tornadocash/tornado-nova
1
0
Fork 0
mirror of https://github.com/tornadocash/tornado-nova synced 2024-02-02 14:53:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

xdai update

Browse Source
This commit is contained in:
Alexey 2021-09-29 22:39:30 +03:00
parent c2c3064601
commit a28d887643
13 changed files with 4625 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
contracts/CrossChainUpgradeableProxy.sol
View File

@ -3,17 +3,21 @@ pragma solidity ^0.7.0;
import "@openzeppelin/contracts/contracts/proxy/TransparentUpgradeableProxy.sol";
// https://github.com/ethereum-optimism/optimism/blob/c7bc85deee999b8edfbe187b302d0ea262638ca9/packages/contracts/contracts/optimistic-ethereum/iOVM/bridge/messaging/iOVM_CrossDomainMessenger.sol
interface iOVM_CrossDomainMessenger {
function xDomainMessageSender() external view returns (address);
// https://docs.tokenbridge.net/amb-bridge/development-of-a-cross-chain-application/how-to-develop-xchain-apps-by-amb#call-a-method-in-another-chain-using-the-amb-bridge
interface IAMB {
function messageSender() external view returns (address);
}
interface IOmniBridge {
function bridgeContract() external view returns (IAMB);
}
/**
* @dev TransparentUpgradeableProxy where admin acts from a different chain.
*/
contract CrossChainUpgradeableProxy is TransparentUpgradeableProxy {
// https://github.com/ethereum-optimism/optimism/blob/develop/packages/contracts/deployments/README.md
iOVM_CrossDomainMessenger public immutable messenger;
IOmniBridge public immutable omniBridge;
/**
* @dev Initializes an upgradeable proxy backed by the implementation at `_logic`.
@ -22,16 +26,16 @@ contract CrossChainUpgradeableProxy is TransparentUpgradeableProxy {
address _logic,
address _admin,
bytes memory _data,
iOVM_CrossDomainMessenger _messenger
IOmniBridge _omniBridge
) TransparentUpgradeableProxy(_logic, _admin, _data) {
messenger = _messenger;
omniBridge = _omniBridge;
}
/**
* @dev Modifier used internally that will delegate the call to the implementation unless the sender is the cross chain admin.
*/
modifier ifAdmin() override {
if (msg.sender == address(messenger) && messenger.xDomainMessageSender() == _admin()) {
if (msg.sender == address(omniBridge) && omniBridge.bridgeContract().messageSender() == _admin()) {
_;
} else {
_fallback();

856
contracts/Mocks/ERC677.sol Normal file
View File

@ -0,0 +1,856 @@
// File: openzeppelin-solidity/contracts/token/ERC20/ERC20Basic.sol
pragma solidity ^0.4.24;
/**
* @title ERC20Basic
* @dev Simpler version of ERC20 interface
* See https://github.com/ethereum/EIPs/issues/179
*/
contract ERC20Basic {
function totalSupply() public view returns (uint256);
function balanceOf(address _who) public view returns (uint256);
function transfer(address _to, uint256 _value) public returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
}
// File: openzeppelin-solidity/contracts/math/SafeMath.sol
pragma solidity ^0.4.24;
/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
/**
* @dev Multiplies two numbers, throws on overflow.
*/
function mul(uint256 _a, uint256 _b) internal pure returns (uint256 c) {
// Gas optimization: this is cheaper than asserting 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
if (_a == 0) {
return 0;
}
c = _a * _b;
assert(c / _a == _b);
return c;
}
/**
* @dev Integer division of two numbers, truncating the quotient.
*/
function div(uint256 _a, uint256 _b) internal pure returns (uint256) {
// assert(_b > 0); // Solidity automatically throws when dividing by 0
// uint256 c = _a / _b;
// assert(_a == _b * c + _a % _b); // There is no case in which this doesn't hold
return _a / _b;
}
/**
* @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
*/
function sub(uint256 _a, uint256 _b) internal pure returns (uint256) {
assert(_b <= _a);
return _a - _b;
}
/**
* @dev Adds two numbers, throws on overflow.
*/
function add(uint256 _a, uint256 _b) internal pure returns (uint256 c) {
c = _a + _b;
assert(c >= _a);
return c;
}
}
// File: openzeppelin-solidity/contracts/token/ERC20/BasicToken.sol
pragma solidity ^0.4.24;
/**
* @title Basic token
* @dev Basic version of StandardToken, with no allowances.
*/
contract BasicToken is ERC20Basic {
using SafeMath for uint256;
mapping(address => uint256) internal balances;
uint256 internal totalSupply_;
/**
* @dev Total number of tokens in existence
*/
function totalSupply() public view returns (uint256) {
return totalSupply_;
}
/**
* @dev Transfer token for a specified address
* @param _to The address to transfer to.
* @param _value The amount to be transferred.
*/
function transfer(address _to, uint256 _value) public returns (bool) {
require(_value <= balances[msg.sender]);
require(_to != address(0));
balances[msg.sender] = balances[msg.sender].sub(_value);
balances[_to] = balances[_to].add(_value);
emit Transfer(msg.sender, _to, _value);
return true;
}
/**
* @dev Gets the balance of the specified address.
* @param _owner The address to query the the balance of.
* @return An uint256 representing the amount owned by the passed address.
*/
function balanceOf(address _owner) public view returns (uint256) {
return balances[_owner];
}
}
// File: openzeppelin-solidity/contracts/token/ERC20/BurnableToken.sol
pragma solidity ^0.4.24;
/**
* @title Burnable Token
* @dev Token that can be irreversibly burned (destroyed).
*/
contract BurnableToken is BasicToken {
event Burn(address indexed burner, uint256 value);
/**
* @dev Burns a specific amount of tokens.
* @param _value The amount of token to be burned.
*/
function burn(uint256 _value) public {
_burn(msg.sender, _value);
}
function _burn(address _who, uint256 _value) internal {
require(_value <= balances[_who]);
// no need to require value <= totalSupply, since that would imply the
// sender's balance is greater than the totalSupply, which *should* be an assertion failure
balances[_who] = balances[_who].sub(_value);
totalSupply_ = totalSupply_.sub(_value);
emit Burn(_who, _value);
emit Transfer(_who, address(0), _value);
}
}
// File: openzeppelin-solidity/contracts/token/ERC20/ERC20.sol
pragma solidity ^0.4.24;
/**
* @title ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/20
*/
contract ERC20 is ERC20Basic {
function allowance(address _owner, address _spender) public view returns (uint256);
function transferFrom(
address _from,
address _to,
uint256 _value
) public returns (bool);
function approve(address _spender, uint256 _value) public returns (bool);
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// File: openzeppelin-solidity/contracts/token/ERC20/StandardToken.sol
pragma solidity ^0.4.24;
/**
* @title Standard ERC20 token
*
* @dev Implementation of the basic standard token.
* https://github.com/ethereum/EIPs/issues/20
* Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
*/
contract StandardToken is ERC20, BasicToken {
mapping(address => mapping(address => uint256)) internal allowed;
/**
* @dev Transfer tokens from one address to another
* @param _from address The address which you want to send tokens from
* @param _to address The address which you want to transfer to
* @param _value uint256 the amount of tokens to be transferred
*/
function transferFrom(
address _from,
address _to,
uint256 _value
) public returns (bool) {
require(_value <= balances[_from]);
require(_value <= allowed[_from][msg.sender]);
require(_to != address(0));
balances[_from] = balances[_from].sub(_value);
balances[_to] = balances[_to].add(_value);
allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
emit Transfer(_from, _to, _value);
return true;
}
/**
* @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
* Beware that changing an allowance with this method brings the risk that someone may use both the old
* and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
* race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* @param _spender The address which will spend the funds.
* @param _value The amount of tokens to be spent.
*/
function approve(address _spender, uint256 _value) public returns (bool) {
allowed[msg.sender][_spender] = _value;
emit Approval(msg.sender, _spender, _value);
return true;
}
/**
* @dev Function to check the amount of tokens that an owner allowed to a spender.
* @param _owner address The address which owns the funds.
* @param _spender address The address which will spend the funds.
* @return A uint256 specifying the amount of tokens still available for the spender.
*/
function allowance(address _owner, address _spender) public view returns (uint256) {
return allowed[_owner][_spender];
}
/**
* @dev Increase the amount of tokens that an owner allowed to a spender.
* approve should be called when allowed[_spender] == 0. To increment
* allowed value is better to use this function to avoid 2 calls (and wait until
* the first transaction is mined)
* From MonolithDAO Token.sol
* @param _spender The address which will spend the funds.
* @param _addedValue The amount of tokens to increase the allowance by.
*/
function increaseApproval(address _spender, uint256 _addedValue) public returns (bool) {
allowed[msg.sender][_spender] = (allowed[msg.sender][_spender].add(_addedValue));
emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
return true;
}
/**
* @dev Decrease the amount of tokens that an owner allowed to a spender.
* approve should be called when allowed[_spender] == 0. To decrement
* allowed value is better to use this function to avoid 2 calls (and wait until
* the first transaction is mined)
* From MonolithDAO Token.sol
* @param _spender The address which will spend the funds.
* @param _subtractedValue The amount of tokens to decrease the allowance by.
*/
function decreaseApproval(address _spender, uint256 _subtractedValue) public returns (bool) {
uint256 oldValue = allowed[msg.sender][_spender];
if (_subtractedValue >= oldValue) {
allowed[msg.sender][_spender] = 0;
} else {
allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);
}
emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
return true;
}
}
// File: openzeppelin-solidity/contracts/ownership/Ownable.sol
pragma solidity ^0.4.24;
/**
* @title Ownable
* @dev The Ownable contract has an owner address, and provides basic authorization control
* functions, this simplifies the implementation of "user permissions".
*/
contract Ownable {
address public owner;
event OwnershipRenounced(address indexed previousOwner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev The Ownable constructor sets the original `owner` of the contract to the sender
* account.
*/
constructor() public {
owner = msg.sender;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
/**
* @dev Allows the current owner to relinquish control of the contract.
* @notice Renouncing to ownership will leave the contract without an owner.
* It will not be possible to call the functions with the `onlyOwner`
* modifier anymore.
*/
function renounceOwnership() public onlyOwner {
emit OwnershipRenounced(owner);
owner = address(0);
}
/**
* @dev Allows the current owner to transfer control of the contract to a newOwner.
* @param _newOwner The address to transfer ownership to.
*/
function transferOwnership(address _newOwner) public onlyOwner {
_transferOwnership(_newOwner);
}
/**
* @dev Transfers control of the contract to a newOwner.
* @param _newOwner The address to transfer ownership to.
*/
function _transferOwnership(address _newOwner) internal {
require(_newOwner != address(0));
emit OwnershipTransferred(owner, _newOwner);
owner = _newOwner;
}
}
// File: openzeppelin-solidity/contracts/token/ERC20/MintableToken.sol
pragma solidity ^0.4.24;
/**
* @title Mintable token
* @dev Simple ERC20 Token example, with mintable token creation
* Based on code by TokenMarketNet: https://github.com/TokenMarketNet/ico/blob/master/contracts/MintableToken.sol
*/
contract MintableToken is StandardToken, Ownable {
event Mint(address indexed to, uint256 amount);
event MintFinished();
bool public mintingFinished = false;
modifier canMint() {
require(!mintingFinished);
_;
}
modifier hasMintPermission() {
require(msg.sender == owner);
_;
}
/**
* @dev Function to mint tokens
* @param _to The address that will receive the minted tokens.
* @param _amount The amount of tokens to mint.
* @return A boolean that indicates if the operation was successful.
*/
function mint(address _to, uint256 _amount) public hasMintPermission canMint returns (bool) {
totalSupply_ = totalSupply_.add(_amount);
balances[_to] = balances[_to].add(_amount);
emit Mint(_to, _amount);
emit Transfer(address(0), _to, _amount);
return true;
}
/**
* @dev Function to stop minting new tokens.
* @return True if the operation was successful.
*/
function finishMinting() public onlyOwner canMint returns (bool) {
mintingFinished = true;
emit MintFinished();
return true;
}
}
// File: openzeppelin-solidity/contracts/token/ERC20/DetailedERC20.sol
pragma solidity ^0.4.24;
/**
* @title DetailedERC20 token
* @dev The decimals are only for visualization purposes.
* All the operations are done using the smallest and indivisible token unit,
* just as on Ethereum all the operations are done in wei.
*/
contract DetailedERC20 is ERC20 {
string public name;
string public symbol;
uint8 public decimals;
constructor(
string _name,
string _symbol,
uint8 _decimals
) public {
name = _name;
symbol = _symbol;
decimals = _decimals;
}
}
// File: openzeppelin-solidity/contracts/AddressUtils.sol
pragma solidity ^0.4.24;
/**
* Utility library of inline functions on addresses
*/
library AddressUtils {
/**
* Returns whether the target address is a contract
* @dev This function will return false if invoked during the constructor of a contract,
* as the code is not actually created until after the constructor finishes.
* @param _addr address to check
* @return whether the target address is a contract
*/
function isContract(address _addr) internal view returns (bool) {
uint256 size;
// XXX Currently there is no better way to check if there is a contract in an address
// than to check the size of the code at that address.
// See https://ethereum.stackexchange.com/a/14016/36603
// for more details about how this works.
// TODO Check this again before the Serenity release, because all addresses will be
// contracts then.
// solium-disable-next-line security/no-inline-assembly
assembly {
size := extcodesize(_addr)
}
return size > 0;
}
}
// File: contracts/interfaces/ERC677.sol
pragma solidity 0.4.24;
contract ERC677 is ERC20 {
event Transfer(address indexed from, address indexed to, uint256 value, bytes data);
function transferAndCall(
address,
uint256,
bytes
) external returns (bool);
function increaseAllowance(address spender, uint256 addedValue) public returns (bool);
function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool);
}
// File: contracts/interfaces/IBurnableMintableERC677Token.sol
pragma solidity 0.4.24;
contract IBurnableMintableERC677Token is ERC677 {
function mint(address _to, uint256 _amount) public returns (bool);
function burn(uint256 _value) public;
function claimTokens(address _token, address _to) public;
}
// File: contracts/upgradeable_contracts/Sacrifice.sol
pragma solidity 0.4.24;
contract Sacrifice {
constructor(address _recipient) public payable {
selfdestruct(_recipient);
}
}
// File: contracts/libraries/Address.sol
pragma solidity 0.4.24;
/**
* @title Address
* @dev Helper methods for Address type.
*/
library Address {
/**
* @dev Try to send native tokens to the address. If it fails, it will force the transfer by creating a selfdestruct contract
* @param _receiver address that will receive the native tokens
* @param _value the amount of native tokens to send
*/
function safeSendValue(address _receiver, uint256 _value) internal {
if (!_receiver.send(_value)) {
(new Sacrifice).value(_value)(_receiver);
}
}
}
// File: contracts/upgradeable_contracts/Claimable.sol
pragma solidity 0.4.24;
contract Claimable {
bytes4 internal constant TRANSFER = 0xa9059cbb; // transfer(address,uint256)
modifier validAddress(address _to) {
require(_to != address(0));
/* solcov ignore next */
_;
}
function claimValues(address _token, address _to) internal {
if (_token == address(0)) {
claimNativeCoins(_to);
} else {
claimErc20Tokens(_token, _to);
}
}
function claimNativeCoins(address _to) internal {
uint256 value = address(this).balance;
Address.safeSendValue(_to, value);
}
function claimErc20Tokens(address _token, address _to) internal {
ERC20Basic token = ERC20Basic(_token);
uint256 balance = token.balanceOf(this);
safeTransfer(_token, _to, balance);
}
function safeTransfer(
address _token,
address _to,
uint256 _value
) internal {
bytes memory returnData;
bool returnDataResult;
bytes memory callData = abi.encodeWithSelector(TRANSFER, _to, _value);
assembly {
let result := call(gas, _token, 0x0, add(callData, 0x20), mload(callData), 0, 32)
returnData := mload(0)
returnDataResult := mload(0)
switch result
case 0 {
revert(0, 0)
}
}
// Return data is optional
if (returnData.length > 0) {
require(returnDataResult);
}
}
}
// File: contracts/ERC677BridgeToken.sol
pragma solidity 0.4.24;
/**
* @title ERC677BridgeToken
* @dev The basic implementation of a bridgeable ERC677-compatible token
*/
contract ERC677BridgeToken is IBurnableMintableERC677Token, DetailedERC20, BurnableToken, MintableToken, Claimable {
bytes4 internal constant ON_TOKEN_TRANSFER = 0xa4c0ed36; // onTokenTransfer(address,uint256,bytes)
address internal bridgeContractAddr;
event ContractFallbackCallFailed(address from, address to, uint256 value);
constructor(
string _name,
string _symbol,
uint8 _decimals
) public DetailedERC20(_name, _symbol, _decimals) {
// solhint-disable-previous-line no-empty-blocks
}
function bridgeContract() external view returns (address) {
return bridgeContractAddr;
}
function setBridgeContract(address _bridgeContract) external onlyOwner {
require(AddressUtils.isContract(_bridgeContract));
bridgeContractAddr = _bridgeContract;
}
modifier validRecipient(address _recipient) {
require(_recipient != address(0) && _recipient != address(this));
/* solcov ignore next */
_;
}
function transferAndCall(
address _to,
uint256 _value,
bytes _data
) external validRecipient(_to) returns (bool) {
require(superTransfer(_to, _value));
emit Transfer(msg.sender, _to, _value, _data);
if (AddressUtils.isContract(_to)) {
require(contractFallback(msg.sender, _to, _value, _data));
}
return true;
}
function getTokenInterfacesVersion()
external
pure
returns (
uint64 major,
uint64 minor,
uint64 patch
)
{
return (2, 2, 0);
}
function superTransfer(address _to, uint256 _value) internal returns (bool) {
return super.transfer(_to, _value);
}
function transfer(address _to, uint256 _value) public returns (bool) {
require(superTransfer(_to, _value));
callAfterTransfer(msg.sender, _to, _value);
return true;
}
function transferFrom(
address _from,
address _to,
uint256 _value
) public returns (bool) {
require(super.transferFrom(_from, _to, _value));
callAfterTransfer(_from, _to, _value);
return true;
}
function callAfterTransfer(
address _from,
address _to,
uint256 _value
) internal {
if (AddressUtils.isContract(_to) && !contractFallback(_from, _to, _value, new bytes(0))) {
require(!isBridge(_to));
emit ContractFallbackCallFailed(_from, _to, _value);
}
}
function isBridge(address _address) public view returns (bool) {
return _address == bridgeContractAddr;
}
/**
* @dev call onTokenTransfer fallback on the token recipient contract
* @param _from tokens sender
* @param _to tokens recipient
* @param _value amount of tokens that was sent
* @param _data set of extra bytes that can be passed to the recipient
*/
function contractFallback(
address _from,
address _to,
uint256 _value,
bytes _data
) private returns (bool) {
return _to.call(abi.encodeWithSelector(ON_TOKEN_TRANSFER, _from, _value, _data));
}
function finishMinting() public returns (bool) {
revert();
}
function renounceOwnership() public onlyOwner {
revert();
}
function claimTokens(address _token, address _to) public onlyOwner validAddress(_to) {
claimValues(_token, _to);
}
function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {
return super.increaseApproval(spender, addedValue);
}
function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {
return super.decreaseApproval(spender, subtractedValue);
}
}
// File: contracts/PermittableToken.sol
pragma solidity 0.4.24;
contract PermittableToken is ERC677BridgeToken {
string public constant version = "1";
// EIP712 niceties
bytes32 public DOMAIN_SEPARATOR;
// bytes32 public constant PERMIT_TYPEHASH = keccak256("Permit(address holder,address spender,uint256 nonce,uint256 expiry,bool allowed)");
bytes32 public constant PERMIT_TYPEHASH = 0xea2aa0a1be11a07ed86d755c93467f4f82362b452371d1ba94d1715123511acb;
mapping(address => uint256) public nonces;
mapping(address => mapping(address => uint256)) public expirations;
constructor(
string memory _name,
string memory _symbol,
uint8 _decimals,
uint256 _chainId
) public ERC677BridgeToken(_name, _symbol, _decimals) {
require(_chainId != 0);
DOMAIN_SEPARATOR = keccak256(
abi.encode(
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
keccak256(bytes(_name)),
keccak256(bytes(version)),
_chainId,
address(this)
)
);
}
/// @dev transferFrom in this contract works in a slightly different form than the generic
/// transferFrom function. This contract allows for "unlimited approval".
/// Should the user approve an address for the maximum uint256 value,
/// then that address will have unlimited approval until told otherwise.
/// @param _sender The address of the sender.
/// @param _recipient The address of the recipient.
/// @param _amount The value to transfer.
/// @return Success status.
function transferFrom(
address _sender,
address _recipient,
uint256 _amount
) public returns (bool) {
require(_sender != address(0));
require(_recipient != address(0));
balances[_sender] = balances[_sender].sub(_amount);
balances[_recipient] = balances[_recipient].add(_amount);
emit Transfer(_sender, _recipient, _amount);
if (_sender != msg.sender) {
uint256 allowedAmount = allowance(_sender, msg.sender);
if (allowedAmount != uint256(-1)) {
// If allowance is limited, adjust it.
// In this case `transferFrom` works like the generic
allowed[_sender][msg.sender] = allowedAmount.sub(_amount);
emit Approval(_sender, msg.sender, allowed[_sender][msg.sender]);
} else {
// If allowance is unlimited by `permit`, `approve`, or `increaseAllowance`
// function, don't adjust it. But the expiration date must be empty or in the future
require(expirations[_sender][msg.sender] == 0 || expirations[_sender][msg.sender] >= _now());
}
} else {
// If `_sender` is `msg.sender`,
// the function works just like `transfer()`
}
callAfterTransfer(_sender, _recipient, _amount);
return true;
}
/// @dev An alias for `transfer` function.
/// @param _to The address of the recipient.
/// @param _amount The value to transfer.
function push(address _to, uint256 _amount) public {
transferFrom(msg.sender, _to, _amount);
}
/// @dev Makes a request to transfer the specified amount
/// from the specified address to the caller's address.
/// @param _from The address of the holder.
/// @param _amount The value to transfer.
function pull(address _from, uint256 _amount) public {
transferFrom(_from, msg.sender, _amount);
}
/// @dev An alias for `transferFrom` function.
/// @param _from The address of the sender.
/// @param _to The address of the recipient.
/// @param _amount The value to transfer.
function move(
address _from,
address _to,
uint256 _amount
) public {
transferFrom(_from, _to, _amount);
}
/// @dev Allows to spend holder's unlimited amount by the specified spender.
/// The function can be called by anyone, but requires having allowance parameters
/// signed by the holder according to EIP712.
/// @param _holder The holder's address.
/// @param _spender The spender's address.
/// @param _nonce The nonce taken from `nonces(_holder)` public getter.
/// @param _expiry The allowance expiration date (unix timestamp in UTC).
/// Can be zero for no expiration. Forced to zero if `_allowed` is `false`.
/// @param _allowed True to enable unlimited allowance for the spender by the holder. False to disable.
/// @param _v A final byte of signature (ECDSA component).
/// @param _r The first 32 bytes of signature (ECDSA component).
/// @param _s The second 32 bytes of signature (ECDSA component).
function permit(
address _holder,
address _spender,
uint256 _nonce,
uint256 _expiry,
bool _allowed,
uint8 _v,
bytes32 _r,
bytes32 _s
) external {
require(_holder != address(0));
require(_spender != address(0));
require(_expiry == 0 || _now() <= _expiry);
bytes32 digest = keccak256(
abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR,
keccak256(abi.encode(PERMIT_TYPEHASH, _holder, _spender, _nonce, _expiry, _allowed))
)
);
require(_holder == ecrecover(digest, _v, _r, _s));
require(_nonce == nonces[_holder]++);
uint256 amount = _allowed ? uint256(-1) : 0;
allowed[_holder][_spender] = amount;
expirations[_holder][_spender] = _allowed ? _expiry : 0;
emit Approval(_holder, _spender, amount);
}
function _now() internal view returns (uint256) {
return now;
}
/// @dev Version of the token contract.
function getTokenInterfacesVersion()
external
pure
returns (
uint64 major,
uint64 minor,
uint64 patch
)
{
return (2, 3, 0);
}
}

20
contracts/Mocks/MockAMB.sol Normal file
View File

@ -0,0 +1,20 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
import { IAMB } from "../CrossChainUpgradeableProxy.sol";
contract MockAMB is IAMB {
address public xDomainMessageSender;
constructor(address _xDomainMessageSender) {
xDomainMessageSender = _xDomainMessageSender;
}
function setMessageSender(address _sender) external {
xDomainMessageSender = _sender;
}
function messageSender() external view override returns (address) {
return xDomainMessageSender;
}
}

14
contracts/Mocks/MockOVM_CrossDomainMessenger.sol
View File

@ -1,14 +0,0 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
contract MockOVM_CrossDomainMessenger {
address public xDomainMessageSender;
constructor(address _xDomainMessageSender) {
xDomainMessageSender = _xDomainMessageSender;
}
function execute(address _who, bytes calldata _calldata) external returns (bool success, bytes memory result) {
(success, result) = _who.call(_calldata);
}
}

20
contracts/Mocks/MockOmniBridge.sol Normal file
View File

@ -0,0 +1,20 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.7.0;
import { IAMB, IOmniBridge } from "../CrossChainUpgradeableProxy.sol";
contract MockOmniBridge is IOmniBridge {
IAMB public AMB;
constructor(IAMB _AMB) {
AMB = _AMB;
}
function bridgeContract() external view override returns (IAMB) {
return AMB;
}
function execute(address _who, bytes calldata _calldata) external returns (bool success, bytes memory result) {
(success, result) = _who.call(_calldata);
}
}

64
contracts/TornadoPool.sol
View File

@ -12,21 +12,27 @@
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
import "@openzeppelin/contracts/contracts/token/ERC20/IERC20.sol";
import "./MerkleTreeWithHistory.sol";
interface IERC6777 is IERC20 {
function transferAndCall(
address,
uint256,
bytes calldata
) external returns (bool);
}
interface IVerifier {
function verifyProof(bytes memory _proof, uint256[7] memory _input) external view returns (bool);
function verifyProof(bytes memory _proof, uint256[21] memory _input) external view returns (bool);
}
interface IERC20 {
function transfer(address to, uint256 value) external returns (bool);
}
interface IERC20Receiver {
function onTokenBridged(
IERC20 token,
IERC6777 token,
uint256 value,
bytes calldata data
) external;
@ -39,15 +45,17 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
mapping(bytes32 => bool) public nullifierHashes;
IVerifier public immutable verifier2;
IVerifier public immutable verifier16;
IERC20 public immutable token;
IERC6777 public immutable token;
address public immutable omniBridge;
struct ExtData {
address payable recipient;
address recipient;
int256 extAmount;
address payable relayer;
address relayer;
uint256 fee;
bytes encryptedOutput1;
bytes encryptedOutput2;
bool isL1Withdraw;
}
struct Proof {
@ -79,14 +87,25 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
IVerifier _verifier16,
uint32 _levels,
address _hasher,
IERC20 _token
IERC6777 _token,
address _omniBridge
) MerkleTreeWithHistory(_levels, _hasher) {
verifier2 = _verifier2;
verifier16 = _verifier16;
token = _token;
omniBridge = _omniBridge;
}
function transaction(Proof memory _args, ExtData memory _extData) public payable {
function transact(Proof memory _args, ExtData memory _extData) public {
if (_extData.extAmount > 0) {
// for deposits from L2
token.transferFrom(msg.sender, address(this), uint256(_extData.extAmount));
}
_transact(_args, _extData);
}
function _transact(Proof memory _args, ExtData memory _extData) internal {
require(isKnownRoot(_args.root), "Invalid merkle root");
for (uint256 i = 0; i < _args.inputNullifiers.length; i++) {
require(!isSpent(_args.inputNullifiers[i]), "Input is already spent");
@ -99,14 +118,13 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
nullifierHashes[_args.inputNullifiers[i]] = true;
}
if (_extData.extAmount > 0) {
require(msg.value == uint256(_extData.extAmount), "Incorrect amount of ETH sent on deposit");
} else if (_extData.extAmount < 0) {
require(msg.value == 0, "Sent ETH amount should be 0 for withdrawal");
if (_extData.extAmount < 0) {
require(_extData.recipient != address(0), "Can't withdraw to zero address");
token.transfer(_extData.recipient, uint256(-_extData.extAmount));
if (_extData.isL1Withdraw) {
token.transferAndCall(omniBridge, uint256(-_extData.extAmount), abi.encode(_extData.recipient));
} else {
require(msg.value == 0, "Sent ETH amount should be 0 for transaction");
token.transfer(_extData.recipient, uint256(-_extData.extAmount));
}
}
if (_extData.fee > 0) {
@ -190,22 +208,24 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver {
Register memory _registerArgs,
Proof memory _proofArgs,
ExtData memory _extData
) public payable {
) public {
register(_registerArgs);
transaction(_proofArgs, _extData);
transact(_proofArgs, _extData);
}
/// TOTHINK security. should we track all incoming trasfers so we can to double check the bridge actually sent tokens to this contract?
function onTokenBridged(
IERC20 _token,
IERC6777 _token,
uint256,
bytes calldata _data
) external override {
require(_token == token, "provided token is not supported");
require(msg.sender == omniBridge, "only omni bridge"); // we can also get real msg.sender from L1, but it does not matter
(Register memory _registerArgs, Proof memory _args, ExtData memory _extData) = abi.decode(_data, (Register, Proof, ExtData));
if (_registerArgs.pubKey.length != 0 && _registerArgs.account.length != 0) {
registerAndTransact(_registerArgs, _args, _extData);
} else {
transaction(_args, _extData);
register(_registerArgs);
}
_transact(_args, _extData);
}
}

3615
contracts/bridge.sol.tmp Normal file
View File

File diff suppressed because it is too large Load Diff

28
hardhat.config.js
View File

@ -2,11 +2,21 @@
require('@typechain/hardhat')
require('@nomiclabs/hardhat-ethers')
require('@nomiclabs/hardhat-waffle')
require('@eth-optimism/hardhat-ovm')
require('dotenv').config()
const config = {
solidity: {
compilers: [
{
version: '0.4.24',
settings: {
optimizer: {
enabled: true,
runs: 200,
},
},
},
{
version: '0.7.6',
settings: {
optimizer: {
@ -15,8 +25,7 @@ const config = {
},
},
},
ovm: {
solcVersion: '0.7.6+commit.3b061308',
],
},
networks: {
// goerli: {
@ -27,19 +36,6 @@ const config = {
// mnemonic: 'test test test test test test test test test test test junk',
// },
// },
optimism: {
url: process.env.ETH_RPC || 'https://mainnet.optimism.io',
accounts: process.env.PRIVATE_KEY
? [process.env.PRIVATE_KEY]
: {
mnemonic: 'test test test test test test test test test test test junk',
},
// This sets the gas price to 0 for all transactions on L2. We do this
// because account balances are not automatically initiated with an ETH
// balance (yet, sorry!).
gasPrice: 15000000,
ovm: true, // This sets the network as using the ovm and ensure contract will be compiled against that.
},
},
mocha: {
timeout: 600000000,

1
package.json
View File

@ -47,7 +47,6 @@
"typechain": "^5.1.2"
},
"devDependencies": {
"@eth-optimism/hardhat-ovm": "^0.2.2",
"babel-eslint": "^10.1.0",
"eslint": "^7.28.0",
"eslint-config-prettier": "^8.3.0",

16
src/index.js
View File

@ -16,7 +16,7 @@ async function buildMerkleTree({ tornadoPool }) {
return new MerkleTree(MERKLE_TREE_HEIGHT, leaves, { hashFunction: poseidonHash2 })
}
async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, relayer }) {
async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, relayer, isL1Withdrawal }) {
inputs = shuffle(inputs)
outputs = shuffle(outputs)
@ -53,6 +53,7 @@ async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, rela
fee: toFixedHex(fee),
encryptedOutput1: outputs[0].encrypt(),
encryptedOutput2: outputs[1].encrypt(),
isL1Withdrawal,
}
const extDataHash = getExtDataHash(extData)
@ -103,6 +104,7 @@ async function prepareTransaction({
fee = 0,
recipient = 0,
relayer = 0,
isL1Withdrawal = false,
}) {
if (inputs.length > 16 || outputs.length > 2) {
throw new Error('Incorrect inputs/outputs count')
@ -118,8 +120,6 @@ async function prepareTransaction({
.add(outputs.reduce((sum, x) => sum.add(x.amount), BigNumber.from(0)))
.sub(inputs.reduce((sum, x) => sum.add(x.amount), BigNumber.from(0)))
const amount = extAmount > 0 ? extAmount : 0
const { args, extData } = await getProof({
inputs,
outputs,
@ -128,30 +128,29 @@ async function prepareTransaction({
fee,
recipient,
relayer,
isL1Withdrawal,
})
return {
args,
extData,
amount,
}
}
async function transaction({ tornadoPool, ...rest }) {
const { args, extData, amount } = await prepareTransaction({
const { args, extData } = await prepareTransaction({
tornadoPool,
...rest,
})
const receipt = await tornadoPool.transaction(args, extData, {
value: amount,
const receipt = await tornadoPool.transact(args, extData, {
gasLimit: 1e6,
})
await receipt.wait()
}
async function registerAndTransact({ tornadoPool, packedPrivateKeyData, poolAddress, ...rest }) {
const { args, extData, amount } = await prepareTransaction({
const { args, extData } = await prepareTransaction({
tornadoPool,
...rest,
})
@ -162,7 +161,6 @@ async function registerAndTransact({ tornadoPool, packedPrivateKeyData, poolAddr
}
const receipt = await tornadoPool.registerAndTransact(params, args, extData, {
value: amount,
gasLimit: 2e6,
})
await receipt.wait()

13
src/utils.js
View File

@ -14,12 +14,20 @@ const FIELD_SIZE = BigNumber.from(
/** Generate random number of specified byte length */
const randomBN = (nbytes = 31) => BigNumber.from(crypto.randomBytes(nbytes))
function getExtDataHash({ recipient, extAmount, relayer, fee, encryptedOutput1, encryptedOutput2 }) {
function getExtDataHash({
recipient,
extAmount,
relayer,
fee,
encryptedOutput1,
encryptedOutput2,
isL1Withdrawal,
}) {
const abi = new ethers.utils.AbiCoder()
const encodedData = abi.encode(
[
'tuple(address recipient,int256 extAmount,address relayer,uint256 fee,bytes encryptedOutput1,bytes encryptedOutput2)',
'tuple(address recipient,int256 extAmount,address relayer,uint256 fee,bytes encryptedOutput1,bytes encryptedOutput2,bool isL1Withdrawal)',
],
[
{
@ -29,6 +37,7 @@ function getExtDataHash({ recipient, extAmount, relayer, fee, encryptedOutput1,
fee: toFixedHex(fee),
encryptedOutput1: encryptedOutput1,
encryptedOutput2: encryptedOutput2,
isL1Withdrawal: isL1Withdrawal,
},
],
)

33
test/full.test.js
View File

@ -2,8 +2,8 @@ const hre = require('hardhat')
const { ethers, waffle } = hre
const { loadFixture } = waffle
const { expect } = require('chai')
const { utils } = ethers
const { toFixedHex } = require('../src/utils')
const Utxo = require('../src/utxo')
const { transaction, registerAndTransact } = require('../src/index')
const { Keypair } = require('../src/keypair')
@ -21,9 +21,17 @@ describe('TornadoPool', function () {
async function fixture() {
require('../scripts/compileHasher')
const [sender, gov] = await ethers.getSigners()
const verifier2 = await deploy('Verifier2')
const verifier16 = await deploy('Verifier16')
const hasher = await deploy('Hasher')
const token = await deploy('PermittableToken', 'Wrapped ETH', 'WETH', 18, 1)
await token.mint(sender.address, utils.parseEther('10000'))
const amb = await deploy('MockAMB', gov.address)
const omniBridge = await deploy('MockOmniBridge', amb.address)
/** @type {TornadoPool} */
const tornadoPool = await deploy(
'TornadoPool',
@ -31,36 +39,39 @@ describe('TornadoPool', function () {
verifier16.address,
MERKLE_TREE_HEIGHT,
hasher.address,
token.address,
omniBridge.address,
)
await tornadoPool.initialize()
return { tornadoPool }
await token.approve(tornadoPool.address, utils.parseEther('10000'))
return { tornadoPool, token, omniBridge, amb }
}
async function fixtureUpgradeable() {
const { tornadoPool } = await loadFixture(fixture)
const { tornadoPool, omniBridge } = await loadFixture(fixture)
const [, gov] = await ethers.getSigners()
const messenger = await deploy('MockOVM_CrossDomainMessenger', gov.address)
const proxy = await deploy(
'CrossChainUpgradeableProxy',
tornadoPool.address,
gov.address,
[],
messenger.address,
omniBridge.address,
)
const TornadoPool = await ethers.getContractFactory('TornadoPool')
/** @type {TornadoPool} */
const TornadoPool = await ethers.getContractFactory('TornadoPool')
const tornadoPoolProxied = TornadoPool.attach(proxy.address)
await tornadoPoolProxied.initialize()
return { tornadoPool: tornadoPoolProxied, proxy, gov, messenger }
return { tornadoPool: tornadoPoolProxied, proxy, gov, omniBridge }
}
describe('Upgradeability tests', () => {
it('admin should be gov', async () => {
const { proxy, messenger, gov } = await loadFixture(fixtureUpgradeable)
const { proxy, omniBridge, gov } = await loadFixture(fixtureUpgradeable)
const { data } = await proxy.populateTransaction.admin()
const { result } = await messenger.callStatic.execute(proxy.address, data)
const { result } = await omniBridge.callStatic.execute(proxy.address, data)
expect('0x' + result.slice(26)).to.be.equal(gov.address.toLowerCase())
})
@ -152,7 +163,7 @@ describe('TornadoPool', function () {
})
it('should deposit, transact and withdraw', async function () {
const { tornadoPool } = await loadFixture(fixture)
const { tornadoPool, token } = await loadFixture(fixture)
// Alice deposits into tornado pool
const aliceDepositAmount = 1e7
@ -196,7 +207,7 @@ describe('TornadoPool', function () {
recipient: bobEthAddress,
})
const bobBalance = await ethers.provider.getBalance(bobEthAddress)
const bobBalance = await token.balanceOf(bobEthAddress)
expect(bobBalance).to.be.equal(bobWithdrawAmount)
})

7
yarn.lock
View File

@ -137,13 +137,6 @@
minimatch "^3.0.4"
strip-json-comments "^3.1.1"
"@eth-optimism/hardhat-ovm@^0.2.2":
version "0.2.2"
resolved "https://registry.yarnpkg.com/@eth-optimism/hardhat-ovm/-/hardhat-ovm-0.2.2.tgz#55fafaa6b8277447abaf132602c1c6d14a2a18a2"
integrity sha512-QLzqawYCzC/m6K/Oaj/tCZQlu6kZTgnleg1cJad8kVYA5E+JWZQ6ZJrcStoJoJrco9RIroPUjAFEhFM8YiCc7Q==
dependencies:
node-fetch "^2.6.1"
"@ethereum-waffle/chai@^3.4.0":
version "3.4.0"
resolved "https://registry.yarnpkg.com/@ethereum-waffle/chai/-/chai-3.4.0.tgz#2477877410a96bf370edd64df905b04fb9aba9d5"