Contract Name:
TokenManager
Contract Source Code:
//SPDX-License-Identifier: MIT
pragma solidity 0.6.12;
import "../libraries/math/SafeMath.sol";
import "../libraries/token/IERC20.sol";
import "../libraries/token/ERC721/IERC721.sol";
import "../libraries/utils/ReentrancyGuard.sol";
import "../peripherals/interfaces/ITimelock.sol";
contract TokenManager is ReentrancyGuard {
using SafeMath for uint256;
bool public isInitialized;
uint256 public actionsNonce;
uint256 public minAuthorizations;
address public admin;
address[] public signers;
mapping (address => bool) public isSigner;
mapping (bytes32 => bool) public pendingActions;
mapping (address => mapping (bytes32 => bool)) public signedActions;
event SignalApprove(address token, address spender, uint256 amount, bytes32 action, uint256 nonce);
event SignalApproveNFT(address token, address spender, uint256 tokenId, bytes32 action, uint256 nonce);
event SignalApproveNFTs(address token, address spender, uint256[] tokenIds, bytes32 action, uint256 nonce);
event SignalSetAdmin(address target, address admin, bytes32 action, uint256 nonce);
event SignalSetGov(address timelock, address target, address gov, bytes32 action, uint256 nonce);
event SignalPendingAction(bytes32 action, uint256 nonce);
event SignAction(bytes32 action, uint256 nonce);
event ClearAction(bytes32 action, uint256 nonce);
constructor(uint256 _minAuthorizations) public {
admin = msg.sender;
minAuthorizations = _minAuthorizations;
}
modifier onlyAdmin() {
require(msg.sender == admin, "TokenManager: forbidden");
_;
}
modifier onlySigner() {
require(isSigner[msg.sender], "TokenManager: forbidden");
_;
}
function initialize(address[] memory _signers) public virtual onlyAdmin {
require(!isInitialized, "TokenManager: already initialized");
isInitialized = true;
signers = _signers;
for (uint256 i = 0; i < _signers.length; i++) {
address signer = _signers[i];
isSigner[signer] = true;
}
}
function signersLength() public view returns (uint256) {
return signers.length;
}
function signalApprove(address _token, address _spender, uint256 _amount) external nonReentrant onlyAdmin {
actionsNonce++;
uint256 nonce = actionsNonce;
bytes32 action = keccak256(abi.encodePacked("approve", _token, _spender, _amount, nonce));
_setPendingAction(action, nonce);
emit SignalApprove(_token, _spender, _amount, action, nonce);
}
function signApprove(address _token, address _spender, uint256 _amount, uint256 _nonce) external nonReentrant onlySigner {
bytes32 action = keccak256(abi.encodePacked("approve", _token, _spender, _amount, _nonce));
_validateAction(action);
require(!signedActions[msg.sender][action], "TokenManager: already signed");
signedActions[msg.sender][action] = true;
emit SignAction(action, _nonce);
}
function approve(address _token, address _spender, uint256 _amount, uint256 _nonce) external nonReentrant onlyAdmin {
bytes32 action = keccak256(abi.encodePacked("approve", _token, _spender, _amount, _nonce));
_validateAction(action);
_validateAuthorization(action);
IERC20(_token).approve(_spender, _amount);
_clearAction(action, _nonce);
}
function signalApproveNFT(address _token, address _spender, uint256 _tokenId) external nonReentrant onlyAdmin {
actionsNonce++;
uint256 nonce = actionsNonce;
bytes32 action = keccak256(abi.encodePacked("approveNFT", _token, _spender, _tokenId, nonce));
_setPendingAction(action, nonce);
emit SignalApproveNFT(_token, _spender, _tokenId, action, nonce);
}
function signApproveNFT(address _token, address _spender, uint256 _tokenId, uint256 _nonce) external nonReentrant onlySigner {
bytes32 action = keccak256(abi.encodePacked("approveNFT", _token, _spender, _tokenId, _nonce));
_validateAction(action);
require(!signedActions[msg.sender][action], "TokenManager: already signed");
signedActions[msg.sender][action] = true;
emit SignAction(action, _nonce);
}
function approveNFT(address _token, address _spender, uint256 _tokenId, uint256 _nonce) external nonReentrant onlyAdmin {
bytes32 action = keccak256(abi.encodePacked("approveNFT", _token, _spender, _tokenId, _nonce));
_validateAction(action);
_validateAuthorization(action);
IERC721(_token).approve(_spender, _tokenId);
_clearAction(action, _nonce);
}
function signalApproveNFTs(address _token, address _spender, uint256[] memory _tokenIds) external nonReentrant onlyAdmin {
actionsNonce++;
uint256 nonce = actionsNonce;
bytes32 action = keccak256(abi.encodePacked("approveNFTs", _token, _spender, _tokenIds, nonce));
_setPendingAction(action, nonce);
emit SignalApproveNFTs(_token, _spender, _tokenIds, action, nonce);
}
function signApproveNFTs(address _token, address _spender, uint256[] memory _tokenIds, uint256 _nonce) external nonReentrant onlySigner {
bytes32 action = keccak256(abi.encodePacked("approveNFTs", _token, _spender, _tokenIds, _nonce));
_validateAction(action);
require(!signedActions[msg.sender][action], "TokenManager: already signed");
signedActions[msg.sender][action] = true;
emit SignAction(action, _nonce);
}
function approveNFTs(address _token, address _spender, uint256[] memory _tokenIds, uint256 _nonce) external nonReentrant onlyAdmin {
bytes32 action = keccak256(abi.encodePacked("approveNFTs", _token, _spender, _tokenIds, _nonce));
_validateAction(action);
_validateAuthorization(action);
for (uint256 i = 0 ; i < _tokenIds.length; i++) {
IERC721(_token).approve(_spender, _tokenIds[i]);
}
_clearAction(action, _nonce);
}
function receiveNFTs(address _token, address _sender, uint256[] memory _tokenIds) external nonReentrant onlyAdmin {
for (uint256 i = 0 ; i < _tokenIds.length; i++) {
IERC721(_token).transferFrom(_sender, address(this), _tokenIds[i]);
}
}
function signalSetAdmin(address _target, address _admin) external nonReentrant onlySigner {
actionsNonce++;
uint256 nonce = actionsNonce;
bytes32 action = keccak256(abi.encodePacked("setAdmin", _target, _admin, nonce));
_setPendingAction(action, nonce);
signedActions[msg.sender][action] = true;
emit SignalSetAdmin(_target, _admin, action, nonce);
}
function signSetAdmin(address _target, address _admin, uint256 _nonce) external nonReentrant onlySigner {
bytes32 action = keccak256(abi.encodePacked("setAdmin", _target, _admin, _nonce));
_validateAction(action);
require(!signedActions[msg.sender][action], "TokenManager: already signed");
signedActions[msg.sender][action] = true;
emit SignAction(action, _nonce);
}
function setAdmin(address _target, address _admin, uint256 _nonce) external nonReentrant onlySigner {
bytes32 action = keccak256(abi.encodePacked("setAdmin", _target, _admin, _nonce));
_validateAction(action);
_validateAuthorization(action);
ITimelock(_target).setAdmin(_admin);
_clearAction(action, _nonce);
}
function signalSetGov(address _timelock, address _target, address _gov) external nonReentrant onlyAdmin {
actionsNonce++;
uint256 nonce = actionsNonce;
bytes32 action = keccak256(abi.encodePacked("signalSetGov", _timelock, _target, _gov, nonce));
_setPendingAction(action, nonce);
signedActions[msg.sender][action] = true;
emit SignalSetGov(_timelock, _target, _gov, action, nonce);
}
function signSetGov(address _timelock, address _target, address _gov, uint256 _nonce) external nonReentrant onlySigner {
bytes32 action = keccak256(abi.encodePacked("signalSetGov", _timelock, _target, _gov, _nonce));
_validateAction(action);
require(!signedActions[msg.sender][action], "TokenManager: already signed");
signedActions[msg.sender][action] = true;
emit SignAction(action, _nonce);
}
function setGov(address _timelock, address _target, address _gov, uint256 _nonce) external nonReentrant onlyAdmin {
bytes32 action = keccak256(abi.encodePacked("signalSetGov", _timelock, _target, _gov, _nonce));
_validateAction(action);
_validateAuthorization(action);
ITimelock(_timelock).signalSetGov(_target, _gov);
_clearAction(action, _nonce);
}
function _setPendingAction(bytes32 _action, uint256 _nonce) private {
pendingActions[_action] = true;
emit SignalPendingAction(_action, _nonce);
}
function _validateAction(bytes32 _action) private view {
require(pendingActions[_action], "TokenManager: action not signalled");
}
function _validateAuthorization(bytes32 _action) private view {
uint256 count = 0;
for (uint256 i = 0; i < signers.length; i++) {
address signer = signers[i];
if (signedActions[signer][_action]) {
count++;
}
}
if (count == 0) {
revert("TokenManager: action not authorized");
}
require(count >= minAuthorizations, "TokenManager: insufficient authorization");
}
function _clearAction(bytes32 _action, uint256 _nonce) private {
require(pendingActions[_action], "TokenManager: invalid _action");
delete pendingActions[_action];
emit ClearAction(_action, _nonce);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.12;
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
*
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return div(a, b, "SafeMath: division by zero");
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts with custom message on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b > 0, errorMessage);
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts with custom message when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b != 0, errorMessage);
return a % b;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.2;
import "../../introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;
}
// SPDX-License-Identifier: MIT
pragma solidity 0.6.12;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
pragma solidity 0.6.12;
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
contract ReentrancyGuard {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
constructor () internal {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and make it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
// On the first call to nonReentrant, _notEntered will be true
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
_;
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
}
// SPDX-License-Identifier: MIT
pragma solidity 0.6.12;
interface ITimelock {
function setAdmin(address _admin) external;
function enableLeverage(address _vault) external;
function disableLeverage(address _vault) external;
function setIsLeverageEnabled(address _vault, bool _isLeverageEnabled) external;
function signalSetGov(address _target, address _gov) external;
}