) {
revert AddressInsufficientBalance(address(this));
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert FailedInnerCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {FailedInnerCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
if (address(this).balance < value) {
revert AddressInsufficientBalance(address(this));
}
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
* unsuccessful call.
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata
) internal view returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
if (returndata.length == 0 && target.code.length == 0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {FailedInnerCall} error.
*/
function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
*/
function _revert(bytes memory returndata) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert FailedInnerCall();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.20;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(newImplementation.code.length > 0);
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
File 2 of 3: BeaconProxyFactory
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {BeaconProxy} from "@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol";
import {UpgradeableBeacon} from "@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol";
struct InitStruct {
address underlying;
string name;
string symbol;
address safe;
address whitelistManager;
address valuationManager;
address admin;
address feeReceiver;
uint16 managementRate;
uint16 performanceRate;
bool enableWhitelist;
uint256 rateUpdateCooldown;
}
interface IVault {
function initialize(bytes memory data, address feeRegistry, address wrappedNativeToken) external;
}
/// @title BeaconProxyFactory
/// @notice A factory contract for creating BeaconProxy instances with upgradeable functionality
/// @dev Inherits from UpgradeableBeacon to provide upgrade functionality for all created proxies
contract BeaconProxyFactory is UpgradeableBeacon {
event BeaconProxyDeployed(address proxy, address deployer);
/// @notice Address of the registry contract
address public immutable REGISTRY;
/// @notice Address of the wrapped native token (e.g., WETH)
address public immutable WRAPPED_NATIVE;
/// @notice Mapping to track whether an address is a proxy instance created by this factory
mapping(address => bool) public isInstance;
/// @notice Array of all proxy instances created by this factory
address[] public instances;
/// @notice Constructs the BeaconProxyFactory
/// @param _registry Address of the registry contract
/// @param _implementation Address of the initial implementation contract
/// @param _owner Address of the owner who can upgrade the implementation
/// @param _wrappedNativeToken Address of the wrapped native token (e.g., WETH)
constructor(
address _registry,
address _implementation,
address _owner,
address _wrappedNativeToken
) UpgradeableBeacon(_implementation, _owner) {
REGISTRY = _registry;
WRAPPED_NATIVE = _wrappedNativeToken;
}
/// @notice Creates a new BeaconProxy instance
/// @dev Uses CREATE2 with provided salt for deterministic address calculation
/// @param init Initialization data for the proxy
/// @param salt Salt used for deterministic address calculation
/// @return The address of the newly created proxy
function createBeaconProxy(bytes memory init, bytes32 salt) public returns (address) {
address proxy = address(
new BeaconProxy{salt: salt}(
address(this), abi.encodeWithSelector(IVault.initialize.selector, init, REGISTRY, WRAPPED_NATIVE)
)
);
isInstance[proxy] = true;
instances.push(proxy);
emit BeaconProxyDeployed(proxy, msg.sender);
return address(proxy);
}
/// @notice Creates a new vault proxy with structured initialization data
/// @dev Wrapper around createBeaconProxy that takes InitStruct as parameter
/// @param init Structured initialization data for the vault
/// @param salt Salt used for deterministic address calculation
/// @return The address of the newly created vault proxy
function createVaultProxy(InitStruct calldata init, bytes32 salt) external returns (address) {
return createBeaconProxy(abi.encode(init), salt);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/BeaconProxy.sol)
pragma solidity ^0.8.20;
import {IBeacon} from "./IBeacon.sol";
import {Proxy} from "../Proxy.sol";
import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol";
/**
* @dev This contract implements a proxy that gets the implementation address for each call from an {UpgradeableBeacon}.
*
* The beacon address can only be set once during construction, and cannot be changed afterwards. It is stored in an
* immutable variable to avoid unnecessary storage reads, and also in the beacon storage slot specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] so that it can be accessed externally.
*
* CAUTION: Since the beacon address can never be changed, you must ensure that you either control the beacon, or trust
* the beacon to not upgrade the implementation maliciously.
*
* IMPORTANT: Do not use the implementation logic to modify the beacon storage slot. Doing so would leave the proxy in
* an inconsistent state where the beacon storage slot does not match the beacon address.
*/
contract BeaconProxy is Proxy {
// An immutable address for the beacon to avoid unnecessary SLOADs before each delegate call.
address private immutable _beacon;
/**
* @dev Initializes the proxy with `beacon`.
*
* If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. This
* will typically be an encoded function call, and allows initializing the storage of the proxy like a Solidity
* constructor.
*
* Requirements:
*
* - `beacon` must be a contract with the interface {IBeacon}.
* - If `data` is empty, `msg.value` must be zero.
*/
constructor(address beacon, bytes memory data) payable {
ERC1967Utils.upgradeBeaconToAndCall(beacon, data);
_beacon = beacon;
}
/**
* @dev Returns the current implementation address of the associated beacon.
*/
function _implementation() internal view virtual override returns (address) {
return IBeacon(_getBeacon()).implementation();
}
/**
* @dev Returns the beacon.
*/
function _getBeacon() internal view virtual returns (address) {
return _beacon;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/UpgradeableBeacon.sol)
pragma solidity ^0.8.20;
import {IBeacon} from "./IBeacon.sol";
import {Ownable} from "../../access/Ownable.sol";
/**
* @dev This contract is used in conjunction with one or more instances of {BeaconProxy} to determine their
* implementation contract, which is where they will delegate all function calls.
*
* An owner is able to change the implementation the beacon points to, thus upgrading the proxies that use this beacon.
*/
contract UpgradeableBeacon is IBeacon, Ownable {
address private _implementation;
/**
* @dev The `implementation` of the beacon is invalid.
*/
error BeaconInvalidImplementation(address implementation);
/**
* @dev Emitted when the implementation returned by the beacon is changed.
*/
event Upgraded(address indexed implementation);
/**
* @dev Sets the address of the initial implementation, and the initial owner who can upgrade the beacon.
*/
constructor(address implementation_, address initialOwner) Ownable(initialOwner) {
_setImplementation(implementation_);
}
/**
* @dev Returns the current implementation address.
*/
function implementation() public view virtual returns (address) {
return _implementation;
}
/**
* @dev Upgrades the beacon to a new implementation.
*
* Emits an {Upgraded} event.
*
* Requirements:
*
* - msg.sender must be the owner of the contract.
* - `newImplementation` must be a contract.
*/
function upgradeTo(address newImplementation) public virtual onlyOwner {
_setImplementation(newImplementation);
}
/**
* @dev Sets the implementation contract address for this beacon
*
* Requirements:
*
* - `newImplementation` must be a contract.
*/
function _setImplementation(address newImplementation) private {
if (newImplementation.code.length == 0) {
revert BeaconInvalidImplementation(newImplementation);
}
_implementation = newImplementation;
emit Upgraded(newImplementation);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.20;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {UpgradeableBeacon} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)
pragma solidity ^0.8.20;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback
* function and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Utils.sol)
pragma solidity ^0.8.20;
import {IBeacon} from "../beacon/IBeacon.sol";
import {Address} from "../../utils/Address.sol";
import {StorageSlot} from "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*/
library ERC1967Utils {
// We re-declare ERC-1967 events here because they can't be used directly from IERC1967.
// This will be fixed in Solidity 0.8.21. At that point we should remove these events.
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev The `implementation` of the proxy is invalid.
*/
error ERC1967InvalidImplementation(address implementation);
/**
* @dev The `admin` of the proxy is invalid.
*/
error ERC1967InvalidAdmin(address admin);
/**
* @dev The `beacon` of the proxy is invalid.
*/
error ERC1967InvalidBeacon(address beacon);
/**
* @dev An upgrade function sees `msg.value > 0` that may be lost.
*/
error ERC1967NonPayable();
/**
* @dev Returns the current implementation address.
*/
function getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
if (newImplementation.code.length == 0) {
revert ERC1967InvalidImplementation(newImplementation);
}
StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Performs implementation upgrade with additional setup call if data is nonempty.
* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
* to avoid stuck value in the contract.
*
* Emits an {IERC1967-Upgraded} event.
*/
function upgradeToAndCall(address newImplementation, bytes memory data) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
if (data.length > 0) {
Address.functionDelegateCall(newImplementation, data);
} else {
_checkNonPayable();
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
* the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
*/
function getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
if (newAdmin == address(0)) {
revert ERC1967InvalidAdmin(address(0));
}
StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {IERC1967-AdminChanged} event.
*/
function changeAdmin(address newAdmin) internal {
emit AdminChanged(getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
if (newBeacon.code.length == 0) {
revert ERC1967InvalidBeacon(newBeacon);
}
StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;
address beaconImplementation = IBeacon(newBeacon).implementation();
if (beaconImplementation.code.length == 0) {
revert ERC1967InvalidImplementation(beaconImplementation);
}
}
/**
* @dev Change the beacon and trigger a setup call if data is nonempty.
* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
* to avoid stuck value in the contract.
*
* Emits an {IERC1967-BeaconUpgraded} event.
*
* CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
* it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
* efficiency.
*/
function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
} else {
_checkNonPayable();
}
}
/**
* @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
* if an upgrade doesn't perform an initialization call.
*/
function _checkNonPayable() private {
if (msg.value > 0) {
revert ERC1967NonPayable();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
pragma solidity ^0.8.20;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/
error AddressInsufficientBalance(address account);
/**
* @dev There's no code at `target` (it is not a contract).
*/
error AddressEmptyCode(address target);
/**
* @dev A call to an address target failed. The target may have reverted.
*/
error FailedInnerCall();
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
if (address(this).balance < amount) {
revert AddressInsufficientBalance(address(this));
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert FailedInnerCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {FailedInnerCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
if (address(this).balance < value) {
revert AddressInsufficientBalance(address(this));
}
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
* unsuccessful call.
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata
) internal view returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
if (returndata.length == 0 && target.code.length == 0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {FailedInnerCall} error.
*/
function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
*/
function _revert(bytes memory returndata) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert FailedInnerCall();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.20;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(newImplementation.code.length > 0);
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
File 3 of 3: Vault
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {ERC7540} from "./ERC7540.sol";
import {FeeManager} from "./FeeManager.sol";
import {Roles} from "./Roles.sol";
import {Whitelistable} from "./Whitelistable.sol";
import {State} from "./primitives/Enums.sol";
import {
CantDepositNativeToken,
Closed,
ERC7540InvalidOperator,
NotClosing,
NotOpen,
NotWhitelisted,
OnlyAsyncDepositAllowed,
OnlySyncDepositAllowed,
ValuationUpdateNotAllowed
} from "./primitives/Errors.sol";
import {DepositSync, Referral, StateUpdated} from "./primitives/Events.sol";
import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {ERC4626Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC4626Upgradeable.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
import {FeeRegistry} from "@src/protocol/FeeRegistry.sol";
using SafeERC20 for IERC20;
/// @custom:storage-definition erc7201:hopper.storage.vault
/// @param underlying The address of the underlying asset.
/// @param name The name of the vault and by extension the ERC20 token.
/// @param symbol The symbol of the vault and by extension the ERC20 token.
/// @param safe The address of the safe smart contract.
/// @param whitelistManager The address of the whitelist manager.
/// @param valuationManager The address of the valuation manager.
/// @param admin The address of the owner of the vault.
/// @param feeReceiver The address of the fee receiver.
/// @param feeRegistry The address of the fee registry.
/// @param wrappedNativeToken The address of the wrapped native token.
/// @param managementRate The management fee rate.
/// @param performanceRate The performance fee rate.
/// @param rateUpdateCooldown The cooldown period for updating the fee rates.
/// @param enableWhitelist A boolean indicating whether the whitelist is enabled.
struct InitStruct {
IERC20 underlying;
string name;
string symbol;
address safe;
address whitelistManager;
address valuationManager;
address admin;
address feeReceiver;
uint16 managementRate;
uint16 performanceRate;
bool enableWhitelist;
uint256 rateUpdateCooldown;
}
/// @custom:oz-upgrades-from src/v0.4.0/Vault.sol:Vault
contract Vault is ERC7540, Whitelistable, FeeManager {
/// @custom:storage-location erc7201:hopper.storage.vault
/// @param newTotalAssets The new total assets of the vault. It is used to update the totalAssets variable.
/// @param state The state of the vault. It can be Open, Closing, or Closed.
struct VaultStorage {
State state;
}
// keccak256(abi.encode(uint256(keccak256("hopper.storage.vault")) - 1)) & ~bytes32(uint256(0xff))
/// @custom:slot erc7201:hopper.storage.vault
// solhint-disable-next-line const-name-snakecase
bytes32 private constant vaultStorage = 0x0e6b3200a60a991c539f47dddaca04a18eb4bcf2b53906fb44751d827f001400;
/// @notice Returns the storage struct of the vault.
/// @return _vaultStorage The storage struct of the vault.
function _getVaultStorage() internal pure returns (VaultStorage storage _vaultStorage) {
// solhint-disable-next-line no-inline-assembly
assembly {
_vaultStorage.slot := vaultStorage
}
}
/// @custom:oz-upgrades-unsafe-allow constructor
// solhint-disable-next-line ignoreConstructors
constructor(
bool disable
) {
if (disable) _disableInitializers();
}
/// @notice Initializes the vault.
/// @param data The encoded initialization parameters of the vault.
function initialize(
bytes memory data,
address feeRegistry,
address wrappedNativeToken
) public virtual initializer {
InitStruct memory init = abi.decode(data, (InitStruct));
__Ownable_init(init.admin); // initial vault owner
__Roles_init(
Roles.RolesStorage({
whitelistManager: init.whitelistManager,
feeReceiver: init.feeReceiver,
safe: init.safe,
feeRegistry: FeeRegistry(feeRegistry),
valuationManager: init.valuationManager
})
);
__ERC20_init(init.name, init.symbol);
__ERC20Pausable_init();
__ERC4626_init(init.underlying);
__ERC7540_init(init.underlying, wrappedNativeToken);
__Whitelistable_init(init.enableWhitelist);
__FeeManager_init(
feeRegistry,
init.managementRate,
init.performanceRate,
IERC20Metadata(address(init.underlying)).decimals(),
init.rateUpdateCooldown
);
emit StateUpdated(State.Open);
}
/////////////////////
// ## MODIFIERS ## //
/////////////////////
/// @notice Reverts if the vault is not open.
modifier onlyOpen() {
State _state = _getVaultStorage().state;
if (_state != State.Open) revert NotOpen(_state);
_;
}
/// @notice Reverts if the vault is not closing.
modifier onlyClosing() {
State _state = _getVaultStorage().state;
if (_state != State.Closing) revert NotClosing(_state);
_;
}
// @notice Reverts if totalAssets is expired.
modifier onlySyncDeposit() {
// if total assets is not valid we can only do asynchronous deposit
if (!isTotalAssetsValid()) {
revert OnlyAsyncDepositAllowed();
}
_;
}
// @notice Reverts if totalAssets is valid.
modifier onlyAsyncDeposit() {
// if total assets is valid we can only do synchronous deposit
if (isTotalAssetsValid()) {
revert OnlySyncDepositAllowed();
}
_;
}
/////////////////////////////////////////////
// ## DEPOSIT AND REDEEM FLOW FUNCTIONS ## //
/////////////////////////////////////////////
/// @param assets The amount of assets to deposit.
/// @param controller The address of the controller involved in the deposit request.
/// @param owner The address of the owner for whom the deposit is requested.
function requestDeposit(
uint256 assets,
address controller,
address owner
) public payable override onlyOperator(owner) whenNotPaused onlyAsyncDeposit returns (uint256 requestId) {
if (!isWhitelisted(owner)) revert NotWhitelisted();
return _requestDeposit(assets, controller, owner);
}
/// @notice Requests a deposit of assets, subject to whitelist validation.
/// @param assets The amount of assets to deposit.
/// @param controller The address of the controller involved in the deposit request.
/// @param owner The address of the owner for whom the deposit is requested.
/// @param referral The address who referred the deposit.
function requestDeposit(
uint256 assets,
address controller,
address owner,
address referral
) public payable onlyOperator(owner) whenNotPaused onlyAsyncDeposit returns (uint256 requestId) {
if (!isWhitelisted(owner)) revert NotWhitelisted();
requestId = _requestDeposit(assets, controller, owner);
emit Referral(referral, owner, requestId, assets);
}
/// @notice Deposit in a sychronous fashion into the vault.
/// @param assets The assets to deposit.
/// @param receiver The receiver of the shares.
/// @return shares The resulting shares.
function syncDeposit(
uint256 assets,
address receiver,
address referral
) public payable onlySyncDeposit onlyOpen returns (uint256 shares) {
ERC7540Storage storage $ = _getERC7540Storage();
if (!isWhitelisted(msg.sender)) revert NotWhitelisted();
if (msg.value != 0) {
// if user sends eth and the underlying is wETH we will wrap it for him
if (asset() == address($.wrappedNativeToken)) {
assets = msg.value;
// we do not send directly eth in case the safe is not payable
$.pendingSilo.depositEth{value: assets}();
IERC20(asset()).safeTransferFrom(address($.pendingSilo), safe(), assets);
} else {
revert CantDepositNativeToken();
}
} else {
IERC20(asset()).safeTransferFrom(msg.sender, safe(), assets);
}
shares = _convertToShares(assets, Math.Rounding.Floor);
$.totalAssets += assets;
_mint(receiver, shares);
emit DepositSync(msg.sender, receiver, assets, shares);
emit Referral(referral, msg.sender, 0, assets);
}
/// @notice Requests the redemption of tokens, subject to whitelist validation.
/// @param shares The number of tokens to redeem.
/// @param controller The address of the controller involved in the redemption request.
/// @param owner The address of the token owner requesting redemption.
/// @return requestId The id of the redeem request.
function requestRedeem(
uint256 shares,
address controller,
address owner
) public onlyOpen whenNotPaused returns (uint256 requestId) {
if (!isWhitelisted(owner)) revert NotWhitelisted();
return _requestRedeem(shares, controller, owner);
}
/// @notice Function to bundle a claim of shares and a request redeem. It can be convenient for UX.
/// @dev if claimable == 0, it has the same behavior as requestRedeem function.
/// @dev if claimable > 0, user shares follow this path: vault --> user ; user --> pendingSilo
function claimSharesAndRequestRedeem(
uint256 sharesToRedeem
) public onlyOpen whenNotPaused returns (uint40 requestId) {
if (!isWhitelisted(msg.sender)) revert NotWhitelisted();
uint256 claimable = claimableDepositRequest(0, msg.sender);
if (claimable > 0) _deposit(claimable, msg.sender, msg.sender);
uint256 redeemId = _requestRedeem(sharesToRedeem, msg.sender, msg.sender);
return uint40(redeemId);
}
/// @dev Unusable when paused.
/// @dev First _withdraw path: whenNotPaused via ERC20Pausable._update.
/// @dev Second _withdraw path: whenNotPaused in ERC7540.
function withdraw(
uint256 assets,
address receiver,
address controller
) public override(ERC4626Upgradeable, IERC4626) whenNotPaused returns (uint256 shares) {
VaultStorage storage $ = _getVaultStorage();
if ($.state == State.Closed && claimableRedeemRequest(0, controller) == 0) {
shares = _convertToShares(assets, Math.Rounding.Ceil);
_withdraw(msg.sender, receiver, controller, assets, shares); // sync
} else {
if (controller != msg.sender && !isOperator(controller, msg.sender)) {
revert ERC7540InvalidOperator();
}
return _withdraw(assets, receiver, controller); // async
}
}
/// @dev Unusable when paused.
/// @dev First _withdraw path: whenNotPaused via ERC20Pausable._update.
/// @dev Second _withdraw path: whenNotPaused in ERC7540.
/// @notice Claim assets from the vault. After a request is made and settled.
/// @param shares The amount shares to convert into assets.
/// @param receiver The receiver of the assets.
/// @param controller The controller, who owns the redeem request.
/// @return assets The corresponding assets.
function redeem(
uint256 shares,
address receiver,
address controller
) public override(ERC4626Upgradeable, IERC4626) whenNotPaused returns (uint256 assets) {
VaultStorage storage $ = _getVaultStorage();
if ($.state == State.Closed && claimableRedeemRequest(0, controller) == 0) {
assets = _convertToAssets(shares, Math.Rounding.Floor);
_withdraw(msg.sender, receiver, controller, assets, shares);
} else {
if (controller != msg.sender && !isOperator(controller, msg.sender)) {
revert ERC7540InvalidOperator();
}
return _redeem(shares, receiver, controller);
}
}
/// @dev override ERC4626 synchronous withdraw; called only when vault is closed
/// @param caller The address of the caller.
/// @param receiver The address of the receiver of the assets.
/// @param owner The address of the owner of the shares.
/// @param assets The amount of assets to withdraw.
/// @param shares The amount of shares to burn.
function _withdraw(
address caller,
address receiver,
address owner,
uint256 assets,
uint256 shares
) internal virtual override {
if (caller != owner && !isOperator(owner, caller)) {
_spendAllowance(owner, caller, shares);
}
_getERC7540Storage().totalAssets -= assets;
_burn(owner, shares);
IERC20(asset()).safeTransfer(receiver, assets);
emit Withdraw(caller, receiver, owner, assets, shares);
}
/// @notice Claims all available shares for a list of controller addresses.
/// @dev Iterates over each controller address, checks for claimable deposits, and deposits them on their behalf.
/// @param controllers The list of controller addresses for which to claim shares.
function claimSharesOnBehalf(
address[] memory controllers
) external onlySafe {
for (uint256 i = 0; i < controllers.length; i++) {
uint256 claimable = claimableDepositRequest(0, controllers[i]);
if (claimable > 0) {
_deposit(claimable, controllers[i], controllers[i]);
}
}
}
///////////////////////////////////////////////////////
// ## VALUATION UPDATING AND SETTLEMENT FUNCTIONS ## //
///////////////////////////////////////////////////////
function updateTotalAssetsLifespan(
uint128 lifespan
) external onlySafe {
_updateTotalAssetsLifespan(lifespan);
}
/// @notice Function to propose a new valuation for the vault.
/// @notice It can only be called by the ValueManager.
/// @param _newTotalAssets The new total assets of the vault.
function updateNewTotalAssets(
uint256 _newTotalAssets
) public onlyValuationManager {
if (_getVaultStorage().state == State.Closed) revert Closed();
// if totalAssets is not expired yet it means syncDeposit are allowed
// in this case we do not allow onlyValuationManager to propose a new nav
// he must call unvalidateTotalAssets first.
if (isTotalAssetsValid()) {
revert ValuationUpdateNotAllowed();
}
_updateNewTotalAssets(_newTotalAssets);
}
/// @notice Settles deposit requests, integrates user funds into the vault strategy, and enables share claims.
/// If possible, it also settles redeem requests.
/// @dev Unusable when paused, protected by whenNotPaused in _updateTotalAssets.
function settleDeposit(
uint256 _newTotalAssets
) public override onlySafe onlyOpen {
_updateTotalAssetsAndTakeFees(_newTotalAssets);
_settleDeposit(msg.sender);
_settleRedeem(msg.sender); // if it is possible to settleRedeem, we should do so
}
/// @notice Settles redeem requests, only callable by the safe.
/// @dev Unusable when paused, protected by whenNotPaused in _updateTotalAssets.
/// @dev After updating totalAssets, it takes fees, updates highWaterMark and finally settles redeem requests.
/// @inheritdoc ERC7540
function settleRedeem(
uint256 _newTotalAssets
) public override onlySafe onlyOpen {
_updateTotalAssetsAndTakeFees(_newTotalAssets);
_settleRedeem(msg.sender);
}
/// @notice Settles deposit requests, integrates user funds into the vault strategy, and enables share claims.
/// If possible, it also settles redeem requests.
/// @dev Unusable when paused, protected by whenNotPaused in _updateTotalAssets.
function _updateTotalAssetsAndTakeFees(
uint256 _newTotalAssets
) internal {
RolesStorage storage $roles = _getRolesStorage();
_updateTotalAssets(_newTotalAssets);
_takeFees($roles.feeReceiver, $roles.feeRegistry.protocolFeeReceiver());
}
/////////////////////////////
// ## CLOSING FUNCTIONS ## //
/////////////////////////////
/// @notice Initiates the closing of the vault. Can only be called by the owner.
/// @dev we make sure that initiate closing will make an epoch changement if the variable newTotalAssets is
/// "defined"
/// @dev (!= type(uint256).max). This guarantee that no userShares will be locked in a pending state.
function initiateClosing() external onlyOwner onlyOpen {
ERC7540Storage storage $ = _getERC7540Storage();
if ($.newTotalAssets != type(uint256).max) {
_updateNewTotalAssets($.newTotalAssets);
}
_getVaultStorage().state = State.Closing;
emit StateUpdated(State.Closing);
}
/// @notice Closes the vault, only redemption and withdrawal are allowed after this. Can only be called by the safe.
/// @dev Users can still requestDeposit but it can't be settled.
function close(
uint256 _newTotalAssets
) external onlySafe onlyClosing {
RolesStorage storage $roles = _getRolesStorage();
_updateTotalAssets(_newTotalAssets);
_takeFees($roles.feeReceiver, $roles.feeRegistry.protocolFeeReceiver());
_settleDeposit(msg.sender);
_settleRedeem(msg.sender);
_getVaultStorage().state = State.Closed;
// Transfer will fail if there are not enough assets inside the safe, making sure that redeem requests are
// fulfilled
IERC20(asset()).safeTransferFrom(msg.sender, address(this), _getERC7540Storage().totalAssets);
emit StateUpdated(State.Closed);
}
/////////////////////////////////
// ## PAUSABILITY FUNCTIONS ## //
/////////////////////////////////
/// @notice Halts core operations of the vault. Can only be called by the owner.
/// @notice Core operations include deposit, redeem, withdraw, any type of request, settles deposit and redeem and
/// newTotalAssets update.
function pause() public onlyOwner {
_pause();
}
/// @notice Resumes core operations of the vault. Can only be called by the owner.
function unpause() public onlyOwner {
_unpause();
}
function expireTotalAssets() public onlySafe {
_getERC7540Storage().totalAssetsExpiration = 0;
}
// MAX FUNCTIONS OVERRIDE //
/// @notice Returns the maximum redeemable shares for a controller.
/// @param controller The controller.
/// @return shares The maximum redeemable shares.
/// @dev When the vault is closed, users may claim there assets (erc7540.redeem style) or redeem there assets in a
/// sync manner.
/// this is why when they have nothing to claim and the vault is closed, we return their shares balance
function maxRedeem(
address controller
) public view override(IERC4626, ERC4626Upgradeable) returns (uint256) {
if (paused()) return 0;
uint256 shares = claimableRedeemRequest(0, controller);
if (shares == 0 && _getVaultStorage().state == State.Closed) {
// controller has no redeem claimable, we will use the synchronous flow
return balanceOf(controller);
}
return shares;
}
/// @notice Returns the amount of assets a controller will get if he redeem.
/// @param controller The controller.
/// @return The maximum amount of assets to get.
/// @dev This is the same philosophy as maxRedeem, except that we take care to convertToAssets the value before
/// returning it
function maxWithdraw(
address controller
) public view override(IERC4626, ERC4626Upgradeable) returns (uint256) {
if (paused()) return 0;
uint256 shares = claimableRedeemRequest(0, controller);
if (shares == 0 && _getVaultStorage().state == State.Closed) {
// controller has no redeem claimable, we will use the synchronous flow
return convertToAssets(balanceOf(controller));
}
uint256 lastRedeemId = _getERC7540Storage().lastRedeemRequestId[controller];
return convertToAssets(shares, lastRedeemId);
}
/// @notice Returns the amount of assets a controller will get if he redeem.
/// @param controller address to check
/// @dev If the contract is paused no deposit/claims are possible.
function maxDeposit(
address controller
) public view override(IERC4626, ERC4626Upgradeable) returns (uint256) {
if (paused()) return 0;
return claimableDepositRequest(0, controller);
}
/// @notice Returns the amount of sharres a controller will get if he calls Deposit.
/// @param controller The controller.
/// @dev If the contract is paused no deposit/claims are possible.
/// @dev We read the claimableDepositRequest of the controller then convert it to shares using the
/// convertToShares
/// of the related epochId
/// @return The maximum amount of shares to get.
function maxMint(
address controller
) public view override(IERC4626, ERC4626Upgradeable) returns (uint256) {
if (paused()) return 0;
uint256 lastDepositId = _getERC7540Storage().lastDepositRequestId[controller];
uint256 claimable = claimableDepositRequest(lastDepositId, controller);
return convertToShares(claimable, lastDepositId);
}
function isTotalAssetsValid() public view returns (bool) {
return block.timestamp < _getERC7540Storage().totalAssetsExpiration;
}
function safe() public view override returns (address) {
return _getRolesStorage().safe;
}
function version() public pure returns (string memory) {
return "v0.5.0";
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {Silo} from "./Silo.sol";
import {IERC7540Deposit} from "./interfaces/IERC7540Deposit.sol";
import {IERC7540Redeem} from "./interfaces/IERC7540Redeem.sol";
import {IWETH9} from "./interfaces/IWETH9.sol";
import {
CantDepositNativeToken,
ERC7540InvalidOperator,
ERC7540PreviewDepositDisabled,
ERC7540PreviewMintDisabled,
ERC7540PreviewRedeemDisabled,
ERC7540PreviewWithdrawDisabled,
NewTotalAssetsMissing,
OnlyOneRequestAllowed,
RequestIdNotClaimable,
RequestNotCancelable,
WrongNewTotalAssets
} from "./primitives/Errors.sol";
import {
DepositRequestCanceled,
NewTotalAssetsUpdated,
SettleDeposit,
SettleRedeem,
TotalAssetsLifespanUpdated,
TotalAssetsUpdated
} from "./primitives/Events.sol";
import {EpochData, SettleData} from "./primitives/Struct.sol";
import {
ERC20Upgradeable,
IERC20,
IERC20Metadata
} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {ERC20PausableUpgradeable} from
"@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PausableUpgradeable.sol";
import {ERC4626Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC4626Upgradeable.sol";
import {IERC165} from "@openzeppelin/contracts/interfaces/IERC165.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
using SafeERC20 for IERC20;
using Math for uint256;
/// @title ERC7540Upgradeable
/// @dev An implementation of the ERC7540 standard. It defines the core data structures and functions necessary
/// to do requests and process them.
abstract contract ERC7540 is IERC7540Redeem, IERC7540Deposit, ERC20PausableUpgradeable, ERC4626Upgradeable {
/// @custom:storage-location erc7201:hopper.storage.ERC7540
/// @param totalAssets The total assets.
/// @param depositEpochId The current deposit epoch ID.
/// @param depositSettleId The current deposit settle ID.
/// @param lastDepositEpochIdSettled The last deposit epoch ID settled.
/// @param redeemEpochId The current redeem epoch ID.
/// @param redeemSettleId The current redeem settle ID.
/// @param lastRedeemEpochIdSettled The last redeem epoch ID settled.
/// @param epochs A mapping of epochs data.
/// @param settles A mapping of settle data.
/// @param lastDepositRequestId A mapping of the last deposit request ID for each user.
/// @param lastRedeemRequestId A mapping of the last redeem request ID for each user.
/// @param isOperator A mapping of operators for each user.
/// @param pendingSilo The pending silo.
/// @param wrappedNativeToken The wrapped native token. WETH9 for ethereum.
struct ERC7540Storage {
uint256 totalAssets;
uint256 newTotalAssets;
uint40 depositEpochId;
uint40 depositSettleId;
uint40 lastDepositEpochIdSettled;
uint40 redeemEpochId;
uint40 redeemSettleId;
uint40 lastRedeemEpochIdSettled;
mapping(uint40 epochId => EpochData) epochs;
mapping(uint40 settleId => SettleData) settles;
mapping(address user => uint40 epochId) lastDepositRequestId;
mapping(address user => uint40 epochId) lastRedeemRequestId;
mapping(address controller => mapping(address operator => bool)) isOperator;
Silo pendingSilo;
IWETH9 wrappedNativeToken;
uint8 decimals;
uint8 decimalsOffset;
// New variables introduce with v0.5.0
uint128 totalAssetsExpiration;
uint128 totalAssetsLifespan;
}
// keccak256(abi.encode(uint256(keccak256("hopper.storage.ERC7540")) - 1)) & ~bytes32(uint256(0xff));
/// @custom:slot erc7201:hopper.storage.ERC7540
// solhint-disable-next-line const-name-snakecase
bytes32 private constant erc7540Storage = 0x5c74d456014b1c0eb4368d944667a568313858a3029a650ff0cb7b56f8b57a00;
/// @notice Returns the ERC7540 storage struct.
/// @return _erc7540Storage The ERC7540 storage struct.
function _getERC7540Storage() internal pure returns (ERC7540Storage storage _erc7540Storage) {
// solhint-disable-next-line no-inline-assembly
assembly {
_erc7540Storage.slot := erc7540Storage
}
}
/// @notice Initializes the ERC7540 contract.
/// @param underlying The underlying token.
/// @param wrappedNativeToken The wrapped native token.
// solhint-disable-next-line func-name-mixedcase
function __ERC7540_init(IERC20 underlying, address wrappedNativeToken) internal onlyInitializing {
ERC7540Storage storage $ = _getERC7540Storage();
$.depositEpochId = 1;
$.redeemEpochId = 2;
$.depositSettleId = 1;
$.redeemSettleId = 2;
$.pendingSilo = new Silo(underlying, wrappedNativeToken);
$.wrappedNativeToken = IWETH9(wrappedNativeToken);
$.newTotalAssets = type(uint256).max;
uint8 underlyingDecimals = ERC20Upgradeable(asset()).decimals();
if (underlyingDecimals >= 18) {
$.decimals = underlyingDecimals;
} else {
$.decimals = 18;
unchecked {
$.decimalsOffset = 18 - underlyingDecimals;
}
}
}
///////////////
// MODIFIERS //
///////////////
/// @notice Make sure the caller is an operator or the controller.
/// @param controller The controller.
modifier onlyOperator(
address controller
) {
if (controller != msg.sender && !isOperator(controller, msg.sender)) {
revert ERC7540InvalidOperator();
}
_;
}
/////////////////////
// ## Overrides ## //
/////////////////////
/// @notice Returns the total assets.
/// @return The total assets.
function totalAssets() public view override(IERC4626, ERC4626Upgradeable) returns (uint256) {
ERC7540Storage storage $ = _getERC7540Storage();
return $.totalAssets;
}
function decimals()
public
view
virtual
override(ERC4626Upgradeable, ERC20Upgradeable, IERC20Metadata)
returns (uint8)
{
return _getERC7540Storage().decimals;
}
function _decimalsOffset() internal view virtual override returns (uint8) {
return _getERC7540Storage().decimalsOffset;
}
function _update(
address from,
address to,
uint256 value
) internal virtual override(ERC20PausableUpgradeable, ERC20Upgradeable) {
return ERC20PausableUpgradeable._update(from, to, value);
}
///////////////////
// ## EIP7540 ## //
///////////////////
function isOperator(address controller, address operator) public view returns (bool) {
return _getERC7540Storage().isOperator[controller][operator];
}
/// @dev should not be usable when contract is paused
function setOperator(address operator, bool approved) external whenNotPaused returns (bool success) {
_getERC7540Storage().isOperator[msg.sender][operator] = approved;
emit OperatorSet(msg.sender, operator, approved);
return true;
}
function previewDeposit(
uint256
) public pure override(ERC4626Upgradeable, IERC4626) returns (uint256) {
revert ERC7540PreviewDepositDisabled();
}
function previewMint(
uint256
) public pure override(ERC4626Upgradeable, IERC4626) returns (uint256) {
revert ERC7540PreviewMintDisabled();
}
function previewRedeem(
uint256
) public pure override(ERC4626Upgradeable, IERC4626) returns (uint256) {
revert ERC7540PreviewRedeemDisabled();
}
function previewWithdraw(
uint256
) public pure override(ERC4626Upgradeable, IERC4626) returns (uint256) {
revert ERC7540PreviewWithdrawDisabled();
}
////////////////////////////////
// ## EIP7540 Deposit Flow ## //
////////////////////////////////
/// @dev Unusable when paused. Modifier not needed as it's overridden.
/// @notice Request deposit of assets into the vault.
/// @param assets The amount of assets to deposit.
/// @param controller The controller is the address that will manage the request.
/// @param owner The owner of the assets.
function _requestDeposit(uint256 assets, address controller, address owner) internal returns (uint256) {
uint256 claimable = claimableDepositRequest(0, controller);
if (claimable > 0) _deposit(claimable, controller, controller);
ERC7540Storage storage $ = _getERC7540Storage();
uint40 _depositId = $.depositEpochId;
if ($.lastDepositRequestId[controller] != _depositId) {
if (pendingDepositRequest(0, controller) > 0) {
revert OnlyOneRequestAllowed();
}
$.lastDepositRequestId[controller] = _depositId;
}
if (msg.value != 0) {
// if user sends eth and the underlying is wETH we will wrap it for him
if (asset() == address($.wrappedNativeToken)) {
$.pendingSilo.depositEth{value: msg.value}();
assets = msg.value;
} else {
revert CantDepositNativeToken();
}
} else {
IERC20(asset()).safeTransferFrom(owner, address($.pendingSilo), assets);
}
$.epochs[_depositId].depositRequest[controller] += assets;
emit DepositRequest(controller, owner, _depositId, msg.sender, assets);
return _depositId;
}
/// @dev Unusable when paused. Protected by ERC20PausableUpgradeable's _transfer function.
/// @notice Claim the assets from the vault after a request has been settled.
/// @param assets The amount of assets requested to deposit.
/// @param receiver The receiver of the shares.
/// @return shares The corresponding shares.
function deposit(
uint256 assets,
address receiver
) public virtual override(ERC4626Upgradeable, IERC4626) returns (uint256) {
return _deposit(assets, receiver, msg.sender);
}
/// @dev Unusable when paused. Protected by ERC20PausableUpgradeable's _transfer function.
/// @notice Claim the assets from the vault after a request has been settled.
/// @param assets The assets to deposit.
/// @param receiver The receiver of the shares.
/// @param controller The controller, who owns the deposit request.
/// @return shares The corresponding shares.
function deposit(
uint256 assets,
address receiver,
address controller
) external virtual onlyOperator(controller) returns (uint256) {
return _deposit(assets, receiver, controller);
}
/// @notice Claim the assets from the vault after a request has been settled.
/// @param assets The assets to deposit.
/// @param receiver The receiver of the shares.
/// @param controller The controller, who owns the deposit request.
/// @return shares The corresponding shares.
function _deposit(uint256 assets, address receiver, address controller) internal virtual returns (uint256 shares) {
ERC7540Storage storage $ = _getERC7540Storage();
uint40 requestId = $.lastDepositRequestId[controller];
if (requestId > $.lastDepositEpochIdSettled) {
revert RequestIdNotClaimable();
}
$.epochs[requestId].depositRequest[controller] -= assets;
shares = convertToShares(assets, requestId);
_transfer(address(this), receiver, shares);
emit Deposit(controller, receiver, assets, shares);
}
/// @dev Unusable when paused. Protected by ERC20PausableUpgradeable's _transfer function.
function mint(
uint256 shares,
address receiver
) public virtual override(ERC4626Upgradeable, IERC4626) returns (uint256) {
return _mint(shares, receiver, msg.sender);
}
/// @dev Unusable when paused. Protected by ERC20PausableUpgradeable's _transfer function.
/// @notice Claim shares from the vault after a request deposit.
function mint(
uint256 shares,
address receiver,
address controller
) external virtual onlyOperator(controller) returns (uint256) {
return _mint(shares, receiver, controller);
}
/// @notice Mint shares from the vault.
/// @param shares The shares to mint.
/// @param receiver The receiver of the shares.
/// @param controller The controller, who owns the mint request.
/// @return assets The corresponding assets.
function _mint(uint256 shares, address receiver, address controller) internal virtual returns (uint256 assets) {
ERC7540Storage storage $ = _getERC7540Storage();
uint40 requestId = $.lastDepositRequestId[controller];
if (requestId > $.lastDepositEpochIdSettled) {
revert RequestIdNotClaimable();
}
assets = _convertToAssets(shares, requestId, Math.Rounding.Ceil);
$.epochs[requestId].depositRequest[controller] -= assets;
_transfer(address(this), receiver, shares);
emit Deposit(controller, receiver, assets, shares);
}
/// @dev Unusable when paused. Protected by whenNotPaused.
/// @notice Cancel a deposit request.
/// @dev It can only be called in the same epoch.
function cancelRequestDeposit() external whenNotPaused {
ERC7540Storage storage $ = _getERC7540Storage();
uint40 requestId = $.lastDepositRequestId[msg.sender];
if (requestId != $.depositEpochId) {
revert RequestNotCancelable(requestId);
}
uint256 requestedAmount = $.epochs[requestId].depositRequest[msg.sender];
$.epochs[requestId].depositRequest[msg.sender] = 0;
IERC20(asset()).safeTransferFrom(address($.pendingSilo), msg.sender, requestedAmount);
emit DepositRequestCanceled(requestId, msg.sender);
}
///////////////////////////////
// ## EIP7540 REDEEM FLOW ## //
///////////////////////////////
/// @dev Unusable when paused. Protected by ERC20PausableUpgradeable's _update function.
/// @notice Request redemption of shares from the vault.
/// @param shares The amount of shares to redeem.
/// @param controller The controller is the address that will manage the request.
/// @param owner The owner of the shares.
/// @return The request ID. It is the current redeem epoch ID.
function _requestRedeem(uint256 shares, address controller, address owner) internal returns (uint256) {
if (msg.sender != owner && !isOperator(owner, msg.sender)) {
_spendAllowance(owner, msg.sender, shares);
}
ERC7540Storage storage $ = _getERC7540Storage();
uint256 claimable = claimableRedeemRequest(0, controller);
if (claimable > 0) _redeem(claimable, controller, controller);
uint40 _redeemId = $.redeemEpochId;
if ($.lastRedeemRequestId[controller] != _redeemId) {
if (pendingRedeemRequest(0, controller) > 0) {
revert OnlyOneRequestAllowed();
}
$.lastRedeemRequestId[controller] = _redeemId;
}
$.epochs[_redeemId].redeemRequest[controller] += shares;
_update(owner, address($.pendingSilo), shares);
emit RedeemRequest(controller, owner, _redeemId, msg.sender, shares);
return _redeemId;
}
/// @notice Redeem shares from the vault.
/// @param shares The shares to redeem.
/// @param receiver The receiver of the assets.
/// @param controller The controller, who owns the redeem request.
/// @return assets The corresponding assets.
function _redeem(uint256 shares, address receiver, address controller) internal returns (uint256 assets) {
ERC7540Storage storage $ = _getERC7540Storage();
uint40 requestId = $.lastRedeemRequestId[controller];
if (requestId > $.lastRedeemEpochIdSettled) {
revert RequestIdNotClaimable();
}
$.epochs[requestId].redeemRequest[controller] -= shares;
assets = _convertToAssets(shares, requestId, Math.Rounding.Floor);
IERC20(asset()).safeTransfer(receiver, assets);
emit Withdraw(msg.sender, receiver, controller, assets, shares);
}
/// @notice Withdraw assets from the vault.
/// @param assets The assets to withdraw.
/// @param receiver The receiver of the assets.
/// @param controller The controller, who owns the request.
/// @return shares The corresponding shares.
function _withdraw(uint256 assets, address receiver, address controller) internal returns (uint256 shares) {
ERC7540Storage storage $ = _getERC7540Storage();
uint40 requestId = $.lastRedeemRequestId[controller];
if (requestId > $.lastRedeemEpochIdSettled) {
revert RequestIdNotClaimable();
}
shares = _convertToShares(assets, requestId, Math.Rounding.Ceil);
$.epochs[requestId].redeemRequest[controller] -= shares;
IERC20(asset()).safeTransfer(receiver, assets);
emit Withdraw(msg.sender, receiver, controller, assets, shares);
}
////////////////////////////////
// ## SETTLEMENT FUNCTIONS ## //
////////////////////////////////
/// @dev This function will deposit the pending assets of the pendingSilo.
/// and save the deposit parameters in the settleData.
/// @param assetsCustodian The address that will hold the assets.
function _settleDeposit(
address assetsCustodian
) internal {
ERC7540Storage storage $erc7540 = _getERC7540Storage();
uint40 depositSettleId = $erc7540.depositSettleId;
uint256 _pendingAssets = $erc7540.settles[depositSettleId].pendingAssets;
if (_pendingAssets == 0) return;
uint256 shares = _convertToShares(_pendingAssets, Math.Rounding.Floor);
// cache
uint256 _totalAssets = totalAssets();
uint256 _totalSupply = totalSupply();
uint40 lastDepositEpochIdSettled = $erc7540.depositEpochId - 2;
SettleData storage settleData = $erc7540.settles[depositSettleId];
settleData.totalAssets = _totalAssets;
settleData.totalSupply = _totalSupply;
_mint(address(this), shares);
_totalAssets += _pendingAssets;
_totalSupply += shares;
$erc7540.totalAssets = _totalAssets;
$erc7540.depositSettleId = depositSettleId + 2;
$erc7540.lastDepositEpochIdSettled = lastDepositEpochIdSettled;
IERC20(asset()).safeTransferFrom(address($erc7540.pendingSilo), assetsCustodian, _pendingAssets);
emit SettleDeposit(
lastDepositEpochIdSettled, depositSettleId, _totalAssets, _totalSupply, _pendingAssets, shares
);
}
/// @dev This function will redeem the pending shares of the pendingSilo.
/// and save the redeem parameters in the settleData.
/// @param assetsCustodian The address that holds the assets.
function _settleRedeem(
address assetsCustodian
) internal {
ERC7540Storage storage $erc7540 = _getERC7540Storage();
uint40 redeemSettleId = $erc7540.redeemSettleId;
address _asset = asset();
uint256 pendingShares = $erc7540.settles[redeemSettleId].pendingShares;
uint256 assetsToWithdraw = _convertToAssets(pendingShares, Math.Rounding.Floor);
uint256 assetsInTheSafe = IERC20(_asset).balanceOf(assetsCustodian);
if (assetsToWithdraw == 0 || assetsToWithdraw > assetsInTheSafe) return;
// cache
uint256 _totalAssets = totalAssets();
uint256 _totalSupply = totalSupply();
uint40 lastRedeemEpochIdSettled = $erc7540.redeemEpochId - 2;
SettleData storage settleData = $erc7540.settles[redeemSettleId];
settleData.totalAssets = _totalAssets;
settleData.totalSupply = _totalSupply;
_burn(address($erc7540.pendingSilo), pendingShares);
_totalAssets -= assetsToWithdraw;
_totalSupply -= pendingShares;
$erc7540.totalAssets = _totalAssets;
$erc7540.redeemSettleId = redeemSettleId + 2;
$erc7540.lastRedeemEpochIdSettled = lastRedeemEpochIdSettled;
IERC20(_asset).safeTransferFrom(assetsCustodian, address(this), assetsToWithdraw);
emit SettleRedeem(
lastRedeemEpochIdSettled, redeemSettleId, _totalAssets, _totalSupply, assetsToWithdraw, pendingShares
);
}
////////////////////////////////////////
// ## TOTALASSETS UPDATE FUNCTIONS ## //
////////////////////////////////////////
/// @notice Update newTotalAssets variable in order to update totalAssets.
/// @param _newTotalAssets The new total assets of the vault.
function _updateNewTotalAssets(
uint256 _newTotalAssets
) internal whenNotPaused {
ERC7540Storage storage $ = _getERC7540Storage();
$.epochs[$.depositEpochId].settleId = $.depositSettleId;
$.epochs[$.redeemEpochId].settleId = $.redeemSettleId;
address _pendingSilo = address($.pendingSilo);
uint256 pendingAssets = IERC20(asset()).balanceOf(_pendingSilo);
uint256 pendingShares = balanceOf(_pendingSilo);
if (pendingAssets != 0) {
$.depositEpochId += 2;
$.settles[$.depositSettleId].pendingAssets = pendingAssets;
}
if (pendingShares != 0) {
$.redeemEpochId += 2;
$.settles[$.redeemSettleId].pendingShares = pendingShares;
}
$.newTotalAssets = _newTotalAssets;
emit NewTotalAssetsUpdated(_newTotalAssets);
}
/// @dev Updates the totalAssets variable with the newTotalAssets variable.
function _updateTotalAssets(
uint256 _newTotalAssets
) internal whenNotPaused {
ERC7540Storage storage $ = _getERC7540Storage();
uint256 newTotalAssets = $.newTotalAssets;
if (
newTotalAssets == type(uint256).max // it means newTotalAssets has not been updated
) revert NewTotalAssetsMissing();
if (_newTotalAssets != newTotalAssets) {
revert WrongNewTotalAssets();
}
$.totalAssets = newTotalAssets;
$.newTotalAssets = type(uint256).max; // by setting it to max, we ensure that it is not called again
$.totalAssetsExpiration = uint128(block.timestamp) + $.totalAssetsLifespan;
emit TotalAssetsUpdated(newTotalAssets);
}
function _updateTotalAssetsLifespan(
uint128 lifespan
) internal {
ERC7540Storage storage $ = _getERC7540Storage();
uint128 oldLifespan = $.totalAssetsLifespan;
$.totalAssetsLifespan = lifespan;
emit TotalAssetsLifespanUpdated(oldLifespan, lifespan);
}
//////////////////////////
// ## VIEW FUNCTIONS ## //
//////////////////////////
/// @notice Converts assets to shares for a specific epoch.
/// @param assets The assets to convert.
/// @param requestId The request ID, which is equivalent to the epoch ID.
/// @return The corresponding shares.
function convertToShares(uint256 assets, uint256 requestId) public view returns (uint256) {
return _convertToShares(assets, uint40(requestId), Math.Rounding.Floor);
}
/// @dev Converts assets to shares for a specific epoch.
/// @param assets The assets to convert.
/// @param requestId The request ID.
/// @param rounding The rounding method.
/// @return The corresponding shares.
function _convertToShares(
uint256 assets,
uint40 requestId,
Math.Rounding rounding
) internal view returns (uint256) {
ERC7540Storage storage $ = _getERC7540Storage();
// cache
uint40 settleId = $.epochs[requestId].settleId;
uint256 _totalAssets = $.settles[settleId].totalAssets + 1;
uint256 _totalSupply = $.settles[settleId].totalSupply + 10 ** _decimalsOffset();
return assets.mulDiv(_totalSupply, _totalAssets, rounding);
}
/// @dev Converts shares to assets for a specific epoch.
/// @param shares The shares to convert.
/// @param requestId The request ID.
function convertToAssets(uint256 shares, uint256 requestId) public view returns (uint256) {
return _convertToAssets(shares, uint40(requestId), Math.Rounding.Floor);
}
/// @notice Convert shares to assets for a specific epoch/request.
/// @param shares The shares to convert.
/// @param requestId The request ID at which the conversion should be done.
/// @param rounding The rounding method.
/// @return The corresponding assets.
function _convertToAssets(
uint256 shares,
uint40 requestId,
Math.Rounding rounding
) internal view returns (uint256) {
ERC7540Storage storage $ = _getERC7540Storage();
// cache
uint40 settleId = $.epochs[requestId].settleId;
uint256 _totalAssets = $.settles[settleId].totalAssets + 1;
uint256 _totalSupply = $.settles[settleId].totalSupply + 10 ** _decimalsOffset();
return shares.mulDiv(_totalAssets, _totalSupply, rounding);
}
/// @notice Returns the pending redeem request for a controller.
/// @param requestId The request ID.
/// @param controller The controller.
/// @return shares The shares that are waiting to be settled.
function pendingRedeemRequest(uint256 requestId, address controller) public view returns (uint256 shares) {
ERC7540Storage storage $ = _getERC7540Storage();
if (requestId == 0) {
requestId = $.lastRedeemRequestId[controller];
}
if (requestId > $.lastRedeemEpochIdSettled) {
return $.epochs[uint40(requestId)].redeemRequest[controller];
}
}
/// @notice Returns the claimable redeem request for a controller for a specific request ID.
/// @param requestId The request ID.
/// @param controller The controller.
/// @return shares The shares that can be redeemed.
function claimableRedeemRequest(uint256 requestId, address controller) public view returns (uint256 shares) {
ERC7540Storage storage $ = _getERC7540Storage();
if (requestId == 0) requestId = $.lastRedeemRequestId[controller];
if (requestId <= $.lastRedeemEpochIdSettled) {
return $.epochs[uint40(requestId)].redeemRequest[controller];
}
}
/// @notice Returns the amount of assets that are pending to be deposited for a controller. For a specific request
/// ID.
/// @param requestId The request ID.
/// @param controller The controller.
/// @return assets The assets that are waiting to be settled.
function pendingDepositRequest(uint256 requestId, address controller) public view returns (uint256 assets) {
ERC7540Storage storage $ = _getERC7540Storage();
if (requestId == 0) requestId = $.lastDepositRequestId[controller];
if (requestId > $.lastDepositEpochIdSettled) {
return $.epochs[uint40(requestId)].depositRequest[controller];
}
}
/// @notice Returns the claimable deposit request for a controller for a specific request ID.
/// @param requestId The request ID.
/// @param controller The controller.
/// @return assets The assets that can be claimed.
function claimableDepositRequest(uint256 requestId, address controller) public view returns (uint256 assets) {
ERC7540Storage storage $ = _getERC7540Storage();
if (requestId == 0) requestId = $.lastDepositRequestId[controller];
if (requestId <= $.lastDepositEpochIdSettled) {
return $.epochs[uint40(requestId)].depositRequest[controller];
}
}
///////////////////
// ## EIP7575 ## //
///////////////////
function share() external view returns (address) {
return (address(this));
}
///////////////////
// ## EIP165 ## //
//////////////////
function supportsInterface(
bytes4 interfaceId
) public view virtual returns (bool) {
return interfaceId == 0x2f0a18c5 // IERC7575
|| interfaceId == 0xf815c03d // IERC7575 shares
|| interfaceId == 0xce3bbe50 // IERC7540Deposit
|| interfaceId == 0x620ee8e4 // IERC7540Redeem
|| interfaceId == 0xe3bc4e65 // IERC7540
|| interfaceId == type(IERC165).interfaceId;
}
//////////////////////////////////
// ## FUNCTIONS TO IMPLEMENT ## //
//////////////////////////////////
/// @dev Settles deposit requests by transferring assets from the pendingSilo to the safe
/// and minting the corresponding shares to vault.
/// The function is not implemented here and must be implemented.
function settleDeposit(
uint256 _newTotalAssets
) public virtual;
/// @dev Settles redeem requests by transferring assets from the safe to the vault
/// and burning the corresponding shares from the pending silo.
/// The function is not implemented here and must be implemented.
function settleRedeem(
uint256 _newTotalAssets
) public virtual;
function safe() public view virtual returns (address);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {ERC7540} from "./ERC7540.sol";
import {AboveMaxRate} from "./primitives/Errors.sol";
import {HighWaterMarkUpdated, RatesUpdated} from "./primitives/Events.sol";
import {Rates} from "./primitives/Struct.sol";
import {Ownable2StepUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
import {FeeRegistry} from "@src/protocol/FeeRegistry.sol";
uint256 constant ONE_YEAR = 365 days;
uint256 constant BPS_DIVIDER = 10_000; // 100 %
abstract contract FeeManager is Ownable2StepUpgradeable, ERC7540 {
using Math for uint256;
uint16 public constant MAX_MANAGEMENT_RATE = 1000; // 10 %
uint16 public constant MAX_PERFORMANCE_RATE = 5000; // 50 %
uint16 public constant MAX_PROTOCOL_RATE = 3000; // 30 %
/// @custom:storage-definition erc7201:hopper.storage.FeeManager
/// @param newRatesTimestamp the timestamp at which the new rates will be applied
/// @param lastFeeTime the timestamp of the last fee calculation, it is used to compute management fees
/// @param highWaterMark the highest price per share ever reached, performance fees are taken when the price per
/// share is above this value
/// @param cooldown the time to wait before applying new rates
/// @param rates the current fee rates
/// @param oldRates the previous fee rates, they are used during the cooldown period when new rates are set
/// @param feeRegistry the fee registry contract, it is used to read the protocol rate
struct FeeManagerStorage {
FeeRegistry feeRegistry;
uint256 newRatesTimestamp;
uint256 lastFeeTime;
uint256 highWaterMark;
uint256 cooldown;
Rates rates;
Rates oldRates;
}
// keccak256(abi.encode(uint256(keccak256("hopper.storage.FeeManager")) - 1)) & ~bytes32(uint256(0xff));
/// @custom:storage-location erc7201:hopper.storage.FeeManager
// solhint-disable-next-line const-name-snakecase
bytes32 private constant feeManagerStorage = 0xa5292f7ccd85acc1b3080c01f5da9af7799f2c26826bd4d79081d6511780bd00;
/// @notice Get the storage slot for the FeeManagerStorage struct
/// @return _feeManagerStorage the storage slot
function _getFeeManagerStorage() internal pure returns (FeeManagerStorage storage _feeManagerStorage) {
// solhint-disable-next-line no-inline-assembly
assembly {
_feeManagerStorage.slot := feeManagerStorage
}
}
/// @notice Initialize the FeeManager contract
/// @param _registry the address of the fee registry contract
/// @param _managementRate the management rate, expressed in BPS
/// @param _performanceRate the performance rate, expressed in BPS
/// @param _decimals the number of decimals of the shares
/// @param _cooldown the time to wait before applying new rates
// solhint-disable-next-line func-name-mixedcase
function __FeeManager_init(
address _registry,
uint16 _managementRate,
uint16 _performanceRate,
uint256 _decimals,
uint256 _cooldown
) internal onlyInitializing {
if (_managementRate > MAX_MANAGEMENT_RATE) {
revert AboveMaxRate(MAX_MANAGEMENT_RATE);
}
if (_performanceRate > MAX_PERFORMANCE_RATE) {
revert AboveMaxRate(MAX_PERFORMANCE_RATE);
}
FeeManagerStorage storage $ = _getFeeManagerStorage();
$.newRatesTimestamp = block.timestamp;
$.cooldown = _cooldown;
$.feeRegistry = FeeRegistry(_registry);
$.highWaterMark = 10 ** _decimals;
$.rates.managementRate = _managementRate;
$.rates.performanceRate = _performanceRate;
}
/// @notice Take the fees by minting the manager and protocol shares
/// @param feeReceiver the address that will receive the manager shares
/// @param protocolFeeReceiver the address that will receive the protocol shares
function _takeFees(address feeReceiver, address protocolFeeReceiver) internal {
FeeManagerStorage storage $ = _getFeeManagerStorage();
(uint256 managerShares, uint256 protocolShares) = _calculateFees();
if (managerShares > 0) {
_mint(feeReceiver, managerShares);
if (
protocolShares > 0 // they can't be protocolShares without managerShares
) _mint(protocolFeeReceiver, protocolShares);
}
uint256 pricePerShare = _convertToAssets(10 ** decimals(), Math.Rounding.Floor);
_setHighWaterMark(pricePerShare);
$.lastFeeTime = block.timestamp;
}
/// @notice update the fee rates, the new rates will be applied after the cooldown period
/// @param newRates the new fee rates
function updateRates(
Rates memory newRates
) external onlyOwner {
FeeManagerStorage storage $ = _getFeeManagerStorage();
if (newRates.managementRate > MAX_MANAGEMENT_RATE) {
revert AboveMaxRate(MAX_MANAGEMENT_RATE);
}
if (newRates.performanceRate > MAX_PERFORMANCE_RATE) {
revert AboveMaxRate(MAX_PERFORMANCE_RATE);
}
uint256 newRatesTimestamp = block.timestamp + $.cooldown;
Rates memory currentRates = $.rates;
$.newRatesTimestamp = newRatesTimestamp;
$.oldRates = currentRates;
$.rates = newRates;
emit RatesUpdated(currentRates, newRates, newRatesTimestamp);
}
/// @dev Since we have a cooldown period and to avoid a double call
/// to update the feeRates, this function returns a different rate
/// following the timestamp
/// @notice the current fee rates
function feeRates() public view returns (Rates memory) {
FeeManagerStorage storage $ = _getFeeManagerStorage();
if ($.newRatesTimestamp <= block.timestamp) return $.rates;
return $.oldRates;
}
/// @dev Update the high water mark only if the new value is greater than the current one
/// @dev The high water mark is the highest price per share ever reached
/// @param _newHighWaterMark the new high water mark
function _setHighWaterMark(
uint256 _newHighWaterMark
) internal {
FeeManagerStorage storage $ = _getFeeManagerStorage();
uint256 _highWaterMark = $.highWaterMark;
if (_newHighWaterMark > _highWaterMark) {
emit HighWaterMarkUpdated(_highWaterMark, _newHighWaterMark);
$.highWaterMark = _newHighWaterMark;
}
}
/// @dev Read the protocol rate from the fee registry
/// @dev if the value is above the MAX_PROTOCOL_RATE, return the MAX_PROTOCOL_RATE
/// @return protocolRate the protocol rate
function _protocolRate() internal view returns (uint256 protocolRate) {
FeeManagerStorage storage $ = _getFeeManagerStorage();
protocolRate = $.feeRegistry.protocolRate();
if (protocolRate > MAX_PROTOCOL_RATE) return MAX_PROTOCOL_RATE;
return protocolRate;
}
/// @dev Calculate and return the manager and protocol shares to be minted as fees
/// @dev total fees are the sum of the management and performance fees
/// @dev manager shares are the fees that go to the manager, it is the difference between the total fees and the
/// protocol fees
/// @dev protocol shares are the fees that go to the protocol
/// @return managerShares the manager shares to be minted as fees
/// @return protocolShares the protocol shares to be minted as fees
function _calculateFees() internal view returns (uint256 managerShares, uint256 protocolShares) {
FeeManagerStorage storage $ = _getFeeManagerStorage();
uint256 _decimals = decimals();
Rates memory _rates = feeRates();
/// Management fee computation ///
uint256 timeElapsed = block.timestamp - $.lastFeeTime;
uint256 _totalAssets = totalAssets();
uint256 managementFees = _calculateManagementFee(_totalAssets, _rates.managementRate, timeElapsed);
// by taking management fees the price per share decreases
uint256 pricePerShare = (10 ** _decimals).mulDiv(
_totalAssets + 1 - managementFees, totalSupply() + 10 ** _decimalsOffset(), Math.Rounding.Ceil
);
/// Performance fee computation ///
uint256 _totalSupply = totalSupply();
uint256 performanceFees =
_calculatePerformanceFee(_rates.performanceRate, _totalSupply, pricePerShare, $.highWaterMark, _decimals);
/// Protocol fee computation & convertion to shares ///
uint256 totalFees = managementFees + performanceFees;
// since we are minting shares without actually increasing the totalAssets, we need to compensate the future
// dilution of price per share by virtually decreasing totalAssets in our computation
uint256 totalShares =
totalFees.mulDiv(_totalSupply + 10 ** _decimalsOffset(), (_totalAssets - totalFees) + 1, Math.Rounding.Ceil);
protocolShares = totalShares.mulDiv(_protocolRate(), BPS_DIVIDER, Math.Rounding.Ceil);
managerShares = totalShares - protocolShares;
}
/// @dev Calculate the management fee
/// @param assets the total assets under management
/// @param annualRate the management rate, expressed in BPS and corresponding to the annual
/// @param timeElapsed the time elapsed since the last fee calculation in seconds
/// @return managementFee the management fee express in assets
function _calculateManagementFee(
uint256 assets,
uint256 annualRate,
uint256 timeElapsed
) internal pure returns (uint256 managementFee) {
uint256 annualFee = assets.mulDiv(annualRate, BPS_DIVIDER, Math.Rounding.Ceil);
managementFee = annualFee.mulDiv(timeElapsed, ONE_YEAR, Math.Rounding.Ceil);
}
/// @dev Calculate the performance fee
/// @dev The performance is calculated as the difference between the current price per share and the high water mark
/// @dev The performance fee is calculated as the product of the performance and the performance rate
/// @param _rate the performance rate, expressed in BPS
/// @param _totalSupply the total supply of shares
/// @param _pricePerShare the current price per share
/// @param _highWaterMark the highest price per share ever reached
/// @param _decimals the number of decimals of the shares
/// @return performanceFee the performance fee express in assets
function _calculatePerformanceFee(
uint256 _rate,
uint256 _totalSupply,
uint256 _pricePerShare,
uint256 _highWaterMark,
uint256 _decimals
) internal pure returns (uint256 performanceFee) {
if (_pricePerShare > _highWaterMark) {
uint256 profitPerShare;
unchecked {
profitPerShare = _pricePerShare - _highWaterMark;
}
uint256 profit = profitPerShare.mulDiv(_totalSupply, 10 ** _decimals, Math.Rounding.Ceil);
performanceFee = profit.mulDiv(_rate, BPS_DIVIDER, Math.Rounding.Ceil);
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {FeeRegistry} from "../protocol/FeeRegistry.sol";
import {OnlySafe, OnlyValuationManager, OnlyWhitelistManager} from "./primitives/Errors.sol";
import {FeeReceiverUpdated, ValuationManagerUpdated, WhitelistManagerUpdated} from "./primitives/Events.sol";
import {Ownable2StepUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
/// @title RolesUpgradeable
/// @dev This contract is used to define the various roles needed for a vault to operate.
/// @dev It also defines the modifiers used to check functions' caller.
abstract contract Roles is Ownable2StepUpgradeable {
/// @notice Stores the various roles responsible of managing the vault.
/// @param whitelistManager The address responsible of managing the whitelist.
/// @param feeReceiver The address that will receive the fees generated.
/// @param safe Every lagoon vault is associated with a Safe smart contract. This address will receive the assets of
/// the vault and can settle deposits and redeems.
/// @param feeRegistry The address of the FeeRegistry contract.
/// @param valuationManager. This address is responsible of updating the newTotalAssets value of the vault.
/// @param owner The address of the owner of the contract. It considered as the admin. It is not visible in the
/// struct. It can change the others roles and itself. Initiate the fund closing. Disable the whitelist.
struct RolesStorage {
address whitelistManager;
address feeReceiver;
address safe;
FeeRegistry feeRegistry;
address valuationManager;
}
/// @dev Initializes the roles of the vault.
/// @param roles The roles to be initialized.
// solhint-disable-next-line func-name-mixedcase
function __Roles_init(
RolesStorage memory roles
) internal onlyInitializing {
RolesStorage storage $ = _getRolesStorage();
$.whitelistManager = roles.whitelistManager;
$.feeReceiver = roles.feeReceiver;
$.safe = roles.safe;
$.feeRegistry = FeeRegistry(roles.feeRegistry);
$.valuationManager = roles.valuationManager;
}
// keccak256(abi.encode(uint256(keccak256("hopper.storage.Roles")) - 1)) & ~bytes32(uint256(0xff))
/// @custom:storage-location erc7201:hopper.storage.Roles
// solhint-disable-next-line const-name-snakecase
bytes32 private constant rolesStorage = 0x7c302ed2c673c3d6b4551cf74a01ee649f887e14fd20d13dbca1b6099534d900;
/// @dev Returns the storage struct of the roles.
/// @return _rolesStorage The storage struct of the roles.
function _getRolesStorage() internal pure returns (RolesStorage storage _rolesStorage) {
// solhint-disable-next-line no-inline-assembly
assembly {
_rolesStorage.slot := rolesStorage
}
}
/// @dev Returns the storage struct of the roles.
/// @return _rolesStorage The storage struct of the roles.
function getRolesStorage() public pure returns (RolesStorage memory _rolesStorage) {
_rolesStorage = _getRolesStorage();
}
/// @dev Modifier to check if the caller is the safe.
modifier onlySafe() {
address _safe = _getRolesStorage().safe;
if (_safe != msg.sender) revert OnlySafe(_safe);
_;
}
/// @dev Modifier to check if the caller is the whitelist manager.
modifier onlyWhitelistManager() {
address _whitelistManager = _getRolesStorage().whitelistManager;
if (_whitelistManager != msg.sender) {
revert OnlyWhitelistManager(_whitelistManager);
}
_;
}
/// @dev Modifier to check if the caller is the valuation manager.
modifier onlyValuationManager() {
address _valuationManager = _getRolesStorage().valuationManager;
if (_valuationManager != msg.sender) {
revert OnlyValuationManager(_valuationManager);
}
_;
}
/// @notice Updates the address of the whitelist manager.
/// @param _whitelistManager The new address of the whitelist manager.
/// @dev Only the owner can call this function.
function updateWhitelistManager(
address _whitelistManager
) external onlyOwner {
emit WhitelistManagerUpdated(_getRolesStorage().whitelistManager, _whitelistManager);
_getRolesStorage().whitelistManager = _whitelistManager;
}
/// @notice Updates the address of the valuation manager.
/// @param _valuationManager The new address of the valuation manager.
/// @dev Only the owner can call this function.
function updateValuationManager(
address _valuationManager
) external onlyOwner {
emit ValuationManagerUpdated(_getRolesStorage().valuationManager, _valuationManager);
_getRolesStorage().valuationManager = _valuationManager;
}
/// @notice Updates the address of the fee receiver.
/// @param _feeReceiver The new address of the fee receiver.
/// @dev Only the owner can call this function.
function updateFeeReceiver(
address _feeReceiver
) external onlyOwner {
emit FeeReceiverUpdated(_getRolesStorage().feeReceiver, _feeReceiver);
_getRolesStorage().feeReceiver = _feeReceiver;
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {Roles} from "./Roles.sol";
import {WhitelistDisabled, WhitelistUpdated} from "./primitives/Events.sol";
abstract contract Whitelistable is Roles {
// keccak256(abi.encode(uint256(keccak256("hopper.storage.Whitelistable")) - 1)) & ~bytes32(uint256(0xff))
/// @custom:storage-location erc7201:hopper.storage.Whitelistable
// solhint-disable-next-line const-name-snakecase
bytes32 private constant whitelistableStorage = 0x083cc98ab296d1a1f01854b5f7a2f47df4425a56ba7b35f7faa3a336067e4800;
/// @custom:storage-definition erc7201:hopper.storage.Whitelistable
/// @param isWhitelisted The mapping of whitelisted addresses.
/// @param isActivated The flag to check if the whitelist is activated.
struct WhitelistableStorage {
mapping(address => bool) isWhitelisted;
bool isActivated;
}
/// @dev Returns the storage struct of the whitelist.
/// @return _whitelistableStorage The storage struct of the whitelist.
function _getWhitelistableStorage() internal pure returns (WhitelistableStorage storage _whitelistableStorage) {
// solhint-disable-next-line no-inline-assembly
assembly {
_whitelistableStorage.slot := whitelistableStorage
}
}
/// @dev Initializes the whitelist.
/// @param activate if the whitelist should be activated.
// solhint-disable-next-line func-name-mixedcase
function __Whitelistable_init(
bool activate
) internal onlyInitializing {
if (activate) {
WhitelistableStorage storage $ = _getWhitelistableStorage();
$.isActivated = true;
}
}
/// @notice Deactivates the whitelist
function disableWhitelist() public onlyOwner {
_getWhitelistableStorage().isActivated = false;
emit WhitelistDisabled();
}
/// @notice Checks if an account is whitelisted
/// @param account The address of the account to check
/// @return True if the account is whitelisted, false otherwise
function isWhitelisted(
address account
) public view returns (bool) {
WhitelistableStorage storage $ = _getWhitelistableStorage();
if (_getRolesStorage().feeRegistry.protocolFeeReceiver() == account) {
return true;
}
return $.isActivated ? $.isWhitelisted[account] : true;
}
/// @notice Adds multiple accounts to the whitelist
function addToWhitelist(
address[] memory accounts
) external onlyWhitelistManager {
WhitelistableStorage storage $ = _getWhitelistableStorage();
for (uint256 i = 0; i < accounts.length; i++) {
$.isWhitelisted[accounts[i]] = true;
emit WhitelistUpdated(accounts[i], true);
}
}
/// @notice Removes multiple accounts from the whitelist
/// @param accounts The addresses of the accounts to remove
function revokeFromWhitelist(
address[] memory accounts
) external onlyWhitelistManager {
WhitelistableStorage storage $ = _getWhitelistableStorage();
uint256 i = 0;
for (; i < accounts.length;) {
$.isWhitelisted[accounts[i]] = false;
emit WhitelistUpdated(accounts[i], false);
// solhint-disable-next-line no-inline-assembly
unchecked {
++i;
}
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
// ********************* VAULT ********************* //
enum State {
Open, // The vault is open for deposits and withdrawals.
Closing, // The vault is in the process of closing; no NEW deposit (settlement) are accepted into the vault
Closed // The vault is closed; settlement are locked; withdrawals are guaranteed at fixed price per share
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {State} from "./Enums.sol";
// ********************* VAULT ********************* //
/// @notice Indicates that the vault is not Open. It's either Closing or Close.
/// @param currentState The current state of the vault.
error NotOpen(State currentState);
/// @notice Indicates that the vault is not in the process of closing. It's either Open or Close.
/// @param currentState The current state of the vault.
error NotClosing(State currentState);
/// @notice Indicates that the vault is Closed.
error Closed();
/// @notice No new valuation proposition is allowed
error ValuationUpdateNotAllowed();
// ********************* ERC7540 ********************* //
/// @notice Indicates that preview deposit is disabled.
error ERC7540PreviewDepositDisabled();
/// @notice Indicates that preview mint is disabled.
error ERC7540PreviewMintDisabled();
/// @notice Indicates that preview redeem is disabled.
error ERC7540PreviewRedeemDisabled();
/// @notice Indicates that preview withdraw is disabled.
error ERC7540PreviewWithdrawDisabled();
/// @notice Indicates that only one request is allowed per settlement period.
error OnlyOneRequestAllowed();
/// @notice Indicates that the specified request is not cancelable.
/// @param requestId The ID of the request that cannot be canceled.
error RequestNotCancelable(uint256 requestId);
/// @notice Indicates an invalid operator for ERC7540 operations.
error ERC7540InvalidOperator();
/// @notice Indicates that the specified request ID is not claimable.
error RequestIdNotClaimable();
/// @notice Indicates that depositing a native token is not allowed.
error CantDepositNativeToken();
/// @notice Indicates that a new total assets value was not provided by the valuation manager.
error NewTotalAssetsMissing();
/// @notice Indicates that the new total assets value is not the one expected.
error WrongNewTotalAssets();
/// @notice Indicates that totalAssets value is outdated and that synchronous deposits are not allowed.
error OnlyAsyncDepositAllowed();
/// @notice Indicates that deposit can only happen via the synchronous path.
error OnlySyncDepositAllowed();
// ********************* FEE MANAGER ********************* //
/// @notice Indicates that the provided rate exceeds the maximum allowed rate.
/// @param maxRate The maximum allowable rate.
error AboveMaxRate(uint256 maxRate);
// ********************* ROLES ********************* //
/// @notice Indicates that the caller is not a safe address.
/// @param safe The address of the safe.
error OnlySafe(address safe);
/// @notice Indicates that the caller is not the whitelist manager.
/// @param whitelistManager The address of the whitelist manager.
error OnlyWhitelistManager(address whitelistManager);
/// @notice Indicates that the caller is not the valuation manager.
/// @param valuationManager The address of the valuation manager.
error OnlyValuationManager(address valuationManager);
// ********************* WHITELISTABLE ********************* //
/// @notice Indicates that the caller is not whitelisted.
error NotWhitelisted();
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {State} from "./Enums.sol";
import {Rates} from "./Struct.sol";
// ********************* VAULT ********************* //
/// @notice Emitted when a referral is made.
/// @param referral The address of the referral.
/// @param owner The address of the owner making the referral.
/// @param requestId The ID of the associated request.
/// @param assets The amount of assets involved in the referral.
event Referral(address indexed referral, address indexed owner, uint256 indexed requestId, uint256 assets);
/// @notice Emitted when the state of the vault is updated.
/// @param state The new state of the vault. Either Open, Closing or Close.
event StateUpdated(State state);
event SettleDeposit(
uint40 indexed epochId,
uint40 indexed settledId,
uint256 totalAssets,
uint256 totalSupply,
uint256 assetsDeposited,
uint256 sharesMinted
);
event SettleRedeem(
uint40 indexed epochId,
uint40 indexed settledId,
uint256 totalAssets,
uint256 totalSupply,
uint256 assetsWithdrawed,
uint256 sharesBurned
);
// ********************* WHITELISTABLE ********************* //
/// @notice Emitted when the Merkle tree root is updated.
/// @param root The new Merkle tree root.
event RootUpdated(bytes32 indexed root);
/// @notice Emitted when a whitelist entry is updated.
/// @param account The address of the account being updated.
/// @param authorized Indicates whether the account is authorized (true) or not (false).
event WhitelistUpdated(address indexed account, bool authorized);
/// @notice Emitted when the whitelist is disabled.
event WhitelistDisabled();
// ********************* ROLES ********************* //
/// @notice Emitted when the whitelist manager role is updated.
/// @param oldManager The address of the old whitelist manager.
/// @param newManager The address of the new whitelist manager.
event WhitelistManagerUpdated(address oldManager, address newManager);
/// @notice Emitted when the fee receiver role is updated.
/// @param oldReceiver The address of the old fee receiver.
/// @param newReceiver The address of the new fee receiver.
event FeeReceiverUpdated(address oldReceiver, address newReceiver);
/// @notice Emitted when the Valuation manager role is updated.
/// @param oldManager The address of the old Valuation manager.
/// @param newManager The address of the new Valuation manager.
event ValuationManagerUpdated(address oldManager, address newManager);
// ********************* FEE_MANAGER ********************* //
/// @notice Emitted when the rates are updated.
/// @param oldRates The new rates.
/// @param newRate The new rates.
/// @param timestamp The timestamp at which the update will take effect.
event RatesUpdated(Rates oldRates, Rates newRate, uint256 timestamp);
/// @notice Emitted when the highWaterMark is updated.
/// @param oldHighWaterMark The old highWaterMark.
/// @param newHighWaterMark The new highWaterMark.
event HighWaterMarkUpdated(uint256 oldHighWaterMark, uint256 newHighWaterMark);
// ********************* ERC7540 ********************* //
/// @notice Emitted when the totalAssets variable is updated.
/// @param totalAssets The new total assets value.
event TotalAssetsUpdated(uint256 totalAssets);
/// @notice Emitted when the newTotalAssets variable is updated.
/// @param totalAssets The new newTotalAssets value.
event NewTotalAssetsUpdated(uint256 totalAssets);
/// @notice Emitted when a deposit request is canceled.
/// @param requestId The ID of the canceled request.
/// @param controller The address of the controller of the canceled request.
event DepositRequestCanceled(uint256 indexed requestId, address indexed controller);
/// @notice Emitted when the lifespan is updated.
/// @param oldLifespan The old lifespan.
/// @param newLifespan The new lifespan.
event TotalAssetsLifespanUpdated(uint128 oldLifespan, uint128 newLifespan);
/// @notice Same as a 4626 Deposit event
/// @param sender The address who gave its assets
/// @param owner The receiver of the shares
/// @param assets Amount of assets deposit
/// @param shares Amount of shares minted to owner
event DepositSync(address indexed sender, address indexed owner, uint256 assets, uint256 shares);
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ContextUpgradeable} from "../../utils/ContextUpgradeable.sol";
import {IERC20Errors} from "@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/
abstract contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20, IERC20Metadata, IERC20Errors {
/// @custom:storage-location erc7201:openzeppelin.storage.ERC20
struct ERC20Storage {
mapping(address account => uint256) _balances;
mapping(address account => mapping(address spender => uint256)) _allowances;
uint256 _totalSupply;
string _name;
string _symbol;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant ERC20StorageLocation = 0x52c63247e1f47db19d5ce0460030c497f067ca4cebf71ba98eeadabe20bace00;
function _getERC20Storage() private pure returns (ERC20Storage storage $) {
assembly {
$.slot := ERC20StorageLocation
}
}
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
__ERC20_init_unchained(name_, symbol_);
}
function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
ERC20Storage storage $ = _getERC20Storage();
$._name = name_;
$._symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
ERC20Storage storage $ = _getERC20Storage();
return $._name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
ERC20Storage storage $ = _getERC20Storage();
return $._symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
ERC20Storage storage $ = _getERC20Storage();
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
$._totalSupply += value;
} else {
uint256 fromBalance = $._balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
$._balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
$._totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
$._balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
ERC20Storage storage $ = _getERC20Storage();
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
$._allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC4626.sol)
pragma solidity ^0.8.20;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ERC20Upgradeable} from "../ERC20Upgradeable.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
import {Initializable} from "../../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the ERC4626 "Tokenized Vault Standard" as defined in
* https://eips.ethereum.org/EIPS/eip-4626[EIP-4626].
*
* This extension allows the minting and burning of "shares" (represented using the ERC20 inheritance) in exchange for
* underlying "assets" through standardized {deposit}, {mint}, {redeem} and {burn} workflows. This contract extends
* the ERC20 standard. Any additional extensions included along it would affect the "shares" token represented by this
* contract and not the "assets" token which is an independent contract.
*
* [CAUTION]
* ====
* In empty (or nearly empty) ERC-4626 vaults, deposits are at high risk of being stolen through frontrunning
* with a "donation" to the vault that inflates the price of a share. This is variously known as a donation or inflation
* attack and is essentially a problem of slippage. Vault deployers can protect against this attack by making an initial
* deposit of a non-trivial amount of the asset, such that price manipulation becomes infeasible. Withdrawals may
* similarly be affected by slippage. Users can protect against this attack as well as unexpected slippage in general by
* verifying the amount received is as expected, using a wrapper that performs these checks such as
* https://github.com/fei-protocol/ERC4626#erc4626router-and-base[ERC4626Router].
*
* Since v4.9, this implementation uses virtual assets and shares to mitigate that risk. The `_decimalsOffset()`
* corresponds to an offset in the decimal representation between the underlying asset's decimals and the vault
* decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which itself
* determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default offset
* (0) makes it non-profitable, as a result of the value being captured by the virtual shares (out of the attacker's
* donation) matching the attacker's expected gains. With a larger offset, the attack becomes orders of magnitude more
* expensive than it is profitable. More details about the underlying math can be found
* xref:erc4626.adoc#inflation-attack[here].
*
* The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued
* to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets
* will cause the first user to exit to experience reduced losses in detriment to the last users that will experience
* bigger losses. Developers willing to revert back to the pre-v4.9 behavior just need to override the
* `_convertToShares` and `_convertToAssets` functions.
*
* To learn more, check out our xref:ROOT:erc4626.adoc[ERC-4626 guide].
* ====
*/
abstract contract ERC4626Upgradeable is Initializable, ERC20Upgradeable, IERC4626 {
using Math for uint256;
/// @custom:storage-location erc7201:openzeppelin.storage.ERC4626
struct ERC4626Storage {
IERC20 _asset;
uint8 _underlyingDecimals;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC4626")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant ERC4626StorageLocation = 0x0773e532dfede91f04b12a73d3d2acd361424f41f76b4fb79f090161e36b4e00;
function _getERC4626Storage() private pure returns (ERC4626Storage storage $) {
assembly {
$.slot := ERC4626StorageLocation
}
}
/**
* @dev Attempted to deposit more assets than the max amount for `receiver`.
*/
error ERC4626ExceededMaxDeposit(address receiver, uint256 assets, uint256 max);
/**
* @dev Attempted to mint more shares than the max amount for `receiver`.
*/
error ERC4626ExceededMaxMint(address receiver, uint256 shares, uint256 max);
/**
* @dev Attempted to withdraw more assets than the max amount for `receiver`.
*/
error ERC4626ExceededMaxWithdraw(address owner, uint256 assets, uint256 max);
/**
* @dev Attempted to redeem more shares than the max amount for `receiver`.
*/
error ERC4626ExceededMaxRedeem(address owner, uint256 shares, uint256 max);
/**
* @dev Set the underlying asset contract. This must be an ERC20-compatible contract (ERC20 or ERC777).
*/
function __ERC4626_init(IERC20 asset_) internal onlyInitializing {
__ERC4626_init_unchained(asset_);
}
function __ERC4626_init_unchained(IERC20 asset_) internal onlyInitializing {
ERC4626Storage storage $ = _getERC4626Storage();
(bool success, uint8 assetDecimals) = _tryGetAssetDecimals(asset_);
$._underlyingDecimals = success ? assetDecimals : 18;
$._asset = asset_;
}
/**
* @dev Attempts to fetch the asset decimals. A return value of false indicates that the attempt failed in some way.
*/
function _tryGetAssetDecimals(IERC20 asset_) private view returns (bool, uint8) {
(bool success, bytes memory encodedDecimals) = address(asset_).staticcall(
abi.encodeCall(IERC20Metadata.decimals, ())
);
if (success && encodedDecimals.length >= 32) {
uint256 returnedDecimals = abi.decode(encodedDecimals, (uint256));
if (returnedDecimals <= type(uint8).max) {
return (true, uint8(returnedDecimals));
}
}
return (false, 0);
}
/**
* @dev Decimals are computed by adding the decimal offset on top of the underlying asset's decimals. This
* "original" value is cached during construction of the vault contract. If this read operation fails (e.g., the
* asset has not been created yet), a default of 18 is used to represent the underlying asset's decimals.
*
* See {IERC20Metadata-decimals}.
*/
function decimals() public view virtual override(IERC20Metadata, ERC20Upgradeable) returns (uint8) {
ERC4626Storage storage $ = _getERC4626Storage();
return $._underlyingDecimals + _decimalsOffset();
}
/** @dev See {IERC4626-asset}. */
function asset() public view virtual returns (address) {
ERC4626Storage storage $ = _getERC4626Storage();
return address($._asset);
}
/** @dev See {IERC4626-totalAssets}. */
function totalAssets() public view virtual returns (uint256) {
ERC4626Storage storage $ = _getERC4626Storage();
return $._asset.balanceOf(address(this));
}
/** @dev See {IERC4626-convertToShares}. */
function convertToShares(uint256 assets) public view virtual returns (uint256) {
return _convertToShares(assets, Math.Rounding.Floor);
}
/** @dev See {IERC4626-convertToAssets}. */
function convertToAssets(uint256 shares) public view virtual returns (uint256) {
return _convertToAssets(shares, Math.Rounding.Floor);
}
/** @dev See {IERC4626-maxDeposit}. */
function maxDeposit(address) public view virtual returns (uint256) {
return type(uint256).max;
}
/** @dev See {IERC4626-maxMint}. */
function maxMint(address) public view virtual returns (uint256) {
return type(uint256).max;
}
/** @dev See {IERC4626-maxWithdraw}. */
function maxWithdraw(address owner) public view virtual returns (uint256) {
return _convertToAssets(balanceOf(owner), Math.Rounding.Floor);
}
/** @dev See {IERC4626-maxRedeem}. */
function maxRedeem(address owner) public view virtual returns (uint256) {
return balanceOf(owner);
}
/** @dev See {IERC4626-previewDeposit}. */
function previewDeposit(uint256 assets) public view virtual returns (uint256) {
return _convertToShares(assets, Math.Rounding.Floor);
}
/** @dev See {IERC4626-previewMint}. */
function previewMint(uint256 shares) public view virtual returns (uint256) {
return _convertToAssets(shares, Math.Rounding.Ceil);
}
/** @dev See {IERC4626-previewWithdraw}. */
function previewWithdraw(uint256 assets) public view virtual returns (uint256) {
return _convertToShares(assets, Math.Rounding.Ceil);
}
/** @dev See {IERC4626-previewRedeem}. */
function previewRedeem(uint256 shares) public view virtual returns (uint256) {
return _convertToAssets(shares, Math.Rounding.Floor);
}
/** @dev See {IERC4626-deposit}. */
function deposit(uint256 assets, address receiver) public virtual returns (uint256) {
uint256 maxAssets = maxDeposit(receiver);
if (assets > maxAssets) {
revert ERC4626ExceededMaxDeposit(receiver, assets, maxAssets);
}
uint256 shares = previewDeposit(assets);
_deposit(_msgSender(), receiver, assets, shares);
return shares;
}
/** @dev See {IERC4626-mint}.
*
* As opposed to {deposit}, minting is allowed even if the vault is in a state where the price of a share is zero.
* In this case, the shares will be minted without requiring any assets to be deposited.
*/
function mint(uint256 shares, address receiver) public virtual returns (uint256) {
uint256 maxShares = maxMint(receiver);
if (shares > maxShares) {
revert ERC4626ExceededMaxMint(receiver, shares, maxShares);
}
uint256 assets = previewMint(shares);
_deposit(_msgSender(), receiver, assets, shares);
return assets;
}
/** @dev See {IERC4626-withdraw}. */
function withdraw(uint256 assets, address receiver, address owner) public virtual returns (uint256) {
uint256 maxAssets = maxWithdraw(owner);
if (assets > maxAssets) {
revert ERC4626ExceededMaxWithdraw(owner, assets, maxAssets);
}
uint256 shares = previewWithdraw(assets);
_withdraw(_msgSender(), receiver, owner, assets, shares);
return shares;
}
/** @dev See {IERC4626-redeem}. */
function redeem(uint256 shares, address receiver, address owner) public virtual returns (uint256) {
uint256 maxShares = maxRedeem(owner);
if (shares > maxShares) {
revert ERC4626ExceededMaxRedeem(owner, shares, maxShares);
}
uint256 assets = previewRedeem(shares);
_withdraw(_msgSender(), receiver, owner, assets, shares);
return assets;
}
/**
* @dev Internal conversion function (from assets to shares) with support for rounding direction.
*/
function _convertToShares(uint256 assets, Math.Rounding rounding) internal view virtual returns (uint256) {
return assets.mulDiv(totalSupply() + 10 ** _decimalsOffset(), totalAssets() + 1, rounding);
}
/**
* @dev Internal conversion function (from shares to assets) with support for rounding direction.
*/
function _convertToAssets(uint256 shares, Math.Rounding rounding) internal view virtual returns (uint256) {
return shares.mulDiv(totalAssets() + 1, totalSupply() + 10 ** _decimalsOffset(), rounding);
}
/**
* @dev Deposit/mint common workflow.
*/
function _deposit(address caller, address receiver, uint256 assets, uint256 shares) internal virtual {
ERC4626Storage storage $ = _getERC4626Storage();
// If _asset is ERC777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the
// `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer,
// calls the vault, which is assumed not malicious.
//
// Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the
// assets are transferred and before the shares are minted, which is a valid state.
// slither-disable-next-line reentrancy-no-eth
SafeERC20.safeTransferFrom($._asset, caller, address(this), assets);
_mint(receiver, shares);
emit Deposit(caller, receiver, assets, shares);
}
/**
* @dev Withdraw/redeem common workflow.
*/
function _withdraw(
address caller,
address receiver,
address owner,
uint256 assets,
uint256 shares
) internal virtual {
ERC4626Storage storage $ = _getERC4626Storage();
if (caller != owner) {
_spendAllowance(owner, caller, shares);
}
// If _asset is ERC777, `transfer` can trigger a reentrancy AFTER the transfer happens through the
// `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer,
// calls the vault, which is assumed not malicious.
//
// Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the
// shares are burned and after the assets are transferred, which is a valid state.
_burn(owner, shares);
SafeERC20.safeTransfer($._asset, receiver, assets);
emit Withdraw(caller, receiver, owner, assets, shares);
}
function _decimalsOffset() internal view virtual returns (uint8) {
return 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4626.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../token/ERC20/IERC20.sol";
import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol";
/**
* @dev Interface of the ERC4626 "Tokenized Vault Standard", as defined in
* https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
*/
interface IERC4626 is IERC20, IERC20Metadata {
event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);
event Withdraw(
address indexed sender,
address indexed receiver,
address indexed owner,
uint256 assets,
uint256 shares
);
/**
* @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing.
*
* - MUST be an ERC-20 token contract.
* - MUST NOT revert.
*/
function asset() external view returns (address assetTokenAddress);
/**
* @dev Returns the total amount of the underlying asset that is “managed” by Vault.
*
* - SHOULD include any compounding that occurs from yield.
* - MUST be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT revert.
*/
function totalAssets() external view returns (uint256 totalManagedAssets);
/**
* @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal
* scenario where all the conditions are met.
*
* - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT show any variations depending on the caller.
* - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
* - MUST NOT revert.
*
* NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
* “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
* from.
*/
function convertToShares(uint256 assets) external view returns (uint256 shares);
/**
* @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal
* scenario where all the conditions are met.
*
* - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT show any variations depending on the caller.
* - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
* - MUST NOT revert.
*
* NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
* “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
* from.
*/
function convertToAssets(uint256 shares) external view returns (uint256 assets);
/**
* @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver,
* through a deposit call.
*
* - MUST return a limited value if receiver is subject to some deposit limit.
* - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited.
* - MUST NOT revert.
*/
function maxDeposit(address receiver) external view returns (uint256 maxAssets);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given
* current on-chain conditions.
*
* - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit
* call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called
* in the same transaction.
* - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the
* deposit would be accepted, regardless if the user has enough tokens approved, etc.
* - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by depositing.
*/
function previewDeposit(uint256 assets) external view returns (uint256 shares);
/**
* @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens.
*
* - MUST emit the Deposit event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* deposit execution, and are accounted for during deposit.
* - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not
* approving enough underlying tokens to the Vault contract, etc).
*
* NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
*/
function deposit(uint256 assets, address receiver) external returns (uint256 shares);
/**
* @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call.
* - MUST return a limited value if receiver is subject to some mint limit.
* - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted.
* - MUST NOT revert.
*/
function maxMint(address receiver) external view returns (uint256 maxShares);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given
* current on-chain conditions.
*
* - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call
* in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the
* same transaction.
* - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint
* would be accepted, regardless if the user has enough tokens approved, etc.
* - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by minting.
*/
function previewMint(uint256 shares) external view returns (uint256 assets);
/**
* @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens.
*
* - MUST emit the Deposit event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint
* execution, and are accounted for during mint.
* - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not
* approving enough underlying tokens to the Vault contract, etc).
*
* NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
*/
function mint(uint256 shares, address receiver) external returns (uint256 assets);
/**
* @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the
* Vault, through a withdraw call.
*
* - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
* - MUST NOT revert.
*/
function maxWithdraw(address owner) external view returns (uint256 maxAssets);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block,
* given current on-chain conditions.
*
* - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw
* call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if
* called
* in the same transaction.
* - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though
* the withdrawal would be accepted, regardless if the user has enough shares, etc.
* - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by depositing.
*/
function previewWithdraw(uint256 assets) external view returns (uint256 shares);
/**
* @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver.
*
* - MUST emit the Withdraw event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* withdraw execution, and are accounted for during withdraw.
* - MUST revert if all of assets cannot be withdrawn (due to withdrawal limit being reached, slippage, the owner
* not having enough shares, etc).
*
* Note that some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
* Those methods should be performed separately.
*/
function withdraw(uint256 assets, address receiver, address owner) external returns (uint256 shares);
/**
* @dev Returns the maximum amount of Vault shares that can be redeemed from the owner balance in the Vault,
* through a redeem call.
*
* - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
* - MUST return balanceOf(owner) if owner is not subject to any withdrawal limit or timelock.
* - MUST NOT revert.
*/
function maxRedeem(address owner) external view returns (uint256 maxShares);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their redeemption at the current block,
* given current on-chain conditions.
*
* - MUST return as close to and no more than the exact amount of assets that would be withdrawn in a redeem call
* in the same transaction. I.e. redeem should return the same or more assets as previewRedeem if called in the
* same transaction.
* - MUST NOT account for redemption limits like those returned from maxRedeem and should always act as though the
* redemption would be accepted, regardless if the user has enough shares, etc.
* - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToAssets and previewRedeem SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by redeeming.
*/
function previewRedeem(uint256 shares) external view returns (uint256 assets);
/**
* @dev Burns exactly shares from owner and sends assets of underlying tokens to receiver.
*
* - MUST emit the Withdraw event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* redeem execution, and are accounted for during redeem.
* - MUST revert if all of shares cannot be redeemed (due to withdrawal limit being reached, slippage, the owner
* not having enough shares, etc).
*
* NOTE: some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
* Those methods should be performed separately.
*/
function redeem(uint256 shares, address receiver, address owner) external returns (uint256 assets);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC20Permit} from "../extensions/IERC20Permit.sol";
import {Address} from "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev An operation with an ERC20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data);
if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)
pragma solidity ^0.8.20;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Muldiv operation overflow.
*/
error MathOverflowedMulDiv();
enum Rounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Trunc, // Toward zero
Expand // Away from zero
}
/**
* @dev Returns the addition of two unsigned integers, with an overflow flag.
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the subtraction of two unsigned integers, with an overflow flag.
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
if (b > a) return (false, 0);
return (true, a - b);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with an overflow flag.
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the division of two unsigned integers, with a division by zero flag.
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
if (b == 0) return (false, 0);
return (true, a / b);
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
if (b == 0) return (false, 0);
return (true, a % b);
}
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds towards infinity instead
* of rounding towards zero.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
// Guarantee the same behavior as in a regular Solidity division.
return a / b;
}
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
* denominator == 0.
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
* Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0 = x * y; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
if (denominator <= prod1) {
revert MathOverflowedMulDiv();
}
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator.
// Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
uint256 twos = denominator & (0 - denominator);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
// works in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256 of a positive value rounded towards zero.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
}
}
/**
* @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
*/
function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
return uint8(rounding) % 2 == 1;
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {CustomRateUpdated, DefaultRateUpdated, ProtocolFeeReceiverUpdated} from "./Events.sol";
import {Ownable2StepUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
/// @title FeeRegistry
/// @notice The FeeRegistry contract manages protocol fee rates for various vaults.
/// It allows the contract owner (the protocol) to set a default protocol fee rate, define custom fee rates
/// for specific vaults, and manage the address that receives these protocol fees.
/// Protocol fees represents a fraction (which is the rate) of the fees taken by the asset manager of the vault
contract FeeRegistry is Ownable2StepUpgradeable {
struct CustomRate {
bool isActivated;
uint16 rate;
}
/// @custom:storage-location erc7201:hopper.storage.FeeRegistry
struct FeeRegistryStorage {
uint16 defaultRate;
address protocolFeeReceiver;
mapping(address => CustomRate) customRate;
}
// keccak256(abi.encode(uint256(keccak256("hopper.storage.FeeRegistry")) - 1)) & ~bytes32(uint256(0xff));
// solhint-disable-next-line const-name-snakecase
bytes32 private constant feeRegistryStorage = 0xfae567c932a2d69f96a50330b7967af6689561bf72e1f4ad815fc97800b3f300;
/// @custom:oz-upgrades-unsafe-allow constructor
// solhint-disable-next-line ignoreConstructors
constructor(
bool disable
) {
if (disable) _disableInitializers();
}
/// @notice Initializes the owner and protocol fee receiver.
/// @param initialOwner The contract protocol address.
/// @param _protocolFeeReceiver The protocol fee receiver.
function initialize(address initialOwner, address _protocolFeeReceiver) public initializer {
__Ownable_init(initialOwner);
FeeRegistryStorage storage $ = _getFeeRegistryStorage();
$.protocolFeeReceiver = _protocolFeeReceiver;
}
function _getFeeRegistryStorage() internal pure returns (FeeRegistryStorage storage $) {
// solhint-disable-next-line no-inline-assembly
assembly {
$.slot := feeRegistryStorage
}
}
/// @notice Updates the address of the protocol fee receiver.
/// @param _protocolFeeReceiver The new protocol fee receiver address.
function updateProtocolFeeReceiver(
address _protocolFeeReceiver
) external onlyOwner {
emit ProtocolFeeReceiverUpdated(_getFeeRegistryStorage().protocolFeeReceiver, _protocolFeeReceiver);
_getFeeRegistryStorage().protocolFeeReceiver = _protocolFeeReceiver;
}
/// @notice Sets the default protocol fee rate.
/// @param rate The new default protocol fee rate.
function updateDefaultRate(
uint16 rate
) external onlyOwner {
FeeRegistryStorage storage $ = _getFeeRegistryStorage();
emit DefaultRateUpdated($.defaultRate, rate);
$.defaultRate = rate;
}
/// @notice Sets a custom fee rate for a specific vault.
/// @param vault The address of the vault.
/// @param rate The custom fee rate for the vault.
/// @param isActivated A boolean indicating whether the custom rate is activated.
function updateCustomRate(address vault, uint16 rate, bool isActivated) external onlyOwner {
_getFeeRegistryStorage().customRate[vault] = CustomRate({isActivated: isActivated, rate: rate});
emit CustomRateUpdated(vault, rate, isActivated);
}
/// @notice Checks if a custom fee rate is activated for a specific vault.
/// @param vault The address of the vault.
/// @return True if the vault has a custom fee rate, false otherwise.
function isCustomRate(
address vault
) external view returns (bool) {
return _getFeeRegistryStorage().customRate[vault].isActivated;
}
/// @notice Returns the address of the protocol fee receiver.
/// @return The protocol fee receiver address.
function protocolFeeReceiver() external view returns (address) {
return _getFeeRegistryStorage().protocolFeeReceiver;
}
/// @notice Returns the protocol fee rate for a specific vault,
/// representing the percentage of the fees taken by the asset manager.
/// @param vault The address of the vault.
/// @return rate The protocol fee rate for the vault.
function protocolRate(
address vault
) external view returns (uint256 rate) {
return _protocolRate(vault);
}
/// @return rate The protocol fee rate for the caller,
/// representing the percentage of the fees taken by the asset manager.
function protocolRate() external view returns (uint256 rate) {
return _protocolRate(msg.sender);
}
/// @notice Returns the protocol fee rate for a specific vault.
/// @param vault The address of the vault.
/// @return rate The protocol fee rate for the vault, considering custom rates.
function _protocolRate(
address vault
) internal view returns (uint256 rate) {
FeeRegistryStorage storage $ = _getFeeRegistryStorage();
if ($.customRate[vault].isActivated) {
return $.customRate[vault].rate;
}
return $.defaultRate;
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {IWETH9} from "./interfaces/IWETH9.sol";
import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
using SafeERC20 for IERC20;
/// @title Silo
/// @dev This contract is used to hold the assets/shares of the users that
/// requested a deposit/redeem. It is used to simplify the logic of the vault.
contract Silo {
IWETH9 public wrappedNativeToken;
constructor(IERC20 underlying, address _wrappedNativeToken) {
underlying.forceApprove(msg.sender, type(uint256).max);
wrappedNativeToken = IWETH9(_wrappedNativeToken);
}
function depositEth() external payable {
IWETH9(wrappedNativeToken).deposit{value: msg.value}();
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {IERC7540} from "./IERC7540.sol";
interface IERC7540Deposit is IERC7540 {
/**
* owner has locked assets in the Vault to Request a deposit with request ID requestId.
* controller controls this Request.
* sender is the caller of the requestDeposit
* which may not be equal to the owner
*
*/
event DepositRequest(
address indexed controller, address indexed owner, uint256 indexed requestId, address sender, uint256 assets
);
function requestDeposit(
uint256 assets,
address controller,
address owner
) external payable returns (uint256 requestId);
function deposit(uint256 assets, address receiver, address controller) external returns (uint256 shares);
function mint(uint256 shares, address receiver, address controller) external returns (uint256 assets);
function pendingDepositRequest(uint256 requestId, address controller) external view returns (uint256 assets);
function claimableDepositRequest(uint256 requestId, address controller) external view returns (uint256 assets);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {IERC7540} from "./IERC7540.sol";
interface IERC7540Redeem is IERC7540 {
event RedeemRequest(
address indexed controller, address indexed owner, uint256 indexed requestId, address sender, uint256 shares
);
function requestRedeem(uint256 shares, address operator, address owner) external returns (uint256 requestId);
function pendingRedeemRequest(uint256 requestId, address controller) external view returns (uint256 shares);
function claimableRedeemRequest(uint256 requestId, address controller) external view returns (uint256 shares);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
/// @title Interface for WETH9
interface IWETH9 is IERC20 {
/// @notice Deposit ether to get wrapped ether
function deposit() external payable;
/// @notice Withdraw wrapped ether to get ether
function withdraw(
uint256
) external;
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
// ********************* ERC7540 ********************* //
/// @dev Holds management and performance rates for the vault.
/// @param managementRate Management fee rate in basis points.
/// @param performanceRate Performance fee rate in basis points.
struct Rates {
uint16 managementRate;
uint16 performanceRate;
}
/// @dev Holds data for a specific epoch.
/// @param settleId Unique identifier for the related settlement data.
/// @param depositRequest Records deposit requests by address.
/// @param redeemRequest Records redeem requests by address.
struct EpochData {
uint40 settleId;
mapping(address => uint256) depositRequest;
mapping(address => uint256) redeemRequest;
}
/// @dev Holds settlement data for the vault.
/// @param totalSupply Total number of shares for this settlement.
/// @param totalAssets Total value of assets managed by the vault for this settlement.
struct SettleData {
uint256 totalSupply;
uint256 totalAssets;
uint256 pendingAssets;
uint256 pendingShares;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Pausable.sol)
pragma solidity ^0.8.20;
import {ERC20Upgradeable} from "../ERC20Upgradeable.sol";
import {PausableUpgradeable} from "../../../utils/PausableUpgradeable.sol";
import {Initializable} from "../../../proxy/utils/Initializable.sol";
/**
* @dev ERC20 token with pausable token transfers, minting and burning.
*
* Useful for scenarios such as preventing trades until the end of an evaluation
* period, or having an emergency switch for freezing all token transfers in the
* event of a large bug.
*
* IMPORTANT: This contract does not include public pause and unpause functions. In
* addition to inheriting this contract, you must define both functions, invoking the
* {Pausable-_pause} and {Pausable-_unpause} internal functions, with appropriate
* access control, e.g. using {AccessControl} or {Ownable}. Not doing so will
* make the contract pause mechanism of the contract unreachable, and thus unusable.
*/
abstract contract ERC20PausableUpgradeable is Initializable, ERC20Upgradeable, PausableUpgradeable {
function __ERC20Pausable_init() internal onlyInitializing {
__Pausable_init_unchained();
}
function __ERC20Pausable_init_unchained() internal onlyInitializing {
}
/**
* @dev See {ERC20-_update}.
*
* Requirements:
*
* - the contract must not be paused.
*/
function _update(address from, address to, uint256 value) internal virtual override whenNotPaused {
super._update(from, to, value);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "../utils/introspection/IERC165.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable2Step.sol)
pragma solidity ^0.8.20;
import {OwnableUpgradeable} from "./OwnableUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is specified at deployment time in the constructor for `Ownable`. This
* can later be changed with {transferOwnership} and {acceptOwnership}.
*
* This module is used through inheritance. It will make available all functions
* from parent (Ownable).
*/
abstract contract Ownable2StepUpgradeable is Initializable, OwnableUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Ownable2Step
struct Ownable2StepStorage {
address _pendingOwner;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable2Step")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant Ownable2StepStorageLocation = 0x237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c00;
function _getOwnable2StepStorage() private pure returns (Ownable2StepStorage storage $) {
assembly {
$.slot := Ownable2StepStorageLocation
}
}
event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);
function __Ownable2Step_init() internal onlyInitializing {
}
function __Ownable2Step_init_unchained() internal onlyInitializing {
}
/**
* @dev Returns the address of the pending owner.
*/
function pendingOwner() public view virtual returns (address) {
Ownable2StepStorage storage $ = _getOwnable2StepStorage();
return $._pendingOwner;
}
/**
* @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual override onlyOwner {
Ownable2StepStorage storage $ = _getOwnable2StepStorage();
$._pendingOwner = newOwner;
emit OwnershipTransferStarted(owner(), newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual override {
Ownable2StepStorage storage $ = _getOwnable2StepStorage();
delete $._pendingOwner;
super._transferOwnership(newOwner);
}
/**
* @dev The new owner accepts the ownership transfer.
*/
function acceptOwnership() public virtual {
address sender = _msgSender();
if (pendingOwner() != sender) {
revert OwnableUnauthorizedAccount(sender);
}
_transferOwnership(sender);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Context.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol)
pragma solidity ^0.8.20;
/**
* @dev Standard ERC20 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC20 tokens.
*/
interface IERC20Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC20InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC20InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC20InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `spender` to be approved. Used in approvals.
* @param spender Address that may be allowed to operate on tokens without being their owner.
*/
error ERC20InvalidSpender(address spender);
}
/**
* @dev Standard ERC721 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC721 tokens.
*/
interface IERC721Errors {
/**
* @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in EIP-20.
* Used in balance queries.
* @param owner Address of the current owner of a token.
*/
error ERC721InvalidOwner(address owner);
/**
* @dev Indicates a `tokenId` whose `owner` is the zero address.
* @param tokenId Identifier number of a token.
*/
error ERC721NonexistentToken(uint256 tokenId);
/**
* @dev Indicates an error related to the ownership over a particular token. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param tokenId Identifier number of a token.
* @param owner Address of the current owner of a token.
*/
error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC721InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC721InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param tokenId Identifier number of a token.
*/
error ERC721InsufficientApproval(address operator, uint256 tokenId);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC721InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC721InvalidOperator(address operator);
}
/**
* @dev Standard ERC1155 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC1155 tokens.
*/
interface IERC1155Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
* @param tokenId Identifier number of a token.
*/
error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC1155InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC1155InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param owner Address of the current owner of a token.
*/
error ERC1155MissingApprovalForAll(address operator, address owner);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC1155InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC1155InvalidOperator(address operator);
/**
* @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
* Used in batch transfers.
* @param idsLength Length of the array of token identifiers
* @param valuesLength Length of the array of token amounts
*/
error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
pragma solidity ^0.8.20;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/
error AddressInsufficientBalance(address account);
/**
* @dev There's no code at `target` (it is not a contract).
*/
error AddressEmptyCode(address target);
/**
* @dev A call to an address target failed. The target may have reverted.
*/
error FailedInnerCall();
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
if (address(this).balance < amount) {
revert AddressInsufficientBalance(address(this));
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert FailedInnerCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {FailedInnerCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
if (address(this).balance < value) {
revert AddressInsufficientBalance(address(this));
}
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
* unsuccessful call.
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata
) internal view returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
if (returndata.length == 0 && target.code.length == 0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {FailedInnerCall} error.
*/
function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
*/
function _revert(bytes memory returndata) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert FailedInnerCall();
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
/// @notice Emitted when the protocol fee receiver is updated.
/// @param oldReceiver The old protocol fee receiver address.
/// @param newReceiver The new protocol fee receiver address.
event ProtocolFeeReceiverUpdated(address oldReceiver, address newReceiver);
/// @notice Emitted when the default protocol fee rate is updated.
/// @param oldRate The old default protocol fee rate.
/// @param newRate The new default protocol fee rate.
event DefaultRateUpdated(uint256 oldRate, uint256 newRate);
/// @notice Emitted when a custom fee rate is updated for a specific vault.
/// @param vault The address of the vault.
/// @param rate The new custom fee rate for the vault.
/// @param isActivated A boolean indicating whether the custom rate is activated.
event CustomRateUpdated(address vault, uint16 rate, bool isActivated);
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {IERC7575} from "./IERC7575.sol";
import {IERC165} from "@openzeppelin/contracts/interfaces/IERC165.sol";
interface IERC7540 is IERC7575, IERC165 {
event OperatorSet(address indexed controller, address indexed operator, bool approved);
// EIP7575 https://eips.ethereum.org/EIPS/eip-7575
function share() external view returns (address);
function isOperator(address controller, address operator) external returns (bool);
function setOperator(address operator, bool approved) external returns (bool success);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Pausable
struct PausableStorage {
bool _paused;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;
function _getPausableStorage() private pure returns (PausableStorage storage $) {
assembly {
$.slot := PausableStorageLocation
}
}
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Initializes the contract in unpaused state.
*/
function __Pausable_init() internal onlyInitializing {
__Pausable_init_unchained();
}
function __Pausable_init_unchained() internal onlyInitializing {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
PausableStorage storage $ = _getPausableStorage();
return $._paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
emit Unpaused(_msgSender());
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Ownable
struct OwnableStorage {
address _owner;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;
function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
assembly {
$.slot := OwnableStorageLocation
}
}
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
function __Ownable_init(address initialOwner) internal onlyInitializing {
__Ownable_init_unchained(initialOwner);
}
function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
OwnableStorage storage $ = _getOwnableStorage();
return $._owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
OwnableStorage storage $ = _getOwnableStorage();
address oldOwner = $._owner;
$._owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity "0.8.26";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
// EIP7575 https://eips.ethereum.org/EIPS/eip-7575
interface IERC7575 is IERC4626 {
function share() external view returns (address);
}