Warning! Contract bytecode has been changed and doesn't match the verified one. Therefore, interaction with this smart contract may be risky.
- Contract name:
- Risc0Verifier
- Optimization enabled
- true
- Compiler version
- v0.8.27+commit.40a35a09
- Optimization runs
- 200
- EVM Version
- cancun
- Verified at
- 2025-04-10T03:50:57.503756Z
Constructor Arguments
0x0000000000000000000000000000000000000000000000000000000000028c590000000000000000000000004f3f0d5b22338f1f991a1a9686c7171389c97ff7
Arg [0] (uint64) : 167001
Arg [1] (address) : 0x4f3f0d5b22338f1f991a1a9686c7171389c97ff7
contracts/layer1/verifiers/Risc0Verifier.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import "@risc0/contracts/IRiscZeroVerifier.sol";
import "src/shared/common/EssentialContract.sol";
import "src/shared/libs/LibStrings.sol";
import "../based/ITaikoInbox.sol";
import "./LibPublicInput.sol";
import "./IVerifier.sol";
/// @title Risc0Verifier
/// @custom:security-contact security@taiko.xyz
contract Risc0Verifier is EssentialContract, IVerifier {
bytes32 internal constant RISCZERO_GROTH16_VERIFIER = bytes32("risc0_groth16_verifier");
// [32, 0, 0, 0] -- big-endian uint32(32) for hash bytes len
bytes private constant FIXED_JOURNAL_HEADER = hex"20000000";
uint64 public immutable taikoChainId;
address public immutable riscoGroth16Verifier;
/// @notice Trusted imageId mapping
mapping(bytes32 imageId => bool trusted) public isImageTrusted;
uint256[49] private __gap;
/// @dev Emitted when a trusted image is set / unset.
/// @param imageId The id of the image
/// @param trusted True if trusted, false otherwise
event ImageTrusted(bytes32 imageId, bool trusted);
error RISC_ZERO_INVALID_BLOCK_PROOF_IMAGE_ID();
error RISC_ZERO_INVALID_AGGREGATION_IMAGE_ID();
error RISC_ZERO_INVALID_PROOF();
constructor(
uint64 _taikoChainId,
address _riscoGroth16Verifier
)
EssentialContract(address(0))
{
taikoChainId = _taikoChainId;
riscoGroth16Verifier = _riscoGroth16Verifier;
}
/// @notice Initializes the contract with the provided address manager.
/// @param _owner The address of the owner.
function init(address _owner) external initializer {
__Essential_init(_owner);
}
/// @notice Sets/unsets an the imageId as trusted entity
/// @param _imageId The id of the image.
/// @param _trusted True if trusted, false otherwise.
function setImageIdTrusted(bytes32 _imageId, bool _trusted) external onlyOwner {
isImageTrusted[_imageId] = _trusted;
emit ImageTrusted(_imageId, _trusted);
}
/// @inheritdoc IVerifier
function verifyProof(Context[] calldata _ctxs, bytes calldata _proof) external view {
// Decode will throw if not proper length/encoding
(bytes memory seal, bytes32 blockImageId, bytes32 aggregationImageId) =
abi.decode(_proof, (bytes, bytes32, bytes32));
// Check if the aggregation program is trusted
require(isImageTrusted[aggregationImageId], RISC_ZERO_INVALID_AGGREGATION_IMAGE_ID());
// Check if the block proving program is trusted
require(isImageTrusted[blockImageId], RISC_ZERO_INVALID_BLOCK_PROOF_IMAGE_ID());
// Collect public inputs
bytes32[] memory publicInputs = new bytes32[](_ctxs.length + 1);
// First public input is the block proving program key
publicInputs[0] = blockImageId;
// All other inputs are the block program public inputs (a single 32 byte value)
uint256 size = _ctxs.length;
for (uint256 i; i < size; ++i) {
publicInputs[i + 1] = LibPublicInput.hashPublicInputs(
_ctxs[i].transition, address(this), address(0), _ctxs[i].metaHash, taikoChainId
);
}
// journalDigest is the sha256 hash of the hashed public input
bytes32 journalDigest = sha256(abi.encodePacked(publicInputs));
// call risc0 verifier contract
(bool success,) = riscoGroth16Verifier.staticcall(
abi.encodeCall(IRiscZeroVerifier.verify, (seal, aggregationImageId, journalDigest))
);
require(success, RISC_ZERO_INVALID_PROOF());
}
}
contracts/layer1/based/ITaikoInbox.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import "src/shared/based/LibSharedData.sol";
/// @title TaikoInbox
/// @notice Acts as the inbox for the Taiko Alethia protocol, a simplified version of the
/// original Taiko-Based Contestable Rollup (BCR). The tier-based proof system and
/// contestation mechanisms have been removed.
///
/// Key assumptions of this protocol:
/// - Block proposals and proofs are asynchronous. Proofs are not available at proposal time,
/// unlike Taiko Gwyneth, which assumes synchronous composability.
/// - Proofs are presumed error-free and thoroughly validated, with proof type management
/// delegated to IVerifier contracts.
///
/// @dev Registered in the address resolver as "taiko".
/// @custom:security-contact security@taiko.xyz
interface ITaikoInbox {
struct BlockParams {
// the max number of transactions in this block. Note that if there are not enough
// transactions in calldata or blobs, the block will contains as many transactions as
// possible.
uint16 numTransactions;
// The time difference (in seconds) between the timestamp of this block and
// the timestamp of the parent block in the same batch. For the first block in a batch,
// there is not parent block in the same batch, so the time shift should be 0.
uint8 timeShift;
// Signals sent on L1 and need to sync to this L2 block.
bytes32[] signalSlots;
}
struct BlobParams {
// The hashes of the blob. Note that if this array is not empty. `firstBlobIndex` and
// `numBlobs` must be 0.
bytes32[] blobHashes;
// The index of the first blob in this batch.
uint8 firstBlobIndex;
// The number of blobs in this batch. Blobs are initially concatenated and subsequently
// decompressed via Zlib.
uint8 numBlobs;
// The byte offset of the blob in the batch.
uint32 byteOffset;
// The byte size of the blob.
uint32 byteSize;
// The block number when the blob was created.
uint64 createdIn;
}
struct BatchParams {
address proposer;
address coinbase;
bytes32 parentMetaHash;
uint64 anchorBlockId;
uint64 lastBlockTimestamp;
bool revertIfNotFirstProposal;
// Specifies the number of blocks to be generated from this batch.
BlobParams blobParams;
BlockParams[] blocks;
}
/// @dev This struct holds batch information essential for constructing blocks offchain, but it
/// does not include data necessary for batch proving.
struct BatchInfo {
bytes32 txsHash;
// Data to build L2 blocks
BlockParams[] blocks;
bytes32[] blobHashes;
bytes32 extraData;
address coinbase;
uint64 proposedIn; // Used by node/client
uint64 blobCreatedIn;
uint32 blobByteOffset;
uint32 blobByteSize;
uint32 gasLimit;
uint64 lastBlockId;
uint64 lastBlockTimestamp;
// Data for the L2 anchor transaction, shared by all blocks in the batch
uint64 anchorBlockId;
// corresponds to the `_anchorStateRoot` parameter in the anchor transaction.
// The batch's validity proof shall verify the integrity of these two values.
bytes32 anchorBlockHash;
LibSharedData.BaseFeeConfig baseFeeConfig;
}
/// @dev This struct holds batch metadata essential for proving the batch.
struct BatchMetadata {
bytes32 infoHash;
address proposer;
uint64 batchId;
uint64 proposedAt; // Used by node/client
}
/// @notice Struct representing transition to be proven.
struct Transition {
bytes32 parentHash;
bytes32 blockHash;
bytes32 stateRoot;
}
// @notice Struct representing transition storage
/// @notice 4 slots used.
struct TransitionState {
bytes32 parentHash;
bytes32 blockHash;
bytes32 stateRoot;
address prover;
bool inProvingWindow;
uint48 createdAt;
}
/// @notice 3 slots used.
struct Batch {
bytes32 metaHash; // slot 1
uint64 lastBlockId; // slot 2
uint96 reserved3;
uint96 livenessBond;
uint64 batchId; // slot 3
uint64 lastBlockTimestamp;
uint64 anchorBlockId;
uint24 nextTransitionId;
uint8 reserved4;
// The ID of the transaction that is used to verify this batch. However, if this batch is
// not verified as the last one in a transaction, verifiedTransitionId will remain zero.
uint24 verifiedTransitionId;
}
/// @notice Forge is only able to run coverage in case the contracts by default capable of
/// compiling without any optimization (neither optimizer runs, no compiling --via-ir flag).
struct Stats1 {
uint64 genesisHeight;
uint64 __reserved2;
uint64 lastSyncedBatchId;
uint64 lastSyncedAt;
}
struct Stats2 {
uint64 numBatches;
uint64 lastVerifiedBatchId;
bool paused;
uint56 lastProposedIn;
uint64 lastUnpausedAt;
}
struct ForkHeights {
uint64 ontake; // measured with block number.
uint64 pacaya; // measured with the batch Id, not block number.
uint64 shasta; // measured with the batch Id, not block number.
uint64 unzen; // measured with the batch Id, not block number.
}
/// @notice Struct holding Taiko configuration parameters. See {TaikoConfig}.
struct Config {
/// @notice The chain ID of the network where Taiko contracts are deployed.
uint64 chainId;
/// @notice The maximum number of unverified batches the protocol supports.
uint64 maxUnverifiedBatches;
/// @notice Size of the batch ring buffer, allowing extra space for proposals.
uint64 batchRingBufferSize;
/// @notice The maximum number of verifications allowed when a batch is proposed or proved.
uint64 maxBatchesToVerify;
/// @notice The maximum gas limit allowed for a block.
uint32 blockMaxGasLimit;
/// @notice The amount of Taiko token as a prover liveness bond per batch.
uint96 livenessBondBase;
/// @notice The amount of Taiko token as a prover liveness bond per block.
uint96 livenessBondPerBlock;
/// @notice The number of batches between two L2-to-L1 state root sync.
uint8 stateRootSyncInternal;
/// @notice The max differences of the anchor height and the current block number.
uint64 maxAnchorHeightOffset;
/// @notice Base fee configuration
LibSharedData.BaseFeeConfig baseFeeConfig;
/// @notice The proving window in seconds.
uint16 provingWindow;
/// @notice The time required for a transition to be used for verifying a batch.
uint24 cooldownWindow;
/// @notice The maximum number of signals to be received by TaikoL2.
uint8 maxSignalsToReceive;
/// @notice The maximum number of blocks per batch.
uint16 maxBlocksPerBatch;
/// @notice Historical heights of the forks.
ForkHeights forkHeights;
}
/// @notice Struct holding the state variables for the {Taiko} contract.
struct State {
// Ring buffer for proposed batches and a some recent verified batches.
mapping(uint256 batchId_mod_batchRingBufferSize => Batch batch) batches;
// Indexing to transition ids (ring buffer not possible)
mapping(uint256 batchId => mapping(bytes32 parentHash => uint24 transitionId)) transitionIds;
// Ring buffer for transitions
mapping(
uint256 batchId_mod_batchRingBufferSize
=> mapping(uint24 transitionId => TransitionState ts)
) transitions;
bytes32 __reserve1; // slot 4 - was used as a ring buffer for Ether deposits
Stats1 stats1; // slot 5
Stats2 stats2; // slot 6
mapping(address account => uint256 bond) bondBalance;
uint256[43] __gap;
}
/// @notice Emitted when tokens are deposited into a user's bond balance.
/// @param user The address of the user who deposited the tokens.
/// @param amount The amount of tokens deposited.
event BondDeposited(address indexed user, uint256 amount);
/// @notice Emitted when tokens are withdrawn from a user's bond balance.
/// @param user The address of the user who withdrew the tokens.
/// @param amount The amount of tokens withdrawn.
event BondWithdrawn(address indexed user, uint256 amount);
/// @notice Emitted when a token is credited back to a user's bond balance.
/// @param user The address of the user whose bond balance is credited.
/// @param amount The amount of tokens credited.
event BondCredited(address indexed user, uint256 amount);
/// @notice Emitted when a token is debited from a user's bond balance.
/// @param user The address of the user whose bond balance is debited.
/// @param amount The amount of tokens debited.
event BondDebited(address indexed user, uint256 amount);
/// @notice Emitted when a batch is synced.
/// @param stats1 The Stats1 data structure.
event Stats1Updated(Stats1 stats1);
/// @notice Emitted when some state variable values changed.
/// @param stats2 The Stats2 data structure.
event Stats2Updated(Stats2 stats2);
/// @notice Emitted when a batch is proposed.
/// @param info The info of the proposed batch.
/// @param meta The metadata of the proposed batch.
/// @param txList The tx list in calldata.
event BatchProposed(BatchInfo info, BatchMetadata meta, bytes txList);
/// @notice Emitted when multiple transitions are proved.
/// @param verifier The address of the verifier.
/// @param transitions The transitions data.
event BatchesProved(address verifier, uint64[] batchIds, Transition[] transitions);
/// @notice Emitted when a transition is overwritten by a conflicting one with the same parent
/// hash but different block hash or state root.
/// @param batchId The batch ID.
/// @param oldTran The old transition overwritten.
/// @param newTran The new transition.
event ConflictingProof(uint64 batchId, TransitionState oldTran, Transition newTran);
/// @notice Emitted when a batch is verified.
/// @param batchId The ID of the verified batch.
/// @param blockHash The hash of the verified batch.
event BatchesVerified(uint64 batchId, bytes32 blockHash);
error AnchorBlockIdSmallerThanParent();
error AnchorBlockIdTooLarge();
error AnchorBlockIdTooSmall();
error ArraySizesMismatch();
error BatchNotFound();
error BatchVerified();
error BeyondCurrentFork();
error BlobNotFound();
error BlockNotFound();
error BlobNotSpecified();
error ContractPaused();
error CustomProposerMissing();
error CustomProposerNotAllowed();
error EtherNotPaidAsBond();
error FirstBlockTimeShiftNotZero();
error ForkNotActivated();
error InsufficientBond();
error InvalidBlobCreatedIn();
error InvalidBlobParams();
error InvalidGenesisBlockHash();
error InvalidParams();
error InvalidTransitionBlockHash();
error InvalidTransitionParentHash();
error InvalidTransitionStateRoot();
error MetaHashMismatch();
error MsgValueNotZero();
error NoBlocksToProve();
error NotFirstProposal();
error NotInboxWrapper();
error ParentMetaHashMismatch();
error SameTransition();
error SignalNotSent();
error TimestampSmallerThanParent();
error TimestampTooLarge();
error TimestampTooSmall();
error TooManyBatches();
error TooManyBlocks();
error TooManySignals();
error TransitionNotFound();
error ZeroAnchorBlockHash();
/// @notice Proposes a batch of blocks.
/// @param _params ABI-encoded parameters.
/// @param _txList The transaction list in calldata. If the txList is empty, blob will be used
/// for data availability.
/// @return info_ The info of the proposed batch.
/// @return meta_ The metadata of the proposed batch.
function proposeBatch(
bytes calldata _params,
bytes calldata _txList
)
external
returns (ITaikoInbox.BatchInfo memory info_, ITaikoInbox.BatchMetadata memory meta_);
/// @notice Proves state transitions for multiple batches with a single aggregated proof.
/// @param _params ABI-encoded parameter containing:
/// - metas: Array of metadata for each batch being proved.
/// - transitions: Array of batch transitions to be proved.
/// @param _proof The aggregated cryptographic proof proving the batches transitions.
function proveBatches(bytes calldata _params, bytes calldata _proof) external;
/// @notice Deposits TAIKO tokens into the contract to be used as liveness bond.
/// @param _amount The amount of TAIKO tokens to deposit.
function depositBond(uint256 _amount) external payable;
/// @notice Withdraws a specified amount of TAIKO tokens from the contract.
/// @param _amount The amount of TAIKO tokens to withdraw.
function withdrawBond(uint256 _amount) external;
/// @notice Returns the TAIKO token balance of a specific user.
/// @param _user The address of the user.
/// @return The TAIKO token balance of the user.
function bondBalanceOf(address _user) external view returns (uint256);
/// @notice Retrieves the Bond token address. If Ether is used as bond, this function returns
/// address(0).
/// @return The Bond token address.
function bondToken() external view returns (address);
/// @notice Retrieves the first set of protocol statistics.
/// @return Stats1 structure containing the statistics.
function getStats1() external view returns (Stats1 memory);
/// @notice Retrieves the second set of protocol statistics.
/// @return Stats2 structure containing the statistics.
function getStats2() external view returns (Stats2 memory);
/// @notice Retrieves data about a specific batch.
/// @param _batchId The ID of the batch to retrieve.
/// @return batch_ The batch data.
function getBatch(uint64 _batchId) external view returns (Batch memory batch_);
/// @notice Retrieves a specific transition by batch ID and transition ID. This function may
/// revert if the transition is not found.
/// @param _batchId The batch ID.
/// @param _tid The transition ID.
/// @return The specified transition state.
function getTransitionById(
uint64 _batchId,
uint24 _tid
)
external
view
returns (ITaikoInbox.TransitionState memory);
/// @notice Retrieves a specific transition by batch ID and parent Hash. This function may
/// revert if the transition is not found.
/// @param _batchId The batch ID.
/// @param _parentHash The parent hash.
/// @return The specified transition state.
function getTransitionByParentHash(
uint64 _batchId,
bytes32 _parentHash
)
external
view
returns (ITaikoInbox.TransitionState memory);
/// @notice Retrieves the transition used for the last verified batch.
/// @return batchId_ The batch ID of the last verified transition.
/// @return blockId_ The block ID of the last verified block.
/// @return ts_ The last verified transition.
function getLastVerifiedTransition()
external
view
returns (uint64 batchId_, uint64 blockId_, TransitionState memory ts_);
/// @notice Retrieves the transition used for the last synced batch.
/// @return batchId_ The batch ID of the last synced transition.
/// @return blockId_ The block ID of the last synced block.
/// @return ts_ The last synced transition.
function getLastSyncedTransition()
external
view
returns (uint64 batchId_, uint64 blockId_, TransitionState memory ts_);
/// @notice Retrieves the transition used for verifying a batch.
/// @param _batchId The batch ID.
/// @return The transition used for verifying the batch.
function getBatchVerifyingTransition(uint64 _batchId)
external
view
returns (TransitionState memory);
/// @notice Retrieves the current protocol configuration.
/// @return The current configuration.
function pacayaConfig() external view returns (Config memory);
}
contracts/layer1/verifiers/IVerifier.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import "../based/ITaikoInbox.sol";
/// @title IVerifier
/// @notice Defines the function that handles proof verification.
/// @custom:security-contact security@taiko.xyz
interface IVerifier {
struct Context {
uint64 batchId;
bytes32 metaHash;
ITaikoInbox.Transition transition;
}
/// @notice Verifies multiple proofs. This function must throw if the proof cannot be verified.
/// @param _ctxs The array of contexts for the proof verifications.
/// @param _proof The batch proof to verify.
function verifyProof(Context[] calldata _ctxs, bytes calldata _proof) external;
}
contracts/layer1/verifiers/LibPublicInput.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import "../../layer1/based/ITaikoInbox.sol";
/// @title LibPublicInput
/// @notice A library for handling hashing the so-called public input hash, used by sgx and zk
/// proofs.
/// @custom:security-contact security@taiko.xyz
library LibPublicInput {
/// @notice Hashes the public input for the proof verification.
/// @param _transition The transition to verify.
/// @param _verifierContract The contract address which as current verifier.
/// @param _newInstance The new instance address. For SGX it is the new signer address, for ZK
/// this variable is not used and must have value address(0).
/// @param _metaHash The meta hash.
/// @param _chainId The chain id.
/// @return The public input hash.
function hashPublicInputs(
ITaikoInbox.Transition memory _transition,
address _verifierContract,
address _newInstance,
bytes32 _metaHash,
uint64 _chainId
)
internal
pure
returns (bytes32)
{
return keccak256(
abi.encode(
"VERIFY_PROOF", _chainId, _verifierContract, _transition, _newInstance, _metaHash
)
);
}
}
contracts/shared/based/LibSharedData.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
library LibSharedData {
/// @dev Struct that represents L2 basefee configurations
struct BaseFeeConfig {
uint8 adjustmentQuotient;
uint8 sharingPctg;
uint32 gasIssuancePerSecond;
uint64 minGasExcess;
uint32 maxGasIssuancePerBlock;
}
}
contracts/shared/common/EssentialContract.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import "./IResolver.sol";
/// @title EssentialContract
/// @custom:security-contact security@taiko.xyz
abstract contract EssentialContract is UUPSUpgradeable, Ownable2StepUpgradeable {
uint8 internal constant _FALSE = 1;
uint8 internal constant _TRUE = 2;
address private immutable __resolver;
uint256[50] private __gapFromOldAddressResolver;
/// @dev Slot 1.
uint8 internal __reentry;
uint8 internal __paused;
uint256[49] private __gap;
/// @notice Emitted when the contract is paused.
/// @param account The account that paused the contract.
event Paused(address account);
/// @notice Emitted when the contract is unpaused.
/// @param account The account that unpaused the contract.
event Unpaused(address account);
error INVALID_PAUSE_STATUS();
error FUNC_NOT_IMPLEMENTED();
error REENTRANT_CALL();
error ACCESS_DENIED();
error RESOLVER_NOT_FOUND();
error ZERO_ADDRESS();
error ZERO_VALUE();
/// @dev Modifier that ensures the caller is the owner or resolved address of a given name.
/// @param _name The name to check against.
modifier onlyFromOwnerOrNamed(bytes32 _name) {
require(msg.sender == owner() || msg.sender == resolve(_name, true), ACCESS_DENIED());
_;
}
/// @dev Modifier that ensures the caller is either the owner or a specified address.
/// @param _addr The address to check against.
modifier onlyFromOwnerOr(address _addr) {
require(msg.sender == owner() || msg.sender == _addr, ACCESS_DENIED());
_;
}
/// @dev Modifier that reverts the function call, indicating it is not implemented.
modifier notImplemented() {
revert FUNC_NOT_IMPLEMENTED();
_;
}
/// @dev Modifier that prevents reentrant calls to a function.
modifier nonReentrant() {
require(_loadReentryLock() != _TRUE, REENTRANT_CALL());
_storeReentryLock(_TRUE);
_;
_storeReentryLock(_FALSE);
}
/// @dev Modifier that allows function execution only when the contract is paused.
modifier whenPaused() {
require(paused(), INVALID_PAUSE_STATUS());
_;
}
/// @dev Modifier that allows function execution only when the contract is not paused.
modifier whenNotPaused() {
require(!paused(), INVALID_PAUSE_STATUS());
_;
}
/// @dev Modifier that ensures the provided address is not the zero address.
/// @param _addr The address to check.
modifier nonZeroAddr(address _addr) {
require(_addr != address(0), ZERO_ADDRESS());
_;
}
/// @dev Modifier that ensures the provided value is not zero.
/// @param _value The value to check.
modifier nonZeroValue(uint256 _value) {
require(_value != 0, ZERO_VALUE());
_;
}
/// @dev Modifier that ensures the provided bytes32 value is not zero.
/// @param _value The bytes32 value to check.
modifier nonZeroBytes32(bytes32 _value) {
require(_value != 0, ZERO_VALUE());
_;
}
/// @dev Modifier that ensures the caller is the resolved address of a given
/// name.
/// @param _name The name to check against.
modifier onlyFromNamed(bytes32 _name) {
require(msg.sender == resolve(_name, true), ACCESS_DENIED());
_;
}
/// @dev Modifier that ensures the caller is the resolved address of a given
/// name, if the name is set.
/// @param _name The name to check against.
modifier onlyFromOptionalNamed(bytes32 _name) {
address addr = resolve(_name, true);
require(addr == address(0) || msg.sender == addr, ACCESS_DENIED());
_;
}
/// @dev Modifier that ensures the caller is a resolved address to either _name1 or _name2
/// name.
/// @param _name1 The first name to check against.
/// @param _name2 The second name to check against.
modifier onlyFromNamedEither(bytes32 _name1, bytes32 _name2) {
require(
msg.sender == resolve(_name1, true) || msg.sender == resolve(_name2, true),
ACCESS_DENIED()
);
_;
}
/// @dev Modifier that ensures the caller is either of the two specified addresses.
/// @param _addr1 The first address to check against.
/// @param _addr2 The second address to check against.
modifier onlyFromEither(address _addr1, address _addr2) {
require(msg.sender == _addr1 || msg.sender == _addr2, ACCESS_DENIED());
_;
}
/// @dev Modifier that ensures the caller is the specified address.
/// @param _addr The address to check against.
modifier onlyFrom(address _addr) {
require(msg.sender == _addr, ACCESS_DENIED());
_;
}
/// @dev Modifier that ensures the caller is the specified address.
/// @param _addr The address to check against.
modifier onlyFromOptional(address _addr) {
require(_addr == address(0) || msg.sender == _addr, ACCESS_DENIED());
_;
}
constructor(address _resolver) {
__resolver = _resolver;
_disableInitializers();
}
/// @notice Pauses the contract.
function pause() public whenNotPaused {
_pause();
emit Paused(msg.sender);
// We call the authorize function here to avoid:
// Warning (5740): Unreachable code.
_authorizePause(msg.sender, true);
}
/// @notice Unpauses the contract.
function unpause() public whenPaused {
_unpause();
emit Unpaused(msg.sender);
// We call the authorize function here to avoid:
// Warning (5740): Unreachable code.
_authorizePause(msg.sender, false);
}
function impl() public view returns (address) {
return _getImplementation();
}
/// @notice Returns true if the contract is paused, and false otherwise.
/// @return true if paused, false otherwise.
function paused() public view virtual returns (bool) {
return __paused == _TRUE;
}
function inNonReentrant() public view returns (bool) {
return _loadReentryLock() == _TRUE;
}
/// @notice Returns the address of this contract.
/// @return The address of this contract.
function resolver() public view virtual returns (address) {
return __resolver;
}
/// @notice Resolves a name to an address on a specific chain
/// @param _chainId The chain ID to resolve the name on
/// @param _name The name to resolve
/// @param _allowZeroAddress Whether to allow resolving to the zero address
/// @return The resolved address
function resolve(
uint64 _chainId,
bytes32 _name,
bool _allowZeroAddress
)
internal
view
returns (address)
{
return IResolver(resolver()).resolve(_chainId, _name, _allowZeroAddress);
}
/// @notice Resolves a name to an address on the current chain
/// @param _name The name to resolve
/// @param _allowZeroAddress Whether to allow resolving to the zero address
/// @return The resolved address
function resolve(bytes32 _name, bool _allowZeroAddress) internal view returns (address) {
return IResolver(resolver()).resolve(block.chainid, _name, _allowZeroAddress);
}
/// @notice Initializes the contract.
/// @param _owner The owner of this contract. msg.sender will be used if this value is zero.
function __Essential_init(address _owner) internal virtual onlyInitializing {
__Context_init();
_transferOwnership(_owner == address(0) ? msg.sender : _owner);
__paused = _FALSE;
}
function _pause() internal virtual {
__paused = _TRUE;
}
function _unpause() internal virtual {
__paused = _FALSE;
}
function _authorizeUpgrade(address) internal virtual override onlyOwner { }
function _authorizePause(address, bool) internal virtual onlyOwner { }
// Stores the reentry lock
function _storeReentryLock(uint8 _reentry) internal virtual {
__reentry = _reentry;
}
// Loads the reentry lock
function _loadReentryLock() internal view virtual returns (uint8 reentry_) {
reentry_ = __reentry;
}
}
contracts/shared/common/IResolver.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
/// @title IResolver
/// @notice This contract acts as a bridge for name-to-address resolution.
/// @custom:security-contact security@taiko.xyz
interface IResolver {
error RESOLVED_TO_ZERO_ADDRESS();
/// @notice Resolves a name to its address deployed on a specified chain.
/// @param _chainId The chainId of interest.
/// @param _name Name whose address is to be resolved.
/// @param _allowZeroAddress If set to true, does not throw if the resolved
/// address is `address(0)`.
/// @return Address associated with the given name on the specified
/// chain.
function resolve(
uint256 _chainId,
bytes32 _name,
bool _allowZeroAddress
)
external
view
returns (address);
}
contracts/shared/libs/LibStrings.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
/// @title LibStrings
/// @custom:security-contact security@taiko.xyz
library LibStrings {
bytes32 internal constant B_AUTOMATA_DCAP_ATTESTATION = bytes32("automata_dcap_attestation");
bytes32 internal constant B_SGX_GETH_AUTOMATA = bytes32("sgx_geth_automata");
bytes32 internal constant B_BOND_TOKEN = bytes32("bond_token");
bytes32 internal constant B_BRIDGE = bytes32("bridge");
bytes32 internal constant B_BRIDGE_WATCHDOG = bytes32("bridge_watchdog");
bytes32 internal constant B_BRIDGED_ERC1155 = bytes32("bridged_erc1155");
bytes32 internal constant B_BRIDGED_ERC20 = bytes32("bridged_erc20");
bytes32 internal constant B_BRIDGED_ERC721 = bytes32("bridged_erc721");
bytes32 internal constant B_CHAIN_WATCHDOG = bytes32("chain_watchdog");
bytes32 internal constant B_ERC1155_VAULT = bytes32("erc1155_vault");
bytes32 internal constant B_ERC20_VAULT = bytes32("erc20_vault");
bytes32 internal constant B_ERC721_VAULT = bytes32("erc721_vault");
bytes32 internal constant B_FORCED_INCLUSION_STORE = bytes32("forced_inclusion_store");
bytes32 internal constant B_PRECONF_WHITELIST = bytes32("preconf_whitelist");
bytes32 internal constant B_PRECONF_WHITELIST_OWNER = bytes32("preconf_whitelist_owner");
bytes32 internal constant B_PRECONF_ROUTER = bytes32("preconf_router");
bytes32 internal constant B_TAIKO_WRAPPER = bytes32("taiko_wrapper");
bytes32 internal constant B_PROOF_VERIFIER = bytes32("proof_verifier");
bytes32 internal constant B_SGX_RETH_VERIFIER = bytes32("sgx_reth_verifier");
bytes32 internal constant B_SGX_GETH_VERIFIER = bytes32("sgx_geth_verifier");
bytes32 internal constant B_RISC0_RETH_VERIFIER = bytes32("risc0_reth_verifier");
bytes32 internal constant B_SP1_RETH_VERIFIER = bytes32("sp1_reth_verifier");
bytes32 internal constant B_PROVER_SET = bytes32("prover_set");
bytes32 internal constant B_QUOTA_MANAGER = bytes32("quota_manager");
bytes32 internal constant B_SIGNAL_SERVICE = bytes32("signal_service");
bytes32 internal constant B_TAIKO = bytes32("taiko");
bytes32 internal constant B_TAIKO_TOKEN = bytes32("taiko_token");
bytes32 internal constant B_WITHDRAWER = bytes32("withdrawer");
bytes32 internal constant H_SIGNAL_ROOT = keccak256("SIGNAL_ROOT");
bytes32 internal constant H_STATE_ROOT = keccak256("STATE_ROOT");
}
node_modules/@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable2Step.sol)
pragma solidity ^0.8.0;
import "./OwnableUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership} and {acceptOwnership}.
*
* This module is used through inheritance. It will make available all functions
* from parent (Ownable).
*/
abstract contract Ownable2StepUpgradeable is Initializable, OwnableUpgradeable {
address private _pendingOwner;
event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);
function __Ownable2Step_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable2Step_init_unchained() internal onlyInitializing {
}
/**
* @dev Returns the address of the pending owner.
*/
function pendingOwner() public view virtual returns (address) {
return _pendingOwner;
}
/**
* @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual override onlyOwner {
_pendingOwner = newOwner;
emit OwnershipTransferStarted(owner(), newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual override {
delete _pendingOwner;
super._transferOwnership(newOwner);
}
/**
* @dev The new owner accepts the ownership transfer.
*/
function acceptOwnership() public virtual {
address sender = _msgSender();
require(pendingOwner() == sender, "Ownable2Step: caller is not the new owner");
_transferOwnership(sender);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
function __Ownable_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable_init_unchained() internal onlyInitializing {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
node_modules/@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
node_modules/@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
node_modules/@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)
pragma solidity ^0.8.0;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
node_modules/@openzeppelin/contracts/interfaces/IERC1967.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.8.3._
*/
interface IERC1967 {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}
node_modules/@openzeppelin/contracts/interfaces/draft-IERC1822.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
node_modules/@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/IERC1967.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967Upgrade is IERC1967 {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}
node_modules/@openzeppelin/contracts/proxy/beacon/IBeacon.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
node_modules/@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.0;
import "../../interfaces/draft-IERC1822.sol";
import "../ERC1967/ERC1967Upgrade.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*
* _Available since v4.1._
*/
abstract contract UUPSUpgradeable is IERC1822Proxiable, ERC1967Upgrade {
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
address private immutable __self = address(this);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
require(address(this) != __self, "Function must be called through delegatecall");
require(_getImplementation() == __self, "Function must be called through active proxy");
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall");
_;
}
/**
* @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual override notDelegated returns (bytes32) {
return _IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeTo(address newImplementation) public virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeTo} and {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal override onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
}
node_modules/@openzeppelin/contracts/utils/Address.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
node_modules/@openzeppelin/contracts/utils/StorageSlot.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
node_modules/risc0-ethereum/contracts/src/IRiscZeroVerifier.sol
// Copyright 2024 RISC Zero, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.9;
import {reverseByteOrderUint32} from "./Util.sol";
/// @notice A receipt attesting to the execution of a guest program.
/// @dev A receipt contains two parts: a seal and a claim. The seal is a zero-knowledge proof
/// attesting to knowledge of a zkVM execution resulting in the claim. The claim is a set of public
/// outputs for the execution. Crucially, the claim includes the journal and the image ID. The
/// image ID identifies the program that was executed, and the journal is the public data written
/// by the program. Note that this struct only contains the claim digest, as can be obtained with
/// the `digest()` function on `ReceiptClaimLib`.
struct Receipt {
bytes seal;
bytes32 claimDigest;
}
/// @notice Public claims about a zkVM guest execution, such as the journal committed to by the guest.
/// @dev Also includes important information such as the exit code and the starting and ending system
/// state (i.e. the state of memory). `ReceiptClaim` is a "Merkle-ized struct" supporting
/// partial openings of the underlying fields from a hash commitment to the full structure.
struct ReceiptClaim {
/// @notice Digest of the SystemState just before execution has begun.
bytes32 preStateDigest;
/// @notice Digest of the SystemState just after execution has completed.
bytes32 postStateDigest;
/// @notice The exit code for the execution.
ExitCode exitCode;
/// @notice A digest of the input to the guest.
/// @dev This field is currently unused and must be set to the zero digest.
bytes32 input;
/// @notice Digest of the Output of the guest, including the journal
/// and assumptions set during execution.
bytes32 output;
}
library ReceiptClaimLib {
using OutputLib for Output;
using SystemStateLib for SystemState;
bytes32 constant TAG_DIGEST = sha256("risc0.ReceiptClaim");
// Define a constant to ensure hashing is done at compile time. Can't use the
// SystemStateLib.digest method here because the Solidity compiler complains.
bytes32 constant SYSTEM_STATE_ZERO_DIGEST = 0xa3acc27117418996340b84e5a90f3ef4c49d22c79e44aad822ec9c313e1eb8e2;
/// @notice Construct a ReceiptClaim from the given imageId and journalDigest.
/// Returned ReceiptClaim will represent a successful execution of the zkVM, running
/// the program committed by imageId and resulting in the journal specified by
/// journalDigest.
/// @param imageId The identifier for the guest program.
/// @param journalDigest The SHA-256 digest of the journal bytes.
/// @dev Input hash and postStateDigest are set to all-zeros (i.e. no committed input, or
/// final memory state), the exit code is (Halted, 0), and there are no assumptions
/// (i.e. the receipt is unconditional).
function ok(bytes32 imageId, bytes32 journalDigest) internal pure returns (ReceiptClaim memory) {
return ReceiptClaim(
imageId,
SYSTEM_STATE_ZERO_DIGEST,
ExitCode(SystemExitCode.Halted, 0),
bytes32(0),
Output(journalDigest, bytes32(0)).digest()
);
}
function digest(ReceiptClaim memory claim) internal pure returns (bytes32) {
return sha256(
abi.encodePacked(
TAG_DIGEST,
// down
claim.input,
claim.preStateDigest,
claim.postStateDigest,
claim.output,
// data
uint32(claim.exitCode.system) << 24,
uint32(claim.exitCode.user) << 24,
// down.length
uint16(4) << 8
)
);
}
}
/// @notice Commitment to the memory state and program counter (pc) of the zkVM.
/// @dev The "pre" and "post" fields of the ReceiptClaim are digests of the system state at the
/// start are stop of execution. Programs are loaded into the zkVM by creating a memory image
/// of the loaded program, and creating a system state for initializing the zkVM. This is
/// known as the "image ID".
struct SystemState {
/// @notice Program counter.
uint32 pc;
/// @notice Root hash of a merkle tree which confirms the integrity of the memory image.
bytes32 merkle_root;
}
library SystemStateLib {
bytes32 constant TAG_DIGEST = sha256("risc0.SystemState");
function digest(SystemState memory state) internal pure returns (bytes32) {
return sha256(
abi.encodePacked(
TAG_DIGEST,
// down
state.merkle_root,
// data
reverseByteOrderUint32(state.pc),
// down.length
uint16(1) << 8
)
);
}
}
/// @notice Exit condition indicated by the zkVM at the end of the guest execution.
/// @dev Exit codes have a "system" part and a "user" part. Semantically, the system part is set to
/// indicate the type of exit (e.g. halt, pause, or system split) and is directly controlled by the
/// zkVM. The user part is an exit code, similar to exit codes used in Linux, chosen by the guest
/// program to indicate additional information (e.g. 0 to indicate success or 1 to indicate an
/// error).
struct ExitCode {
SystemExitCode system;
uint8 user;
}
/// @notice Exit condition indicated by the zkVM at the end of the execution covered by this proof.
/// @dev
/// `Halted` indicates normal termination of a program with an interior exit code returned from the
/// guest program. A halted program cannot be resumed.
///
/// `Paused` indicates the execution ended in a paused state with an interior exit code set by the
/// guest program. A paused program can be resumed such that execution picks up where it left
/// of, with the same memory state.
///
/// `SystemSplit` indicates the execution ended on a host-initiated system split. System split is
/// mechanism by which the host can temporarily stop execution of the execution ended in a system
/// split has no output and no conclusions can be drawn about whether the program will eventually
/// halt. System split is used in continuations to split execution into individually provable segments.
enum SystemExitCode {
Halted,
Paused,
SystemSplit
}
/// @notice Output field in the `ReceiptClaim`, committing to a claimed journal and assumptions list.
struct Output {
/// @notice Digest of the journal committed to by the guest execution.
bytes32 journalDigest;
/// @notice Digest of the ordered list of `ReceiptClaim` digests corresponding to the
/// calls to `env::verify` and `env::verify_integrity`.
/// @dev Verifying the integrity of a `Receipt` corresponding to a `ReceiptClaim` with a
/// non-empty assumptions list does not guarantee unconditionally any of the claims over the
/// guest execution (i.e. if the assumptions list is non-empty, then the journal digest cannot
/// be trusted to correspond to a genuine execution). The claims can be checked by additional
/// verifying a `Receipt` for every digest in the assumptions list.
bytes32 assumptionsDigest;
}
library OutputLib {
bytes32 constant TAG_DIGEST = sha256("risc0.Output");
function digest(Output memory output) internal pure returns (bytes32) {
return sha256(
abi.encodePacked(
TAG_DIGEST,
// down
output.journalDigest,
output.assumptionsDigest,
// down.length
uint16(2) << 8
)
);
}
}
/// @notice Error raised when cryptographic verification of the zero-knowledge proof fails.
error VerificationFailed();
/// @notice Verifier interface for RISC Zero receipts of execution.
interface IRiscZeroVerifier {
/// @notice Verify that the given seal is a valid RISC Zero proof of execution with the
/// given image ID and journal digest. Reverts on failure.
/// @dev This method additionally ensures that the input hash is all-zeros (i.e. no
/// committed input), the exit code is (Halted, 0), and there are no assumptions (i.e. the
/// receipt is unconditional).
/// @param seal The encoded cryptographic proof (i.e. SNARK).
/// @param imageId The identifier for the guest program.
/// @param journalDigest The SHA-256 digest of the journal bytes.
function verify(bytes calldata seal, bytes32 imageId, bytes32 journalDigest) external view;
/// @notice Verify that the given receipt is a valid RISC Zero receipt, ensuring the `seal` is
/// valid a cryptographic proof of the execution with the given `claim`. Reverts on failure.
/// @param receipt The receipt to be verified.
function verifyIntegrity(Receipt calldata receipt) external view;
}
node_modules/risc0-ethereum/contracts/src/Util.sol
// Copyright 2024 RISC Zero, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.9;
/// @notice reverse the byte order of the uint256 value.
/// @dev Solidity uses a big-endian ABI encoding. Reversing the byte order before encoding
/// ensure that the encoded value will be little-endian.
/// Written by k06a. https://ethereum.stackexchange.com/a/83627
function reverseByteOrderUint256(uint256 input) pure returns (uint256 v) {
v = input;
// swap bytes
v = ((v & 0xFF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00) >> 8)
| ((v & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) << 8);
// swap 2-byte long pairs
v = ((v & 0xFFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000) >> 16)
| ((v & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) << 16);
// swap 4-byte long pairs
v = ((v & 0xFFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000) >> 32)
| ((v & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) << 32);
// swap 8-byte long pairs
v = ((v & 0xFFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF0000000000000000) >> 64)
| ((v & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) << 64);
// swap 16-byte long pairs
v = (v >> 128) | (v << 128);
}
/// @notice reverse the byte order of the uint32 value.
/// @dev Solidity uses a big-endian ABI encoding. Reversing the byte order before encoding
/// ensure that the encoded value will be little-endian.
/// Written by k06a. https://ethereum.stackexchange.com/a/83627
function reverseByteOrderUint32(uint32 input) pure returns (uint32 v) {
v = input;
// swap bytes
v = ((v & 0xFF00FF00) >> 8) | ((v & 0x00FF00FF) << 8);
// swap 2-byte long pairs
v = (v >> 16) | (v << 16);
}
/// @notice reverse the byte order of the uint16 value.
/// @dev Solidity uses a big-endian ABI encoding. Reversing the byte order before encoding
/// ensure that the encoded value will be little-endian.
/// Written by k06a. https://ethereum.stackexchange.com/a/83627
function reverseByteOrderUint16(uint16 input) pure returns (uint16 v) {
v = input;
// swap bytes
v = (v >> 8) | ((v & 0x00FF) << 8);
}
Compiler Settings
{"viaIR":false,"remappings":["openzeppelin/=node_modules/@openzeppelin/","@openzeppelin/=node_modules/@openzeppelin/","@openzeppelin-upgrades/contracts/=node_modules/@openzeppelin/contracts-upgradeable/","@risc0/contracts/=node_modules/risc0-ethereum/contracts/src/","@solady/=node_modules/solady/","@optimism/=node_modules/optimism/","@sp1-contracts/=node_modules/sp1-contracts/contracts/","forge-std/=node_modules/forge-std/","ds-test/=node_modules/ds-test/src/","@p256-verifier/contracts/=node_modules/p256-verifier/src/","eigenlayer-middleware/=node_modules/eigenlayer-middleware/","eigenlayer-contracts/=node_modules/eigenlayer-contracts/","src/=contracts/","test/=test/","script/=script/","optimism/=node_modules/optimism/","p256-verifier/=node_modules/p256-verifier/","risc0-ethereum/=node_modules/risc0-ethereum/","solady/=node_modules/solady/","sp1-contracts/=node_modules/sp1-contracts/"],"outputSelection":{"*":{"*":["abi","evm.bytecode.object","evm.bytecode.sourceMap","evm.bytecode.linkReferences","evm.deployedBytecode.object","evm.deployedBytecode.sourceMap","evm.deployedBytecode.linkReferences","evm.deployedBytecode.immutableReferences","evm.methodIdentifiers","metadata"]}},"optimizer":{"runs":200,"enabled":true},"metadata":{"useLiteralContent":false,"bytecodeHash":"ipfs","appendCBOR":true},"libraries":{},"evmVersion":"cancun"}
Contract ABI
[{"type":"constructor","stateMutability":"nonpayable","inputs":[{"type":"uint64","name":"_taikoChainId","internalType":"uint64"},{"type":"address","name":"_riscoGroth16Verifier","internalType":"address"}]},{"type":"error","name":"ACCESS_DENIED","inputs":[]},{"type":"error","name":"FUNC_NOT_IMPLEMENTED","inputs":[]},{"type":"error","name":"INVALID_PAUSE_STATUS","inputs":[]},{"type":"error","name":"REENTRANT_CALL","inputs":[]},{"type":"error","name":"RESOLVER_NOT_FOUND","inputs":[]},{"type":"error","name":"RISC_ZERO_INVALID_AGGREGATION_IMAGE_ID","inputs":[]},{"type":"error","name":"RISC_ZERO_INVALID_BLOCK_PROOF_IMAGE_ID","inputs":[]},{"type":"error","name":"RISC_ZERO_INVALID_PROOF","inputs":[]},{"type":"error","name":"ZERO_ADDRESS","inputs":[]},{"type":"error","name":"ZERO_VALUE","inputs":[]},{"type":"event","name":"AdminChanged","inputs":[{"type":"address","name":"previousAdmin","internalType":"address","indexed":false},{"type":"address","name":"newAdmin","internalType":"address","indexed":false}],"anonymous":false},{"type":"event","name":"BeaconUpgraded","inputs":[{"type":"address","name":"beacon","internalType":"address","indexed":true}],"anonymous":false},{"type":"event","name":"ImageTrusted","inputs":[{"type":"bytes32","name":"imageId","internalType":"bytes32","indexed":false},{"type":"bool","name":"trusted","internalType":"bool","indexed":false}],"anonymous":false},{"type":"event","name":"Initialized","inputs":[{"type":"uint8","name":"version","internalType":"uint8","indexed":false}],"anonymous":false},{"type":"event","name":"OwnershipTransferStarted","inputs":[{"type":"address","name":"previousOwner","internalType":"address","indexed":true},{"type":"address","name":"newOwner","internalType":"address","indexed":true}],"anonymous":false},{"type":"event","name":"OwnershipTransferred","inputs":[{"type":"address","name":"previousOwner","internalType":"address","indexed":true},{"type":"address","name":"newOwner","internalType":"address","indexed":true}],"anonymous":false},{"type":"event","name":"Paused","inputs":[{"type":"address","name":"account","internalType":"address","indexed":false}],"anonymous":false},{"type":"event","name":"Unpaused","inputs":[{"type":"address","name":"account","internalType":"address","indexed":false}],"anonymous":false},{"type":"event","name":"Upgraded","inputs":[{"type":"address","name":"implementation","internalType":"address","indexed":true}],"anonymous":false},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"acceptOwnership","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"address","name":"","internalType":"address"}],"name":"impl","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"bool","name":"","internalType":"bool"}],"name":"inNonReentrant","inputs":[]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"init","inputs":[{"type":"address","name":"_owner","internalType":"address"}]},{"type":"function","stateMutability":"view","outputs":[{"type":"bool","name":"trusted","internalType":"bool"}],"name":"isImageTrusted","inputs":[{"type":"bytes32","name":"imageId","internalType":"bytes32"}]},{"type":"function","stateMutability":"view","outputs":[{"type":"address","name":"","internalType":"address"}],"name":"owner","inputs":[]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"pause","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"bool","name":"","internalType":"bool"}],"name":"paused","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"address","name":"","internalType":"address"}],"name":"pendingOwner","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"bytes32","name":"","internalType":"bytes32"}],"name":"proxiableUUID","inputs":[]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"renounceOwnership","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"address","name":"","internalType":"address"}],"name":"resolver","inputs":[]},{"type":"function","stateMutability":"view","outputs":[{"type":"address","name":"","internalType":"address"}],"name":"riscoGroth16Verifier","inputs":[]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"setImageIdTrusted","inputs":[{"type":"bytes32","name":"_imageId","internalType":"bytes32"},{"type":"bool","name":"_trusted","internalType":"bool"}]},{"type":"function","stateMutability":"view","outputs":[{"type":"uint64","name":"","internalType":"uint64"}],"name":"taikoChainId","inputs":[]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"transferOwnership","inputs":[{"type":"address","name":"newOwner","internalType":"address"}]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"unpause","inputs":[]},{"type":"function","stateMutability":"nonpayable","outputs":[],"name":"upgradeTo","inputs":[{"type":"address","name":"newImplementation","internalType":"address"}]},{"type":"function","stateMutability":"payable","outputs":[],"name":"upgradeToAndCall","inputs":[{"type":"address","name":"newImplementation","internalType":"address"},{"type":"bytes","name":"data","internalType":"bytes"}]},{"type":"function","stateMutability":"view","outputs":[],"name":"verifyProof","inputs":[{"type":"tuple[]","name":"_ctxs","internalType":"struct IVerifier.Context[]","components":[{"type":"uint64","name":"batchId","internalType":"uint64"},{"type":"bytes32","name":"metaHash","internalType":"bytes32"},{"type":"tuple","name":"transition","internalType":"struct ITaikoInbox.Transition","components":[{"type":"bytes32","name":"parentHash","internalType":"bytes32"},{"type":"bytes32","name":"blockHash","internalType":"bytes32"},{"type":"bytes32","name":"stateRoot","internalType":"bytes32"}]}]},{"type":"bytes","name":"_proof","internalType":"bytes"}]}]
Contract Creation Code
0x61010060405230608052348015610014575f5ffd5b5060405161192c38038061192c8339810160408190526100339161011d565b5f60a0819052610041610061565b506001600160401b0390911660c0526001600160a01b031660e05261016b565b5f54610100900460ff16156100cc5760405162461bcd60e51b815260206004820152602760248201527f496e697469616c697a61626c653a20636f6e747261637420697320696e697469604482015266616c697a696e6760c81b606482015260840160405180910390fd5b5f5460ff9081161461011b575f805460ff191660ff9081179091556040519081527f7f26b83ff96e1f2b6a682f133852f6798a09c465da95921460cefb38474024989060200160405180910390a15b565b5f5f6040838503121561012e575f5ffd5b82516001600160401b0381168114610144575f5ffd5b60208401519092506001600160a01b0381168114610160575f5ffd5b809150509250929050565b60805160a05160c05160e0516117646101c85f395f818161034e0152610b4b01525f818161030201526109f601525f61012d01525f8181610500015281816105400152818161064b0152818161068b015261070201526117645ff3fe60806040526004361061011b575f3560e01c806379ba50971161009d578063a5a1d0c511610062578063a5a1d0c5146102f1578063be0bd3a01461033d578063e30c397814610370578063ed7615811461038d578063f2fde38b146103ac575f5ffd5b806379ba5097146102795780638456cb591461028d5780638abf6077146102a15780638da5cb5b146102b55780639b26b724146102d2575f5ffd5b806343f9405f116100e357806343f9405f146101e25780634f1ef2861461021057806352d1902d146102235780635c975abb14610245578063715018a614610265575f5ffd5b806304f3bcec1461011f57806319ab453c1461016a5780633075db561461018b5780633659cfe6146101af5780633f4ba83a146101ce575b5f5ffd5b34801561012a575f5ffd5b507f00000000000000000000000000000000000000000000000000000000000000005b6040516001600160a01b0390911681526020015b60405180910390f35b348015610175575f5ffd5b5061018961018436600461123c565b6103cb565b005b348015610196575f5ffd5b5061019f6104de565b6040519015158152602001610161565b3480156101ba575f5ffd5b506101896101c936600461123c565b6104f6565b3480156101d9575f5ffd5b506101896105bd565b3480156101ed575f5ffd5b5061019f6101fc366004611255565b60fb6020525f908152604090205460ff1681565b61018961021e36600461130b565b610641565b34801561022e575f5ffd5b506102376106f6565b604051908152602001610161565b348015610250575f5ffd5b5061019f60c954610100900460ff1660021490565b348015610270575f5ffd5b506101896107a7565b348015610284575f5ffd5b506101896107b8565b348015610298575f5ffd5b5061018961082f565b3480156102ac575f5ffd5b5061014d6108ae565b3480156102c0575f5ffd5b506033546001600160a01b031661014d565b3480156102dd575f5ffd5b506101896102ec36600461139b565b6108bc565b3480156102fc575f5ffd5b506103247f000000000000000000000000000000000000000000000000000000000000000081565b60405167ffffffffffffffff9091168152602001610161565b348015610348575f5ffd5b5061014d7f000000000000000000000000000000000000000000000000000000000000000081565b34801561037b575f5ffd5b506065546001600160a01b031661014d565b348015610398575f5ffd5b506101896103a7366004611436565b610c29565b3480156103b7575f5ffd5b506101896103c636600461123c565b610c82565b5f54610100900460ff16158080156103e957505f54600160ff909116105b806104025750303b15801561040257505f5460ff166001145b61046a5760405162461bcd60e51b815260206004820152602e60248201527f496e697469616c697a61626c653a20636f6e747261637420697320616c72656160448201526d191e481a5b9a5d1a585b1a5e995960921b60648201526084015b60405180910390fd5b5f805460ff19166001179055801561048b575f805461ff0019166101001790555b61049482610cf3565b80156104da575f805461ff0019169055604051600181527f7f26b83ff96e1f2b6a682f133852f6798a09c465da95921460cefb3847402498906020015b60405180910390a15b5050565b5f60026104ed60c95460ff1690565b60ff1614905090565b6001600160a01b037f000000000000000000000000000000000000000000000000000000000000000016300361053e5760405162461bcd60e51b815260040161046190611468565b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316610570610d51565b6001600160a01b0316146105965760405162461bcd60e51b8152600401610461906114b4565b61059f81610d6c565b604080515f808252602082019092526105ba91839190610d74565b50565b6105d160c954610100900460ff1660021490565b6105ee5760405163bae6e2a960e01b815260040160405180910390fd5b61060260c9805461ff001916610100179055565b6040513381527f5db9ee0a495bf2e6ff9c91a7834c1ba4fdd244a5e8aa4e537bd38aeae4b073aa9060200160405180910390a161063f335f610ee3565b565b6001600160a01b037f00000000000000000000000000000000000000000000000000000000000000001630036106895760405162461bcd60e51b815260040161046190611468565b7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03166106bb610d51565b6001600160a01b0316146106e15760405162461bcd60e51b8152600401610461906114b4565b6106ea82610d6c565b6104da82826001610d74565b5f306001600160a01b037f000000000000000000000000000000000000000000000000000000000000000016146107955760405162461bcd60e51b815260206004820152603860248201527f555550535570677261646561626c653a206d757374206e6f742062652063616c60448201527f6c6564207468726f7567682064656c656761746563616c6c00000000000000006064820152608401610461565b505f5160206116e85f395f51905f5290565b6107af610ee7565b61063f5f610f41565b60655433906001600160a01b031681146108265760405162461bcd60e51b815260206004820152602960248201527f4f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206044820152683732bb9037bbb732b960b91b6064820152608401610461565b6105ba81610f41565b61084360c954610100900460ff1660021490565b156108615760405163bae6e2a960e01b815260040160405180910390fd5b60c9805461ff0019166102001790556040513381527f62e78cea01bee320cd4e420270b5ea74000d11b0c9f74754ebdbfc544b05a2589060200160405180910390a161063f336001610ee3565b5f6108b7610d51565b905090565b5f80806108cb84860186611500565b5f81815260fb6020526040902054929550909350915060ff1661090157604051630323378b60e61b815260040160405180910390fd5b5f82815260fb602052604090205460ff1661092f57604051633a4848d760e11b815260040160405180910390fd5b5f61093b87600161154a565b67ffffffffffffffff8111156109535761095361126c565b60405190808252806020026020018201604052801561097c578160200160208202803683370190505b50905082815f8151811061099257610992611569565b6020908102919091010152865f5b81811015610ad957610aaa8a8a838181106109bd576109bd611569565b905060a002016040018036038101906109d6919061157d565b305f8d8d868181106109ea576109ea611569565b905060a00201602001357f0000000000000000000000000000000000000000000000000000000000000000604080516101006020808301829052600c6101208401526b2b22a924a32cafa82927a7a360a11b6101408085019190915267ffffffffffffffff95909516838501526001600160a01b039788166060840152885160808401528881015160a08401529783015160c08301529490951660e086015292840191909152815180840390910181526101609092019052805191012090565b83610ab683600161154a565b81518110610ac657610ac6611569565b60209081029190910101526001016109a0565b505f600283604051602001610aee91906115d6565b60408051601f1981840301815290829052610b089161160b565b602060405180830381855afa158015610b23573d5f5f3e3d5ffd5b5050506040513d601f19601f82011682018060405250810190610b469190611621565b90505f7f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316878684604051602401610b8893929190611666565b60408051601f198184030181529181526020820180516001600160e01b031663ab750e7560e01b17905251610bbd919061160b565b5f60405180830381855afa9150503d805f8114610bf5576040519150601f19603f3d011682016040523d82523d5f602084013e610bfa565b606091505b5050905080610c1c57604051631113230b60e21b815260040160405180910390fd5b5050505050505050505050565b610c31610ee7565b5f82815260fb6020908152604091829020805460ff19168415159081179091558251858152918201527fd5b8667957c912ec9fd7c4447ff0ab8dd327f9a90b8eab841c77d605144337c291016104d1565b610c8a610ee7565b606580546001600160a01b0383166001600160a01b03199091168117909155610cbb6033546001600160a01b031690565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b5f54610100900460ff16610d195760405162461bcd60e51b81526004016104619061168a565b610d21610f5a565b610d3f6001600160a01b03821615610d395781610f41565b33610f41565b5060c9805461ff001916610100179055565b5f5160206116e85f395f51905f52546001600160a01b031690565b6105ba610ee7565b7f4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd91435460ff1615610dac57610da783610f80565b505050565b826001600160a01b03166352d1902d6040518163ffffffff1660e01b8152600401602060405180830381865afa925050508015610e06575060408051601f3d908101601f19168201909252610e0391810190611621565b60015b610e695760405162461bcd60e51b815260206004820152602e60248201527f45524331393637557067726164653a206e657720696d706c656d656e7461746960448201526d6f6e206973206e6f74205555505360901b6064820152608401610461565b5f5160206116e85f395f51905f528114610ed75760405162461bcd60e51b815260206004820152602960248201527f45524331393637557067726164653a20756e737570706f727465642070726f786044820152681a58589b195555525160ba1b6064820152608401610461565b50610da783838361101b565b6104da5b6033546001600160a01b0316331461063f5760405162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e65726044820152606401610461565b606580546001600160a01b03191690556105ba81611045565b5f54610100900460ff1661063f5760405162461bcd60e51b81526004016104619061168a565b6001600160a01b0381163b610fed5760405162461bcd60e51b815260206004820152602d60248201527f455243313936373a206e657720696d706c656d656e746174696f6e206973206e60448201526c1bdd08184818dbdb9d1c9858dd609a1b6064820152608401610461565b5f5160206116e85f395f51905f5280546001600160a01b0319166001600160a01b0392909216919091179055565b61102483611096565b5f825111806110305750805b15610da75761103f83836110d5565b50505050565b603380546001600160a01b038381166001600160a01b0319831681179093556040519116919082907f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0905f90a35050565b61109f81610f80565b6040516001600160a01b038216907fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b905f90a250565b60606110fa838360405180606001604052806027815260200161170860279139611103565b90505b92915050565b60605f5f856001600160a01b03168560405161111f919061160b565b5f60405180830381855af49150503d805f8114611157576040519150601f19603f3d011682016040523d82523d5f602084013e61115c565b606091505b509150915061116d86838387611177565b9695505050505050565b606083156111e55782515f036111de576001600160a01b0385163b6111de5760405162461bcd60e51b815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e74726163740000006044820152606401610461565b50816111ef565b6111ef83836111f7565b949350505050565b8151156112075781518083602001fd5b8060405162461bcd60e51b815260040161046191906116d5565b80356001600160a01b0381168114611237575f5ffd5b919050565b5f6020828403121561124c575f5ffd5b6110fa82611221565b5f60208284031215611265575f5ffd5b5035919050565b634e487b7160e01b5f52604160045260245ffd5b5f82601f83011261128f575f5ffd5b813567ffffffffffffffff8111156112a9576112a961126c565b604051601f8201601f19908116603f0116810167ffffffffffffffff811182821017156112d8576112d861126c565b6040528181528382016020018510156112ef575f5ffd5b816020850160208301375f918101602001919091529392505050565b5f5f6040838503121561131c575f5ffd5b61132583611221565b9150602083013567ffffffffffffffff811115611340575f5ffd5b61134c85828601611280565b9150509250929050565b5f5f83601f840112611366575f5ffd5b50813567ffffffffffffffff81111561137d575f5ffd5b602083019150836020828501011115611394575f5ffd5b9250929050565b5f5f5f5f604085870312156113ae575f5ffd5b843567ffffffffffffffff8111156113c4575f5ffd5b8501601f810187136113d4575f5ffd5b803567ffffffffffffffff8111156113ea575f5ffd5b87602060a0830284010111156113fe575f5ffd5b60209182019550935085013567ffffffffffffffff81111561141e575f5ffd5b61142a87828801611356565b95989497509550505050565b5f5f60408385031215611447575f5ffd5b823591506020830135801515811461145d575f5ffd5b809150509250929050565b6020808252602c908201527f46756e6374696f6e206d7573742062652063616c6c6564207468726f7567682060408201526b19195b1959d85d1958d85b1b60a21b606082015260800190565b6020808252602c908201527f46756e6374696f6e206d7573742062652063616c6c6564207468726f7567682060408201526b6163746976652070726f787960a01b606082015260800190565b5f5f5f60608486031215611512575f5ffd5b833567ffffffffffffffff811115611528575f5ffd5b61153486828701611280565b9660208601359650604090950135949350505050565b808201808211156110fd57634e487b7160e01b5f52601160045260245ffd5b634e487b7160e01b5f52603260045260245ffd5b5f606082840312801561158e575f5ffd5b506040516060810167ffffffffffffffff811182821017156115b2576115b261126c565b60409081528335825260208085013590830152928301359281019290925250919050565b81515f90829060208501835b828110156116005781518452602093840193909101906001016115e2565b509195945050505050565b5f82518060208501845e5f920191825250919050565b5f60208284031215611631575f5ffd5b5051919050565b5f81518084528060208401602086015e5f602082860101526020601f19601f83011685010191505092915050565b606081525f6116786060830186611638565b60208301949094525060400152919050565b6020808252602b908201527f496e697469616c697a61626c653a20636f6e7472616374206973206e6f74206960408201526a6e697469616c697a696e6760a81b606082015260800190565b602081525f6110fa602083018461163856fe360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc416464726573733a206c6f772d6c6576656c2064656c65676174652063616c6c206661696c6564a26469706673582212202c1cb96033db7576dd5b8fd56a96ce2b5eed36ed7a7da8808dacd9d24b0bc0f164736f6c634300081b00330000000000000000000000000000000000000000000000000000000000028c590000000000000000000000004f3f0d5b22338f1f991a1a9686c7171389c97ff7Deployed ByteCode
0x60806040526004361061011b575f3560e01c806379ba50971161009d578063a5a1d0c511610062578063a5a1d0c5146102f1578063be0bd3a01461033d578063e30c397814610370578063ed7615811461038d578063f2fde38b146103ac575f5ffd5b806379ba5097146102795780638456cb591461028d5780638abf6077146102a15780638da5cb5b146102b55780639b26b724146102d2575f5ffd5b806343f9405f116100e357806343f9405f146101e25780634f1ef2861461021057806352d1902d146102235780635c975abb14610245578063715018a614610265575f5ffd5b806304f3bcec1461011f57806319ab453c1461016a5780633075db561461018b5780633659cfe6146101af5780633f4ba83a146101ce575b5f5ffd5b34801561012a575f5ffd5b507f00000000000000000000000000000000000000000000000000000000000000005b6040516001600160a01b0390911681526020015b60405180910390f35b348015610175575f5ffd5b5061018961018436600461123c565b6103cb565b005b348015610196575f5ffd5b5061019f6104de565b6040519015158152602001610161565b3480156101ba575f5ffd5b506101896101c936600461123c565b6104f6565b3480156101d9575f5ffd5b506101896105bd565b3480156101ed575f5ffd5b5061019f6101fc366004611255565b60fb6020525f908152604090205460ff1681565b61018961021e36600461130b565b610641565b34801561022e575f5ffd5b506102376106f6565b604051908152602001610161565b348015610250575f5ffd5b5061019f60c954610100900460ff1660021490565b348015610270575f5ffd5b506101896107a7565b348015610284575f5ffd5b506101896107b8565b348015610298575f5ffd5b5061018961082f565b3480156102ac575f5ffd5b5061014d6108ae565b3480156102c0575f5ffd5b506033546001600160a01b031661014d565b3480156102dd575f5ffd5b506101896102ec36600461139b565b6108bc565b3480156102fc575f5ffd5b506103247f0000000000000000000000000000000000000000000000000000000000028c5981565b60405167ffffffffffffffff9091168152602001610161565b348015610348575f5ffd5b5061014d7f0000000000000000000000004f3f0d5b22338f1f991a1a9686c7171389c97ff781565b34801561037b575f5ffd5b506065546001600160a01b031661014d565b348015610398575f5ffd5b506101896103a7366004611436565b610c29565b3480156103b7575f5ffd5b506101896103c636600461123c565b610c82565b5f54610100900460ff16158080156103e957505f54600160ff909116105b806104025750303b15801561040257505f5460ff166001145b61046a5760405162461bcd60e51b815260206004820152602e60248201527f496e697469616c697a61626c653a20636f6e747261637420697320616c72656160448201526d191e481a5b9a5d1a585b1a5e995960921b60648201526084015b60405180910390fd5b5f805460ff19166001179055801561048b575f805461ff0019166101001790555b61049482610cf3565b80156104da575f805461ff0019169055604051600181527f7f26b83ff96e1f2b6a682f133852f6798a09c465da95921460cefb3847402498906020015b60405180910390a15b5050565b5f60026104ed60c95460ff1690565b60ff1614905090565b6001600160a01b037f00000000000000000000000014416fb06544bd293b3564904e167b0be9a4d68016300361053e5760405162461bcd60e51b815260040161046190611468565b7f00000000000000000000000014416fb06544bd293b3564904e167b0be9a4d6806001600160a01b0316610570610d51565b6001600160a01b0316146105965760405162461bcd60e51b8152600401610461906114b4565b61059f81610d6c565b604080515f808252602082019092526105ba91839190610d74565b50565b6105d160c954610100900460ff1660021490565b6105ee5760405163bae6e2a960e01b815260040160405180910390fd5b61060260c9805461ff001916610100179055565b6040513381527f5db9ee0a495bf2e6ff9c91a7834c1ba4fdd244a5e8aa4e537bd38aeae4b073aa9060200160405180910390a161063f335f610ee3565b565b6001600160a01b037f00000000000000000000000014416fb06544bd293b3564904e167b0be9a4d6801630036106895760405162461bcd60e51b815260040161046190611468565b7f00000000000000000000000014416fb06544bd293b3564904e167b0be9a4d6806001600160a01b03166106bb610d51565b6001600160a01b0316146106e15760405162461bcd60e51b8152600401610461906114b4565b6106ea82610d6c565b6104da82826001610d74565b5f306001600160a01b037f00000000000000000000000014416fb06544bd293b3564904e167b0be9a4d68016146107955760405162461bcd60e51b815260206004820152603860248201527f555550535570677261646561626c653a206d757374206e6f742062652063616c60448201527f6c6564207468726f7567682064656c656761746563616c6c00000000000000006064820152608401610461565b505f5160206116e85f395f51905f5290565b6107af610ee7565b61063f5f610f41565b60655433906001600160a01b031681146108265760405162461bcd60e51b815260206004820152602960248201527f4f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206044820152683732bb9037bbb732b960b91b6064820152608401610461565b6105ba81610f41565b61084360c954610100900460ff1660021490565b156108615760405163bae6e2a960e01b815260040160405180910390fd5b60c9805461ff0019166102001790556040513381527f62e78cea01bee320cd4e420270b5ea74000d11b0c9f74754ebdbfc544b05a2589060200160405180910390a161063f336001610ee3565b5f6108b7610d51565b905090565b5f80806108cb84860186611500565b5f81815260fb6020526040902054929550909350915060ff1661090157604051630323378b60e61b815260040160405180910390fd5b5f82815260fb602052604090205460ff1661092f57604051633a4848d760e11b815260040160405180910390fd5b5f61093b87600161154a565b67ffffffffffffffff8111156109535761095361126c565b60405190808252806020026020018201604052801561097c578160200160208202803683370190505b50905082815f8151811061099257610992611569565b6020908102919091010152865f5b81811015610ad957610aaa8a8a838181106109bd576109bd611569565b905060a002016040018036038101906109d6919061157d565b305f8d8d868181106109ea576109ea611569565b905060a00201602001357f0000000000000000000000000000000000000000000000000000000000028c59604080516101006020808301829052600c6101208401526b2b22a924a32cafa82927a7a360a11b6101408085019190915267ffffffffffffffff95909516838501526001600160a01b039788166060840152885160808401528881015160a08401529783015160c08301529490951660e086015292840191909152815180840390910181526101609092019052805191012090565b83610ab683600161154a565b81518110610ac657610ac6611569565b60209081029190910101526001016109a0565b505f600283604051602001610aee91906115d6565b60408051601f1981840301815290829052610b089161160b565b602060405180830381855afa158015610b23573d5f5f3e3d5ffd5b5050506040513d601f19601f82011682018060405250810190610b469190611621565b90505f7f0000000000000000000000004f3f0d5b22338f1f991a1a9686c7171389c97ff76001600160a01b0316878684604051602401610b8893929190611666565b60408051601f198184030181529181526020820180516001600160e01b031663ab750e7560e01b17905251610bbd919061160b565b5f60405180830381855afa9150503d805f8114610bf5576040519150601f19603f3d011682016040523d82523d5f602084013e610bfa565b606091505b5050905080610c1c57604051631113230b60e21b815260040160405180910390fd5b5050505050505050505050565b610c31610ee7565b5f82815260fb6020908152604091829020805460ff19168415159081179091558251858152918201527fd5b8667957c912ec9fd7c4447ff0ab8dd327f9a90b8eab841c77d605144337c291016104d1565b610c8a610ee7565b606580546001600160a01b0383166001600160a01b03199091168117909155610cbb6033546001600160a01b031690565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b5f54610100900460ff16610d195760405162461bcd60e51b81526004016104619061168a565b610d21610f5a565b610d3f6001600160a01b03821615610d395781610f41565b33610f41565b5060c9805461ff001916610100179055565b5f5160206116e85f395f51905f52546001600160a01b031690565b6105ba610ee7565b7f4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd91435460ff1615610dac57610da783610f80565b505050565b826001600160a01b03166352d1902d6040518163ffffffff1660e01b8152600401602060405180830381865afa925050508015610e06575060408051601f3d908101601f19168201909252610e0391810190611621565b60015b610e695760405162461bcd60e51b815260206004820152602e60248201527f45524331393637557067726164653a206e657720696d706c656d656e7461746960448201526d6f6e206973206e6f74205555505360901b6064820152608401610461565b5f5160206116e85f395f51905f528114610ed75760405162461bcd60e51b815260206004820152602960248201527f45524331393637557067726164653a20756e737570706f727465642070726f786044820152681a58589b195555525160ba1b6064820152608401610461565b50610da783838361101b565b6104da5b6033546001600160a01b0316331461063f5760405162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e65726044820152606401610461565b606580546001600160a01b03191690556105ba81611045565b5f54610100900460ff1661063f5760405162461bcd60e51b81526004016104619061168a565b6001600160a01b0381163b610fed5760405162461bcd60e51b815260206004820152602d60248201527f455243313936373a206e657720696d706c656d656e746174696f6e206973206e60448201526c1bdd08184818dbdb9d1c9858dd609a1b6064820152608401610461565b5f5160206116e85f395f51905f5280546001600160a01b0319166001600160a01b0392909216919091179055565b61102483611096565b5f825111806110305750805b15610da75761103f83836110d5565b50505050565b603380546001600160a01b038381166001600160a01b0319831681179093556040519116919082907f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0905f90a35050565b61109f81610f80565b6040516001600160a01b038216907fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b905f90a250565b60606110fa838360405180606001604052806027815260200161170860279139611103565b90505b92915050565b60605f5f856001600160a01b03168560405161111f919061160b565b5f60405180830381855af49150503d805f8114611157576040519150601f19603f3d011682016040523d82523d5f602084013e61115c565b606091505b509150915061116d86838387611177565b9695505050505050565b606083156111e55782515f036111de576001600160a01b0385163b6111de5760405162461bcd60e51b815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e74726163740000006044820152606401610461565b50816111ef565b6111ef83836111f7565b949350505050565b8151156112075781518083602001fd5b8060405162461bcd60e51b815260040161046191906116d5565b80356001600160a01b0381168114611237575f5ffd5b919050565b5f6020828403121561124c575f5ffd5b6110fa82611221565b5f60208284031215611265575f5ffd5b5035919050565b634e487b7160e01b5f52604160045260245ffd5b5f82601f83011261128f575f5ffd5b813567ffffffffffffffff8111156112a9576112a961126c565b604051601f8201601f19908116603f0116810167ffffffffffffffff811182821017156112d8576112d861126c565b6040528181528382016020018510156112ef575f5ffd5b816020850160208301375f918101602001919091529392505050565b5f5f6040838503121561131c575f5ffd5b61132583611221565b9150602083013567ffffffffffffffff811115611340575f5ffd5b61134c85828601611280565b9150509250929050565b5f5f83601f840112611366575f5ffd5b50813567ffffffffffffffff81111561137d575f5ffd5b602083019150836020828501011115611394575f5ffd5b9250929050565b5f5f5f5f604085870312156113ae575f5ffd5b843567ffffffffffffffff8111156113c4575f5ffd5b8501601f810187136113d4575f5ffd5b803567ffffffffffffffff8111156113ea575f5ffd5b87602060a0830284010111156113fe575f5ffd5b60209182019550935085013567ffffffffffffffff81111561141e575f5ffd5b61142a87828801611356565b95989497509550505050565b5f5f60408385031215611447575f5ffd5b823591506020830135801515811461145d575f5ffd5b809150509250929050565b6020808252602c908201527f46756e6374696f6e206d7573742062652063616c6c6564207468726f7567682060408201526b19195b1959d85d1958d85b1b60a21b606082015260800190565b6020808252602c908201527f46756e6374696f6e206d7573742062652063616c6c6564207468726f7567682060408201526b6163746976652070726f787960a01b606082015260800190565b5f5f5f60608486031215611512575f5ffd5b833567ffffffffffffffff811115611528575f5ffd5b61153486828701611280565b9660208601359650604090950135949350505050565b808201808211156110fd57634e487b7160e01b5f52601160045260245ffd5b634e487b7160e01b5f52603260045260245ffd5b5f606082840312801561158e575f5ffd5b506040516060810167ffffffffffffffff811182821017156115b2576115b261126c565b60409081528335825260208085013590830152928301359281019290925250919050565b81515f90829060208501835b828110156116005781518452602093840193909101906001016115e2565b509195945050505050565b5f82518060208501845e5f920191825250919050565b5f60208284031215611631575f5ffd5b5051919050565b5f81518084528060208401602086015e5f602082860101526020601f19601f83011685010191505092915050565b606081525f6116786060830186611638565b60208301949094525060400152919050565b6020808252602b908201527f496e697469616c697a61626c653a20636f6e7472616374206973206e6f74206960408201526a6e697469616c697a696e6760a81b606082015260800190565b602081525f6110fa602083018461163856fe360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc416464726573733a206c6f772d6c6576656c2064656c65676174652063616c6c206661696c6564a26469706673582212202c1cb96033db7576dd5b8fd56a96ce2b5eed36ed7a7da8808dacd9d24b0bc0f164736f6c634300081b0033