Address: 0xaCdb4fBFDed35182dce7399d63f5bCD19ea06451
Balance (XRP): 0 XRP
Bytecode: 0x608060405234801561001057600080fd5b50600436106100ae5760003560e01c8062c194db146100b3578063174481fa146100d15780632182c8fe146100e75780632da47c40146101075780632f2770db1461011d5780633f819b6f1461012757806354fd4d501461012f5780636634b753146101375780636c57f5a914610157578063739238d61461015f578063851c1bb3146101675780638d928af814610187578063aaabadc51461018f575b600080fd5b6100bb610197565b6040516100c89190610d08565b60405180910390f35b6100d96101b6565b6040516100c8929190610cda565b6100fa6100f5366004610b0d565b6101fc565b6040516100c89190610cc6565b61010f6102d8565b6040516100c8929190610e30565b610125610342565b005b6100bb610389565b6100bb61041f565b61014a610145366004610ac2565b61047d565b6040516100c89190610cf4565b61014a61049f565b6100fa6104a8565b61017a610175366004610ae5565b6104cc565b6040516100c89190610cff565b6100fa610525565b6100fa610549565b60606101b16040518060200160405280600081525061060e565b905090565b7f00000000000000000000000032755a95e78d81b654f07818087ae19e3694cbb87f000000000000000000000000e9fd51e45fea7443cdbaf953e16b7fd4defa492a9091565b60008060006102096102d8565b915091506102c96040518060e001604052808d81526020018c81526020018b81526020018a81526020018981526020018b516001600160401b038111801561025057600080fd5b5060405190808252806020026020018201604052801561027a578160200160208202803683370190505b50815260200188905261028b610525565b6102936104a8565b85858a61029e610389565b6040516020016102b49796959493929190610d1b565b604051602081830303815290604052856106e7565b9b9a5050505050505050505050565b600080427f0000000000000000000000000000000000000000000000000000000065dcdeb881101561033457807f0000000000000000000000000000000000000000000000000000000065dcdeb803925062278d00915061033d565b60009250600091505b509091565b61034a610752565b610352610783565b6001805460ff1916811790556040517f432acbfd662dbb5d8b378384a67159b47ca9d0f1b79f97cf64cf8585fa362d5090600090a1565b60038054604080516020601f60026000196101006001881615020190951694909404938401819004810282018101909252828152606093909290918301828280156104155780601f106103ea57610100808354040283529160200191610415565b820191906000526020600020905b8154815290600101906020018083116103f857829003601f168201915b5050505050905090565b60028054604080516020601f60001961010060018716150201909416859004938401819004810282018101909252828152606093909290918301828280156104155780601f106103ea57610100808354040283529160200191610415565b6001600160a01b03811660009081526020819052604090205460ff165b919050565b60015460ff1690565b7f000000000000000000000000968f3abd8f70e13c883510a2d47c090308b0af8890565b604080517f000000000000000000000000acdb4fbfded35182dce7399d63f5bcd19ea064516020808301919091526001600160e01b03198416828401528251602481840301815260449092019092528051910120919050565b7f000000000000000000000000398f18353094b3976ff0bde42b2724c47dc6641890565b6000610553610525565b6001600160a01b031663aaabadc56040518163ffffffff1660e01b815260040160206040518083038186803b15801561058b57600080fd5b505afa15801561059f573d6000803e3d6000fd5b505050506040513d60208110156105b557600080fd5b5051905090565b80517f602038038060206000396000f3fefefefefefefefefefefefefefefefefefefe808352600091602081018484f090845291506106086001600160a01b03831615156101ac610798565b50919050565b8051604080517f0000000000000000000000000000000000000000000000000000000000003b3a7f0000000000000000000000000000000000000000000000000000000000003b3a818101858101848101602090810190965280855293957f00000000000000000000000032755a95e78d81b654f07818087ae19e3694cbb89592947f000000000000000000000000e9fd51e45fea7443cdbaf953e16b7fd4defa492a94938801866000828a3c846000888301883c50602089810190898501016106d98183866107aa565b505050505050505050919050565b60006106f1610783565b60006106fd84846107e8565b6001600160a01b038116600081815260208190526040808220805460ff191660011790555192935090917f83a48fbcfc991335314e74d0496aab6a1987e992ddc85dddbcc4d6dd6ef2e9fc9190a29392505050565b60006107696000356001600160e01b0319166104cc565b90506107806107788233610824565b610191610798565b50565b61079661078e61049f565b1560d3610798565b565b816107a6576107a6816108c6565b5050565b5b602081106107ca578151835260209283019290910190601f19016107ab565b905182516020929092036101000a6000190180199091169116179052565b6000806107f48461060e565b90506000838251602084016000f590506001600160a01b03811661081c573d6000803e3d6000fd5b949350505050565b600061082e610549565b6001600160a01b0316639be2a8848484306040518463ffffffff1660e01b815260040180848152602001836001600160a01b03168152602001826001600160a01b03168152602001935050505060206040518083038186803b15801561089357600080fd5b505afa1580156108a7573d6000803e3d6000fd5b505050506040513d60208110156108bd57600080fd5b50519392505050565b62461bcd60e51b600090815260206004526007602452600a808304818106603090810160081b83860601918390049283060160101b016642414c230000300160c81b604452610780916210905360ea1b906242414c90606490fd5b803561049a81610e7e565b600082601f83011261093c578081fd5b8135602061095161094c83610e61565b610e3e565b828152818101908583018385028701840188101561096d578586fd5b855b8581101561099457813561098281610e7e565b8452928401929084019060010161096f565b5090979650505050505050565b600082601f8301126109b1578081fd5b813560206109c161094c83610e61565b82815281810190858301838502870184018810156109dd578586fd5b855b858110156109945781356109f281610e7e565b845292840192908401906001016109df565b600082601f830112610a14578081fd5b81356020610a2461094c83610e61565b8281528181019085830183850287018401881015610a40578586fd5b855b8581101561099457813584529284019290840190600101610a42565b600082601f830112610a6e578081fd5b81356001600160401b03811115610a8157fe5b610a94601f8201601f1916602001610e3e565b818152846020838601011115610aa8578283fd5b816020850160208301379081016020019190915292915050565b600060208284031215610ad3578081fd5b8135610ade81610e7e565b9392505050565b600060208284031215610af6578081fd5b81356001600160e01b031981168114610ade578182fd5b600080600080600080600080610100898b031215610b29578384fd5b88356001600160401b0380821115610b3f578586fd5b610b4b8c838d01610a5e565b995060208b0135915080821115610b60578586fd5b610b6c8c838d01610a5e565b985060408b0135915080821115610b81578586fd5b610b8d8c838d0161092c565b975060608b0135915080821115610ba2578586fd5b610bae8c838d01610a04565b965060808b0135915080821115610bc3578586fd5b50610bd08b828c016109a1565b94505060a08901359250610be660c08a01610921565b915060e089013590509295985092959890939650565b6001600160a01b03169052565b6000815180845260208085019450808401835b83811015610c415781516001600160a01b031687529582019590820190600101610c1c565b509495945050505050565b6000815180845260208085019450808401835b83811015610c4157815187529582019590820190600101610c5f565b60008151808452815b81811015610ca057602081850181015186830182015201610c84565b81811115610cb15782602083870101525b50601f01601f19169290920160200192915050565b6001600160a01b0391909116815260200190565b6001600160a01b0392831681529116602082015260400190565b901515815260200190565b90815260200190565b600060208252610ade6020830184610c7b565b600060e08252885160e080840152610d376101c0840182610c7b565b905060208a015160df198085840301610100860152610d568383610c7b565b925060408c015191508085840301610120860152610d748383610c09565b925060608c015191508085840301610140860152610d928383610c4c565b925060808c015191508085840301610160860152610db08383610c09565b925060a08c01519150808584030161018086015250610dcf8282610c09565b91505060c08a01516101a0840152610dea602084018a610bfc565b610df76040840189610bfc565b866060840152856080840152610e1060a0840186610bfc565b82810360c0840152610e228185610c7b565b9a9950505050505050505050565b918252602082015260400190565b6040518181016001600160401b0381118282101715610e5957fe5b604052919050565b60006001600160401b03821115610e7457fe5b5060209081020190565b6001600160a01b038116811461078057600080fdfea2646970667358221220fe21c63f4748bdcb23f921463ae00afc0d609a083d632e4bc788f214136f97d964736f6c63430007060033
WeightedMath.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "./v2-solidity-utils/contracts/helpers/InputHelpers.sol"; import "./v2-solidity-utils/contracts/math/FixedPoint.sol"; import "./v2-solidity-utils/contracts/math/Math.sol"; // These functions start with an underscore, as if they were part of a contract and not a library. At some point this // should be fixed. // solhint-disable private-vars-leading-underscore library WeightedMath { using FixedPoint for uint256; // A minimum normalized weight imposes a maximum weight ratio. We need this due to limitations in the // implementation of the power function, as these ratios are often exponents. uint256 internal constant _MIN_WEIGHT = 0.01e18; // Having a minimum normalized weight imposes a limit on the maximum number of tokens; // i.e., the largest possible pool is one where all tokens have exactly the minimum weight. uint256 internal constant _MAX_WEIGHTED_TOKENS = 100; // Pool limits that arise from limitations in the fixed point power function (and the imposed 1:100 maximum weight // ratio). // Swap limits: amounts swapped may not be larger than this percentage of total balance. uint256 internal constant _MAX_IN_RATIO = 0.3e18; uint256 internal constant _MAX_OUT_RATIO = 0.3e18; // Invariant growth limit: non-proportional joins cannot cause the invariant to increase by more than this ratio. uint256 internal constant _MAX_INVARIANT_RATIO = 3e18; // Invariant shrink limit: non-proportional exits cannot cause the invariant to decrease by less than this ratio. uint256 internal constant _MIN_INVARIANT_RATIO = 0.7e18; // About swap fees on joins and exits: // Any join or exit that is not perfectly balanced (e.g. all single token joins or exits) is mathematically // equivalent to a perfectly balanced join or exit followed by a series of swaps. Since these swaps would charge // swap fees, it follows that (some) joins and exits should as well. // On these operations, we split the token amounts in 'taxable' and 'non-taxable' portions, where the 'taxable' part // is the one to which swap fees are applied. // Invariant is used to collect protocol swap fees by comparing its value between two times. // So we can round always to the same direction. It is also used to initiate the BPT amount // and, because there is a minimum BPT, we round down the invariant. function _calculateInvariant( uint256[] memory normalizedWeights, uint256[] memory balances ) internal pure returns (uint256 invariant) { /********************************************************************************************** // invariant _____ // // wi = weight index i | | wi // // bi = balance index i | | bi ^ = i // // i = invariant // **********************************************************************************************/ invariant = FixedPoint.ONE; for (uint256 i = 0; i < normalizedWeights.length; i++) { invariant = invariant.mulDown( balances[i].powDown(normalizedWeights[i]) ); } _require(invariant > 0, Errors.ZERO_INVARIANT); } // Computes how many tokens can be taken out of a pool if `amountIn` are sent, given the // current balances and weights. function _calcOutGivenIn( uint256 balanceIn, uint256 weightIn, uint256 balanceOut, uint256 weightOut, uint256 amountIn ) internal pure returns (uint256) { /********************************************************************************************** // outGivenIn // // aO = amountOut // // bO = balanceOut // // bI = balanceIn / / bI \ (wI / wO) \ // // aI = amountIn aO = bO * | 1 - | -------------------------- | ^ | // // wI = weightIn \ \ ( bI + aI ) / / // // wO = weightOut // **********************************************************************************************/ // Amount out, so we round down overall. // The multiplication rounds down, and the subtrahend (power) rounds up (so the base rounds up too). // Because bI / (bI + aI) <= 1, the exponent rounds down. // Cannot exceed maximum in ratio _require( amountIn <= balanceIn.mulDown(_MAX_IN_RATIO), Errors.MAX_IN_RATIO ); uint256 denominator = balanceIn.add(amountIn); uint256 base = balanceIn.divUp(denominator); uint256 exponent = weightIn.divDown(weightOut); uint256 power = base.powUp(exponent); return balanceOut.mulDown(power.complement()); } // Computes how many tokens must be sent to a pool in order to take `amountOut`, given the // current balances and weights. function _calcInGivenOut( uint256 balanceIn, uint256 weightIn, uint256 balanceOut, uint256 weightOut, uint256 amountOut ) internal pure returns (uint256) { /********************************************************************************************** // inGivenOut // // aO = amountOut // // bO = balanceOut // // bI = balanceIn / / bO \ (wO / wI) \ // // aI = amountIn aI = bI * | | -------------------------- | ^ - 1 | // // wI = weightIn \ \ ( bO - aO ) / / // // wO = weightOut // **********************************************************************************************/ // Amount in, so we round up overall. // The multiplication rounds up, and the power rounds up (so the base rounds up too). // Because b0 / (b0 - a0) >= 1, the exponent rounds up. // Cannot exceed maximum out ratio _require( amountOut <= balanceOut.mulDown(_MAX_OUT_RATIO), Errors.MAX_OUT_RATIO ); uint256 base = balanceOut.divUp(balanceOut.sub(amountOut)); uint256 exponent = weightOut.divUp(weightIn); uint256 power = base.powUp(exponent); // Because the base is larger than one (and the power rounds up), the power should always be larger than one, so // the following subtraction should never revert. uint256 ratio = power.sub(FixedPoint.ONE); return balanceIn.mulUp(ratio); } function _calcBptOutGivenExactTokensIn( uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory amountsIn, uint256 bptTotalSupply, uint256 swapFeePercentage ) internal pure returns (uint256) { // BPT out, so we round down overall. uint256[] memory balanceRatiosWithFee = new uint256[](amountsIn.length); uint256 invariantRatioWithFees = 0; for (uint256 i = 0; i < balances.length; i++) { balanceRatiosWithFee[i] = balances[i].add(amountsIn[i]).divDown( balances[i] ); invariantRatioWithFees = invariantRatioWithFees.add( balanceRatiosWithFee[i].mulDown(normalizedWeights[i]) ); } uint256 invariantRatio = _computeJoinExactTokensInInvariantRatio( balances, normalizedWeights, amountsIn, balanceRatiosWithFee, invariantRatioWithFees, swapFeePercentage ); uint256 bptOut = (invariantRatio > FixedPoint.ONE) ? bptTotalSupply.mulDown(invariantRatio.sub(FixedPoint.ONE)) : 0; return bptOut; } /** * @dev Intermediate function to avoid stack-too-deep errors. */ function _computeJoinExactTokensInInvariantRatio( uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory amountsIn, uint256[] memory balanceRatiosWithFee, uint256 invariantRatioWithFees, uint256 swapFeePercentage ) private pure returns (uint256 invariantRatio) { // Swap fees are charged on all tokens that are being added in a larger proportion than the overall invariant // increase. invariantRatio = FixedPoint.ONE; for (uint256 i = 0; i < balances.length; i++) { uint256 amountInWithoutFee; if (balanceRatiosWithFee[i] > invariantRatioWithFees) { uint256 nonTaxableAmount = balances[i].mulDown( invariantRatioWithFees.sub(FixedPoint.ONE) ); uint256 taxableAmount = amountsIn[i].sub(nonTaxableAmount); uint256 swapFee = taxableAmount.mulUp(swapFeePercentage); amountInWithoutFee = nonTaxableAmount.add( taxableAmount.sub(swapFee) ); } else { amountInWithoutFee = amountsIn[i]; } uint256 balanceRatio = balances[i].add(amountInWithoutFee).divDown( balances[i] ); invariantRatio = invariantRatio.mulDown( balanceRatio.powDown(normalizedWeights[i]) ); } } function _calcTokenInGivenExactBptOut( uint256 balance, uint256 normalizedWeight, uint256 bptAmountOut, uint256 bptTotalSupply, uint256 swapFeePercentage ) internal pure returns (uint256) { /****************************************************************************************** // tokenInForExactBPTOut // // a = amountIn // // b = balance / / totalBPT + bptOut \ (1 / w) \ // // bptOut = bptAmountOut a = b * | | -------------------------- | ^ - 1 | // // bpt = totalBPT \ \ totalBPT / / // // w = weight // ******************************************************************************************/ // Token in, so we round up overall. // Calculate the factor by which the invariant will increase after minting BPTAmountOut uint256 invariantRatio = bptTotalSupply.add(bptAmountOut).divUp( bptTotalSupply ); _require( invariantRatio <= _MAX_INVARIANT_RATIO, Errors.MAX_OUT_BPT_FOR_TOKEN_IN ); // Calculate by how much the token balance has to increase to match the invariantRatio uint256 balanceRatio = invariantRatio.powUp( FixedPoint.ONE.divUp(normalizedWeight) ); uint256 amountInWithoutFee = balance.mulUp( balanceRatio.sub(FixedPoint.ONE) ); // We can now compute how much extra balance is being deposited and used in virtual swaps, and charge swap fees // accordingly. uint256 taxableAmount = amountInWithoutFee.mulUp( normalizedWeight.complement() ); uint256 nonTaxableAmount = amountInWithoutFee.sub(taxableAmount); uint256 taxableAmountPlusFees = taxableAmount.divUp( swapFeePercentage.complement() ); return nonTaxableAmount.add(taxableAmountPlusFees); } function _calcAllTokensInGivenExactBptOut( uint256[] memory balances, uint256 bptAmountOut, uint256 totalBPT ) internal pure returns (uint256[] memory) { /************************************************************************************ // tokensInForExactBptOut // // (per token) // // aI = amountIn / bptOut \ // // b = balance aI = b * | ------------ | // // bptOut = bptAmountOut \ totalBPT / // // bpt = totalBPT // ************************************************************************************/ // Tokens in, so we round up overall. uint256 bptRatio = bptAmountOut.divUp(totalBPT); uint256[] memory amountsIn = new uint256[](balances.length); for (uint256 i = 0; i < balances.length; i++) { amountsIn[i] = balances[i].mulUp(bptRatio); } return amountsIn; } function _calcBptInGivenExactTokensOut( uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory amountsOut, uint256 bptTotalSupply, uint256 swapFeePercentage ) internal pure returns (uint256) { // BPT in, so we round up overall. uint256[] memory balanceRatiosWithoutFee = new uint256[]( amountsOut.length ); uint256 invariantRatioWithoutFees = 0; for (uint256 i = 0; i < balances.length; i++) { balanceRatiosWithoutFee[i] = balances[i].sub(amountsOut[i]).divUp( balances[i] ); invariantRatioWithoutFees = invariantRatioWithoutFees.add( balanceRatiosWithoutFee[i].mulUp(normalizedWeights[i]) ); } uint256 invariantRatio = _computeExitExactTokensOutInvariantRatio( balances, normalizedWeights, amountsOut, balanceRatiosWithoutFee, invariantRatioWithoutFees, swapFeePercentage ); return bptTotalSupply.mulUp(invariantRatio.complement()); } /** * @dev Intermediate function to avoid stack-too-deep errors. */ function _computeExitExactTokensOutInvariantRatio( uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory amountsOut, uint256[] memory balanceRatiosWithoutFee, uint256 invariantRatioWithoutFees, uint256 swapFeePercentage ) private pure returns (uint256 invariantRatio) { invariantRatio = FixedPoint.ONE; for (uint256 i = 0; i < balances.length; i++) { // Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it to // 'token out'. This results in slightly larger price impact. uint256 amountOutWithFee; if (invariantRatioWithoutFees > balanceRatiosWithoutFee[i]) { uint256 nonTaxableAmount = balances[i].mulDown( invariantRatioWithoutFees.complement() ); uint256 taxableAmount = amountsOut[i].sub(nonTaxableAmount); uint256 taxableAmountPlusFees = taxableAmount.divUp( swapFeePercentage.complement() ); amountOutWithFee = nonTaxableAmount.add(taxableAmountPlusFees); } else { amountOutWithFee = amountsOut[i]; } uint256 balanceRatio = balances[i].sub(amountOutWithFee).divDown( balances[i] ); invariantRatio = invariantRatio.mulDown( balanceRatio.powDown(normalizedWeights[i]) ); } } function _calcTokenOutGivenExactBptIn( uint256 balance, uint256 normalizedWeight, uint256 bptAmountIn, uint256 bptTotalSupply, uint256 swapFeePercentage ) internal pure returns (uint256) { /***************************************************************************************** // exactBPTInForTokenOut // // a = amountOut // // b = balance / / totalBPT - bptIn \ (1 / w) \ // // bptIn = bptAmountIn a = b * | 1 - | -------------------------- | ^ | // // bpt = totalBPT \ \ totalBPT / / // // w = weight // *****************************************************************************************/ // Token out, so we round down overall. The multiplication rounds down, but the power rounds up (so the base // rounds up). Because (totalBPT - bptIn) / totalBPT <= 1, the exponent rounds down. // Calculate the factor by which the invariant will decrease after burning BPTAmountIn uint256 invariantRatio = bptTotalSupply.sub(bptAmountIn).divUp( bptTotalSupply ); _require( invariantRatio >= _MIN_INVARIANT_RATIO, Errors.MIN_BPT_IN_FOR_TOKEN_OUT ); // Calculate by how much the token balance has to decrease to match invariantRatio uint256 balanceRatio = invariantRatio.powUp( FixedPoint.ONE.divDown(normalizedWeight) ); // Because of rounding up, balanceRatio can be greater than one. Using complement prevents reverts. uint256 amountOutWithoutFee = balance.mulDown( balanceRatio.complement() ); // We can now compute how much excess balance is being withdrawn as a result of the virtual swaps, which result // in swap fees. // Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it // to 'token out'. This results in slightly larger price impact. Fees are rounded up. uint256 taxableAmount = amountOutWithoutFee.mulUp( normalizedWeight.complement() ); uint256 nonTaxableAmount = amountOutWithoutFee.sub(taxableAmount); uint256 taxableAmountMinusFees = taxableAmount.mulUp( swapFeePercentage.complement() ); return nonTaxableAmount.add(taxableAmountMinusFees); } function _calcTokensOutGivenExactBptIn( uint256[] memory balances, uint256 bptAmountIn, uint256 totalBPT ) internal pure returns (uint256[] memory) { /********************************************************************************************** // exactBPTInForTokensOut // // (per token) // // aO = amountOut / bptIn \ // // b = balance a0 = b * | --------------------- | // // bptIn = bptAmountIn \ totalBPT / // // bpt = totalBPT // **********************************************************************************************/ // Since we're computing an amount out, we round down overall. This means rounding down on both the // multiplication and division. uint256 bptRatio = bptAmountIn.divDown(totalBPT); uint256[] memory amountsOut = new uint256[](balances.length); for (uint256 i = 0; i < balances.length; i++) { amountsOut[i] = balances[i].mulDown(bptRatio); } return amountsOut; } /** * @dev Calculate the amount of BPT which should be minted when adding a new token to the Pool. * * Note that normalizedWeight is set that it corresponds to the desired weight of this token *after* adding it. * i.e. For a two token 50:50 pool which we want to turn into a 33:33:33 pool, we use a normalized weight of 33% * @param totalSupply - the total supply of the Pool's BPT. * @param normalizedWeight - the normalized weight of the token to be added (normalized relative to final weights) */ function _calcBptOutAddToken( uint256 totalSupply, uint256 normalizedWeight ) internal pure returns (uint256) { // The amount of BPT which is equivalent to the token being added may be calculated by the growth in the // sum of the token weights, i.e. if we add a token which will make up 50% of the pool then we should receive // 50% of the new supply of BPT. // // The growth in the total weight of the pool can be easily calculated by: // // weightSumRatio = totalWeight / (totalWeight - newTokenWeight) // // As we're working with normalized weights `totalWeight` is equal to 1. uint256 weightSumRatio = FixedPoint.ONE.divDown( FixedPoint.ONE.sub(normalizedWeight) ); // The amount of BPT to mint is then simply: // // toMint = totalSupply * (weightSumRatio - 1) return totalSupply.mulDown(weightSumRatio.sub(FixedPoint.ONE)); } }
WeightedPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./BaseWeightedPool.sol"; import "./WeightedPoolProtocolFees.sol"; /** * @dev Basic Weighted Pool with immutable weights. */ contract WeightedPool is BaseWeightedPool, WeightedPoolProtocolFees { using FixedPoint for uint256; uint256 private constant _MAX_TOKENS = 8; uint256 private immutable _totalTokens; string private _version; IERC20 internal immutable _token0; IERC20 internal immutable _token1; IERC20 internal immutable _token2; IERC20 internal immutable _token3; IERC20 internal immutable _token4; IERC20 internal immutable _token5; IERC20 internal immutable _token6; IERC20 internal immutable _token7; // All token balances are normalized to behave as if the token had 18 decimals. We assume a token's decimals will // not change throughout its lifetime, and store the corresponding scaling factor for each at construction time. // These factors are always greater than or equal to one: tokens with more than 18 decimals are not supported. uint256 internal immutable _scalingFactor0; uint256 internal immutable _scalingFactor1; uint256 internal immutable _scalingFactor2; uint256 internal immutable _scalingFactor3; uint256 internal immutable _scalingFactor4; uint256 internal immutable _scalingFactor5; uint256 internal immutable _scalingFactor6; uint256 internal immutable _scalingFactor7; uint256 internal immutable _normalizedWeight0; uint256 internal immutable _normalizedWeight1; uint256 internal immutable _normalizedWeight2; uint256 internal immutable _normalizedWeight3; uint256 internal immutable _normalizedWeight4; uint256 internal immutable _normalizedWeight5; uint256 internal immutable _normalizedWeight6; uint256 internal immutable _normalizedWeight7; struct NewPoolParams { string name; string symbol; IERC20[] tokens; uint256[] normalizedWeights; IRateProvider[] rateProviders; address[] assetManagers; uint256 swapFeePercentage; } constructor( NewPoolParams memory params, IVault vault, IProtocolFeePercentagesProvider protocolFeeProvider, uint256 pauseWindowDuration, uint256 bufferPeriodDuration, address owner, string memory version ) BaseWeightedPool( vault, params.name, params.symbol, params.tokens, params.assetManagers, params.swapFeePercentage, pauseWindowDuration, bufferPeriodDuration, owner, false ) ProtocolFeeCache(protocolFeeProvider, ProtocolFeeCache.DELEGATE_PROTOCOL_SWAP_FEES_SENTINEL) WeightedPoolProtocolFees(params.tokens.length, params.rateProviders) { uint256 numTokens = params.tokens.length; InputHelpers.ensureInputLengthMatch(numTokens, params.normalizedWeights.length); _totalTokens = numTokens; _version = version; // Ensure each normalized weight is above the minimum uint256 normalizedSum = 0; for (uint8 i = 0; i < numTokens; i++) { uint256 normalizedWeight = params.normalizedWeights[i]; _require(normalizedWeight >= WeightedMath._MIN_WEIGHT, Errors.MIN_WEIGHT); normalizedSum = normalizedSum.add(normalizedWeight); } // Ensure that the normalized weights sum to ONE _require(normalizedSum == FixedPoint.ONE, Errors.NORMALIZED_WEIGHT_INVARIANT); // Immutable variables cannot be initialized inside an if statement, so we must do conditional assignments _token0 = params.tokens[0]; _token1 = params.tokens[1]; _token2 = numTokens > 2 ? params.tokens[2] : IERC20(0); _token3 = numTokens > 3 ? params.tokens[3] : IERC20(0); _token4 = numTokens > 4 ? params.tokens[4] : IERC20(0); _token5 = numTokens > 5 ? params.tokens[5] : IERC20(0); _token6 = numTokens > 6 ? params.tokens[6] : IERC20(0); _token7 = numTokens > 7 ? params.tokens[7] : IERC20(0); _scalingFactor0 = _computeScalingFactor(params.tokens[0]); _scalingFactor1 = _computeScalingFactor(params.tokens[1]); _scalingFactor2 = numTokens > 2 ? _computeScalingFactor(params.tokens[2]) : 0; _scalingFactor3 = numTokens > 3 ? _computeScalingFactor(params.tokens[3]) : 0; _scalingFactor4 = numTokens > 4 ? _computeScalingFactor(params.tokens[4]) : 0; _scalingFactor5 = numTokens > 5 ? _computeScalingFactor(params.tokens[5]) : 0; _scalingFactor6 = numTokens > 6 ? _computeScalingFactor(params.tokens[6]) : 0; _scalingFactor7 = numTokens > 7 ? _computeScalingFactor(params.tokens[7]) : 0; _normalizedWeight0 = params.normalizedWeights[0]; _normalizedWeight1 = params.normalizedWeights[1]; _normalizedWeight2 = numTokens > 2 ? params.normalizedWeights[2] : 0; _normalizedWeight3 = numTokens > 3 ? params.normalizedWeights[3] : 0; _normalizedWeight4 = numTokens > 4 ? params.normalizedWeights[4] : 0; _normalizedWeight5 = numTokens > 5 ? params.normalizedWeights[5] : 0; _normalizedWeight6 = numTokens > 6 ? params.normalizedWeights[6] : 0; _normalizedWeight7 = numTokens > 7 ? params.normalizedWeights[7] : 0; } /** * @dev Ensure we are not in a Vault context when this function is called, by attempting a no-op internal * balance operation. If we are already in a Vault transaction (e.g., a swap, join, or exit), the Vault's * reentrancy protection will cause this function to revert. * * The exact function call doesn't really matter: we're just trying to trigger the Vault reentrancy check * (and not hurt anything in case it works). An empty operation array with no specific operation at all works * for that purpose, and is also the least expensive in terms of gas and bytecode size. * * Use this modifier with any function that can cause a state change in a pool and is either public itself, * or called by a public function *outside* a Vault operation (e.g., join, exit, or swap). * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ modifier whenNotInVaultContext() { _ensureNotInVaultContext(); _; } /** * @dev Reverts if called in the middle of a Vault operation; has no effect otherwise. */ function _ensureNotInVaultContext() private { IVault.UserBalanceOp[] memory noop = new IVault.UserBalanceOp[](0); getVault().manageUserBalance(noop); } function _getNormalizedWeight(IERC20 token) internal view virtual override returns (uint256) { // prettier-ignore if (token == _token0) { return _normalizedWeight0; } else if (token == _token1) { return _normalizedWeight1; } else if (token == _token2) { return _normalizedWeight2; } else if (token == _token3) { return _normalizedWeight3; } else if (token == _token4) { return _normalizedWeight4; } else if (token == _token5) { return _normalizedWeight5; } else if (token == _token6) { return _normalizedWeight6; } else if (token == _token7) { return _normalizedWeight7; } else { _revert(Errors.INVALID_TOKEN); } } function _getNormalizedWeights() internal view virtual override returns (uint256[] memory) { uint256 totalTokens = _getTotalTokens(); uint256[] memory normalizedWeights = new uint256[](totalTokens); // prettier-ignore { normalizedWeights[0] = _normalizedWeight0; normalizedWeights[1] = _normalizedWeight1; if (totalTokens > 2) { normalizedWeights[2] = _normalizedWeight2; } else { return normalizedWeights; } if (totalTokens > 3) { normalizedWeights[3] = _normalizedWeight3; } else { return normalizedWeights; } if (totalTokens > 4) { normalizedWeights[4] = _normalizedWeight4; } else { return normalizedWeights; } if (totalTokens > 5) { normalizedWeights[5] = _normalizedWeight5; } else { return normalizedWeights; } if (totalTokens > 6) { normalizedWeights[6] = _normalizedWeight6; } else { return normalizedWeights; } if (totalTokens > 7) { normalizedWeights[7] = _normalizedWeight7; } else { return normalizedWeights; } } return normalizedWeights; } function _getMaxTokens() internal pure virtual override returns (uint256) { return _MAX_TOKENS; } function _getTotalTokens() internal view virtual override returns (uint256) { return _totalTokens; } /** * @notice Returns a JSON representation of the contract version containing name, version number and task ID. */ function version() external view returns (string memory) { return _version; } /** * @dev Returns the scaling factor for one of the Pool's tokens. Reverts if `token` is not a token registered by the * Pool. */ function _scalingFactor(IERC20 token) internal view virtual override returns (uint256) { // prettier-ignore if (token == _token0) { return _getScalingFactor0(); } else if (token == _token1) { return _getScalingFactor1(); } else if (token == _token2) { return _getScalingFactor2(); } else if (token == _token3) { return _getScalingFactor3(); } else if (token == _token4) { return _getScalingFactor4(); } else if (token == _token5) { return _getScalingFactor5(); } else if (token == _token6) { return _getScalingFactor6(); } else if (token == _token7) { return _getScalingFactor7(); } else { _revert(Errors.INVALID_TOKEN); } } function _scalingFactors() internal view virtual override returns (uint256[] memory) { uint256 totalTokens = _getTotalTokens(); uint256[] memory scalingFactors = new uint256[](totalTokens); // prettier-ignore { scalingFactors[0] = _getScalingFactor0(); scalingFactors[1] = _getScalingFactor1(); if (totalTokens > 2) { scalingFactors[2] = _getScalingFactor2(); } else { return scalingFactors; } if (totalTokens > 3) { scalingFactors[3] = _getScalingFactor3(); } else { return scalingFactors; } if (totalTokens > 4) { scalingFactors[4] = _getScalingFactor4(); } else { return scalingFactors; } if (totalTokens > 5) { scalingFactors[5] = _getScalingFactor5(); } else { return scalingFactors; } if (totalTokens > 6) { scalingFactors[6] = _getScalingFactor6(); } else { return scalingFactors; } if (totalTokens > 7) { scalingFactors[7] = _getScalingFactor7(); } else { return scalingFactors; } } return scalingFactors; } // Initialize function _onInitializePool( bytes32 poolId, address sender, address recipient, uint256[] memory scalingFactors, bytes memory userData ) internal virtual override returns (uint256, uint256[] memory) { // Initialize `_athRateProduct` if the Pool will pay protocol fees on yield. // Not initializing this here properly will cause all joins/exits to revert. if (!_isExemptFromYieldProtocolFees()) _updateATHRateProduct(_getRateProduct(_getNormalizedWeights())); return super._onInitializePool(poolId, sender, recipient, scalingFactors, userData); } // WeightedPoolProtocolFees functions function _beforeJoinExit(uint256[] memory preBalances, uint256[] memory normalizedWeights) internal virtual override returns (uint256, uint256) { uint256 supplyBeforeFeeCollection = totalSupply(); uint256 invariant = WeightedMath._calculateInvariant(normalizedWeights, preBalances); (uint256 protocolFeesToBeMinted, uint256 athRateProduct) = _getPreJoinExitProtocolFees( invariant, normalizedWeights, supplyBeforeFeeCollection ); // We then update the recorded value of `athRateProduct` to ensure we only collect fees on yield once. // A zero value for `athRateProduct` represents that it is unchanged so we can skip updating it. if (athRateProduct > 0) { _updateATHRateProduct(athRateProduct); } if (protocolFeesToBeMinted > 0) { _payProtocolFees(protocolFeesToBeMinted); } return (supplyBeforeFeeCollection.add(protocolFeesToBeMinted), invariant); } function _afterJoinExit( uint256 preJoinExitInvariant, uint256[] memory preBalances, uint256[] memory balanceDeltas, uint256[] memory normalizedWeights, uint256 preJoinExitSupply, uint256 postJoinExitSupply ) internal virtual override { uint256 protocolFeesToBeMinted = _getPostJoinExitProtocolFees( preJoinExitInvariant, preBalances, balanceDeltas, normalizedWeights, preJoinExitSupply, postJoinExitSupply ); if (protocolFeesToBeMinted > 0) { _payProtocolFees(protocolFeesToBeMinted); } } function _updatePostJoinExit(uint256 postJoinExitInvariant) internal virtual override(BaseWeightedPool, WeightedPoolProtocolFees) { WeightedPoolProtocolFees._updatePostJoinExit(postJoinExitInvariant); } /** * @dev This function will revert when called within a Vault context (i.e. in the middle of a join or an exit). * * This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or * an exit, because the state of the pool could be out of sync with the state of the Vault. The modifier * `whenNotInVaultContext` prevents calling this function (and in turn, the external * `updateProtocolFeePercentageCache`) in such a context. * * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ function _beforeProtocolFeeCacheUpdate() internal override whenNotInVaultContext { // The `getRate()` function depends on the actual supply, which in turn depends on the cached protocol fee // percentages. Changing these would therefore result in the rate changing, which is not acceptable as this is a // sensitive value. // Because of this, we pay any due protocol fees *before* updating the cache, making it so that the new // percentages only affect future operation of the Pool, and not past fees. As a result, `getRate()` is // unaffected by the cached protocol fee percentages changing. // Given that this operation is state-changing and relatively complex, we only allow it as long as the Pool is // not paused. _ensureNotPaused(); uint256 invariant = getInvariant(); (uint256 protocolFeesToBeMinted, uint256 athRateProduct) = _getPreJoinExitProtocolFees( invariant, _getNormalizedWeights(), totalSupply() ); if (protocolFeesToBeMinted > 0) { _payProtocolFees(protocolFeesToBeMinted); } // With the fees paid, we now store the current invariant and update the ATH rate product (if necessary), // marking the Pool as free of protocol debt. _updatePostJoinExit(invariant); if (athRateProduct > 0) { _updateATHRateProduct(athRateProduct); } } /** * @notice Returns the effective BPT supply. * * @dev This would be the same as `totalSupply` however the Pool owes debt to the Protocol in the form of unminted * BPT, which will be minted immediately before the next join or exit. We need to take these into account since, * even if they don't yet exist, they will effectively be included in any Pool operation that involves BPT. * * In the vast majority of cases, this function should be used instead of `totalSupply()`. * * **IMPORTANT NOTE**: calling this function within a Vault context (i.e. in the middle of a join or an exit) is * potentially unsafe, since the returned value is manipulable. It is up to the caller to ensure safety. * * This is because this function calculates the invariant, which requires the state of the pool to be in sync * with the state of the Vault. That condition may not be true in the middle of a join or an exit. * * To call this function safely, attempt to trigger the reentrancy guard in the Vault by calling a non-reentrant * function before calling `getActualSupply`. That will make the transaction revert in an unsafe context. * (See `whenNotInVaultContext` in `WeightedPool`). * * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ function getActualSupply() external view returns (uint256) { uint256 supply = totalSupply(); (uint256 protocolFeesToBeMinted, ) = _getPreJoinExitProtocolFees( getInvariant(), _getNormalizedWeights(), supply ); return supply.add(protocolFeesToBeMinted); } /** * @dev This function will revert when called within a Vault context (i.e. in the middle of a join or an exit). * * This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or * an exit, because the state of the pool could be out of sync with the state of the Vault. * * The modifier `whenNotInVaultContext` prevents calling this function (and in turn, the external * `disableRecoveryMode`) in such a context. * * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ function _onDisableRecoveryMode() internal override whenNotInVaultContext { // Update the postJoinExitInvariant to the value of the currentInvariant, zeroing out any protocol swap fees. _updatePostJoinExit(getInvariant()); // If the Pool has any protocol yield fees accrued then we update the athRateProduct to zero these out. // If the current rate product is less than the athRateProduct then we do not perform this update. // This prevents the Pool from paying protocol fees on the same yield twice if the rate product were to drop. if (!_isExemptFromYieldProtocolFees()) { uint256 athRateProduct = getATHRateProduct(); uint256 rateProduct = _getRateProduct(_getNormalizedWeights()); if (rateProduct > athRateProduct) { _updateATHRateProduct(rateProduct); } } } function _getScalingFactor0() internal view returns (uint256) { return _scalingFactor0; } function _getScalingFactor1() internal view returns (uint256) { return _scalingFactor1; } function _getScalingFactor2() internal view returns (uint256) { return _scalingFactor2; } function _getScalingFactor3() internal view returns (uint256) { return _scalingFactor3; } function _getScalingFactor4() internal view returns (uint256) { return _scalingFactor4; } function _getScalingFactor5() internal view returns (uint256) { return _scalingFactor5; } function _getScalingFactor6() internal view returns (uint256) { return _scalingFactor6; } function _getScalingFactor7() internal view returns (uint256) { return _scalingFactor7; } }
BaseWeightedPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./v2-interfaces/contracts/pool-weighted/WeightedPoolUserData.sol"; import "./v2-solidity-utils/contracts/math/FixedPoint.sol"; import "./v2-solidity-utils/contracts/helpers/InputHelpers.sol"; import "./v2-pool-utils/contracts/BaseMinimalSwapInfoPool.sol"; import "./WeightedMath.sol"; /** * @dev Base class for WeightedPools containing swap, join and exit logic, but leaving storage and management of * the weights to subclasses. Derived contracts can choose to make weights immutable, mutable, or even dynamic * based on local or external logic. */ abstract contract BaseWeightedPool is BaseMinimalSwapInfoPool { using FixedPoint for uint256; using WeightedPoolUserData for bytes; constructor( IVault vault, string memory name, string memory symbol, IERC20[] memory tokens, address[] memory assetManagers, uint256 swapFeePercentage, uint256 pauseWindowDuration, uint256 bufferPeriodDuration, address owner, bool mutableTokens ) BasePool( vault, // Given BaseMinimalSwapInfoPool supports both of these specializations, and this Pool never registers // or deregisters any tokens after construction, picking Two Token when the Pool only has two tokens is free // gas savings. // If the pool is expected to be able register new tokens in future, we must choose MINIMAL_SWAP_INFO // as clearly the TWO_TOKEN specification doesn't support adding extra tokens in future. tokens.length == 2 && !mutableTokens ? IVault.PoolSpecialization.TWO_TOKEN : IVault.PoolSpecialization.MINIMAL_SWAP_INFO, name, symbol, tokens, assetManagers, swapFeePercentage, pauseWindowDuration, bufferPeriodDuration, owner ) { // solhint-disable-previous-line no-empty-blocks } // Virtual functions /** * @dev Returns the normalized weight of `token`. Weights are fixed point numbers that sum to FixedPoint.ONE. */ function _getNormalizedWeight( IERC20 token ) internal view virtual returns (uint256); /** * @dev Returns all normalized weights, in the same order as the Pool's tokens. */ function _getNormalizedWeights() internal view virtual returns (uint256[] memory); /** * @dev Returns the current value of the invariant. * * **IMPORTANT NOTE**: calling this function within a Vault context (i.e. in the middle of a join or an exit) is * potentially unsafe, since the returned value is manipulable. It is up to the caller to ensure safety. * * Calculating the invariant requires the state of the pool to be in sync with the state of the Vault. * That condition may not be true in the middle of a join or an exit. * * To call this function safely, attempt to trigger the reentrancy guard in the Vault by calling a non-reentrant * function before calling `getInvariant`. That will make the transaction revert in an unsafe context. * (See `whenNotInVaultContext` in `WeightedPool`). * * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ function getInvariant() public view returns (uint256) { (, uint256[] memory balances, ) = getVault().getPoolTokens(getPoolId()); // Since the Pool hooks always work with upscaled balances, we manually // upscale here for consistency _upscaleArray(balances, _scalingFactors()); uint256[] memory normalizedWeights = _getNormalizedWeights(); return WeightedMath._calculateInvariant(normalizedWeights, balances); } function getNormalizedWeights() external view returns (uint256[] memory) { return _getNormalizedWeights(); } // Base Pool handlers // Swap function _onSwapGivenIn( SwapRequest memory swapRequest, uint256 currentBalanceTokenIn, uint256 currentBalanceTokenOut ) internal virtual override returns (uint256) { return WeightedMath._calcOutGivenIn( currentBalanceTokenIn, _getNormalizedWeight(swapRequest.tokenIn), currentBalanceTokenOut, _getNormalizedWeight(swapRequest.tokenOut), swapRequest.amount ); } function _onSwapGivenOut( SwapRequest memory swapRequest, uint256 currentBalanceTokenIn, uint256 currentBalanceTokenOut ) internal virtual override returns (uint256) { return WeightedMath._calcInGivenOut( currentBalanceTokenIn, _getNormalizedWeight(swapRequest.tokenIn), currentBalanceTokenOut, _getNormalizedWeight(swapRequest.tokenOut), swapRequest.amount ); } /** * @dev Called before any join or exit operation. Returns the Pool's total supply by default, but derived contracts * may choose to add custom behavior at these steps. This often has to do with protocol fee processing. */ function _beforeJoinExit( uint256[] memory preBalances, uint256[] memory normalizedWeights ) internal virtual returns (uint256, uint256) { return ( totalSupply(), WeightedMath._calculateInvariant(normalizedWeights, preBalances) ); } /** * @dev Called after any regular join or exit operation. Empty by default, but derived contracts * may choose to add custom behavior at these steps. This often has to do with protocol fee processing. * * If performing a join operation, balanceDeltas are the amounts in: otherwise they are the amounts out. * * This function is free to mutate the `preBalances` array. */ function _afterJoinExit( uint256 preJoinExitInvariant, uint256[] memory preBalances, uint256[] memory balanceDeltas, uint256[] memory normalizedWeights, uint256 preJoinExitSupply, uint256 postJoinExitSupply ) internal virtual { // solhint-disable-previous-line no-empty-blocks } // Derived contracts may call this to update state after a join or exit. function _updatePostJoinExit( uint256 postJoinExitInvariant ) internal virtual { // solhint-disable-previous-line no-empty-blocks } // Initialize function _onInitializePool( bytes32, address, address, uint256[] memory scalingFactors, bytes memory userData ) internal virtual override returns (uint256, uint256[] memory) { WeightedPoolUserData.JoinKind kind = userData.joinKind(); _require( kind == WeightedPoolUserData.JoinKind.INIT, Errors.UNINITIALIZED ); uint256[] memory amountsIn = userData.initialAmountsIn(); InputHelpers.ensureInputLengthMatch( amountsIn.length, scalingFactors.length ); _upscaleArray(amountsIn, scalingFactors); uint256[] memory normalizedWeights = _getNormalizedWeights(); uint256 invariantAfterJoin = WeightedMath._calculateInvariant( normalizedWeights, amountsIn ); // Set the initial BPT to the value of the invariant times the number of tokens. This makes BPT supply more // consistent in Pools with similar compositions but different number of tokens. uint256 bptAmountOut = Math.mul(invariantAfterJoin, amountsIn.length); // Initialization is still a join, so we need to do post-join work. Since we are not paying protocol fees, // and all we need to do is update the invariant, call `_updatePostJoinExit` here instead of `_afterJoinExit`. _updatePostJoinExit(invariantAfterJoin); return (bptAmountOut, amountsIn); } // Join function _onJoinPool( bytes32, address sender, address, uint256[] memory balances, uint256, uint256, uint256[] memory scalingFactors, bytes memory userData ) internal virtual override returns (uint256, uint256[] memory) { uint256[] memory normalizedWeights = _getNormalizedWeights(); ( uint256 preJoinExitSupply, uint256 preJoinExitInvariant ) = _beforeJoinExit(balances, normalizedWeights); (uint256 bptAmountOut, uint256[] memory amountsIn) = _doJoin( sender, balances, normalizedWeights, scalingFactors, preJoinExitSupply, userData ); _afterJoinExit( preJoinExitInvariant, balances, amountsIn, normalizedWeights, preJoinExitSupply, preJoinExitSupply.add(bptAmountOut) ); return (bptAmountOut, amountsIn); } /** * @dev Dispatch code which decodes the provided userdata to perform the specified join type. * Inheriting contracts may override this function to add additional join types or extra conditions to allow * or disallow joins under certain circumstances. */ function _doJoin( address, uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory scalingFactors, uint256 totalSupply, bytes memory userData ) internal view virtual returns (uint256, uint256[] memory) { WeightedPoolUserData.JoinKind kind = userData.joinKind(); if (kind == WeightedPoolUserData.JoinKind.EXACT_TOKENS_IN_FOR_BPT_OUT) { return _joinExactTokensInForBPTOut( balances, normalizedWeights, scalingFactors, totalSupply, userData ); } else if ( kind == WeightedPoolUserData.JoinKind.TOKEN_IN_FOR_EXACT_BPT_OUT ) { return _joinTokenInForExactBPTOut( balances, normalizedWeights, totalSupply, userData ); } else if ( kind == WeightedPoolUserData.JoinKind.ALL_TOKENS_IN_FOR_EXACT_BPT_OUT ) { return _joinAllTokensInForExactBPTOut(balances, totalSupply, userData); } else { _revert(Errors.UNHANDLED_JOIN_KIND); } } function _joinExactTokensInForBPTOut( uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory scalingFactors, uint256 totalSupply, bytes memory userData ) private view returns (uint256, uint256[] memory) { (uint256[] memory amountsIn, uint256 minBPTAmountOut) = userData .exactTokensInForBptOut(); InputHelpers.ensureInputLengthMatch(balances.length, amountsIn.length); _upscaleArray(amountsIn, scalingFactors); uint256 bptAmountOut = WeightedMath._calcBptOutGivenExactTokensIn( balances, normalizedWeights, amountsIn, totalSupply, getSwapFeePercentage() ); _require(bptAmountOut >= minBPTAmountOut, Errors.BPT_OUT_MIN_AMOUNT); return (bptAmountOut, amountsIn); } function _joinTokenInForExactBPTOut( uint256[] memory balances, uint256[] memory normalizedWeights, uint256 totalSupply, bytes memory userData ) private view returns (uint256, uint256[] memory) { (uint256 bptAmountOut, uint256 tokenIndex) = userData .tokenInForExactBptOut(); // Note that there is no maximum amountIn parameter: this is handled by `IVault.joinPool`. _require(tokenIndex < balances.length, Errors.OUT_OF_BOUNDS); uint256 amountIn = WeightedMath._calcTokenInGivenExactBptOut( balances[tokenIndex], normalizedWeights[tokenIndex], bptAmountOut, totalSupply, getSwapFeePercentage() ); // We join in a single token, so we initialize amountsIn with zeros uint256[] memory amountsIn = new uint256[](balances.length); // And then assign the result to the selected token amountsIn[tokenIndex] = amountIn; return (bptAmountOut, amountsIn); } function _joinAllTokensInForExactBPTOut( uint256[] memory balances, uint256 totalSupply, bytes memory userData ) private pure returns (uint256, uint256[] memory) { uint256 bptAmountOut = userData.allTokensInForExactBptOut(); // Note that there is no maximum amountsIn parameter: this is handled by `IVault.joinPool`. uint256[] memory amountsIn = WeightedMath ._calcAllTokensInGivenExactBptOut( balances, bptAmountOut, totalSupply ); return (bptAmountOut, amountsIn); } // Exit function _onExitPool( bytes32, address sender, address, uint256[] memory balances, uint256, uint256, uint256[] memory scalingFactors, bytes memory userData ) internal virtual override returns (uint256, uint256[] memory) { uint256[] memory normalizedWeights = _getNormalizedWeights(); ( uint256 preJoinExitSupply, uint256 preJoinExitInvariant ) = _beforeJoinExit(balances, normalizedWeights); (uint256 bptAmountIn, uint256[] memory amountsOut) = _doExit( sender, balances, normalizedWeights, scalingFactors, preJoinExitSupply, userData ); _afterJoinExit( preJoinExitInvariant, balances, amountsOut, normalizedWeights, preJoinExitSupply, preJoinExitSupply.sub(bptAmountIn) ); return (bptAmountIn, amountsOut); } /** * @dev Dispatch code which decodes the provided userdata to perform the specified exit type. * Inheriting contracts may override this function to add additional exit types or extra conditions to allow * or disallow exit under certain circumstances. */ function _doExit( address, uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory scalingFactors, uint256 totalSupply, bytes memory userData ) internal view virtual returns (uint256, uint256[] memory) { WeightedPoolUserData.ExitKind kind = userData.exitKind(); if ( kind == WeightedPoolUserData.ExitKind.EXACT_BPT_IN_FOR_ONE_TOKEN_OUT ) { return _exitExactBPTInForTokenOut( balances, normalizedWeights, totalSupply, userData ); } else if ( kind == WeightedPoolUserData.ExitKind.EXACT_BPT_IN_FOR_TOKENS_OUT ) { return _exitExactBPTInForTokensOut(balances, totalSupply, userData); } else if ( kind == WeightedPoolUserData.ExitKind.BPT_IN_FOR_EXACT_TOKENS_OUT ) { return _exitBPTInForExactTokensOut( balances, normalizedWeights, scalingFactors, totalSupply, userData ); } else { _revert(Errors.UNHANDLED_EXIT_KIND); } } function _exitExactBPTInForTokenOut( uint256[] memory balances, uint256[] memory normalizedWeights, uint256 totalSupply, bytes memory userData ) private view returns (uint256, uint256[] memory) { (uint256 bptAmountIn, uint256 tokenIndex) = userData .exactBptInForTokenOut(); // Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`. _require(tokenIndex < balances.length, Errors.OUT_OF_BOUNDS); uint256 amountOut = WeightedMath._calcTokenOutGivenExactBptIn( balances[tokenIndex], normalizedWeights[tokenIndex], bptAmountIn, totalSupply, getSwapFeePercentage() ); // This is an exceptional situation in which the fee is charged on a token out instead of a token in. // We exit in a single token, so we initialize amountsOut with zeros uint256[] memory amountsOut = new uint256[](balances.length); // And then assign the result to the selected token amountsOut[tokenIndex] = amountOut; return (bptAmountIn, amountsOut); } function _exitExactBPTInForTokensOut( uint256[] memory balances, uint256 totalSupply, bytes memory userData ) private pure returns (uint256, uint256[] memory) { uint256 bptAmountIn = userData.exactBptInForTokensOut(); // Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`. uint256[] memory amountsOut = WeightedMath ._calcTokensOutGivenExactBptIn(balances, bptAmountIn, totalSupply); return (bptAmountIn, amountsOut); } function _exitBPTInForExactTokensOut( uint256[] memory balances, uint256[] memory normalizedWeights, uint256[] memory scalingFactors, uint256 totalSupply, bytes memory userData ) private view returns (uint256, uint256[] memory) { (uint256[] memory amountsOut, uint256 maxBPTAmountIn) = userData .bptInForExactTokensOut(); InputHelpers.ensureInputLengthMatch(amountsOut.length, balances.length); _upscaleArray(amountsOut, scalingFactors); // This is an exceptional situation in which the fee is charged on a token out instead of a token in. uint256 bptAmountIn = WeightedMath._calcBptInGivenExactTokensOut( balances, normalizedWeights, amountsOut, totalSupply, getSwapFeePercentage() ); _require(bptAmountIn <= maxBPTAmountIn, Errors.BPT_IN_MAX_AMOUNT); return (bptAmountIn, amountsOut); } }
WeightedPoolFactory.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./v2-interfaces/contracts/vault/IVault.sol"; import "./v2-pool-utils/contracts/factories/BasePoolFactory.sol"; import "./v2-pool-utils/contracts/factories/FactoryWidePauseWindow.sol"; import "./WeightedPool.sol"; contract WeightedPoolFactory is BasePoolFactory, FactoryWidePauseWindow { string private _factoryVersion; string private _poolVersion; constructor( IVault vault, IProtocolFeePercentagesProvider protocolFeeProvider, string memory factoryVersion, string memory poolVersion ) BasePoolFactory( vault, protocolFeeProvider, type(WeightedPool).creationCode ) { _factoryVersion = factoryVersion; _poolVersion = poolVersion; } /** * @notice Returns a JSON representation of the contract version containing name, version number and task ID. */ function version() external view returns (string memory) { return _factoryVersion; } /** * @notice Returns a JSON representation of the deployed pool version containing name, version number and task ID. * * @dev This is typically only useful in complex Pool deployment schemes, where multiple subsystems need to know * about each other. Note that this value will only be updated at factory creation time. */ function getPoolVersion() public view returns (string memory) { return _poolVersion; } /** * @dev Deploys a new `WeightedPool`. */ function create( string memory name, string memory symbol, IERC20[] memory tokens, uint256[] memory normalizedWeights, IRateProvider[] memory rateProviders, uint256 swapFeePercentage, address owner, bytes32 salt ) external returns (address) { ( uint256 pauseWindowDuration, uint256 bufferPeriodDuration ) = getPauseConfiguration(); return _create( abi.encode( WeightedPool.NewPoolParams({ name: name, symbol: symbol, tokens: tokens, normalizedWeights: normalizedWeights, rateProviders: rateProviders, assetManagers: new address[](tokens.length), // Don't allow asset managers, swapFeePercentage: swapFeePercentage }), getVault(), getProtocolFeePercentagesProvider(), pauseWindowDuration, bufferPeriodDuration, owner, getPoolVersion() ), salt ); } }
WeightedPoolProtocolFees.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./v2-interfaces/contracts/pool-utils/IRateProvider.sol"; import "./v2-pool-utils/contracts/protocol-fees/ProtocolFeeCache.sol"; import "./v2-pool-utils/contracts/protocol-fees/InvariantGrowthProtocolSwapFees.sol"; import "./BaseWeightedPool.sol"; abstract contract WeightedPoolProtocolFees is BaseWeightedPool, ProtocolFeeCache { using FixedPoint for uint256; using WordCodec for bytes32; // Rate providers are used only for computing yield fees; they do not inform swap/join/exit. IRateProvider internal immutable _rateProvider0; IRateProvider internal immutable _rateProvider1; IRateProvider internal immutable _rateProvider2; IRateProvider internal immutable _rateProvider3; IRateProvider internal immutable _rateProvider4; IRateProvider internal immutable _rateProvider5; IRateProvider internal immutable _rateProvider6; IRateProvider internal immutable _rateProvider7; bool internal immutable _exemptFromYieldFees; // All-time high value of the weighted product of the pool's token rates. Comparing such weighted products across // time provides a measure of the pool's growth resulting from rate changes. The pool also grows due to swap fees, // but that growth is captured in the invariant; rate growth is not. uint256 private _athRateProduct; // This Pool pays protocol fees by measuring the growth of the invariant between joins and exits. Since weights are // immutable, the invariant only changes due to accumulated swap fees, which saves gas by freeing the Pool // from performing any computation or accounting associated with protocol fees during swaps. // This mechanism requires keeping track of the invariant after the last join or exit. // // The maximum value of the invariant is the maximum allowable balance in the Vault (2**112) multiplied by the // largest possible scaling factor (10**18 for a zero decimals token). The largest invariant is then // 2**112 * 10**18 ~= 2**172, which means that to save gas we can place this in BasePool's `_miscData`. uint256 private constant _LAST_POST_JOINEXIT_INVARIANT_OFFSET = 0; uint256 private constant _LAST_POST_JOINEXIT_INVARIANT_BIT_LENGTH = 192; constructor(uint256 numTokens, IRateProvider[] memory rateProviders) { _require(numTokens <= 8, Errors.MAX_TOKENS); InputHelpers.ensureInputLengthMatch(numTokens, rateProviders.length); _exemptFromYieldFees = _getYieldFeeExemption(rateProviders); _rateProvider0 = rateProviders[0]; _rateProvider1 = rateProviders[1]; _rateProvider2 = numTokens > 2 ? rateProviders[2] : IRateProvider(0); _rateProvider3 = numTokens > 3 ? rateProviders[3] : IRateProvider(0); _rateProvider4 = numTokens > 4 ? rateProviders[4] : IRateProvider(0); _rateProvider5 = numTokens > 5 ? rateProviders[5] : IRateProvider(0); _rateProvider6 = numTokens > 6 ? rateProviders[6] : IRateProvider(0); _rateProvider7 = numTokens > 7 ? rateProviders[7] : IRateProvider(0); } function _getYieldFeeExemption( IRateProvider[] memory rateProviders ) internal pure returns (bool) { // If we know that no rate providers are set then we can skip yield fees logic. // If any tokens have rate providers, then set `_exemptFromYieldFees` to false, otherwise leave it true. for (uint256 i = 0; i < rateProviders.length; i++) { if (rateProviders[i] != IRateProvider(0)) { return false; } } return true; } /** * @dev Returns whether the pool is exempt from protocol fees on yield. */ function _isExemptFromYieldProtocolFees() internal view returns (bool) { return _exemptFromYieldFees; } /** * @notice Returns the value of the invariant after the last join or exit operation. */ function getLastPostJoinExitInvariant() public view returns (uint256) { return _getMiscData().decodeUint( _LAST_POST_JOINEXIT_INVARIANT_OFFSET, _LAST_POST_JOINEXIT_INVARIANT_BIT_LENGTH ); } /** * @notice Returns the all time high value for the weighted product of the Pool's tokens' rates. * @dev Yield protocol fees are only charged when this value is exceeded. */ function getATHRateProduct() public view returns (uint256) { return _athRateProduct; } /** * @dev Returns the rate providers configured for each token (in the same order as registered). */ function getRateProviders() external view returns (IRateProvider[] memory) { uint256 totalTokens = _getTotalTokens(); IRateProvider[] memory providers = new IRateProvider[](totalTokens); // prettier-ignore { providers[0] = _rateProvider0; providers[1] = _rateProvider1; if (totalTokens > 2) { providers[2] = _rateProvider2; } else { return providers; } if (totalTokens > 3) { providers[3] = _rateProvider3; } else { return providers; } if (totalTokens > 4) { providers[4] = _rateProvider4; } else { return providers; } if (totalTokens > 5) { providers[5] = _rateProvider5; } else { return providers; } if (totalTokens > 6) { providers[6] = _rateProvider6; } else { return providers; } if (totalTokens > 7) { providers[7] = _rateProvider7; } else { return providers; } } return providers; } // Protocol Fees /** * @dev Returns the percentage of the Pool's supply which corresponds to protocol fees on swaps accrued by the Pool. * @param preJoinExitInvariant - The Pool's invariant prior to the join/exit *before* minting protocol fees. * @param protocolSwapFeePercentage - The percentage of swap fees which are paid to the protocol. * @return swapProtocolFeesPercentage - The percentage of the Pool which corresponds to protocol fees on swaps. */ function _getSwapProtocolFeesPoolPercentage( uint256 preJoinExitInvariant, uint256 protocolSwapFeePercentage ) internal view returns (uint256) { // Before joins and exits, we measure the growth of the invariant compared to the invariant after the last join // or exit, which will have been caused by swap fees, and use it to mint BPT as protocol fees. This dilutes all // LPs, which means that new LPs will join the pool debt-free, and exiting LPs will pay any amounts due // before leaving. return InvariantGrowthProtocolSwapFees.getProtocolOwnershipPercentage( preJoinExitInvariant.divDown(getLastPostJoinExitInvariant()), FixedPoint.ONE, // Supply has not changed so supplyGrowthRatio = 1 protocolSwapFeePercentage ); } /** * @dev Returns the percentage of the Pool's supply which corresponds to protocol fees on yield accrued by the Pool. * @param normalizedWeights - The Pool's normalized token weights. * @return yieldProtocolFeesPercentage - The percentage of the Pool which corresponds to protocol fees on yield. * @return athRateProduct - The new all-time-high rate product if it has increased, otherwise zero. */ function _getYieldProtocolFeesPoolPercentage( uint256[] memory normalizedWeights ) internal view returns (uint256, uint256) { if (_isExemptFromYieldProtocolFees()) return (0, 0); // Yield manifests in the Pool by individual tokens becoming more valuable, we convert this into comparable // units by applying a rate to get the equivalent balance of non-yield-bearing tokens // // non-yield-bearing balance = rate * yield-bearing balance // x'i = ri * xi // // To measure the amount of fees to pay due to yield, we take advantage of the fact that scaling the // Pool's balances results in a scaling factor being applied to the original invariant. // // I(r1 * x1, r2 * x2) = (r1 * x1)^w1 * (r2 * x2)^w2 // = (r1)^w1 * (r2)^w2 * (x1)^w1 * (x2)^w2 // = I(r1, r2) * I(x1, x2) // // We then only need to measure the growth of this scaling factor to measure how the value of the BPT token // increases due to yield; we can ignore the invariant calculated from the Pool's balances as these cancel. // We then have the result: // // invariantGrowthRatio = I(r1_new, r2_new) / I(r1_old, r2_old) = rateProduct / athRateProduct uint256 athRateProduct = _athRateProduct; uint256 rateProduct = _getRateProduct(normalizedWeights); // Only charge yield fees if we've exceeded the all time high of Pool value generated through yield. // i.e. if the Pool makes a loss through the yield strategies then it shouldn't charge fees until it's // been recovered. if (rateProduct <= athRateProduct) return (0, 0); return ( InvariantGrowthProtocolSwapFees.getProtocolOwnershipPercentage( rateProduct.divDown(athRateProduct), FixedPoint.ONE, // Supply has not changed so supplyGrowthRatio = 1 getProtocolFeePercentageCache(ProtocolFeeType.YIELD) ), rateProduct ); } function _updateATHRateProduct(uint256 rateProduct) internal { _athRateProduct = rateProduct; } /** * @dev Returns the amount of BPT to be minted as protocol fees prior to processing a join/exit. * Note that this isn't a view function. This function automatically updates `_athRateProduct` to ensure that * proper accounting is performed to prevent charging duplicate protocol fees. * @param preJoinExitInvariant - The Pool's invariant prior to the join/exit. * @param normalizedWeights - The Pool's normalized token weights. * @param preJoinExitSupply - The Pool's total supply prior to the join/exit *before* minting protocol fees. * @return protocolFeesToBeMinted - The amount of BPT to be minted as protocol fees. * @return athRateProduct - The new all-time-high rate product if it has increased, otherwise zero. */ function _getPreJoinExitProtocolFees( uint256 preJoinExitInvariant, uint256[] memory normalizedWeights, uint256 preJoinExitSupply ) internal view returns (uint256, uint256) { uint256 protocolSwapFeesPoolPercentage = _getSwapProtocolFeesPoolPercentage( preJoinExitInvariant, getProtocolFeePercentageCache(ProtocolFeeType.SWAP) ); ( uint256 protocolYieldFeesPoolPercentage, uint256 athRateProduct ) = _getYieldProtocolFeesPoolPercentage(normalizedWeights); return ( ProtocolFees.bptForPoolOwnershipPercentage( preJoinExitSupply, protocolSwapFeesPoolPercentage + protocolYieldFeesPoolPercentage ), athRateProduct ); } /** * @dev Returns the amount of BPT to be minted to pay protocol fees on swap fees accrued during a join/exit. * Note that this isn't a view function. This function automatically updates `_lastPostJoinExitInvariant` to * ensure that proper accounting is performed to prevent charging duplicate protocol fees. * @param preJoinExitInvariant - The Pool's invariant prior to the join/exit. * @param preBalances - The Pool's balances prior to the join/exit. * @param balanceDeltas - The changes to the Pool's balances due to the join/exit. * @param normalizedWeights - The Pool's normalized token weights. * @param preJoinExitSupply - The Pool's total supply prior to the join/exit *after* minting protocol fees. * @param postJoinExitSupply - The Pool's total supply after the join/exit. */ function _getPostJoinExitProtocolFees( uint256 preJoinExitInvariant, uint256[] memory preBalances, uint256[] memory balanceDeltas, uint256[] memory normalizedWeights, uint256 preJoinExitSupply, uint256 postJoinExitSupply ) internal returns (uint256) { bool isJoin = postJoinExitSupply >= preJoinExitSupply; // Compute the post balances by adding or removing the deltas. for (uint256 i = 0; i < preBalances.length; ++i) { preBalances[i] = isJoin ? SafeMath.add(preBalances[i], balanceDeltas[i]) : SafeMath.sub(preBalances[i], balanceDeltas[i]); } // preBalances have now been mutated to reflect the postJoinExit balances. uint256 postJoinExitInvariant = WeightedMath._calculateInvariant( normalizedWeights, preBalances ); uint256 protocolSwapFeePercentage = getProtocolFeePercentageCache( ProtocolFeeType.SWAP ); _updatePostJoinExit(postJoinExitInvariant); // We return immediately if the fee percentage is zero to avoid unnecessary computation. if (protocolSwapFeePercentage == 0) return 0; uint256 protocolFeeAmount = InvariantGrowthProtocolSwapFees .calcDueProtocolFees( postJoinExitInvariant.divDown(preJoinExitInvariant), preJoinExitSupply, postJoinExitSupply, protocolSwapFeePercentage ); return protocolFeeAmount; } function _updatePostJoinExit( uint256 postJoinExitInvariant ) internal virtual override { // After all joins and exits we store the post join/exit invariant in order to compute growth due to swap fees // in the next one. _setMiscData( _getMiscData().insertUint( postJoinExitInvariant, _LAST_POST_JOINEXIT_INVARIANT_OFFSET, _LAST_POST_JOINEXIT_INVARIANT_BIT_LENGTH ) ); } // Helper functions /** * @notice Returns the contribution to the total rate product from a token with the given weight and rate provider. */ function _getRateFactor( uint256 normalizedWeight, IRateProvider provider ) internal view returns (uint256) { return provider == IRateProvider(0) ? FixedPoint.ONE : provider.getRate().powDown(normalizedWeight); } /** * @dev Returns the weighted product of all the token rates. */ function _getRateProduct( uint256[] memory normalizedWeights ) internal view returns (uint256) { uint256 totalTokens = normalizedWeights.length; uint256 rateProduct = FixedPoint.mulDown( _getRateFactor(normalizedWeights[0], _rateProvider0), _getRateFactor(normalizedWeights[1], _rateProvider1) ); if (totalTokens > 2) { rateProduct = rateProduct.mulDown( _getRateFactor(normalizedWeights[2], _rateProvider2) ); } else { return rateProduct; } if (totalTokens > 3) { rateProduct = rateProduct.mulDown( _getRateFactor(normalizedWeights[3], _rateProvider3) ); } else { return rateProduct; } if (totalTokens > 4) { rateProduct = rateProduct.mulDown( _getRateFactor(normalizedWeights[4], _rateProvider4) ); } else { return rateProduct; } if (totalTokens > 5) { rateProduct = rateProduct.mulDown( _getRateFactor(normalizedWeights[5], _rateProvider5) ); } else { return rateProduct; } if (totalTokens > 6) { rateProduct = rateProduct.mulDown( _getRateFactor(normalizedWeights[6], _rateProvider6) ); } else { return rateProduct; } if (totalTokens > 7) { rateProduct = rateProduct.mulDown( _getRateFactor(normalizedWeights[7], _rateProvider7) ); } return rateProduct; } }
BasePool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../../v2-interfaces/contracts/pool-utils/IAssetManager.sol"; import "../../v2-interfaces/contracts/pool-utils/IControlledPool.sol"; import "../../v2-interfaces/contracts/vault/IVault.sol"; import "../../v2-interfaces/contracts/vault/IBasePool.sol"; import "../../v2-solidity-utils/contracts/helpers/InputHelpers.sol"; import "../../v2-solidity-utils/contracts/helpers/WordCodec.sol"; import "../../v2-solidity-utils/contracts/helpers/TemporarilyPausable.sol"; import "../../v2-solidity-utils/contracts/openzeppelin/ERC20.sol"; import "../../v2-solidity-utils/contracts/math/FixedPoint.sol"; import "../../v2-solidity-utils/contracts/math/Math.sol"; import "./BalancerPoolToken.sol"; import "./BasePoolAuthorization.sol"; import "./RecoveryMode.sol"; // solhint-disable max-states-count /** * @notice Reference implementation for the base layer of a Pool contract. * @dev Reference implementation for the base layer of a Pool contract that manages a single Pool with optional * Asset Managers, an admin-controlled swap fee percentage, and an emergency pause mechanism. * * This Pool pays protocol fees by minting BPT directly to the ProtocolFeeCollector instead of using the * `dueProtocolFees` return value. This results in the underlying tokens continuing to provide liquidity * for traders, while still keeping gas usage to a minimum since only a single token (the BPT) is transferred. * * Note that neither swap fees nor the pause mechanism are used by this contract. They are passed through so that * derived contracts can use them via the `_addSwapFeeAmount` and `_subtractSwapFeeAmount` functions, and the * `whenNotPaused` modifier. * * No admin permissions are checked here: instead, this contract delegates that to the Vault's own Authorizer. * * Because this contract doesn't implement the swap hooks, derived contracts should generally inherit from * BaseGeneralPool or BaseMinimalSwapInfoPool. Otherwise, subclasses must inherit from the corresponding interfaces * and implement the swap callbacks themselves. */ abstract contract BasePool is IBasePool, IControlledPool, BasePoolAuthorization, BalancerPoolToken, TemporarilyPausable, RecoveryMode { using WordCodec for bytes32; using FixedPoint for uint256; using BasePoolUserData for bytes; uint256 private constant _MIN_TOKENS = 2; uint256 private constant _DEFAULT_MINIMUM_BPT = 1e6; // 1e18 corresponds to 1.0, or a 100% fee uint256 private constant _MIN_SWAP_FEE_PERCENTAGE = 1e12; // 0.0001% uint256 private constant _MAX_SWAP_FEE_PERCENTAGE = 1e17; // 10% - this fits in 64 bits // `_miscData` is a storage slot that can be used to store unrelated pieces of information. All pools store the // recovery mode flag and swap fee percentage, but `miscData` can be extended to store more pieces of information. // The most signficant bit is reserved for the recovery mode flag, and the swap fee percentage is stored in // the next most significant 63 bits, leaving the remaining 192 bits free to store any other information derived // pools might need. // // This slot is preferred for gas-sensitive operations as it is read in all joins, swaps and exits, // and therefore warm. // [ recovery | swap fee | available ] // [ 1 bit | 63 bits | 192 bits ] // [ MSB LSB ] bytes32 private _miscData; uint256 private constant _SWAP_FEE_PERCENTAGE_OFFSET = 192; uint256 private constant _RECOVERY_MODE_BIT_OFFSET = 255; // A fee can never be larger than FixedPoint.ONE, which fits in 60 bits, so 63 is more than enough. uint256 private constant _SWAP_FEE_PERCENTAGE_BIT_LENGTH = 63; bytes32 private immutable _poolId; // Note that this value is immutable in the Vault, so we can make it immutable here and save gas IProtocolFeesCollector private immutable _protocolFeesCollector; event SwapFeePercentageChanged(uint256 swapFeePercentage); constructor( IVault vault, IVault.PoolSpecialization specialization, string memory name, string memory symbol, IERC20[] memory tokens, address[] memory assetManagers, uint256 swapFeePercentage, uint256 pauseWindowDuration, uint256 bufferPeriodDuration, address owner ) // Base Pools are expected to be deployed using factories. By using the factory address as the action // disambiguator, we make all Pools deployed by the same factory share action identifiers. This allows for // simpler management of permissions (such as being able to manage granting the 'set fee percentage' action in // any Pool created by the same factory), while still making action identifiers unique among different factories // if the selectors match, preventing accidental errors. Authentication(bytes32(uint256(msg.sender))) BalancerPoolToken(name, symbol, vault) BasePoolAuthorization(owner) TemporarilyPausable(pauseWindowDuration, bufferPeriodDuration) { _require(tokens.length >= _MIN_TOKENS, Errors.MIN_TOKENS); _require(tokens.length <= _getMaxTokens(), Errors.MAX_TOKENS); // The Vault only requires the token list to be ordered for the Two Token Pools specialization. However, // to make the developer experience consistent, we are requiring this condition for all the native pools. // Also, since these Pools will register tokens only once, we can ensure the Pool tokens will follow the same // order. We rely on this property to make Pools simpler to write, as it lets us assume that the // order of token-specific parameters (such as token weights) will not change. InputHelpers.ensureArrayIsSorted(tokens); _setSwapFeePercentage(swapFeePercentage); bytes32 poolId = vault.registerPool(specialization); vault.registerTokens(poolId, tokens, assetManagers); // Set immutable state variables - these cannot be read from during construction _poolId = poolId; _protocolFeesCollector = vault.getProtocolFeesCollector(); } // Getters / Setters /** * @notice Return the pool id. */ function getPoolId() public view override returns (bytes32) { return _poolId; } function _getTotalTokens() internal view virtual returns (uint256); function _getMaxTokens() internal pure virtual returns (uint256); /** * @dev Returns the minimum BPT supply. This amount is minted to the zero address during initialization, effectively * locking it. * * This is useful to make sure Pool initialization happens only once, but derived Pools can change this value (even * to zero) by overriding this function. */ function _getMinimumBpt() internal pure virtual returns (uint256) { return _DEFAULT_MINIMUM_BPT; } /** * @notice Return the current value of the swap fee percentage. * @dev This is stored in `_miscData`. */ function getSwapFeePercentage() public view virtual override returns (uint256) { return _miscData.decodeUint( _SWAP_FEE_PERCENTAGE_OFFSET, _SWAP_FEE_PERCENTAGE_BIT_LENGTH ); } /** * @notice Return the ProtocolFeesCollector contract. * @dev This is immutable, and retrieved from the Vault on construction. (It is also immutable in the Vault.) */ function getProtocolFeesCollector() public view returns (IProtocolFeesCollector) { return _protocolFeesCollector; } /** * @notice Set the swap fee percentage. * @dev This is a permissioned function, and disabled if the pool is paused. The swap fee must be within the * bounds set by MIN_SWAP_FEE_PERCENTAGE/MAX_SWAP_FEE_PERCENTAGE. Emits the SwapFeePercentageChanged event. */ function setSwapFeePercentage( uint256 swapFeePercentage ) public virtual override authenticate whenNotPaused { _setSwapFeePercentage(swapFeePercentage); } function _setSwapFeePercentage(uint256 swapFeePercentage) internal virtual { _require( swapFeePercentage >= _getMinSwapFeePercentage(), Errors.MIN_SWAP_FEE_PERCENTAGE ); _require( swapFeePercentage <= _getMaxSwapFeePercentage(), Errors.MAX_SWAP_FEE_PERCENTAGE ); _miscData = _miscData.insertUint( swapFeePercentage, _SWAP_FEE_PERCENTAGE_OFFSET, _SWAP_FEE_PERCENTAGE_BIT_LENGTH ); emit SwapFeePercentageChanged(swapFeePercentage); } function _getMinSwapFeePercentage() internal pure virtual returns (uint256) { return _MIN_SWAP_FEE_PERCENTAGE; } function _getMaxSwapFeePercentage() internal pure virtual returns (uint256) { return _MAX_SWAP_FEE_PERCENTAGE; } /** * @notice Returns whether the pool is in Recovery Mode. */ function inRecoveryMode() public view override returns (bool) { return _miscData.decodeBool(_RECOVERY_MODE_BIT_OFFSET); } /** * @dev Sets the recoveryMode state, and emits the corresponding event. */ function _setRecoveryMode(bool enabled) internal virtual override { _miscData = _miscData.insertBool(enabled, _RECOVERY_MODE_BIT_OFFSET); emit RecoveryModeStateChanged(enabled); // Some pools need to update their state when leaving recovery mode to ensure proper functioning of the Pool. // We do not allow an `_onEnableRecoveryMode()` hook as this may jeopardize the ability to enable Recovery mode. if (!enabled) _onDisableRecoveryMode(); } /** * @dev Performs any necessary actions on the disabling of Recovery Mode. * This is usually to reset any fee collection mechanisms to ensure that they operate correctly going forward. */ function _onDisableRecoveryMode() internal virtual { // solhint-disable-previous-line no-empty-blocks } /** * @notice Set the asset manager parameters for the given token. * @dev This is a permissioned function, unavailable when the pool is paused. * The details of the configuration data are set by each Asset Manager. (For an example, see * `RewardsAssetManager`.) */ function setAssetManagerPoolConfig( IERC20 token, bytes memory poolConfig ) public virtual override authenticate whenNotPaused { _setAssetManagerPoolConfig(token, poolConfig); } function _setAssetManagerPoolConfig( IERC20 token, bytes memory poolConfig ) private { bytes32 poolId = getPoolId(); (, , , address assetManager) = getVault().getPoolTokenInfo( poolId, token ); IAssetManager(assetManager).setConfig(poolId, poolConfig); } /** * @notice Pause the pool: an emergency action which disables all pool functions. * @dev This is a permissioned function that will only work during the Pause Window set during pool factory * deployment (see `TemporarilyPausable`). */ function pause() external authenticate { _setPaused(true); } /** * @notice Reverse a `pause` operation, and restore a pool to normal functionality. * @dev This is a permissioned function that will only work on a paused pool within the Buffer Period set during * pool factory deployment (see `TemporarilyPausable`). Note that any paused pools will automatically unpause * after the Buffer Period expires. */ function unpause() external authenticate { _setPaused(false); } function _isOwnerOnlyAction( bytes32 actionId ) internal view virtual override returns (bool) { return (actionId == getActionId(this.setSwapFeePercentage.selector)) || (actionId == getActionId(this.setAssetManagerPoolConfig.selector)); } function _getMiscData() internal view returns (bytes32) { return _miscData; } /** * @dev Inserts data into the least-significant 192 bits of the misc data storage slot. * Note that the remaining 64 bits are used for the swap fee percentage and cannot be overloaded. */ function _setMiscData(bytes32 newData) internal { _miscData = _miscData.insertBits192(newData, 0); } // Join / Exit Hooks modifier onlyVault(bytes32 poolId) { _require(msg.sender == address(getVault()), Errors.CALLER_NOT_VAULT); _require(poolId == getPoolId(), Errors.INVALID_POOL_ID); _; } /** * @notice Vault hook for adding liquidity to a pool (including the first time, "initializing" the pool). * @dev This function can only be called from the Vault, from `joinPool`. */ function onJoinPool( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external override onlyVault(poolId) returns (uint256[] memory, uint256[] memory) { _beforeSwapJoinExit(); uint256[] memory scalingFactors = _scalingFactors(); if (totalSupply() == 0) { ( uint256 bptAmountOut, uint256[] memory amountsIn ) = _onInitializePool( poolId, sender, recipient, scalingFactors, userData ); // On initialization, we lock _getMinimumBpt() by minting it for the zero address. This BPT acts as a // minimum as it will never be burned, which reduces potential issues with rounding, and also prevents the // Pool from ever being fully drained. _require(bptAmountOut >= _getMinimumBpt(), Errors.MINIMUM_BPT); _mintPoolTokens(address(0), _getMinimumBpt()); _mintPoolTokens(recipient, bptAmountOut - _getMinimumBpt()); // amountsIn are amounts entering the Pool, so we round up. _downscaleUpArray(amountsIn, scalingFactors); return (amountsIn, new uint256[](balances.length)); } else { _upscaleArray(balances, scalingFactors); (uint256 bptAmountOut, uint256[] memory amountsIn) = _onJoinPool( poolId, sender, recipient, balances, lastChangeBlock, inRecoveryMode() ? 0 : protocolSwapFeePercentage, // Protocol fees are disabled while in recovery mode scalingFactors, userData ); // Note we no longer use `balances` after calling `_onJoinPool`, which may mutate it. _mintPoolTokens(recipient, bptAmountOut); // amountsIn are amounts entering the Pool, so we round up. _downscaleUpArray(amountsIn, scalingFactors); // This Pool ignores the `dueProtocolFees` return value, so we simply return a zeroed-out array. return (amountsIn, new uint256[](balances.length)); } } /** * @notice Vault hook for removing liquidity from a pool. * @dev This function can only be called from the Vault, from `exitPool`. */ function onExitPool( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external override onlyVault(poolId) returns (uint256[] memory, uint256[] memory) { uint256[] memory amountsOut; uint256 bptAmountIn; // When a user calls `exitPool`, this is the first point of entry from the Vault. // We first check whether this is a Recovery Mode exit - if so, we proceed using this special lightweight exit // mechanism which avoids computing any complex values, interacting with external contracts, etc., and generally // should always work, even if the Pool's mathematics or a dependency break down. if (userData.isRecoveryModeExitKind()) { // This exit kind is only available in Recovery Mode. _ensureInRecoveryMode(); // Note that we don't upscale balances nor downscale amountsOut - we don't care about scaling factors during // a recovery mode exit. (bptAmountIn, amountsOut) = _doRecoveryModeExit( balances, totalSupply(), userData ); } else { // Note that we only call this if we're not in a recovery mode exit. _beforeSwapJoinExit(); uint256[] memory scalingFactors = _scalingFactors(); _upscaleArray(balances, scalingFactors); (bptAmountIn, amountsOut) = _onExitPool( poolId, sender, recipient, balances, lastChangeBlock, inRecoveryMode() ? 0 : protocolSwapFeePercentage, // Protocol fees are disabled while in recovery mode scalingFactors, userData ); // amountsOut are amounts exiting the Pool, so we round down. _downscaleDownArray(amountsOut, scalingFactors); } // Note we no longer use `balances` after calling `_onExitPool`, which may mutate it. _burnPoolTokens(sender, bptAmountIn); // This Pool ignores the `dueProtocolFees` return value, so we simply return a zeroed-out array. return (amountsOut, new uint256[](balances.length)); } // Query functions /** * @notice "Dry run" `onJoinPool`. * @dev Returns the amount of BPT that would be granted to `recipient` if the `onJoinPool` hook were called by the * Vault with the same arguments, along with the number of tokens `sender` would have to supply. * * This function is not meant to be called directly, but rather from a helper contract that fetches current Vault * data, such as the protocol swap fee percentage and Pool balances. * * Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must * explicitly use eth_call instead of eth_sendTransaction. */ function queryJoin( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external override returns (uint256 bptOut, uint256[] memory amountsIn) { InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens()); _queryAction( poolId, sender, recipient, balances, lastChangeBlock, protocolSwapFeePercentage, userData, _onJoinPool, _downscaleUpArray ); // The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement, // and we don't need to return anything here - it just silences compiler warnings. return (bptOut, amountsIn); } /** * @notice "Dry run" `onExitPool`. * @dev Returns the amount of BPT that would be burned from `sender` if the `onExitPool` hook were called by the * Vault with the same arguments, along with the number of tokens `recipient` would receive. * * This function is not meant to be called directly, but rather from a helper contract that fetches current Vault * data, such as the protocol swap fee percentage and Pool balances. * * Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must * explicitly use eth_call instead of eth_sendTransaction. */ function queryExit( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external override returns (uint256 bptIn, uint256[] memory amountsOut) { InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens()); _queryAction( poolId, sender, recipient, balances, lastChangeBlock, protocolSwapFeePercentage, userData, _onExitPool, _downscaleDownArray ); // The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement, // and we don't need to return anything here - it just silences compiler warnings. return (bptIn, amountsOut); } // Internal hooks to be overridden by derived contracts - all token amounts (except BPT) in these interfaces are // upscaled. /** * @dev Called when the Pool is joined for the first time; that is, when the BPT total supply is zero. * * Returns the amount of BPT to mint, and the token amounts the Pool will receive in return. * * Minted BPT will be sent to `recipient`, except for _getMinimumBpt(), which will be deducted from this amount and * sent to the zero address instead. This will cause that BPT to remain forever locked there, preventing total BTP * from ever dropping below that value, and ensuring `_onInitializePool` can only be called once in the entire * Pool's lifetime. * * The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will * be downscaled (rounding up) before being returned to the Vault. */ function _onInitializePool( bytes32 poolId, address sender, address recipient, uint256[] memory scalingFactors, bytes memory userData ) internal virtual returns (uint256 bptAmountOut, uint256[] memory amountsIn); /** * @dev Called whenever the Pool is joined after the first initialization join (see `_onInitializePool`). * * Returns the amount of BPT to mint, the token amounts that the Pool will receive in return, and the number of * tokens to pay in protocol swap fees. * * Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when * performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely. * * Minted BPT will be sent to `recipient`. * * The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will * be downscaled (rounding up) before being returned to the Vault. * * Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onJoinPool`). These * amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault. */ function _onJoinPool( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, uint256[] memory scalingFactors, bytes memory userData ) internal virtual returns (uint256 bptAmountOut, uint256[] memory amountsIn); /** * @dev Called whenever the Pool is exited. * * Returns the amount of BPT to burn, the token amounts for each Pool token that the Pool will grant in return, and * the number of tokens to pay in protocol swap fees. * * Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when * performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely. * * BPT will be burnt from `sender`. * * The Pool will grant tokens to `recipient`. These amounts are considered upscaled and will be downscaled * (rounding down) before being returned to the Vault. * * Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onExitPool`). These * amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault. */ function _onExitPool( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, uint256[] memory scalingFactors, bytes memory userData ) internal virtual returns (uint256 bptAmountIn, uint256[] memory amountsOut); /** * @dev Called at the very beginning of swaps, joins and exits, even before the scaling factors are read. Derived * contracts can extend this implementation to perform any state-changing operations they might need (including e.g. * updating the scaling factors), * * The only scenario in which this function is not called is during a recovery mode exit. This makes it safe to * perform non-trivial computations or interact with external dependencies here, as recovery mode will not be * affected. * * Since this contract does not implement swaps, derived contracts must also make sure this function is called on * swap handlers. */ function _beforeSwapJoinExit() internal virtual { // All joins, exits and swaps are disabled (except recovery mode exits). _ensureNotPaused(); } // Internal functions /** * @dev Pays protocol fees by minting `bptAmount` to the Protocol Fee Collector. */ function _payProtocolFees(uint256 bptAmount) internal { _mintPoolTokens(address(getProtocolFeesCollector()), bptAmount); } /** * @dev Adds swap fee amount to `amount`, returning a higher value. */ function _addSwapFeeAmount(uint256 amount) internal view returns (uint256) { // This returns amount + fee amount, so we round up (favoring a higher fee amount). return amount.divUp(getSwapFeePercentage().complement()); } /** * @dev Subtracts swap fee amount from `amount`, returning a lower value. */ function _subtractSwapFeeAmount( uint256 amount ) internal view returns (uint256) { // This returns amount - fee amount, so we round up (favoring a higher fee amount). uint256 feeAmount = amount.mulUp(getSwapFeePercentage()); return amount.sub(feeAmount); } // Scaling /** * @dev Returns a scaling factor that, when multiplied to a token amount for `token`, normalizes its balance as if * it had 18 decimals. */ function _computeScalingFactor( IERC20 token ) internal view returns (uint256) { if (address(token) == address(this)) { return FixedPoint.ONE; } // Tokens that don't implement the `decimals` method are not supported. uint256 tokenDecimals = ERC20(address(token)).decimals(); // Tokens with more than 18 decimals are not supported. uint256 decimalsDifference = Math.sub(18, tokenDecimals); return FixedPoint.ONE * 10 ** decimalsDifference; } /** * @dev Returns the scaling factor for one of the Pool's tokens. Reverts if `token` is not a token registered by the * Pool. * * All scaling factors are fixed-point values with 18 decimals, to allow for this function to be overridden by * derived contracts that need to apply further scaling, making these factors potentially non-integer. * * The largest 'base' scaling factor (i.e. in tokens with less than 18 decimals) is 10**18, which in fixed-point is * 10**36. This value can be multiplied with a 112 bit Vault balance with no overflow by a factor of ~1e7, making * even relatively 'large' factors safe to use. * * The 1e7 figure is the result of 2**256 / (1e18 * 1e18 * 2**112). */ function _scalingFactor( IERC20 token ) internal view virtual returns (uint256); /** * @dev Same as `_scalingFactor()`, except for all registered tokens (in the same order as registered). The Vault * will always pass balances in this order when calling any of the Pool hooks. */ function _scalingFactors() internal view virtual returns (uint256[] memory); function getScalingFactors() external view override returns (uint256[] memory) { return _scalingFactors(); } /** * @dev Applies `scalingFactor` to `amount`, resulting in a larger or equal value depending on whether it needed * scaling or not. */ function _upscale( uint256 amount, uint256 scalingFactor ) internal pure returns (uint256) { // Upscale rounding wouldn't necessarily always go in the same direction: in a swap for example the balance of // token in should be rounded up, and that of token out rounded down. This is the only place where we round in // the same direction for all amounts, as the impact of this rounding is expected to be minimal (and there's no // rounding error unless `_scalingFactor()` is overriden). return FixedPoint.mulDown(amount, scalingFactor); } /** * @dev Same as `_upscale`, but for an entire array. This function does not return anything, but instead *mutates* * the `amounts` array. */ function _upscaleArray( uint256[] memory amounts, uint256[] memory scalingFactors ) internal pure { uint256 length = amounts.length; InputHelpers.ensureInputLengthMatch(length, scalingFactors.length); for (uint256 i = 0; i < length; ++i) { amounts[i] = FixedPoint.mulDown(amounts[i], scalingFactors[i]); } } /** * @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on * whether it needed scaling or not. The result is rounded down. */ function _downscaleDown( uint256 amount, uint256 scalingFactor ) internal pure returns (uint256) { return FixedPoint.divDown(amount, scalingFactor); } /** * @dev Same as `_downscaleDown`, but for an entire array. This function does not return anything, but instead * *mutates* the `amounts` array. */ function _downscaleDownArray( uint256[] memory amounts, uint256[] memory scalingFactors ) internal pure { uint256 length = amounts.length; InputHelpers.ensureInputLengthMatch(length, scalingFactors.length); for (uint256 i = 0; i < length; ++i) { amounts[i] = FixedPoint.divDown(amounts[i], scalingFactors[i]); } } /** * @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on * whether it needed scaling or not. The result is rounded up. */ function _downscaleUp( uint256 amount, uint256 scalingFactor ) internal pure returns (uint256) { return FixedPoint.divUp(amount, scalingFactor); } /** * @dev Same as `_downscaleUp`, but for an entire array. This function does not return anything, but instead * *mutates* the `amounts` array. */ function _downscaleUpArray( uint256[] memory amounts, uint256[] memory scalingFactors ) internal pure { uint256 length = amounts.length; InputHelpers.ensureInputLengthMatch(length, scalingFactors.length); for (uint256 i = 0; i < length; ++i) { amounts[i] = FixedPoint.divUp(amounts[i], scalingFactors[i]); } } function _getAuthorizer() internal view override returns (IAuthorizer) { // Access control management is delegated to the Vault's Authorizer. This lets Balancer Governance manage which // accounts can call permissioned functions: for example, to perform emergency pauses. // If the owner is delegated, then *all* permissioned functions, including `setSwapFeePercentage`, will be under // Governance control. return getVault().getAuthorizer(); } function _queryAction( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData, function( bytes32, address, address, uint256[] memory, uint256, uint256, uint256[] memory, bytes memory ) internal returns (uint256, uint256[] memory) _action, function(uint256[] memory, uint256[] memory) internal view _downscaleArray ) private { // This uses the same technique used by the Vault in queryBatchSwap. Refer to that function for a detailed // explanation. if (msg.sender != address(this)) { // We perform an external call to ourselves, forwarding the same calldata. In this call, the else clause of // the preceding if statement will be executed instead. // solhint-disable-next-line avoid-low-level-calls (bool success, ) = address(this).call(msg.data); // solhint-disable-next-line no-inline-assembly assembly { // This call should always revert to decode the bpt and token amounts from the revert reason switch success case 0 { // Note we are manually writing the memory slot 0. We can safely overwrite whatever is // stored there as we take full control of the execution and then immediately return. // We copy the first 4 bytes to check if it matches with the expected signature, otherwise // there was another revert reason and we should forward it. returndatacopy(0, 0, 0x04) let error := and( mload(0), 0xffffffff00000000000000000000000000000000000000000000000000000000 ) // If the first 4 bytes don't match with the expected signature, we forward the revert reason. if eq( eq( error, 0x43adbafb00000000000000000000000000000000000000000000000000000000 ), 0 ) { returndatacopy(0, 0, returndatasize()) revert(0, returndatasize()) } // The returndata contains the signature, followed by the raw memory representation of the // `bptAmount` and `tokenAmounts` (array: length + data). We need to return an ABI-encoded // representation of these. // An ABI-encoded response will include one additional field to indicate the starting offset of // the `tokenAmounts` array. The `bptAmount` will be laid out in the first word of the // returndata. // // In returndata: // [ signature ][ bptAmount ][ tokenAmounts length ][ tokenAmounts values ] // [ 4 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ] // // We now need to return (ABI-encoded values): // [ bptAmount ][ tokeAmounts offset ][ tokenAmounts length ][ tokenAmounts values ] // [ 32 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ] // We copy 32 bytes for the `bptAmount` from returndata into memory. // Note that we skip the first 4 bytes for the error signature returndatacopy(0, 0x04, 32) // The offsets are 32-bytes long, so the array of `tokenAmounts` will start after // the initial 64 bytes. mstore(0x20, 64) // We now copy the raw memory array for the `tokenAmounts` from returndata into memory. // Since bpt amount and offset take up 64 bytes, we start copying at address 0x40. We also // skip the first 36 bytes from returndata, which correspond to the signature plus bpt amount. returndatacopy(0x40, 0x24, sub(returndatasize(), 36)) // We finally return the ABI-encoded uint256 and the array, which has a total length equal to // the size of returndata, plus the 32 bytes of the offset but without the 4 bytes of the // error signature. return(0, add(returndatasize(), 28)) } default { // This call should always revert, but we fail nonetheless if that didn't happen invalid() } } } else { // This imitates the relevant parts of the bodies of onJoin and onExit. Since they're not virtual, we know // that their implementations will match this regardless of what derived contracts might do. _beforeSwapJoinExit(); uint256[] memory scalingFactors = _scalingFactors(); _upscaleArray(balances, scalingFactors); (uint256 bptAmount, uint256[] memory tokenAmounts) = _action( poolId, sender, recipient, balances, lastChangeBlock, protocolSwapFeePercentage, scalingFactors, userData ); _downscaleArray(tokenAmounts, scalingFactors); // solhint-disable-next-line no-inline-assembly assembly { // We will return a raw representation of `bptAmount` and `tokenAmounts` in memory, which is composed of // a 32-byte uint256, followed by a 32-byte for the array length, and finally the 32-byte uint256 values // Because revert expects a size in bytes, we multiply the array length (stored at `tokenAmounts`) by 32 let size := mul(mload(tokenAmounts), 32) // We store the `bptAmount` in the previous slot to the `tokenAmounts` array. We can make sure there // will be at least one available slot due to how the memory scratch space works. // We can safely overwrite whatever is stored in this slot as we will revert immediately after that. let start := sub(tokenAmounts, 0x20) mstore(start, bptAmount) // We send one extra value for the error signature "QueryError(uint256,uint256[])" which is 0x43adbafb // We use the previous slot to `bptAmount`. mstore( sub(start, 0x20), 0x0000000000000000000000000000000000000000000000000000000043adbafb ) start := sub(start, 0x04) // When copying from `tokenAmounts` into returndata, we copy the additional 68 bytes to also return // the `bptAmount`, the array 's length, and the error signature. revert(start, add(size, 68)) } } } }
IAsset.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; /** * @dev This is an empty interface used to represent either ERC20-conforming token contracts or ETH (using the zero * address sentinel value). We're just relying on the fact that `interface` can be used to declare new address-like * types. * * This concept is unrelated to a Pool's Asset Managers. */ interface IAsset { // solhint-disable-previous-line no-empty-blocks }
IVault.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma experimental ABIEncoderV2; import "../solidity-utils/openzeppelin/IERC20.sol"; import "../solidity-utils/helpers/IAuthentication.sol"; import "../solidity-utils/helpers/ISignaturesValidator.sol"; import "../solidity-utils/helpers/ITemporarilyPausable.sol"; import "../solidity-utils/misc/IWETH.sol"; import "./IAsset.sol"; import "./IAuthorizer.sol"; import "./IFlashLoanRecipient.sol"; import "./IProtocolFeesCollector.sol"; pragma solidity ^0.7.0; /** * @dev Full external interface for the Vault core contract - no external or public methods exist in the contract that * don't override one of these declarations. */ interface IVault is ISignaturesValidator, ITemporarilyPausable, IAuthentication { // Generalities about the Vault: // // - Whenever documentation refers to 'tokens', it strictly refers to ERC20-compliant token contracts. Tokens are // transferred out of the Vault by calling the `IERC20.transfer` function, and transferred in by calling // `IERC20.transferFrom`. In these cases, the sender must have previously allowed the Vault to use their tokens by // calling `IERC20.approve`. The only deviation from the ERC20 standard that is supported is functions not returning // a boolean value: in these scenarios, a non-reverting call is assumed to be successful. // // - All non-view functions in the Vault are non-reentrant: calling them while another one is mid-execution (e.g. // while execution control is transferred to a token contract during a swap) will result in a revert. View // functions can be called in a re-reentrant way, but doing so might cause them to return inconsistent results. // Contracts calling view functions in the Vault must make sure the Vault has not already been entered. // // - View functions revert if referring to either unregistered Pools, or unregistered tokens for registered Pools. // Authorizer // // Some system actions are permissioned, like setting and collecting protocol fees. This permissioning system exists // outside of the Vault in the Authorizer contract: the Vault simply calls the Authorizer to check if the caller // can perform a given action. /** * @dev Returns the Vault's Authorizer. */ function getAuthorizer() external view returns (IAuthorizer); /** * @dev Sets a new Authorizer for the Vault. The caller must be allowed by the current Authorizer to do this. * * Emits an `AuthorizerChanged` event. */ function setAuthorizer(IAuthorizer newAuthorizer) external; /** * @dev Emitted when a new authorizer is set by `setAuthorizer`. */ event AuthorizerChanged(IAuthorizer indexed newAuthorizer); // Relayers // // Additionally, it is possible for an account to perform certain actions on behalf of another one, using their // Vault ERC20 allowance and Internal Balance. These accounts are said to be 'relayers' for these Vault functions, // and are expected to be smart contracts with sound authentication mechanisms. For an account to be able to wield // this power, two things must occur: // - The Authorizer must grant the account the permission to be a relayer for the relevant Vault function. This // means that Balancer governance must approve each individual contract to act as a relayer for the intended // functions. // - Each user must approve the relayer to act on their behalf. // This double protection means users cannot be tricked into approving malicious relayers (because they will not // have been allowed by the Authorizer via governance), nor can malicious relayers approved by a compromised // Authorizer or governance drain user funds, since they would also need to be approved by each individual user. /** * @dev Returns true if `user` has approved `relayer` to act as a relayer for them. */ function hasApprovedRelayer(address user, address relayer) external view returns (bool); /** * @dev Allows `relayer` to act as a relayer for `sender` if `approved` is true, and disallows it otherwise. * * Emits a `RelayerApprovalChanged` event. */ function setRelayerApproval( address sender, address relayer, bool approved ) external; /** * @dev Emitted every time a relayer is approved or disapproved by `setRelayerApproval`. */ event RelayerApprovalChanged(address indexed relayer, address indexed sender, bool approved); // Internal Balance // // Users can deposit tokens into the Vault, where they are allocated to their Internal Balance, and later // transferred or withdrawn. It can also be used as a source of tokens when joining Pools, as a destination // when exiting them, and as either when performing swaps. This usage of Internal Balance results in greatly reduced // gas costs when compared to relying on plain ERC20 transfers, leading to large savings for frequent users. // // Internal Balance management features batching, which means a single contract call can be used to perform multiple // operations of different kinds, with different senders and recipients, at once. /** * @dev Returns `user`'s Internal Balance for a set of tokens. */ function getInternalBalance(address user, IERC20[] memory tokens) external view returns (uint256[] memory); /** * @dev Performs a set of user balance operations, which involve Internal Balance (deposit, withdraw or transfer) * and plain ERC20 transfers using the Vault's allowance. This last feature is particularly useful for relayers, as * it lets integrators reuse a user's Vault allowance. * * For each operation, if the caller is not `sender`, it must be an authorized relayer for them. */ function manageUserBalance(UserBalanceOp[] memory ops) external payable; /** * @dev Data for `manageUserBalance` operations, which include the possibility for ETH to be sent and received without manual WETH wrapping or unwrapping. */ struct UserBalanceOp { UserBalanceOpKind kind; IAsset asset; uint256 amount; address sender; address payable recipient; } // There are four possible operations in `manageUserBalance`: // // - DEPOSIT_INTERNAL // Increases the Internal Balance of the `recipient` account by transferring tokens from the corresponding // `sender`. The sender must have allowed the Vault to use their tokens via `IERC20.approve()`. // // ETH can be used by passing the ETH sentinel value as the asset and forwarding ETH in the call: it will be wrapped // and deposited as WETH. Any ETH amount remaining will be sent back to the caller (not the sender, which is // relevant for relayers). // // Emits an `InternalBalanceChanged` event. // // // - WITHDRAW_INTERNAL // Decreases the Internal Balance of the `sender` account by transferring tokens to the `recipient`. // // ETH can be used by passing the ETH sentinel value as the asset. This will deduct WETH instead, unwrap it and send // it to the recipient as ETH. // // Emits an `InternalBalanceChanged` event. // // // - TRANSFER_INTERNAL // Transfers tokens from the Internal Balance of the `sender` account to the Internal Balance of `recipient`. // // Reverts if the ETH sentinel value is passed. // // Emits an `InternalBalanceChanged` event. // // // - TRANSFER_EXTERNAL // Transfers tokens from `sender` to `recipient`, using the Vault's ERC20 allowance. This is typically used by // relayers, as it lets them reuse a user's Vault allowance. // // Reverts if the ETH sentinel value is passed. // // Emits an `ExternalBalanceTransfer` event. enum UserBalanceOpKind { DEPOSIT_INTERNAL, WITHDRAW_INTERNAL, TRANSFER_INTERNAL, TRANSFER_EXTERNAL } /** * @dev Emitted when a user's Internal Balance changes, either from calls to `manageUserBalance`, or through * interacting with Pools using Internal Balance. * * Because Internal Balance works exclusively with ERC20 tokens, ETH deposits and withdrawals will use the WETH * address. */ event InternalBalanceChanged(address indexed user, IERC20 indexed token, int256 delta); /** * @dev Emitted when a user's Vault ERC20 allowance is used by the Vault to transfer tokens to an external account. */ event ExternalBalanceTransfer(IERC20 indexed token, address indexed sender, address recipient, uint256 amount); // Pools // // There are three specialization settings for Pools, which allow for cheaper swaps at the cost of reduced // functionality: // // - General: no specialization, suited for all Pools. IGeneralPool is used for swap request callbacks, passing the // balance of all tokens in the Pool. These Pools have the largest swap costs (because of the extra storage reads), // which increase with the number of registered tokens. // // - Minimal Swap Info: IMinimalSwapInfoPool is used instead of IGeneralPool, which saves gas by only passing the // balance of the two tokens involved in the swap. This is suitable for some pricing algorithms, like the weighted // constant product one popularized by Balancer V1. Swap costs are smaller compared to general Pools, and are // independent of the number of registered tokens. // // - Two Token: only allows two tokens to be registered. This achieves the lowest possible swap gas cost. Like // minimal swap info Pools, these are called via IMinimalSwapInfoPool. enum PoolSpecialization { GENERAL, MINIMAL_SWAP_INFO, TWO_TOKEN } /** * @dev Registers the caller account as a Pool with a given specialization setting. Returns the Pool's ID, which * is used in all Pool-related functions. Pools cannot be deregistered, nor can the Pool's specialization be * changed. * * The caller is expected to be a smart contract that implements either `IGeneralPool` or `IMinimalSwapInfoPool`, * depending on the chosen specialization setting. This contract is known as the Pool's contract. * * Note that the same contract may register itself as multiple Pools with unique Pool IDs, or in other words, * multiple Pools may share the same contract. * * Emits a `PoolRegistered` event. */ function registerPool(PoolSpecialization specialization) external returns (bytes32); /** * @dev Emitted when a Pool is registered by calling `registerPool`. */ event PoolRegistered(bytes32 indexed poolId, address indexed poolAddress, PoolSpecialization specialization); /** * @dev Returns a Pool's contract address and specialization setting. */ function getPool(bytes32 poolId) external view returns (address, PoolSpecialization); /** * @dev Registers `tokens` for the `poolId` Pool. Must be called by the Pool's contract. * * Pools can only interact with tokens they have registered. Users join a Pool by transferring registered tokens, * exit by receiving registered tokens, and can only swap registered tokens. * * Each token can only be registered once. For Pools with the Two Token specialization, `tokens` must have a length * of two, that is, both tokens must be registered in the same `registerTokens` call, and they must be sorted in * ascending order. * * The `tokens` and `assetManagers` arrays must have the same length, and each entry in these indicates the Asset * Manager for the corresponding token. Asset Managers can manage a Pool's tokens via `managePoolBalance`, * depositing and withdrawing them directly, and can even set their balance to arbitrary amounts. They are therefore * expected to be highly secured smart contracts with sound design principles, and the decision to register an * Asset Manager should not be made lightly. * * Pools can choose not to assign an Asset Manager to a given token by passing in the zero address. Once an Asset * Manager is set, it cannot be changed except by deregistering the associated token and registering again with a * different Asset Manager. * * Emits a `TokensRegistered` event. */ function registerTokens( bytes32 poolId, IERC20[] memory tokens, address[] memory assetManagers ) external; /** * @dev Emitted when a Pool registers tokens by calling `registerTokens`. */ event TokensRegistered(bytes32 indexed poolId, IERC20[] tokens, address[] assetManagers); /** * @dev Deregisters `tokens` for the `poolId` Pool. Must be called by the Pool's contract. * * Only registered tokens (via `registerTokens`) can be deregistered. Additionally, they must have zero total * balance. For Pools with the Two Token specialization, `tokens` must have a length of two, that is, both tokens * must be deregistered in the same `deregisterTokens` call. * * A deregistered token can be re-registered later on, possibly with a different Asset Manager. * * Emits a `TokensDeregistered` event. */ function deregisterTokens(bytes32 poolId, IERC20[] memory tokens) external; /** * @dev Emitted when a Pool deregisters tokens by calling `deregisterTokens`. */ event TokensDeregistered(bytes32 indexed poolId, IERC20[] tokens); /** * @dev Returns detailed information for a Pool's registered token. * * `cash` is the number of tokens the Vault currently holds for the Pool. `managed` is the number of tokens * withdrawn and held outside the Vault by the Pool's token Asset Manager. The Pool's total balance for `token` * equals the sum of `cash` and `managed`. * * Internally, `cash` and `managed` are stored using 112 bits. No action can ever cause a Pool's token `cash`, * `managed` or `total` balance to be greater than 2^112 - 1. * * `lastChangeBlock` is the number of the block in which `token`'s total balance was last modified (via either a * join, exit, swap, or Asset Manager update). This value is useful to avoid so-called 'sandwich attacks', for * example when developing price oracles. A change of zero (e.g. caused by a swap with amount zero) is considered a * change for this purpose, and will update `lastChangeBlock`. * * `assetManager` is the Pool's token Asset Manager. */ function getPoolTokenInfo(bytes32 poolId, IERC20 token) external view returns ( uint256 cash, uint256 managed, uint256 lastChangeBlock, address assetManager ); /** * @dev Returns a Pool's registered tokens, the total balance for each, and the latest block when *any* of * the tokens' `balances` changed. * * The order of the `tokens` array is the same order that will be used in `joinPool`, `exitPool`, as well as in all * Pool hooks (where applicable). Calls to `registerTokens` and `deregisterTokens` may change this order. * * If a Pool only registers tokens once, and these are sorted in ascending order, they will be stored in the same * order as passed to `registerTokens`. * * Total balances include both tokens held by the Vault and those withdrawn by the Pool's Asset Managers. These are * the amounts used by joins, exits and swaps. For a detailed breakdown of token balances, use `getPoolTokenInfo` * instead. */ function getPoolTokens(bytes32 poolId) external view returns ( IERC20[] memory tokens, uint256[] memory balances, uint256 lastChangeBlock ); /** * @dev Called by users to join a Pool, which transfers tokens from `sender` into the Pool's balance. This will * trigger custom Pool behavior, which will typically grant something in return to `recipient` - often tokenized * Pool shares. * * If the caller is not `sender`, it must be an authorized relayer for them. * * The `assets` and `maxAmountsIn` arrays must have the same length, and each entry indicates the maximum amount * to send for each asset. The amounts to send are decided by the Pool and not the Vault: it just enforces * these maximums. * * If joining a Pool that holds WETH, it is possible to send ETH directly: the Vault will do the wrapping. To enable * this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead of the * WETH address. Note that it is not possible to combine ETH and WETH in the same join. Any excess ETH will be sent * back to the caller (not the sender, which is important for relayers). * * `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when * interacting with Pools that register and deregister tokens frequently. If sending ETH however, the array must be * sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the final * `assets` array might not be sorted. Pools with no registered tokens cannot be joined. * * If `fromInternalBalance` is true, the caller's Internal Balance will be preferred: ERC20 transfers will only * be made for the difference between the requested amount and Internal Balance (if any). Note that ETH cannot be * withdrawn from Internal Balance: attempting to do so will trigger a revert. * * This causes the Vault to call the `IBasePool.onJoinPool` hook on the Pool's contract, where Pools implement * their own custom logic. This typically requires additional information from the user (such as the expected number * of Pool shares). This can be encoded in the `userData` argument, which is ignored by the Vault and passed * directly to the Pool's contract, as is `recipient`. * * Emits a `PoolBalanceChanged` event. */ function joinPool( bytes32 poolId, address sender, address recipient, JoinPoolRequest memory request ) external payable; struct JoinPoolRequest { IAsset[] assets; uint256[] maxAmountsIn; bytes userData; bool fromInternalBalance; } /** * @dev Called by users to exit a Pool, which transfers tokens from the Pool's balance to `recipient`. This will * trigger custom Pool behavior, which will typically ask for something in return from `sender` - often tokenized * Pool shares. The amount of tokens that can be withdrawn is limited by the Pool's `cash` balance (see * `getPoolTokenInfo`). * * If the caller is not `sender`, it must be an authorized relayer for them. * * The `tokens` and `minAmountsOut` arrays must have the same length, and each entry in these indicates the minimum * token amount to receive for each token contract. The amounts to send are decided by the Pool and not the Vault: * it just enforces these minimums. * * If exiting a Pool that holds WETH, it is possible to receive ETH directly: the Vault will do the unwrapping. To * enable this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead * of the WETH address. Note that it is not possible to combine ETH and WETH in the same exit. * * `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when * interacting with Pools that register and deregister tokens frequently. If receiving ETH however, the array must * be sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the * final `assets` array might not be sorted. Pools with no registered tokens cannot be exited. * * If `toInternalBalance` is true, the tokens will be deposited to `recipient`'s Internal Balance. Otherwise, * an ERC20 transfer will be performed. Note that ETH cannot be deposited to Internal Balance: attempting to * do so will trigger a revert. * * `minAmountsOut` is the minimum amount of tokens the user expects to get out of the Pool, for each token in the * `tokens` array. This array must match the Pool's registered tokens. * * This causes the Vault to call the `IBasePool.onExitPool` hook on the Pool's contract, where Pools implement * their own custom logic. This typically requires additional information from the user (such as the expected number * of Pool shares to return). This can be encoded in the `userData` argument, which is ignored by the Vault and * passed directly to the Pool's contract. * * Emits a `PoolBalanceChanged` event. */ function exitPool( bytes32 poolId, address sender, address payable recipient, ExitPoolRequest memory request ) external; struct ExitPoolRequest { IAsset[] assets; uint256[] minAmountsOut; bytes userData; bool toInternalBalance; } /** * @dev Emitted when a user joins or exits a Pool by calling `joinPool` or `exitPool`, respectively. */ event PoolBalanceChanged( bytes32 indexed poolId, address indexed liquidityProvider, IERC20[] tokens, int256[] deltas, uint256[] protocolFeeAmounts ); enum PoolBalanceChangeKind { JOIN, EXIT } // Swaps // // Users can swap tokens with Pools by calling the `swap` and `batchSwap` functions. To do this, // they need not trust Pool contracts in any way: all security checks are made by the Vault. They must however be // aware of the Pools' pricing algorithms in order to estimate the prices Pools will quote. // // The `swap` function executes a single swap, while `batchSwap` can perform multiple swaps in sequence. // In each individual swap, tokens of one kind are sent from the sender to the Pool (this is the 'token in'), // and tokens of another kind are sent from the Pool to the recipient in exchange (this is the 'token out'). // More complex swaps, such as one token in to multiple tokens out can be achieved by batching together // individual swaps. // // There are two swap kinds: // - 'given in' swaps, where the amount of tokens in (sent to the Pool) is known, and the Pool determines (via the // `onSwap` hook) the amount of tokens out (to send to the recipient). // - 'given out' swaps, where the amount of tokens out (received from the Pool) is known, and the Pool determines // (via the `onSwap` hook) the amount of tokens in (to receive from the sender). // // Additionally, it is possible to chain swaps using a placeholder input amount, which the Vault replaces with // the calculated output of the previous swap. If the previous swap was 'given in', this will be the calculated // tokenOut amount. If the previous swap was 'given out', it will use the calculated tokenIn amount. These extended // swaps are known as 'multihop' swaps, since they 'hop' through a number of intermediate tokens before arriving at // the final intended token. // // In all cases, tokens are only transferred in and out of the Vault (or withdrawn from and deposited into Internal // Balance) after all individual swaps have been completed, and the net token balance change computed. This makes // certain swap patterns, such as multihops, or swaps that interact with the same token pair in multiple Pools, cost // much less gas than they would otherwise. // // It also means that under certain conditions it is possible to perform arbitrage by swapping with multiple // Pools in a way that results in net token movement out of the Vault (profit), with no tokens being sent in (only // updating the Pool's internal accounting). // // To protect users from front-running or the market changing rapidly, they supply a list of 'limits' for each token // involved in the swap, where either the maximum number of tokens to send (by passing a positive value) or the // minimum amount of tokens to receive (by passing a negative value) is specified. // // Additionally, a 'deadline' timestamp can also be provided, forcing the swap to fail if it occurs after // this point in time (e.g. if the transaction failed to be included in a block promptly). // // If interacting with Pools that hold WETH, it is possible to both send and receive ETH directly: the Vault will do // the wrapping and unwrapping. To enable this mechanism, the IAsset sentinel value (the zero address) must be // passed in the `assets` array instead of the WETH address. Note that it is possible to combine ETH and WETH in the // same swap. Any excess ETH will be sent back to the caller (not the sender, which is relevant for relayers). // // Finally, Internal Balance can be used when either sending or receiving tokens. enum SwapKind { GIVEN_IN, GIVEN_OUT } /** * @dev Performs a swap with a single Pool. * * If the swap is 'given in' (the number of tokens to send to the Pool is known), it returns the amount of tokens * taken from the Pool, which must be greater than or equal to `limit`. * * If the swap is 'given out' (the number of tokens to take from the Pool is known), it returns the amount of tokens * sent to the Pool, which must be less than or equal to `limit`. * * Internal Balance usage and the recipient are determined by the `funds` struct. * * Emits a `Swap` event. */ function swap( SingleSwap memory singleSwap, FundManagement memory funds, uint256 limit, uint256 deadline ) external payable returns (uint256); /** * @dev Data for a single swap executed by `swap`. `amount` is either `amountIn` or `amountOut` depending on * the `kind` value. * * `assetIn` and `assetOut` are either token addresses, or the IAsset sentinel value for ETH (the zero address). * Note that Pools never interact with ETH directly: it will be wrapped to or unwrapped from WETH by the Vault. * * The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be * used to extend swap behavior. */ struct SingleSwap { bytes32 poolId; SwapKind kind; IAsset assetIn; IAsset assetOut; uint256 amount; bytes userData; } /** * @dev Performs a series of swaps with one or multiple Pools. In each individual swap, the caller determines either * the amount of tokens sent to or received from the Pool, depending on the `kind` value. * * Returns an array with the net Vault asset balance deltas. Positive amounts represent tokens (or ETH) sent to the * Vault, and negative amounts represent tokens (or ETH) sent by the Vault. Each delta corresponds to the asset at * the same index in the `assets` array. * * Swaps are executed sequentially, in the order specified by the `swaps` array. Each array element describes a * Pool, the token to be sent to this Pool, the token to receive from it, and an amount that is either `amountIn` or * `amountOut` depending on the swap kind. * * Multihop swaps can be executed by passing an `amount` value of zero for a swap. This will cause the amount in/out * of the previous swap to be used as the amount in for the current one. In a 'given in' swap, 'tokenIn' must equal * the previous swap's `tokenOut`. For a 'given out' swap, `tokenOut` must equal the previous swap's `tokenIn`. * * The `assets` array contains the addresses of all assets involved in the swaps. These are either token addresses, * or the IAsset sentinel value for ETH (the zero address). Each entry in the `swaps` array specifies tokens in and * out by referencing an index in `assets`. Note that Pools never interact with ETH directly: it will be wrapped to * or unwrapped from WETH by the Vault. * * Internal Balance usage, sender, and recipient are determined by the `funds` struct. The `limits` array specifies * the minimum or maximum amount of each token the vault is allowed to transfer. * * `batchSwap` can be used to make a single swap, like `swap` does, but doing so requires more gas than the * equivalent `swap` call. * * Emits `Swap` events. */ function batchSwap( SwapKind kind, BatchSwapStep[] memory swaps, IAsset[] memory assets, FundManagement memory funds, int256[] memory limits, uint256 deadline ) external payable returns (int256[] memory); /** * @dev Data for each individual swap executed by `batchSwap`. The asset in and out fields are indexes into the * `assets` array passed to that function, and ETH assets are converted to WETH. * * If `amount` is zero, the multihop mechanism is used to determine the actual amount based on the amount in/out * from the previous swap, depending on the swap kind. * * The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be * used to extend swap behavior. */ struct BatchSwapStep { bytes32 poolId; uint256 assetInIndex; uint256 assetOutIndex; uint256 amount; bytes userData; } /** * @dev Emitted for each individual swap performed by `swap` or `batchSwap`. */ event Swap( bytes32 indexed poolId, IERC20 indexed tokenIn, IERC20 indexed tokenOut, uint256 amountIn, uint256 amountOut ); /** * @dev All tokens in a swap are either sent from the `sender` account to the Vault, or from the Vault to the * `recipient` account. * * If the caller is not `sender`, it must be an authorized relayer for them. * * If `fromInternalBalance` is true, the `sender`'s Internal Balance will be preferred, performing an ERC20 * transfer for the difference between the requested amount and the User's Internal Balance (if any). The `sender` * must have allowed the Vault to use their tokens via `IERC20.approve()`. This matches the behavior of * `joinPool`. * * If `toInternalBalance` is true, tokens will be deposited to `recipient`'s internal balance instead of * transferred. This matches the behavior of `exitPool`. * * Note that ETH cannot be deposited to or withdrawn from Internal Balance: attempting to do so will trigger a * revert. */ struct FundManagement { address sender; bool fromInternalBalance; address payable recipient; bool toInternalBalance; } /** * @dev Simulates a call to `batchSwap`, returning an array of Vault asset deltas. Calls to `swap` cannot be * simulated directly, but an equivalent `batchSwap` call can and will yield the exact same result. * * Each element in the array corresponds to the asset at the same index, and indicates the number of tokens (or ETH) * the Vault would take from the sender (if positive) or send to the recipient (if negative). The arguments it * receives are the same that an equivalent `batchSwap` call would receive. * * Unlike `batchSwap`, this function performs no checks on the sender or recipient field in the `funds` struct. * This makes it suitable to be called by off-chain applications via eth_call without needing to hold tokens, * approve them for the Vault, or even know a user's address. * * Note that this function is not 'view' (due to implementation details): the client code must explicitly execute * eth_call instead of eth_sendTransaction. */ function queryBatchSwap( SwapKind kind, BatchSwapStep[] memory swaps, IAsset[] memory assets, FundManagement memory funds ) external returns (int256[] memory assetDeltas); // Flash Loans /** * @dev Performs a 'flash loan', sending tokens to `recipient`, executing the `receiveFlashLoan` hook on it, * and then reverting unless the tokens plus a proportional protocol fee have been returned. * * The `tokens` and `amounts` arrays must have the same length, and each entry in these indicates the loan amount * for each token contract. `tokens` must be sorted in ascending order. * * The 'userData' field is ignored by the Vault, and forwarded as-is to `recipient` as part of the * `receiveFlashLoan` call. * * Emits `FlashLoan` events. */ function flashLoan( IFlashLoanRecipient recipient, IERC20[] memory tokens, uint256[] memory amounts, bytes memory userData ) external; /** * @dev Emitted for each individual flash loan performed by `flashLoan`. */ event FlashLoan(IFlashLoanRecipient indexed recipient, IERC20 indexed token, uint256 amount, uint256 feeAmount); // Asset Management // // Each token registered for a Pool can be assigned an Asset Manager, which is able to freely withdraw the Pool's // tokens from the Vault, deposit them, or assign arbitrary values to its `managed` balance (see // `getPoolTokenInfo`). This makes them extremely powerful and dangerous. Even if an Asset Manager only directly // controls one of the tokens in a Pool, a malicious manager could set that token's balance to manipulate the // prices of the other tokens, and then drain the Pool with swaps. The risk of using Asset Managers is therefore // not constrained to the tokens they are managing, but extends to the entire Pool's holdings. // // However, a properly designed Asset Manager smart contract can be safely used for the Pool's benefit, // for example by lending unused tokens out for interest, or using them to participate in voting protocols. // // This concept is unrelated to the IAsset interface. /** * @dev Performs a set of Pool balance operations, which may be either withdrawals, deposits or updates. * * Pool Balance management features batching, which means a single contract call can be used to perform multiple * operations of different kinds, with different Pools and tokens, at once. * * For each operation, the caller must be registered as the Asset Manager for `token` in `poolId`. */ function managePoolBalance(PoolBalanceOp[] memory ops) external; struct PoolBalanceOp { PoolBalanceOpKind kind; bytes32 poolId; IERC20 token; uint256 amount; } /** * Withdrawals decrease the Pool's cash, but increase its managed balance, leaving the total balance unchanged. * * Deposits increase the Pool's cash, but decrease its managed balance, leaving the total balance unchanged. * * Updates don't affect the Pool's cash balance, but because the managed balance changes, it does alter the total. * The external amount can be either increased or decreased by this call (i.e., reporting a gain or a loss). */ enum PoolBalanceOpKind { WITHDRAW, DEPOSIT, UPDATE } /** * @dev Emitted when a Pool's token Asset Manager alters its balance via `managePoolBalance`. */ event PoolBalanceManaged( bytes32 indexed poolId, address indexed assetManager, IERC20 indexed token, int256 cashDelta, int256 managedDelta ); // Protocol Fees // // Some operations cause the Vault to collect tokens in the form of protocol fees, which can then be withdrawn by // permissioned accounts. // // There are two kinds of protocol fees: // // - flash loan fees: charged on all flash loans, as a percentage of the amounts lent. // // - swap fees: a percentage of the fees charged by Pools when performing swaps. For a number of reasons, including // swap gas costs and interface simplicity, protocol swap fees are not charged on each individual swap. Rather, // Pools are expected to keep track of how much they have charged in swap fees, and pay any outstanding debts to the // Vault when they are joined or exited. This prevents users from joining a Pool with unpaid debt, as well as // exiting a Pool in debt without first paying their share. /** * @dev Returns the current protocol fee module. */ function getProtocolFeesCollector() external view returns (IProtocolFeesCollector); /** * @dev Safety mechanism to pause most Vault operations in the event of an emergency - typically detection of an * error in some part of the system. * * The Vault can only be paused during an initial time period, after which pausing is forever disabled. * * While the contract is paused, the following features are disabled: * - depositing and transferring internal balance * - transferring external balance (using the Vault's allowance) * - swaps * - joining Pools * - Asset Manager interactions * * Internal Balance can still be withdrawn, and Pools exited. */ function setPaused(bool paused) external; /** * @dev Returns the Vault's WETH instance. */ function WETH() external view returns (IWETH); // solhint-disable-previous-line func-name-mixedcase }
RecoveryMode.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../../v2-interfaces/contracts/pool-utils/BasePoolUserData.sol"; import "../../v2-interfaces/contracts/pool-utils/IRecoveryMode.sol"; import "../../v2-solidity-utils/contracts/math/FixedPoint.sol"; import "./BasePoolAuthorization.sol"; /** * @notice Handle storage and state changes for pools that support "Recovery Mode". * * @dev This is intended to provide a safe way to exit any pool during some kind of emergency, to avoid locking funds * in the event the pool enters a non-functional state (i.e., some code that normally runs during exits is causing * them to revert). * * Recovery Mode is *not* the same as pausing the pool. The pause function is only available during a short window * after factory deployment. Pausing can only be intentionally reversed during a buffer period, and the contract * will permanently unpause itself thereafter. Paused pools are completely disabled, in a kind of suspended animation, * until they are voluntarily or involuntarily unpaused. * * By contrast, a privileged account - typically a governance multisig - can place a pool in Recovery Mode at any * time, and it is always reversible. The pool is *not* disabled while in this mode: though of course whatever * condition prompted the transition to Recovery Mode has likely effectively disabled some functions. Rather, * a special "clean" exit is enabled, which runs the absolute minimum code necessary to exit proportionally. * In particular, stable pools do not attempt to compute the invariant (which is a complex, iterative calculation * that can fail in extreme circumstances), and no protocol fees are collected. * * It is critical to ensure that turning on Recovery Mode would do no harm, if activated maliciously or in error. */ abstract contract RecoveryMode is IRecoveryMode, BasePoolAuthorization { using FixedPoint for uint256; using BasePoolUserData for bytes; /** * @dev Reverts if the contract is in Recovery Mode. */ modifier whenNotInRecoveryMode() { _ensureNotInRecoveryMode(); _; } /** * @notice Enable recovery mode, which enables a special safe exit path for LPs. * @dev Does not otherwise affect pool operations (beyond deferring payment of protocol fees), though some pools may * perform certain operations in a "safer" manner that is less likely to fail, in an attempt to keep the pool * running, even in a pathological state. Unlike the Pause operation, which is only available during a short window * after factory deployment, Recovery Mode can always be enabled. */ function enableRecoveryMode() external override authenticate { _setRecoveryMode(true); } /** * @notice Disable recovery mode, which disables the special safe exit path for LPs. * @dev Protocol fees are not paid while in Recovery Mode, so it should only remain active for as long as strictly * necessary. * * This function will revert when called within a Vault context (i.e. in the middle of a join or an exit). * * This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or * an exit, because the state of the pool could be out of sync with the state of the Vault. * `_onDisableRecoveryMode` will revert when called from such a context for weighted pools, effectively * protecting this function. * * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ function disableRecoveryMode() external override authenticate { _setRecoveryMode(false); } // Defer implementation for functions that require storage /** * @notice Override to check storage and return whether the pool is in Recovery Mode */ function inRecoveryMode() public view virtual override returns (bool); /** * @dev Override to update storage and emit the event * * No complex code or external calls that could fail should be placed in the implementations, * which could jeopardize the ability to enable and disable Recovery Mode. */ function _setRecoveryMode(bool enabled) internal virtual; /** * @dev Reverts if the contract is not in Recovery Mode. */ function _ensureInRecoveryMode() internal view { _require(inRecoveryMode(), Errors.NOT_IN_RECOVERY_MODE); } /** * @dev Reverts if the contract is in Recovery Mode. */ function _ensureNotInRecoveryMode() internal view { _require(!inRecoveryMode(), Errors.IN_RECOVERY_MODE); } /** * @dev A minimal proportional exit, suitable as is for most pools: though not for pools with preminted BPT * or other special considerations. Designed to be overridden if a pool needs to do extra processing, * such as scaling a stored invariant, or caching the new total supply. * * No complex code or external calls should be made in derived contracts that override this! */ function _doRecoveryModeExit( uint256[] memory balances, uint256 totalSupply, bytes memory userData ) internal virtual returns (uint256, uint256[] memory) { uint256 bptAmountIn = userData.recoveryModeExit(); uint256[] memory amountsOut = _computeProportionalAmountsOut( balances, totalSupply, bptAmountIn ); return (bptAmountIn, amountsOut); } function _computeProportionalAmountsOut( uint256[] memory balances, uint256 totalSupply, uint256 bptAmountIn ) internal pure returns (uint256[] memory amountsOut) { /********************************************************************************************** // exactBPTInForTokensOut // // (per token) // // aO = tokenAmountOut / bptIn \ // // b = tokenBalance a0 = b * | --------------------- | // // bptIn = bptAmountIn \ bptTotalSupply / // // bpt = bptTotalSupply // **********************************************************************************************/ // Since we're computing an amount out, we round down overall. This means rounding down on both the // multiplication and division. uint256 bptRatio = bptAmountIn.divDown(totalSupply); amountsOut = new uint256[](balances.length); for (uint256 i = 0; i < balances.length; i++) { amountsOut[i] = balances[i].mulDown(bptRatio); } } }
Math.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; /** * @dev Wrappers over Solidity's arithmetic operations with added overflow checks. * Adapted from OpenZeppelin's SafeMath library. */ library Math { /** * @dev Returns the absolute value of a signed integer. */ function abs(int256 a) internal pure returns (uint256) { return a > 0 ? uint256(a) : uint256(-a); } /** * @dev Returns the addition of two unsigned integers of 256 bits, reverting on overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; _require(c >= a, Errors.ADD_OVERFLOW); return c; } /** * @dev Returns the addition of two signed integers, reverting on overflow. */ function add(int256 a, int256 b) internal pure returns (int256) { int256 c = a + b; _require((b >= 0 && c >= a) || (b < 0 && c < a), Errors.ADD_OVERFLOW); return c; } /** * @dev Returns the subtraction of two unsigned integers of 256 bits, reverting on overflow. */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { _require(b <= a, Errors.SUB_OVERFLOW); uint256 c = a - b; return c; } /** * @dev Returns the subtraction of two signed integers, reverting on overflow. */ function sub(int256 a, int256 b) internal pure returns (int256) { int256 c = a - b; _require((b >= 0 && c <= a) || (b < 0 && c > a), Errors.SUB_OVERFLOW); return c; } /** * @dev Returns the largest of two numbers of 256 bits. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a >= b ? a : b; } /** * @dev Returns the smallest of two numbers of 256 bits. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } function mul(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a * b; _require(a == 0 || c / a == b, Errors.MUL_OVERFLOW); return c; } function div( uint256 a, uint256 b, bool roundUp ) internal pure returns (uint256) { return roundUp ? divUp(a, b) : divDown(a, b); } function divDown(uint256 a, uint256 b) internal pure returns (uint256) { _require(b != 0, Errors.ZERO_DIVISION); return a / b; } function divUp(uint256 a, uint256 b) internal pure returns (uint256) { _require(b != 0, Errors.ZERO_DIVISION); if (a == 0) { return 0; } else { return 1 + (a - 1) / b; } } }
IBasePool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./IVault.sol"; import "./IPoolSwapStructs.sol"; /** * @dev Interface for adding and removing liquidity that all Pool contracts should implement. Note that this is not * the complete Pool contract interface, as it is missing the swap hooks. Pool contracts should also inherit from * either IGeneralPool or IMinimalSwapInfoPool */ interface IBasePool is IPoolSwapStructs { /** * @dev Called by the Vault when a user calls `IVault.joinPool` to add liquidity to this Pool. Returns how many of * each registered token the user should provide, as well as the amount of protocol fees the Pool owes to the Vault. * The Vault will then take tokens from `sender` and add them to the Pool's balances, as well as collect * the reported amount in protocol fees, which the pool should calculate based on `protocolSwapFeePercentage`. * * Protocol fees are reported and charged on join events so that the Pool is free of debt whenever new users join. * * `sender` is the account performing the join (from which tokens will be withdrawn), and `recipient` is the account * designated to receive any benefits (typically pool shares). `balances` contains the total balances * for each token the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return. * * `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total * balance. * * `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of * join (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.) * * Contracts implementing this function should check that the caller is indeed the Vault before performing any * state-changing operations, such as minting pool shares. */ function onJoinPool( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external returns (uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts); /** * @dev Called by the Vault when a user calls `IVault.exitPool` to remove liquidity from this Pool. Returns how many * tokens the Vault should deduct from the Pool's balances, as well as the amount of protocol fees the Pool owes * to the Vault. The Vault will then take tokens from the Pool's balances and send them to `recipient`, * as well as collect the reported amount in protocol fees, which the Pool should calculate based on * `protocolSwapFeePercentage`. * * Protocol fees are charged on exit events to guarantee that users exiting the Pool have paid their share. * * `sender` is the account performing the exit (typically the pool shareholder), and `recipient` is the account * to which the Vault will send the proceeds. `balances` contains the total token balances for each token * the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return. * * `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total * balance. * * `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of * exit (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.) * * Contracts implementing this function should check that the caller is indeed the Vault before performing any * state-changing operations, such as burning pool shares. */ function onExitPool( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external returns (uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts); /** * @dev Returns this Pool's ID, used when interacting with the Vault (to e.g. join the Pool or swap with it). */ function getPoolId() external view returns (bytes32); /** * @dev Returns the current swap fee percentage as a 18 decimal fixed point number, so e.g. 1e17 corresponds to a * 10% swap fee. */ function getSwapFeePercentage() external view returns (uint256); /** * @dev Returns the scaling factors of each of the Pool's tokens. This is an implementation detail that is typically * not relevant for outside parties, but which might be useful for some types of Pools. */ function getScalingFactors() external view returns (uint256[] memory); function queryJoin( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external returns (uint256 bptOut, uint256[] memory amountsIn); function queryExit( bytes32 poolId, address sender, address recipient, uint256[] memory balances, uint256 lastChangeBlock, uint256 protocolSwapFeePercentage, bytes memory userData ) external returns (uint256 bptIn, uint256[] memory amountsOut); }
IAuthorizer.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; interface IAuthorizer { /** * @dev Returns true if `account` can perform the action described by `actionId` in the contract `where`. */ function canPerform( bytes32 actionId, address account, address where ) external view returns (bool); }
BalancerPoolToken.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../v2-interfaces/contracts/vault/IVault.sol"; import "../../v2-solidity-utils/contracts/openzeppelin/ERC20Permit.sol"; /** * @title Highly opinionated token implementation * @author Balancer Labs * @dev * - Includes functions to increase and decrease allowance as a workaround * for the well-known issue with `approve`: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * - Allows for 'infinite allowance', where an allowance of 0xff..ff is not * decreased by calls to transferFrom * - Lets a token holder use `transferFrom` to send their own tokens, * without first setting allowance * - Emits 'Approval' events whenever allowance is changed by `transferFrom` * - Assigns infinite allowance for all token holders to the Vault */ contract BalancerPoolToken is ERC20Permit { IVault private immutable _vault; constructor( string memory tokenName, string memory tokenSymbol, IVault vault ) ERC20(tokenName, tokenSymbol) ERC20Permit(tokenName) { _vault = vault; } function getVault() public view returns (IVault) { return _vault; } // Overrides /** * @dev Override to grant the Vault infinite allowance, causing for Pool Tokens to not require approval. * * This is sound as the Vault already provides authorization mechanisms when initiation token transfers, which this * contract inherits. */ function allowance( address owner, address spender ) public view override returns (uint256) { if (spender == address(getVault())) { return uint256(-1); } else { return super.allowance(owner, spender); } } /** * @dev Override to allow for 'infinite allowance' and let the token owner use `transferFrom` with no self-allowance */ function transferFrom( address sender, address recipient, uint256 amount ) public override returns (bool) { uint256 currentAllowance = allowance(sender, msg.sender); _require( msg.sender == sender || currentAllowance >= amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE ); _transfer(sender, recipient, amount); if (msg.sender != sender && currentAllowance != uint256(-1)) { // Because of the previous require, we know that if msg.sender != sender then currentAllowance >= amount _approve(sender, msg.sender, currentAllowance - amount); } return true; } /** * @dev Override to allow decreasing allowance by more than the current amount (setting it to zero) */ function decreaseAllowance( address spender, uint256 amount ) public override returns (bool) { uint256 currentAllowance = allowance(msg.sender, spender); if (amount >= currentAllowance) { _approve(msg.sender, spender, 0); } else { // No risk of underflow due to if condition _approve(msg.sender, spender, currentAllowance - amount); } return true; } // Internal functions function _mintPoolTokens(address recipient, uint256 amount) internal { _mint(recipient, amount); } function _burnPoolTokens(address sender, uint256 amount) internal { _burn(sender, amount); } }
FixedPoint.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity >=0.7.0 <0.9.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "./LogExpMath.sol"; /* solhint-disable private-vars-leading-underscore */ library FixedPoint { uint256 internal constant ONE = 1e18; // 18 decimal places uint256 internal constant TWO = 2 * ONE; uint256 internal constant FOUR = 4 * ONE; uint256 internal constant MAX_POW_RELATIVE_ERROR = 10000; // 10^(-14) // Minimum base for the power function when the exponent is 'free' (larger than ONE). uint256 internal constant MIN_POW_BASE_FREE_EXPONENT = 0.7e18; function add(uint256 a, uint256 b) internal pure returns (uint256) { // Fixed Point addition is the same as regular checked addition uint256 c = a + b; _require(c >= a, Errors.ADD_OVERFLOW); return c; } function sub(uint256 a, uint256 b) internal pure returns (uint256) { // Fixed Point addition is the same as regular checked addition _require(b <= a, Errors.SUB_OVERFLOW); uint256 c = a - b; return c; } function mulDown(uint256 a, uint256 b) internal pure returns (uint256) { uint256 product = a * b; _require(a == 0 || product / a == b, Errors.MUL_OVERFLOW); return product / ONE; } function mulUp(uint256 a, uint256 b) internal pure returns (uint256) { uint256 product = a * b; _require(a == 0 || product / a == b, Errors.MUL_OVERFLOW); if (product == 0) { return 0; } else { // The traditional divUp formula is: // divUp(x, y) := (x + y - 1) / y // To avoid intermediate overflow in the addition, we distribute the division and get: // divUp(x, y) := (x - 1) / y + 1 // Note that this requires x != 0, which we already tested for. return ((product - 1) / ONE) + 1; } } function divDown(uint256 a, uint256 b) internal pure returns (uint256) { _require(b != 0, Errors.ZERO_DIVISION); if (a == 0) { return 0; } else { uint256 aInflated = a * ONE; _require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow return aInflated / b; } } function divUp(uint256 a, uint256 b) internal pure returns (uint256) { _require(b != 0, Errors.ZERO_DIVISION); if (a == 0) { return 0; } else { uint256 aInflated = a * ONE; _require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow // The traditional divUp formula is: // divUp(x, y) := (x + y - 1) / y // To avoid intermediate overflow in the addition, we distribute the division and get: // divUp(x, y) := (x - 1) / y + 1 // Note that this requires x != 0, which we already tested for. return ((aInflated - 1) / b) + 1; } } /** * @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above * the true value (that is, the error function expected - actual is always positive). */ function powDown(uint256 x, uint256 y) internal pure returns (uint256) { // Optimize for when y equals 1.0, 2.0 or 4.0, as those are very simple to implement and occur often in 50/50 // and 80/20 Weighted Pools if (y == ONE) { return x; } else if (y == TWO) { return mulDown(x, x); } else if (y == FOUR) { uint256 square = mulDown(x, x); return mulDown(square, square); } else { uint256 raw = LogExpMath.pow(x, y); uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1); if (raw < maxError) { return 0; } else { return sub(raw, maxError); } } } /** * @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below * the true value (that is, the error function expected - actual is always negative). */ function powUp(uint256 x, uint256 y) internal pure returns (uint256) { // Optimize for when y equals 1.0, 2.0 or 4.0, as those are very simple to implement and occur often in 50/50 // and 80/20 Weighted Pools if (y == ONE) { return x; } else if (y == TWO) { return mulUp(x, x); } else if (y == FOUR) { uint256 square = mulUp(x, x); return mulUp(square, square); } else { uint256 raw = LogExpMath.pow(x, y); uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1); return add(raw, maxError); } } /** * @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1. * * Useful when computing the complement for values with some level of relative error, as it strips this error and * prevents intermediate negative values. */ function complement(uint256 x) internal pure returns (uint256) { return (x < ONE) ? (ONE - x) : 0; } }
LogExpMath.sol
// SPDX-License-Identifier: MIT // Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated // documentation files (the “Software”), to deal in the Software without restriction, including without limitation the // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to // permit persons to whom the Software is furnished to do so, subject to the following conditions: // The above copyright notice and this permission notice shall be included in all copies or substantial portions of the // Software. // THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE // WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR // COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. pragma solidity >=0.7.0 <0.9.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; /* solhint-disable */ /** * @dev Exponentiation and logarithm functions for 18 decimal fixed point numbers (both base and exponent/argument). * * Exponentiation and logarithm with arbitrary bases (x^y and log_x(y)) are implemented by conversion to natural * exponentiation and logarithm (where the base is Euler's number). * * @author Fernando Martinelli - @fernandomartinelli * @author Sergio Yuhjtman - @sergioyuhjtman * @author Daniel Fernandez - @dmf7z */ library LogExpMath { // All fixed point multiplications and divisions are inlined. This means we need to divide by ONE when multiplying // two numbers, and multiply by ONE when dividing them. // All arguments and return values are 18 decimal fixed point numbers. int256 constant ONE_18 = 1e18; // Internally, intermediate values are computed with higher precision as 20 decimal fixed point numbers, and in the // case of ln36, 36 decimals. int256 constant ONE_20 = 1e20; int256 constant ONE_36 = 1e36; // The domain of natural exponentiation is bound by the word size and number of decimals used. // // Because internally the result will be stored using 20 decimals, the largest possible result is // (2^255 - 1) / 10^20, which makes the largest exponent ln((2^255 - 1) / 10^20) = 130.700829182905140221. // The smallest possible result is 10^(-18), which makes largest negative argument // ln(10^(-18)) = -41.446531673892822312. // We use 130.0 and -41.0 to have some safety margin. int256 constant MAX_NATURAL_EXPONENT = 130e18; int256 constant MIN_NATURAL_EXPONENT = -41e18; // Bounds for ln_36's argument. Both ln(0.9) and ln(1.1) can be represented with 36 decimal places in a fixed point // 256 bit integer. int256 constant LN_36_LOWER_BOUND = ONE_18 - 1e17; int256 constant LN_36_UPPER_BOUND = ONE_18 + 1e17; uint256 constant MILD_EXPONENT_BOUND = 2 ** 254 / uint256(ONE_20); // 18 decimal constants int256 constant x0 = 128000000000000000000; // 2ˆ7 int256 constant a0 = 38877084059945950922200000000000000000000000000000000000; // eˆ(x0) (no decimals) int256 constant x1 = 64000000000000000000; // 2ˆ6 int256 constant a1 = 6235149080811616882910000000; // eˆ(x1) (no decimals) // 20 decimal constants int256 constant x2 = 3200000000000000000000; // 2ˆ5 int256 constant a2 = 7896296018268069516100000000000000; // eˆ(x2) int256 constant x3 = 1600000000000000000000; // 2ˆ4 int256 constant a3 = 888611052050787263676000000; // eˆ(x3) int256 constant x4 = 800000000000000000000; // 2ˆ3 int256 constant a4 = 298095798704172827474000; // eˆ(x4) int256 constant x5 = 400000000000000000000; // 2ˆ2 int256 constant a5 = 5459815003314423907810; // eˆ(x5) int256 constant x6 = 200000000000000000000; // 2ˆ1 int256 constant a6 = 738905609893065022723; // eˆ(x6) int256 constant x7 = 100000000000000000000; // 2ˆ0 int256 constant a7 = 271828182845904523536; // eˆ(x7) int256 constant x8 = 50000000000000000000; // 2ˆ-1 int256 constant a8 = 164872127070012814685; // eˆ(x8) int256 constant x9 = 25000000000000000000; // 2ˆ-2 int256 constant a9 = 128402541668774148407; // eˆ(x9) int256 constant x10 = 12500000000000000000; // 2ˆ-3 int256 constant a10 = 113314845306682631683; // eˆ(x10) int256 constant x11 = 6250000000000000000; // 2ˆ-4 int256 constant a11 = 106449445891785942956; // eˆ(x11) /** * @dev Exponentiation (x^y) with unsigned 18 decimal fixed point base and exponent. * * Reverts if ln(x) * y is smaller than `MIN_NATURAL_EXPONENT`, or larger than `MAX_NATURAL_EXPONENT`. */ function pow(uint256 x, uint256 y) internal pure returns (uint256) { if (y == 0) { // We solve the 0^0 indetermination by making it equal one. return uint256(ONE_18); } if (x == 0) { return 0; } // Instead of computing x^y directly, we instead rely on the properties of logarithms and exponentiation to // arrive at that result. In particular, exp(ln(x)) = x, and ln(x^y) = y * ln(x). This means // x^y = exp(y * ln(x)). // The ln function takes a signed value, so we need to make sure x fits in the signed 256 bit range. _require(x >> 255 == 0, Errors.X_OUT_OF_BOUNDS); int256 x_int256 = int256(x); // We will compute y * ln(x) in a single step. Depending on the value of x, we can either use ln or ln_36. In // both cases, we leave the division by ONE_18 (due to fixed point multiplication) to the end. // This prevents y * ln(x) from overflowing, and at the same time guarantees y fits in the signed 256 bit range. _require(y < MILD_EXPONENT_BOUND, Errors.Y_OUT_OF_BOUNDS); int256 y_int256 = int256(y); int256 logx_times_y; if (LN_36_LOWER_BOUND < x_int256 && x_int256 < LN_36_UPPER_BOUND) { int256 ln_36_x = _ln_36(x_int256); // ln_36_x has 36 decimal places, so multiplying by y_int256 isn't as straightforward, since we can't just // bring y_int256 to 36 decimal places, as it might overflow. Instead, we perform two 18 decimal // multiplications and add the results: one with the first 18 decimals of ln_36_x, and one with the // (downscaled) last 18 decimals. logx_times_y = ((ln_36_x / ONE_18) * y_int256 + ((ln_36_x % ONE_18) * y_int256) / ONE_18); } else { logx_times_y = _ln(x_int256) * y_int256; } logx_times_y /= ONE_18; // Finally, we compute exp(y * ln(x)) to arrive at x^y _require( MIN_NATURAL_EXPONENT <= logx_times_y && logx_times_y <= MAX_NATURAL_EXPONENT, Errors.PRODUCT_OUT_OF_BOUNDS ); return uint256(exp(logx_times_y)); } /** * @dev Natural exponentiation (e^x) with signed 18 decimal fixed point exponent. * * Reverts if `x` is smaller than MIN_NATURAL_EXPONENT, or larger than `MAX_NATURAL_EXPONENT`. */ function exp(int256 x) internal pure returns (int256) { _require( x >= MIN_NATURAL_EXPONENT && x <= MAX_NATURAL_EXPONENT, Errors.INVALID_EXPONENT ); if (x < 0) { // We only handle positive exponents: e^(-x) is computed as 1 / e^x. We can safely make x positive since it // fits in the signed 256 bit range (as it is larger than MIN_NATURAL_EXPONENT). // Fixed point division requires multiplying by ONE_18. return ((ONE_18 * ONE_18) / exp(-x)); } // First, we use the fact that e^(x+y) = e^x * e^y to decompose x into a sum of powers of two, which we call x_n, // where x_n == 2^(7 - n), and e^x_n = a_n has been precomputed. We choose the first x_n, x0, to equal 2^7 // because all larger powers are larger than MAX_NATURAL_EXPONENT, and therefore not present in the // decomposition. // At the end of this process we will have the product of all e^x_n = a_n that apply, and the remainder of this // decomposition, which will be lower than the smallest x_n. // exp(x) = k_0 * a_0 * k_1 * a_1 * ... + k_n * a_n * exp(remainder), where each k_n equals either 0 or 1. // We mutate x by subtracting x_n, making it the remainder of the decomposition. // The first two a_n (e^(2^7) and e^(2^6)) are too large if stored as 18 decimal numbers, and could cause // intermediate overflows. Instead we store them as plain integers, with 0 decimals. // Additionally, x0 + x1 is larger than MAX_NATURAL_EXPONENT, which means they will not both be present in the // decomposition. // For each x_n, we test if that term is present in the decomposition (if x is larger than it), and if so deduct // it and compute the accumulated product. int256 firstAN; if (x >= x0) { x -= x0; firstAN = a0; } else if (x >= x1) { x -= x1; firstAN = a1; } else { firstAN = 1; // One with no decimal places } // We now transform x into a 20 decimal fixed point number, to have enhanced precision when computing the // smaller terms. x *= 100; // `product` is the accumulated product of all a_n (except a0 and a1), which starts at 20 decimal fixed point // one. Recall that fixed point multiplication requires dividing by ONE_20. int256 product = ONE_20; if (x >= x2) { x -= x2; product = (product * a2) / ONE_20; } if (x >= x3) { x -= x3; product = (product * a3) / ONE_20; } if (x >= x4) { x -= x4; product = (product * a4) / ONE_20; } if (x >= x5) { x -= x5; product = (product * a5) / ONE_20; } if (x >= x6) { x -= x6; product = (product * a6) / ONE_20; } if (x >= x7) { x -= x7; product = (product * a7) / ONE_20; } if (x >= x8) { x -= x8; product = (product * a8) / ONE_20; } if (x >= x9) { x -= x9; product = (product * a9) / ONE_20; } // x10 and x11 are unnecessary here since we have high enough precision already. // Now we need to compute e^x, where x is small (in particular, it is smaller than x9). We use the Taylor series // expansion for e^x: 1 + x + (x^2 / 2!) + (x^3 / 3!) + ... + (x^n / n!). int256 seriesSum = ONE_20; // The initial one in the sum, with 20 decimal places. int256 term; // Each term in the sum, where the nth term is (x^n / n!). // The first term is simply x. term = x; seriesSum += term; // Each term (x^n / n!) equals the previous one times x, divided by n. Since x is a fixed point number, // multiplying by it requires dividing by ONE_20, but dividing by the non-fixed point n values does not. term = ((term * x) / ONE_20) / 2; seriesSum += term; term = ((term * x) / ONE_20) / 3; seriesSum += term; term = ((term * x) / ONE_20) / 4; seriesSum += term; term = ((term * x) / ONE_20) / 5; seriesSum += term; term = ((term * x) / ONE_20) / 6; seriesSum += term; term = ((term * x) / ONE_20) / 7; seriesSum += term; term = ((term * x) / ONE_20) / 8; seriesSum += term; term = ((term * x) / ONE_20) / 9; seriesSum += term; term = ((term * x) / ONE_20) / 10; seriesSum += term; term = ((term * x) / ONE_20) / 11; seriesSum += term; term = ((term * x) / ONE_20) / 12; seriesSum += term; // 12 Taylor terms are sufficient for 18 decimal precision. // We now have the first a_n (with no decimals), and the product of all other a_n present, and the Taylor // approximation of the exponentiation of the remainder (both with 20 decimals). All that remains is to multiply // all three (one 20 decimal fixed point multiplication, dividing by ONE_20, and one integer multiplication), // and then drop two digits to return an 18 decimal value. return (((product * seriesSum) / ONE_20) * firstAN) / 100; } /** * @dev Logarithm (log(arg, base), with signed 18 decimal fixed point base and argument. */ function log(int256 arg, int256 base) internal pure returns (int256) { // This performs a simple base change: log(arg, base) = ln(arg) / ln(base). // Both logBase and logArg are computed as 36 decimal fixed point numbers, either by using ln_36, or by // upscaling. int256 logBase; if (LN_36_LOWER_BOUND < base && base < LN_36_UPPER_BOUND) { logBase = _ln_36(base); } else { logBase = _ln(base) * ONE_18; } int256 logArg; if (LN_36_LOWER_BOUND < arg && arg < LN_36_UPPER_BOUND) { logArg = _ln_36(arg); } else { logArg = _ln(arg) * ONE_18; } // When dividing, we multiply by ONE_18 to arrive at a result with 18 decimal places return (logArg * ONE_18) / logBase; } /** * @dev Natural logarithm (ln(a)) with signed 18 decimal fixed point argument. */ function ln(int256 a) internal pure returns (int256) { // The real natural logarithm is not defined for negative numbers or zero. _require(a > 0, Errors.OUT_OF_BOUNDS); if (LN_36_LOWER_BOUND < a && a < LN_36_UPPER_BOUND) { return _ln_36(a) / ONE_18; } else { return _ln(a); } } /** * @dev Internal natural logarithm (ln(a)) with signed 18 decimal fixed point argument. */ function _ln(int256 a) private pure returns (int256) { if (a < ONE_18) { // Since ln(a^k) = k * ln(a), we can compute ln(a) as ln(a) = ln((1/a)^(-1)) = - ln((1/a)). If a is less // than one, 1/a will be greater than one, and this if statement will not be entered in the recursive call. // Fixed point division requires multiplying by ONE_18. return (-_ln((ONE_18 * ONE_18) / a)); } // First, we use the fact that ln^(a * b) = ln(a) + ln(b) to decompose ln(a) into a sum of powers of two, which // we call x_n, where x_n == 2^(7 - n), which are the natural logarithm of precomputed quantities a_n (that is, // ln(a_n) = x_n). We choose the first x_n, x0, to equal 2^7 because the exponential of all larger powers cannot // be represented as 18 fixed point decimal numbers in 256 bits, and are therefore larger than a. // At the end of this process we will have the sum of all x_n = ln(a_n) that apply, and the remainder of this // decomposition, which will be lower than the smallest a_n. // ln(a) = k_0 * x_0 + k_1 * x_1 + ... + k_n * x_n + ln(remainder), where each k_n equals either 0 or 1. // We mutate a by subtracting a_n, making it the remainder of the decomposition. // For reasons related to how `exp` works, the first two a_n (e^(2^7) and e^(2^6)) are not stored as fixed point // numbers with 18 decimals, but instead as plain integers with 0 decimals, so we need to multiply them by // ONE_18 to convert them to fixed point. // For each a_n, we test if that term is present in the decomposition (if a is larger than it), and if so divide // by it and compute the accumulated sum. int256 sum = 0; if (a >= a0 * ONE_18) { a /= a0; // Integer, not fixed point division sum += x0; } if (a >= a1 * ONE_18) { a /= a1; // Integer, not fixed point division sum += x1; } // All other a_n and x_n are stored as 20 digit fixed point numbers, so we convert the sum and a to this format. sum *= 100; a *= 100; // Because further a_n are 20 digit fixed point numbers, we multiply by ONE_20 when dividing by them. if (a >= a2) { a = (a * ONE_20) / a2; sum += x2; } if (a >= a3) { a = (a * ONE_20) / a3; sum += x3; } if (a >= a4) { a = (a * ONE_20) / a4; sum += x4; } if (a >= a5) { a = (a * ONE_20) / a5; sum += x5; } if (a >= a6) { a = (a * ONE_20) / a6; sum += x6; } if (a >= a7) { a = (a * ONE_20) / a7; sum += x7; } if (a >= a8) { a = (a * ONE_20) / a8; sum += x8; } if (a >= a9) { a = (a * ONE_20) / a9; sum += x9; } if (a >= a10) { a = (a * ONE_20) / a10; sum += x10; } if (a >= a11) { a = (a * ONE_20) / a11; sum += x11; } // a is now a small number (smaller than a_11, which roughly equals 1.06). This means we can use a Taylor series // that converges rapidly for values of `a` close to one - the same one used in ln_36. // Let z = (a - 1) / (a + 1). // ln(a) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1)) // Recall that 20 digit fixed point division requires multiplying by ONE_20, and multiplication requires // division by ONE_20. int256 z = ((a - ONE_20) * ONE_20) / (a + ONE_20); int256 z_squared = (z * z) / ONE_20; // num is the numerator of the series: the z^(2 * n + 1) term int256 num = z; // seriesSum holds the accumulated sum of each term in the series, starting with the initial z int256 seriesSum = num; // In each step, the numerator is multiplied by z^2 num = (num * z_squared) / ONE_20; seriesSum += num / 3; num = (num * z_squared) / ONE_20; seriesSum += num / 5; num = (num * z_squared) / ONE_20; seriesSum += num / 7; num = (num * z_squared) / ONE_20; seriesSum += num / 9; num = (num * z_squared) / ONE_20; seriesSum += num / 11; // 6 Taylor terms are sufficient for 36 decimal precision. // Finally, we multiply by 2 (non fixed point) to compute ln(remainder) seriesSum *= 2; // We now have the sum of all x_n present, and the Taylor approximation of the logarithm of the remainder (both // with 20 decimals). All that remains is to sum these two, and then drop two digits to return a 18 decimal // value. return (sum + seriesSum) / 100; } /** * @dev Intrnal high precision (36 decimal places) natural logarithm (ln(x)) with signed 18 decimal fixed point argument, * for x close to one. * * Should only be used if x is between LN_36_LOWER_BOUND and LN_36_UPPER_BOUND. */ function _ln_36(int256 x) private pure returns (int256) { // Since ln(1) = 0, a value of x close to one will yield a very small result, which makes using 36 digits // worthwhile. // First, we transform x to a 36 digit fixed point value. x *= ONE_18; // We will use the following Taylor expansion, which converges very rapidly. Let z = (x - 1) / (x + 1). // ln(x) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1)) // Recall that 36 digit fixed point division requires multiplying by ONE_36, and multiplication requires // division by ONE_36. int256 z = ((x - ONE_36) * ONE_36) / (x + ONE_36); int256 z_squared = (z * z) / ONE_36; // num is the numerator of the series: the z^(2 * n + 1) term int256 num = z; // seriesSum holds the accumulated sum of each term in the series, starting with the initial z int256 seriesSum = num; // In each step, the numerator is multiplied by z^2 num = (num * z_squared) / ONE_36; seriesSum += num / 3; num = (num * z_squared) / ONE_36; seriesSum += num / 5; num = (num * z_squared) / ONE_36; seriesSum += num / 7; num = (num * z_squared) / ONE_36; seriesSum += num / 9; num = (num * z_squared) / ONE_36; seriesSum += num / 11; num = (num * z_squared) / ONE_36; seriesSum += num / 13; num = (num * z_squared) / ONE_36; seriesSum += num / 15; // 8 Taylor terms are sufficient for 36 decimal precision. // All that remains is multiplying by 2 (non fixed point). return seriesSum * 2; } }
BasePoolAuthorization.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../v2-interfaces/contracts/vault/IAuthorizer.sol"; import "../../v2-solidity-utils/contracts/helpers/Authentication.sol"; /** * @dev Base authorization layer implementation for Pools. * * The owner account can call some of the permissioned functions - access control of the rest is delegated to the * Authorizer. Note that this owner is immutable: more sophisticated permission schemes, such as multiple ownership, * granular roles, etc., could be built on top of this by making the owner a smart contract. * * Access control of all other permissioned functions is delegated to an Authorizer. It is also possible to delegate * control of *all* permissioned functions to the Authorizer by setting the owner address to `_DELEGATE_OWNER`. */ abstract contract BasePoolAuthorization is Authentication { address private immutable _owner; address private constant _DELEGATE_OWNER = 0xBA1BA1ba1BA1bA1bA1Ba1BA1ba1BA1bA1ba1ba1B; constructor(address owner) { _owner = owner; } function getOwner() public view returns (address) { return _owner; } function getAuthorizer() external view returns (IAuthorizer) { return _getAuthorizer(); } function _canPerform( bytes32 actionId, address account ) internal view override returns (bool) { if ((getOwner() != _DELEGATE_OWNER) && _isOwnerOnlyAction(actionId)) { // Only the owner can perform "owner only" actions, unless the owner is delegated. return msg.sender == getOwner(); } else { // Non-owner actions are always processed via the Authorizer, as "owner only" ones are when delegated. return _getAuthorizer().canPerform(actionId, account, address(this)); } } function _isOwnerOnlyAction( bytes32 actionId ) internal view virtual returns (bool); function _getAuthorizer() internal view virtual returns (IAuthorizer); }
WordCodec.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../math/Math.sol"; /** * @dev Library for encoding and decoding values stored inside a 256 bit word. Typically used to pack multiple values in * a single storage slot, saving gas by performing less storage accesses. * * Each value is defined by its size and the least significant bit in the word, also known as offset. For example, two * 128 bit values may be encoded in a word by assigning one an offset of 0, and the other an offset of 128. * * We could use Solidity structs to pack values together in a single storage slot instead of relying on a custom and * error-prone library, but unfortunately Solidity only allows for structs to live in either storage, calldata or * memory. Because a memory struct uses not just memory but also a slot in the stack (to store its memory location), * using memory for word-sized values (i.e. of 256 bits or less) is strictly less gas performant, and doesn't even * prevent stack-too-deep issues. This is compounded by the fact that Balancer contracts typically are memory-intensive, * and the cost of accesing memory increases quadratically with the number of allocated words. Manual packing and * unpacking is therefore the preferred approach. */ library WordCodec { // Masks are values with the least significant N bits set. They can be used to extract an encoded value from a word, // or to insert a new one replacing the old. uint256 private constant _MASK_1 = 2 ** (1) - 1; uint256 private constant _MASK_192 = 2 ** (192) - 1; // In-place insertion /** * @dev Inserts an unsigned integer of bitLength, shifted by an offset, into a 256 bit word, * replacing the old value. Returns the new word. */ function insertUint( bytes32 word, uint256 value, uint256 offset, uint256 bitLength ) internal pure returns (bytes32) { _validateEncodingParams(value, offset, bitLength); uint256 mask = (1 << bitLength) - 1; bytes32 clearedWord = bytes32(uint256(word) & ~(mask << offset)); return clearedWord | bytes32(value << offset); } /** * @dev Inserts a signed integer shifted by an offset into a 256 bit word, replacing the old value. Returns * the new word. * * Assumes `value` can be represented using `bitLength` bits. */ function insertInt( bytes32 word, int256 value, uint256 offset, uint256 bitLength ) internal pure returns (bytes32) { _validateEncodingParams(value, offset, bitLength); uint256 mask = (1 << bitLength) - 1; bytes32 clearedWord = bytes32(uint256(word) & ~(mask << offset)); // Integer values need masking to remove the upper bits of negative values. return clearedWord | bytes32((uint256(value) & mask) << offset); } // Encoding /** * @dev Encodes an unsigned integer shifted by an offset. Ensures value fits within * `bitLength` bits. * * The return value can be ORed bitwise with other encoded values to form a 256 bit word. */ function encodeUint( uint256 value, uint256 offset, uint256 bitLength ) internal pure returns (bytes32) { _validateEncodingParams(value, offset, bitLength); return bytes32(value << offset); } /** * @dev Encodes a signed integer shifted by an offset. * * The return value can be ORed bitwise with other encoded values to form a 256 bit word. */ function encodeInt( int256 value, uint256 offset, uint256 bitLength ) internal pure returns (bytes32) { _validateEncodingParams(value, offset, bitLength); uint256 mask = (1 << bitLength) - 1; // Integer values need masking to remove the upper bits of negative values. return bytes32((uint256(value) & mask) << offset); } // Decoding /** * @dev Decodes and returns an unsigned integer with `bitLength` bits, shifted by an offset, from a 256 bit word. */ function decodeUint( bytes32 word, uint256 offset, uint256 bitLength ) internal pure returns (uint256) { return uint256(word >> offset) & ((1 << bitLength) - 1); } /** * @dev Decodes and returns a signed integer with `bitLength` bits, shifted by an offset, from a 256 bit word. */ function decodeInt( bytes32 word, uint256 offset, uint256 bitLength ) internal pure returns (int256) { int256 maxInt = int256((1 << (bitLength - 1)) - 1); uint256 mask = (1 << bitLength) - 1; int256 value = int256(uint256(word >> offset) & mask); // In case the decoded value is greater than the max positive integer that can be represented with bitLength // bits, we know it was originally a negative integer. Therefore, we mask it to restore the sign in the 256 bit // representation. return value > maxInt ? (value | int256(~mask)) : value; } // Special cases /** * @dev Decodes and returns a boolean shifted by an offset from a 256 bit word. */ function decodeBool( bytes32 word, uint256 offset ) internal pure returns (bool) { return (uint256(word >> offset) & _MASK_1) == 1; } /** * @dev Inserts a 192 bit value shifted by an offset into a 256 bit word, replacing the old value. * Returns the new word. * * Assumes `value` can be represented using 192 bits. */ function insertBits192( bytes32 word, bytes32 value, uint256 offset ) internal pure returns (bytes32) { bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_192 << offset)); return clearedWord | bytes32((uint256(value) & _MASK_192) << offset); } /** * @dev Inserts a boolean value shifted by an offset into a 256 bit word, replacing the old value. Returns the new * word. */ function insertBool( bytes32 word, bool value, uint256 offset ) internal pure returns (bytes32) { bytes32 clearedWord = bytes32(uint256(word) & ~(_MASK_1 << offset)); return clearedWord | bytes32(uint256(value ? 1 : 0) << offset); } // Helpers function _validateEncodingParams( uint256 value, uint256 offset, uint256 bitLength ) private pure { _require(offset < 256, Errors.OUT_OF_BOUNDS); // We never accept 256 bit values (which would make the codec pointless), and the larger the offset the smaller // the maximum bit length. _require( bitLength >= 1 && bitLength <= Math.min(255, 256 - offset), Errors.OUT_OF_BOUNDS ); // Testing unsigned values for size is straightforward: their upper bits must be cleared. _require(value >> bitLength == 0, Errors.CODEC_OVERFLOW); } function _validateEncodingParams( int256 value, uint256 offset, uint256 bitLength ) private pure { _require(offset < 256, Errors.OUT_OF_BOUNDS); // We never accept 256 bit values (which would make the codec pointless), and the larger the offset the smaller // the maximum bit length. _require( bitLength >= 1 && bitLength <= Math.min(255, 256 - offset), Errors.OUT_OF_BOUNDS ); // Testing signed values for size is a bit more involved. if (value >= 0) { // For positive values, we can simply check that the upper bits are clear. Notice we remove one bit from the // length for the sign bit. _require(value >> (bitLength - 1) == 0, Errors.CODEC_OVERFLOW); } else { // Negative values can receive the same treatment by making them positive, with the caveat that the range // for negative values in two's complement supports one more value than for the positive case. _require( Math.abs(value + 1) >> (bitLength - 1) == 0, Errors.CODEC_OVERFLOW ); } } }
IPoolSwapStructs.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../solidity-utils/openzeppelin/IERC20.sol"; import "./IVault.sol"; interface IPoolSwapStructs { // This is not really an interface - it just defines common structs used by other interfaces: IGeneralPool and // IMinimalSwapInfoPool. // // This data structure represents a request for a token swap, where `kind` indicates the swap type ('given in' or // 'given out') which indicates whether or not the amount sent by the pool is known. // // The pool receives `tokenIn` and sends `tokenOut`. `amount` is the number of `tokenIn` tokens the pool will take // in, or the number of `tokenOut` tokens the Pool will send out, depending on the given swap `kind`. // // All other fields are not strictly necessary for most swaps, but are provided to support advanced scenarios in // some Pools. // // `poolId` is the ID of the Pool involved in the swap - this is useful for Pool contracts that implement more than // one Pool. // // The meaning of `lastChangeBlock` depends on the Pool specialization: // - Two Token or Minimal Swap Info: the last block in which either `tokenIn` or `tokenOut` changed its total // balance. // - General: the last block in which *any* of the Pool's registered tokens changed its total balance. // // `from` is the origin address for the funds the Pool receives, and `to` is the destination address // where the Pool sends the outgoing tokens. // // `userData` is extra data provided by the caller - typically a signature from a trusted party. struct SwapRequest { IVault.SwapKind kind; IERC20 tokenIn; IERC20 tokenOut; uint256 amount; // Misc data bytes32 poolId; uint256 lastChangeBlock; address from; address to; bytes userData; } }
ERC20.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../../../v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol"; import "./SafeMath.sol"; /** * @dev Implementation of the {IERC20} interface. * * This implementation is agnostic to the way tokens are created. This means * that a supply mechanism has to be added in a derived contract using {_mint}. * For a generic mechanism see {ERC20PresetMinterPauser}. * * TIP: For a detailed writeup see our guide * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How * to implement supply mechanisms]. * * We have followed general OpenZeppelin guidelines: functions revert instead * of returning `false` on failure. This behavior is nonetheless conventional * and does not conflict with the expectations of ERC20 applications. * * Additionally, an {Approval} event is emitted on calls to {transferFrom}. * This allows applications to reconstruct the allowance for all accounts just * by listening to said events. Other implementations of the EIP may not emit * these events, as it isn't required by the specification. * * Finally, the non-standard {decreaseAllowance} and {increaseAllowance} * functions have been added to mitigate the well-known issues around setting * allowances. See {IERC20-approve}. */ contract ERC20 is IERC20 { using SafeMath for uint256; mapping(address => uint256) private _balances; mapping(address => mapping(address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; uint8 private _decimals; /** * @dev Sets the values for {name} and {symbol}, initializes {decimals} with * a default value of 18. * * To select a different value for {decimals}, use {_setupDecimals}. * * All three of these values are immutable: they can only be set once during * construction. */ constructor(string memory name_, string memory symbol_) { _name = name_; _symbol = symbol_; _decimals = 18; } /** * @dev Returns the name of the token. */ function name() public view returns (string memory) { return _name; } /** * @dev Returns the symbol of the token, usually a shorter version of the * name. */ function symbol() public view returns (string memory) { return _symbol; } /** * @dev Returns the number of decimals used to get its user representation. * For example, if `decimals` equals `2`, a balance of `505` tokens should * be displayed to a user as `5,05` (`505 / 10 ** 2`). * * Tokens usually opt for a value of 18, imitating the relationship between * Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is * called. * * NOTE: This information is only used for _display_ purposes: it in * no way affects any of the arithmetic of the contract, including * {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view returns (uint8) { return _decimals; } /** * @dev See {IERC20-totalSupply}. The total supply should only be read using this function * * Can be overridden by derived contracts to store the total supply in a different way (e.g. packed with other * storage values). */ function totalSupply() public view virtual override returns (uint256) { return _totalSupply; } /** * @dev Sets a new value for the total supply. It should only be set using this function. * * * Can be overridden by derived contracts to store the total supply in a different way (e.g. packed with other * storage values). */ function _setTotalSupply(uint256 value) internal virtual { _totalSupply = value; } /** * @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view override returns (uint256) { return _balances[account]; } /** * @dev See {IERC20-transfer}. * * Requirements: * * - `recipient` cannot be the zero address. * - the caller must have a balance of at least `amount`. */ function transfer( address recipient, uint256 amount ) public virtual override returns (bool) { _transfer(msg.sender, recipient, amount); return true; } /** * @dev See {IERC20-allowance}. */ function allowance( address owner, address spender ) public view virtual override returns (uint256) { return _allowances[owner][spender]; } /** * @dev See {IERC20-approve}. * * Requirements: * * - `spender` cannot be the zero address. */ function approve( address spender, uint256 amount ) public virtual override returns (bool) { _approve(msg.sender, spender, amount); return true; } /** * @dev See {IERC20-transferFrom}. * * Emits an {Approval} event indicating the updated allowance. This is not * required by the EIP. See the note at the beginning of {ERC20}. * * Requirements: * * - `sender` and `recipient` cannot be the zero address. * - `sender` must have a balance of at least `amount`. * - the caller must have allowance for ``sender``'s tokens of at least * `amount`. */ function transferFrom( address sender, address recipient, uint256 amount ) public virtual override returns (bool) { _transfer(sender, recipient, amount); _approve( sender, msg.sender, _allowances[sender][msg.sender].sub( amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE ) ); return true; } /** * @dev Atomically increases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. */ function increaseAllowance( address spender, uint256 addedValue ) public virtual returns (bool) { _approve( msg.sender, spender, _allowances[msg.sender][spender].add(addedValue) ); return true; } /** * @dev Atomically decreases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. * - `spender` must have allowance for the caller of at least * `subtractedValue`. */ function decreaseAllowance( address spender, uint256 subtractedValue ) public virtual returns (bool) { _approve( msg.sender, spender, _allowances[msg.sender][spender].sub( subtractedValue, Errors.ERC20_DECREASED_ALLOWANCE_BELOW_ZERO ) ); return true; } /** * @dev Moves tokens `amount` from `sender` to `recipient`. * * This is internal function is equivalent to {transfer}, and can be used to * e.g. implement automatic token fees, slashing mechanisms, etc. * * Emits a {Transfer} event. * * Requirements: * * - `sender` cannot be the zero address. * - `recipient` cannot be the zero address. * - `sender` must have a balance of at least `amount`. */ function _transfer( address sender, address recipient, uint256 amount ) internal virtual { _require(sender != address(0), Errors.ERC20_TRANSFER_FROM_ZERO_ADDRESS); _require( recipient != address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS ); _beforeTokenTransfer(sender, recipient, amount); _balances[sender] = _balances[sender].sub( amount, Errors.ERC20_TRANSFER_EXCEEDS_BALANCE ); _balances[recipient] = _balances[recipient].add(amount); emit Transfer(sender, recipient, amount); } /** @dev Creates `amount` tokens and assigns them to `account`, increasing * the total supply. * * Emits a {Transfer} event with `from` set to the zero address. * * Requirements: * * - `to` cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { _beforeTokenTransfer(address(0), account, amount); _setTotalSupply(totalSupply().add(amount)); _balances[account] = _balances[account].add(amount); emit Transfer(address(0), account, amount); } /** * @dev Destroys `amount` tokens from `account`, reducing the * total supply. * * Emits a {Transfer} event with `to` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. * - `account` must have at least `amount` tokens. */ function _burn(address account, uint256 amount) internal virtual { _require(account != address(0), Errors.ERC20_BURN_FROM_ZERO_ADDRESS); _beforeTokenTransfer(account, address(0), amount); _balances[account] = _balances[account].sub( amount, Errors.ERC20_BURN_EXCEEDS_BALANCE ); _setTotalSupply(totalSupply().sub(amount)); emit Transfer(account, address(0), amount); } /** * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens. * * This internal function is equivalent to `approve`, and can be used to * e.g. set automatic allowances for certain subsystems, etc. * * Emits an {Approval} event. * * Requirements: * * - `owner` cannot be the zero address. * - `spender` cannot be the zero address. */ function _approve( address owner, address spender, uint256 amount ) internal virtual { _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } /** * @dev Sets {decimals} to a value other than the default one of 18. * * WARNING: This function should only be called from the constructor. Most * applications that interact with token contracts will not expect * {decimals} to ever change, and may work incorrectly if it does. */ function _setupDecimals(uint8 decimals_) internal { _decimals = decimals_; } /** * @dev Hook that is called before any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * will be to transferred to `to`. * - when `from` is zero, `amount` tokens will be minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer( address from, address to, uint256 amount ) internal virtual { // solhint-disable-previous-line no-empty-blocks } }
BaseMinimalSwapInfoPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../../v2-interfaces/contracts/vault/IMinimalSwapInfoPool.sol"; import "./BasePool.sol"; /** * @dev Extension of `BasePool`, adding a handler for `IMinimalSwapInfoPool.onSwap`. * * Derived contracts must call `BasePool`'s constructor, and implement `_onSwapGivenIn` and `_onSwapGivenOut` along with * `BasePool`'s virtual functions. Inheriting from this contract lets derived contracts choose the Two Token or Minimal * Swap Info specialization settings. */ abstract contract BaseMinimalSwapInfoPool is IMinimalSwapInfoPool, BasePool { // Swap Hooks function onSwap( SwapRequest memory request, uint256 balanceTokenIn, uint256 balanceTokenOut ) public override onlyVault(request.poolId) returns (uint256) { _beforeSwapJoinExit(); uint256 scalingFactorTokenIn = _scalingFactor(request.tokenIn); uint256 scalingFactorTokenOut = _scalingFactor(request.tokenOut); balanceTokenIn = _upscale(balanceTokenIn, scalingFactorTokenIn); balanceTokenOut = _upscale(balanceTokenOut, scalingFactorTokenOut); if (request.kind == IVault.SwapKind.GIVEN_IN) { // Fees are subtracted before scaling, to reduce the complexity of the rounding direction analysis. request.amount = _subtractSwapFeeAmount(request.amount); // All token amounts are upscaled. request.amount = _upscale(request.amount, scalingFactorTokenIn); uint256 amountOut = _onSwapGivenIn( request, balanceTokenIn, balanceTokenOut ); // amountOut tokens are exiting the Pool, so we round down. return _downscaleDown(amountOut, scalingFactorTokenOut); } else { // All token amounts are upscaled. request.amount = _upscale(request.amount, scalingFactorTokenOut); uint256 amountIn = _onSwapGivenOut( request, balanceTokenIn, balanceTokenOut ); // amountIn tokens are entering the Pool, so we round up. amountIn = _downscaleUp(amountIn, scalingFactorTokenIn); // Fees are added after scaling happens, to reduce the complexity of the rounding direction analysis. return _addSwapFeeAmount(amountIn); } } /* * @dev Called when a swap with the Pool occurs, where the amount of tokens entering the Pool is known. * * Returns the amount of tokens that will be taken from the Pool in return. * * All amounts inside `swapRequest`, `balanceTokenIn`, and `balanceTokenOut` are upscaled. The swap fee has already * been deducted from `swapRequest.amount`. * * The return value is also considered upscaled, and will be downscaled (rounding down) before returning it to the * Vault. */ function _onSwapGivenIn( SwapRequest memory swapRequest, uint256 balanceTokenIn, uint256 balanceTokenOut ) internal virtual returns (uint256); /* * @dev Called when a swap with the Pool occurs, where the amount of tokens exiting the Pool is known. * * Returns the amount of tokens that will be granted to the Pool in return. * * All amounts inside `swapRequest`, `balanceTokenIn`, and `balanceTokenOut` are upscaled. * * The return value is also considered upscaled, and will be downscaled (rounding up) before applying the swap fee * and returning it to the Vault. */ function _onSwapGivenOut( SwapRequest memory swapRequest, uint256 balanceTokenIn, uint256 balanceTokenOut ) internal virtual returns (uint256); }
EIP712.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; /** * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data. * * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible, * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding * they need in their contracts using a combination of `abi.encode` and `keccak256`. * * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA * ({_hashTypedDataV4}). * * The implementation of the domain separator was designed to be as efficient as possible while still properly updating * the chain id to protect against replay attacks on an eventual fork of the chain. * * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask]. * * _Available since v3.4._ */ abstract contract EIP712 { /* solhint-disable var-name-mixedcase */ bytes32 private immutable _HASHED_NAME; bytes32 private immutable _HASHED_VERSION; bytes32 private immutable _TYPE_HASH; /* solhint-enable var-name-mixedcase */ /** * @dev Initializes the domain separator and parameter caches. * * The meaning of `name` and `version` is specified in * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]: * * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol. * - `version`: the current major version of the signing domain. * * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart * contract upgrade]. */ constructor(string memory name, string memory version) { _HASHED_NAME = keccak256(bytes(name)); _HASHED_VERSION = keccak256(bytes(version)); _TYPE_HASH = keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"); } /** * @dev Returns the domain separator for the current chain. */ function _domainSeparatorV4() internal view virtual returns (bytes32) { return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, _getChainId(), address(this))); } /** * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this * function returns the hash of the fully encoded EIP712 message for this domain. * * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example: * * ```solidity * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode( * keccak256("Mail(address to,string contents)"), * mailTo, * keccak256(bytes(mailContents)) * ))); * address signer = ECDSA.recover(digest, signature); * ``` */ function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) { return keccak256(abi.encodePacked("\x19\x01", _domainSeparatorV4(), structHash)); } function _getChainId() private view returns (uint256 chainId) { // Silence state mutability warning without generating bytecode. // See https://github.com/ethereum/solidity/issues/10090#issuecomment-741789128 and // https://github.com/ethereum/solidity/issues/2691 this; // solhint-disable-next-line no-inline-assembly assembly { chainId := chainid() } } }
IAssetManager.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../solidity-utils/openzeppelin/IERC20.sol"; interface IAssetManager { /** * @notice Emitted when asset manager is rebalanced */ event Rebalance(bytes32 poolId); /** * @notice Sets the config */ function setConfig(bytes32 poolId, bytes calldata config) external; /** * Note: No function to read the asset manager config is included in IAssetManager * as the signature is expected to vary between asset manager implementations */ /** * @notice Returns the asset manager's token */ function getToken() external view returns (IERC20); /** * @return the current assets under management of this asset manager */ function getAUM(bytes32 poolId) external view returns (uint256); /** * @return poolCash - The up-to-date cash balance of the pool * @return poolManaged - The up-to-date managed balance of the pool */ function getPoolBalances(bytes32 poolId) external view returns (uint256 poolCash, uint256 poolManaged); /** * @return The difference in tokens between the target investment * and the currently invested amount (i.e. the amount that can be invested) */ function maxInvestableBalance(bytes32 poolId) external view returns (int256); /** * @notice Updates the Vault on the value of the pool's investment returns */ function updateBalanceOfPool(bytes32 poolId) external; /** * @notice Determines whether the pool should rebalance given the provided balances */ function shouldRebalance(uint256 cash, uint256 managed) external view returns (bool); /** * @notice Rebalances funds between the pool and the asset manager to maintain target investment percentage. * @param poolId - the poolId of the pool to be rebalanced * @param force - a boolean representing whether a rebalance should be forced even when the pool is near balance */ function rebalance(bytes32 poolId, bool force) external; /** * @notice allows an authorized rebalancer to remove capital to facilitate large withdrawals * @param poolId - the poolId of the pool to withdraw funds back to * @param amount - the amount of tokens to withdraw back to the pool */ function capitalOut(bytes32 poolId, uint256 amount) external; }
IRateProvider.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; interface IRateProvider { /** * @dev Returns an 18 decimal fixed point number that is the exchange rate of the token to some other underlying * token. The meaning of this rate depends on the context. */ function getRate() external view returns (uint256); }
IRecoveryMode.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; /** * @dev Interface for the RecoveryMode module. */ interface IRecoveryMode { /** * @dev Emitted when the Recovery Mode status changes. */ event RecoveryModeStateChanged(bool enabled); /** * @notice Enables Recovery Mode in the Pool, disabling protocol fee collection and allowing for safe proportional * exits with low computational complexity and no dependencies. */ function enableRecoveryMode() external; /** * @notice Disables Recovery Mode in the Pool, restoring protocol fee collection and disallowing proportional exits. */ function disableRecoveryMode() external; /** * @notice Returns true if the Pool is in Recovery Mode. */ function inRecoveryMode() external view returns (bool); }
CodeDeployer.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; /** * @dev Library used to deploy contracts with specific code. This can be used for long-term storage of immutable data as * contract code, which can be retrieved via the `extcodecopy` opcode. */ library CodeDeployer { // During contract construction, the full code supplied exists as code, and can be accessed via `codesize` and // `codecopy`. This is not the contract's final code however: whatever the constructor returns is what will be // stored as its code. // // We use this mechanism to have a simple constructor that stores whatever is appended to it. The following opcode // sequence corresponds to the creation code of the following equivalent Solidity contract, plus padding to make the // full code 32 bytes long: // // contract CodeDeployer { // constructor() payable { // uint256 size; // assembly { // size := sub(codesize(), 32) // size of appended data, as constructor is 32 bytes long // codecopy(0, 32, size) // copy all appended data to memory at position 0 // return(0, size) // return appended data for it to be stored as code // } // } // } // // More specifically, it is composed of the following opcodes (plus padding): // // [1] PUSH1 0x20 // [2] CODESIZE // [3] SUB // [4] DUP1 // [6] PUSH1 0x20 // [8] PUSH1 0x00 // [9] CODECOPY // [11] PUSH1 0x00 // [12] RETURN // // The padding is just the 0xfe sequence (invalid opcode). It is important as it lets us work in-place, avoiding // memory allocation and copying. bytes32 private constant _DEPLOYER_CREATION_CODE = 0x602038038060206000396000f3fefefefefefefefefefefefefefefefefefefe; /** * @dev Deploys a contract with `code` as its code, returning the destination address. * * Reverts if deployment fails. */ function deploy(bytes memory code) internal returns (address destination) { bytes32 deployerCreationCode = _DEPLOYER_CREATION_CODE; // We need to concatenate the deployer creation code and `code` in memory, but want to avoid copying all of // `code` (which could be quite long) into a new memory location. Therefore, we operate in-place using // assembly. // solhint-disable-next-line no-inline-assembly assembly { let codeLength := mload(code) // `code` is composed of length and data. We've already stored its length in `codeLength`, so we simply // replace it with the deployer creation code (which is exactly 32 bytes long). mstore(code, deployerCreationCode) // At this point, `code` now points to the deployer creation code immediately followed by `code`'s data // contents. This is exactly what the deployer expects to receive when created. destination := create(0, code, add(codeLength, 32)) // Finally, we restore the original length in order to not mutate `code`. mstore(code, codeLength) } // The create opcode returns the zero address when contract creation fails, so we revert if this happens. _require(destination != address(0), Errors.CODE_DEPLOYMENT_FAILED); } }
InputHelpers.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol"; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; library InputHelpers { function ensureInputLengthMatch(uint256 a, uint256 b) internal pure { _require(a == b, Errors.INPUT_LENGTH_MISMATCH); } function ensureInputLengthMatch( uint256 a, uint256 b, uint256 c ) internal pure { _require(a == b && b == c, Errors.INPUT_LENGTH_MISMATCH); } function ensureArrayIsSorted(IERC20[] memory array) internal pure { address[] memory addressArray; // solhint-disable-next-line no-inline-assembly assembly { addressArray := array } ensureArrayIsSorted(addressArray); } function ensureArrayIsSorted(address[] memory array) internal pure { if (array.length < 2) { return; } address previous = array[0]; for (uint256 i = 1; i < array.length; ++i) { address current = array[i]; _require(previous < current, Errors.UNSORTED_ARRAY); previous = current; } } }
IWETH.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../openzeppelin/IERC20.sol"; /** * @dev Interface for WETH9. * See https://github.com/gnosis/canonical-weth/blob/0dd1ea3e295eef916d0c6223ec63141137d22d67/contracts/WETH9.sol */ interface IWETH is IERC20 { function deposit() external payable; function withdraw(uint256 amount) external; }
IFlashLoanRecipient.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; // Inspired by Aave Protocol's IFlashLoanReceiver. import "../solidity-utils/openzeppelin/IERC20.sol"; interface IFlashLoanRecipient { /** * @dev When `flashLoan` is called on the Vault, it invokes the `receiveFlashLoan` hook on the recipient. * * At the time of the call, the Vault will have transferred `amounts` for `tokens` to the recipient. Before this * call returns, the recipient must have transferred `amounts` plus `feeAmounts` for each token back to the * Vault, or else the entire flash loan will revert. * * `userData` is the same value passed in the `IVault.flashLoan` call. */ function receiveFlashLoan( IERC20[] memory tokens, uint256[] memory amounts, uint256[] memory feeAmounts, bytes memory userData ) external; }
BasePoolFactory.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../../../v2-interfaces/contracts/vault/IVault.sol"; import "../../../v2-interfaces/contracts/standalone-utils/IProtocolFeePercentagesProvider.sol"; import "../../../v2-interfaces/contracts/pool-utils/IBasePoolFactory.sol"; import "../../../v2-solidity-utils/contracts/helpers/BaseSplitCodeFactory.sol"; import "../../../v2-solidity-utils/contracts/helpers/SingletonAuthentication.sol"; /** * @notice Base contract for Pool factories. * * Pools are deployed from factories to allow third parties to reason about them. Unknown Pools may have arbitrary * logic: being able to assert that a Pool's behavior follows certain rules (those imposed by the contracts created by * the factory) is very powerful. * * @dev By using the split code mechanism, we can deploy Pools with creation code so large that a regular factory * contract would not be able to store it. * * Since we expect to release new versions of pool types regularly - and the blockchain is forever - versioning will * become increasingly important. Governance can deprecate a factory by calling `disable`, which will permanently * prevent the creation of any future pools from the factory. */ abstract contract BasePoolFactory is IBasePoolFactory, BaseSplitCodeFactory, SingletonAuthentication { IProtocolFeePercentagesProvider private immutable _protocolFeeProvider; mapping(address => bool) private _isPoolFromFactory; bool private _disabled; event PoolCreated(address indexed pool); event FactoryDisabled(); constructor( IVault vault, IProtocolFeePercentagesProvider protocolFeeProvider, bytes memory creationCode ) BaseSplitCodeFactory(creationCode) SingletonAuthentication(vault) { _protocolFeeProvider = protocolFeeProvider; } function isPoolFromFactory( address pool ) external view override returns (bool) { return _isPoolFromFactory[pool]; } function isDisabled() public view override returns (bool) { return _disabled; } function disable() external override authenticate { _ensureEnabled(); _disabled = true; emit FactoryDisabled(); } function _ensureEnabled() internal view { _require(!isDisabled(), Errors.DISABLED); } function getProtocolFeePercentagesProvider() public view returns (IProtocolFeePercentagesProvider) { return _protocolFeeProvider; } function _create( bytes memory constructorArgs, bytes32 salt ) internal virtual override returns (address) { _ensureEnabled(); address pool = super._create(constructorArgs, salt); _isPoolFromFactory[pool] = true; emit PoolCreated(pool); return pool; } }
SafeCast.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; /** * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow * checks. * * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can * easily result in undesired exploitation or bugs, since developers usually * assume that overflows raise errors. `SafeCast` restores this intuition by * reverting the transaction when such an operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. * * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing * all math on `uint256` and `int256` and then downcasting. */ library SafeCast { /** * @dev Converts an unsigned uint256 into a signed int256. * * Requirements: * * - input must be less than or equal to maxInt256. */ function toInt256(uint256 value) internal pure returns (int256) { _require(value >> 255 == 0, Errors.SAFE_CAST_VALUE_CANT_FIT_INT256); return int256(value); } /** * @dev Converts an unsigned uint256 into an unsigned uint64. * * Requirements: * * - input must be less than or equal to maxUint64. */ function toUint64(uint256 value) internal pure returns (uint64) { _require( value <= type(uint64).max, Errors.SAFE_CAST_VALUE_CANT_FIT_UINT64 ); return uint64(value); } }
SafeMath.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; /** * @dev Wrappers over Solidity's arithmetic operations with added overflow * checks. * * Arithmetic operations in Solidity wrap on overflow. This can easily result * in bugs, because programmers usually assume that an overflow raises an * error, which is the standard behavior in high level programming languages. * `SafeMath` restores this intuition by reverting the transaction when an * operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. */ library SafeMath { /** * @dev Returns the addition of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `+` operator. * * Requirements: * * - Addition cannot overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; _require(c >= a, Errors.ADD_OVERFLOW); return c; } /** * @dev Returns the subtraction of two unsigned integers, reverting on * overflow (when the result is negative). * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { return sub(a, b, Errors.SUB_OVERFLOW); } /** * @dev Returns the subtraction of two unsigned integers, reverting with custom message on * overflow (when the result is negative). * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub( uint256 a, uint256 b, uint256 errorCode ) internal pure returns (uint256) { _require(b <= a, errorCode); uint256 c = a - b; return c; } }
IControlledPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../solidity-utils/openzeppelin/IERC20.sol"; interface IControlledPool { function setSwapFeePercentage(uint256 swapFeePercentage) external; function setAssetManagerPoolConfig(IERC20 token, bytes memory poolConfig) external; }
IMinimalSwapInfoPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./IBasePool.sol"; /** * @dev Pool contracts with the MinimalSwapInfo or TwoToken specialization settings should implement this interface. * * This is called by the Vault when a user calls `IVault.swap` or `IVault.batchSwap` to swap with this Pool. * Returns the number of tokens the Pool will grant to the user in a 'given in' swap, or that the user will grant * to the pool in a 'given out' swap. * * This can often be implemented by a `view` function, since many pricing algorithms don't need to track state * changes in swaps. However, contracts implementing this in non-view functions should check that the caller is * indeed the Vault. */ interface IMinimalSwapInfoPool is IBasePool { function onSwap( SwapRequest memory swapRequest, uint256 currentBalanceTokenIn, uint256 currentBalanceTokenOut ) external returns (uint256 amount); }
ProtocolFees.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-solidity-utils/contracts/math/FixedPoint.sol"; import "../../../v2-solidity-utils/contracts/math/Math.sol"; library ProtocolFees { using FixedPoint for uint256; /** * @dev Calculates the amount of BPT necessary to give ownership of a given percentage of the Pool. * Note that this function reverts if `poolPercentage` >= 100%, it's expected that the caller will enforce this. * @param totalSupply - The total supply of the pool prior to minting BPT. * @param poolOwnershipPercentage - The desired ownership percentage of the pool to have as a result of minting BPT. * @return bptAmount - The amount of BPT to mint such that it is `poolPercentage` of the resultant total supply. */ function bptForPoolOwnershipPercentage( uint256 totalSupply, uint256 poolOwnershipPercentage ) internal pure returns (uint256) { // If we mint some amount `bptAmount` of BPT then the percentage ownership of the pool this grants is given by: // `poolOwnershipPercentage = bptAmount / (totalSupply + bptAmount)`. // Solving for `bptAmount`, we arrive at: // `bptAmount = totalSupply * poolOwnershipPercentage / (1 - poolOwnershipPercentage)`. return Math.divDown( Math.mul(totalSupply, poolOwnershipPercentage), poolOwnershipPercentage.complement() ); } }
Authentication.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../../../v2-interfaces/contracts/solidity-utils/helpers/IAuthentication.sol"; /** * @dev Building block for performing access control on external functions. * * This contract is used via the `authenticate` modifier (or the `_authenticateCaller` function), which can be applied * to external functions to only make them callable by authorized accounts. * * Derived contracts must implement the `_canPerform` function, which holds the actual access control logic. */ abstract contract Authentication is IAuthentication { bytes32 private immutable _actionIdDisambiguator; /** * @dev The main purpose of the `actionIdDisambiguator` is to prevent accidental function selector collisions in * multi contract systems. * * There are two main uses for it: * - if the contract is a singleton, any unique identifier can be used to make the associated action identifiers * unique. The contract's own address is a good option. * - if the contract belongs to a family that shares action identifiers for the same functions, an identifier * shared by the entire family (and no other contract) should be used instead. */ constructor(bytes32 actionIdDisambiguator) { _actionIdDisambiguator = actionIdDisambiguator; } /** * @dev Reverts unless the caller is allowed to call this function. Should only be applied to external functions. */ modifier authenticate() { _authenticateCaller(); _; } /** * @dev Reverts unless the caller is allowed to call the entry point function. */ function _authenticateCaller() internal view { bytes32 actionId = getActionId(msg.sig); _require(_canPerform(actionId, msg.sender), Errors.SENDER_NOT_ALLOWED); } function getActionId( bytes4 selector ) public view override returns (bytes32) { // Each external function is dynamically assigned an action identifier as the hash of the disambiguator and the // function selector. Disambiguation is necessary to avoid potential collisions in the function selectors of // multiple contracts. return keccak256(abi.encodePacked(_actionIdDisambiguator, selector)); } function _canPerform( bytes32 actionId, address user ) internal view virtual returns (bool); }
BasePoolUserData.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; library BasePoolUserData { // Special ExitKind for all pools, used in Recovery Mode. Use the max 8-bit value to prevent conflicts // with future additions to the ExitKind enums (or any front-end code that maps to existing values) uint8 public constant RECOVERY_MODE_EXIT_KIND = 255; // Return true if this is the special exit kind. function isRecoveryModeExitKind(bytes memory self) internal pure returns (bool) { // Check for the "no data" case, or abi.decode would revert return self.length > 0 && abi.decode(self, (uint8)) == RECOVERY_MODE_EXIT_KIND; } // Parse the bptAmountIn out of the userData function recoveryModeExit(bytes memory self) internal pure returns (uint256 bptAmountIn) { (, bptAmountIn) = abi.decode(self, (uint8, uint256)); } }
IBasePoolFactory.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../solidity-utils/helpers/IAuthentication.sol"; interface IBasePoolFactory is IAuthentication { /** * @dev Returns true if `pool` was created by this factory. */ function isPoolFromFactory(address pool) external view returns (bool); /** * @dev Check whether the derived factory has been disabled. */ function isDisabled() external view returns (bool); /** * @dev Disable the factory, preventing the creation of more pools. Already existing pools are unaffected. * Once a factory is disabled, it cannot be re-enabled. */ function disable() external; }
IProtocolFeesCollector.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "../solidity-utils/openzeppelin/IERC20.sol"; import "./IVault.sol"; import "./IAuthorizer.sol"; interface IProtocolFeesCollector { event SwapFeePercentageChanged(uint256 newSwapFeePercentage); event FlashLoanFeePercentageChanged(uint256 newFlashLoanFeePercentage); function withdrawCollectedFees( IERC20[] calldata tokens, uint256[] calldata amounts, address recipient ) external; function setSwapFeePercentage(uint256 newSwapFeePercentage) external; function setFlashLoanFeePercentage(uint256 newFlashLoanFeePercentage) external; function getSwapFeePercentage() external view returns (uint256); function getFlashLoanFeePercentage() external view returns (uint256); function getCollectedFeeAmounts(IERC20[] memory tokens) external view returns (uint256[] memory feeAmounts); function getAuthorizer() external view returns (IAuthorizer); function vault() external view returns (IVault); }
ERC20Permit.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20Permit.sol"; import "./ERC20.sol"; import "../helpers/EOASignaturesValidator.sol"; /** * @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. * * _Available since v3.4._ */ abstract contract ERC20Permit is ERC20, IERC20Permit, EOASignaturesValidator { // solhint-disable-next-line var-name-mixedcase bytes32 private constant _PERMIT_TYPEHASH = keccak256( "Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)" ); /** * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`. * * It's a good idea to use the same `name` that is defined as the ERC20 token name. */ constructor(string memory name) EIP712(name, "1") { // solhint-disable-previous-line no-empty-blocks } /** * @dev See {IERC20Permit-permit}. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) public virtual override { bytes32 structHash = keccak256( abi.encode( _PERMIT_TYPEHASH, owner, spender, value, getNextNonce(owner), deadline ) ); _ensureValidSignature( owner, structHash, _toArraySignature(v, r, s), deadline, Errors.INVALID_SIGNATURE ); _approve(owner, spender, value); } /** * @dev See {IERC20Permit-nonces}. */ function nonces(address owner) public view override returns (uint256) { return getNextNonce(owner); } /** * @dev See {IERC20Permit-DOMAIN_SEPARATOR}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view override returns (bytes32) { return getDomainSeparator(); } }
ProtocolFeeCache.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../../../v2-interfaces/contracts/standalone-utils/IProtocolFeePercentagesProvider.sol"; import "../../../v2-solidity-utils/contracts/openzeppelin/SafeCast.sol"; import "../RecoveryMode.sol"; /** * @dev The Vault does not provide the protocol swap fee percentage in swap hooks (as swaps don't typically need this * value), so for swaps that need this value, we would have to to fetch it ourselves from the * ProtocolFeePercentagesProvider. Additionally, other protocol fee types (such as Yield or AUM) can only be obtained * by making said call. * * However, these values change so rarely that it doesn't make sense to perform the required calls to get the current * values in every single user interaction. Instead, we keep a local copy that can be permissionlessly updated by anyone * with the real value. We also pack these values together, performing a single storage read to get them all. * * When initialized with a special sentinel value, the swap fee is delegated, meaning the mutable protocol swap fee * cache is set to the current value stored in the ProtocolFeePercentagesProvider, and can be updated by anyone with a * call to `updateProtocolFeePercentageCache`. Any other value means the protocol swap fee is fixed, so it is instead * stored in the immutable `_fixedProtocolSwapFeePercentage`. */ abstract contract ProtocolFeeCache is RecoveryMode { using SafeCast for uint256; IProtocolFeePercentagesProvider private immutable _protocolFeeProvider; // Protocol Fee Percentages can never be larger than 100% (1e18), which fits in ~59 bits, so using 64 for each type // is sufficient. struct FeeTypeCache { uint64 swapFee; uint64 yieldFee; uint64 aumFee; } FeeTypeCache private _cache; event ProtocolFeePercentageCacheUpdated( uint256 indexed feeType, uint256 protocolFeePercentage ); // Swap fees can be set to a fixed value at construction, or delegated to the ProtocolFeePercentagesProvider if // passing the special sentinel value. uint256 public constant DELEGATE_PROTOCOL_SWAP_FEES_SENTINEL = type(uint256).max; bool private immutable _delegatedProtocolSwapFees; // Only valid when `_delegatedProtocolSwapFees` is false uint256 private immutable _fixedProtocolSwapFeePercentage; constructor( IProtocolFeePercentagesProvider protocolFeeProvider, uint256 protocolSwapFeePercentage ) { // Protocol swap fees are delegated to the value reported by the ProtocolFeePercentagesProvider if the sentinel // value is passed. bool delegatedProtocolSwapFees = protocolSwapFeePercentage == DELEGATE_PROTOCOL_SWAP_FEES_SENTINEL; _delegatedProtocolSwapFees = delegatedProtocolSwapFees; _protocolFeeProvider = protocolFeeProvider; _updateProtocolFeeCache(protocolFeeProvider, ProtocolFeeType.YIELD); _updateProtocolFeeCache(protocolFeeProvider, ProtocolFeeType.AUM); if (delegatedProtocolSwapFees) { _updateProtocolFeeCache(protocolFeeProvider, ProtocolFeeType.SWAP); } else { _require( protocolSwapFeePercentage <= protocolFeeProvider.getFeeTypeMaximumPercentage( ProtocolFeeType.SWAP ), Errors.SWAP_FEE_PERCENTAGE_TOO_HIGH ); // We cannot set `_fixedProtocolSwapFeePercentage` here due to it being immutable so instead we must set it // in the main function scope with a value based on whether protocol fees are delegated. // Emit an event as we do in `_updateProtocolFeeCache` to appear the same to offchain indexers. emit ProtocolFeePercentageCacheUpdated( ProtocolFeeType.SWAP, protocolSwapFeePercentage ); } // As `_fixedProtocolSwapFeePercentage` is immutable we must set a value, but just set to zero if it's not used. _fixedProtocolSwapFeePercentage = delegatedProtocolSwapFees ? 0 : protocolSwapFeePercentage; } /** * @dev Returns the cached protocol fee percentage. If `getProtocolSwapFeeDelegation()` is false, this value is * immutable for swap fee queries. Alternatively, it will track the global fee percentage set in the * ProtocolFeePercentagesProvider. */ function getProtocolFeePercentageCache( uint256 feeType ) public view returns (uint256) { if (inRecoveryMode()) { return 0; } if (feeType == ProtocolFeeType.SWAP) { return getProtocolSwapFeeDelegation() ? _cache.swapFee : _fixedProtocolSwapFeePercentage; } else if (feeType == ProtocolFeeType.YIELD) { return _cache.yieldFee; } else if (feeType == ProtocolFeeType.AUM) { return _cache.aumFee; } else { _revert(Errors.UNHANDLED_FEE_TYPE); } } /** * @dev Can be called by anyone to update the cached fee percentages (swap fee is only updated when delegated). * Updates the cache to the latest value set by governance. * * This function will revert when called within a Vault context (i.e. in the middle of a join or an exit). * * This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or * an exit, because the state of the pool could be out of sync with the state of the Vault. * `_beforeProtocolFeeCacheUpdate` will revert when called from such a context for weighted pools, effectively * protecting this function. * * See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference. */ function updateProtocolFeePercentageCache() external { _beforeProtocolFeeCacheUpdate(); if (getProtocolSwapFeeDelegation()) { _updateProtocolFeeCache(_protocolFeeProvider, ProtocolFeeType.SWAP); } _updateProtocolFeeCache(_protocolFeeProvider, ProtocolFeeType.YIELD); _updateProtocolFeeCache(_protocolFeeProvider, ProtocolFeeType.AUM); } /** * @dev Override in derived contracts to perform some action before the cache is updated. This is typically relevant * to Pools that incur protocol debt between operations. To avoid altering the amount due retroactively, this debt * needs to be paid before the fee percentages change. */ function _beforeProtocolFeeCacheUpdate() internal virtual {} /** * @dev Returns whether this Pool tracks protocol swap fee changes in the IProtocolFeePercentagesProvider. */ function getProtocolSwapFeeDelegation() public view returns (bool) { return _delegatedProtocolSwapFees; } function _updateProtocolFeeCache( IProtocolFeePercentagesProvider protocolFeeProvider, uint256 feeType ) private { uint256 currentValue = protocolFeeProvider.getFeeTypePercentage( feeType ); if (feeType == ProtocolFeeType.SWAP) { _cache.swapFee = currentValue.toUint64(); } else if (feeType == ProtocolFeeType.YIELD) { _cache.yieldFee = currentValue.toUint64(); } else if (feeType == ProtocolFeeType.AUM) { _cache.aumFee = currentValue.toUint64(); } else { _revert(Errors.UNHANDLED_FEE_TYPE); } emit ProtocolFeePercentageCacheUpdated(feeType, currentValue); } }
TemporarilyPausable.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../../../v2-interfaces/contracts/solidity-utils/helpers/ITemporarilyPausable.sol"; /** * @dev Allows for a contract to be paused during an initial period after deployment, disabling functionality. Can be * used as an emergency switch in case a security vulnerability or threat is identified. * * The contract can only be paused during the Pause Window, a period that starts at deployment. It can also be * unpaused and repaused any number of times during this period. This is intended to serve as a safety measure: it lets * system managers react quickly to potentially dangerous situations, knowing that this action is reversible if careful * analysis later determines there was a false alarm. * * If the contract is paused when the Pause Window finishes, it will remain in the paused state through an additional * Buffer Period, after which it will be automatically unpaused forever. This is to ensure there is always enough time * to react to an emergency, even if the threat is discovered shortly before the Pause Window expires. * * Note that since the contract can only be paused within the Pause Window, unpausing during the Buffer Period is * irreversible. */ abstract contract TemporarilyPausable is ITemporarilyPausable { // The Pause Window and Buffer Period are timestamp-based: they should not be relied upon for sub-minute accuracy. // solhint-disable not-rely-on-time uint256 private constant _MAX_PAUSE_WINDOW_DURATION = 90 days; uint256 private constant _MAX_BUFFER_PERIOD_DURATION = 30 days; uint256 private immutable _pauseWindowEndTime; uint256 private immutable _bufferPeriodEndTime; bool private _paused; constructor(uint256 pauseWindowDuration, uint256 bufferPeriodDuration) { _require( pauseWindowDuration <= _MAX_PAUSE_WINDOW_DURATION, Errors.MAX_PAUSE_WINDOW_DURATION ); _require( bufferPeriodDuration <= _MAX_BUFFER_PERIOD_DURATION, Errors.MAX_BUFFER_PERIOD_DURATION ); uint256 pauseWindowEndTime = block.timestamp + pauseWindowDuration; _pauseWindowEndTime = pauseWindowEndTime; _bufferPeriodEndTime = pauseWindowEndTime + bufferPeriodDuration; } /** * @dev Reverts if the contract is paused. */ modifier whenNotPaused() { _ensureNotPaused(); _; } /** * @dev Returns the current contract pause status, as well as the end times of the Pause Window and Buffer * Period. */ function getPausedState() external view override returns ( bool paused, uint256 pauseWindowEndTime, uint256 bufferPeriodEndTime ) { paused = !_isNotPaused(); pauseWindowEndTime = _getPauseWindowEndTime(); bufferPeriodEndTime = _getBufferPeriodEndTime(); } /** * @dev Sets the pause state to `paused`. The contract can only be paused until the end of the Pause Window, and * unpaused until the end of the Buffer Period. * * Once the Buffer Period expires, this function reverts unconditionally. */ function _setPaused(bool paused) internal { if (paused) { _require( block.timestamp < _getPauseWindowEndTime(), Errors.PAUSE_WINDOW_EXPIRED ); } else { _require( block.timestamp < _getBufferPeriodEndTime(), Errors.BUFFER_PERIOD_EXPIRED ); } _paused = paused; emit PausedStateChanged(paused); } /** * @dev Reverts if the contract is paused. */ function _ensureNotPaused() internal view { _require(_isNotPaused(), Errors.PAUSED); } /** * @dev Reverts if the contract is not paused. */ function _ensurePaused() internal view { _require(!_isNotPaused(), Errors.NOT_PAUSED); } /** * @dev Returns true if the contract is unpaused. * * Once the Buffer Period expires, the gas cost of calling this function is reduced dramatically, as storage is no * longer accessed. */ function _isNotPaused() internal view returns (bool) { // After the Buffer Period, the (inexpensive) timestamp check short-circuits the storage access. return block.timestamp > _getBufferPeriodEndTime() || !_paused; } // These getters lead to reduced bytecode size by inlining the immutable variables in a single place. function _getPauseWindowEndTime() private view returns (uint256) { return _pauseWindowEndTime; } function _getBufferPeriodEndTime() private view returns (uint256) { return _bufferPeriodEndTime; } }
FactoryWidePauseWindow.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; /** * @dev Utility to create Pool factories for Pools that use the `TemporarilyPausable` contract. * * By calling `TemporarilyPausable`'s constructor with the result of `getPauseConfiguration`, all Pools created by this * factory will share the same Pause Window end time, after which both old and new Pools will not be pausable. */ contract FactoryWidePauseWindow { // This contract relies on timestamps in a similar way as `TemporarilyPausable` does - the same caveats apply. // solhint-disable not-rely-on-time uint256 private constant _INITIAL_PAUSE_WINDOW_DURATION = 90 days; uint256 private constant _BUFFER_PERIOD_DURATION = 30 days; // Time when the pause window for all created Pools expires, and the pause window duration of new Pools becomes // zero. uint256 private immutable _poolsPauseWindowEndTime; constructor() { _poolsPauseWindowEndTime = block.timestamp + _INITIAL_PAUSE_WINDOW_DURATION; } /** * @dev Returns the current `TemporarilyPausable` configuration that will be applied to Pools created by this * factory. * * `pauseWindowDuration` will decrease over time until it reaches zero, at which point both it and * `bufferPeriodDuration` will be zero forever, meaning deployed Pools will not be pausable. */ function getPauseConfiguration() public view returns (uint256 pauseWindowDuration, uint256 bufferPeriodDuration) { uint256 currentTime = block.timestamp; if (currentTime < _poolsPauseWindowEndTime) { // The buffer period is always the same since its duration is related to how much time is needed to respond // to a potential emergency. The Pause Window duration however decreases as the end time approaches. pauseWindowDuration = _poolsPauseWindowEndTime - currentTime; // No need for checked arithmetic. bufferPeriodDuration = _BUFFER_PERIOD_DURATION; } else { // After the end time, newly created Pools have no Pause Window, nor Buffer Period (since they are not // pausable in the first place). pauseWindowDuration = 0; bufferPeriodDuration = 0; } } }
BaseSplitCodeFactory.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; import "./CodeDeployer.sol"; /** * @dev Base factory for contracts whose creation code is so large that the factory cannot hold it. This happens when * the contract's creation code grows close to 24kB. * * Note that this factory cannot help with contracts that have a *runtime* (deployed) bytecode larger than 24kB. */ abstract contract BaseSplitCodeFactory { // The contract's creation code is stored as code in two separate addresses, and retrieved via `extcodecopy`. This // means this factory supports contracts with creation code of up to 48kB. // We rely on inline-assembly to achieve this, both to make the entire operation highly gas efficient, and because // `extcodecopy` is not available in Solidity. // solhint-disable no-inline-assembly address private immutable _creationCodeContractA; uint256 private immutable _creationCodeSizeA; address private immutable _creationCodeContractB; uint256 private immutable _creationCodeSizeB; /** * @dev The creation code of a contract Foo can be obtained inside Solidity with `type(Foo).creationCode`. */ constructor(bytes memory creationCode) { uint256 creationCodeSize = creationCode.length; // We are going to deploy two contracts: one with approximately the first half of `creationCode`'s contents // (A), and another with the remaining half (B). // We store the lengths in both immutable and stack variables, since immutable variables cannot be read during // construction. uint256 creationCodeSizeA = creationCodeSize / 2; _creationCodeSizeA = creationCodeSizeA; uint256 creationCodeSizeB = creationCodeSize - creationCodeSizeA; _creationCodeSizeB = creationCodeSizeB; // To deploy the contracts, we're going to use `CodeDeployer.deploy()`, which expects a memory array with // the code to deploy. Note that we cannot simply create arrays for A and B's code by copying or moving // `creationCode`'s contents as they are expected to be very large (> 24kB), so we must operate in-place. // Memory: [ code length ] [ A.data ] [ B.data ] // Creating A's array is simple: we simply replace `creationCode`'s length with A's length. We'll later restore // the original length. bytes memory creationCodeA; assembly { creationCodeA := creationCode mstore(creationCodeA, creationCodeSizeA) } // Memory: [ A.length ] [ A.data ] [ B.data ] // ^ creationCodeA _creationCodeContractA = CodeDeployer.deploy(creationCodeA); // Creating B's array is a bit more involved: since we cannot move B's contents, we are going to create a 'new' // memory array starting at A's last 32 bytes, which will be replaced with B's length. We'll back-up this last // byte to later restore it. bytes memory creationCodeB; bytes32 lastByteA; assembly { // `creationCode` points to the array's length, not data, so by adding A's length to it we arrive at A's // last 32 bytes. creationCodeB := add(creationCode, creationCodeSizeA) lastByteA := mload(creationCodeB) mstore(creationCodeB, creationCodeSizeB) } // Memory: [ A.length ] [ A.data[ : -1] ] [ B.length ][ B.data ] // ^ creationCodeA ^ creationCodeB _creationCodeContractB = CodeDeployer.deploy(creationCodeB); // We now restore the original contents of `creationCode` by writing back the original length and A's last byte. assembly { mstore(creationCodeA, creationCodeSize) mstore(creationCodeB, lastByteA) } } /** * @dev Returns the two addresses where the creation code of the contract crated by this factory is stored. */ function getCreationCodeContracts() public view returns (address contractA, address contractB) { return (_creationCodeContractA, _creationCodeContractB); } /** * @dev Returns the creation code of the contract this factory creates. */ function getCreationCode() public view returns (bytes memory) { return _getCreationCodeWithArgs(""); } /** * @dev Returns the creation code that will result in a contract being deployed with `constructorArgs`. */ function _getCreationCodeWithArgs(bytes memory constructorArgs) private view returns (bytes memory code) { // This function exists because `abi.encode()` cannot be instructed to place its result at a specific address. // We need for the ABI-encoded constructor arguments to be located immediately after the creation code, but // cannot rely on `abi.encodePacked()` to perform concatenation as that would involve copying the creation code, // which would be prohibitively expensive. // Instead, we compute the creation code in a pre-allocated array that is large enough to hold *both* the // creation code and the constructor arguments, and then copy the ABI-encoded arguments (which should not be // overly long) right after the end of the creation code. // Immutable variables cannot be used in assembly, so we store them in the stack first. address creationCodeContractA = _creationCodeContractA; uint256 creationCodeSizeA = _creationCodeSizeA; address creationCodeContractB = _creationCodeContractB; uint256 creationCodeSizeB = _creationCodeSizeB; uint256 creationCodeSize = creationCodeSizeA + creationCodeSizeB; uint256 constructorArgsSize = constructorArgs.length; uint256 codeSize = creationCodeSize + constructorArgsSize; assembly { // First, we allocate memory for `code` by retrieving the free memory pointer and then moving it ahead of // `code` by the size of the creation code plus constructor arguments, and 32 bytes for the array length. code := mload(0x40) mstore(0x40, add(code, add(codeSize, 32))) // We now store the length of the code plus constructor arguments. mstore(code, codeSize) // Next, we concatenate the creation code stored in A and B. let dataStart := add(code, 32) extcodecopy(creationCodeContractA, dataStart, 0, creationCodeSizeA) extcodecopy(creationCodeContractB, add(dataStart, creationCodeSizeA), 0, creationCodeSizeB) } // Finally, we copy the constructorArgs to the end of the array. Unfortunately there is no way to avoid this // copy, as it is not possible to tell Solidity where to store the result of `abi.encode()`. uint256 constructorArgsDataPtr; uint256 constructorArgsCodeDataPtr; assembly { constructorArgsDataPtr := add(constructorArgs, 32) constructorArgsCodeDataPtr := add(add(code, 32), creationCodeSize) } _memcpy(constructorArgsCodeDataPtr, constructorArgsDataPtr, constructorArgsSize); } /** * @dev Deploys a contract with constructor arguments and a user-provided salt, using the create2 opcode. * To create `constructorArgs`, call `abi.encode()` with the contract's constructor arguments, in order. */ function _create(bytes memory constructorArgs, bytes32 salt) internal virtual returns (address) { bytes memory creationCode = _getCreationCodeWithArgs(constructorArgs); address destination; assembly { destination := create2(0, add(creationCode, 32), mload(creationCode), salt) } if (destination == address(0)) { // Bubble up inner revert reason // solhint-disable-next-line no-inline-assembly assembly { returndatacopy(0, 0, returndatasize()) revert(0, returndatasize()) } } return destination; } // From // https://github.com/Arachnid/solidity-stringutils/blob/b9a6f6615cf18a87a823cbc461ce9e140a61c305/src/strings.sol function _memcpy( uint256 dest, uint256 src, uint256 len ) private pure { // Copy word-length chunks while possible for (; len >= 32; len -= 32) { assembly { mstore(dest, mload(src)) } dest += 32; src += 32; } // Copy remaining bytes uint256 mask = 256**(32 - len) - 1; assembly { let srcpart := and(mload(src), not(mask)) let destpart := and(mload(dest), mask) mstore(dest, or(destpart, srcpart)) } } }
WeightedPoolUserData.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../solidity-utils/openzeppelin/IERC20.sol"; library WeightedPoolUserData { // In order to preserve backwards compatibility, make sure new join and exit kinds are added at the end of the enum. enum JoinKind { INIT, EXACT_TOKENS_IN_FOR_BPT_OUT, TOKEN_IN_FOR_EXACT_BPT_OUT, ALL_TOKENS_IN_FOR_EXACT_BPT_OUT, ADD_TOKEN // for Managed Pool } enum ExitKind { EXACT_BPT_IN_FOR_ONE_TOKEN_OUT, EXACT_BPT_IN_FOR_TOKENS_OUT, BPT_IN_FOR_EXACT_TOKENS_OUT, REMOVE_TOKEN // for ManagedPool } function joinKind(bytes memory self) internal pure returns (JoinKind) { return abi.decode(self, (JoinKind)); } function exitKind(bytes memory self) internal pure returns (ExitKind) { return abi.decode(self, (ExitKind)); } // Joins function initialAmountsIn(bytes memory self) internal pure returns (uint256[] memory amountsIn) { (, amountsIn) = abi.decode(self, (JoinKind, uint256[])); } function exactTokensInForBptOut(bytes memory self) internal pure returns (uint256[] memory amountsIn, uint256 minBPTAmountOut) { (, amountsIn, minBPTAmountOut) = abi.decode(self, (JoinKind, uint256[], uint256)); } function tokenInForExactBptOut(bytes memory self) internal pure returns (uint256 bptAmountOut, uint256 tokenIndex) { (, bptAmountOut, tokenIndex) = abi.decode(self, (JoinKind, uint256, uint256)); } function allTokensInForExactBptOut(bytes memory self) internal pure returns (uint256 bptAmountOut) { (, bptAmountOut) = abi.decode(self, (JoinKind, uint256)); } function addToken(bytes memory self) internal pure returns (uint256 amountIn) { (, amountIn) = abi.decode(self, (JoinKind, uint256)); } // Exits function exactBptInForTokenOut(bytes memory self) internal pure returns (uint256 bptAmountIn, uint256 tokenIndex) { (, bptAmountIn, tokenIndex) = abi.decode(self, (ExitKind, uint256, uint256)); } function exactBptInForTokensOut(bytes memory self) internal pure returns (uint256 bptAmountIn) { (, bptAmountIn) = abi.decode(self, (ExitKind, uint256)); } function bptInForExactTokensOut(bytes memory self) internal pure returns (uint256[] memory amountsOut, uint256 maxBPTAmountIn) { (, amountsOut, maxBPTAmountIn) = abi.decode(self, (ExitKind, uint256[], uint256)); } // Managed Pool function removeToken(bytes memory self) internal pure returns (uint256 tokenIndex) { (, tokenIndex) = abi.decode(self, (ExitKind, uint256)); } }
IERC20.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `recipient`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address recipient, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `sender` to `recipient` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address sender, address recipient, uint256 amount ) external returns (bool); /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); }
EOASignaturesValidator.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol"; import "../../../v2-interfaces/contracts/solidity-utils/helpers/ISignaturesValidator.sol"; import "../openzeppelin/EIP712.sol"; /** * @dev Utility for signing Solidity function calls. */ abstract contract EOASignaturesValidator is ISignaturesValidator, EIP712 { // Replay attack prevention for each account. mapping(address => uint256) internal _nextNonce; function getDomainSeparator() public view override returns (bytes32) { return _domainSeparatorV4(); } function getNextNonce( address account ) public view override returns (uint256) { return _nextNonce[account]; } function _ensureValidSignature( address account, bytes32 structHash, bytes memory signature, uint256 errorCode ) internal { return _ensureValidSignature( account, structHash, signature, type(uint256).max, errorCode ); } function _ensureValidSignature( address account, bytes32 structHash, bytes memory signature, uint256 deadline, uint256 errorCode ) internal { bytes32 digest = _hashTypedDataV4(structHash); _require(_isValidSignature(account, digest, signature), errorCode); // We could check for the deadline before validating the signature, but this leads to saner error processing (as // we only care about expired deadlines if the signature is correct) and only affects the gas cost of the revert // scenario, which will only occur infrequently, if ever. // The deadline is timestamp-based: it should not be relied upon for sub-minute accuracy. // solhint-disable-next-line not-rely-on-time _require(deadline >= block.timestamp, Errors.EXPIRED_SIGNATURE); // We only advance the nonce after validating the signature. This is irrelevant for this module, but it can be // important in derived contracts that override _isValidSignature (e.g. SignaturesValidator), as we want for // the observable state to still have the current nonce as the next valid one. _nextNonce[account] += 1; } function _isValidSignature( address account, bytes32 digest, bytes memory signature ) internal view virtual returns (bool) { _require(signature.length == 65, Errors.MALFORMED_SIGNATURE); bytes32 r; bytes32 s; uint8 v; // ecrecover takes the r, s and v signature parameters, and the only way to get them is to use assembly. // solhint-disable-next-line no-inline-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } address recoveredAddress = ecrecover(digest, v, r, s); // ecrecover returns the zero address on recover failure, so we need to handle that explicitly. return (recoveredAddress != address(0) && recoveredAddress == account); } function _toArraySignature( uint8 v, bytes32 r, bytes32 s ) internal pure returns (bytes memory) { bytes memory signature = new bytes(65); // solhint-disable-next-line no-inline-assembly assembly { mstore(add(signature, 32), r) mstore(add(signature, 64), s) mstore8(add(signature, 96), v) } return signature; } }
IAuthorizerAdaptor.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../solidity-utils/helpers/IAuthentication.sol"; import "../vault/IVault.sol"; interface IAuthorizerAdaptor is IAuthentication { /** * @notice Returns the Balancer Vault */ function getVault() external view returns (IVault); /** * @notice Returns the Authorizer */ function getAuthorizer() external view returns (IAuthorizer); /** * @notice Performs an arbitrary function call on a target contract, provided the caller is authorized to do so. * @param target - Address of the contract to be called * @param data - Calldata to be sent to the target contract * @return The bytes encoded return value from the performed function call */ function performAction(address target, bytes calldata data) external payable returns (bytes memory); }
SingletonAuthentication.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-interfaces/contracts/liquidity-mining/IAuthorizerAdaptor.sol"; import "../../../v2-interfaces/contracts/vault/IVault.sol"; import "./Authentication.sol"; abstract contract SingletonAuthentication is Authentication { IVault private immutable _vault; // Use the contract's own address to disambiguate action identifiers constructor(IVault vault) Authentication(bytes32(uint256(address(this)))) { _vault = vault; } /** * @notice Returns the Balancer Vault */ function getVault() public view returns (IVault) { return _vault; } /** * @notice Returns the Authorizer */ function getAuthorizer() public view returns (IAuthorizer) { return getVault().getAuthorizer(); } function _canPerform( bytes32 actionId, address account ) internal view override returns (bool) { return getAuthorizer().canPerform(actionId, account, address(this)); } function _canPerform( bytes32 actionId, address account, address where ) internal view returns (bool) { return getAuthorizer().canPerform(actionId, account, where); } }
BalancerErrors.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity >=0.7.0 <0.9.0; // solhint-disable /** * @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are * supported. * Uses the default 'BAL' prefix for the error code */ function _require(bool condition, uint256 errorCode) pure { if (!condition) _revert(errorCode); } /** * @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are * supported. */ function _require(bool condition, uint256 errorCode, bytes3 prefix) pure { if (!condition) _revert(errorCode, prefix); } /** * @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported. * Uses the default 'BAL' prefix for the error code */ function _revert(uint256 errorCode) pure { _revert(errorCode, 0x42414c); // This is the raw byte representation of "BAL" } /** * @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported. */ function _revert(uint256 errorCode, bytes3 prefix) pure { uint256 prefixUint = uint256(uint24(prefix)); // We're going to dynamically create a revert string based on the error code, with the following format: // 'BAL#{errorCode}' // where the code is left-padded with zeroes to three digits (so they range from 000 to 999). // // We don't have revert strings embedded in the contract to save bytecode size: it takes much less space to store a // number (8 to 16 bits) than the individual string characters. // // The dynamic string creation algorithm that follows could be implemented in Solidity, but assembly allows for a // much denser implementation, again saving bytecode size. Given this function unconditionally reverts, this is a // safe place to rely on it without worrying about how its usage might affect e.g. memory contents. assembly { // First, we need to compute the ASCII representation of the error code. We assume that it is in the 0-999 // range, so we only need to convert three digits. To convert the digits to ASCII, we add 0x30, the value for // the '0' character. let units := add(mod(errorCode, 10), 0x30) errorCode := div(errorCode, 10) let tenths := add(mod(errorCode, 10), 0x30) errorCode := div(errorCode, 10) let hundreds := add(mod(errorCode, 10), 0x30) // With the individual characters, we can now construct the full string. // We first append the '#' character (0x23) to the prefix. In the case of 'BAL', it results in 0x42414c23 ('BAL#') // Then, we shift this by 24 (to provide space for the 3 bytes of the error code), and add the // characters to it, each shifted by a multiple of 8. // The revert reason is then shifted left by 200 bits (256 minus the length of the string, 7 characters * 8 bits // per character = 56) to locate it in the most significant part of the 256 slot (the beginning of a byte // array). let formattedPrefix := shl(24, add(0x23, shl(8, prefixUint))) let revertReason := shl( 200, add( formattedPrefix, add(add(units, shl(8, tenths)), shl(16, hundreds)) ) ) // We can now encode the reason in memory, which can be safely overwritten as we're about to revert. The encoded // message will have the following layout: // [ revert reason identifier ] [ string location offset ] [ string length ] [ string contents ] // The Solidity revert reason identifier is 0x08c739a0, the function selector of the Error(string) function. We // also write zeroes to the next 28 bytes of memory, but those are about to be overwritten. mstore( 0x0, 0x08c379a000000000000000000000000000000000000000000000000000000000 ) // Next is the offset to the location of the string, which will be placed immediately after (20 bytes away). mstore( 0x04, 0x0000000000000000000000000000000000000000000000000000000000000020 ) // The string length is fixed: 7 characters. mstore(0x24, 7) // Finally, the string itself is stored. mstore(0x44, revertReason) // Even if the string is only 7 bytes long, we need to return a full 32 byte slot containing it. The length of // the encoded message is therefore 4 + 32 + 32 + 32 = 100. revert(0, 100) } } library Errors { // Math uint256 internal constant ADD_OVERFLOW = 0; uint256 internal constant SUB_OVERFLOW = 1; uint256 internal constant SUB_UNDERFLOW = 2; uint256 internal constant MUL_OVERFLOW = 3; uint256 internal constant ZERO_DIVISION = 4; uint256 internal constant DIV_INTERNAL = 5; uint256 internal constant X_OUT_OF_BOUNDS = 6; uint256 internal constant Y_OUT_OF_BOUNDS = 7; uint256 internal constant PRODUCT_OUT_OF_BOUNDS = 8; uint256 internal constant INVALID_EXPONENT = 9; // Input uint256 internal constant OUT_OF_BOUNDS = 100; uint256 internal constant UNSORTED_ARRAY = 101; uint256 internal constant UNSORTED_TOKENS = 102; uint256 internal constant INPUT_LENGTH_MISMATCH = 103; uint256 internal constant ZERO_TOKEN = 104; // Shared pools uint256 internal constant MIN_TOKENS = 200; uint256 internal constant MAX_TOKENS = 201; uint256 internal constant MAX_SWAP_FEE_PERCENTAGE = 202; uint256 internal constant MIN_SWAP_FEE_PERCENTAGE = 203; uint256 internal constant MINIMUM_BPT = 204; uint256 internal constant CALLER_NOT_VAULT = 205; uint256 internal constant UNINITIALIZED = 206; uint256 internal constant BPT_IN_MAX_AMOUNT = 207; uint256 internal constant BPT_OUT_MIN_AMOUNT = 208; uint256 internal constant EXPIRED_PERMIT = 209; uint256 internal constant NOT_TWO_TOKENS = 210; uint256 internal constant DISABLED = 211; // Pools uint256 internal constant MIN_AMP = 300; uint256 internal constant MAX_AMP = 301; uint256 internal constant MIN_WEIGHT = 302; uint256 internal constant MAX_STABLE_TOKENS = 303; uint256 internal constant MAX_IN_RATIO = 304; uint256 internal constant MAX_OUT_RATIO = 305; uint256 internal constant MIN_BPT_IN_FOR_TOKEN_OUT = 306; uint256 internal constant MAX_OUT_BPT_FOR_TOKEN_IN = 307; uint256 internal constant NORMALIZED_WEIGHT_INVARIANT = 308; uint256 internal constant INVALID_TOKEN = 309; uint256 internal constant UNHANDLED_JOIN_KIND = 310; uint256 internal constant ZERO_INVARIANT = 311; uint256 internal constant ORACLE_INVALID_SECONDS_QUERY = 312; uint256 internal constant ORACLE_NOT_INITIALIZED = 313; uint256 internal constant ORACLE_QUERY_TOO_OLD = 314; uint256 internal constant ORACLE_INVALID_INDEX = 315; uint256 internal constant ORACLE_BAD_SECS = 316; uint256 internal constant AMP_END_TIME_TOO_CLOSE = 317; uint256 internal constant AMP_ONGOING_UPDATE = 318; uint256 internal constant AMP_RATE_TOO_HIGH = 319; uint256 internal constant AMP_NO_ONGOING_UPDATE = 320; uint256 internal constant STABLE_INVARIANT_DIDNT_CONVERGE = 321; uint256 internal constant STABLE_GET_BALANCE_DIDNT_CONVERGE = 322; uint256 internal constant RELAYER_NOT_CONTRACT = 323; uint256 internal constant BASE_POOL_RELAYER_NOT_CALLED = 324; uint256 internal constant REBALANCING_RELAYER_REENTERED = 325; uint256 internal constant GRADUAL_UPDATE_TIME_TRAVEL = 326; uint256 internal constant SWAPS_DISABLED = 327; uint256 internal constant CALLER_IS_NOT_LBP_OWNER = 328; uint256 internal constant PRICE_RATE_OVERFLOW = 329; uint256 internal constant INVALID_JOIN_EXIT_KIND_WHILE_SWAPS_DISABLED = 330; uint256 internal constant WEIGHT_CHANGE_TOO_FAST = 331; uint256 internal constant LOWER_GREATER_THAN_UPPER_TARGET = 332; uint256 internal constant UPPER_TARGET_TOO_HIGH = 333; uint256 internal constant UNHANDLED_BY_LINEAR_POOL = 334; uint256 internal constant OUT_OF_TARGET_RANGE = 335; uint256 internal constant UNHANDLED_EXIT_KIND = 336; uint256 internal constant UNAUTHORIZED_EXIT = 337; uint256 internal constant MAX_MANAGEMENT_SWAP_FEE_PERCENTAGE = 338; uint256 internal constant UNHANDLED_BY_MANAGED_POOL = 339; uint256 internal constant UNHANDLED_BY_PHANTOM_POOL = 340; uint256 internal constant TOKEN_DOES_NOT_HAVE_RATE_PROVIDER = 341; uint256 internal constant INVALID_INITIALIZATION = 342; uint256 internal constant OUT_OF_NEW_TARGET_RANGE = 343; uint256 internal constant FEATURE_DISABLED = 344; uint256 internal constant UNINITIALIZED_POOL_CONTROLLER = 345; uint256 internal constant SET_SWAP_FEE_DURING_FEE_CHANGE = 346; uint256 internal constant SET_SWAP_FEE_PENDING_FEE_CHANGE = 347; uint256 internal constant CHANGE_TOKENS_DURING_WEIGHT_CHANGE = 348; uint256 internal constant CHANGE_TOKENS_PENDING_WEIGHT_CHANGE = 349; uint256 internal constant MAX_WEIGHT = 350; uint256 internal constant UNAUTHORIZED_JOIN = 351; uint256 internal constant MAX_MANAGEMENT_AUM_FEE_PERCENTAGE = 352; uint256 internal constant FRACTIONAL_TARGET = 353; // Lib uint256 internal constant REENTRANCY = 400; uint256 internal constant SENDER_NOT_ALLOWED = 401; uint256 internal constant PAUSED = 402; uint256 internal constant PAUSE_WINDOW_EXPIRED = 403; uint256 internal constant MAX_PAUSE_WINDOW_DURATION = 404; uint256 internal constant MAX_BUFFER_PERIOD_DURATION = 405; uint256 internal constant INSUFFICIENT_BALANCE = 406; uint256 internal constant INSUFFICIENT_ALLOWANCE = 407; uint256 internal constant ERC20_TRANSFER_FROM_ZERO_ADDRESS = 408; uint256 internal constant ERC20_TRANSFER_TO_ZERO_ADDRESS = 409; uint256 internal constant ERC20_MINT_TO_ZERO_ADDRESS = 410; uint256 internal constant ERC20_BURN_FROM_ZERO_ADDRESS = 411; uint256 internal constant ERC20_APPROVE_FROM_ZERO_ADDRESS = 412; uint256 internal constant ERC20_APPROVE_TO_ZERO_ADDRESS = 413; uint256 internal constant ERC20_TRANSFER_EXCEEDS_ALLOWANCE = 414; uint256 internal constant ERC20_DECREASED_ALLOWANCE_BELOW_ZERO = 415; uint256 internal constant ERC20_TRANSFER_EXCEEDS_BALANCE = 416; uint256 internal constant ERC20_BURN_EXCEEDS_ALLOWANCE = 417; uint256 internal constant SAFE_ERC20_CALL_FAILED = 418; uint256 internal constant ADDRESS_INSUFFICIENT_BALANCE = 419; uint256 internal constant ADDRESS_CANNOT_SEND_VALUE = 420; uint256 internal constant SAFE_CAST_VALUE_CANT_FIT_INT256 = 421; uint256 internal constant GRANT_SENDER_NOT_ADMIN = 422; uint256 internal constant REVOKE_SENDER_NOT_ADMIN = 423; uint256 internal constant RENOUNCE_SENDER_NOT_ALLOWED = 424; uint256 internal constant BUFFER_PERIOD_EXPIRED = 425; uint256 internal constant CALLER_IS_NOT_OWNER = 426; uint256 internal constant NEW_OWNER_IS_ZERO = 427; uint256 internal constant CODE_DEPLOYMENT_FAILED = 428; uint256 internal constant CALL_TO_NON_CONTRACT = 429; uint256 internal constant LOW_LEVEL_CALL_FAILED = 430; uint256 internal constant NOT_PAUSED = 431; uint256 internal constant ADDRESS_ALREADY_ALLOWLISTED = 432; uint256 internal constant ADDRESS_NOT_ALLOWLISTED = 433; uint256 internal constant ERC20_BURN_EXCEEDS_BALANCE = 434; uint256 internal constant INVALID_OPERATION = 435; uint256 internal constant CODEC_OVERFLOW = 436; uint256 internal constant IN_RECOVERY_MODE = 437; uint256 internal constant NOT_IN_RECOVERY_MODE = 438; uint256 internal constant INDUCED_FAILURE = 439; uint256 internal constant EXPIRED_SIGNATURE = 440; uint256 internal constant MALFORMED_SIGNATURE = 441; uint256 internal constant SAFE_CAST_VALUE_CANT_FIT_UINT64 = 442; uint256 internal constant UNHANDLED_FEE_TYPE = 443; // Vault uint256 internal constant INVALID_POOL_ID = 500; uint256 internal constant CALLER_NOT_POOL = 501; uint256 internal constant SENDER_NOT_ASSET_MANAGER = 502; uint256 internal constant USER_DOESNT_ALLOW_RELAYER = 503; uint256 internal constant INVALID_SIGNATURE = 504; uint256 internal constant EXIT_BELOW_MIN = 505; uint256 internal constant JOIN_ABOVE_MAX = 506; uint256 internal constant SWAP_LIMIT = 507; uint256 internal constant SWAP_DEADLINE = 508; uint256 internal constant CANNOT_SWAP_SAME_TOKEN = 509; uint256 internal constant UNKNOWN_AMOUNT_IN_FIRST_SWAP = 510; uint256 internal constant MALCONSTRUCTED_MULTIHOP_SWAP = 511; uint256 internal constant INTERNAL_BALANCE_OVERFLOW = 512; uint256 internal constant INSUFFICIENT_INTERNAL_BALANCE = 513; uint256 internal constant INVALID_ETH_INTERNAL_BALANCE = 514; uint256 internal constant INVALID_POST_LOAN_BALANCE = 515; uint256 internal constant INSUFFICIENT_ETH = 516; uint256 internal constant UNALLOCATED_ETH = 517; uint256 internal constant ETH_TRANSFER = 518; uint256 internal constant CANNOT_USE_ETH_SENTINEL = 519; uint256 internal constant TOKENS_MISMATCH = 520; uint256 internal constant TOKEN_NOT_REGISTERED = 521; uint256 internal constant TOKEN_ALREADY_REGISTERED = 522; uint256 internal constant TOKENS_ALREADY_SET = 523; uint256 internal constant TOKENS_LENGTH_MUST_BE_2 = 524; uint256 internal constant NONZERO_TOKEN_BALANCE = 525; uint256 internal constant BALANCE_TOTAL_OVERFLOW = 526; uint256 internal constant POOL_NO_TOKENS = 527; uint256 internal constant INSUFFICIENT_FLASH_LOAN_BALANCE = 528; // Fees uint256 internal constant SWAP_FEE_PERCENTAGE_TOO_HIGH = 600; uint256 internal constant FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH = 601; uint256 internal constant INSUFFICIENT_FLASH_LOAN_FEE_AMOUNT = 602; uint256 internal constant AUM_FEE_PERCENTAGE_TOO_HIGH = 603; // Misc uint256 internal constant UNIMPLEMENTED = 998; uint256 internal constant SHOULD_NOT_HAPPEN = 999; }
IAuthentication.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; interface IAuthentication { /** * @dev Returns the action identifier associated with the external function described by `selector`. */ function getActionId(bytes4 selector) external view returns (bytes32); }
IERC20Permit.sol
// SPDX-License-Identifier: MIT pragma solidity ^0.7.0; /** * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. */ interface IERC20Permit { /** * @dev Sets `value` as the allowance of `spender` over `owner`'s tokens, * given `owner`'s signed approval. * * IMPORTANT: The same issues {IERC20-approve} has related to transaction * ordering also apply here. * * Emits an {Approval} event. * * Requirements: * * - `spender` cannot be the zero address. * - `deadline` must be a timestamp in the future. * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` * over the EIP712-formatted function arguments. * - the signature must use ``owner``'s current nonce (see {nonces}). * * For more information on the signature format, see the * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP * section]. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external; /** * @dev Returns the current nonce for `owner`. This value must be * included whenever a signature is generated for {permit}. * * Every successful call to {permit} increases ``owner``'s nonce by one. This * prevents a signature from being used multiple times. */ function nonces(address owner) external view returns (uint256); /** * @dev Returns the domain separator used in the encoding of the signature for `permit`, as defined by {EIP712}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view returns (bytes32); }
ISignaturesValidator.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; /** * @dev Interface for the SignatureValidator helper, used to support meta-transactions. */ interface ISignaturesValidator { /** * @dev Returns the EIP712 domain separator. */ function getDomainSeparator() external view returns (bytes32); /** * @dev Returns the next nonce used by an address to sign messages. */ function getNextNonce(address user) external view returns (uint256); }
ITemporarilyPausable.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; /** * @dev Interface for the TemporarilyPausable helper. */ interface ITemporarilyPausable { /** * @dev Emitted every time the pause state changes by `_setPaused`. */ event PausedStateChanged(bool paused); /** * @dev Returns the current paused state. */ function getPausedState() external view returns ( bool paused, uint256 pauseWindowEndTime, uint256 bufferPeriodEndTime ); }
InvariantGrowthProtocolSwapFees.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; import "../../../v2-solidity-utils/contracts/math/FixedPoint.sol"; import "../../../v2-solidity-utils/contracts/math/Math.sol"; import "./ProtocolFees.sol"; library InvariantGrowthProtocolSwapFees { using FixedPoint for uint256; function getProtocolOwnershipPercentage( uint256 invariantGrowthRatio, uint256 supplyGrowthRatio, uint256 protocolSwapFeePercentage ) internal pure returns (uint256) { // Joins and exits are symmetrical; for simplicity, we consider a join, where the invariant and supply // both increase. // |-------------------------|-- original invariant * invariantGrowthRatio // | increase from fees | // |-------------------------|-- original invariant * supply growth ratio (fee-less invariant) // | | // | increase from balances | // |-------------------------|-- original invariant // | | // | | |------------------|-- currentSupply // | | | BPT minted | // | | |------------------|-- previousSupply // | original invariant | | original supply | // |_________________________| |__________________| // // If the join is proportional, the invariant and supply will likewise increase proportionally, // so the growth ratios (invariantGrowthRatio / supplyGrowthRatio) will be equal. In this case, we do not charge // any protocol fees. // We also charge no protocol fees in the case where `invariantGrowthRatio < supplyGrowthRatio` to avoid // potential underflows, however this should only occur in extremely low volume actions due solely to rounding // error. if ( (supplyGrowthRatio >= invariantGrowthRatio) || (protocolSwapFeePercentage == 0) ) return 0; // If the join is non-proportional, the supply increase will be proportionally less than the invariant increase, // since the BPT minted will be based on fewer tokens (because swap fees are not included). So the supply growth // is due entirely to the balance changes, while the invariant growth also includes swap fees. // // To isolate the amount of increase by fees then, we multiply the original invariant by the supply growth // ratio to get the "feeless invariant". The difference between the final invariant and this value is then // the amount of the invariant due to fees, which we convert to a percentage by normalizing against the // final invariant. This is expressed as the expression below: // // invariantGrowthFromFees = currentInvariant - supplyGrowthRatio * previousInvariant // // We then divide through by current invariant so the LHS can be identified as the fraction of the pool which // is made up of accumulated swap fees. // // swapFeesPercentage = 1 - supplyGrowthRatio * previousInvariant / currentInvariant // // We then define `invariantGrowthRatio` in a similar fashion to `supplyGrowthRatio` to give the result: // // swapFeesPercentage = 1 - supplyGrowthRatio / invariantGrowthRatio // // Using this form allows us to consider only the ratios of the two invariants, rather than their absolute // values: a useful property, as this is sometimes easier than calculating the full invariant twice. // We've already checked that `supplyGrowthRatio` is smaller than `invariantGrowthRatio`, and hence their ratio // smaller than FixedPoint.ONE, allowing for unchecked arithmetic. uint256 swapFeesPercentage = FixedPoint.ONE - supplyGrowthRatio.divDown(invariantGrowthRatio); // We then multiply by the protocol swap fee percentage to get the fraction of the pool which the protocol // should own once fees have been collected. return swapFeesPercentage.mulDown(protocolSwapFeePercentage); } function calcDueProtocolFees( uint256 invariantGrowthRatio, uint256 previousSupply, uint256 currentSupply, uint256 protocolSwapFeePercentage ) internal pure returns (uint256) { uint256 protocolOwnershipPercentage = getProtocolOwnershipPercentage( invariantGrowthRatio, currentSupply.divDown(previousSupply), protocolSwapFeePercentage ); return ProtocolFees.bptForPoolOwnershipPercentage( currentSupply, protocolOwnershipPercentage ); } }
IProtocolFeePercentagesProvider.sol
// SPDX-License-Identifier: GPL-3.0-or-later // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. pragma solidity ^0.7.0; pragma experimental ABIEncoderV2; /** * @dev Source of truth for all Protocol Fee percentages, that is, how much the protocol charges certain actions. Some * of these values may also be retrievable from other places (such as the swap fee percentage), but this is the * preferred source nonetheless. */ interface IProtocolFeePercentagesProvider { // All fee percentages are 18-decimal fixed point numbers, so e.g. 1e18 = 100% and 1e16 = 1%. // Emitted when a new fee type is registered. event ProtocolFeeTypeRegistered(uint256 indexed feeType, string name, uint256 maximumPercentage); // Emitted when the value of a fee type changes. // IMPORTANT: it is possible for a third party to modify the SWAP and FLASH_LOAN fee type values directly in the // ProtocolFeesCollector, which will result in this event not being emitted despite their value changing. Such usage // of the ProtocolFeesCollector is however discouraged: all state-changing interactions with it should originate in // this contract. event ProtocolFeePercentageChanged(uint256 indexed feeType, uint256 percentage); /** * @dev Registers a new fee type in the system, making it queryable via `getFeeTypePercentage` and `getFeeTypeName`, * as well as configurable via `setFeeTypePercentage`. * * `feeType` can be any arbitrary value (that is not in use). * * It is not possible to de-register fee types, nor change their name or maximum value. */ function registerFeeType( uint256 feeType, string memory name, uint256 maximumValue, uint256 initialValue ) external; /** * @dev Returns true if `feeType` has been registered and can be queried. */ function isValidFeeType(uint256 feeType) external view returns (bool); /** * @dev Returns true if `value` is a valid percentage value for `feeType`. */ function isValidFeeTypePercentage(uint256 feeType, uint256 value) external view returns (bool); /** * @dev Sets the percentage value for `feeType` to `newValue`. * * IMPORTANT: it is possible for a third party to modify the SWAP and FLASH_LOAN fee type values directly in the * ProtocolFeesCollector, without invoking this function. This will result in the `ProtocolFeePercentageChanged` * event not being emitted despite their value changing. Such usage of the ProtocolFeesCollector is however * discouraged: only this contract should be granted permission to call `setSwapFeePercentage` and * `setFlashLoanFeePercentage`. */ function setFeeTypePercentage(uint256 feeType, uint256 newValue) external; /** * @dev Returns the current percentage value for `feeType`. This is the preferred mechanism for querying these - * whenever possible, use this fucntion instead of e.g. querying the ProtocolFeesCollector. */ function getFeeTypePercentage(uint256 feeType) external view returns (uint256); /** * @dev Returns `feeType`'s maximum value. */ function getFeeTypeMaximumPercentage(uint256 feeType) external view returns (uint256); /** * @dev Returns `feeType`'s name. */ function getFeeTypeName(uint256 feeType) external view returns (string memory); } library ProtocolFeeType { // This list is not exhaustive - more fee types can be added to the system. It is expected for this list to be // extended with new fee types as they are registered, to keep them all in one place and reduce // likelihood of user error. // solhint-disable private-vars-leading-underscore uint256 internal constant SWAP = 0; uint256 internal constant FLASH_LOAN = 1; uint256 internal constant YIELD = 2; uint256 internal constant AUM = 3; // solhint-enable private-vars-leading-underscore }
Gas Token: