Source Code
Overview
ETH Balance
0 ETH
More Info
ContractCreator
Multichain Info
N/A
| Transaction Hash |
Method
|
Block
|
From
|
To
|
Amount
|
||||
|---|---|---|---|---|---|---|---|---|---|
Latest 17 internal transactions
Advanced mode:
| Parent Transaction Hash | Method | Block |
From
|
To
|
Amount
|
||
|---|---|---|---|---|---|---|---|
| Latest Report Ti... | 628986 | 177 days ago | 0 ETH | ||||
| Latest Report Ti... | 628952 | 177 days ago | 0 ETH | ||||
| Update Vault Dat... | 628951 | 177 days ago | 0 ETH | ||||
| Update Report Da... | 628839 | 177 days ago | 0 ETH | ||||
| Update Report Da... | 628480 | 177 days ago | 0 ETH | ||||
| Update Report Da... | 628247 | 177 days ago | 0 ETH | ||||
| Update Report Da... | 627924 | 177 days ago | 0 ETH | ||||
| Update Vault Dat... | 627747 | 177 days ago | 0 ETH | ||||
| Latest Report Ti... | 627711 | 177 days ago | 0 ETH | ||||
| Latest Report Ti... | 627704 | 177 days ago | 0 ETH | ||||
| Update Report Da... | 627486 | 177 days ago | 0 ETH | ||||
| Latest Report Ti... | 626872 | 178 days ago | 0 ETH | ||||
| Latest Report Ti... | 622937 | 178 days ago | 0 ETH | ||||
| Renounce Role | 621602 | 178 days ago | 0 ETH | ||||
| Grant Role | 621601 | 178 days ago | 0 ETH | ||||
| Grant Role | 621570 | 178 days ago | 0 ETH | ||||
| Initialize | 621540 | 178 days ago | 0 ETH |
Loading...
Loading
Loading...
Loading
Contract Source Code Verified (Exact Match)
Contract Name:
LazyOracle
Compiler Version
v0.8.25+commit.b61c2a91
Optimization Enabled:
Yes with 200 runs
Other Settings:
cancun EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; import {MerkleProof} from "@openzeppelin/contracts-v5.2/utils/cryptography/MerkleProof.sol"; import {AccessControlEnumerableUpgradeable} from "contracts/openzeppelin/5.2/upgradeable/access/extensions/AccessControlEnumerableUpgradeable.sol"; import {Math256} from "contracts/common/lib/Math256.sol"; import {ILazyOracle} from "contracts/common/interfaces/ILazyOracle.sol"; import {ILidoLocator} from "contracts/common/interfaces/ILidoLocator.sol"; import {ILido} from "contracts/common/interfaces/ILido.sol"; import {IHashConsensus} from "contracts/common/interfaces/IHashConsensus.sol"; import {VaultHub} from "./VaultHub.sol"; import {OperatorGrid} from "./OperatorGrid.sol"; import {IStakingVault} from "./interfaces/IStakingVault.sol"; contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable { /// @custom:storage-location erc7201:LazyOracle struct Storage { /// @notice root of the vaults data tree bytes32 vaultsDataTreeRoot; /// @notice CID of the vaults data tree string vaultsDataReportCid; /// @notice timestamp of the vaults data uint64 vaultsDataTimestamp; /// @notice total value increase quarantine period uint64 quarantinePeriod; /// @notice max reward ratio for refSlot-observed total value, basis points uint16 maxRewardRatioBP; /// @notice deposit quarantines for each vault mapping(address vault => Quarantine) vaultQuarantines; } /* A quarantine is a timelock applied to any sudden jump in a vault's reported total value that cannot be immediately confirmed on-chain (via the inOutDelta difference). If the reported total value exceeds the expected routine EL/CL rewards, the excess is pushed into a quarantine buffer for a predefined cooldown period. Only after this delay is the quarantined value released into VaultHub's total value. Normal top-ups — where the vault owner funds the contract directly using the `fund()` function — do not go through quarantine, as they can be verified on-chain via the inOutDelta value. These direct fundings are reflected immediately. In contrast, consolidations or deposits that bypass the vault's balance must sit in quarantine. Example flow: Time 0: Total Value = 100 ETH ┌────────────────────────────────────┐ │ 100 ETH Active │ └────────────────────────────────────┘ Time 1: Sudden jump of +50 ETH → start quarantine for 50 ETH ┌────────────────────────────────────┐ │ 100 ETH Active │ │ 50 ETH Quarantined │ └────────────────────────────────────┘ Time 2: Another jump of +70 ETH → wait for current quarantine to expire ┌────────────────────────────────────┐ │ 100 ETH Active │ │ 50 ETH Quarantined │ │ 70 ETH Quarantine Queue │ └────────────────────────────────────┘ Time 3: First quarantine expires → add 50 ETH to active value, start new quarantine for 70 ETH ┌────────────────────────────────────┐ │ 150 ETH Active │ │ 70 ETH Quarantined │ └────────────────────────────────────┘ Time 4: Second quarantine expires → add 70 ETH to active value ┌────────────────────────────────────┐ │ 220 ETH Active │ └────────────────────────────────────┘ */ struct Quarantine { uint128 pendingTotalValueIncrease; uint64 startTimestamp; } struct QuarantineInfo { bool isActive; uint256 pendingTotalValueIncrease; uint256 startTimestamp; uint256 endTimestamp; } struct VaultInfo { address vault; uint96 vaultIndex; uint256 balance; bytes32 withdrawalCredentials; uint256 liabilityShares; uint256 mintableStETH; uint96 shareLimit; uint16 reserveRatioBP; uint16 forcedRebalanceThresholdBP; uint16 infraFeeBP; uint16 liquidityFeeBP; uint16 reservationFeeBP; bool pendingDisconnect; } // keccak256(abi.encode(uint256(keccak256("LazyOracle")) - 1)) & ~bytes32(uint256(0xff)) bytes32 private constant LAZY_ORACLE_STORAGE_LOCATION = 0xe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d00; bytes32 public constant UPDATE_SANITY_PARAMS_ROLE = keccak256("UPDATE_SANITY_PARAMS_ROLE"); ILidoLocator public immutable LIDO_LOCATOR; /// @dev basis points base uint256 private constant TOTAL_BASIS_POINTS = 100_00; uint256 private constant MAX_SANE_TOTAL_VALUE = type(uint96).max; constructor(address _lidoLocator) { LIDO_LOCATOR = ILidoLocator(payable(_lidoLocator)); _disableInitializers(); } /// @notice Initializes the contract /// @param _admin Address of the admin /// @param _quarantinePeriod the quarantine period, seconds /// @param _maxRewardRatioBP the max reward ratio, basis points function initialize(address _admin, uint64 _quarantinePeriod, uint16 _maxRewardRatioBP) external initializer { if (_admin == address(0)) revert AdminCannotBeZero(); _grantRole(DEFAULT_ADMIN_ROLE, _admin); _updateSanityParams(_quarantinePeriod, _maxRewardRatioBP); } /// @notice returns the latest report data /// @return timestamp of the report /// @return treeRoot merkle root of the report /// @return reportCid IPFS CID for the report JSON file function latestReportData() external view returns (uint64 timestamp, bytes32 treeRoot, string memory reportCid) { Storage storage $ = _storage(); return ($.vaultsDataTimestamp, $.vaultsDataTreeRoot, $.vaultsDataReportCid); } /// @notice returns the latest report timestamp function latestReportTimestamp() external view returns (uint64) { return _storage().vaultsDataTimestamp; } /// @notice returns the quarantine period function quarantinePeriod() external view returns (uint64) { return _storage().quarantinePeriod; } /// @notice returns the max reward ratio for refSlot total value, basis points function maxRewardRatioBP() external view returns (uint16) { return _storage().maxRewardRatioBP; } /// @notice returns the quarantine info for the vault /// @param _vault the address of the vault // @dev returns zeroed structure if there is no active quarantine function vaultQuarantine(address _vault) external view returns (QuarantineInfo memory) { Quarantine storage q = _storage().vaultQuarantines[_vault]; if (q.pendingTotalValueIncrease == 0) { return QuarantineInfo(false, 0, 0, 0); } return QuarantineInfo({ isActive: true, pendingTotalValueIncrease: q.pendingTotalValueIncrease, startTimestamp: q.startTimestamp, endTimestamp: q.startTimestamp + _storage().quarantinePeriod }); } /// @notice returns batch of vaults info /// @param _offset in the vaults list [0, vaultsCount) /// @param _limit maximum number of vaults to return /// @return batch of vaults info function batchVaultsInfo(uint256 _offset, uint256 _limit) external view returns (VaultInfo[] memory) { VaultHub vaultHub = _vaultHub(); uint256 vaultCount = vaultHub.vaultsCount(); uint256 batchSize; if (_offset > vaultCount) { batchSize = 0; } else { batchSize = _offset + _limit > vaultCount ? vaultCount - _offset : _limit; } VaultInfo[] memory batch = new VaultInfo[](batchSize); for (uint256 i = 0; i < batchSize; i++) { address vaultAddress = vaultHub.vaultByIndex(_offset + i + 1); IStakingVault vault = IStakingVault(vaultAddress); VaultHub.VaultConnection memory connection = vaultHub.vaultConnection(vaultAddress); VaultHub.VaultRecord memory record = vaultHub.vaultRecord(vaultAddress); batch[i] = VaultInfo( vaultAddress, connection.vaultIndex, address(vault).balance, vault.withdrawalCredentials(), record.liabilityShares, _mintableStETH(vaultAddress), connection.shareLimit, connection.reserveRatioBP, connection.forcedRebalanceThresholdBP, connection.infraFeeBP, connection.liquidityFeeBP, connection.reservationFeeBP, connection.pendingDisconnect ); } return batch; } /// @notice update the sanity parameters /// @param _quarantinePeriod the quarantine period /// @param _maxRewardRatioBP the max EL CL rewards function updateSanityParams( uint64 _quarantinePeriod, uint16 _maxRewardRatioBP ) external onlyRole(UPDATE_SANITY_PARAMS_ROLE) { _updateSanityParams(_quarantinePeriod, _maxRewardRatioBP); } /// @notice Store the report root and its meta information /// @param _vaultsDataTimestamp the timestamp of the report /// @param _vaultsDataTreeRoot the root of the report /// @param _vaultsDataReportCid the CID of the report function updateReportData( uint256 _vaultsDataTimestamp, bytes32 _vaultsDataTreeRoot, string memory _vaultsDataReportCid ) external override(ILazyOracle) { if (msg.sender != LIDO_LOCATOR.accountingOracle()) revert NotAuthorized(); Storage storage $ = _storage(); $.vaultsDataTimestamp = uint64(_vaultsDataTimestamp); $.vaultsDataTreeRoot = _vaultsDataTreeRoot; $.vaultsDataReportCid = _vaultsDataReportCid; emit VaultsReportDataUpdated(_vaultsDataTimestamp, _vaultsDataTreeRoot, _vaultsDataReportCid); } /// @notice Permissionless update of the vault data /// @param _vault the address of the vault /// @param _totalValue the total value of the vault /// @param _cumulativeLidoFees the cumulative Lido fees accrued on the vault (nominated in ether) /// @param _liabilityShares the liabilityShares of the vault /// @param _proof the proof of the reported data function updateVaultData( address _vault, uint256 _totalValue, uint256 _cumulativeLidoFees, uint256 _liabilityShares, uint256 _slashingReserve, bytes32[] calldata _proof ) external { bytes32 leaf = keccak256( bytes.concat( keccak256( abi.encode( _vault, _totalValue, _cumulativeLidoFees, _liabilityShares, _slashingReserve ) ) ) ); if (!MerkleProof.verify(_proof, _storage().vaultsDataTreeRoot, leaf)) revert InvalidProof(); int256 inOutDelta; (_totalValue, inOutDelta) = _handleSanityChecks(_vault, _totalValue); _vaultHub().applyVaultReport( _vault, _storage().vaultsDataTimestamp, _totalValue, inOutDelta, _cumulativeLidoFees, _liabilityShares, _slashingReserve ); } /// @notice handle sanity checks for the vault lazy report data /// @param _vault the address of the vault /// @param _totalValue the total value of the vault in refSlot /// @return totalValueWithoutQuarantine the smoothed total value of the vault after sanity checks /// @return inOutDeltaOnRefSlot the inOutDelta in the refSlot function _handleSanityChecks( address _vault, uint256 _totalValue ) public returns (uint256 totalValueWithoutQuarantine, int256 inOutDeltaOnRefSlot) { VaultHub vaultHub = _vaultHub(); VaultHub.VaultRecord memory record = vaultHub.vaultRecord(_vault); // 1. Calculate inOutDelta in the refSlot int256 currentInOutDelta = record.inOutDelta.value; inOutDeltaOnRefSlot = vaultHub.inOutDeltaAsOfLastRefSlot(_vault); // 2. Sanity check for total value increase totalValueWithoutQuarantine = _processTotalValue(_vault, _totalValue, inOutDeltaOnRefSlot, record); // 3. Sanity check for dynamic total value underflow if (int256(totalValueWithoutQuarantine) + currentInOutDelta - inOutDeltaOnRefSlot < 0) { revert UnderflowInTotalValueCalculation(); } } function _processTotalValue( address _vault, uint256 _reportedTotalValue, int256 _inOutDeltaOnRefSlot, VaultHub.VaultRecord memory record ) internal returns (uint256 totalValueWithoutQuarantine) { if (_reportedTotalValue > MAX_SANE_TOTAL_VALUE) { revert TotalValueTooLarge(); } Storage storage $ = _storage(); // total value from the previous report with inOutDelta correction till the current refSlot // it does not include CL difference and EL rewards for the period uint256 onchainTotalValueOnRefSlot = uint256(int256(uint256(record.report.totalValue)) + _inOutDeltaOnRefSlot - record.report.inOutDelta); // some percentage of funds hasn't passed through the vault's balance is allowed for the EL and CL rewards handling uint256 maxSaneTotalValue = onchainTotalValueOnRefSlot * (TOTAL_BASIS_POINTS + $.maxRewardRatioBP) / TOTAL_BASIS_POINTS; if (_reportedTotalValue > maxSaneTotalValue) { Quarantine storage q = $.vaultQuarantines[_vault]; uint64 reportTs = $.vaultsDataTimestamp; uint128 quarDelta = q.pendingTotalValueIncrease; uint128 delta = uint128(_reportedTotalValue - onchainTotalValueOnRefSlot); if (quarDelta == 0) { // first overlimit report _reportedTotalValue = onchainTotalValueOnRefSlot; q.pendingTotalValueIncrease = delta; q.startTimestamp = reportTs; emit QuarantinedDeposit(_vault, delta); } else if (reportTs - q.startTimestamp < $.quarantinePeriod) { // quarantine not expired _reportedTotalValue = onchainTotalValueOnRefSlot; } else if (delta <= quarDelta + onchainTotalValueOnRefSlot * $.maxRewardRatioBP / TOTAL_BASIS_POINTS) { // quarantine expired q.pendingTotalValueIncrease = 0; emit QuarantineExpired(_vault, delta); } else { // start new quarantine _reportedTotalValue = onchainTotalValueOnRefSlot + quarDelta; q.pendingTotalValueIncrease = delta - quarDelta; q.startTimestamp = reportTs; emit QuarantinedDeposit(_vault, delta - quarDelta); } } return _reportedTotalValue; } function _updateSanityParams(uint64 _quarantinePeriod, uint16 _maxRewardRatioBP) internal { Storage storage $ = _storage(); $.quarantinePeriod = _quarantinePeriod; $.maxRewardRatioBP = _maxRewardRatioBP; emit SanityParamsUpdated(_quarantinePeriod, _maxRewardRatioBP); } function _mintableStETH(address _vault) internal view returns (uint256) { VaultHub vaultHub = _vaultHub(); uint256 maxLockableValue = vaultHub.maxLockableValue(_vault); uint256 reserveRatioBP = vaultHub.vaultConnection(_vault).reserveRatioBP; uint256 mintableStETHByRR = maxLockableValue * (TOTAL_BASIS_POINTS - reserveRatioBP) / TOTAL_BASIS_POINTS; uint256 effectiveShareLimit = _operatorGrid().effectiveShareLimit(_vault); uint256 mintableStEthByShareLimit = ILido(LIDO_LOCATOR.lido()).getPooledEthBySharesRoundUp(effectiveShareLimit); return Math256.min(mintableStETHByRR, mintableStEthByShareLimit); } function _storage() internal pure returns (Storage storage $) { assembly { $.slot := LAZY_ORACLE_STORAGE_LOCATION } } function _vaultHub() internal view returns (VaultHub) { return VaultHub(payable(LIDO_LOCATOR.vaultHub())); } function _operatorGrid() internal view returns (OperatorGrid) { return OperatorGrid(LIDO_LOCATOR.operatorGrid()); } event VaultsReportDataUpdated(uint256 indexed timestamp, bytes32 indexed root, string cid); event QuarantinedDeposit(address indexed vault, uint128 delta); event SanityParamsUpdated(uint64 quarantinePeriod, uint16 maxRewardRatioBP); event QuarantineExpired(address indexed vault, uint128 delta); error AdminCannotBeZero(); error NotAuthorized(); error InvalidProof(); error UnderflowInTotalValueCalculation(); error TotalValueTooLarge(); }
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/extensions/IAccessControlEnumerable.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "../IAccessControl.sol";
/**
* @dev External interface of AccessControlEnumerable declared to support ERC-165 detection.
*/
interface IAccessControlEnumerable is IAccessControl {
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) external view returns (uint256);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/IAccessControl.sol)
pragma solidity ^0.8.20;
/**
* @dev External interface of AccessControl declared to support ERC-165 detection.
*/
interface IAccessControl {
/**
* @dev The `account` is missing a role.
*/
error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);
/**
* @dev The caller of a function is not the expected one.
*
* NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.
*/
error AccessControlBadConfirmation();
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call. This account bears the admin role (for the granted role).
* Expected in cases where the role was granted using the internal {AccessControl-_grantRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*/
function renounceRole(bytes32 role, address callerConfirmation) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/Hashes.sol)
pragma solidity ^0.8.20;
/**
* @dev Library of standard hash functions.
*
* _Available since v5.1._
*/
library Hashes {
/**
* @dev Commutative Keccak256 hash of a sorted pair of bytes32. Frequently used when working with merkle proofs.
*
* NOTE: Equivalent to the `standardNodeHash` in our https://github.com/OpenZeppelin/merkle-tree[JavaScript library].
*/
function commutativeKeccak256(bytes32 a, bytes32 b) internal pure returns (bytes32) {
return a < b ? _efficientKeccak256(a, b) : _efficientKeccak256(b, a);
}
/**
* @dev Implementation of keccak256(abi.encode(a, b)) that doesn't allocate or expand memory.
*/
function _efficientKeccak256(bytes32 a, bytes32 b) private pure returns (bytes32 value) {
assembly ("memory-safe") {
mstore(0x00, a)
mstore(0x20, b)
value := keccak256(0x00, 0x40)
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/MerkleProof.sol)
// This file was procedurally generated from scripts/generate/templates/MerkleProof.js.
pragma solidity ^0.8.20;
import {Hashes} from "./Hashes.sol";
/**
* @dev These functions deal with verification of Merkle Tree proofs.
*
* The tree and the proofs can be generated using our
* https://github.com/OpenZeppelin/merkle-tree[JavaScript library].
* You will find a quickstart guide in the readme.
*
* WARNING: You should avoid using leaf values that are 64 bytes long prior to
* hashing, or use a hash function other than keccak256 for hashing leaves.
* This is because the concatenation of a sorted pair of internal nodes in
* the Merkle tree could be reinterpreted as a leaf value.
* OpenZeppelin's JavaScript library generates Merkle trees that are safe
* against this attack out of the box.
*
* IMPORTANT: Consider memory side-effects when using custom hashing functions
* that access memory in an unsafe way.
*
* NOTE: This library supports proof verification for merkle trees built using
* custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving
* leaf inclusion in trees built using non-commutative hashing functions requires
* additional logic that is not supported by this library.
*/
library MerkleProof {
/**
*@dev The multiproof provided is not valid.
*/
error MerkleProofInvalidMultiproof();
/**
* @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
* defined by `root`. For this, a `proof` must be provided, containing
* sibling hashes on the branch from the leaf to the root of the tree. Each
* pair of leaves and each pair of pre-images are assumed to be sorted.
*
* This version handles proofs in memory with the default hashing function.
*/
function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
return processProof(proof, leaf) == root;
}
/**
* @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
* from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
* hash matches the root of the tree. When processing the proof, the pairs
* of leaves & pre-images are assumed to be sorted.
*
* This version handles proofs in memory with the default hashing function.
*/
function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
computedHash = Hashes.commutativeKeccak256(computedHash, proof[i]);
}
return computedHash;
}
/**
* @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
* defined by `root`. For this, a `proof` must be provided, containing
* sibling hashes on the branch from the leaf to the root of the tree. Each
* pair of leaves and each pair of pre-images are assumed to be sorted.
*
* This version handles proofs in memory with a custom hashing function.
*/
function verify(
bytes32[] memory proof,
bytes32 root,
bytes32 leaf,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bool) {
return processProof(proof, leaf, hasher) == root;
}
/**
* @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
* from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
* hash matches the root of the tree. When processing the proof, the pairs
* of leaves & pre-images are assumed to be sorted.
*
* This version handles proofs in memory with a custom hashing function.
*/
function processProof(
bytes32[] memory proof,
bytes32 leaf,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bytes32) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
computedHash = hasher(computedHash, proof[i]);
}
return computedHash;
}
/**
* @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
* defined by `root`. For this, a `proof` must be provided, containing
* sibling hashes on the branch from the leaf to the root of the tree. Each
* pair of leaves and each pair of pre-images are assumed to be sorted.
*
* This version handles proofs in calldata with the default hashing function.
*/
function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
return processProofCalldata(proof, leaf) == root;
}
/**
* @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
* from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
* hash matches the root of the tree. When processing the proof, the pairs
* of leaves & pre-images are assumed to be sorted.
*
* This version handles proofs in calldata with the default hashing function.
*/
function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
computedHash = Hashes.commutativeKeccak256(computedHash, proof[i]);
}
return computedHash;
}
/**
* @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
* defined by `root`. For this, a `proof` must be provided, containing
* sibling hashes on the branch from the leaf to the root of the tree. Each
* pair of leaves and each pair of pre-images are assumed to be sorted.
*
* This version handles proofs in calldata with a custom hashing function.
*/
function verifyCalldata(
bytes32[] calldata proof,
bytes32 root,
bytes32 leaf,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bool) {
return processProofCalldata(proof, leaf, hasher) == root;
}
/**
* @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
* from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
* hash matches the root of the tree. When processing the proof, the pairs
* of leaves & pre-images are assumed to be sorted.
*
* This version handles proofs in calldata with a custom hashing function.
*/
function processProofCalldata(
bytes32[] calldata proof,
bytes32 leaf,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bytes32) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
computedHash = hasher(computedHash, proof[i]);
}
return computedHash;
}
/**
* @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by
* `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
*
* This version handles multiproofs in memory with the default hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
*
* NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`.
* The `leaves` must be validated independently. See {processMultiProof}.
*/
function multiProofVerify(
bytes32[] memory proof,
bool[] memory proofFlags,
bytes32 root,
bytes32[] memory leaves
) internal pure returns (bool) {
return processMultiProof(proof, proofFlags, leaves) == root;
}
/**
* @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction
* proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another
* leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false
* respectively.
*
* This version handles multiproofs in memory with the default hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree
* is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the
* tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).
*
* NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op,
* and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not
* validating the leaves elsewhere.
*/
function processMultiProof(
bytes32[] memory proof,
bool[] memory proofFlags,
bytes32[] memory leaves
) internal pure returns (bytes32 merkleRoot) {
// This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
// consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
// `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
// the Merkle tree.
uint256 leavesLen = leaves.length;
uint256 proofFlagsLen = proofFlags.length;
// Check proof validity.
if (leavesLen + proof.length != proofFlagsLen + 1) {
revert MerkleProofInvalidMultiproof();
}
// The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
// `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
bytes32[] memory hashes = new bytes32[](proofFlagsLen);
uint256 leafPos = 0;
uint256 hashPos = 0;
uint256 proofPos = 0;
// At each step, we compute the next hash using two values:
// - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
// get the next hash.
// - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
// `proof` array.
for (uint256 i = 0; i < proofFlagsLen; i++) {
bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
bytes32 b = proofFlags[i]
? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
: proof[proofPos++];
hashes[i] = Hashes.commutativeKeccak256(a, b);
}
if (proofFlagsLen > 0) {
if (proofPos != proof.length) {
revert MerkleProofInvalidMultiproof();
}
unchecked {
return hashes[proofFlagsLen - 1];
}
} else if (leavesLen > 0) {
return leaves[0];
} else {
return proof[0];
}
}
/**
* @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by
* `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
*
* This version handles multiproofs in memory with a custom hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
*
* NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`.
* The `leaves` must be validated independently. See {processMultiProof}.
*/
function multiProofVerify(
bytes32[] memory proof,
bool[] memory proofFlags,
bytes32 root,
bytes32[] memory leaves,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bool) {
return processMultiProof(proof, proofFlags, leaves, hasher) == root;
}
/**
* @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction
* proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another
* leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false
* respectively.
*
* This version handles multiproofs in memory with a custom hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree
* is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the
* tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).
*
* NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op,
* and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not
* validating the leaves elsewhere.
*/
function processMultiProof(
bytes32[] memory proof,
bool[] memory proofFlags,
bytes32[] memory leaves,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bytes32 merkleRoot) {
// This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
// consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
// `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
// the Merkle tree.
uint256 leavesLen = leaves.length;
uint256 proofFlagsLen = proofFlags.length;
// Check proof validity.
if (leavesLen + proof.length != proofFlagsLen + 1) {
revert MerkleProofInvalidMultiproof();
}
// The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
// `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
bytes32[] memory hashes = new bytes32[](proofFlagsLen);
uint256 leafPos = 0;
uint256 hashPos = 0;
uint256 proofPos = 0;
// At each step, we compute the next hash using two values:
// - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
// get the next hash.
// - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
// `proof` array.
for (uint256 i = 0; i < proofFlagsLen; i++) {
bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
bytes32 b = proofFlags[i]
? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
: proof[proofPos++];
hashes[i] = hasher(a, b);
}
if (proofFlagsLen > 0) {
if (proofPos != proof.length) {
revert MerkleProofInvalidMultiproof();
}
unchecked {
return hashes[proofFlagsLen - 1];
}
} else if (leavesLen > 0) {
return leaves[0];
} else {
return proof[0];
}
}
/**
* @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by
* `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
*
* This version handles multiproofs in calldata with the default hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
*
* NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`.
* The `leaves` must be validated independently. See {processMultiProofCalldata}.
*/
function multiProofVerifyCalldata(
bytes32[] calldata proof,
bool[] calldata proofFlags,
bytes32 root,
bytes32[] memory leaves
) internal pure returns (bool) {
return processMultiProofCalldata(proof, proofFlags, leaves) == root;
}
/**
* @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction
* proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another
* leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false
* respectively.
*
* This version handles multiproofs in calldata with the default hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree
* is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the
* tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).
*
* NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op,
* and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not
* validating the leaves elsewhere.
*/
function processMultiProofCalldata(
bytes32[] calldata proof,
bool[] calldata proofFlags,
bytes32[] memory leaves
) internal pure returns (bytes32 merkleRoot) {
// This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
// consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
// `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
// the Merkle tree.
uint256 leavesLen = leaves.length;
uint256 proofFlagsLen = proofFlags.length;
// Check proof validity.
if (leavesLen + proof.length != proofFlagsLen + 1) {
revert MerkleProofInvalidMultiproof();
}
// The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
// `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
bytes32[] memory hashes = new bytes32[](proofFlagsLen);
uint256 leafPos = 0;
uint256 hashPos = 0;
uint256 proofPos = 0;
// At each step, we compute the next hash using two values:
// - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
// get the next hash.
// - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
// `proof` array.
for (uint256 i = 0; i < proofFlagsLen; i++) {
bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
bytes32 b = proofFlags[i]
? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
: proof[proofPos++];
hashes[i] = Hashes.commutativeKeccak256(a, b);
}
if (proofFlagsLen > 0) {
if (proofPos != proof.length) {
revert MerkleProofInvalidMultiproof();
}
unchecked {
return hashes[proofFlagsLen - 1];
}
} else if (leavesLen > 0) {
return leaves[0];
} else {
return proof[0];
}
}
/**
* @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by
* `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
*
* This version handles multiproofs in calldata with a custom hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
*
* NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return `true`.
* The `leaves` must be validated independently. See {processMultiProofCalldata}.
*/
function multiProofVerifyCalldata(
bytes32[] calldata proof,
bool[] calldata proofFlags,
bytes32 root,
bytes32[] memory leaves,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bool) {
return processMultiProofCalldata(proof, proofFlags, leaves, hasher) == root;
}
/**
* @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction
* proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another
* leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false
* respectively.
*
* This version handles multiproofs in calldata with a custom hashing function.
*
* CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree
* is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the
* tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).
*
* NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is considered a no-op,
* and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case if you're not
* validating the leaves elsewhere.
*/
function processMultiProofCalldata(
bytes32[] calldata proof,
bool[] calldata proofFlags,
bytes32[] memory leaves,
function(bytes32, bytes32) view returns (bytes32) hasher
) internal view returns (bytes32 merkleRoot) {
// This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
// consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
// `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
// the Merkle tree.
uint256 leavesLen = leaves.length;
uint256 proofFlagsLen = proofFlags.length;
// Check proof validity.
if (leavesLen + proof.length != proofFlagsLen + 1) {
revert MerkleProofInvalidMultiproof();
}
// The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
// `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
bytes32[] memory hashes = new bytes32[](proofFlagsLen);
uint256 leafPos = 0;
uint256 hashPos = 0;
uint256 proofPos = 0;
// At each step, we compute the next hash using two values:
// - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
// get the next hash.
// - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
// `proof` array.
for (uint256 i = 0; i < proofFlagsLen; i++) {
bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
bytes32 b = proofFlags[i]
? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
: proof[proofPos++];
hashes[i] = hasher(a, b);
}
if (proofFlagsLen > 0) {
if (proofPos != proof.length) {
revert MerkleProofInvalidMultiproof();
}
unchecked {
return hashes[proofFlagsLen - 1];
}
} else if (leavesLen > 0) {
return leaves[0];
} else {
return proof[0];
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/IERC165.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity ^0.8.20;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```solidity
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*
* [WARNING]
* ====
* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
* unusable.
* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
*
* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
* array of EnumerableSet.
* ====
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position is the index of the value in the `values` array plus 1.
// Position 0 is used to mean a value is not in the set.
mapping(bytes32 value => uint256) _positions;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._positions[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We cache the value's position to prevent multiple reads from the same storage slot
uint256 position = set._positions[value];
if (position != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 valueIndex = position - 1;
uint256 lastIndex = set._values.length - 1;
if (valueIndex != lastIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the lastValue to the index where the value to delete is
set._values[valueIndex] = lastValue;
// Update the tracked position of the lastValue (that was just moved)
set._positions[lastValue] = position;
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the tracked position for the deleted slot
delete set._positions[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._positions[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
assembly ("memory-safe") {
result := store
}
return result;
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
assembly ("memory-safe") {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
assembly ("memory-safe") {
result := store
}
return result;
}
}// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; import {Confirmations} from "./Confirmations.sol"; /** * @title Confirmable2Addresses * @author Lido * @notice An extension of Confirmations that allows exectuing functions by mutual confirmation. * @dev In this implementation, roles are treated as addresses. */ abstract contract Confirmable2Addresses is Confirmations { function _collectAndCheckConfirmations(bytes calldata _calldata, address _role1, address _role2) internal returns (bool) { bytes32[] memory roles = new bytes32[](2); roles[0] = bytes32(uint256(uint160(_role1))); roles[1] = bytes32(uint256(uint160(_role2))); return _collectAndCheckConfirmations(_calldata, roles); } function _isValidConfirmer(bytes32 _roleAsAddress) internal view override returns (bool) { return _roleAsAddress == bytes32(uint256(uint160(msg.sender))); } }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; /** * @title Confirmations * @author Lido * @notice A contract that allows executing functions by mutual confirmation. */ abstract contract Confirmations { /** * @notice Tracks confirmations * @dev We cannot set confirmExpiry to 0 because this means that all confirmations have to be in the same block, * which can never be guaranteed. And, more importantly, if the `_setConfirmExpiry` is restricted by * the `onlyConfirmed` modifier, the confirmation expiry will be tricky to change. * This is why confirmExpiry is private, set to a default value of 1 hour and cannot be set to 0. * * Storage layout: * - callData: msg.data of the call (selector + arguments) * - role: role that confirmed the action * - expiryTimestamp: timestamp of the confirmation * * - confirmExpiry: confirmation expiry period in seconds */ struct ConfirmationStorage { mapping(bytes callData => mapping(bytes32 role => uint256 expiryTimestamp)) confirmations; uint256 confirmExpiry; } /** * @notice Storage offset slot for ERC-7201 namespace * The storage namespace is used to prevent upgrade collisions * keccak256(abi.encode(uint256(keccak256("Lido.Vaults.storage.Confirmations")) - 1)) & ~bytes32(uint256(0xff)) */ bytes32 private constant CONFIRMATIONS_STORAGE_LOCATION = 0x1b8b5828bd311c11f60881dedc705c95b2fbc3408c25f5c1964af0a81ceb0900; /** * @notice Minimal confirmation expiry in seconds. */ uint256 public constant MIN_CONFIRM_EXPIRY = 1 hours; /** * @notice Maximal confirmation expiry in seconds. */ uint256 public constant MAX_CONFIRM_EXPIRY = 30 days; function __Confirmations_init() internal { _setConfirmExpiry(1 days); } /** * @notice Returns the confirmation expiry. * @return The confirmation expiry in seconds. */ function getConfirmExpiry() public view returns (uint256) { return _getConfirmationsStorage().confirmExpiry; } /** * @notice Returns the confirmation expiry for a given call data and confirmer. * @param _callData The call data of the function. * @param _role The role of the confirmer. * @return The confirmation expiration timestamp or 0 if there was no confirmation from this role to this _callData */ function confirmation(bytes memory _callData, bytes32 _role) external view returns (uint256) { return _getConfirmationsStorage().confirmations[_callData][_role]; } /** * @dev Processes a confirmation from the current caller and checks if all required confirmations are present. * Confirmation, in this context, is a call to the same function with the same arguments. * This is a one-off operation that either: * - Collects the current caller's confirmation and returns false if not enough confirmations * - Or clears all confirmations and returns true if all required confirmations are present * * The confirmation process works as follows: * 1. When a role member calls the function: * - Their confirmation is counted immediately * - If not enough confirmations exist, their confirmation is recorded * - If they're not a member of any of the specified roles, the call reverts * * 2. Confirmation counting: * - Counts the current caller's confirmations if they're a member of any of the specified roles * - Counts existing confirmations that are not expired, i.e. expiry is not exceeded * * 3. Confirmation Management: * - If all members of the specified roles have confirmed: * a. Clears all confirmations for this call * b. Returns true to indicate that the function can be executed * - If not enough confirmations: * a. Stores the current confirmations * b. Returns false to indicate that the function cannot be executed yet * - Thus, if the caller has all the roles, returns true immediately * * 4. Gas Optimization: * - Confirmations are stored in a deferred manner using a memory array * - Confirmation storage writes only occur if the function cannot be executed immediately * - This prevents unnecessary storage writes when all confirmations are present, * because the confirmations are cleared anyway after the function is executed, * - i.e. this optimization is beneficial for the deciding caller and * saves 1 storage write for each role the deciding caller has * * @param _calldata msg.data of the call (selector + arguments) * @param _roles Array of role identifiers that must confirm the call in order to execute it * @return bool True if all required confirmations are present and the function can be executed, false otherwise * * @notice Confirmations past their expiry are not counted and must be recast * @notice Only members of the specified roles can submit confirmations * @notice The order of confirmations does not matter * */ function _collectAndCheckConfirmations(bytes calldata _calldata, bytes32[] memory _roles) internal returns (bool) { if (_roles.length == 0) revert ZeroConfirmingRoles(); uint256 numberOfRoles = _roles.length; uint256 numberOfConfirms = 0; bool[] memory deferredConfirms = new bool[](numberOfRoles); bool isRoleMember = false; ConfirmationStorage storage $ = _getConfirmationsStorage(); uint256 expiryTimestamp = block.timestamp + $.confirmExpiry; for (uint256 i = 0; i < numberOfRoles; ++i) { bytes32 role = _roles[i]; if (_isValidConfirmer(role)) { isRoleMember = true; numberOfConfirms++; deferredConfirms[i] = true; emit RoleMemberConfirmed(msg.sender, role, block.timestamp, expiryTimestamp, msg.data); } else if ($.confirmations[_calldata][role] >= block.timestamp) { numberOfConfirms++; } } if (!isRoleMember) revert SenderNotMember(); if (numberOfConfirms == numberOfRoles) { for (uint256 i = 0; i < numberOfRoles; ++i) { bytes32 role = _roles[i]; delete $.confirmations[_calldata][role]; } return true; } else { for (uint256 i = 0; i < numberOfRoles; ++i) { if (deferredConfirms[i]) { bytes32 role = _roles[i]; $.confirmations[_calldata][role] = expiryTimestamp; } } return false; } } /** * @notice Checks if the caller is a valid confirmer * @param _role The role to check * @return bool True if the caller is a valid confirmer */ function _isValidConfirmer(bytes32 _role) internal view virtual returns (bool); /** * @dev Sets the confirmation expiry. * Confirmation expiry is a period during which the confirmation is counted. Once expired, * the confirmation no longer counts and must be recasted for the confirmation to go through. * @dev Does not retroactively apply to existing confirmations. * @param _newConfirmExpiry The new confirmation expiry in seconds. */ function _setConfirmExpiry(uint256 _newConfirmExpiry) internal { _validateConfirmExpiry(_newConfirmExpiry); ConfirmationStorage storage $ = _getConfirmationsStorage(); uint256 oldConfirmExpiry = $.confirmExpiry; $.confirmExpiry = _newConfirmExpiry; emit ConfirmExpirySet(msg.sender, oldConfirmExpiry, _newConfirmExpiry); } function _validateConfirmExpiry(uint256 _newConfirmExpiry) internal pure { if (_newConfirmExpiry < MIN_CONFIRM_EXPIRY || _newConfirmExpiry > MAX_CONFIRM_EXPIRY) revert ConfirmExpiryOutOfBounds(); } function _getConfirmationsStorage() private pure returns (ConfirmationStorage storage $) { assembly { $.slot := CONFIRMATIONS_STORAGE_LOCATION } } /** * @dev Emitted when the confirmation expiry is set. * @param oldConfirmExpiry The old confirmation expiry. * @param newConfirmExpiry The new confirmation expiry. */ event ConfirmExpirySet(address indexed sender, uint256 oldConfirmExpiry, uint256 newConfirmExpiry); /** * @dev Emitted when a role member confirms. * @param member The address of the confirming member. * @param role The role of the confirming member. * @param confirmTimestamp The timestamp of the confirmation. * @param expiryTimestamp The timestamp when this confirmation expires. * @param data The msg.data of the confirmation (selector + arguments). */ event RoleMemberConfirmed(address indexed member, bytes32 indexed role, uint256 confirmTimestamp, uint256 expiryTimestamp, bytes data); /** * @dev Thrown when attempting to set confirmation expiry out of bounds. */ error ConfirmExpiryOutOfBounds(); /** * @dev Thrown when a caller without a required role attempts to confirm. */ error SenderNotMember(); /** * @dev Thrown when the roles array is empty. */ error ZeroConfirmingRoles(); }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; import {AccessControlEnumerableUpgradeable} from "contracts/openzeppelin/5.2/upgradeable/access/extensions/AccessControlEnumerableUpgradeable.sol"; import {PausableUntil} from "contracts/common/utils/PausableUntil.sol"; /** * @title PausableUntilWithRoles * @notice a `PausableUntil` implementation using OpenZeppelin's `AccessControlEnumerableUpgradeable` * @dev the inheriting contract must use `whenNotPaused` modifier from `PausableUntil` to block some functions on pause */ abstract contract PausableUntilWithRoles is PausableUntil, AccessControlEnumerableUpgradeable { /// @notice role that allows to pause the contract bytes32 public constant PAUSE_ROLE = keccak256("PausableUntilWithRoles.PauseRole"); /// @notice role that allows to resume the contract bytes32 public constant RESUME_ROLE = keccak256("PausableUntilWithRoles.ResumeRole"); /** * @notice Resume the contract * @dev Reverts if contracts is not paused * @dev Reverts if sender has no `RESUME_ROLE` */ function resume() external onlyRole(RESUME_ROLE) { _resume(); } /** * @notice Pause the contract for a specified period * @param _duration pause duration in seconds (use `PAUSE_INFINITELY` for unlimited) * @dev Reverts if contract is already paused * @dev Reverts if sender has no `PAUSE_ROLE` * @dev Reverts if zero duration is passed */ function pauseFor(uint256 _duration) external onlyRole(PAUSE_ROLE) { _pauseFor(_duration); } /** * @notice Pause the contract until a specified timestamp * @param _pauseUntilInclusive the last second to pause until inclusive * @dev Reverts if the timestamp is in the past * @dev Reverts if sender has no `PAUSE_ROLE` * @dev Reverts if contract is already paused */ function pauseUntil(uint256 _pauseUntilInclusive) external onlyRole(PAUSE_ROLE) { _pauseUntil(_pauseUntilInclusive); } }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.8.0; import {IStakingVault} from "./IStakingVault.sol"; /** * @title IPredepositGuarantee * @author Lido * @notice Interface for the `PredepositGuarantee` contract */ interface IPredepositGuarantee { /** * @notice user input for validator proof verification * @custom:proof array of merkle proofs from parent(pubkey,wc) node to Beacon block root * @custom:pubkey of validator to prove * @custom:validatorIndex of validator in CL state tree * @custom:childBlockTimestamp of EL block that has parent block beacon root in BEACON_ROOTS contract * @custom:slot of the beacon block for which the proof is generated * @custom:proposerIndex of the beacon block for which the proof is generated */ struct ValidatorWitness { bytes32[] proof; bytes pubkey; uint256 validatorIndex; uint64 childBlockTimestamp; uint64 slot; uint64 proposerIndex; } function compensateDisprovenPredeposit( bytes calldata _validatorPubkey, address _recipient ) external returns (uint256 compensatedEther); function proveUnknownValidator(ValidatorWitness calldata _witness, IStakingVault _stakingVault) external; }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.8.0; import {IDepositContract} from "contracts/common/interfaces/IDepositContract.sol"; /** * @title IStakingVault * @author Lido * @notice Interface for the `StakingVault` contract */ interface IStakingVault { /** * @notice validator deposit from the `StakingVault` to the beacon chain * @dev withdrawal credentials are provided by the vault * @custom:pubkey The validator's BLS public key (48 bytes) * @custom:signature BLS signature of the deposit data (96 bytes) * @custom:amount Amount of ETH to deposit in wei (must be a multiple of 1 ETH) * @custom:depositDataRoot The root hash of the deposit data per ETH beacon spec */ struct Deposit { bytes pubkey; bytes signature; uint256 amount; bytes32 depositDataRoot; } function DEPOSIT_CONTRACT() external view returns (IDepositContract); function initialize(address _owner, address _nodeOperator, address _depositor) external; function version() external pure returns (uint64); function getInitializedVersion() external view returns (uint64); function withdrawalCredentials() external view returns (bytes32); function owner() external view returns (address); function pendingOwner() external view returns (address); function acceptOwnership() external; function transferOwnership(address _newOwner) external; function nodeOperator() external view returns (address); function depositor() external view returns (address); function isOssified() external view returns (bool); function calculateValidatorWithdrawalFee(uint256 _keysCount) external view returns (uint256); function fund() external payable; function withdraw(address _recipient, uint256 _ether) external; function beaconChainDepositsPaused() external view returns (bool); function pauseBeaconChainDeposits() external; function resumeBeaconChainDeposits() external; function depositToBeaconChain(Deposit[] calldata _deposits) external; function requestValidatorExit(bytes calldata _pubkeys) external; function triggerValidatorWithdrawals(bytes calldata _pubkeys, uint64[] calldata _amounts, address _refundRecipient) external payable; function ejectValidators(bytes calldata _pubkeys, address _refundRecipient) external payable; function setDepositor(address _depositor) external; function ossify() external; }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; import {IHashConsensus} from "contracts/common/interfaces/IHashConsensus.sol"; library RefSlotCache { struct Int112WithRefSlotCache { int112 value; int112 valueOnRefSlot; uint32 refSlot; } struct Uint112WithRefSlotCache { uint112 value; uint112 valueOnRefSlot; uint32 refSlot; } /// @notice Increases the value and caches the previous value for the current refSlot /// @param _storage The storage slot to update /// @param _consensus The consensus contract to get the current refSlot /// @param _increment increment the value by this amount /// @return the updated struct to be saved in storage function withValueIncrease( Uint112WithRefSlotCache storage _storage, IHashConsensus _consensus, uint112 _increment ) internal view returns (Uint112WithRefSlotCache memory) { (uint256 refSlot, ) = _consensus.getCurrentFrame(); Uint112WithRefSlotCache memory newStorage = _storage; if (newStorage.refSlot != uint32(refSlot)) { // 32 bits is enough precision for this kind of comparison newStorage.valueOnRefSlot = _storage.value; newStorage.refSlot = uint32(refSlot); } newStorage.value += _increment; return newStorage; } /// @notice Increases the value and caches the previous value for the current refSlot /// @param _storage The storage slot to update /// @param _consensus The consensus contract to get the current refSlot /// @param _increment increment the value by this amount /// @return the updated struct to be saved in storage function withValueIncrease( Int112WithRefSlotCache storage _storage, IHashConsensus _consensus, int112 _increment ) internal view returns (Int112WithRefSlotCache memory) { (uint256 refSlot, ) = _consensus.getCurrentFrame(); Int112WithRefSlotCache memory newStorage = _storage; if (newStorage.refSlot != uint32(refSlot)) { // 32 bits is enough precision for this kind of comparison newStorage.valueOnRefSlot = _storage.value; newStorage.refSlot = uint32(refSlot); } newStorage.value += _increment; return newStorage; } /// @notice Returns the value for the current refSlot /// @param _storage the storage pointer for the cached value /// @param _consensus the consensus contract to get the current refSlot /// @return the cached value if it's changed since the last refSlot, the current value otherwise function getValueForLastRefSlot( Uint112WithRefSlotCache storage _storage, IHashConsensus _consensus ) internal view returns (uint112) { (uint256 refSlot, ) = _consensus.getCurrentFrame(); if (uint32(refSlot) > _storage.refSlot) { return _storage.value; } else { return _storage.valueOnRefSlot; } } /// @notice Returns the value for the current refSlot /// @param _storage the storage pointer for the cached value /// @param _consensus the consensus contract to get the current refSlot /// @return the cached value if it's changed since the last refSlot, the current value otherwise function getValueForLastRefSlot( Int112WithRefSlotCache storage _storage, IHashConsensus _consensus ) internal view returns (int112) { (uint256 refSlot, ) = _consensus.getCurrentFrame(); if (uint32(refSlot) > _storage.refSlot) { return _storage.value; } else { return _storage.valueOnRefSlot; } } }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; import {AccessControlEnumerableUpgradeable} from "contracts/openzeppelin/5.2/upgradeable/access/extensions/AccessControlEnumerableUpgradeable.sol"; import {Math256} from "contracts/common/lib/Math256.sol"; import {ILidoLocator} from "contracts/common/interfaces/ILidoLocator.sol"; import {Confirmable2Addresses} from "../utils/Confirmable2Addresses.sol"; import {IStakingVault} from "./interfaces/IStakingVault.sol"; import {VaultHub} from "./VaultHub.sol"; struct TierParams { uint256 shareLimit; uint256 reserveRatioBP; uint256 forcedRebalanceThresholdBP; uint256 infraFeeBP; uint256 liquidityFeeBP; uint256 reservationFeeBP; } /** * @title OperatorGrid * @author loga4 * @notice * OperatorGrid is a contract that manages mint parameters for vaults when they are connected to the VaultHub. * These parameters include: * - shareLimit: maximum amount of shares that can be minted * - reserveRatioBP: reserve ratio in basis points * - forcedRebalanceThresholdBP: forced rebalance threshold in basis points * - infraFeeBP: infra fee in basis points * - liquidityFeeBP: liquidity fee in basis points * - reservationFeeBP: reservation fee in basis points * * These parameters are determined by the Tier in which the Vault is registered. * */ contract OperatorGrid is AccessControlEnumerableUpgradeable, Confirmable2Addresses { /* Key concepts: 1. Default Registration: - All Vaults initially have default tier (DEFAULT_TIER_ID = 0) - The default tier has no group DEFAULT_TIER_ID = 0 ┌──────────────────────┐ │ Tier 1 │ │ tierShareLimit = z │ │ Vault_1 ... Vault_m │ └──────────────────────┘ 2. Tier Change Process: - To predefine vaults tier or modify the existing vault's connection parameters to VaultHub, a tier change must be requested - Both vault owner and node operator must confirm the change (doesn't matter who confirms first) - The confirmation has an expiry time (default 1 hour) 3. Tier Reset: - When a vault is disconnected from VaultHub, its tier is automatically reset to the default tier (DEFAULT_TIER_ID) 4. Tier Capacity: - Tiers are not limited by the number of vaults - Tiers are limited by the sum of vaults' liability shares ┌──────────────────────────────────────────────────────┐ │ Group 1 = operator 1 │ │ ┌────────────────────────────────────────────────┐ │ │ │ groupShareLimit = 1kk │ │ │ └────────────────────────────────────────────────┘ │ │ ┌──────────────────────┐ ┌──────────────────────┐ │ │ │ Tier 1 │ │ Tier 2 │ │ │ │ tierShareLimit = x │ │ tierShareLimit = y │ │ │ │ Vault_2 ... Vault_k │ │ │ │ │ └──────────────────────┘ └──────────────────────┘ │ └──────────────────────────────────────────────────────┘ */ bytes32 public constant REGISTRY_ROLE = keccak256("vaults.OperatorsGrid.Registry"); /// @notice Lido Locator contract ILidoLocator public immutable LIDO_LOCATOR; uint256 public constant DEFAULT_TIER_ID = 0; // Special address to denote that default tier is not linked to any real operator address public constant DEFAULT_TIER_OPERATOR = address(uint160(type(uint160).max)); /// @dev basis points base uint256 internal constant TOTAL_BASIS_POINTS = 100_00; /// @dev max value for fees in basis points - it's about 650% uint256 internal constant MAX_FEE_BP = type(uint16).max; // ----------------------------- // STRUCTS // ----------------------------- struct Group { address operator; uint96 shareLimit; uint96 liabilityShares; uint256[] tierIds; } struct Tier { address operator; uint96 shareLimit; uint96 liabilityShares; uint16 reserveRatioBP; uint16 forcedRebalanceThresholdBP; uint16 infraFeeBP; uint16 liquidityFeeBP; uint16 reservationFeeBP; } /** * @notice ERC-7201 storage namespace for the OperatorGrid * @dev ERC-7201 namespace is used to prevent upgrade collisions * @custom:storage-location erc7201:Lido.Vaults.OperatorGrid * @custom:tiers Tiers * @custom:vaultTier Vault tier * @custom:groups Groups * @custom:nodeOperators Node operators */ struct ERC7201Storage { Tier[] tiers; mapping(address vault => uint256 tierId) vaultTier; mapping(address nodeOperator => Group) groups; address[] nodeOperators; } /** * @notice Storage offset slot for ERC-7201 namespace * The storage namespace is used to prevent upgrade collisions * keccak256(abi.encode(uint256(keccak256("Lido.Vaults.OperatorGrid")) - 1)) & ~bytes32(uint256(0xff)) */ bytes32 private constant OPERATOR_GRID_STORAGE_LOCATION = 0x6b64617c951381e2c1eff2be939fe368ab6d76b7d335df2e47ba2309eba1c700; /// @notice Initializes the contract with a LidoLocator /// @param _locator LidoLocator contract constructor(ILidoLocator _locator) { LIDO_LOCATOR = _locator; _disableInitializers(); } /// @notice Initializes the contract with an admin /// @param _admin Address of the admin /// @param _defaultTierParams Default tier params for the default tier function initialize(address _admin, TierParams calldata _defaultTierParams) external initializer { if (_admin == address(0)) revert ZeroArgument("_admin"); __AccessControlEnumerable_init(); __Confirmations_init(); _grantRole(DEFAULT_ADMIN_ROLE, _admin); ERC7201Storage storage $ = _getStorage(); //create default tier with default share limit $.tiers.push( Tier({ operator: DEFAULT_TIER_OPERATOR, shareLimit: uint96(_defaultTierParams.shareLimit), reserveRatioBP: uint16(_defaultTierParams.reserveRatioBP), forcedRebalanceThresholdBP: uint16(_defaultTierParams.forcedRebalanceThresholdBP), infraFeeBP: uint16(_defaultTierParams.infraFeeBP), liquidityFeeBP: uint16(_defaultTierParams.liquidityFeeBP), reservationFeeBP: uint16(_defaultTierParams.reservationFeeBP), liabilityShares: 0 }) ); } /// @notice Registers a new group /// @param _nodeOperator address of the node operator /// @param _shareLimit Maximum share limit for the group function registerGroup(address _nodeOperator, uint256 _shareLimit) external onlyRole(REGISTRY_ROLE) { if (_nodeOperator == address(0)) revert ZeroArgument("_nodeOperator"); ERC7201Storage storage $ = _getStorage(); if ($.groups[_nodeOperator].operator != address(0)) revert GroupExists(); $.groups[_nodeOperator] = Group({ operator: _nodeOperator, shareLimit: uint96(_shareLimit), liabilityShares: 0, tierIds: new uint256[](0) }); $.nodeOperators.push(_nodeOperator); emit GroupAdded(_nodeOperator, uint96(_shareLimit)); } /// @notice Updates the share limit of a group /// @param _nodeOperator address of the node operator /// @param _shareLimit New share limit value function updateGroupShareLimit(address _nodeOperator, uint256 _shareLimit) external onlyRole(REGISTRY_ROLE) { if (_nodeOperator == address(0)) revert ZeroArgument("_nodeOperator"); ERC7201Storage storage $ = _getStorage(); Group storage group_ = $.groups[_nodeOperator]; if (group_.operator == address(0)) revert GroupNotExists(); group_.shareLimit = uint96(_shareLimit); emit GroupShareLimitUpdated(_nodeOperator, uint96(_shareLimit)); } /// @notice Returns a group by node operator address /// @param _nodeOperator address of the node operator /// @return Group function group(address _nodeOperator) external view returns (Group memory) { return _getStorage().groups[_nodeOperator]; } /// @notice Returns a node operator address by index /// @param _index index of the node operator /// @return Node operator address function nodeOperatorAddress(uint256 _index) external view returns (address) { ERC7201Storage storage $ = _getStorage(); if (_index >= $.nodeOperators.length) revert NodeOperatorNotExists(); return $.nodeOperators[_index]; } /// @notice Returns a node operator count /// @return Node operator count function nodeOperatorCount() external view returns (uint256) { return _getStorage().nodeOperators.length; } /// @notice Registers a new tier /// @param _nodeOperator address of the node operator /// @param _tiers array of tiers to register function registerTiers( address _nodeOperator, TierParams[] calldata _tiers ) external onlyRole(REGISTRY_ROLE) { if (_nodeOperator == address(0)) revert ZeroArgument("_nodeOperator"); ERC7201Storage storage $ = _getStorage(); Group storage group_ = $.groups[_nodeOperator]; if (group_.operator == address(0)) revert GroupNotExists(); uint256 tierId = $.tiers.length; uint256 length = _tiers.length; for (uint256 i = 0; i < length; i++) { _validateParams( tierId, _tiers[i].reserveRatioBP, _tiers[i].forcedRebalanceThresholdBP, _tiers[i].infraFeeBP, _tiers[i].liquidityFeeBP, _tiers[i].reservationFeeBP ); Tier memory tier_ = Tier({ operator: _nodeOperator, shareLimit: uint96(_tiers[i].shareLimit), reserveRatioBP: uint16(_tiers[i].reserveRatioBP), forcedRebalanceThresholdBP: uint16(_tiers[i].forcedRebalanceThresholdBP), infraFeeBP: uint16(_tiers[i].infraFeeBP), liquidityFeeBP: uint16(_tiers[i].liquidityFeeBP), reservationFeeBP: uint16(_tiers[i].reservationFeeBP), liabilityShares: 0 }); $.tiers.push(tier_); group_.tierIds.push(tierId); emit TierAdded( _nodeOperator, tierId, uint96(tier_.shareLimit), uint16(tier_.reserveRatioBP), uint16(tier_.forcedRebalanceThresholdBP), uint16(tier_.infraFeeBP), uint16(tier_.liquidityFeeBP), uint16(tier_.reservationFeeBP) ); tierId++; } } /// @notice Returns a tier by ID /// @param _tierId id of the tier /// @return Tier function tier(uint256 _tierId) external view returns (Tier memory) { ERC7201Storage storage $ = _getStorage(); if (_tierId >= $.tiers.length) revert TierNotExists(); return $.tiers[_tierId]; } /// @notice Returns a tiers count /// @return Tiers count function tiersCount() external view returns (uint256) { return _getStorage().tiers.length; } /// @notice Alters multiple tiers /// @dev We do not enforce to update old vaults with the new tier params, only new ones. /// @param _tierIds array of tier ids to alter /// @param _tierParams array of new tier params function alterTiers( uint256[] calldata _tierIds, TierParams[] calldata _tierParams ) external onlyRole(REGISTRY_ROLE) { if (_tierIds.length != _tierParams.length) revert ArrayLengthMismatch(); ERC7201Storage storage $ = _getStorage(); uint256 length = _tierIds.length; uint256 tiersLength = $.tiers.length; for (uint256 i = 0; i < length; i++) { if (_tierIds[i] >= tiersLength) revert TierNotExists(); _validateParams( _tierIds[i], _tierParams[i].reserveRatioBP, _tierParams[i].forcedRebalanceThresholdBP, _tierParams[i].infraFeeBP, _tierParams[i].liquidityFeeBP, _tierParams[i].reservationFeeBP ); Tier storage tier_ = $.tiers[_tierIds[i]]; tier_.shareLimit = uint96(_tierParams[i].shareLimit); tier_.reserveRatioBP = uint16(_tierParams[i].reserveRatioBP); tier_.forcedRebalanceThresholdBP = uint16(_tierParams[i].forcedRebalanceThresholdBP); tier_.infraFeeBP = uint16(_tierParams[i].infraFeeBP); tier_.liquidityFeeBP = uint16(_tierParams[i].liquidityFeeBP); tier_.reservationFeeBP = uint16(_tierParams[i].reservationFeeBP); emit TierUpdated( _tierIds[i], tier_.shareLimit, tier_.reserveRatioBP, tier_.forcedRebalanceThresholdBP, tier_.infraFeeBP, tier_.liquidityFeeBP, tier_.reservationFeeBP ); } } /// @notice Vault tier change with multi-role confirmation /// @param _vault address of the vault /// @param _requestedTierId id of the tier /// @param _requestedShareLimit share limit to set /// @return bool Whether the tier change was confirmed. /* Legend: V = Vault1.liabilityShares LS = liabilityShares Scheme1 - transfer Vault from default tier to Tier2 ┌──────────────────────────────┐ │ Group 1 │ │ │ ┌────────────────────┐ │ ┌─────────┐ ┌───────────┐ │ │ Tier 1 (default) │ confirm │ │ Tier 2 │ │ Tier 3 │ │ │ LS: -V │ ─────> │ │ LS:+V │ │ │ │ └────────────────────┘ │ └─────────┘ └───────────┘ │ │ │ │ Group1.liabilityShares: +V │ └──────────────────────────────┘ After confirmation: - Tier 1.liabilityShares = -V - Tier 2.liabilityShares = +V - Group1.liabilityShares = +V -------------------------------------------------------------------------- Scheme2 - transfer Vault from Tier2 to Tier3, no need to change group minted shares ┌────────────────────────────────┐ ┌────────────────────────────────┐ │ Group 1 │ │ Group 2 │ │ │ │ │ │ ┌───────────┐ ┌───────────┐ │ │ ┌───────────┐ │ │ │ Tier 2 │ │ Tier 3 │ │ │ │ Tier 4 │ │ │ │ LS:-V │ │ LS:+V │ │ │ │ │ │ │ └───────────┘ └───────────┘ │ │ └───────────┘ │ │ operator1 │ │ operator2 │ └────────────────────────────────┘ └────────────────────────────────┘ After confirmation: - Tier 2.liabilityShares = -V - Tier 3.liabilityShares = +V NB: Cannot change from Tier2 to Tier1, because Tier1 has no group NB: Cannot change from Tier2 to Tier4, because Tier4 has different operator. */ function changeTier(address _vault, uint256 _requestedTierId, uint256 _requestedShareLimit) external returns (bool) { if (_vault == address(0)) revert ZeroArgument("_vault"); ERC7201Storage storage $ = _getStorage(); if (_requestedTierId >= $.tiers.length) revert TierNotExists(); if (_requestedTierId == DEFAULT_TIER_ID) revert CannotChangeToDefaultTier(); VaultHub vaultHub = _vaultHub(); bool isVaultConnected = vaultHub.isVaultConnected(_vault); address vaultOwner = isVaultConnected ? vaultHub.vaultConnection(_vault).owner : IStakingVault(_vault).owner(); address nodeOperator = IStakingVault(_vault).nodeOperator(); uint256 vaultTierId = $.vaultTier[_vault]; if (vaultTierId == _requestedTierId) revert TierAlreadySet(); Tier storage requestedTier = $.tiers[_requestedTierId]; if (nodeOperator != requestedTier.operator) revert TierNotInOperatorGroup(); if (_requestedShareLimit > requestedTier.shareLimit) revert RequestedShareLimitTooHigh(_requestedShareLimit, requestedTier.shareLimit); // store the caller's confirmation; only proceed if the required number of confirmations is met. if (!_collectAndCheckConfirmations(msg.data, vaultOwner, nodeOperator)) return false; uint256 vaultLiabilityShares = vaultHub.liabilityShares(_vault); //check if tier limit is exceeded if (requestedTier.liabilityShares + vaultLiabilityShares > requestedTier.shareLimit) revert TierLimitExceeded(); // if the vault was in the default tier: // - that mean that the vault has no group, so we decrease only the minted shares of the default tier // - but need to check requested group limit exceeded if (vaultTierId == DEFAULT_TIER_ID) { Group storage requestedGroup = $.groups[nodeOperator]; if (requestedGroup.liabilityShares + vaultLiabilityShares > requestedGroup.shareLimit) { revert GroupLimitExceeded(); } requestedGroup.liabilityShares += uint96(vaultLiabilityShares); } Tier storage currentTier = $.tiers[vaultTierId]; currentTier.liabilityShares -= uint96(vaultLiabilityShares); requestedTier.liabilityShares += uint96(vaultLiabilityShares); $.vaultTier[_vault] = _requestedTierId; // Vault may not be connected to VaultHub yet. // There are two possible flows: // 1. Vault is created and connected to VaultHub immediately with the default tier. // In this case, `VaultConnection` is non-zero and updateConnection must be called. // 2. Vault is created, its tier is changed before connecting to VaultHub. // In this case, `VaultConnection` is still zero, and updateConnection must be skipped. // Hence, we update the VaultHub connection only if the vault is already connected. vaultHub.updateConnection( _vault, _requestedShareLimit, requestedTier.reserveRatioBP, requestedTier.forcedRebalanceThresholdBP, requestedTier.infraFeeBP, requestedTier.liquidityFeeBP, requestedTier.reservationFeeBP ); emit TierChanged(_vault, _requestedTierId, _requestedShareLimit); return true; } /// @notice Reset vault's tier to default /// @param _vault address of the vault /// @dev Requires vault's liabilityShares to be zero before resetting the tier function resetVaultTier(address _vault) external { if (msg.sender != LIDO_LOCATOR.vaultHub()) revert NotAuthorized("resetVaultTier", msg.sender); ERC7201Storage storage $ = _getStorage(); if ($.vaultTier[_vault] != DEFAULT_TIER_ID) { $.vaultTier[_vault] = DEFAULT_TIER_ID; emit TierChanged(_vault, DEFAULT_TIER_ID, $.tiers[DEFAULT_TIER_ID].shareLimit); } } // ----------------------------- // MINT / BURN // ----------------------------- /// @notice Mint shares limit check /// @param _vault address of the vault /// @param _amount amount of shares will be minted function onMintedShares( address _vault, uint256 _amount ) external { if (msg.sender != LIDO_LOCATOR.vaultHub()) revert NotAuthorized("onMintedShares", msg.sender); ERC7201Storage storage $ = _getStorage(); uint256 tierId = $.vaultTier[_vault]; Tier storage tier_ = $.tiers[tierId]; uint96 tierLiabilityShares = tier_.liabilityShares; if (tierLiabilityShares + _amount > tier_.shareLimit) revert TierLimitExceeded(); tier_.liabilityShares = tierLiabilityShares + uint96(_amount); if (tierId != DEFAULT_TIER_ID) { Group storage group_ = $.groups[tier_.operator]; uint96 groupMintedShares = group_.liabilityShares; if (groupMintedShares + _amount > group_.shareLimit) revert GroupLimitExceeded(); group_.liabilityShares = groupMintedShares + uint96(_amount); } } /// @notice Burn shares limit check /// @param _vault address of the vault /// @param _amount amount of shares to burn function onBurnedShares( address _vault, uint256 _amount ) external { if (msg.sender != LIDO_LOCATOR.vaultHub()) revert NotAuthorized("burnShares", msg.sender); ERC7201Storage storage $ = _getStorage(); uint256 tierId = $.vaultTier[_vault]; Tier storage tier_ = $.tiers[tierId]; // we skip the check for minted shared underflow, because it's done in the VaultHub.burnShares() tier_.liabilityShares -= uint96(_amount); if (tierId != DEFAULT_TIER_ID) { Group storage group_ = $.groups[tier_.operator]; group_.liabilityShares -= uint96(_amount); } } /// @notice Get vault limits /// @param _vault address of the vault /// @return nodeOperator node operator of the vault /// @return tierId tier id of the vault /// @return shareLimit share limit of the vault /// @return reserveRatioBP reserve ratio of the vault /// @return forcedRebalanceThresholdBP forced rebalance threshold of the vault /// @return infraFeeBP infra fee of the vault /// @return liquidityFeeBP liquidity fee of the vault /// @return reservationFeeBP reservation fee of the vault function vaultInfo(address _vault) external view returns ( address nodeOperator, uint256 tierId, uint256 shareLimit, uint256 reserveRatioBP, uint256 forcedRebalanceThresholdBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ) { ERC7201Storage storage $ = _getStorage(); tierId = $.vaultTier[_vault]; Tier memory t = $.tiers[tierId]; nodeOperator = t.operator; shareLimit = t.shareLimit; reserveRatioBP = t.reserveRatioBP; forcedRebalanceThresholdBP = t.forcedRebalanceThresholdBP; infraFeeBP = t.infraFeeBP; liquidityFeeBP = t.liquidityFeeBP; reservationFeeBP = t.reservationFeeBP; } /// @notice Returns the effective share limit of a vault according to the OperatorGrid and vault share limits /// @param _vault address of the vault /// @return shareLimit effective share limit of the vault function effectiveShareLimit(address _vault) public view returns (uint256) { VaultHub vaultHub = _vaultHub(); uint256 shareLimit = vaultHub.vaultConnection(_vault).shareLimit; uint256 liabilityShares = vaultHub.liabilityShares(_vault); uint256 gridShareLimit = _gridRemainingShareLimit(_vault) + liabilityShares; return Math256.min(gridShareLimit, shareLimit); } /// @notice Returns the remaining share limit in a given tier and group /// @param _vault address of the vault /// @return remaining share limit /// @dev remaining share limit inherits the limits of the vault tier and group, /// and accounts liabilities of other vaults belonging to the same tier and group function _gridRemainingShareLimit(address _vault) internal view returns (uint256) { ERC7201Storage storage $ = _getStorage(); uint256 tierId = $.vaultTier[_vault]; Tier storage t = $.tiers[tierId]; uint256 tierLimit = t.shareLimit; uint256 tierRemaining = tierLimit > t.liabilityShares ? tierLimit - t.liabilityShares : 0; if (tierId == DEFAULT_TIER_ID) return tierRemaining; Group storage g = $.groups[t.operator]; uint256 groupLimit = g.shareLimit; uint256 groupRemaining = groupLimit > g.liabilityShares ? groupLimit - g.liabilityShares : 0; return Math256.min(tierRemaining, groupRemaining); } /// @notice Validates tier parameters /// @param _reserveRatioBP Reserve ratio /// @param _forcedRebalanceThresholdBP Forced rebalance threshold /// @param _infraFeeBP Infra fee /// @param _liquidityFeeBP Liquidity fee /// @param _reservationFeeBP Reservation fee function _validateParams( uint256 _tierId, uint256 _reserveRatioBP, uint256 _forcedRebalanceThresholdBP, uint256 _infraFeeBP, uint256 _liquidityFeeBP, uint256 _reservationFeeBP ) internal pure { if (_reserveRatioBP == 0) revert ZeroArgument("_reserveRatioBP"); if (_reserveRatioBP > TOTAL_BASIS_POINTS) revert ReserveRatioTooHigh(_tierId, _reserveRatioBP, TOTAL_BASIS_POINTS); if (_forcedRebalanceThresholdBP == 0) revert ZeroArgument("_forcedRebalanceThresholdBP"); if (_forcedRebalanceThresholdBP > _reserveRatioBP) revert ForcedRebalanceThresholdTooHigh(_tierId, _forcedRebalanceThresholdBP, _reserveRatioBP); if (_infraFeeBP > MAX_FEE_BP) revert InfraFeeTooHigh(_tierId, _infraFeeBP, MAX_FEE_BP); if (_liquidityFeeBP > MAX_FEE_BP) revert LiquidityFeeTooHigh(_tierId, _liquidityFeeBP, MAX_FEE_BP); if (_reservationFeeBP > MAX_FEE_BP) revert ReservationFeeTooHigh(_tierId, _reservationFeeBP, MAX_FEE_BP); } function _vaultHub() internal view returns (VaultHub) { return VaultHub(payable(LIDO_LOCATOR.vaultHub())); } function _getStorage() private pure returns (ERC7201Storage storage $) { assembly { $.slot := OPERATOR_GRID_STORAGE_LOCATION } } // ----------------------------- // EVENTS // ----------------------------- event GroupAdded(address indexed nodeOperator, uint256 shareLimit); event GroupShareLimitUpdated(address indexed nodeOperator, uint256 shareLimit); event TierAdded( address indexed nodeOperator, uint256 indexed tierId, uint256 shareLimit, uint256 reserveRatioBP, uint256 forcedRebalanceThresholdBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ); event TierChanged(address indexed vault, uint256 indexed tierId, uint256 shareLimit); event TierUpdated( uint256 indexed tierId, uint256 shareLimit, uint256 reserveRatioBP, uint256 forcedRebalanceThresholdBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ); // ----------------------------- // ERRORS // ----------------------------- error NotAuthorized(string operation, address sender); error ZeroArgument(string argument); error GroupExists(); error GroupNotExists(); error GroupLimitExceeded(); error NodeOperatorNotExists(); error TierLimitExceeded(); error TierNotExists(); error TierAlreadySet(); error TierNotInOperatorGroup(); error CannotChangeToDefaultTier(); error ReserveRatioTooHigh(uint256 tierId, uint256 reserveRatioBP, uint256 maxReserveRatioBP); error ForcedRebalanceThresholdTooHigh(uint256 tierId, uint256 forcedRebalanceThresholdBP, uint256 reserveRatioBP); error InfraFeeTooHigh(uint256 tierId, uint256 infraFeeBP, uint256 maxInfraFeeBP); error LiquidityFeeTooHigh(uint256 tierId, uint256 liquidityFeeBP, uint256 maxLiquidityFeeBP); error ReservationFeeTooHigh(uint256 tierId, uint256 reservationFeeBP, uint256 maxReservationFeeBP); error ArrayLengthMismatch(); error RequestedShareLimitTooHigh(uint256 requestedShareLimit, uint256 tierShareLimit); }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md pragma solidity 0.8.25; import {Math256} from "contracts/common/lib/Math256.sol"; import {ILidoLocator} from "contracts/common/interfaces/ILidoLocator.sol"; import {ILido} from "contracts/common/interfaces/ILido.sol"; import {IHashConsensus} from "contracts/common/interfaces/IHashConsensus.sol"; import {IStakingVault} from "./interfaces/IStakingVault.sol"; import {IPredepositGuarantee} from "./interfaces/IPredepositGuarantee.sol"; import {OperatorGrid} from "./OperatorGrid.sol"; import {LazyOracle} from "./LazyOracle.sol"; import {PausableUntilWithRoles} from "../utils/PausableUntilWithRoles.sol"; import {RefSlotCache} from "./lib/RefSlotCache.sol"; /// @notice VaultHub is a contract that manages StakingVaults connected to the Lido protocol /// It allows to connect and disconnect vaults, mint and burn stETH using vaults as collateral /// Also, it facilitates the individual per-vault reports from the lazy oracle to the vaults and charges Lido fees /// @author folkyatina contract VaultHub is PausableUntilWithRoles { using RefSlotCache for RefSlotCache.Uint112WithRefSlotCache; using RefSlotCache for RefSlotCache.Int112WithRefSlotCache; // ----------------------------- // STORAGE STRUCTS // ----------------------------- /// @custom:storage-location erc7201:VaultHub struct Storage { /// @notice vault proxy contract codehashes allowed for connecting mapping(bytes32 codehash => bool allowed) codehashes; /// @notice accounting records for each vault mapping(address vault => VaultRecord) records; /// @notice connection parameters for each vault mapping(address vault => VaultConnection) connections; /// @notice obligation values for each vault mapping(address vault => VaultObligations) obligations; /// @notice 1-based array of vaults connected to the hub. index 0 is reserved for not connected vaults address[] vaults; /// @notice amount of bad debt that was internalized from the vault to become the protocol loss RefSlotCache.Uint112WithRefSlotCache badDebtToInternalize; } struct VaultConnection { // ### 1st slot /// @notice address of the vault owner address owner; /// @notice maximum number of stETH shares that can be minted by vault owner uint96 shareLimit; // ### 2nd slot /// @notice index of the vault in the list of vaults. Indexes is guaranteed to be stable only if there was no deletions. /// @dev vaultIndex is always greater than 0 uint96 vaultIndex; /// @notice if true, vault is disconnected and fee is not accrued bool pendingDisconnect; /// @notice share of ether that is locked on the vault as an additional reserve /// e.g RR=30% means that for 1stETH minted 1/(1-0.3)=1.428571428571428571 ETH is locked on the vault uint16 reserveRatioBP; /// @notice if vault's reserve decreases to this threshold, it should be force rebalanced uint16 forcedRebalanceThresholdBP; /// @notice infra fee in basis points uint16 infraFeeBP; /// @notice liquidity fee in basis points uint16 liquidityFeeBP; /// @notice reservation fee in basis points uint16 reservationFeeBP; /// @notice if true, vault owner manually paused the beacon chain deposits bool isBeaconDepositsManuallyPaused; /// 64 bits gap } struct VaultRecord { // ### 1st slot /// @notice latest report for the vault Report report; // ### 2nd slot /// @notice amount of ether that is locked from withdrawal on the vault uint128 locked; /// @notice liability shares of the vault uint96 liabilityShares; // ### 3rd slot /// @notice inOutDelta of the vault (all deposits - all withdrawals) RefSlotCache.Int112WithRefSlotCache inOutDelta; } struct Report { /// @notice total value of the vault uint112 totalValue; /// @notice inOutDelta of the report int112 inOutDelta; /// @notice last 32 bits of the timestamp (in seconds) uint32 timestamp; } /** * Obligations of the vaults towards the Lido protocol. * While any part of those obligations remains unsettled, VaultHub may want to limit what the vault can do. * * Obligations have two types: * 1. Redemptions. Under extreme conditions Lido protocol may rebalance the part of the vault's liability to serve * the Lido Core withdrawal queue requests to guarantee that every stETH is redeemable. Calculated in ether. * 2. Lido fees. Record of infra, liquidity and reservation fees charged to the vault. Charged in ether on every * oracle report. * * Obligations settlement: * - Lido fees are settled by transferring ether to the Lido protocol treasury * - Redemptions are settled by rebalancing the vault or by burning stETH on the vault * - Obligations may be settled manually using the `settleVaultObligations` function * - Obligations try to automatically settle: * - every time oracle report is applied to the vault * - on resume of the beacon chain deposits * - on disconnect initiation * - Lido fees are automatically settled on the final report that completes the disconnection process * * Constraints until obligations settled: * - Beacon chain deposits are paused while unsettled obligations ≥ OBLIGATIONS_THRESHOLD (1 ETH) * - Unsettled obligations can't be withdrawn * - Minting new stETH is limited by unsettled Lido fees (NB: redemptions do not affect minting capacity) * - Vault disconnect is refused until both unsettled redemptions and Lido fees obligations hit zero * * @dev NB: Under extreme conditions, Lido protocol may trigger validator exits to withdraw ether to the vault and * rebalance it to settle redemptions. */ struct VaultObligations { /// @notice cumulative value for Lido fees that were settled on the vault uint128 settledLidoFees; /// @notice current unsettled Lido fees amount uint128 unsettledLidoFees; /// @notice current unsettled redemptions amount uint128 redemptions; } // ----------------------------- // CONSTANTS // ----------------------------- // keccak256(abi.encode(uint256(keccak256("VaultHub")) - 1)) & ~bytes32(uint256(0xff)) bytes32 private constant STORAGE_LOCATION = 0xb158a1a9015c52036ff69e7937a7bb424e82a8c4cbec5c5309994af06d825300; /// @notice role that allows to connect vaults to the hub bytes32 public constant VAULT_MASTER_ROLE = keccak256("vaults.VaultHub.VaultMasterRole"); /// @notice role that allows to set allowed codehashes bytes32 public constant VAULT_CODEHASH_SET_ROLE = keccak256("vaults.VaultHub.VaultCodehashSetRole"); /// @notice role that allows to accrue Lido Core redemptions on the vault bytes32 public constant REDEMPTION_MASTER_ROLE = keccak256("vaults.VaultHub.RedemptionMasterRole"); /// @notice role that allows to trigger validator exits under extreme conditions bytes32 public constant VALIDATOR_EXIT_ROLE = keccak256("vaults.VaultHub.ValidatorExitRole"); /// @notice role that allows to bail out vaults with bad debt bytes32 public constant BAD_DEBT_MASTER_ROLE = keccak256("vaults.VaultHub.BadDebtMasterRole"); /// @notice amount of ETH that is locked on the vault on connect and can be withdrawn on disconnect only uint256 public constant CONNECT_DEPOSIT = 1 ether; /// @notice The time delta for report freshness check uint256 public constant REPORT_FRESHNESS_DELTA = 2 days; /// @dev basis points base uint256 internal constant TOTAL_BASIS_POINTS = 100_00; /// @notice length of the validator pubkey in bytes uint256 internal constant PUBLIC_KEY_LENGTH = 48; /// @dev max value for fees in basis points - it's about 650% uint256 internal constant MAX_FEE_BP = type(uint16).max; /// @notice codehash of the account with no code bytes32 private constant EMPTY_CODEHASH = keccak256(""); /// @notice no limit for the unsettled obligations on settlement uint256 internal constant MAX_UNSETTLED_ALLOWED = type(uint256).max; /// @notice threshold for the unsettled obligations that will activate the beacon chain deposits pause uint256 internal constant UNSETTLED_THRESHOLD = 1 ether; /// @notice no unsettled obligations allowed on settlement uint256 internal constant NO_UNSETTLED_ALLOWED = 0; // ----------------------------- // IMMUTABLES // ----------------------------- /// @notice limit for a single vault share limit relative to Lido TVL in basis points uint256 public immutable MAX_RELATIVE_SHARE_LIMIT_BP; ILido public immutable LIDO; ILidoLocator public immutable LIDO_LOCATOR; IHashConsensus public immutable CONSENSUS_CONTRACT; /// @param _locator Lido Locator contract /// @param _lido Lido stETH contract /// @param _consensusContract Hash consensus contract /// @param _maxRelativeShareLimitBP Maximum share limit relative to TVL in basis points constructor(ILidoLocator _locator, ILido _lido, IHashConsensus _consensusContract, uint256 _maxRelativeShareLimitBP) { _requireNotZero(_maxRelativeShareLimitBP); _requireLessThanBP(_maxRelativeShareLimitBP, TOTAL_BASIS_POINTS); MAX_RELATIVE_SHARE_LIMIT_BP = _maxRelativeShareLimitBP; LIDO_LOCATOR = _locator; LIDO = _lido; CONSENSUS_CONTRACT = _consensusContract; _disableInitializers(); } /// @dev used to perform rebalance operations receive() external payable {} /// @notice initialize the vault hub /// @param _admin default admin address function initialize(address _admin) external initializer { _requireNotZero(_admin); __AccessControlEnumerable_init(); // the stone in the elevator. index 0 is reserved for not connected vaults _storage().vaults.push(address(0)); _grantRole(DEFAULT_ADMIN_ROLE, _admin); } /// @notice returns the number of vaults connected to the hub /// @dev since index 0 is reserved for not connected vaults, it's always 1 less than the vaults array length function vaultsCount() external view returns (uint256) { return _storage().vaults.length - 1; } /// @notice returns the vault address by its index /// @param _index index of the vault in the 1-based list of vaults. possible range [1, vaultsCount()] /// @dev Indexes is guaranteed to be stable only in one transaction. function vaultByIndex(uint256 _index) external view returns (address) { _requireNotZero(_index); return _storage().vaults[_index]; } /// @return connection parameters struct for the given vault /// @dev it returns empty struct if the vault is not connected to the hub /// @dev it may return connection even if it's pending to be disconnected function vaultConnection(address _vault) external view returns (VaultConnection memory) { return _vaultConnection(_vault); } /// @return the accounting record struct for the given vault /// @dev it returns empty struct if the vault is not connected to the hub function vaultRecord(address _vault) external view returns (VaultRecord memory) { return _vaultRecord(_vault); } /// @return the obligations struct for the given vault /// @dev returns empty struct if the vault is not connected to the hub function vaultObligations(address _vault) external view returns (VaultObligations memory) { return _vaultObligations(_vault); } /// @return true if the vault is connected to the hub function isVaultConnected(address _vault) external view returns (bool) { return _vaultConnection(_vault).vaultIndex != 0; } /// @return total value of the vault /// @dev returns 0 if the vault is not connected function totalValue(address _vault) external view returns (uint256) { return _totalValue(_vaultRecord(_vault)); } /// @return liability shares of the vault /// @dev returns 0 if the vault is not connected function liabilityShares(address _vault) external view returns (uint256) { return _vaultRecord(_vault).liabilityShares; } /// @return locked amount of ether for the vault /// @dev returns 0 if the vault is not connected function locked(address _vault) external view returns (uint256) { return _vaultRecord(_vault).locked; } /// @return the amount of ether that can be locked in the vault given the current total value /// @dev returns 0 if the vault is not connected function maxLockableValue(address _vault) external view returns (uint256) { return _maxLockableValue(_vaultRecord(_vault), _vaultObligations(_vault)); } /// @return the amount of ether that can be instantly withdrawn from the staking vault /// @dev returns 0 if the vault is not connected /// @dev check for `pendingDisconnect = false` before using this function to avoid reverts function withdrawableValue(address _vault) external view returns (uint256) { return _withdrawableValue(_vault, _vaultRecord(_vault)); } /// @return latest report for the vault /// @dev returns empty struct if the vault is not connected function latestReport(address _vault) external view returns (Report memory) { return _vaultRecord(_vault).report; } /// @return true if the report for the vault is fresh, false otherwise /// @dev returns false if the vault is not connected function isReportFresh(address _vault) external view returns (bool) { return _isReportFresh(_vaultRecord(_vault)); } /// @notice checks if the vault is healthy by comparing its total value after applying forced rebalance threshold /// against current liability shares /// @param _vault vault address /// @return true if vault is healthy, false otherwise /// @dev returns true if the vault is not connected function isVaultHealthy(address _vault) external view returns (bool) { return _isVaultHealthy(_vaultConnection(_vault), _vaultRecord(_vault)); } /// @notice calculate shares amount to make the vault healthy using rebalance /// @param _vault vault address /// @return amount of shares to rebalance or UINT256_MAX if it's impossible to make the vault healthy using rebalance /// @dev returns 0 if the vault is not connected function rebalanceShortfall(address _vault) external view returns (uint256) { return _rebalanceShortfall(_vaultConnection(_vault), _vaultRecord(_vault)); } /// @notice amount of bad debt to be internalized to become the protocol loss function badDebtToInternalizeAsOfLastRefSlot() external view returns (uint256) { return _storage().badDebtToInternalize.getValueForLastRefSlot(CONSENSUS_CONTRACT); } /// @notice inOutDelta of the vault as of the last refSlot /// @param _vault vault address /// @return inOutDelta of the vault as of the last refSlot /// @dev returns 0 if the vault is not connected function inOutDeltaAsOfLastRefSlot(address _vault) external view returns (int256) { return _vaultRecord(_vault).inOutDelta.getValueForLastRefSlot(CONSENSUS_CONTRACT); } /// @notice Set if a vault proxy codehash is allowed to be connected to the hub /// @param _codehash vault proxy codehash /// @param _allowed true to add, false to remove /// @dev msg.sender must have VAULT_CODEHASH_SET_ROLE function setAllowedCodehash(bytes32 _codehash, bool _allowed) external onlyRole(VAULT_CODEHASH_SET_ROLE) { _requireNotZero(uint256(_codehash)); if (_codehash == EMPTY_CODEHASH) revert ZeroCodehash(); _storage().codehashes[_codehash] = _allowed; emit AllowedCodehashUpdated(_codehash, _allowed); } /// @notice connects a vault to the hub in permissionless way, get limits from the Operator Grid /// @param _vault vault address /// @dev vault should have transferred ownership to the VaultHub contract function connectVault(address _vault) external whenResumed { _requireNotZero(_vault); IStakingVault vault_ = IStakingVault(_vault); if (vault_.pendingOwner() != address(this)) revert VaultHubNotPendingOwner(_vault); if (vault_.isOssified()) revert VaultOssified(_vault); if (vault_.depositor() != address(_predepositGuarantee())) revert PDGNotDepositor(_vault); ( , // nodeOperatorInTier , // tierId uint256 shareLimit, uint256 reserveRatioBP, uint256 forcedRebalanceThresholdBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ) = _operatorGrid().vaultInfo(_vault); _connectVault(_vault, shareLimit, reserveRatioBP, forcedRebalanceThresholdBP, infraFeeBP, liquidityFeeBP, reservationFeeBP ); IStakingVault(_vault).acceptOwnership(); emit VaultConnected({ vault: _vault, shareLimit: shareLimit, reserveRatioBP: reserveRatioBP, forcedRebalanceThresholdBP: forcedRebalanceThresholdBP, infraFeeBP: infraFeeBP, liquidityFeeBP: liquidityFeeBP, reservationFeeBP: reservationFeeBP }); } /// @notice updates share limit for the vault /// Setting share limit to zero actually pause the vault's ability to mint /// @param _vault vault address /// @param _shareLimit new share limit /// @dev msg.sender must have VAULT_MASTER_ROLE function updateShareLimit(address _vault, uint256 _shareLimit) external onlyRole(VAULT_MASTER_ROLE) { _requireNotZero(_vault); _requireSaneShareLimit(_shareLimit); VaultConnection storage connection = _checkConnection(_vault); connection.shareLimit = uint96(_shareLimit); emit VaultShareLimitUpdated(_vault, _shareLimit); } /// @notice updates fees for the vault /// @param _vault vault address /// @param _infraFeeBP new infra fee in basis points /// @param _liquidityFeeBP new liquidity fee in basis points /// @param _reservationFeeBP new reservation fee in basis points /// @dev msg.sender must have VAULT_MASTER_ROLE function updateVaultFees( address _vault, uint256 _infraFeeBP, uint256 _liquidityFeeBP, uint256 _reservationFeeBP ) external onlyRole(VAULT_MASTER_ROLE) { _requireNotZero(_vault); _requireLessThanBP(_infraFeeBP, MAX_FEE_BP); _requireLessThanBP(_liquidityFeeBP, MAX_FEE_BP); _requireLessThanBP(_reservationFeeBP, MAX_FEE_BP); VaultConnection storage connection = _checkConnection(_vault); uint16 preInfraFeeBP = connection.infraFeeBP; uint16 preLiquidityFeeBP = connection.liquidityFeeBP; uint16 preReservationFeeBP = connection.reservationFeeBP; connection.infraFeeBP = uint16(_infraFeeBP); connection.liquidityFeeBP = uint16(_liquidityFeeBP); connection.reservationFeeBP = uint16(_reservationFeeBP); emit VaultFeesUpdated({ vault: _vault, preInfraFeeBP: preInfraFeeBP, preLiquidityFeeBP: preLiquidityFeeBP, preReservationFeeBP: preReservationFeeBP, infraFeeBP: _infraFeeBP, liquidityFeeBP: _liquidityFeeBP, reservationFeeBP: _reservationFeeBP }); } /// @notice updates the vault's connection parameters /// @dev Reverts if the vault is not healthy as of latest report /// @param _vault vault address /// @param _shareLimit new share limit /// @param _reserveRatioBP new reserve ratio /// @param _forcedRebalanceThresholdBP new forced rebalance threshold /// @param _infraFeeBP new infra fee /// @param _liquidityFeeBP new liquidity fee /// @param _reservationFeeBP new reservation fee function updateConnection( address _vault, uint256 _shareLimit, uint256 _reserveRatioBP, uint256 _forcedRebalanceThresholdBP, uint256 _infraFeeBP, uint256 _liquidityFeeBP, uint256 _reservationFeeBP ) external { _requireSender(address(_operatorGrid())); _requireSaneShareLimit(_shareLimit); VaultConnection storage connection = _checkConnection(_vault); VaultRecord storage record = _vaultRecord(_vault); uint256 totalValue_ = _totalValue(record); uint256 liabilityShares_ = record.liabilityShares; if (_isThresholdBreached(totalValue_, liabilityShares_, _reserveRatioBP)) { revert VaultMintingCapacityExceeded(_vault, totalValue_, liabilityShares_, _reserveRatioBP); } connection.shareLimit = uint96(_shareLimit); connection.reserveRatioBP = uint16(_reserveRatioBP); connection.forcedRebalanceThresholdBP = uint16(_forcedRebalanceThresholdBP); connection.infraFeeBP = uint16(_infraFeeBP); connection.liquidityFeeBP = uint16(_liquidityFeeBP); connection.reservationFeeBP = uint16(_reservationFeeBP); emit VaultConnectionUpdated({ vault: _vault, shareLimit: _shareLimit, reserveRatioBP: _reserveRatioBP, forcedRebalanceThresholdBP: _forcedRebalanceThresholdBP, infraFeeBP: _infraFeeBP, liquidityFeeBP: _liquidityFeeBP, reservationFeeBP: _reservationFeeBP }); } /// @notice disconnect a vault from the hub /// @param _vault vault address /// @dev msg.sender must have VAULT_MASTER_ROLE /// @dev vault's `liabilityShares` should be zero function disconnect(address _vault) external onlyRole(VAULT_MASTER_ROLE) { _initiateDisconnection(_vault, _checkConnection(_vault), _vaultRecord(_vault)); emit VaultDisconnectInitiated(_vault); } /// @notice update of the vault data by the lazy oracle report /// @param _vault the address of the vault /// @param _reportTimestamp the timestamp of the report (last 32 bits of it) /// @param _reportTotalValue the total value of the vault /// @param _reportInOutDelta the inOutDelta of the vault /// @param _reportCumulativeLidoFees the cumulative Lido fees of the vault /// @param _reportLiabilityShares the liabilityShares of the vault function applyVaultReport( address _vault, uint256 _reportTimestamp, uint256 _reportTotalValue, int256 _reportInOutDelta, uint256 _reportCumulativeLidoFees, uint256 _reportLiabilityShares, uint256 _reportSlashingReserve ) external whenResumed { _requireSender(address(_lazyOracle())); VaultConnection storage connection = _vaultConnection(_vault); VaultRecord storage record = _vaultRecord(_vault); VaultObligations storage obligations = _vaultObligations(_vault); _checkAndUpdateLidoFeesObligations(_vault, obligations, _reportCumulativeLidoFees); if (connection.pendingDisconnect) { if (_reportSlashingReserve == 0 && record.liabilityShares == 0) { _settleObligations(_vault, record, obligations, NO_UNSETTLED_ALLOWED); IStakingVault(_vault).transferOwnership(connection.owner); _deleteVault(_vault, connection); emit VaultDisconnectCompleted(_vault); return; } else { // we abort the disconnect process as there is a slashing conflict yet to be resolved connection.pendingDisconnect = false; emit VaultDisconnectAborted(_vault, _reportSlashingReserve); } } _applyVaultReport( record, connection, _reportTimestamp, _reportTotalValue, _reportLiabilityShares, _reportInOutDelta ); emit VaultReportApplied({ vault: _vault, reportTimestamp: _reportTimestamp, reportTotalValue: _reportTotalValue, reportInOutDelta: _reportInOutDelta, reportCumulativeLidoFees: _reportCumulativeLidoFees, reportLiabilityShares: _reportLiabilityShares, reportSlashingReserve: _reportSlashingReserve }); _settleObligations(_vault, record, obligations, MAX_UNSETTLED_ALLOWED); _checkAndUpdateBeaconChainDepositsPause(_vault, connection, record); } /// @notice Transfer the bad debt from the donor vault to the acceptor vault /// @param _badDebtVault address of the vault that has the bad debt /// @param _vaultAcceptor address of the vault that will accept the bad debt /// @param _maxSharesToSocialize maximum amount of shares to socialize /// @dev msg.sender must have BAD_DEBT_MASTER_ROLE function socializeBadDebt( address _badDebtVault, address _vaultAcceptor, uint256 _maxSharesToSocialize ) external onlyRole(BAD_DEBT_MASTER_ROLE) { _requireNotZero(_badDebtVault); _requireNotZero(_vaultAcceptor); _requireNotZero(_maxSharesToSocialize); if (_nodeOperator(_vaultAcceptor) != _nodeOperator(_badDebtVault)) revert BadDebtSocializationNotAllowed(); VaultConnection storage badDebtConnection = _vaultConnection(_badDebtVault); _requireConnected(badDebtConnection, _badDebtVault); // require connected but may be pending disconnect uint256 badDebtToSocialize = _writeOffBadDebt({ _vault: _badDebtVault, _record: _vaultRecord(_badDebtVault), _maxSharesToWriteOff: _maxSharesToSocialize }); VaultConnection storage connectionAcceptor = _vaultConnection(_vaultAcceptor); _requireConnected(connectionAcceptor, _vaultAcceptor); VaultRecord storage recordAcceptor = _vaultRecord(_vaultAcceptor); _increaseLiability({ _vault: _vaultAcceptor, _record: recordAcceptor, _amountOfShares: badDebtToSocialize, _reserveRatioBP: connectionAcceptor.reserveRatioBP, _maxMintableRatioBP: TOTAL_BASIS_POINTS, // maxMintableRatio up to 100% of total value _shareLimit: _getSharesByPooledEth(recordAcceptor.locked) // we can occupy all the locked amount }); emit BadDebtSocialized(_badDebtVault, _vaultAcceptor, badDebtToSocialize); } /// @notice Internalize the bad debt to the protocol /// @param _badDebtVault address of the vault that has the bad debt /// @param _maxSharesToInternalize maximum amount of shares to internalize /// @dev msg.sender must have BAD_DEBT_MASTER_ROLE function internalizeBadDebt( address _badDebtVault, uint256 _maxSharesToInternalize ) external onlyRole(BAD_DEBT_MASTER_ROLE) { _requireNotZero(_badDebtVault); _requireNotZero(_maxSharesToInternalize); VaultConnection storage badDebtConnection = _vaultConnection(_badDebtVault); _requireConnected(badDebtConnection, _badDebtVault); uint256 badDebtToInternalize = _writeOffBadDebt({ _vault: _badDebtVault, _record: _vaultRecord(_badDebtVault), _maxSharesToWriteOff: _maxSharesToInternalize }); // internalize the bad debt to the protocol _storage().badDebtToInternalize = _storage().badDebtToInternalize.withValueIncrease({ _consensus: CONSENSUS_CONTRACT, _increment: uint112(badDebtToInternalize) }); emit BadDebtWrittenOffToBeInternalized(_badDebtVault, badDebtToInternalize); } /// @notice Reset the internalized bad debt to zero /// @dev msg.sender must be the accounting contract function decreaseInternalizedBadDebt(uint256 _amountOfShares) external { _requireSender(LIDO_LOCATOR.accounting()); // don't cache previous value, we don't need it for sure _storage().badDebtToInternalize.value -= uint112(_amountOfShares); } /// @notice transfer the ownership of the vault to a new owner without disconnecting it from the hub /// @param _vault vault address /// @param _newOwner new owner address /// @dev msg.sender should be vault's owner function transferVaultOwnership(address _vault, address _newOwner) external { _requireNotZero(_newOwner); VaultConnection storage connection = _checkConnection(_vault); address oldOwner = connection.owner; _requireSender(oldOwner); connection.owner = _newOwner; emit VaultOwnershipTransferred({ vault: _vault, newOwner: _newOwner, oldOwner: oldOwner }); } /// @notice disconnects a vault from the hub /// @param _vault vault address /// @dev msg.sender should be vault's owner /// @dev vault's `liabilityShares` should be zero function voluntaryDisconnect(address _vault) external whenResumed { VaultConnection storage connection = _checkConnectionAndOwner(_vault); _initiateDisconnection(_vault, connection, _vaultRecord(_vault)); emit VaultDisconnectInitiated(_vault); } /// @notice funds the vault passing ether as msg.value /// @param _vault vault address /// @dev msg.sender should be vault's owner function fund(address _vault) external payable whenResumed { _requireNotZero(_vault); VaultConnection storage connection = _vaultConnection(_vault); if (connection.vaultIndex == 0) revert NotConnectedToHub(_vault); if (msg.sender != connection.owner) revert NotAuthorized(); _updateInOutDelta(_vault, _vaultRecord(_vault), int112(int256(msg.value))); IStakingVault(_vault).fund{value: msg.value}(); } /// @notice withdraws ether from the vault to the recipient address /// @param _vault vault address /// @param _recipient recipient address /// @param _ether amount of ether to withdraw /// @dev msg.sender should be vault's owner function withdraw(address _vault, address _recipient, uint256 _ether) external whenResumed { _checkConnectionAndOwner(_vault); VaultRecord storage record = _vaultRecord(_vault); _requireFreshReport(_vault, record); uint256 withdrawable = _withdrawableValue(_vault, record); if (_ether > withdrawable) revert AmountExceedsWithdrawableValue(_vault, withdrawable, _ether); _withdraw(_vault, record, _recipient, _ether); } /// @notice Rebalances StakingVault by withdrawing ether to VaultHub /// @param _vault vault address /// @param _shares amount of shares to rebalance /// @dev msg.sender should be vault's owner function rebalance(address _vault, uint256 _shares) external whenResumed { _requireNotZero(_shares); _checkConnectionAndOwner(_vault); _rebalance(_vault, _vaultRecord(_vault), _shares); } /// @notice mint StETH shares backed by vault external balance to the receiver address /// @param _vault vault address /// @param _recipient address of the receiver /// @param _amountOfShares amount of stETH shares to mint function mintShares(address _vault, address _recipient, uint256 _amountOfShares) external whenResumed { _requireNotZero(_recipient); _requireNotZero(_amountOfShares); VaultConnection storage connection = _checkConnectionAndOwner(_vault); VaultRecord storage record = _vaultRecord(_vault); _requireFreshReport(_vault, record); uint256 reserveRatioBP = connection.reserveRatioBP; _increaseLiability({ _vault: _vault, _record: record, _amountOfShares: _amountOfShares, _reserveRatioBP: reserveRatioBP, _maxMintableRatioBP: TOTAL_BASIS_POINTS - reserveRatioBP, _shareLimit: connection.shareLimit }); LIDO.mintExternalShares(_recipient, _amountOfShares); emit MintedSharesOnVault(_vault, _amountOfShares, record.locked); } /// @notice burn steth shares from the balance of the VaultHub contract /// @param _vault vault address /// @param _amountOfShares amount of shares to burn /// @dev msg.sender should be vault's owner /// @dev this function is designed to be used by the smart contract, for EOA see `transferAndBurnShares` function burnShares(address _vault, uint256 _amountOfShares) public whenResumed { _requireNotZero(_amountOfShares); _checkConnectionAndOwner(_vault); VaultRecord storage record = _vaultRecord(_vault); _decreaseLiability(_vault, record, _amountOfShares); LIDO.burnExternalShares(_amountOfShares); emit BurnedSharesOnVault(_vault, _amountOfShares); } /// @notice separate burn function for EOA vault owners; requires vaultHub to be approved to transfer stETH /// @param _vault vault address /// @param _amountOfShares amount of shares to transfer and burn /// @dev msg.sender should be vault's owner function transferAndBurnShares(address _vault, uint256 _amountOfShares) external { LIDO.transferSharesFrom(msg.sender, address(this), _amountOfShares); burnShares(_vault, _amountOfShares); } /// @notice pauses beacon chain deposits for the vault /// @param _vault vault address /// @dev msg.sender should be vault's owner function pauseBeaconChainDeposits(address _vault) external { VaultConnection storage connection = _checkConnectionAndOwner(_vault); connection.isBeaconDepositsManuallyPaused = true; IStakingVault(_vault).pauseBeaconChainDeposits(); } /// @notice resumes beacon chain deposits for the vault /// @param _vault vault address /// @dev msg.sender should be vault's owner function resumeBeaconChainDeposits(address _vault) external { VaultConnection storage connection = _checkConnectionAndOwner(_vault); VaultRecord storage record = _vaultRecord(_vault); if (!_isVaultHealthy(connection, record)) revert UnhealthyVaultCannotDeposit(_vault); _settleObligations(_vault, record, _vaultObligations(_vault), UNSETTLED_THRESHOLD); connection.isBeaconDepositsManuallyPaused = false; IStakingVault(_vault).resumeBeaconChainDeposits(); } /// @notice Emits a request event for the node operator to perform validator exit /// @param _vault vault address /// @param _pubkeys array of public keys of the validators to exit /// @dev msg.sender should be vault's owner function requestValidatorExit(address _vault, bytes calldata _pubkeys) external { _checkConnectionAndOwner(_vault); IStakingVault(_vault).requestValidatorExit(_pubkeys); } /// @notice Triggers validator withdrawals for the vault using EIP-7002 /// @param _vault vault address /// @param _pubkeys array of public keys of the validators to withdraw from /// @param _amounts array of amounts to withdraw from each validator (0 for full withdrawal) /// @param _refundRecipient address that will receive the refund for transaction costs /// @dev msg.sender should be vault's owner function triggerValidatorWithdrawals( address _vault, bytes calldata _pubkeys, uint64[] calldata _amounts, address _refundRecipient ) external payable { VaultConnection storage connection = _checkConnectionAndOwner(_vault); VaultRecord storage record = _vaultRecord(_vault); VaultObligations storage obligations = _vaultObligations(_vault); /// @dev NB: Disallow partial withdrawals when the vault is unhealthy or has redemptions over the threshold /// in order to prevent the vault owner from clogging the consensus layer withdrawal queue /// front-running and delaying the forceful validator exits required for rebalancing the vault, /// unless the requested amount of withdrawals is enough to recover the vault to healthy state and /// settle the unsettled obligations if (!_isVaultHealthy(connection, record) || obligations.redemptions >= UNSETTLED_THRESHOLD) { uint256 minPartialAmount = type(uint256).max; for (uint256 i = 0; i < _amounts.length; i++) { if (_amounts[i] > 0 && _amounts[i] < minPartialAmount) minPartialAmount = _amounts[i]; } if (minPartialAmount < type(uint256).max) { uint256 currentVaultBalance = _vault.balance; uint256 required = _totalUnsettledObligations(obligations) + _rebalanceShortfall(connection, record); uint256 amountToCover = required > currentVaultBalance ? required - currentVaultBalance : 0; if (minPartialAmount < amountToCover) revert PartialValidatorWithdrawalNotAllowed(); } } IStakingVault(_vault).triggerValidatorWithdrawals{value: msg.value}(_pubkeys, _amounts, _refundRecipient); } /// @notice Triggers validator full withdrawals for the vault using EIP-7002 permissionlessly if the vault is /// unhealthy or has redemptions obligation over the threshold /// @param _vault address of the vault to exit validators from /// @param _pubkeys array of public keys of the validators to exit /// @param _refundRecipient address that will receive the refund for transaction costs /// @dev When the vault becomes unhealthy, trusted actor with the role can force its validators to exit the beacon chain /// This returns the vault's deposited ETH back to vault's balance and allows to rebalance the vault function forceValidatorExit( address _vault, bytes calldata _pubkeys, address _refundRecipient ) external payable onlyRole(VALIDATOR_EXIT_ROLE) { VaultConnection storage connection = _checkConnection(_vault); VaultRecord storage record = _vaultRecord(_vault); if ( _isVaultHealthy(connection, record) && // Check if the vault has redemptions under the threshold, or enough balance to cover the redemptions fully _vaultObligations(_vault).redemptions < Math256.max(UNSETTLED_THRESHOLD, _vault.balance) ) { revert ForcedValidatorExitNotAllowed(); } uint64[] memory amounts = new uint64[](0); IStakingVault(_vault).triggerValidatorWithdrawals{value: msg.value}(_pubkeys, amounts, _refundRecipient); emit ForcedValidatorExitTriggered(_vault, _pubkeys, _refundRecipient); } /// @notice Permissionless rebalance for unhealthy vaults /// @param _vault vault address /// @dev rebalance all available amount of ether until the vault is healthy function forceRebalance(address _vault) external { VaultConnection storage connection = _checkConnection(_vault); VaultRecord storage record = _vaultRecord(_vault); uint256 sharesToRebalance = Math256.min( _rebalanceShortfall(connection, record), _getSharesByPooledEth(_vault.balance) ); if (sharesToRebalance == 0) revert AlreadyHealthy(_vault); _rebalance(_vault, record, sharesToRebalance); } /// @notice Accrues a redemption obligation on the vault under extreme conditions /// @param _vault The address of the vault /// @param _redemptionsValue The value of the redemptions obligation function setVaultRedemptions(address _vault, uint256 _redemptionsValue) external onlyRole(REDEMPTION_MASTER_ROLE) { VaultRecord storage record = _vaultRecord(_vault); uint256 liabilityShares_ = record.liabilityShares; // This function may intentionally perform no action in some cases, as these are EasyTrack motions if (liabilityShares_ > 0) { uint256 newRedemptions = Math256.min(_redemptionsValue, _getPooledEthBySharesRoundUp(liabilityShares_)); _vaultObligations(_vault).redemptions = uint128(newRedemptions); emit RedemptionsUpdated(_vault, newRedemptions); _checkAndUpdateBeaconChainDepositsPause(_vault, _vaultConnection(_vault), record); } else { emit RedemptionsNotSet(_vault, _redemptionsValue); } } /// @notice Allows permissionless full or partial settlement of unsettled obligations on the vault /// @param _vault The address of the vault function settleVaultObligations(address _vault) external whenResumed { if (_vault.balance == 0) revert ZeroBalance(); VaultRecord storage record = _vaultRecord(_vault); _settleObligations(_vault, record, _vaultObligations(_vault), MAX_UNSETTLED_ALLOWED); _checkAndUpdateBeaconChainDepositsPause(_vault, _vaultConnection(_vault), record); } /// @notice Proves that validators unknown to PDG have correct WC to participate in the vault /// @param _vault vault address /// @param _witness ValidatorWitness struct proving validator WC belonging to staking vault function proveUnknownValidatorToPDG( address _vault, IPredepositGuarantee.ValidatorWitness calldata _witness ) external { _checkConnectionAndOwner(_vault); _predepositGuarantee().proveUnknownValidator(_witness, IStakingVault(_vault)); } /// @notice Compensates disproven predeposit from PDG to the recipient /// @param _vault vault address /// @param _pubkey pubkey of the validator /// @param _recipient address to compensate the disproven validator predeposit to /// @return amount of compensated ether function compensateDisprovenPredepositFromPDG( address _vault, bytes calldata _pubkey, address _recipient ) external returns (uint256) { _checkConnectionAndOwner(_vault); return _predepositGuarantee().compensateDisprovenPredeposit(_pubkey, _recipient); } function _connectVault( address _vault, uint256 _shareLimit, uint256 _reserveRatioBP, uint256 _forcedRebalanceThresholdBP, uint256 _infraFeeBP, uint256 _liquidityFeeBP, uint256 _reservationFeeBP ) internal { _requireSaneShareLimit(_shareLimit); _requireNotZero(_reserveRatioBP); _requireLessThanBP(_reserveRatioBP, TOTAL_BASIS_POINTS); _requireNotZero(_forcedRebalanceThresholdBP); _requireLessThanBP(_forcedRebalanceThresholdBP, _reserveRatioBP); _requireLessThanBP(_infraFeeBP, MAX_FEE_BP); _requireLessThanBP(_liquidityFeeBP, MAX_FEE_BP); _requireLessThanBP(_reservationFeeBP, MAX_FEE_BP); VaultConnection memory connection = _vaultConnection(_vault); if (connection.pendingDisconnect) revert VaultIsDisconnecting(_vault); if (connection.vaultIndex != 0) revert AlreadyConnected(_vault, connection.vaultIndex); bytes32 codehash = address(_vault).codehash; if (!_storage().codehashes[codehash]) revert CodehashNotAllowed(_vault, codehash); uint256 vaultBalance = _vault.balance; if (vaultBalance < CONNECT_DEPOSIT) revert VaultInsufficientBalance(_vault, vaultBalance, CONNECT_DEPOSIT); // Connecting a new vault with totalValue == balance VaultRecord memory record = VaultRecord({ report: Report({ totalValue: uint112(vaultBalance), inOutDelta: int112(int256(vaultBalance)), timestamp: uint32(_lazyOracle().latestReportTimestamp()) }), locked: uint128(CONNECT_DEPOSIT), liabilityShares: 0, inOutDelta: RefSlotCache.Int112WithRefSlotCache({ value: int112(int256(vaultBalance)), valueOnRefSlot: 0, refSlot: 0 }) }); connection = VaultConnection({ owner: IStakingVault(_vault).owner(), shareLimit: uint96(_shareLimit), vaultIndex: uint96(_storage().vaults.length), pendingDisconnect: false, reserveRatioBP: uint16(_reserveRatioBP), forcedRebalanceThresholdBP: uint16(_forcedRebalanceThresholdBP), infraFeeBP: uint16(_infraFeeBP), liquidityFeeBP: uint16(_liquidityFeeBP), reservationFeeBP: uint16(_reservationFeeBP), isBeaconDepositsManuallyPaused: false }); _addVault(_vault, connection, record); } function _initiateDisconnection( address _vault, VaultConnection storage _connection, VaultRecord storage _record ) internal { uint256 liabilityShares_ = _record.liabilityShares; if (liabilityShares_ > 0) { revert NoLiabilitySharesShouldBeLeft(_vault, liabilityShares_); } _record.locked = 0; // unlock the connection deposit to allow fees settlement _settleObligations(_vault, _record, _vaultObligations(_vault), NO_UNSETTLED_ALLOWED); _connection.pendingDisconnect = true; _operatorGrid().resetVaultTier(_vault); } function _applyVaultReport( VaultRecord storage _record, VaultConnection storage _connection, uint256 _reportTimestamp, uint256 _reportTotalValue, uint256 _reportLiabilityShares, int256 _reportInOutDelta ) internal { uint256 liabilityShares_ = Math256.max(_record.liabilityShares, _reportLiabilityShares); uint256 liability = _getPooledEthBySharesRoundUp(liabilityShares_); uint256 lockedEther = Math256.max( liability * TOTAL_BASIS_POINTS / (TOTAL_BASIS_POINTS - _connection.reserveRatioBP), CONNECT_DEPOSIT ); _record.locked = uint128(lockedEther); _record.report = Report({ totalValue: uint112(_reportTotalValue), inOutDelta: int112(_reportInOutDelta), timestamp: uint32(_reportTimestamp) }); } function _rebalance(address _vault, VaultRecord storage _record, uint256 _shares) internal { uint256 valueToRebalance = _getPooledEthBySharesRoundUp(_shares); uint256 totalValue_ = _totalValue(_record); if (valueToRebalance > totalValue_) revert RebalanceAmountExceedsTotalValue(totalValue_, valueToRebalance); _decreaseLiability(_vault, _record, _shares); _withdraw(_vault, _record, address(this), valueToRebalance); _rebalanceExternalEtherToInternal(valueToRebalance); emit VaultRebalanced(_vault, _shares, valueToRebalance); } function _withdraw( address _vault, VaultRecord storage _record, address _recipient, uint256 _amount ) internal { _updateInOutDelta(_vault, _record, -int112(int256(_amount))); IStakingVault(_vault).withdraw(_recipient, _amount); } function _increaseLiability( address _vault, VaultRecord storage _record, uint256 _amountOfShares, uint256 _reserveRatioBP, uint256 _maxMintableRatioBP, uint256 _shareLimit ) internal { uint256 sharesAfterMint = _record.liabilityShares + _amountOfShares; if (sharesAfterMint > _shareLimit) revert ShareLimitExceeded(_vault, sharesAfterMint, _shareLimit); uint256 stETHAfterMint = _getPooledEthBySharesRoundUp(sharesAfterMint); uint256 maxLockableValue_ = _maxLockableValue(_record, _vaultObligations(_vault)); uint256 maxMintableEther = (maxLockableValue_ * _maxMintableRatioBP) / TOTAL_BASIS_POINTS; if (stETHAfterMint > maxMintableEther) { revert InsufficientValueToMint(_vault, maxLockableValue_); } // Calculate the minimum ETH that needs to be locked in the vault to maintain the reserve ratio uint256 etherToLock = (stETHAfterMint * TOTAL_BASIS_POINTS) / (TOTAL_BASIS_POINTS - _reserveRatioBP); if (etherToLock > _record.locked) { _record.locked = uint128(etherToLock); } _record.liabilityShares = uint96(sharesAfterMint); _operatorGrid().onMintedShares(_vault, _amountOfShares); } function _decreaseLiability(address _vault, VaultRecord storage _record, uint256 _amountOfShares) internal { uint256 liabilityShares_ = _record.liabilityShares; if (liabilityShares_ < _amountOfShares) revert InsufficientSharesToBurn(_vault, liabilityShares_); _record.liabilityShares = uint96(liabilityShares_ - _amountOfShares); _decreaseRedemptions(_vault, _amountOfShares); _operatorGrid().onBurnedShares(_vault, _amountOfShares); } function _writeOffBadDebt( address _vault, VaultRecord storage _record, uint256 _maxSharesToWriteOff ) internal returns (uint256 badDebtWrittenOff) { uint256 liabilityShares_ = _record.liabilityShares; uint256 totalValueShares = _getSharesByPooledEth(_totalValue(_record)); if (totalValueShares > liabilityShares_) { revert NoBadDebtToWriteOff(_vault, totalValueShares, liabilityShares_); } badDebtWrittenOff = Math256.min(liabilityShares_ - totalValueShares, _maxSharesToWriteOff); _decreaseLiability(_vault, _record, badDebtWrittenOff); } function _rebalanceShortfall( VaultConnection storage _connection, VaultRecord storage _record ) internal view returns (uint256) { uint256 totalValue_ = _totalValue(_record); uint256 liabilityShares_ = _record.liabilityShares; bool isHealthy = !_isThresholdBreached( totalValue_, liabilityShares_, _connection.forcedRebalanceThresholdBP ); // Health vault do not need to rebalance if (isHealthy) { return 0; } uint256 reserveRatioBP = _connection.reserveRatioBP; uint256 maxMintableRatio = (TOTAL_BASIS_POINTS - reserveRatioBP); uint256 sharesByTotalValue = _getSharesByPooledEth(totalValue_); // Impossible to rebalance a vault with bad debt if (liabilityShares_ >= sharesByTotalValue) { // return MAX_UINT_256 return type(uint256).max; } // Solve the equation for X: // LS - liabilityShares, TV - sharesByTotalValue // MR - maxMintableRatio, 100 - TOTAL_BASIS_POINTS, RR - reserveRatio // X - amount of shares that should be withdrawn (TV - X) and used to repay the debt (LS - X) // to reduce the LS/TVS ratio back to MR // (LS - X) / (TV - X) = MR / 100 // (LS - X) * 100 = (TV - X) * MR // LS * 100 - X * 100 = TV * MR - X * MR // X * MR - X * 100 = TV * MR - LS * 100 // X * (MR - 100) = TV * MR - LS * 100 // X = (TV * MR - LS * 100) / (MR - 100) // X = (LS * 100 - TV * MR) / (100 - MR) // RR = 100 - MR // X = (LS * 100 - TV * MR) / RR return (liabilityShares_ * TOTAL_BASIS_POINTS - sharesByTotalValue * maxMintableRatio) / reserveRatioBP; } function _totalValue(VaultRecord storage _record) internal view returns (uint256) { Report memory report = _record.report; return uint256(int256(uint256(report.totalValue)) + _record.inOutDelta.value - report.inOutDelta); } function _maxLockableValue(VaultRecord storage _record, VaultObligations storage _obligations) internal view returns (uint256) { return _totalValue(_record) - _obligations.unsettledLidoFees; } function _isReportFresh(VaultRecord storage _record) internal view returns (bool) { uint256 latestReportTimestamp = _lazyOracle().latestReportTimestamp(); return // check if AccountingOracle brought fresh report uint32(latestReportTimestamp) == _record.report.timestamp && // if Accounting Oracle stop bringing the report, last report is fresh for 2 days block.timestamp - latestReportTimestamp < REPORT_FRESHNESS_DELTA; } function _isVaultHealthy( VaultConnection storage _connection, VaultRecord storage _record ) internal view returns (bool) { return !_isThresholdBreached( _totalValue(_record), _record.liabilityShares, _connection.forcedRebalanceThresholdBP ); } /// @dev Returns true if the vault liability breached the given threshold (inverted) function _isThresholdBreached( uint256 _vaultTotalValue, uint256 _vaultLiabilityShares, uint256 _thresholdBP ) internal view returns (bool) { uint256 liability = _getPooledEthBySharesRoundUp(_vaultLiabilityShares); return liability > _vaultTotalValue * (TOTAL_BASIS_POINTS - _thresholdBP) / TOTAL_BASIS_POINTS; } function _addVault(address _vault, VaultConnection memory _connection, VaultRecord memory _record) internal { Storage storage $ = _storage(); $.vaults.push(_vault); $.connections[_vault] = _connection; $.records[_vault] = _record; } function _deleteVault(address _vault, VaultConnection storage _connection) internal { Storage storage $ = _storage(); uint96 vaultIndex = _connection.vaultIndex; address lastVault = $.vaults[$.vaults.length - 1]; $.connections[lastVault].vaultIndex = vaultIndex; $.vaults[vaultIndex] = lastVault; $.vaults.pop(); delete $.connections[_vault]; delete $.records[_vault]; delete $.obligations[_vault]; } function _checkConnectionAndOwner(address _vault) internal view returns (VaultConnection storage connection) { connection = _checkConnection(_vault); _requireSender(connection.owner); } function _checkConnection(address _vault) internal view returns (VaultConnection storage) { _requireNotZero(_vault); VaultConnection storage connection = _vaultConnection(_vault); _requireConnected(connection, _vault); if (connection.pendingDisconnect) revert VaultIsDisconnecting(_vault); return connection; } /// @dev Caches the inOutDelta of the latest refSlot and updates the value function _updateInOutDelta(address _vault, VaultRecord storage _record, int112 _increment) internal { _record.inOutDelta = _record.inOutDelta.withValueIncrease({ _consensus: CONSENSUS_CONTRACT, _increment: _increment }); emit VaultInOutDeltaUpdated(_vault, _record.inOutDelta.value); } /** * @notice Updates the unsettled Lido fees obligations based on the report cumulative Lido fees * @param _vault The address of the vault * @param _reportCumulativeLidoFees The cumulative Lido fees reported in the report */ function _checkAndUpdateLidoFeesObligations( address _vault, VaultObligations storage _obligations, uint256 _reportCumulativeLidoFees ) internal { uint256 cumulativeSettledLidoFees = _obligations.settledLidoFees; uint256 cumulativeLidoFees = cumulativeSettledLidoFees + _obligations.unsettledLidoFees; if (_reportCumulativeLidoFees < cumulativeLidoFees) { revert InvalidFees(_vault, _reportCumulativeLidoFees, cumulativeLidoFees); } // update unsettled lido fees uint256 unsettledLidoFees = _reportCumulativeLidoFees - cumulativeSettledLidoFees; if (unsettledLidoFees != _obligations.unsettledLidoFees) { _obligations.unsettledLidoFees = uint128(unsettledLidoFees); emit LidoFeesUpdated(_vault, unsettledLidoFees, cumulativeSettledLidoFees); } } /** * @notice Calculates a settlement plan based on vault balance and obligations * @param _vault The address of the vault * @param _record The record of the vault * @param _obligations The obligations of the vault to be settled * @return valueToRebalance The ETH amount to be rebalanced for redemptions * @return sharesToRebalance The shares to be rebalanced for redemptions * @return valueToTransferToLido The ETH amount to be sent to the Lido * @return unsettledRedemptions The remaining redemptions after the planned settlement * @return unsettledLidoFees The remaining Lido fees after the planned settlement * @return totalUnsettled The total ETH value of obligations remaining after the planned settlement */ function _planSettlement( address _vault, VaultRecord storage _record, VaultObligations storage _obligations ) internal view returns ( uint256 valueToRebalance, uint256 sharesToRebalance, uint256 valueToTransferToLido, uint256 unsettledRedemptions, uint256 unsettledLidoFees, uint256 totalUnsettled ) { (valueToRebalance, sharesToRebalance, unsettledRedemptions) = _planRebalance(_vault, _record, _obligations); (valueToTransferToLido, unsettledLidoFees) = _planLidoTransfer(_vault, _record, _obligations, valueToRebalance); totalUnsettled = unsettledRedemptions + unsettledLidoFees; } /** * @notice Plans the amounts and shares to rebalance for redemptions * @param _vault The address of the vault * @param _record The record of the vault * @param _obligations The obligations of the vault * @return valueToRebalance The ETH amount to be rebalanced for redemptions * @return sharesToRebalance The shares to be rebalanced for redemptions * @return unsettledRedemptions The remaining redemptions after the planned settlement */ function _planRebalance( address _vault, VaultRecord storage _record, VaultObligations storage _obligations ) internal view returns (uint256 valueToRebalance, uint256 sharesToRebalance, uint256 unsettledRedemptions) { uint256 redemptionShares = _getSharesByPooledEth(_obligations.redemptions); uint256 maxRedemptionsValue = _getPooledEthBySharesRoundUp(redemptionShares); // if the max redemptions value is less than the redemptions, we need to round up the redemptions shares if (maxRedemptionsValue < _obligations.redemptions) redemptionShares += 1; uint256 cappedRedemptionsShares = Math256.min(_record.liabilityShares, redemptionShares); sharesToRebalance = Math256.min(cappedRedemptionsShares, _getSharesByPooledEth(_vault.balance)); valueToRebalance = _getPooledEthBySharesRoundUp(sharesToRebalance); unsettledRedemptions = _getPooledEthBySharesRoundUp(redemptionShares - sharesToRebalance); } /** * @notice Plans the amount to transfer to Lido for fees * @param _vault The address of the vault * @param _record The record of the vault * @param _obligations The obligations of the vault * @param _valueToRebalance The ETH amount already allocated for rebalancing * @return valueToTransferToLido The ETH amount to be sent to the Lido * @return unsettledLidoFees The remaining Lido fees after the planned settlement */ function _planLidoTransfer( address _vault, VaultRecord storage _record, VaultObligations storage _obligations, uint256 _valueToRebalance ) internal view returns (uint256 valueToTransferToLido, uint256 unsettledLidoFees) { uint256 vaultBalance = _vault.balance; uint256 remainingBalance = vaultBalance - _valueToRebalance; if (_vaultConnection(_vault).pendingDisconnect) { /// @dev connection deposit is unlocked, so it's available for fees valueToTransferToLido = Math256.min(_obligations.unsettledLidoFees, remainingBalance); } else { /// @dev connection deposit is permanently locked, so it's not available for fees /// @dev NB: Fees are deducted from the vault's current balance, which reduces the total value, so the /// current locked value must be considered to prevent the vault from entering an unhealthy state uint256 lockedValue = _record.locked; uint256 totalValue_ = _totalValue(_record); uint256 unlockedValue = totalValue_ > lockedValue ? totalValue_ - lockedValue : 0; uint256 availableForFees = Math256.min( unlockedValue > _valueToRebalance ? unlockedValue - _valueToRebalance : 0, remainingBalance ); valueToTransferToLido = Math256.min(_obligations.unsettledLidoFees, availableForFees); } unsettledLidoFees = _obligations.unsettledLidoFees - valueToTransferToLido; } /** * @notice Settles redemptions and Lido fee obligations for a vault * @param _vault The address of the vault to settle obligations for * @param _record The record of the vault to settle obligations for * @param _obligations The obligations of the vault to be settled * @param _allowedUnsettled The maximum allowable unsettled obligations post-settlement (triggers reverts) */ function _settleObligations( address _vault, VaultRecord storage _record, VaultObligations storage _obligations, uint256 _allowedUnsettled ) internal { ( uint256 valueToRebalance, uint256 sharesToRebalance, uint256 valueToTransferToLido, uint256 unsettledRedemptions, uint256 unsettledLidoFees, uint256 totalUnsettled ) = _planSettlement(_vault, _record, _obligations); // Enforce requirement for settlement completeness if (totalUnsettled > _allowedUnsettled) { revert VaultHasUnsettledObligations(_vault, totalUnsettled, _allowedUnsettled); } // Skip if no changes to obligations if (valueToTransferToLido == 0 && valueToRebalance == 0) { return; } if (valueToRebalance > 0) { _decreaseLiability(_vault, _record, sharesToRebalance); _withdraw(_vault, _record, address(this), valueToRebalance); _rebalanceExternalEtherToInternal(valueToRebalance); } if (valueToTransferToLido > 0) { _withdraw(_vault, _record, LIDO_LOCATOR.treasury(), valueToTransferToLido); _obligations.settledLidoFees += uint128(valueToTransferToLido); } _obligations.redemptions = uint128(unsettledRedemptions); _obligations.unsettledLidoFees = uint128(unsettledLidoFees); emit VaultObligationsSettled({ vault: _vault, rebalanced: valueToRebalance, transferredToLido: valueToTransferToLido, unsettledRedemptions: unsettledRedemptions, unsettledLidoFees: unsettledLidoFees, settledLidoFees: _obligations.settledLidoFees }); } function _decreaseRedemptions(address _vault, uint256 _shares) internal { VaultObligations storage obligations = _vaultObligations(_vault); if (obligations.redemptions > 0) { uint256 redemptionsValue = _getPooledEthBySharesRoundUp(_shares); uint256 decrease = Math256.min(obligations.redemptions, redemptionsValue); if (decrease > 0) { obligations.redemptions -= uint128(decrease); emit RedemptionsUpdated(_vault, obligations.redemptions); } } } function _totalUnsettledObligations(VaultObligations storage _obligations) internal view returns (uint256) { return _obligations.unsettledLidoFees + _obligations.redemptions; } function _checkAndUpdateBeaconChainDepositsPause( address _vault, VaultConnection storage _connection, VaultRecord storage _record ) internal { IStakingVault vault_ = IStakingVault(_vault); bool isHealthy = _isVaultHealthy(_connection, _record); bool isBeaconDepositsPaused = vault_.beaconChainDepositsPaused(); if (_totalUnsettledObligations(_vaultObligations(_vault)) >= UNSETTLED_THRESHOLD || !isHealthy) { if (!isBeaconDepositsPaused) vault_.pauseBeaconChainDeposits(); } else if (!_connection.isBeaconDepositsManuallyPaused) { if (isBeaconDepositsPaused) vault_.resumeBeaconChainDeposits(); } } /// @return the amount of ether that can be instantly withdrawn from the staking vault /// @dev this amount already accounts locked value and unsettled obligations function _withdrawableValue( address _vault, VaultRecord storage _record ) internal view returns (uint256) { uint256 totalValue_ = _totalValue(_record); uint256 lockedPlusUnsettled = _record.locked + _totalUnsettledObligations(_vaultObligations(_vault)); return Math256.min( _vault.balance, totalValue_ > lockedPlusUnsettled ? totalValue_ - lockedPlusUnsettled : 0 ); } function _storage() internal pure returns (Storage storage $) { assembly { $.slot := STORAGE_LOCATION } } function _vaultConnection(address _vault) internal view returns (VaultConnection storage) { return _storage().connections[_vault]; } function _vaultRecord(address _vault) internal view returns (VaultRecord storage) { return _storage().records[_vault]; } function _vaultObligations(address _vault) internal view returns (VaultObligations storage) { return _storage().obligations[_vault]; } function _operatorGrid() internal view returns (OperatorGrid) { return OperatorGrid(LIDO_LOCATOR.operatorGrid()); } function _lazyOracle() internal view returns (LazyOracle) { return LazyOracle(LIDO_LOCATOR.lazyOracle()); } function _predepositGuarantee() internal view returns (IPredepositGuarantee) { return IPredepositGuarantee(LIDO_LOCATOR.predepositGuarantee()); } function _getSharesByPooledEth(uint256 _ether) internal view returns (uint256) { return LIDO.getSharesByPooledEth(_ether); } function _getPooledEthByShares(uint256 _ether) internal view returns (uint256) { return LIDO.getPooledEthByShares(_ether); } function _getPooledEthBySharesRoundUp(uint256 _shares) internal view returns (uint256) { return LIDO.getPooledEthBySharesRoundUp(_shares); } function _rebalanceExternalEtherToInternal(uint256 _ether) internal { LIDO.rebalanceExternalEtherToInternal{value: _ether}(); } function _nodeOperator(address _vault) internal view returns (address) { return IStakingVault(_vault).nodeOperator(); } function _requireNotZero(uint256 _value) internal pure { if (_value == 0) revert ZeroArgument(); } function _requireNotZero(address _address) internal pure { if (_address == address(0)) revert ZeroAddress(); } function _requireSender(address _sender) internal view { if (msg.sender != _sender) revert NotAuthorized(); } function _requireLessThanBP(uint256 _valueBP, uint256 _maxValueBP) internal pure { if (_valueBP > _maxValueBP) revert InvalidBasisPoints(_valueBP, _maxValueBP); } function _requireSaneShareLimit(uint256 _shareLimit) internal view { uint256 maxSaneShareLimit = (LIDO.getTotalShares() * MAX_RELATIVE_SHARE_LIMIT_BP) / TOTAL_BASIS_POINTS; if (_shareLimit > maxSaneShareLimit) revert ShareLimitTooHigh(_shareLimit, maxSaneShareLimit); } function _requireConnected(VaultConnection storage _connection, address _vault) internal view { if (_connection.vaultIndex == 0) revert NotConnectedToHub(_vault); } function _requireFreshReport(address _vault, VaultRecord storage _record) internal view { if (!_isReportFresh(_record)) revert VaultReportStale(_vault); } // ----------------------------- // EVENTS // ----------------------------- event AllowedCodehashUpdated(bytes32 indexed codehash, bool allowed); event VaultConnected( address indexed vault, uint256 shareLimit, uint256 reserveRatioBP, uint256 forcedRebalanceThresholdBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ); event VaultConnectionUpdated( address indexed vault, uint256 shareLimit, uint256 reserveRatioBP, uint256 forcedRebalanceThresholdBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ); event VaultShareLimitUpdated(address indexed vault, uint256 newShareLimit); event VaultFeesUpdated( address indexed vault, uint256 preInfraFeeBP, uint256 preLiquidityFeeBP, uint256 preReservationFeeBP, uint256 infraFeeBP, uint256 liquidityFeeBP, uint256 reservationFeeBP ); event VaultDisconnectInitiated(address indexed vault); event VaultDisconnectCompleted(address indexed vault); event VaultDisconnectAborted(address indexed vault, uint256 slashingReserve); event VaultReportApplied( address indexed vault, uint256 reportTimestamp, uint256 reportTotalValue, int256 reportInOutDelta, uint256 reportCumulativeLidoFees, uint256 reportLiabilityShares, uint256 reportSlashingReserve ); event MintedSharesOnVault(address indexed vault, uint256 amountOfShares, uint256 lockedAmount); event BurnedSharesOnVault(address indexed vault, uint256 amountOfShares); event VaultRebalanced(address indexed vault, uint256 sharesBurned, uint256 etherWithdrawn); event VaultInOutDeltaUpdated(address indexed vault, int112 inOutDelta); event ForcedValidatorExitTriggered(address indexed vault, bytes pubkeys, address refundRecipient); /** * @notice Emitted when the manager is set * @param vault The address of the vault * @param newOwner The address of the new owner * @param oldOwner The address of the old owner */ event VaultOwnershipTransferred(address indexed vault, address indexed newOwner, address indexed oldOwner); event LidoFeesUpdated(address indexed vault, uint256 unsettledLidoFees, uint256 settledLidoFees); event RedemptionsUpdated(address indexed vault, uint256 unsettledRedemptions); event RedemptionsNotSet(address indexed vault, uint256 redemptionsValue); event VaultObligationsSettled( address indexed vault, uint256 rebalanced, uint256 transferredToLido, uint256 unsettledRedemptions, uint256 unsettledLidoFees, uint256 settledLidoFees ); // ----------------------------- // ERRORS // ----------------------------- event BadDebtSocialized(address indexed vaultDonor, address indexed vaultAcceptor, uint256 badDebtShares); event BadDebtWrittenOffToBeInternalized(address indexed vault, uint256 badDebtShares); error ZeroBalance(); /** * @notice Thrown when attempting to rebalance more ether than the current total value of the vault * @param totalValue Current total value of the vault * @param rebalanceAmount Amount attempting to rebalance (in ether) */ error RebalanceAmountExceedsTotalValue(uint256 totalValue, uint256 rebalanceAmount); /** * @notice Thrown when attempting to withdraw more ether than the available value of the vault * @param vault The address of the vault * @param withdrawable The available value of the vault * @param requested The amount attempting to withdraw */ error AmountExceedsWithdrawableValue(address vault, uint256 withdrawable, uint256 requested); error AlreadyHealthy(address vault); error VaultMintingCapacityExceeded( address vault, uint256 totalValue, uint256 liabilityShares, uint256 newRebalanceThresholdBP ); error InsufficientSharesToBurn(address vault, uint256 amount); error ShareLimitExceeded(address vault, uint256 expectedSharesAfterMint, uint256 shareLimit); error AlreadyConnected(address vault, uint256 index); error NotConnectedToHub(address vault); error NotAuthorized(); error ZeroAddress(); error ZeroArgument(); error InvalidBasisPoints(uint256 valueBP, uint256 maxValueBP); error ShareLimitTooHigh(uint256 shareLimit, uint256 maxShareLimit); error InsufficientValueToMint(address vault, uint256 maxLockableValue); error NoLiabilitySharesShouldBeLeft(address vault, uint256 liabilityShares); error CodehashNotAllowed(address vault, bytes32 codehash); error InvalidFees(address vault, uint256 newFees, uint256 oldFees); error VaultOssified(address vault); error VaultInsufficientBalance(address vault, uint256 currentBalance, uint256 expectedBalance); error VaultReportStale(address vault); error PDGNotDepositor(address vault); error ZeroCodehash(); error VaultHubNotPendingOwner(address vault); error UnhealthyVaultCannotDeposit(address vault); error VaultIsDisconnecting(address vault); error VaultHasUnsettledObligations(address vault, uint256 unsettledObligations, uint256 allowedUnsettled); error PartialValidatorWithdrawalNotAllowed(); error ForcedValidatorExitNotAllowed(); error NoBadDebtToWriteOff(address vault, uint256 totalValueShares, uint256 liabilityShares); error BadDebtSocializationNotAllowed(); }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.5.0; interface IDepositContract { function get_deposit_root() external view returns (bytes32 rootHash); function deposit( bytes calldata pubkey, // 48 bytes bytes calldata withdrawal_credentials, // 32 bytes bytes calldata signature, // 96 bytes bytes32 deposit_data_root ) external payable; }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.5.0; interface IHashConsensus { function getIsMember(address addr) external view returns (bool); function getCurrentFrame() external view returns ( uint256 refSlot, uint256 reportProcessingDeadlineSlot ); function getChainConfig() external view returns ( uint256 slotsPerEpoch, uint256 secondsPerSlot, uint256 genesisTime ); function getFrameConfig() external view returns (uint256 initialEpoch, uint256 epochsPerFrame); function getInitialRefSlot() external view returns (uint256); }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.5.0; /** * Interface to connect AccountingOracle with LazyOracle and force type consistency */ interface ILazyOracle { function updateReportData( uint256 _timestamp, bytes32 _vaultsDataTreeRoot, string memory _vaultsDataReportCid ) external; }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.8.0; import {IERC20} from "@openzeppelin/contracts-v4.4/token/ERC20/IERC20.sol"; import {IVersioned} from "contracts/common/interfaces/IVersioned.sol"; interface ILido is IERC20, IVersioned { function sharesOf(address) external view returns (uint256); function getSharesByPooledEth(uint256) external view returns (uint256); function getPooledEthByShares(uint256) external view returns (uint256); function getPooledEthBySharesRoundUp(uint256) external view returns (uint256); function transferSharesFrom(address, address, uint256) external returns (uint256); function transferShares(address, uint256) external returns (uint256); function rebalanceExternalEtherToInternal() external payable; function getTotalPooledEther() external view returns (uint256); function getExternalEther() external view returns (uint256); function getExternalShares() external view returns (uint256); function mintExternalShares(address, uint256) external; function burnExternalShares(uint256) external; function getTotalShares() external view returns (uint256); function getBeaconStat() external view returns (uint256 depositedValidators, uint256 beaconValidators, uint256 beaconBalance); function processClStateUpdate( uint256 _reportTimestamp, uint256 _preClValidators, uint256 _reportClValidators, uint256 _reportClBalance ) external; function collectRewardsAndProcessWithdrawals( uint256 _reportTimestamp, uint256 _reportClBalance, uint256 _adjustedPreCLBalance, uint256 _withdrawalsToWithdraw, uint256 _elRewardsToWithdraw, uint256 _lastWithdrawalRequestToFinalize, uint256 _simulatedShareRate, uint256 _etherToLockOnWithdrawalQueue ) external; function emitTokenRebase( uint256 _reportTimestamp, uint256 _timeElapsed, uint256 _preTotalShares, uint256 _preTotalEther, uint256 _postTotalShares, uint256 _postTotalEther, uint256 _postInternalShares, uint256 _postInternalEther, uint256 _sharesMintedAsFees ) external; function mintShares(address _recipient, uint256 _sharesAmount) external; function internalizeExternalBadDebt(uint256 _amountOfShares) external; }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line lido/fixed-compiler-version pragma solidity >=0.4.24 <0.9.0; interface ILidoLocator { function accountingOracle() external view returns(address); function depositSecurityModule() external view returns(address); function elRewardsVault() external view returns(address); function lido() external view returns(address); function oracleReportSanityChecker() external view returns(address); function burner() external view returns(address); function stakingRouter() external view returns(address); function treasury() external view returns(address); function validatorsExitBusOracle() external view returns(address); function withdrawalQueue() external view returns(address); function withdrawalVault() external view returns(address); function postTokenRebaseReceiver() external view returns(address); function oracleDaemonConfig() external view returns(address); function validatorExitDelayVerifier() external view returns (address); function triggerableWithdrawalsGateway() external view returns (address); function accounting() external view returns (address); function predepositGuarantee() external view returns (address); function wstETH() external view returns (address); function vaultHub() external view returns (address); function vaultFactory() external view returns (address); function lazyOracle() external view returns (address); function operatorGrid() external view returns (address); /// @notice Returns core Lido protocol component addresses in a single call /// @dev This function provides a gas-efficient way to fetch multiple component addresses in a single call function coreComponents() external view returns( address elRewardsVault, address oracleReportSanityChecker, address stakingRouter, address treasury, address withdrawalQueue, address withdrawalVault ); /// @notice Returns addresses of components involved in processing oracle reports in the Lido contract /// @dev This function provides a gas-efficient way to fetch multiple component addresses in a single call function oracleReportComponents() external view returns( address accountingOracle, address oracleReportSanityChecker, address burner, address withdrawalQueue, address postTokenRebaseReceiver, address stakingRouter, address vaultHub ); }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // See contracts/COMPILERS.md // solhint-disable-next-line pragma solidity >=0.4.24; interface IVersioned { /// @notice Returns the current contract version. function getContractVersion() external view returns (uint256); }
// SPDX-FileCopyrightText: 2023 Lido <[email protected]> // SPDX-License-Identifier: MIT // Copied from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0457042d93d9dfd760dbaa06a4d2f1216fdbe297/contracts/utils/math/Math.sol // See contracts/COMPILERS.md // solhint-disable-next-line pragma solidity >=0.4.24 <0.9.0; library Math256 { /// @dev Returns the largest of two numbers. function max(uint256 a, uint256 b) internal pure returns (uint256) { return a > b ? a : b; } /// @dev Returns the smallest of two numbers. function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } /// @dev Returns the largest of two numbers. function max(int256 a, int256 b) internal pure returns (int256) { return a > b ? a : b; } /// @dev Returns the smallest of two numbers. function min(int256 a, int256 b) internal pure returns (int256) { return a < b ? a : b; } /// @dev Returns the ceiling of the division of two numbers. /// /// This differs from standard division with `/` in that it rounds up instead /// of rounding down. function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b - 1) / b can overflow on addition, so we distribute. return a == 0 ? 0 : (a - 1) / b + 1; } /// @dev Returns absolute difference of two numbers. function absDiff(uint256 a, uint256 b) internal pure returns (uint256) { return a > b ? a - b : b - a; } }
// SPDX-FileCopyrightText: 2023 Lido <[email protected]>, Aragon // SPDX-License-Identifier: MIT // solhint-disable-next-line lido/fixed-compiler-version pragma solidity ^0.8.9; library UnstructuredStorage { function getStorageBool(bytes32 position) internal view returns (bool data) { assembly { data := sload(position) } } function getStorageAddress(bytes32 position) internal view returns (address data) { assembly { data := sload(position) } } function getStorageBytes32(bytes32 position) internal view returns (bytes32 data) { assembly { data := sload(position) } } function getStorageUint256(bytes32 position) internal view returns (uint256 data) { assembly { data := sload(position) } } function setStorageBool(bytes32 position, bool data) internal { assembly { sstore(position, data) } } function setStorageAddress(bytes32 position, address data) internal { assembly { sstore(position, data) } } function setStorageBytes32(bytes32 position, bytes32 data) internal { assembly { sstore(position, data) } } function setStorageUint256(bytes32 position, uint256 data) internal { assembly { sstore(position, data) } } }
// SPDX-FileCopyrightText: 2025 Lido <[email protected]> // SPDX-License-Identifier: GPL-3.0 // solhint-disable-next-line lido/fixed-compiler-version pragma solidity ^0.8.9; import {UnstructuredStorage} from "contracts/common/lib/UnstructuredStorage.sol"; /** * @title PausableUntil * @notice allows to pause the contract for a specific duration or indefinitely */ abstract contract PausableUntil { using UnstructuredStorage for bytes32; /// Contract resume/pause control storage slot bytes32 internal constant RESUME_SINCE_TIMESTAMP_POSITION = keccak256("lido.PausableUntil.resumeSinceTimestamp"); /// Special value for the infinite pause uint256 public constant PAUSE_INFINITELY = type(uint256).max; /// @notice Emitted when paused by the `pauseFor` or `pauseUntil` call event Paused(uint256 duration); /// @notice Emitted when resumed by the `resume` call event Resumed(); error ZeroPauseDuration(); error PausedExpected(); error ResumedExpected(); error PauseUntilMustBeInFuture(); /// @notice Reverts if paused modifier whenResumed() { _checkResumed(); _; } /// @notice Returns whether the contract is paused function isPaused() public view returns (bool) { return block.timestamp < RESUME_SINCE_TIMESTAMP_POSITION.getStorageUint256(); } /// @notice Returns one of: /// - PAUSE_INFINITELY if paused infinitely returns /// - the timestamp when the contract get resumed if paused for specific duration /// - some timestamp in past if not paused function getResumeSinceTimestamp() external view returns (uint256) { return RESUME_SINCE_TIMESTAMP_POSITION.getStorageUint256(); } function _checkPaused() internal view { if (!isPaused()) { revert PausedExpected(); } } function _checkResumed() internal view { if (isPaused()) { revert ResumedExpected(); } } function _resume() internal { _checkPaused(); RESUME_SINCE_TIMESTAMP_POSITION.setStorageUint256(block.timestamp); emit Resumed(); } function _pauseFor(uint256 _duration) internal { _checkResumed(); if (_duration == 0) revert ZeroPauseDuration(); uint256 resumeSince; if (_duration == PAUSE_INFINITELY) { resumeSince = PAUSE_INFINITELY; } else { resumeSince = block.timestamp + _duration; } _setPausedState(resumeSince); } function _pauseUntil(uint256 _pauseUntilInclusive) internal { _checkResumed(); if (_pauseUntilInclusive < block.timestamp) revert PauseUntilMustBeInFuture(); uint256 resumeSince; if (_pauseUntilInclusive != PAUSE_INFINITELY) { resumeSince = _pauseUntilInclusive + 1; } else { resumeSince = PAUSE_INFINITELY; } _setPausedState(resumeSince); } function _setPausedState(uint256 _resumeSince) internal { RESUME_SINCE_TIMESTAMP_POSITION.setStorageUint256(_resumeSince); if (_resumeSince == PAUSE_INFINITELY) { emit Paused(PAUSE_INFINITELY); } else { emit Paused(_resumeSince - block.timestamp); } } }
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "@openzeppelin/contracts-v5.2/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
struct AccessControlStorage {
mapping(bytes32 role => RoleData) _roles;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
assembly {
$.slot := AccessControlStorageLocation
}
}
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
AccessControlStorage storage $ = _getAccessControlStorage();
bytes32 previousAdminRole = getRoleAdmin(role);
$._roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (!hasRole(role, account)) {
$._roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` from `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (hasRole(role, account)) {
$._roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/extensions/AccessControlEnumerable.sol)
pragma solidity ^0.8.20;
import {IAccessControlEnumerable} from "@openzeppelin/contracts-v5.2/access/extensions/IAccessControlEnumerable.sol";
import {AccessControlUpgradeable} from "../AccessControlUpgradeable.sol";
import {EnumerableSet} from "@openzeppelin/contracts-v5.2/utils/structs/EnumerableSet.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerableUpgradeable is Initializable, IAccessControlEnumerable, AccessControlUpgradeable {
using EnumerableSet for EnumerableSet.AddressSet;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControlEnumerable
struct AccessControlEnumerableStorage {
mapping(bytes32 role => EnumerableSet.AddressSet) _roleMembers;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControlEnumerable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlEnumerableStorageLocation = 0xc1f6fe24621ce81ec5827caf0253cadb74709b061630e6b55e82371705932000;
function _getAccessControlEnumerableStorage() private pure returns (AccessControlEnumerableStorage storage $) {
assembly {
$.slot := AccessControlEnumerableStorageLocation
}
}
function __AccessControlEnumerable_init() internal onlyInitializing {
}
function __AccessControlEnumerable_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view virtual returns (address) {
AccessControlEnumerableStorage storage $ = _getAccessControlEnumerableStorage();
return $._roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view virtual returns (uint256) {
AccessControlEnumerableStorage storage $ = _getAccessControlEnumerableStorage();
return $._roleMembers[role].length();
}
/**
* @dev Return all accounts that have `role`
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function getRoleMembers(bytes32 role) public view virtual returns (address[] memory) {
AccessControlEnumerableStorage storage $ = _getAccessControlEnumerableStorage();
return $._roleMembers[role].values();
}
/**
* @dev Overload {AccessControl-_grantRole} to track enumerable memberships
*/
function _grantRole(bytes32 role, address account) internal virtual override returns (bool) {
AccessControlEnumerableStorage storage $ = _getAccessControlEnumerableStorage();
bool granted = super._grantRole(role, account);
if (granted) {
$._roleMembers[role].add(account);
}
return granted;
}
/**
* @dev Overload {AccessControl-_revokeRole} to track enumerable memberships
*/
function _revokeRole(bytes32 role, address account) internal virtual override returns (bool) {
AccessControlEnumerableStorage storage $ = _getAccessControlEnumerableStorage();
bool revoked = super._revokeRole(role, account);
if (revoked) {
$._roleMembers[role].remove(account);
}
return revoked;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/ERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "@openzeppelin/contracts-v5.2/utils/introspection/IERC165.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*/
abstract contract ERC165Upgradeable is Initializable, IERC165 {
function __ERC165_init() internal onlyInitializing {
}
function __ERC165_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}{
"optimizer": {
"enabled": true,
"runs": 200
},
"viaIR": true,
"evmVersion": "cancun",
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"libraries": {}
}Contract ABI
API[{"inputs":[{"internalType":"address","name":"_lidoLocator","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"AccessControlBadConfirmation","type":"error"},{"inputs":[{"internalType":"address","name":"account","type":"address"},{"internalType":"bytes32","name":"neededRole","type":"bytes32"}],"name":"AccessControlUnauthorizedAccount","type":"error"},{"inputs":[],"name":"AdminCannotBeZero","type":"error"},{"inputs":[],"name":"InvalidInitialization","type":"error"},{"inputs":[],"name":"InvalidProof","type":"error"},{"inputs":[],"name":"NotAuthorized","type":"error"},{"inputs":[],"name":"NotInitializing","type":"error"},{"inputs":[],"name":"TotalValueTooLarge","type":"error"},{"inputs":[],"name":"UnderflowInTotalValueCalculation","type":"error"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint64","name":"version","type":"uint64"}],"name":"Initialized","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"vault","type":"address"},{"indexed":false,"internalType":"uint128","name":"delta","type":"uint128"}],"name":"QuarantineExpired","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"vault","type":"address"},{"indexed":false,"internalType":"uint128","name":"delta","type":"uint128"}],"name":"QuarantinedDeposit","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"bytes32","name":"role","type":"bytes32"},{"indexed":true,"internalType":"bytes32","name":"previousAdminRole","type":"bytes32"},{"indexed":true,"internalType":"bytes32","name":"newAdminRole","type":"bytes32"}],"name":"RoleAdminChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"bytes32","name":"role","type":"bytes32"},{"indexed":true,"internalType":"address","name":"account","type":"address"},{"indexed":true,"internalType":"address","name":"sender","type":"address"}],"name":"RoleGranted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"bytes32","name":"role","type":"bytes32"},{"indexed":true,"internalType":"address","name":"account","type":"address"},{"indexed":true,"internalType":"address","name":"sender","type":"address"}],"name":"RoleRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint64","name":"quarantinePeriod","type":"uint64"},{"indexed":false,"internalType":"uint16","name":"maxRewardRatioBP","type":"uint16"}],"name":"SanityParamsUpdated","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"timestamp","type":"uint256"},{"indexed":true,"internalType":"bytes32","name":"root","type":"bytes32"},{"indexed":false,"internalType":"string","name":"cid","type":"string"}],"name":"VaultsReportDataUpdated","type":"event"},{"inputs":[],"name":"DEFAULT_ADMIN_ROLE","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"LIDO_LOCATOR","outputs":[{"internalType":"contract ILidoLocator","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"UPDATE_SANITY_PARAMS_ROLE","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_vault","type":"address"},{"internalType":"uint256","name":"_totalValue","type":"uint256"}],"name":"_handleSanityChecks","outputs":[{"internalType":"uint256","name":"totalValueWithoutQuarantine","type":"uint256"},{"internalType":"int256","name":"inOutDeltaOnRefSlot","type":"int256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"_offset","type":"uint256"},{"internalType":"uint256","name":"_limit","type":"uint256"}],"name":"batchVaultsInfo","outputs":[{"components":[{"internalType":"address","name":"vault","type":"address"},{"internalType":"uint96","name":"vaultIndex","type":"uint96"},{"internalType":"uint256","name":"balance","type":"uint256"},{"internalType":"bytes32","name":"withdrawalCredentials","type":"bytes32"},{"internalType":"uint256","name":"liabilityShares","type":"uint256"},{"internalType":"uint256","name":"mintableStETH","type":"uint256"},{"internalType":"uint96","name":"shareLimit","type":"uint96"},{"internalType":"uint16","name":"reserveRatioBP","type":"uint16"},{"internalType":"uint16","name":"forcedRebalanceThresholdBP","type":"uint16"},{"internalType":"uint16","name":"infraFeeBP","type":"uint16"},{"internalType":"uint16","name":"liquidityFeeBP","type":"uint16"},{"internalType":"uint16","name":"reservationFeeBP","type":"uint16"},{"internalType":"bool","name":"pendingDisconnect","type":"bool"}],"internalType":"struct LazyOracle.VaultInfo[]","name":"","type":"tuple[]"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"}],"name":"getRoleAdmin","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"uint256","name":"index","type":"uint256"}],"name":"getRoleMember","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"}],"name":"getRoleMemberCount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"}],"name":"getRoleMembers","outputs":[{"internalType":"address[]","name":"","type":"address[]"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"grantRole","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"hasRole","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_admin","type":"address"},{"internalType":"uint64","name":"_quarantinePeriod","type":"uint64"},{"internalType":"uint16","name":"_maxRewardRatioBP","type":"uint16"}],"name":"initialize","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"latestReportData","outputs":[{"internalType":"uint64","name":"timestamp","type":"uint64"},{"internalType":"bytes32","name":"treeRoot","type":"bytes32"},{"internalType":"string","name":"reportCid","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"latestReportTimestamp","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"maxRewardRatioBP","outputs":[{"internalType":"uint16","name":"","type":"uint16"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"quarantinePeriod","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"callerConfirmation","type":"address"}],"name":"renounceRole","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"revokeRole","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes4","name":"interfaceId","type":"bytes4"}],"name":"supportsInterface","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_vaultsDataTimestamp","type":"uint256"},{"internalType":"bytes32","name":"_vaultsDataTreeRoot","type":"bytes32"},{"internalType":"string","name":"_vaultsDataReportCid","type":"string"}],"name":"updateReportData","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint64","name":"_quarantinePeriod","type":"uint64"},{"internalType":"uint16","name":"_maxRewardRatioBP","type":"uint16"}],"name":"updateSanityParams","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_vault","type":"address"},{"internalType":"uint256","name":"_totalValue","type":"uint256"},{"internalType":"uint256","name":"_cumulativeLidoFees","type":"uint256"},{"internalType":"uint256","name":"_liabilityShares","type":"uint256"},{"internalType":"uint256","name":"_slashingReserve","type":"uint256"},{"internalType":"bytes32[]","name":"_proof","type":"bytes32[]"}],"name":"updateVaultData","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_vault","type":"address"}],"name":"vaultQuarantine","outputs":[{"components":[{"internalType":"bool","name":"isActive","type":"bool"},{"internalType":"uint256","name":"pendingTotalValueIncrease","type":"uint256"},{"internalType":"uint256","name":"startTimestamp","type":"uint256"},{"internalType":"uint256","name":"endTimestamp","type":"uint256"}],"internalType":"struct LazyOracle.QuarantineInfo","name":"","type":"tuple"}],"stateMutability":"view","type":"function"}]Contract Creation Code
60a03461011b576001600160401b0390601f61274c38819003918201601f19168301918483118484101761011f5780849260209460405283398101031261011b57516001600160a01b0381169081900361011b576080527ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a009081549060ff8260401c166101095780808316036100c4575b6040516126189081610134823960805181818161019f01528181610562015281816105ee01528181610ee001526120e70152f35b6001600160401b031990911681179091556040519081527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d290602090a15f8080610090565b60405163f92ee8a960e01b8152600490fd5b5f80fd5b634e487b7160e01b5f52604160045260245ffdfe6080806040526004361015610012575f80fd5b5f905f3560e01c90816301ffc9a7146117b057508063228aa8431461165d57806323fad2a31461162a578063248a9ca3146115f15780632f2ff15d1461157457806332a0e907146113c357806336568abe1461137c57806378c44e62146112c65780639010d07c1461127557806391d1485414611220578063a217fddf14611206578063a3246ad314611151578063a37c62c014610e47578063a64e320c14610dfb578063b3280f6a14610dc6578063c1df0c6414610b25578063c6290e3514610af2578063ca15c87314610abc578063d1b303c91461021c578063d547741f146101ce578063dbba4b4814610189578063f255126e146101585763f98fc06d1461011b575f80fd5b3461015557806003193601126101555760206040517f6890cb850d828035e46639138472d76ff8109e32a8c794a0c5ab8fa82e5763318152f35b80fd5b5034610155578060031936011261015557602061ffff5f805160206125c38339815191525460801c16604051908152f35b50346101555780600319360112610155576040517f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03168152602090f35b5034610155576040366003190112610155576102186004356101ee611857565b908084525f805160206125a38339815191526020526102136001604086200154612180565b612254565b5080f35b5034610155576040366003190112610155576024356001600160a01b036102416120c9565b1690604051631112eee760e31b8152602081600481865afa908115610ab1578491610a7f575b5080600435115f14610a53575050815b61028081611f82565b9161028e60405193846118bf565b81835261029a82611f82565b601f1901845b8181106109e9575050835b82811061039e578385604051918291602083016020845282518091526020604085019301915b8181106102df575050500390f35b9193509160206101a06001928651848060a01b038151168252838101516001600160601b038091168584015260408201516040840152606080830151908401526080808301519084015260a0808301519084015260c09081830151169083015260e081015161ffff80911660e084015261010081818401511690840152610120818184015116908401526101408181840151169084015261016090818301511690830152610180809101511515908201520194019101918493926102d1565b6103aa81600435611f99565b90600182018092116109d557604051916335ee70db60e11b83526004830152602082602481865afa9182156109ca57869261098a575b5060405163280be2f560e01b81526001600160a01b03831660048201529161014083602481875afa92831561097f57879361095c575b50604051630e8ddced60e41b81526001600160a01b03821660048201529261010084602481885afa93841561095157889461091e575b50604081810151905163266bcf0560e11b8152946001600160601b03909116906001600160a01b03841680319190602090889060049082905afa968715610913578b976108da575b50604001516001600160601b0316956001600160a01b036104b36120c9565b604051632de0e07560e01b81526001600160a01b03881660048201529116908c602082602481865afa9182156107855781926108a4575b5060405163280be2f560e01b81526001600160a01b0389166004820152919261014090839060249082905afa80156107855761ffff9260809291610873575b500151166127108181031161085f576127109161054891830390612154565b604051631734070560e31b815291900497906020816004817f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03165afa908115610811578d9161081c575b50604051630131592760e61b81526001600160a01b038881166004830152909160209183916024918391165afa908115610811578d916107df575b506040516323509a2d60e01b8152908d906020836004817f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03165afa9283156107d4578293610792575b506040516240cd2760e21b8152600481019190915291602090839060249082906001600160a01b03165afa91821561078557819261073a575b50986106cd9796959493929160019a508082105f1461073357505b6001600160601b036020870151169061ffff6080880151169261ffff60a0890151169461ffff60c08a0151169661ffff60e08b01511698606061ffff6101008d0151169b015115159b6040519d8e61186d565b8f8060a01b03168d5260208d015260408c015260608b015260808a015260a089015260c088015260e087015261010086015261012085015261014084015261016083015261018082015261072182876120a1565b5261072c81866120a1565b50016102ab565b905061067a565b9796959493929150506020873d60201161077d575b8161075c602093836118bf565b8101031261077957955194959394929391929091908c600161065f565b5f80fd5b3d915061074f565b50604051903d90823e3d90fd5b9092506020813d6020116107cc575b816107ae602093836118bf565b810103126107c8576107c1602091611e92565b9290610626565b5080fd5b3d91506107a1565b6040513d84823e3d90fd5b90506020813d602011610809575b816107fa602093836118bf565b8101031261077957515f6105d5565b3d91506107ed565b6040513d8f823e3d90fd5b90506020813d602011610857575b81610837602093836118bf565b8101031261085357602061084c602492611e92565b915061059a565b8c80fd5b3d915061082a565b634e487b7160e01b8d52601160045260248dfd5b61089791506101403d6101401161089d575b61088f81836118bf565b810190611fcf565b5f610529565b503d610885565b9150506020813d6020116108d2575b816108c0602093836118bf565b8101031261077957518c6101406104ea565b3d91506108b3565b9096506020813d60201161090b575b816108f6602093836118bf565b810103126109075751956040610494565b8a80fd5b3d91506108e9565b6040513d8d823e3d90fd5b6109439194506101003d6101001161094a575b61093b81836118bf565b81019061194b565b925f61044c565b503d610931565b6040513d8a823e3d90fd5b6109789193506101403d6101401161089d5761088f81836118bf565b915f610416565b6040513d89823e3d90fd5b9091506020813d6020116109c2575b816109a6602093836118bf565b810103126109be576109b790611e92565b905f6103e0565b8580fd5b3d9150610999565b6040513d88823e3d90fd5b634e487b7160e01b86526011600452602486fd5b6020906040516109f88161186d565b87815287838201528760408201528760608201528760808201528760a08201528760c08201528760e08201528761010082015287610120820152876101408201528761016082015287610180820152828288010152016102a0565b80610a6083600435611f99565b1115610a7957610a74915060043590611fa6565b610277565b50610277565b90506020813d602011610aa9575b81610a9a602093836118bf565b8101031261077957515f610267565b3d9150610a8d565b6040513d86823e3d90fd5b503461015557602036600319011261015557604060209160043581525f8051602061258383398151915283522054604051908152f35b503461015557806003193601126101555760206001600160401b035f805160206125c38339815191525416604051908152f35b50346107795760c036600319011261077957610b3f611841565b906001600160401b0360a435116107795736602360a435011215610779576001600160401b0360a43560040135116107795736602460a4356004013560051b60a4350101116107795760405160018060a01b038316602082015260243560408201526044356060820152606435608082015260843560a082015260a081528060c08101106001600160401b0360c083011117610d855760c081016040528051602082012060e0820152602060c082015260c081016101008201106001600160401b0361010083011117610d8557610100810160405260e060c08201519101207fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d005491610c5060a43560040135611f82565b91610c5e60405193846118bf565b60a43560048101358452602401602084015b602460a4356004013560051b60a43501018210610db6575050935f945b8351861015610ccf57610ca086856120a1565b519081811015610cbe575f52602052600160405f205b950194610c8d565b905f52602052600160405f20610cb6565b8403610da457610ce160243582611a6f565b90916001600160a01b03610cf36120c9565b166001600160401b035f805160206125c3833981519152541691813b15610779575f60e49281956040519788968795630abf7f9d60e31b875260018060a01b03166004870152602486015260448501526064840152604435608484015260643560a484015260843560c48401525af18015610d9957610d70575080f35b90506001600160401b038111610d8557604052005b634e487b7160e01b5f52604160045260245ffd5b6040513d5f823e3d90fd5b6040516309bde33960e01b8152600490fd5b8135815260209182019101610c70565b34610779575f3660031901126107795760206001600160401b035f805160206125c38339815191525460401c16604051908152f35b34610779576020366003190112610779576080610e1e610e19611841565b611ea6565b606060405191805115158352602081015160208401526040810151604084015201516060820152f35b34610779576060366003190112610779576001600160401b03602435600435604435838111610779573660238201121561077957806004013593808511610d8557602090601f199560405193610ea48489601f85011601866118bf565b818552366024838301011161077957815f9260248693018388013785010152604051635a2031f960e01b81526001600160a01b039083816004817f000000000000000000000000000000000000000000000000000000000000000086165afa908115610d99575f9161111c575b5016330361110a575f805160206125c38339815191528185166001600160401b0319825416179055847fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d00558251908111610d85577fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d0190610f9182546118e0565b601f81116110a9575b508296601f821160011461100c5750807fad3158720d6ee6f66befe2e3f399fdfbc682d6746c570fa8d53d76de203ceed89596975f91611001575b508160011b915f199060031b1c19161790555b610ffc60405192828493845283019061181d565b0390a3005b905084015188610fd5565b811696825f527f46d8a17685fc9309ccb5cf9a7c967d84e1e26e8908e22845a45e99569a45569d975f5b81811061109257509782916001937fad3158720d6ee6f66befe2e3f399fdfbc682d6746c570fa8d53d76de203ceed898999a1061107a575b5050811b019055610fe8565b8601515f1960f88460031b161c19169055888061106e565b868301518a55600190990198918501918501611036565b825f527f46d8a17685fc9309ccb5cf9a7c967d84e1e26e8908e22845a45e99569a45569d601f830160051c810191858410611100575b601f0160051c01905b8181106110f55750610f9a565b5f81556001016110e8565b90915081906110df565b60405163ea8e4eb560e01b8152600490fd5b90508381813d831161114a575b61113381836118bf565b810103126107795761114490611e92565b88610f11565b503d611129565b3461077957602080600319360112610779576004355f525f80516020612583833981519152815260405f20604051908183825491828152019081925f52845f20905f5b868282106111f25786866111aa828803836118bf565b60405192839281840190828552518091526040840192915f5b8281106111d257505050500390f35b83516001600160a01b0316855286955093810193928101926001016111c3565b835485529093019260019283019201611194565b34610779575f3660031901126107795760206040515f8152f35b3461077957604036600319011261077957611239611857565b6004355f525f805160206125a383398151915260205260405f209060018060a01b03165f52602052602060ff60405f2054166040519015158152f35b34610779576040366003190112610779576004355f525f8051602061258383398151915260205260206112ad60243560405f20612440565b905460405160039290921b1c6001600160a01b03168152f35b34610779576040366003190112610779576004356001600160401b03811681036107795760243561ffff8116810361077957335f9081527f123a78dffc32297b393b04b2161fac9ffe1dae62d24044ba2c8b0bcd45c7de8060205260409020547f6890cb850d828035e46639138472d76ff8109e32a8c794a0c5ab8fa82e576331929060ff161561135d5761135b92506121cc565b005b60405163e2517d3f60e01b815233600482015260248101849052604490fd5b3461077957604036600319011261077957611395611857565b336001600160a01b038216036113b15761135b90600435612254565b60405163334bd91960e11b8152600490fd5b34610779576060366003190112610779576113dc611841565b602435906001600160401b039081831683036107795760443561ffff81168103610779577ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a0093845460ff8160401c16159481168015908161156c575b6001149081611562575b159081611559575b506115475767ffffffffffffffff198116600117865584611528575b506001600160a01b03831680156115165761148361148e9461229a565b6114d1575b506121cc565b61149457005b68ff00000000000000001981541690557fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2602060405160018152a1005b5f80525f8051602061258383398151915260205261150f907f615f0f9e84155bea8cc509fe18befeb1baf65611e38a6ba60964480fb29dfd44612455565b5085611488565b604051636b35b1b760e01b8152600490fd5b68ffffffffffffffffff19166801000000000000000117855585611466565b60405163f92ee8a960e01b8152600490fd5b9050158761144a565b303b159150611442565b869150611438565b3461077957604036600319011261077957600435611590611857565b815f525f805160206125a38339815191526020526115b4600160405f200154612180565b6115be8183612337565b6115c457005b5f9182525f80516020612583833981519152602052604090912061135b916001600160a01b031690612455565b34610779576020366003190112610779576004355f525f805160206125a38339815191526020526020600160405f200154604051908152f35b34610779576040366003190112610779576040611651611648611841565b60243590611a6f565b82519182526020820152f35b34610779575f366003190112610779576001600160401b035f805160206125c383398151915254167fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d005490604051905f917fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d01938454946116dc866118e0565b9081845260209687916001916001811690815f1461178d5750600114611731575b505050506117118261172d949503836118bf565b604051948594855284015260606040840152606083019061181d565b0390f35b90929196505f527f46d8a17685fc9309ccb5cf9a7c967d84e1e26e8908e22845a45e99569a45569d915f925b82841061177a575050508201909301926117118561172d846116fd565b805486850189015292870192810161175d565b60ff19168488015250505090151560051b83010193506117118561172d846116fd565b34610779576020366003190112610779576004359063ffffffff60e01b821680920361077957602091635a05180f60e01b81149081156117f2575b5015158152f35b637965db0b60e01b81149150811561180c575b50836117eb565b6301ffc9a760e01b14905083611805565b805180835260209291819084018484015e5f828201840152601f01601f1916010190565b600435906001600160a01b038216820361077957565b602435906001600160a01b038216820361077957565b6101a081019081106001600160401b03821117610d8557604052565b608081019081106001600160401b03821117610d8557604052565b606081019081106001600160401b03821117610d8557604052565b90601f801991011681019081106001600160401b03821117610d8557604052565b90600182811c9216801561190e575b60208310146118fa57565b634e487b7160e01b5f52602260045260245ffd5b91607f16916118ef565b519081600d0b820361077957565b519063ffffffff8216820361077957565b51906001600160601b038216820361077957565b80910390610100821261077957604080519261196684611889565b60608112610779578151611979816118a4565b83516001600160701b038116810361077957815261199960208501611918565b60208201526119a9838501611926565b8382015284526060830151906001600160801b03821682036107795760609160208601526119d960808501611937565b85840152609f19011261077957611a1c60e08251936119f7856118a4565b611a0360a08201611918565b8552611a1160c08201611918565b602086015201611926565b90820152606082015290565b9190915f8382019384129112908015821691151617611a4357565b634e487b7160e01b5f52601160045260245ffd5b81810392915f138015828513169184121617611a4357565b916001600160a01b039182611a826120c9565b1693604051630e8ddced60e41b8152600492858316848301526101009182816024818b5afa928315610d99575f93611e70575b50508192602060606024940151519860405194858092632ea7797360e21b82528b86168a8301525afa928315610d99575f93611e3c575b50829682946001600160601b038411611e2b57806020611b1a876001600160701b03611b2795515116611a28565b91510151600d0b90611a57565b915f805160206125c3833981519152549261ffff8460801c16612710018061271011611e1857611b5a6127109183612154565b048511611b97575b5050505050611b8090611b7b835f9498600d0b90611a28565b611a57565b12611b885750565b604051631c0c9d2f60e31b8152fd5b6001600160a01b0382165f9081527fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d036020526040902094969394906001600160801b03611be68284549a611fa6565b16946001600160801b038916611c765750815467ffffffffffffffff60801b1986166001600160c01b03199091161760809690961b67ffffffffffffffff60801b169590951790555f9550611b809493611b7b93909290917f5ce3c0bc93bef43a8b4e760ce634c5df4bd04d4eda671536de93ca49ca45d0fa916020916040519485521692a25b9382935f611b62565b959096976001600160401b03808260801c168184160311611e055792611b7b9592825f9a98956001600160401b03611b809b989560401c166001600160401b03808360801c168185160316108c14611cd45750505050505050611c6d565b90919293949596611d02612710611cf261ffff8660801c1684612154565b046001600160801b038416611f99565b8711158c14611d5957505081546fffffffffffffffffffffffffffffffff19169091555060405192835216907f19968a85444d3af25bda0df604da7ee6ee8c803cb481843a9d154733757885cd90602090a2611c6d565b611ded92975081611de67f5ce3c0bc93bef43a8b4e760ce634c5df4bd04d4eda671536de93ca49ca45d0fa97956001600160401b03611da76001600160801b03958660209b9d981690611f99565b9b85611db581871689612167565b67ffffffffffffffff60801b1988198816929091169190911716911660801b67ffffffffffffffff60801b16179055565b1690612167565b936001600160801b03604051951685521692a2611c6d565b60118a634e487b7160e01b5f525260245ffd5b601189634e487b7160e01b5f525260245ffd5b604051630fb1776160e11b81528790fd5b9092506020813d602011611e68575b81611e58602093836118bf565b810103126107795751915f611aec565b3d9150611e4b565b602493509081611e8b92903d1061094a5761093b81836118bf565b915f611ab5565b51906001600160a01b038216820361077957565b611eff6040915f60608451611eba81611889565b8281528260208201528286820152015260018060a01b03165f527fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d0360205260405f2090565b546001600160801b038116918215611f5d576001600160401b03809260801c16825f805160206125c383398151915254831c16810191838311611a4357805194611f4886611889565b60018652602086015284015216606082015290565b805192505f9150611f6d83611889565b8183528160208401528201525f606082015290565b6001600160401b038111610d855760051b60200190565b91908201809211611a4357565b91908203918211611a4357565b5190811515820361077957565b519061ffff8216820361077957565b80916101409283910312610779576040519182018281106001600160401b03821117610d855760405261200181611e92565b825261200f60208201611937565b602083015261202060408201611937565b604083015261203160608201611fb3565b606083015261204260808201611fc0565b608083015261205360a08201611fc0565b60a083015261206460c08201611fc0565b60c083015261207560e08201611fc0565b60e0830152610100612088818301611fc0565b9083015261209a610120809201611fb3565b9082015290565b80518210156120b55760209160051b010190565b634e487b7160e01b5f52603260045260245ffd5b604051636dd6e80b60e01b81526001600160a01b03906020816004817f000000000000000000000000000000000000000000000000000000000000000086165afa908115610d99575f9161211c57501690565b90506020813d60201161214c575b81612137602093836118bf565b810103126107795761214890611e92565b1690565b3d915061212a565b81810292918115918404141715611a4357565b6001600160801b039182169082160391908211611a4357565b805f525f805160206125a383398151915260205260405f20335f5260205260ff60405f205416156121ae5750565b6044906040519063e2517d3f60e01b82523360048301526024820152fd5b60409061ffff7fafdc914270902c363eed3328fbc557a410f08ada299b6a23ee9261358535113d935f805160206125c383398151915280548360801b8360801b16906fffffffffffffffff000000000000000086881b169071ffffffffffffffffffff00000000000000001916171790556001600160401b03845193168352166020820152a1565b61225e82826123c1565b918261226957505090565b5f9182525f805160206125838339815191526020526040909120612296916001600160a01b0316906124bd565b5090565b6001600160a01b03165f8181527fb7db2dd08fcb62d0c9e08c51941cae53c267786a0b75803fb7960902fc8ef97d60205260409020545f805160206125a38339815191529060ff16612331575f805260205260405f20815f5260205260405f20600160ff1982541617905533905f7f2f8788117e7eff1d82e926ec794901d17c78024a50270940304540a733656f0d8180a4600190565b50505f90565b90815f525f805160206125a38339815191528060205260405f209160018060a01b031691825f5260205260ff60405f205416155f146123ba57825f5260205260405f20815f5260205260405f20600160ff1982541617905533917f2f8788117e7eff1d82e926ec794901d17c78024a50270940304540a733656f0d5f80a4600190565b5050505f90565b90815f525f805160206125a38339815191528060205260405f209160018060a01b031691825f5260205260ff60405f2054165f146123ba57825f5260205260405f20815f5260205260405f2060ff19815416905533917ff6391f5c32d9c69d2a47ea670b442974b53935d1edc7fd64eb21e047a839171b5f80a4600190565b80548210156120b5575f5260205f2001905f90565b6001810190825f528160205260405f2054155f146123ba57805468010000000000000000811015610d85576124aa612494826001879401855584612440565b819391549060031b91821b915f19901b19161790565b905554915f5260205260405f2055600190565b906001820191815f528260205260405f2054908115155f1461257a575f1991808301818111611a4357825490848201918211611a4357818103612545575b50505080548015612531578201916125138383612440565b909182549160031b1b19169055555f526020525f6040812055600190565b634e487b7160e01b5f52603160045260245ffd5b6125656125556124949386612440565b90549060031b1c92839286612440565b90555f528460205260405f20555f80806124fb565b505050505f9056fec1f6fe24621ce81ec5827caf0253cadb74709b061630e6b55e8237170593200002dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800e5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d02a26469706673582212209f2723d00a4e20bad3d62575b26f56c34e93be0daf674724c7236263c3bdabab64736f6c63430008190033000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea291980
Deployed Bytecode
0x6080806040526004361015610012575f80fd5b5f905f3560e01c90816301ffc9a7146117b057508063228aa8431461165d57806323fad2a31461162a578063248a9ca3146115f15780632f2ff15d1461157457806332a0e907146113c357806336568abe1461137c57806378c44e62146112c65780639010d07c1461127557806391d1485414611220578063a217fddf14611206578063a3246ad314611151578063a37c62c014610e47578063a64e320c14610dfb578063b3280f6a14610dc6578063c1df0c6414610b25578063c6290e3514610af2578063ca15c87314610abc578063d1b303c91461021c578063d547741f146101ce578063dbba4b4814610189578063f255126e146101585763f98fc06d1461011b575f80fd5b3461015557806003193601126101555760206040517f6890cb850d828035e46639138472d76ff8109e32a8c794a0c5ab8fa82e5763318152f35b80fd5b5034610155578060031936011261015557602061ffff5f805160206125c38339815191525460801c16604051908152f35b50346101555780600319360112610155576040517f000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea2919806001600160a01b03168152602090f35b5034610155576040366003190112610155576102186004356101ee611857565b908084525f805160206125a38339815191526020526102136001604086200154612180565b612254565b5080f35b5034610155576040366003190112610155576024356001600160a01b036102416120c9565b1690604051631112eee760e31b8152602081600481865afa908115610ab1578491610a7f575b5080600435115f14610a53575050815b61028081611f82565b9161028e60405193846118bf565b81835261029a82611f82565b601f1901845b8181106109e9575050835b82811061039e578385604051918291602083016020845282518091526020604085019301915b8181106102df575050500390f35b9193509160206101a06001928651848060a01b038151168252838101516001600160601b038091168584015260408201516040840152606080830151908401526080808301519084015260a0808301519084015260c09081830151169083015260e081015161ffff80911660e084015261010081818401511690840152610120818184015116908401526101408181840151169084015261016090818301511690830152610180809101511515908201520194019101918493926102d1565b6103aa81600435611f99565b90600182018092116109d557604051916335ee70db60e11b83526004830152602082602481865afa9182156109ca57869261098a575b5060405163280be2f560e01b81526001600160a01b03831660048201529161014083602481875afa92831561097f57879361095c575b50604051630e8ddced60e41b81526001600160a01b03821660048201529261010084602481885afa93841561095157889461091e575b50604081810151905163266bcf0560e11b8152946001600160601b03909116906001600160a01b03841680319190602090889060049082905afa968715610913578b976108da575b50604001516001600160601b0316956001600160a01b036104b36120c9565b604051632de0e07560e01b81526001600160a01b03881660048201529116908c602082602481865afa9182156107855781926108a4575b5060405163280be2f560e01b81526001600160a01b0389166004820152919261014090839060249082905afa80156107855761ffff9260809291610873575b500151166127108181031161085f576127109161054891830390612154565b604051631734070560e31b815291900497906020816004817f000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea2919806001600160a01b03165afa908115610811578d9161081c575b50604051630131592760e61b81526001600160a01b038881166004830152909160209183916024918391165afa908115610811578d916107df575b506040516323509a2d60e01b8152908d906020836004817f000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea2919806001600160a01b03165afa9283156107d4578293610792575b506040516240cd2760e21b8152600481019190915291602090839060249082906001600160a01b03165afa91821561078557819261073a575b50986106cd9796959493929160019a508082105f1461073357505b6001600160601b036020870151169061ffff6080880151169261ffff60a0890151169461ffff60c08a0151169661ffff60e08b01511698606061ffff6101008d0151169b015115159b6040519d8e61186d565b8f8060a01b03168d5260208d015260408c015260608b015260808a015260a089015260c088015260e087015261010086015261012085015261014084015261016083015261018082015261072182876120a1565b5261072c81866120a1565b50016102ab565b905061067a565b9796959493929150506020873d60201161077d575b8161075c602093836118bf565b8101031261077957955194959394929391929091908c600161065f565b5f80fd5b3d915061074f565b50604051903d90823e3d90fd5b9092506020813d6020116107cc575b816107ae602093836118bf565b810103126107c8576107c1602091611e92565b9290610626565b5080fd5b3d91506107a1565b6040513d84823e3d90fd5b90506020813d602011610809575b816107fa602093836118bf565b8101031261077957515f6105d5565b3d91506107ed565b6040513d8f823e3d90fd5b90506020813d602011610857575b81610837602093836118bf565b8101031261085357602061084c602492611e92565b915061059a565b8c80fd5b3d915061082a565b634e487b7160e01b8d52601160045260248dfd5b61089791506101403d6101401161089d575b61088f81836118bf565b810190611fcf565b5f610529565b503d610885565b9150506020813d6020116108d2575b816108c0602093836118bf565b8101031261077957518c6101406104ea565b3d91506108b3565b9096506020813d60201161090b575b816108f6602093836118bf565b810103126109075751956040610494565b8a80fd5b3d91506108e9565b6040513d8d823e3d90fd5b6109439194506101003d6101001161094a575b61093b81836118bf565b81019061194b565b925f61044c565b503d610931565b6040513d8a823e3d90fd5b6109789193506101403d6101401161089d5761088f81836118bf565b915f610416565b6040513d89823e3d90fd5b9091506020813d6020116109c2575b816109a6602093836118bf565b810103126109be576109b790611e92565b905f6103e0565b8580fd5b3d9150610999565b6040513d88823e3d90fd5b634e487b7160e01b86526011600452602486fd5b6020906040516109f88161186d565b87815287838201528760408201528760608201528760808201528760a08201528760c08201528760e08201528761010082015287610120820152876101408201528761016082015287610180820152828288010152016102a0565b80610a6083600435611f99565b1115610a7957610a74915060043590611fa6565b610277565b50610277565b90506020813d602011610aa9575b81610a9a602093836118bf565b8101031261077957515f610267565b3d9150610a8d565b6040513d86823e3d90fd5b503461015557602036600319011261015557604060209160043581525f8051602061258383398151915283522054604051908152f35b503461015557806003193601126101555760206001600160401b035f805160206125c38339815191525416604051908152f35b50346107795760c036600319011261077957610b3f611841565b906001600160401b0360a435116107795736602360a435011215610779576001600160401b0360a43560040135116107795736602460a4356004013560051b60a4350101116107795760405160018060a01b038316602082015260243560408201526044356060820152606435608082015260843560a082015260a081528060c08101106001600160401b0360c083011117610d855760c081016040528051602082012060e0820152602060c082015260c081016101008201106001600160401b0361010083011117610d8557610100810160405260e060c08201519101207fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d005491610c5060a43560040135611f82565b91610c5e60405193846118bf565b60a43560048101358452602401602084015b602460a4356004013560051b60a43501018210610db6575050935f945b8351861015610ccf57610ca086856120a1565b519081811015610cbe575f52602052600160405f205b950194610c8d565b905f52602052600160405f20610cb6565b8403610da457610ce160243582611a6f565b90916001600160a01b03610cf36120c9565b166001600160401b035f805160206125c3833981519152541691813b15610779575f60e49281956040519788968795630abf7f9d60e31b875260018060a01b03166004870152602486015260448501526064840152604435608484015260643560a484015260843560c48401525af18015610d9957610d70575080f35b90506001600160401b038111610d8557604052005b634e487b7160e01b5f52604160045260245ffd5b6040513d5f823e3d90fd5b6040516309bde33960e01b8152600490fd5b8135815260209182019101610c70565b34610779575f3660031901126107795760206001600160401b035f805160206125c38339815191525460401c16604051908152f35b34610779576020366003190112610779576080610e1e610e19611841565b611ea6565b606060405191805115158352602081015160208401526040810151604084015201516060820152f35b34610779576060366003190112610779576001600160401b03602435600435604435838111610779573660238201121561077957806004013593808511610d8557602090601f199560405193610ea48489601f85011601866118bf565b818552366024838301011161077957815f9260248693018388013785010152604051635a2031f960e01b81526001600160a01b039083816004817f000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea29198086165afa908115610d99575f9161111c575b5016330361110a575f805160206125c38339815191528185166001600160401b0319825416179055847fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d00558251908111610d85577fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d0190610f9182546118e0565b601f81116110a9575b508296601f821160011461100c5750807fad3158720d6ee6f66befe2e3f399fdfbc682d6746c570fa8d53d76de203ceed89596975f91611001575b508160011b915f199060031b1c19161790555b610ffc60405192828493845283019061181d565b0390a3005b905084015188610fd5565b811696825f527f46d8a17685fc9309ccb5cf9a7c967d84e1e26e8908e22845a45e99569a45569d975f5b81811061109257509782916001937fad3158720d6ee6f66befe2e3f399fdfbc682d6746c570fa8d53d76de203ceed898999a1061107a575b5050811b019055610fe8565b8601515f1960f88460031b161c19169055888061106e565b868301518a55600190990198918501918501611036565b825f527f46d8a17685fc9309ccb5cf9a7c967d84e1e26e8908e22845a45e99569a45569d601f830160051c810191858410611100575b601f0160051c01905b8181106110f55750610f9a565b5f81556001016110e8565b90915081906110df565b60405163ea8e4eb560e01b8152600490fd5b90508381813d831161114a575b61113381836118bf565b810103126107795761114490611e92565b88610f11565b503d611129565b3461077957602080600319360112610779576004355f525f80516020612583833981519152815260405f20604051908183825491828152019081925f52845f20905f5b868282106111f25786866111aa828803836118bf565b60405192839281840190828552518091526040840192915f5b8281106111d257505050500390f35b83516001600160a01b0316855286955093810193928101926001016111c3565b835485529093019260019283019201611194565b34610779575f3660031901126107795760206040515f8152f35b3461077957604036600319011261077957611239611857565b6004355f525f805160206125a383398151915260205260405f209060018060a01b03165f52602052602060ff60405f2054166040519015158152f35b34610779576040366003190112610779576004355f525f8051602061258383398151915260205260206112ad60243560405f20612440565b905460405160039290921b1c6001600160a01b03168152f35b34610779576040366003190112610779576004356001600160401b03811681036107795760243561ffff8116810361077957335f9081527f123a78dffc32297b393b04b2161fac9ffe1dae62d24044ba2c8b0bcd45c7de8060205260409020547f6890cb850d828035e46639138472d76ff8109e32a8c794a0c5ab8fa82e576331929060ff161561135d5761135b92506121cc565b005b60405163e2517d3f60e01b815233600482015260248101849052604490fd5b3461077957604036600319011261077957611395611857565b336001600160a01b038216036113b15761135b90600435612254565b60405163334bd91960e11b8152600490fd5b34610779576060366003190112610779576113dc611841565b602435906001600160401b039081831683036107795760443561ffff81168103610779577ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a0093845460ff8160401c16159481168015908161156c575b6001149081611562575b159081611559575b506115475767ffffffffffffffff198116600117865584611528575b506001600160a01b03831680156115165761148361148e9461229a565b6114d1575b506121cc565b61149457005b68ff00000000000000001981541690557fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2602060405160018152a1005b5f80525f8051602061258383398151915260205261150f907f615f0f9e84155bea8cc509fe18befeb1baf65611e38a6ba60964480fb29dfd44612455565b5085611488565b604051636b35b1b760e01b8152600490fd5b68ffffffffffffffffff19166801000000000000000117855585611466565b60405163f92ee8a960e01b8152600490fd5b9050158761144a565b303b159150611442565b869150611438565b3461077957604036600319011261077957600435611590611857565b815f525f805160206125a38339815191526020526115b4600160405f200154612180565b6115be8183612337565b6115c457005b5f9182525f80516020612583833981519152602052604090912061135b916001600160a01b031690612455565b34610779576020366003190112610779576004355f525f805160206125a38339815191526020526020600160405f200154604051908152f35b34610779576040366003190112610779576040611651611648611841565b60243590611a6f565b82519182526020820152f35b34610779575f366003190112610779576001600160401b035f805160206125c383398151915254167fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d005490604051905f917fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d01938454946116dc866118e0565b9081845260209687916001916001811690815f1461178d5750600114611731575b505050506117118261172d949503836118bf565b604051948594855284015260606040840152606083019061181d565b0390f35b90929196505f527f46d8a17685fc9309ccb5cf9a7c967d84e1e26e8908e22845a45e99569a45569d915f925b82841061177a575050508201909301926117118561172d846116fd565b805486850189015292870192810161175d565b60ff19168488015250505090151560051b83010193506117118561172d846116fd565b34610779576020366003190112610779576004359063ffffffff60e01b821680920361077957602091635a05180f60e01b81149081156117f2575b5015158152f35b637965db0b60e01b81149150811561180c575b50836117eb565b6301ffc9a760e01b14905083611805565b805180835260209291819084018484015e5f828201840152601f01601f1916010190565b600435906001600160a01b038216820361077957565b602435906001600160a01b038216820361077957565b6101a081019081106001600160401b03821117610d8557604052565b608081019081106001600160401b03821117610d8557604052565b606081019081106001600160401b03821117610d8557604052565b90601f801991011681019081106001600160401b03821117610d8557604052565b90600182811c9216801561190e575b60208310146118fa57565b634e487b7160e01b5f52602260045260245ffd5b91607f16916118ef565b519081600d0b820361077957565b519063ffffffff8216820361077957565b51906001600160601b038216820361077957565b80910390610100821261077957604080519261196684611889565b60608112610779578151611979816118a4565b83516001600160701b038116810361077957815261199960208501611918565b60208201526119a9838501611926565b8382015284526060830151906001600160801b03821682036107795760609160208601526119d960808501611937565b85840152609f19011261077957611a1c60e08251936119f7856118a4565b611a0360a08201611918565b8552611a1160c08201611918565b602086015201611926565b90820152606082015290565b9190915f8382019384129112908015821691151617611a4357565b634e487b7160e01b5f52601160045260245ffd5b81810392915f138015828513169184121617611a4357565b916001600160a01b039182611a826120c9565b1693604051630e8ddced60e41b8152600492858316848301526101009182816024818b5afa928315610d99575f93611e70575b50508192602060606024940151519860405194858092632ea7797360e21b82528b86168a8301525afa928315610d99575f93611e3c575b50829682946001600160601b038411611e2b57806020611b1a876001600160701b03611b2795515116611a28565b91510151600d0b90611a57565b915f805160206125c3833981519152549261ffff8460801c16612710018061271011611e1857611b5a6127109183612154565b048511611b97575b5050505050611b8090611b7b835f9498600d0b90611a28565b611a57565b12611b885750565b604051631c0c9d2f60e31b8152fd5b6001600160a01b0382165f9081527fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d036020526040902094969394906001600160801b03611be68284549a611fa6565b16946001600160801b038916611c765750815467ffffffffffffffff60801b1986166001600160c01b03199091161760809690961b67ffffffffffffffff60801b169590951790555f9550611b809493611b7b93909290917f5ce3c0bc93bef43a8b4e760ce634c5df4bd04d4eda671536de93ca49ca45d0fa916020916040519485521692a25b9382935f611b62565b959096976001600160401b03808260801c168184160311611e055792611b7b9592825f9a98956001600160401b03611b809b989560401c166001600160401b03808360801c168185160316108c14611cd45750505050505050611c6d565b90919293949596611d02612710611cf261ffff8660801c1684612154565b046001600160801b038416611f99565b8711158c14611d5957505081546fffffffffffffffffffffffffffffffff19169091555060405192835216907f19968a85444d3af25bda0df604da7ee6ee8c803cb481843a9d154733757885cd90602090a2611c6d565b611ded92975081611de67f5ce3c0bc93bef43a8b4e760ce634c5df4bd04d4eda671536de93ca49ca45d0fa97956001600160401b03611da76001600160801b03958660209b9d981690611f99565b9b85611db581871689612167565b67ffffffffffffffff60801b1988198816929091169190911716911660801b67ffffffffffffffff60801b16179055565b1690612167565b936001600160801b03604051951685521692a2611c6d565b60118a634e487b7160e01b5f525260245ffd5b601189634e487b7160e01b5f525260245ffd5b604051630fb1776160e11b81528790fd5b9092506020813d602011611e68575b81611e58602093836118bf565b810103126107795751915f611aec565b3d9150611e4b565b602493509081611e8b92903d1061094a5761093b81836118bf565b915f611ab5565b51906001600160a01b038216820361077957565b611eff6040915f60608451611eba81611889565b8281528260208201528286820152015260018060a01b03165f527fe5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d0360205260405f2090565b546001600160801b038116918215611f5d576001600160401b03809260801c16825f805160206125c383398151915254831c16810191838311611a4357805194611f4886611889565b60018652602086015284015216606082015290565b805192505f9150611f6d83611889565b8183528160208401528201525f606082015290565b6001600160401b038111610d855760051b60200190565b91908201809211611a4357565b91908203918211611a4357565b5190811515820361077957565b519061ffff8216820361077957565b80916101409283910312610779576040519182018281106001600160401b03821117610d855760405261200181611e92565b825261200f60208201611937565b602083015261202060408201611937565b604083015261203160608201611fb3565b606083015261204260808201611fc0565b608083015261205360a08201611fc0565b60a083015261206460c08201611fc0565b60c083015261207560e08201611fc0565b60e0830152610100612088818301611fc0565b9083015261209a610120809201611fb3565b9082015290565b80518210156120b55760209160051b010190565b634e487b7160e01b5f52603260045260245ffd5b604051636dd6e80b60e01b81526001600160a01b03906020816004817f000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea29198086165afa908115610d99575f9161211c57501690565b90506020813d60201161214c575b81612137602093836118bf565b810103126107795761214890611e92565b1690565b3d915061212a565b81810292918115918404141715611a4357565b6001600160801b039182169082160391908211611a4357565b805f525f805160206125a383398151915260205260405f20335f5260205260ff60405f205416156121ae5750565b6044906040519063e2517d3f60e01b82523360048301526024820152fd5b60409061ffff7fafdc914270902c363eed3328fbc557a410f08ada299b6a23ee9261358535113d935f805160206125c383398151915280548360801b8360801b16906fffffffffffffffff000000000000000086881b169071ffffffffffffffffffff00000000000000001916171790556001600160401b03845193168352166020820152a1565b61225e82826123c1565b918261226957505090565b5f9182525f805160206125838339815191526020526040909120612296916001600160a01b0316906124bd565b5090565b6001600160a01b03165f8181527fb7db2dd08fcb62d0c9e08c51941cae53c267786a0b75803fb7960902fc8ef97d60205260409020545f805160206125a38339815191529060ff16612331575f805260205260405f20815f5260205260405f20600160ff1982541617905533905f7f2f8788117e7eff1d82e926ec794901d17c78024a50270940304540a733656f0d8180a4600190565b50505f90565b90815f525f805160206125a38339815191528060205260405f209160018060a01b031691825f5260205260ff60405f205416155f146123ba57825f5260205260405f20815f5260205260405f20600160ff1982541617905533917f2f8788117e7eff1d82e926ec794901d17c78024a50270940304540a733656f0d5f80a4600190565b5050505f90565b90815f525f805160206125a38339815191528060205260405f209160018060a01b031691825f5260205260ff60405f2054165f146123ba57825f5260205260405f20815f5260205260405f2060ff19815416905533917ff6391f5c32d9c69d2a47ea670b442974b53935d1edc7fd64eb21e047a839171b5f80a4600190565b80548210156120b5575f5260205f2001905f90565b6001810190825f528160205260405f2054155f146123ba57805468010000000000000000811015610d85576124aa612494826001879401855584612440565b819391549060031b91821b915f19901b19161790565b905554915f5260205260405f2055600190565b906001820191815f528260205260405f2054908115155f1461257a575f1991808301818111611a4357825490848201918211611a4357818103612545575b50505080548015612531578201916125138383612440565b909182549160031b1b19169055555f526020525f6040812055600190565b634e487b7160e01b5f52603160045260245ffd5b6125656125556124949386612440565b90549060031b1c92839286612440565b90555f528460205260405f20555f80806124fb565b505050505f9056fec1f6fe24621ce81ec5827caf0253cadb74709b061630e6b55e8237170593200002dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800e5459f2b48ec5df2407caac4ec464a5cb0f7f31a1f22f649728a9579b25c1d02a26469706673582212209f2723d00a4e20bad3d62575b26f56c34e93be0daf674724c7236263c3bdabab64736f6c63430008190033
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea291980
-----Decoded View---------------
Arg [0] : _lidoLocator (address): 0xD7c1B80fA86965B48cCA3aDcCB08E1DAEa291980
-----Encoded View---------------
1 Constructor Arguments found :
Arg [0] : 000000000000000000000000d7c1b80fa86965b48cca3adccb08e1daea291980
Loading...
Loading
0xf8886BEB7DA44Ba43bc1bA2AD8216a1901BcEeA6
Loading...
Loading
Loading...
Loading
[ Download: CSV Export ]
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.