xdai update

contracts/CrossChainUpgradeableProxy.sol

@@ -3,17 +3,21 @@ pragma solidity ^0.7.0;
 
 import "@openzeppelin/contracts/contracts/proxy/TransparentUpgradeableProxy.sol";
 
-// https://github.com/ethereum-optimism/optimism/blob/c7bc85deee999b8edfbe187b302d0ea262638ca9/packages/contracts/contracts/optimistic-ethereum/iOVM/bridge/messaging/iOVM_CrossDomainMessenger.sol
+// https://docs.tokenbridge.net/amb-bridge/development-of-a-cross-chain-application/how-to-develop-xchain-apps-by-amb#call-a-method-in-another-chain-using-the-amb-bridge
-interface iOVM_CrossDomainMessenger {
+
-  function xDomainMessageSender() external view returns (address);
+interface IAMB {
+  function messageSender() external view returns (address);
+}
+
+interface IOmniBridge {
+  function bridgeContract() external view returns (IAMB);
 }
 
 /**
  * @dev TransparentUpgradeableProxy where admin acts from a different chain.
  */
 contract CrossChainUpgradeableProxy is TransparentUpgradeableProxy {
-  // https://github.com/ethereum-optimism/optimism/blob/develop/packages/contracts/deployments/README.md
+  IOmniBridge public immutable omniBridge;
-  iOVM_CrossDomainMessenger public immutable messenger;
 
   /**
    * @dev Initializes an upgradeable proxy backed by the implementation at `_logic`.
@@ -22,16 +26,16 @@ contract CrossChainUpgradeableProxy is TransparentUpgradeableProxy {
     address _logic,
     address _admin,
     bytes memory _data,
-    iOVM_CrossDomainMessenger _messenger
+    IOmniBridge _omniBridge
   ) TransparentUpgradeableProxy(_logic, _admin, _data) {
-    messenger = _messenger;
+    omniBridge = _omniBridge;
   }
 
   /**
    * @dev Modifier used internally that will delegate the call to the implementation unless the sender is the cross chain admin.
    */
   modifier ifAdmin() override {
-    if (msg.sender == address(messenger) && messenger.xDomainMessageSender() == _admin()) {
+    if (msg.sender == address(omniBridge) && omniBridge.bridgeContract().messageSender() == _admin()) {
       _;
     } else {
       _fallback();

contracts/Mocks/ERC677.sol

@@ -0,0 +1,856 @@
+// File: openzeppelin-solidity/contracts/token/ERC20/ERC20Basic.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title ERC20Basic
+ * @dev Simpler version of ERC20 interface
+ * See https://github.com/ethereum/EIPs/issues/179
+ */
+contract ERC20Basic {
+  function totalSupply() public view returns (uint256);
+
+  function balanceOf(address _who) public view returns (uint256);
+
+  function transfer(address _to, uint256 _value) public returns (bool);
+
+  event Transfer(address indexed from, address indexed to, uint256 value);
+}
+
+// File: openzeppelin-solidity/contracts/math/SafeMath.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title SafeMath
+ * @dev Math operations with safety checks that throw on error
+ */
+library SafeMath {
+  /**
+   * @dev Multiplies two numbers, throws on overflow.
+   */
+  function mul(uint256 _a, uint256 _b) internal pure returns (uint256 c) {
+    // Gas optimization: this is cheaper than asserting 'a' not being zero, but the
+    // benefit is lost if 'b' is also tested.
+    // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
+    if (_a == 0) {
+      return 0;
+    }
+
+    c = _a * _b;
+    assert(c / _a == _b);
+    return c;
+  }
+
+  /**
+   * @dev Integer division of two numbers, truncating the quotient.
+   */
+  function div(uint256 _a, uint256 _b) internal pure returns (uint256) {
+    // assert(_b > 0); // Solidity automatically throws when dividing by 0
+    // uint256 c = _a / _b;
+    // assert(_a == _b * c + _a % _b); // There is no case in which this doesn't hold
+    return _a / _b;
+  }
+
+  /**
+   * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
+   */
+  function sub(uint256 _a, uint256 _b) internal pure returns (uint256) {
+    assert(_b <= _a);
+    return _a - _b;
+  }
+
+  /**
+   * @dev Adds two numbers, throws on overflow.
+   */
+  function add(uint256 _a, uint256 _b) internal pure returns (uint256 c) {
+    c = _a + _b;
+    assert(c >= _a);
+    return c;
+  }
+}
+
+// File: openzeppelin-solidity/contracts/token/ERC20/BasicToken.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title Basic token
+ * @dev Basic version of StandardToken, with no allowances.
+ */
+contract BasicToken is ERC20Basic {
+  using SafeMath for uint256;
+
+  mapping(address => uint256) internal balances;
+
+  uint256 internal totalSupply_;
+
+  /**
+   * @dev Total number of tokens in existence
+   */
+  function totalSupply() public view returns (uint256) {
+    return totalSupply_;
+  }
+
+  /**
+   * @dev Transfer token for a specified address
+   * @param _to The address to transfer to.
+   * @param _value The amount to be transferred.
+   */
+  function transfer(address _to, uint256 _value) public returns (bool) {
+    require(_value <= balances[msg.sender]);
+    require(_to != address(0));
+
+    balances[msg.sender] = balances[msg.sender].sub(_value);
+    balances[_to] = balances[_to].add(_value);
+    emit Transfer(msg.sender, _to, _value);
+    return true;
+  }
+
+  /**
+   * @dev Gets the balance of the specified address.
+   * @param _owner The address to query the the balance of.
+   * @return An uint256 representing the amount owned by the passed address.
+   */
+  function balanceOf(address _owner) public view returns (uint256) {
+    return balances[_owner];
+  }
+}
+
+// File: openzeppelin-solidity/contracts/token/ERC20/BurnableToken.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title Burnable Token
+ * @dev Token that can be irreversibly burned (destroyed).
+ */
+contract BurnableToken is BasicToken {
+  event Burn(address indexed burner, uint256 value);
+
+  /**
+   * @dev Burns a specific amount of tokens.
+   * @param _value The amount of token to be burned.
+   */
+  function burn(uint256 _value) public {
+    _burn(msg.sender, _value);
+  }
+
+  function _burn(address _who, uint256 _value) internal {
+    require(_value <= balances[_who]);
+    // no need to require value <= totalSupply, since that would imply the
+    // sender's balance is greater than the totalSupply, which *should* be an assertion failure
+
+    balances[_who] = balances[_who].sub(_value);
+    totalSupply_ = totalSupply_.sub(_value);
+    emit Burn(_who, _value);
+    emit Transfer(_who, address(0), _value);
+  }
+}
+
+// File: openzeppelin-solidity/contracts/token/ERC20/ERC20.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title ERC20 interface
+ * @dev see https://github.com/ethereum/EIPs/issues/20
+ */
+contract ERC20 is ERC20Basic {
+  function allowance(address _owner, address _spender) public view returns (uint256);
+
+  function transferFrom(
+    address _from,
+    address _to,
+    uint256 _value
+  ) public returns (bool);
+
+  function approve(address _spender, uint256 _value) public returns (bool);
+
+  event Approval(address indexed owner, address indexed spender, uint256 value);
+}
+
+// File: openzeppelin-solidity/contracts/token/ERC20/StandardToken.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title Standard ERC20 token
+ *
+ * @dev Implementation of the basic standard token.
+ * https://github.com/ethereum/EIPs/issues/20
+ * Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
+ */
+contract StandardToken is ERC20, BasicToken {
+  mapping(address => mapping(address => uint256)) internal allowed;
+
+  /**
+   * @dev Transfer tokens from one address to another
+   * @param _from address The address which you want to send tokens from
+   * @param _to address The address which you want to transfer to
+   * @param _value uint256 the amount of tokens to be transferred
+   */
+  function transferFrom(
+    address _from,
+    address _to,
+    uint256 _value
+  ) public returns (bool) {
+    require(_value <= balances[_from]);
+    require(_value <= allowed[_from][msg.sender]);
+    require(_to != address(0));
+
+    balances[_from] = balances[_from].sub(_value);
+    balances[_to] = balances[_to].add(_value);
+    allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
+    emit Transfer(_from, _to, _value);
+    return true;
+  }
+
+  /**
+   * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
+   * Beware that changing an allowance with this method brings the risk that someone may use both the old
+   * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
+   * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
+   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
+   * @param _spender The address which will spend the funds.
+   * @param _value The amount of tokens to be spent.
+   */
+  function approve(address _spender, uint256 _value) public returns (bool) {
+    allowed[msg.sender][_spender] = _value;
+    emit Approval(msg.sender, _spender, _value);
+    return true;
+  }
+
+  /**
+   * @dev Function to check the amount of tokens that an owner allowed to a spender.
+   * @param _owner address The address which owns the funds.
+   * @param _spender address The address which will spend the funds.
+   * @return A uint256 specifying the amount of tokens still available for the spender.
+   */
+  function allowance(address _owner, address _spender) public view returns (uint256) {
+    return allowed[_owner][_spender];
+  }
+
+  /**
+   * @dev Increase the amount of tokens that an owner allowed to a spender.
+   * approve should be called when allowed[_spender] == 0. To increment
+   * allowed value is better to use this function to avoid 2 calls (and wait until
+   * the first transaction is mined)
+   * From MonolithDAO Token.sol
+   * @param _spender The address which will spend the funds.
+   * @param _addedValue The amount of tokens to increase the allowance by.
+   */
+  function increaseApproval(address _spender, uint256 _addedValue) public returns (bool) {
+    allowed[msg.sender][_spender] = (allowed[msg.sender][_spender].add(_addedValue));
+    emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
+    return true;
+  }
+
+  /**
+   * @dev Decrease the amount of tokens that an owner allowed to a spender.
+   * approve should be called when allowed[_spender] == 0. To decrement
+   * allowed value is better to use this function to avoid 2 calls (and wait until
+   * the first transaction is mined)
+   * From MonolithDAO Token.sol
+   * @param _spender The address which will spend the funds.
+   * @param _subtractedValue The amount of tokens to decrease the allowance by.
+   */
+  function decreaseApproval(address _spender, uint256 _subtractedValue) public returns (bool) {
+    uint256 oldValue = allowed[msg.sender][_spender];
+    if (_subtractedValue >= oldValue) {
+      allowed[msg.sender][_spender] = 0;
+    } else {
+      allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);
+    }
+    emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
+    return true;
+  }
+}
+
+// File: openzeppelin-solidity/contracts/ownership/Ownable.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title Ownable
+ * @dev The Ownable contract has an owner address, and provides basic authorization control
+ * functions, this simplifies the implementation of "user permissions".
+ */
+contract Ownable {
+  address public owner;
+
+  event OwnershipRenounced(address indexed previousOwner);
+  event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
+
+  /**
+   * @dev The Ownable constructor sets the original `owner` of the contract to the sender
+   * account.
+   */
+  constructor() public {
+    owner = msg.sender;
+  }
+
+  /**
+   * @dev Throws if called by any account other than the owner.
+   */
+  modifier onlyOwner() {
+    require(msg.sender == owner);
+    _;
+  }
+
+  /**
+   * @dev Allows the current owner to relinquish control of the contract.
+   * @notice Renouncing to ownership will leave the contract without an owner.
+   * It will not be possible to call the functions with the `onlyOwner`
+   * modifier anymore.
+   */
+  function renounceOwnership() public onlyOwner {
+    emit OwnershipRenounced(owner);
+    owner = address(0);
+  }
+
+  /**
+   * @dev Allows the current owner to transfer control of the contract to a newOwner.
+   * @param _newOwner The address to transfer ownership to.
+   */
+  function transferOwnership(address _newOwner) public onlyOwner {
+    _transferOwnership(_newOwner);
+  }
+
+  /**
+   * @dev Transfers control of the contract to a newOwner.
+   * @param _newOwner The address to transfer ownership to.
+   */
+  function _transferOwnership(address _newOwner) internal {
+    require(_newOwner != address(0));
+    emit OwnershipTransferred(owner, _newOwner);
+    owner = _newOwner;
+  }
+}
+
+// File: openzeppelin-solidity/contracts/token/ERC20/MintableToken.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title Mintable token
+ * @dev Simple ERC20 Token example, with mintable token creation
+ * Based on code by TokenMarketNet: https://github.com/TokenMarketNet/ico/blob/master/contracts/MintableToken.sol
+ */
+contract MintableToken is StandardToken, Ownable {
+  event Mint(address indexed to, uint256 amount);
+  event MintFinished();
+
+  bool public mintingFinished = false;
+
+  modifier canMint() {
+    require(!mintingFinished);
+    _;
+  }
+
+  modifier hasMintPermission() {
+    require(msg.sender == owner);
+    _;
+  }
+
+  /**
+   * @dev Function to mint tokens
+   * @param _to The address that will receive the minted tokens.
+   * @param _amount The amount of tokens to mint.
+   * @return A boolean that indicates if the operation was successful.
+   */
+  function mint(address _to, uint256 _amount) public hasMintPermission canMint returns (bool) {
+    totalSupply_ = totalSupply_.add(_amount);
+    balances[_to] = balances[_to].add(_amount);
+    emit Mint(_to, _amount);
+    emit Transfer(address(0), _to, _amount);
+    return true;
+  }
+
+  /**
+   * @dev Function to stop minting new tokens.
+   * @return True if the operation was successful.
+   */
+  function finishMinting() public onlyOwner canMint returns (bool) {
+    mintingFinished = true;
+    emit MintFinished();
+    return true;
+  }
+}
+
+// File: openzeppelin-solidity/contracts/token/ERC20/DetailedERC20.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * @title DetailedERC20 token
+ * @dev The decimals are only for visualization purposes.
+ * All the operations are done using the smallest and indivisible token unit,
+ * just as on Ethereum all the operations are done in wei.
+ */
+contract DetailedERC20 is ERC20 {
+  string public name;
+  string public symbol;
+  uint8 public decimals;
+
+  constructor(
+    string _name,
+    string _symbol,
+    uint8 _decimals
+  ) public {
+    name = _name;
+    symbol = _symbol;
+    decimals = _decimals;
+  }
+}
+
+// File: openzeppelin-solidity/contracts/AddressUtils.sol
+
+pragma solidity ^0.4.24;
+
+/**
+ * Utility library of inline functions on addresses
+ */
+library AddressUtils {
+  /**
+   * Returns whether the target address is a contract
+   * @dev This function will return false if invoked during the constructor of a contract,
+   * as the code is not actually created until after the constructor finishes.
+   * @param _addr address to check
+   * @return whether the target address is a contract
+   */
+  function isContract(address _addr) internal view returns (bool) {
+    uint256 size;
+    // XXX Currently there is no better way to check if there is a contract in an address
+    // than to check the size of the code at that address.
+    // See https://ethereum.stackexchange.com/a/14016/36603
+    // for more details about how this works.
+    // TODO Check this again before the Serenity release, because all addresses will be
+    // contracts then.
+    // solium-disable-next-line security/no-inline-assembly
+    assembly {
+      size := extcodesize(_addr)
+    }
+    return size > 0;
+  }
+}
+
+// File: contracts/interfaces/ERC677.sol
+
+pragma solidity 0.4.24;
+
+contract ERC677 is ERC20 {
+  event Transfer(address indexed from, address indexed to, uint256 value, bytes data);
+
+  function transferAndCall(
+    address,
+    uint256,
+    bytes
+  ) external returns (bool);
+
+  function increaseAllowance(address spender, uint256 addedValue) public returns (bool);
+
+  function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool);
+}
+
+// File: contracts/interfaces/IBurnableMintableERC677Token.sol
+
+pragma solidity 0.4.24;
+
+contract IBurnableMintableERC677Token is ERC677 {
+  function mint(address _to, uint256 _amount) public returns (bool);
+
+  function burn(uint256 _value) public;
+
+  function claimTokens(address _token, address _to) public;
+}
+
+// File: contracts/upgradeable_contracts/Sacrifice.sol
+
+pragma solidity 0.4.24;
+
+contract Sacrifice {
+  constructor(address _recipient) public payable {
+    selfdestruct(_recipient);
+  }
+}
+
+// File: contracts/libraries/Address.sol
+
+pragma solidity 0.4.24;
+
+/**
+ * @title Address
+ * @dev Helper methods for Address type.
+ */
+library Address {
+  /**
+   * @dev Try to send native tokens to the address. If it fails, it will force the transfer by creating a selfdestruct contract
+   * @param _receiver address that will receive the native tokens
+   * @param _value the amount of native tokens to send
+   */
+  function safeSendValue(address _receiver, uint256 _value) internal {
+    if (!_receiver.send(_value)) {
+      (new Sacrifice).value(_value)(_receiver);
+    }
+  }
+}
+
+// File: contracts/upgradeable_contracts/Claimable.sol
+
+pragma solidity 0.4.24;
+
+contract Claimable {
+  bytes4 internal constant TRANSFER = 0xa9059cbb; // transfer(address,uint256)
+
+  modifier validAddress(address _to) {
+    require(_to != address(0));
+    /* solcov ignore next */
+    _;
+  }
+
+  function claimValues(address _token, address _to) internal {
+    if (_token == address(0)) {
+      claimNativeCoins(_to);
+    } else {
+      claimErc20Tokens(_token, _to);
+    }
+  }
+
+  function claimNativeCoins(address _to) internal {
+    uint256 value = address(this).balance;
+    Address.safeSendValue(_to, value);
+  }
+
+  function claimErc20Tokens(address _token, address _to) internal {
+    ERC20Basic token = ERC20Basic(_token);
+    uint256 balance = token.balanceOf(this);
+    safeTransfer(_token, _to, balance);
+  }
+
+  function safeTransfer(
+    address _token,
+    address _to,
+    uint256 _value
+  ) internal {
+    bytes memory returnData;
+    bool returnDataResult;
+    bytes memory callData = abi.encodeWithSelector(TRANSFER, _to, _value);
+    assembly {
+      let result := call(gas, _token, 0x0, add(callData, 0x20), mload(callData), 0, 32)
+      returnData := mload(0)
+      returnDataResult := mload(0)
+
+      switch result
+      case 0 {
+        revert(0, 0)
+      }
+    }
+
+    // Return data is optional
+    if (returnData.length > 0) {
+      require(returnDataResult);
+    }
+  }
+}
+
+// File: contracts/ERC677BridgeToken.sol
+
+pragma solidity 0.4.24;
+
+/**
+ * @title ERC677BridgeToken
+ * @dev The basic implementation of a bridgeable ERC677-compatible token
+ */
+contract ERC677BridgeToken is IBurnableMintableERC677Token, DetailedERC20, BurnableToken, MintableToken, Claimable {
+  bytes4 internal constant ON_TOKEN_TRANSFER = 0xa4c0ed36; // onTokenTransfer(address,uint256,bytes)
+
+  address internal bridgeContractAddr;
+
+  event ContractFallbackCallFailed(address from, address to, uint256 value);
+
+  constructor(
+    string _name,
+    string _symbol,
+    uint8 _decimals
+  ) public DetailedERC20(_name, _symbol, _decimals) {
+    // solhint-disable-previous-line no-empty-blocks
+  }
+
+  function bridgeContract() external view returns (address) {
+    return bridgeContractAddr;
+  }
+
+  function setBridgeContract(address _bridgeContract) external onlyOwner {
+    require(AddressUtils.isContract(_bridgeContract));
+    bridgeContractAddr = _bridgeContract;
+  }
+
+  modifier validRecipient(address _recipient) {
+    require(_recipient != address(0) && _recipient != address(this));
+    /* solcov ignore next */
+    _;
+  }
+
+  function transferAndCall(
+    address _to,
+    uint256 _value,
+    bytes _data
+  ) external validRecipient(_to) returns (bool) {
+    require(superTransfer(_to, _value));
+    emit Transfer(msg.sender, _to, _value, _data);
+
+    if (AddressUtils.isContract(_to)) {
+      require(contractFallback(msg.sender, _to, _value, _data));
+    }
+    return true;
+  }
+
+  function getTokenInterfacesVersion()
+    external
+    pure
+    returns (
+      uint64 major,
+      uint64 minor,
+      uint64 patch
+    )
+  {
+    return (2, 2, 0);
+  }
+
+  function superTransfer(address _to, uint256 _value) internal returns (bool) {
+    return super.transfer(_to, _value);
+  }
+
+  function transfer(address _to, uint256 _value) public returns (bool) {
+    require(superTransfer(_to, _value));
+    callAfterTransfer(msg.sender, _to, _value);
+    return true;
+  }
+
+  function transferFrom(
+    address _from,
+    address _to,
+    uint256 _value
+  ) public returns (bool) {
+    require(super.transferFrom(_from, _to, _value));
+    callAfterTransfer(_from, _to, _value);
+    return true;
+  }
+
+  function callAfterTransfer(
+    address _from,
+    address _to,
+    uint256 _value
+  ) internal {
+    if (AddressUtils.isContract(_to) && !contractFallback(_from, _to, _value, new bytes(0))) {
+      require(!isBridge(_to));
+      emit ContractFallbackCallFailed(_from, _to, _value);
+    }
+  }
+
+  function isBridge(address _address) public view returns (bool) {
+    return _address == bridgeContractAddr;
+  }
+
+  /**
+   * @dev call onTokenTransfer fallback on the token recipient contract
+   * @param _from tokens sender
+   * @param _to tokens recipient
+   * @param _value amount of tokens that was sent
+   * @param _data set of extra bytes that can be passed to the recipient
+   */
+  function contractFallback(
+    address _from,
+    address _to,
+    uint256 _value,
+    bytes _data
+  ) private returns (bool) {
+    return _to.call(abi.encodeWithSelector(ON_TOKEN_TRANSFER, _from, _value, _data));
+  }
+
+  function finishMinting() public returns (bool) {
+    revert();
+  }
+
+  function renounceOwnership() public onlyOwner {
+    revert();
+  }
+
+  function claimTokens(address _token, address _to) public onlyOwner validAddress(_to) {
+    claimValues(_token, _to);
+  }
+
+  function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {
+    return super.increaseApproval(spender, addedValue);
+  }
+
+  function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {
+    return super.decreaseApproval(spender, subtractedValue);
+  }
+}
+
+// File: contracts/PermittableToken.sol
+
+pragma solidity 0.4.24;
+
+contract PermittableToken is ERC677BridgeToken {
+  string public constant version = "1";
+
+  // EIP712 niceties
+  bytes32 public DOMAIN_SEPARATOR;
+  // bytes32 public constant PERMIT_TYPEHASH = keccak256("Permit(address holder,address spender,uint256 nonce,uint256 expiry,bool allowed)");
+  bytes32 public constant PERMIT_TYPEHASH = 0xea2aa0a1be11a07ed86d755c93467f4f82362b452371d1ba94d1715123511acb;
+
+  mapping(address => uint256) public nonces;
+  mapping(address => mapping(address => uint256)) public expirations;
+
+  constructor(
+    string memory _name,
+    string memory _symbol,
+    uint8 _decimals,
+    uint256 _chainId
+  ) public ERC677BridgeToken(_name, _symbol, _decimals) {
+    require(_chainId != 0);
+    DOMAIN_SEPARATOR = keccak256(
+      abi.encode(
+        keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
+        keccak256(bytes(_name)),
+        keccak256(bytes(version)),
+        _chainId,
+        address(this)
+      )
+    );
+  }
+
+  /// @dev transferFrom in this contract works in a slightly different form than the generic
+  /// transferFrom function. This contract allows for "unlimited approval".
+  /// Should the user approve an address for the maximum uint256 value,
+  /// then that address will have unlimited approval until told otherwise.
+  /// @param _sender The address of the sender.
+  /// @param _recipient The address of the recipient.
+  /// @param _amount The value to transfer.
+  /// @return Success status.
+  function transferFrom(
+    address _sender,
+    address _recipient,
+    uint256 _amount
+  ) public returns (bool) {
+    require(_sender != address(0));
+    require(_recipient != address(0));
+
+    balances[_sender] = balances[_sender].sub(_amount);
+    balances[_recipient] = balances[_recipient].add(_amount);
+    emit Transfer(_sender, _recipient, _amount);
+
+    if (_sender != msg.sender) {
+      uint256 allowedAmount = allowance(_sender, msg.sender);
+
+      if (allowedAmount != uint256(-1)) {
+        // If allowance is limited, adjust it.
+        // In this case `transferFrom` works like the generic
+        allowed[_sender][msg.sender] = allowedAmount.sub(_amount);
+        emit Approval(_sender, msg.sender, allowed[_sender][msg.sender]);
+      } else {
+        // If allowance is unlimited by `permit`, `approve`, or `increaseAllowance`
+        // function, don't adjust it. But the expiration date must be empty or in the future
+        require(expirations[_sender][msg.sender] == 0 || expirations[_sender][msg.sender] >= _now());
+      }
+    } else {
+      // If `_sender` is `msg.sender`,
+      // the function works just like `transfer()`
+    }
+
+    callAfterTransfer(_sender, _recipient, _amount);
+    return true;
+  }
+
+  /// @dev An alias for `transfer` function.
+  /// @param _to The address of the recipient.
+  /// @param _amount The value to transfer.
+  function push(address _to, uint256 _amount) public {
+    transferFrom(msg.sender, _to, _amount);
+  }
+
+  /// @dev Makes a request to transfer the specified amount
+  /// from the specified address to the caller's address.
+  /// @param _from The address of the holder.
+  /// @param _amount The value to transfer.
+  function pull(address _from, uint256 _amount) public {
+    transferFrom(_from, msg.sender, _amount);
+  }
+
+  /// @dev An alias for `transferFrom` function.
+  /// @param _from The address of the sender.
+  /// @param _to The address of the recipient.
+  /// @param _amount The value to transfer.
+  function move(
+    address _from,
+    address _to,
+    uint256 _amount
+  ) public {
+    transferFrom(_from, _to, _amount);
+  }
+
+  /// @dev Allows to spend holder's unlimited amount by the specified spender.
+  /// The function can be called by anyone, but requires having allowance parameters
+  /// signed by the holder according to EIP712.
+  /// @param _holder The holder's address.
+  /// @param _spender The spender's address.
+  /// @param _nonce The nonce taken from `nonces(_holder)` public getter.
+  /// @param _expiry The allowance expiration date (unix timestamp in UTC).
+  /// Can be zero for no expiration. Forced to zero if `_allowed` is `false`.
+  /// @param _allowed True to enable unlimited allowance for the spender by the holder. False to disable.
+  /// @param _v A final byte of signature (ECDSA component).
+  /// @param _r The first 32 bytes of signature (ECDSA component).
+  /// @param _s The second 32 bytes of signature (ECDSA component).
+  function permit(
+    address _holder,
+    address _spender,
+    uint256 _nonce,
+    uint256 _expiry,
+    bool _allowed,
+    uint8 _v,
+    bytes32 _r,
+    bytes32 _s
+  ) external {
+    require(_holder != address(0));
+    require(_spender != address(0));
+    require(_expiry == 0 || _now() <= _expiry);
+
+    bytes32 digest = keccak256(
+      abi.encodePacked(
+        "\x19\x01",
+        DOMAIN_SEPARATOR,
+        keccak256(abi.encode(PERMIT_TYPEHASH, _holder, _spender, _nonce, _expiry, _allowed))
+      )
+    );
+
+    require(_holder == ecrecover(digest, _v, _r, _s));
+    require(_nonce == nonces[_holder]++);
+
+    uint256 amount = _allowed ? uint256(-1) : 0;
+
+    allowed[_holder][_spender] = amount;
+    expirations[_holder][_spender] = _allowed ? _expiry : 0;
+
+    emit Approval(_holder, _spender, amount);
+  }
+
+  function _now() internal view returns (uint256) {
+    return now;
+  }
+
+  /// @dev Version of the token contract.
+  function getTokenInterfacesVersion()
+    external
+    pure
+    returns (
+      uint64 major,
+      uint64 minor,
+      uint64 patch
+    )
+  {
+    return (2, 3, 0);
+  }
+}

contracts/Mocks/MockAMB.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.7.0;
+
+import { IAMB } from "../CrossChainUpgradeableProxy.sol";
+
+contract MockAMB is IAMB {
+  address public xDomainMessageSender;
+
+  constructor(address _xDomainMessageSender) {
+    xDomainMessageSender = _xDomainMessageSender;
+  }
+
+  function setMessageSender(address _sender) external {
+    xDomainMessageSender = _sender;
+  }
+
+  function messageSender() external view override returns (address) {
+    return xDomainMessageSender;
+  }
+}

contracts/Mocks/MockOVM_CrossDomainMessenger.sol

@@ -1,14 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity ^0.7.0;
-
-contract MockOVM_CrossDomainMessenger {
-  address public xDomainMessageSender;
-
-  constructor(address _xDomainMessageSender) {
-    xDomainMessageSender = _xDomainMessageSender;
-  }
-
-  function execute(address _who, bytes calldata _calldata) external returns (bool success, bytes memory result) {
-    (success, result) = _who.call(_calldata);
-  }
-}

contracts/Mocks/MockOmniBridge.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.7.0;
+
+import { IAMB, IOmniBridge } from "../CrossChainUpgradeableProxy.sol";
+
+contract MockOmniBridge is IOmniBridge {
+  IAMB public AMB;
+
+  constructor(IAMB _AMB) {
+    AMB = _AMB;
+  }
+
+  function bridgeContract() external view override returns (IAMB) {
+    return AMB;
+  }
+
+  function execute(address _who, bytes calldata _calldata) external returns (bool success, bytes memory result) {
+    (success, result) = _who.call(_calldata);
+  }
+}

contracts/TornadoPool.sol

@@ -12,21 +12,27 @@
 
 pragma solidity ^0.7.0;
 pragma experimental ABIEncoderV2;
+
+import "@openzeppelin/contracts/contracts/token/ERC20/IERC20.sol";
 import "./MerkleTreeWithHistory.sol";
 
+interface IERC6777 is IERC20 {
+  function transferAndCall(
+    address,
+    uint256,
+    bytes calldata
+  ) external returns (bool);
+}
+
 interface IVerifier {
   function verifyProof(bytes memory _proof, uint256[7] memory _input) external view returns (bool);
 
   function verifyProof(bytes memory _proof, uint256[21] memory _input) external view returns (bool);
 }
 
-interface IERC20 {
-  function transfer(address to, uint256 value) external returns (bool);
-}
-
 interface IERC20Receiver {
   function onTokenBridged(
-    IERC20 token,
+    IERC6777 token,
     uint256 value,
     bytes calldata data
   ) external;
@@ -39,15 +45,17 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
   mapping(bytes32 => bool) public nullifierHashes;
   IVerifier public immutable verifier2;
   IVerifier public immutable verifier16;
-  IERC20 public immutable token;
+  IERC6777 public immutable token;
+  address public immutable omniBridge;
 
   struct ExtData {
-    address payable recipient;
+    address recipient;
     int256 extAmount;
-    address payable relayer;
+    address relayer;
     uint256 fee;
     bytes encryptedOutput1;
     bytes encryptedOutput2;
+    bool isL1Withdraw;
   }
 
   struct Proof {
@@ -79,14 +87,25 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
     IVerifier _verifier16,
     uint32 _levels,
     address _hasher,
-    IERC20 _token
+    IERC6777 _token,
+    address _omniBridge
   ) MerkleTreeWithHistory(_levels, _hasher) {
     verifier2 = _verifier2;
     verifier16 = _verifier16;
     token = _token;
+    omniBridge = _omniBridge;
   }
 
-  function transaction(Proof memory _args, ExtData memory _extData) public payable {
+  function transact(Proof memory _args, ExtData memory _extData) public {
+    if (_extData.extAmount > 0) {
+      // for deposits from L2
+      token.transferFrom(msg.sender, address(this), uint256(_extData.extAmount));
+    }
+
+    _transact(_args, _extData);
+  }
+
+  function _transact(Proof memory _args, ExtData memory _extData) internal {
     require(isKnownRoot(_args.root), "Invalid merkle root");
     for (uint256 i = 0; i < _args.inputNullifiers.length; i++) {
       require(!isSpent(_args.inputNullifiers[i]), "Input is already spent");
@@ -99,14 +118,13 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
       nullifierHashes[_args.inputNullifiers[i]] = true;
     }
 
-    if (_extData.extAmount > 0) {
+    if (_extData.extAmount < 0) {
-      require(msg.value == uint256(_extData.extAmount), "Incorrect amount of ETH sent on deposit");
-    } else if (_extData.extAmount < 0) {
-      require(msg.value == 0, "Sent ETH amount should be 0 for withdrawal");
       require(_extData.recipient != address(0), "Can't withdraw to zero address");
-      token.transfer(_extData.recipient, uint256(-_extData.extAmount));
+      if (_extData.isL1Withdraw) {
+        token.transferAndCall(omniBridge, uint256(-_extData.extAmount), abi.encode(_extData.recipient));
       } else {
-      require(msg.value == 0, "Sent ETH amount should be 0 for transaction");
+        token.transfer(_extData.recipient, uint256(-_extData.extAmount));
+      }
     }
 
     if (_extData.fee > 0) {
@@ -190,22 +208,24 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
     Register memory _registerArgs,
     Proof memory _proofArgs,
     ExtData memory _extData
-  ) public payable {
+  ) public {
     register(_registerArgs);
-    transaction(_proofArgs, _extData);
+    transact(_proofArgs, _extData);
   }
 
+  /// TOTHINK security. should we track all incoming trasfers so we can to double check the bridge actually sent tokens to this contract?
   function onTokenBridged(
-    IERC20 _token,
+    IERC6777 _token,
     uint256,
     bytes calldata _data
   ) external override {
     require(_token == token, "provided token is not supported");
+    require(msg.sender == omniBridge, "only omni bridge"); // we can also get real msg.sender from L1, but it does not matter
+
     (Register memory _registerArgs, Proof memory _args, ExtData memory _extData) = abi.decode(_data, (Register, Proof, ExtData));
     if (_registerArgs.pubKey.length != 0 && _registerArgs.account.length != 0) {
-      registerAndTransact(_registerArgs, _args, _extData);
+      register(_registerArgs);
-    } else {
+    }
-      transaction(_args, _extData);
+    _transact(_args, _extData);
-    }
   }
 }

hardhat.config.js

@@ -2,11 +2,21 @@
 require('@typechain/hardhat')
 require('@nomiclabs/hardhat-ethers')
 require('@nomiclabs/hardhat-waffle')
-require('@eth-optimism/hardhat-ovm')
 require('dotenv').config()
 
 const config = {
   solidity: {
+    compilers: [
+      {
+        version: '0.4.24',
+        settings: {
+          optimizer: {
+            enabled: true,
+            runs: 200,
+          },
+        },
+      },
+      {
         version: '0.7.6',
         settings: {
           optimizer: {
@@ -15,8 +25,7 @@ const config = {
           },
         },
       },
-  ovm: {
+    ],
-    solcVersion: '0.7.6+commit.3b061308',
   },
   networks: {
     // goerli: {
@@ -27,19 +36,6 @@ const config = {
     //         mnemonic: 'test test test test test test test test test test test junk',
     //       },
     // },
-    optimism: {
-      url: process.env.ETH_RPC || 'https://mainnet.optimism.io',
-      accounts: process.env.PRIVATE_KEY
-        ? [process.env.PRIVATE_KEY]
-        : {
-            mnemonic: 'test test test test test test test test test test test junk',
-          },
-      // This sets the gas price to 0 for all transactions on L2. We do this
-      // because account balances are not automatically initiated with an ETH
-      // balance (yet, sorry!).
-      gasPrice: 15000000,
-      ovm: true, // This sets the network as using the ovm and ensure contract will be compiled against that.
-    },
   },
   mocha: {
     timeout: 600000000,

package.json

@@ -47,7 +47,6 @@
     "typechain": "^5.1.2"
   },
   "devDependencies": {
-    "@eth-optimism/hardhat-ovm": "^0.2.2",
     "babel-eslint": "^10.1.0",
     "eslint": "^7.28.0",
     "eslint-config-prettier": "^8.3.0",

src/index.js

@@ -16,7 +16,7 @@ async function buildMerkleTree({ tornadoPool }) {
   return new MerkleTree(MERKLE_TREE_HEIGHT, leaves, { hashFunction: poseidonHash2 })
 }
 
-async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, relayer }) {
+async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, relayer, isL1Withdrawal }) {
   inputs = shuffle(inputs)
   outputs = shuffle(outputs)
 
@@ -53,6 +53,7 @@ async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, rela
     fee: toFixedHex(fee),
     encryptedOutput1: outputs[0].encrypt(),
     encryptedOutput2: outputs[1].encrypt(),
+    isL1Withdrawal,
   }
 
   const extDataHash = getExtDataHash(extData)
@@ -103,6 +104,7 @@ async function prepareTransaction({
   fee = 0,
   recipient = 0,
   relayer = 0,
+  isL1Withdrawal = false,
 }) {
   if (inputs.length > 16 || outputs.length > 2) {
     throw new Error('Incorrect inputs/outputs count')
@@ -118,8 +120,6 @@ async function prepareTransaction({
     .add(outputs.reduce((sum, x) => sum.add(x.amount), BigNumber.from(0)))
     .sub(inputs.reduce((sum, x) => sum.add(x.amount), BigNumber.from(0)))
 
-  const amount = extAmount > 0 ? extAmount : 0
-
   const { args, extData } = await getProof({
     inputs,
     outputs,
@@ -128,30 +128,29 @@ async function prepareTransaction({
     fee,
     recipient,
     relayer,
+    isL1Withdrawal,
   })
 
   return {
     args,
     extData,
-    amount,
   }
 }
 
 async function transaction({ tornadoPool, ...rest }) {
-  const { args, extData, amount } = await prepareTransaction({
+  const { args, extData } = await prepareTransaction({
     tornadoPool,
     ...rest,
   })
 
-  const receipt = await tornadoPool.transaction(args, extData, {
+  const receipt = await tornadoPool.transact(args, extData, {
-    value: amount,
     gasLimit: 1e6,
   })
   await receipt.wait()
 }
 
 async function registerAndTransact({ tornadoPool, packedPrivateKeyData, poolAddress, ...rest }) {
-  const { args, extData, amount } = await prepareTransaction({
+  const { args, extData } = await prepareTransaction({
     tornadoPool,
     ...rest,
   })
@@ -162,7 +161,6 @@ async function registerAndTransact({ tornadoPool, packedPrivateKeyData, poolAddr
   }
 
   const receipt = await tornadoPool.registerAndTransact(params, args, extData, {
-    value: amount,
     gasLimit: 2e6,
   })
   await receipt.wait()

src/utils.js

@@ -14,12 +14,20 @@ const FIELD_SIZE = BigNumber.from(
 /** Generate random number of specified byte length */
 const randomBN = (nbytes = 31) => BigNumber.from(crypto.randomBytes(nbytes))
 
-function getExtDataHash({ recipient, extAmount, relayer, fee, encryptedOutput1, encryptedOutput2 }) {
+function getExtDataHash({
+  recipient,
+  extAmount,
+  relayer,
+  fee,
+  encryptedOutput1,
+  encryptedOutput2,
+  isL1Withdrawal,
+}) {
   const abi = new ethers.utils.AbiCoder()
 
   const encodedData = abi.encode(
     [
-      'tuple(address recipient,int256 extAmount,address relayer,uint256 fee,bytes encryptedOutput1,bytes encryptedOutput2)',
+      'tuple(address recipient,int256 extAmount,address relayer,uint256 fee,bytes encryptedOutput1,bytes encryptedOutput2,bool isL1Withdrawal)',
     ],
     [
       {
@@ -29,6 +37,7 @@ function getExtDataHash({ recipient, extAmount, relayer, fee, encryptedOutput1,
         fee: toFixedHex(fee),
         encryptedOutput1: encryptedOutput1,
         encryptedOutput2: encryptedOutput2,
+        isL1Withdrawal: isL1Withdrawal,
       },
     ],
   )

test/full.test.js

@@ -2,8 +2,8 @@ const hre = require('hardhat')
 const { ethers, waffle } = hre
 const { loadFixture } = waffle
 const { expect } = require('chai')
+const { utils } = ethers
 
-const { toFixedHex } = require('../src/utils')
 const Utxo = require('../src/utxo')
 const { transaction, registerAndTransact } = require('../src/index')
 const { Keypair } = require('../src/keypair')
@@ -21,9 +21,17 @@ describe('TornadoPool', function () {
 
   async function fixture() {
     require('../scripts/compileHasher')
+    const [sender, gov] = await ethers.getSigners()
     const verifier2 = await deploy('Verifier2')
     const verifier16 = await deploy('Verifier16')
     const hasher = await deploy('Hasher')
+
+    const token = await deploy('PermittableToken', 'Wrapped ETH', 'WETH', 18, 1)
+    await token.mint(sender.address, utils.parseEther('10000'))
+
+    const amb = await deploy('MockAMB', gov.address)
+    const omniBridge = await deploy('MockOmniBridge', amb.address)
+
     /** @type {TornadoPool} */
     const tornadoPool = await deploy(
       'TornadoPool',
@@ -31,36 +39,39 @@ describe('TornadoPool', function () {
       verifier16.address,
       MERKLE_TREE_HEIGHT,
       hasher.address,
+      token.address,
+      omniBridge.address,
     )
     await tornadoPool.initialize()
-    return { tornadoPool }
+
+    await token.approve(tornadoPool.address, utils.parseEther('10000'))
+    return { tornadoPool, token, omniBridge, amb }
   }
 
   async function fixtureUpgradeable() {
-    const { tornadoPool } = await loadFixture(fixture)
+    const { tornadoPool, omniBridge } = await loadFixture(fixture)
     const [, gov] = await ethers.getSigners()
-    const messenger = await deploy('MockOVM_CrossDomainMessenger', gov.address)
     const proxy = await deploy(
       'CrossChainUpgradeableProxy',
       tornadoPool.address,
       gov.address,
       [],
-      messenger.address,
+      omniBridge.address,
     )
 
-    const TornadoPool = await ethers.getContractFactory('TornadoPool')
     /** @type {TornadoPool} */
+    const TornadoPool = await ethers.getContractFactory('TornadoPool')
     const tornadoPoolProxied = TornadoPool.attach(proxy.address)
     await tornadoPoolProxied.initialize()
 
-    return { tornadoPool: tornadoPoolProxied, proxy, gov, messenger }
+    return { tornadoPool: tornadoPoolProxied, proxy, gov, omniBridge }
   }
 
   describe('Upgradeability tests', () => {
     it('admin should be gov', async () => {
-      const { proxy, messenger, gov } = await loadFixture(fixtureUpgradeable)
+      const { proxy, omniBridge, gov } = await loadFixture(fixtureUpgradeable)
       const { data } = await proxy.populateTransaction.admin()
-      const { result } = await messenger.callStatic.execute(proxy.address, data)
+      const { result } = await omniBridge.callStatic.execute(proxy.address, data)
       expect('0x' + result.slice(26)).to.be.equal(gov.address.toLowerCase())
     })
 
@@ -152,7 +163,7 @@ describe('TornadoPool', function () {
   })
 
   it('should deposit, transact and withdraw', async function () {
-    const { tornadoPool } = await loadFixture(fixture)
+    const { tornadoPool, token } = await loadFixture(fixture)
 
     // Alice deposits into tornado pool
     const aliceDepositAmount = 1e7
@@ -196,7 +207,7 @@ describe('TornadoPool', function () {
       recipient: bobEthAddress,
     })
 
-    const bobBalance = await ethers.provider.getBalance(bobEthAddress)
+    const bobBalance = await token.balanceOf(bobEthAddress)
     expect(bobBalance).to.be.equal(bobWithdrawAmount)
   })
 

yarn.lock

@@ -137,13 +137,6 @@
     minimatch "^3.0.4"
     strip-json-comments "^3.1.1"
 
-"@eth-optimism/hardhat-ovm@^0.2.2":
-  version "0.2.2"
-  resolved "https://registry.yarnpkg.com/@eth-optimism/hardhat-ovm/-/hardhat-ovm-0.2.2.tgz#55fafaa6b8277447abaf132602c1c6d14a2a18a2"
-  integrity sha512-QLzqawYCzC/m6K/Oaj/tCZQlu6kZTgnleg1cJad8kVYA5E+JWZQ6ZJrcStoJoJrco9RIroPUjAFEhFM8YiCc7Q==
-  dependencies:
-    node-fetch "^2.6.1"
-
 "@ethereum-waffle/chai@^3.4.0":
   version "3.4.0"
   resolved "https://registry.yarnpkg.com/@ethereum-waffle/chai/-/chai-3.4.0.tgz#2477877410a96bf370edd64df905b04fb9aba9d5"