{
"language": "Solidity",
"sources": {
"src.sol/amm/lib/helpers/AssetHelpers.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../openzeppelin/IERC20.sol\";\n\nimport \"../../vault/interfaces/IAsset.sol\";\nimport \"../../vault/interfaces/IWETH.sol\";\n\nabstract contract AssetHelpers {\n // solhint-disable-next-line var-name-mixedcase\n IWETH private immutable _weth;\n\n // Sentinel value used to indicate WETH with wrapping/unwrapping semantics. The zero address is a good choice for\n // multiple reasons: it is cheap to pass as a calldata argument, it is a known invalid token and non-contract, and\n // it is an address Pools cannot register as a token.\n address private constant _ETH = address(0);\n\n constructor(IWETH weth) {\n _weth = weth;\n }\n\n // solhint-disable-next-line func-name-mixedcase\n function _WETH() internal view returns (IWETH) {\n return _weth;\n }\n\n /**\n * @dev Returns true if `asset` is the sentinel value that represents ETH.\n */\n function _isETH(IAsset asset) internal pure returns (bool) {\n return address(asset) == _ETH;\n }\n\n /**\n * @dev Translates `asset` into an equivalent IERC20 token address. If `asset` represents ETH, it will be translated\n * to the WETH contract.\n */\n function _translateToIERC20(IAsset asset) internal view returns (IERC20) {\n return _isETH(asset) ? _WETH() : _asIERC20(asset);\n }\n\n /**\n * @dev Same as `_translateToIERC20(IAsset)`, but for an entire array.\n */\n function _translateToIERC20(IAsset[] memory assets) internal view returns (IERC20[] memory) {\n IERC20[] memory tokens = new IERC20[](assets.length);\n for (uint256 i = 0; i < assets.length; ++i) {\n tokens[i] = _translateToIERC20(assets[i]);\n }\n return tokens;\n }\n\n /**\n * @dev Interprets `asset` as an IERC20 token. This function should only be called on `asset` if `_isETH` previously\n * returned false for it, that is, if `asset` is guaranteed not to be the ETH sentinel value.\n */\n function _asIERC20(IAsset asset) internal pure returns (IERC20) {\n return IERC20(address(asset));\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(\n address sender,\n address recipient,\n uint256 amount\n ) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n"
},
"src.sol/amm/vault/interfaces/IAsset.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\n/**\n * @dev This is an empty interface used to represent either ERC20-conforming token contracts or ETH (using the zero\n * address sentinel value). We're just relying on the fact that `interface` can be used to declare new address-like\n * types.\n *\n * This concept is unrelated to a Pool's Asset Managers.\n */\ninterface IAsset {\n // solhint-disable-previous-line no-empty-blocks\n}\n"
},
"src.sol/amm/vault/interfaces/IWETH.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\n/**\n * @dev Interface for the WETH token contract used internally for wrapping and unwrapping, to support\n * sending and receiving ETH in joins, swaps, and internal balance deposits and withdrawals.\n */\ninterface IWETH is IERC20 {\n function deposit() external payable;\n\n function withdraw(uint256 amount) external;\n}\n"
},
"src.sol/amm/vault/AssetTransfersHandler.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/math/Math.sol\";\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/helpers/AssetHelpers.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\nimport \"../lib/openzeppelin/Address.sol\";\n\nimport \"./interfaces/IWETH.sol\";\nimport \"./interfaces/IAsset.sol\";\nimport \"./interfaces/IVault.sol\";\n\nabstract contract AssetTransfersHandler is AssetHelpers {\n using SafeERC20 for IERC20;\n using Address for address payable;\n\n /**\n * @dev Receives `amount` of `asset` from `sender`. If `fromInternalBalance` is true, it first withdraws as much\n * as possible from Internal Balance, then transfers any remaining amount.\n *\n * If `asset` is ETH, `fromInternalBalance` must be false (as ETH cannot be held as internal balance), and the funds\n * will be wrapped into WETH.\n *\n * WARNING: this function does not check that the contract caller has actually supplied any ETH - it is up to the\n * caller of this function to check that this is true to prevent the Vault from using its own ETH (though the Vault\n * typically doesn't hold any).\n */\n function _receiveAsset(\n IAsset asset,\n uint256 amount,\n address sender,\n bool fromInternalBalance\n ) internal {\n if (amount == 0) {\n return;\n }\n\n if (_isETH(asset)) {\n _require(!fromInternalBalance, Errors.INVALID_ETH_INTERNAL_BALANCE);\n\n // The ETH amount to receive is deposited into the WETH contract, which will in turn mint WETH for\n // the Vault at a 1:1 ratio.\n\n // A check for this condition is also introduced by the compiler, but this one provides a revert reason.\n // Note we're checking for the Vault's total balance, *not* ETH sent in this transaction.\n _require(address(this).balance >= amount, Errors.INSUFFICIENT_ETH);\n _WETH().deposit{ value: amount }();\n } else {\n IERC20 token = _asIERC20(asset);\n\n if (fromInternalBalance) {\n // We take as many tokens from Internal Balance as possible: any remaining amounts will be transferred.\n uint256 deductedBalance = _decreaseInternalBalance(sender, token, amount, true);\n // Because `deductedBalance` will be always the lesser of the current internal balance\n // and the amount to decrease, it is safe to perform unchecked arithmetic.\n amount -= deductedBalance;\n }\n\n if (amount > 0) {\n token.safeTransferFrom(sender, address(this), amount);\n }\n }\n }\n\n /**\n * @dev Sends `amount` of `asset` to `recipient`. If `toInternalBalance` is true, the asset is deposited as Internal\n * Balance instead of being transferred.\n *\n * If `asset` is ETH, `toInternalBalance` must be false (as ETH cannot be held as internal balance), and the funds\n * are instead sent directly after unwrapping WETH.\n */\n function _sendAsset(\n IAsset asset,\n uint256 amount,\n address payable recipient,\n bool toInternalBalance\n ) internal {\n if (amount == 0) {\n return;\n }\n\n if (_isETH(asset)) {\n // Sending ETH is not as involved as receiving it: the only special behavior is it cannot be\n // deposited to Internal Balance.\n _require(!toInternalBalance, Errors.INVALID_ETH_INTERNAL_BALANCE);\n\n // First, the Vault withdraws deposited ETH from the WETH contract, by burning the same amount of WETH\n // from the Vault. This receipt will be handled by the Vault's `receive`.\n _WETH().withdraw(amount);\n\n // Then, the withdrawn ETH is sent to the recipient.\n recipient.sendValue(amount);\n } else {\n IERC20 token = _asIERC20(asset);\n if (toInternalBalance) {\n _increaseInternalBalance(recipient, token, amount);\n } else {\n token.safeTransfer(recipient, amount);\n }\n }\n }\n\n /**\n * @dev Returns excess ETH back to the contract caller, assuming `amountUsed` has been spent. Reverts\n * if the caller sent less ETH than `amountUsed`.\n *\n * Because the caller might not know exactly how much ETH a Vault action will require, they may send extra.\n * Note that this excess value is returned *to the contract caller* (msg.sender). If caller and e.g. swap sender are\n * not the same (because the caller is a relayer for the sender), then it is up to the caller to manage this\n * returned ETH.\n */\n function _handleRemainingEth(uint256 amountUsed) internal {\n _require(msg.value >= amountUsed, Errors.INSUFFICIENT_ETH);\n\n uint256 excess = msg.value - amountUsed;\n if (excess > 0) {\n msg.sender.sendValue(excess);\n }\n }\n\n /**\n * @dev Enables the Vault to receive ETH. This is required for it to be able to unwrap WETH, which sends ETH to the\n * caller.\n *\n * Any ETH sent to the Vault outside of the WETH unwrapping mechanism would be forever locked inside the Vault, so\n * we prevent that from happening. Other mechanisms used to send ETH to the Vault (such as being the recipient of an\n * ETH swap, Pool exit or withdrawal, contract selfdestruction, or receiving the block mining reward) will result in\n * locked funds, but are not otherwise a security or soundness issue. This check only exists as an attempt to\n * prevent user error.\n */\n receive() external payable {\n _require(msg.sender == address(_WETH()), Errors.ETH_TRANSFER);\n }\n\n // This contract uses virtual internal functions instead of inheriting from the modules that implement them (in\n // this case UserBalance) in order to decouple it from the rest of the system and enable standalone testing by\n // implementing these with mocks.\n\n function _increaseInternalBalance(\n address account,\n IERC20 token,\n uint256 amount\n ) internal virtual;\n\n function _decreaseInternalBalance(\n address account,\n IERC20 token,\n uint256 amount,\n bool capped\n ) internal virtual returns (uint256);\n}\n"
},
"src.sol/amm/lib/math/Math.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow checks.\n * Adapted from OpenZeppelin's SafeMath library\n */\nlibrary Math {\n /**\n * @dev Returns the addition of two unsigned integers of 256 bits, reverting on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n _require(c >= a, Errors.ADD_OVERFLOW);\n return c;\n }\n\n /**\n * @dev Returns the addition of two signed integers, reverting on overflow.\n */\n function add(int256 a, int256 b) internal pure returns (int256) {\n int256 c = a + b;\n _require((b >= 0 && c >= a) || (b < 0 && c < a), Errors.ADD_OVERFLOW);\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers of 256 bits, reverting on overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n _require(b <= a, Errors.SUB_OVERFLOW);\n uint256 c = a - b;\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two signed integers, reverting on overflow.\n */\n function sub(int256 a, int256 b) internal pure returns (int256) {\n int256 c = a - b;\n _require((b >= 0 && c <= a) || (b < 0 && c > a), Errors.SUB_OVERFLOW);\n return c;\n }\n\n /**\n * @dev Returns the largest of two numbers of 256 bits.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers of 256 bits.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a * b;\n _require(a == 0 || c / a == b, Errors.MUL_OVERFLOW);\n return c;\n }\n\n function divDown(uint256 a, uint256 b) internal pure returns (uint256) {\n _require(b != 0, Errors.ZERO_DIVISION);\n return a / b;\n }\n\n function divUp(uint256 a, uint256 b) internal pure returns (uint256) {\n _require(b != 0, Errors.ZERO_DIVISION);\n\n if (a == 0) {\n return 0;\n } else {\n return 1 + (a - 1) / b;\n }\n }\n}\n"
},
"src.sol/amm/lib/helpers/BalancerErrors.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\n// solhint-disable\n\n/**\n * @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are\n * supported.\n */\nfunction _require(bool condition, uint256 errorCode) pure {\n if (!condition) _revert(errorCode);\n}\n\n/**\n * @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.\n */\nfunction _revert(uint256 errorCode) pure {\n // We're going to dynamically create a revert string based on the error code, with the following format:\n // 'BAL#{errorCode}'\n // where the code is left-padded with zeroes to three digits (so they range from 000 to 999).\n //\n // We don't have revert strings embedded in the contract to save bytecode size: it takes much less space to store a\n // number (8 to 16 bits) than the individual string characters.\n //\n // The dynamic string creation algorithm that follows could be implemented in Solidity, but assembly allows for a\n // much denser implementation, again saving bytecode size. Given this function unconditionally reverts, this is a\n // safe place to rely on it without worrying about how its usage might affect e.g. memory contents.\n assembly {\n // First, we need to compute the ASCII representation of the error code. We assume that it is in the 0-999\n // range, so we only need to convert three digits. To convert the digits to ASCII, we add 0x30, the value for\n // the '0' character.\n\n let units := add(mod(errorCode, 10), 0x30)\n\n errorCode := div(errorCode, 10)\n let tenths := add(mod(errorCode, 10), 0x30)\n\n errorCode := div(errorCode, 10)\n let hundreds := add(mod(errorCode, 10), 0x30)\n\n // With the individual characters, we can now construct the full string. The \"BAL#\" part is a known constant\n // (0x42414c23): we simply shift this by 24 (to provide space for the 3 bytes of the error code), and add the\n // characters to it, each shifted by a multiple of 8.\n // The revert reason is then shifted left by 200 bits (256 minus the length of the string, 7 characters * 8 bits\n // per character = 56) to locate it in the most significant part of the 256 slot (the beginning of a byte\n // array).\n\n let revertReason := shl(200, add(0x42414c23000000, add(add(units, shl(8, tenths)), shl(16, hundreds))))\n\n // We can now encode the reason in memory, which can be safely overwritten as we're about to revert. The encoded\n // message will have the following layout:\n // [ revert reason identifier ] [ string location offset ] [ string length ] [ string contents ]\n\n // The Solidity revert reason identifier is 0x08c739a0, the function selector of the Error(string) function. We\n // also write zeroes to the next 28 bytes of memory, but those are about to be overwritten.\n mstore(0x0, 0x08c379a000000000000000000000000000000000000000000000000000000000)\n // Next is the offset to the location of the string, which will be placed immediately after (20 bytes away).\n mstore(0x04, 0x0000000000000000000000000000000000000000000000000000000000000020)\n // The string length is fixed: 7 characters.\n mstore(0x24, 7)\n // Finally, the string itself is stored.\n mstore(0x44, revertReason)\n\n // Even if the string is only 7 bytes long, we need to return a full 32 byte slot containing it. The length of\n // the encoded message is therefore 4 + 32 + 32 + 32 = 100.\n revert(0, 100)\n }\n}\n\nlibrary Errors {\n // Math\n uint256 internal constant ADD_OVERFLOW = 0;\n uint256 internal constant SUB_OVERFLOW = 1;\n uint256 internal constant SUB_UNDERFLOW = 2;\n uint256 internal constant MUL_OVERFLOW = 3;\n uint256 internal constant ZERO_DIVISION = 4;\n uint256 internal constant DIV_INTERNAL = 5;\n uint256 internal constant X_OUT_OF_BOUNDS = 6;\n uint256 internal constant Y_OUT_OF_BOUNDS = 7;\n uint256 internal constant PRODUCT_OUT_OF_BOUNDS = 8;\n uint256 internal constant INVALID_EXPONENT = 9;\n\n // Input\n uint256 internal constant OUT_OF_BOUNDS = 100;\n uint256 internal constant UNSORTED_ARRAY = 101;\n uint256 internal constant UNSORTED_TOKENS = 102;\n uint256 internal constant INPUT_LENGTH_MISMATCH = 103;\n uint256 internal constant ZERO_TOKEN = 104;\n\n // Shared pools\n uint256 internal constant MIN_TOKENS = 200;\n uint256 internal constant MAX_TOKENS = 201;\n uint256 internal constant MAX_SWAP_FEE_PERCENTAGE = 202;\n uint256 internal constant MIN_SWAP_FEE_PERCENTAGE = 203;\n uint256 internal constant MINIMUM_BPT = 204;\n uint256 internal constant CALLER_NOT_VAULT = 205;\n uint256 internal constant UNINITIALIZED = 206;\n uint256 internal constant BPT_IN_MAX_AMOUNT = 207;\n uint256 internal constant BPT_OUT_MIN_AMOUNT = 208;\n uint256 internal constant EXPIRED_PERMIT = 209;\n\n // Pools\n uint256 internal constant MIN_AMP = 300;\n uint256 internal constant MAX_AMP = 301;\n uint256 internal constant MIN_WEIGHT = 302;\n uint256 internal constant MAX_STABLE_TOKENS = 303;\n uint256 internal constant MAX_IN_RATIO = 304;\n uint256 internal constant MAX_OUT_RATIO = 305;\n uint256 internal constant MIN_BPT_IN_FOR_TOKEN_OUT = 306;\n uint256 internal constant MAX_OUT_BPT_FOR_TOKEN_IN = 307;\n uint256 internal constant NORMALIZED_WEIGHT_INVARIANT = 308;\n uint256 internal constant INVALID_TOKEN = 309;\n uint256 internal constant UNHANDLED_JOIN_KIND = 310;\n uint256 internal constant ZERO_INVARIANT = 311;\n\n // Lib\n uint256 internal constant REENTRANCY = 400;\n uint256 internal constant SENDER_NOT_ALLOWED = 401;\n uint256 internal constant PAUSED = 402;\n uint256 internal constant PAUSE_WINDOW_EXPIRED = 403;\n uint256 internal constant MAX_PAUSE_WINDOW_DURATION = 404;\n uint256 internal constant MAX_BUFFER_PERIOD_DURATION = 405;\n uint256 internal constant INSUFFICIENT_BALANCE = 406;\n uint256 internal constant INSUFFICIENT_ALLOWANCE = 407;\n uint256 internal constant ERC20_TRANSFER_FROM_ZERO_ADDRESS = 408;\n uint256 internal constant ERC20_TRANSFER_TO_ZERO_ADDRESS = 409;\n uint256 internal constant ERC20_MINT_TO_ZERO_ADDRESS = 410;\n uint256 internal constant ERC20_BURN_FROM_ZERO_ADDRESS = 411;\n uint256 internal constant ERC20_APPROVE_FROM_ZERO_ADDRESS = 412;\n uint256 internal constant ERC20_APPROVE_TO_ZERO_ADDRESS = 413;\n uint256 internal constant ERC20_TRANSFER_EXCEEDS_ALLOWANCE = 414;\n uint256 internal constant ERC20_DECREASED_ALLOWANCE_BELOW_ZERO = 415;\n uint256 internal constant ERC20_TRANSFER_EXCEEDS_BALANCE = 416;\n uint256 internal constant ERC20_BURN_EXCEEDS_ALLOWANCE = 417;\n uint256 internal constant SAFE_ERC20_CALL_FAILED = 418;\n uint256 internal constant ADDRESS_INSUFFICIENT_BALANCE = 419;\n uint256 internal constant ADDRESS_CANNOT_SEND_VALUE = 420;\n uint256 internal constant SAFE_CAST_VALUE_CANT_FIT_INT256 = 421;\n uint256 internal constant GRANT_SENDER_NOT_ADMIN = 422;\n uint256 internal constant REVOKE_SENDER_NOT_ADMIN = 423;\n uint256 internal constant RENOUNCE_SENDER_NOT_ALLOWED = 424;\n uint256 internal constant BUFFER_PERIOD_EXPIRED = 425;\n\n // Vault\n uint256 internal constant INVALID_POOL_ID = 500;\n uint256 internal constant CALLER_NOT_POOL = 501;\n uint256 internal constant SENDER_NOT_ASSET_MANAGER = 502;\n uint256 internal constant USER_DOESNT_ALLOW_RELAYER = 503;\n uint256 internal constant INVALID_SIGNATURE = 504;\n uint256 internal constant EXIT_BELOW_MIN = 505;\n uint256 internal constant JOIN_ABOVE_MAX = 506;\n uint256 internal constant SWAP_LIMIT = 507;\n uint256 internal constant SWAP_DEADLINE = 508;\n uint256 internal constant CANNOT_SWAP_SAME_TOKEN = 509;\n uint256 internal constant UNKNOWN_AMOUNT_IN_FIRST_SWAP = 510;\n uint256 internal constant MALCONSTRUCTED_MULTIHOP_SWAP = 511;\n uint256 internal constant INTERNAL_BALANCE_OVERFLOW = 512;\n uint256 internal constant INSUFFICIENT_INTERNAL_BALANCE = 513;\n uint256 internal constant INVALID_ETH_INTERNAL_BALANCE = 514;\n uint256 internal constant INVALID_POST_LOAN_BALANCE = 515;\n uint256 internal constant INSUFFICIENT_ETH = 516;\n uint256 internal constant UNALLOCATED_ETH = 517;\n uint256 internal constant ETH_TRANSFER = 518;\n uint256 internal constant CANNOT_USE_ETH_SENTINEL = 519;\n uint256 internal constant TOKENS_MISMATCH = 520;\n uint256 internal constant TOKEN_NOT_REGISTERED = 521;\n uint256 internal constant TOKEN_ALREADY_REGISTERED = 522;\n uint256 internal constant TOKENS_ALREADY_SET = 523;\n uint256 internal constant TOKENS_LENGTH_MUST_BE_2 = 524;\n uint256 internal constant NONZERO_TOKEN_BALANCE = 525;\n uint256 internal constant BALANCE_TOTAL_OVERFLOW = 526;\n uint256 internal constant POOL_NO_TOKENS = 527;\n uint256 internal constant INSUFFICIENT_FLASH_LOAN_BALANCE = 528;\n\n // Fees\n uint256 internal constant SWAP_FEE_PERCENTAGE_TOO_HIGH = 600;\n uint256 internal constant FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH = 601;\n uint256 internal constant INSUFFICIENT_FLASH_LOAN_FEES = 602;\n}\n"
},
"src.sol/amm/lib/openzeppelin/SafeERC20.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\nimport \"./IERC20.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n function safeTransfer(\n IERC20 token,\n address to,\n uint256 value\n ) internal {\n _callOptionalReturn(address(token), abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(\n IERC20 token,\n address from,\n address to,\n uint256 value\n ) internal {\n _callOptionalReturn(address(token), abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n *\n * WARNING: `token` is assumed to be a contract: calls to EOAs will *not* revert.\n */\n function _callOptionalReturn(address token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves.\n (bool success, bytes memory returndata) = token.call(data);\n\n // If the low-level call didn't succeed we return whatever was returned from it.\n assembly {\n if eq(success, 0) {\n returndatacopy(0, 0, returndatasize())\n revert(0, returndatasize())\n }\n }\n\n // Finally we check the returndata size is either zero or true - note that this check will always pass for EOAs\n _require(returndata.length == 0 || abi.decode(returndata, (bool)), Errors.SAFE_ERC20_CALL_FAILED);\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/Address.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly {\n size := extcodesize(account)\n }\n return size > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n _require(address(this).balance >= amount, Errors.ADDRESS_INSUFFICIENT_BALANCE);\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n _require(success, Errors.ADDRESS_CANNOT_SEND_VALUE);\n }\n}\n"
},
"src.sol/amm/vault/interfaces/IVault.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma experimental ABIEncoderV2;\n\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./IWETH.sol\";\nimport \"./IAsset.sol\";\nimport \"./IAuthorizer.sol\";\nimport \"./IFlashLoanRecipient.sol\";\nimport \"./ISignaturesValidator.sol\";\nimport \"../ProtocolFeesCollector.sol\";\n\npragma solidity ^0.7.0;\n\n/**\n * @dev Full external interface for the Vault core contract - no external or public methods exist in the contract that\n * don't override one of these declarations.\n */\ninterface IVault is ISignaturesValidator {\n // Generalities about the Vault:\n //\n // - Whenever documentation refers to 'tokens', it strictly refers to ERC20-compliant token contracts. Tokens are\n // transferred out of the Vault by calling the `IERC20.transfer` function, and transferred in by calling\n // `IERC20.transferFrom`. In these cases, the sender must have previously allowed the Vault to use their tokens by\n // calling `IERC20.approve`. The only deviation from the ERC20 standard that is supported is functions not returning\n // a boolean value: in these scenarios, a non-reverting call is assumed to be successful.\n //\n // - All non-view functions in the Vault are non-reentrant: calling them while another one is mid-execution (e.g.\n // while execution control is transferred to a token contract during a swap) will result in a revert. View\n // functions can be called in a re-reentrant way, but doing so might cause them to return inconsistent results.\n // Contracts calling view functions in the Vault must make sure the Vault has not already been entered.\n //\n // - View functions revert if referring to either unregistered Pools, or unregistered tokens for registered Pools.\n\n // Authorizer\n //\n // Some system actions are permissioned, like setting and collecting protocol fees. This permissioning system exists\n // outside of the Vault in the Authorizer contract: the Vault simply calls the Authorizer to check if the caller\n // can perform a given action.\n\n /**\n * @dev Returns the Vault's Authorizer.\n */\n function getAuthorizer() external view returns (IAuthorizer);\n\n /**\n * @dev Sets a new Authorizer for the Vault. The caller must be allowed by the current Authorizer to do this.\n *\n * Emits an `AuthorizerChanged` event.\n */\n function changeAuthorizer(IAuthorizer newAuthorizer) external;\n\n event AuthorizerChanged(IAuthorizer indexed oldAuthorizer, IAuthorizer indexed newAuthorizer);\n\n // Relayers\n //\n // Additionally, it is possible for an account to perform certain actions on behalf of another one, using their\n // Vault ERC20 allowance and Internal Balance. These accounts are said to be 'relayers' for these Vault functions,\n // and are expected to be smart contracts with sound authentication mechanisms. For an account to be able to wield\n // this power, two things must occur:\n // - The Authorizer must grant the account the permission to be a relayer for the relevant Vault function. This\n // means that Balancer governance must approve each individual contract to act as a relayer for the intended\n // functions.\n // - Each user must approve the relayer to act on their behalf.\n // This double protection means users cannot be tricked into approving malicious relayers (because they will not\n // have been allowed by the Authorizer via governance), nor can malicious relayers approved by a compromised\n // Authorizer or governance drain user funds, since they would also need to be approved by each individual user.\n\n /**\n * @dev Returns true if `user` has approved `relayer` to act as a relayer for them.\n */\n function hasApprovedRelayer(address user, address relayer) external view returns (bool);\n\n /**\n * @dev Allows `relayer` to act as a relayer for `sender` if `approved` is true, and disallows it otherwise.\n *\n * Emits a `RelayerApprovalChanged` event.\n */\n function setRelayerApproval(\n address sender,\n address relayer,\n bool approved\n ) external;\n\n event RelayerApprovalChanged(address indexed relayer, address indexed sender, bool approved);\n\n // Internal Balance\n //\n // Users can deposit tokens into the Vault, where they are allocated to their Internal Balance, and later\n // transferred or withdrawn. It can also be used as a source of tokens when joining Pools, as a destination\n // when exiting them, and as either when performing swaps. This usage of Internal Balance results in greatly reduced\n // gas costs when compared to relying on plain ERC20 transfers, leading to large savings for frequent users.\n //\n // Internal Balance management features batching, which means a single contract call can be used to perform multiple\n // operations of different kinds, with different senders and recipients, at once.\n\n /**\n * @dev Returns `user`'s Internal Balance for a set of tokens.\n */\n function getInternalBalance(address user, IERC20[] memory tokens) external view returns (uint256[] memory);\n\n /**\n * @dev Performs a set of user balance operations, which involve Internal Balance (deposit, withdraw or transfer)\n * and plain ERC20 transfers using the Vault's allowance. This last feature is particularly useful for relayers, as\n * it lets integrators reuse a user's Vault allowance.\n *\n * For each operation, if the caller is not `sender`, it must be an authorized relayer for them.\n */\n function manageUserBalance(UserBalanceOp[] memory ops) external payable;\n\n /**\n * @dev Data for `manageUserBalance` operations, which include the possibility for ETH to be sent and received\n without manual WETH wrapping or unwrapping.\n */\n struct UserBalanceOp {\n UserBalanceOpKind kind;\n IAsset asset;\n uint256 amount;\n address sender;\n address payable recipient;\n }\n\n // There are four possible operations in `manageUserBalance`:\n //\n // - DEPOSIT_INTERNAL\n // Increases the Internal Balance of the `recipient` account by transferring tokens from the corresponding\n // `sender`. The sender must have allowed the Vault to use their tokens via `IERC20.approve()`.\n //\n // ETH can be used by passing the ETH sentinel value as the asset and forwarding ETH in the call: it will be wrapped\n // and deposited as WETH. Any ETH amount remaining will be sent back to the caller (not the sender, which is\n // relevant for relayers).\n //\n // Emits an `InternalBalanceChanged` event.\n //\n //\n // - WITHDRAW_INTERNAL\n // Decreases the Internal Balance of the `sender` account by transferring tokens to the `recipient`.\n //\n // ETH can be used by passing the ETH sentinel value as the asset. This will deduct WETH instead, unwrap it and send\n // it to the recipient as ETH.\n //\n // Emits an `InternalBalanceChanged` event.\n //\n //\n // - TRANSFER_INTERNAL\n // Transfers tokens from the Internal Balance of the `sender` account to the Internal Balance of `recipient`.\n //\n // Reverts if the ETH sentinel value is passed.\n //\n // Emits an `InternalBalanceChanged` event.\n //\n //\n // - TRANSFER_EXTERNAL\n // Transfers tokens from `sender` to `recipient`, using the Vault's ERC20 allowance. This is typically used by\n // relayers, as it lets them reuse a user's Vault allowance.\n //\n // Reverts if the ETH sentinel value is passed.\n //\n // Emits an `ExternalBalanceTransfer` event.\n\n enum UserBalanceOpKind { DEPOSIT_INTERNAL, WITHDRAW_INTERNAL, TRANSFER_INTERNAL, TRANSFER_EXTERNAL }\n\n /**\n * @dev Emitted when a user's Internal Balance changes, either from calls to `manageUserBalance`, or through\n * interacting with Pools using Internal Balance.\n *\n * Because Internal Balance works exclusively with ERC20 tokens, ETH deposits and withdrawals will use the WETH\n * address.\n */\n event InternalBalanceChanged(address indexed user, IERC20 indexed token, int256 delta);\n\n /**\n * @dev Emitted when a user's Vault ERC20 allowance is used by the Vault to transfer tokens to an external account.\n */\n event ExternalBalanceTransfer(IERC20 indexed token, address indexed sender, address recipient, uint256 amount);\n\n // Pools\n //\n // There are three specialization settings for Pools, which allow for cheaper swaps at the cost of reduced\n // functionality:\n //\n // - General: no specialization, suited for all Pools. IGeneralPool is used for swap request callbacks, passing the\n // balance of all tokens in the Pool. These Pools have the largest swap costs (because of the extra storage reads),\n // which increase with the number of registered tokens.\n //\n // - Minimal Swap Info: IMinimalSwapInfoPool is used instead of IGeneralPool, which saves gas by only passing the\n // balance of the two tokens involved in the swap. This is suitable for some pricing algorithms, like the weighted\n // constant product one popularized by Balancer V1. Swap costs are smaller compared to general Pools, and are\n // independent of the number of registered tokens.\n //\n // - Two Token: only allows two tokens to be registered. This achieves the lowest possible swap gas cost. Like\n // minimal swap info Pools, these are called via IMinimalSwapInfoPool.\n\n enum PoolSpecialization { GENERAL, MINIMAL_SWAP_INFO, TWO_TOKEN }\n\n /**\n * @dev Registers the caller account as a Pool with a given specialization setting. Returns the Pool's ID, which\n * is used in all Pool-related functions. Pools cannot be deregistered, nor can the Pool's specialization be\n * changed.\n *\n * The caller is expected to be a smart contract that implements either `IGeneralPool` or `IMinimalSwapInfoPool`,\n * depending on the chosen specialization setting. This contract is known as the Pool's contract.\n *\n * Note that the same contract may register itself as multiple Pools with unique Pool IDs, or in other words,\n * multiple Pools may share the same contract.\n *\n * Emits a `PoolRegistered` event.\n */\n function registerPool(PoolSpecialization specialization) external returns (bytes32);\n\n /**\n * @dev Emitted when a Pool is registered by calling `registerPool`.\n */\n event PoolRegistered(bytes32 poolId);\n\n /**\n * @dev Returns a Pool's contract address and specialization setting.\n */\n function getPool(bytes32 poolId) external view returns (address, PoolSpecialization);\n\n /**\n * @dev Registers `tokens` for the `poolId` Pool. Must be called by the Pool's contract.\n *\n * Pools can only interact with tokens they have registered. Users join a Pool by transferring registered tokens,\n * exit by receiving registered tokens, and can only swap registered tokens.\n *\n * Each token can only be registered once. For Pools with the Two Token specialization, `tokens` must have a length\n * of two, that is, both tokens must be registered in the same `registerTokens` call, and they must be sorted in\n * ascending order.\n *\n * The `tokens` and `assetManagers` arrays must have the same length, and each entry in these indicates the Asset\n * Manager for the corresponding token. Asset Managers can manage a Pool's tokens via `managePoolBalance`,\n * depositing and withdrawing them directly, and can even set their balance to arbitrary amounts. They are therefore\n * expected to be highly secured smart contracts with sound design principles, and the decision to register an\n * Asset Manager should not be made lightly.\n *\n * Pools can choose not to assign an Asset Manager to a given token by passing in the zero address. Once an Asset\n * Manager is set, it cannot be changed except by deregistering the associated token and registering again with a\n * different Asset Manager.\n *\n * Emits a `TokensRegistered` event.\n */\n function registerTokens(\n bytes32 poolId,\n IERC20[] memory tokens,\n address[] memory assetManagers\n ) external;\n\n /**\n * @dev Emitted when a Pool registers tokens by calling `registerTokens`.\n */\n event TokensRegistered(bytes32 poolId, IERC20[] tokens, address[] assetManagers);\n\n /**\n * @dev Deregisters `tokens` for the `poolId` Pool. Must be called by the Pool's contract.\n *\n * Only registered tokens (via `registerTokens`) can be deregistered. Additionally, they must have zero total\n * balance. For Pools with the Two Token specialization, `tokens` must have a length of two, that is, both tokens\n * must be deregistered in the same `deregisterTokens` call.\n *\n * A deregistered token can be re-registered later on, possibly with a different Asset Manager.\n *\n * Emits a `TokensDeregistered` event.\n */\n function deregisterTokens(bytes32 poolId, IERC20[] memory tokens) external;\n\n /**\n * @dev Emitted when a Pool deregisters tokens by calling `deregisterTokens`.\n */\n event TokensDeregistered(bytes32 poolId, IERC20[] tokens);\n\n /**\n * @dev Returns detailed information for a Pool's registered token.\n *\n * `cash` is the number of tokens the Vault currently holds for the Pool. `managed` is the number of tokens\n * withdrawn and held outside the Vault by the Pool's token Asset Manager. The Pool's total balance for `token`\n * equals the sum of `cash` and `managed`.\n *\n * Internally, `cash` and `managed` are stored using 112 bits. No action can ever cause a Pool's token `cash`,\n * `managed` or `total` balance to be greater than 2^112 - 1.\n *\n * `lastChangeBlock` is the number of the block in which `token`'s total balance was last modified (via either a\n * join, exit, swap, or Asset Manager update). This value is useful to avoid so-called 'sandwich attacks', for\n * example when developing price oracles. A change of zero (e.g. caused by a swap with amount zero) is considered a\n * change for this purpose, and will update `lastChangeBlock`.\n *\n * `assetManager` is the Pool's token Asset Manager.\n */\n function getPoolTokenInfo(bytes32 poolId, IERC20 token)\n external\n view\n returns (\n uint256 cash,\n uint256 managed,\n uint256 lastChangeBlock,\n address assetManager\n );\n\n /**\n * @dev Returns a Pool's registered tokens, the total balance for each, and the latest block when *any* of\n * the tokens' `balances` changed.\n *\n * The order of the `tokens` array is the same order that will be used in `joinPool`, `exitPool`, as well as in all\n * Pool hooks (where applicable). Calls to `registerTokens` and `deregisterTokens` may change this order.\n *\n * If a Pool only registers tokens once, and these are sorted in ascending order, they will be stored in the same\n * order as passed to `registerTokens`.\n *\n * Total balances include both tokens held by the Vault and those withdrawn by the Pool's Asset Managers. These are\n * the amounts used by joins, exits and swaps. For a detailed breakdown of token balances, use `getPoolTokenInfo`\n * instead.\n */\n function getPoolTokens(bytes32 poolId)\n external\n view\n returns (\n IERC20[] memory tokens,\n uint256[] memory balances,\n uint256 lastChangeBlock\n );\n\n /**\n * @dev Called by users to join a Pool, which transfers tokens from `sender` into the Pool's balance. This will\n * trigger custom Pool behavior, which will typically grant something in return to `recipient` - often tokenized\n * Pool shares.\n *\n * If the caller is not `sender`, it must be an authorized relayer for them.\n *\n * The `assets` and `maxAmountsIn` arrays must have the same length, and each entry indicates the maximum amount\n * to send for each asset. The amounts to send are decided by the Pool and not the Vault: it just enforces\n * these maximums.\n *\n * If joining a Pool that holds WETH, it is possible to send ETH directly: the Vault will do the wrapping. To enable\n * this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead of the\n * WETH address. Note that it is not possible to combine ETH and WETH in the same join. Any excess ETH will be sent\n * back to the caller (not the sender, which is important for relayers).\n *\n * `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when\n * interacting with Pools that register and deregister tokens frequently. If sending ETH however, the array must be\n * sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the final\n * `assets` array might not be sorted. Pools with no registered tokens cannot be joined.\n *\n * If `fromInternalBalance` is true, the caller's Internal Balance will be preferred: ERC20 transfers will only\n * be made for the difference between the requested amount and Internal Balance (if any). Note that ETH cannot be\n * withdrawn from Internal Balance: attempting to do so will trigger a revert.\n *\n * This causes the Vault to call the `IBasePool.onJoinPool` hook on the Pool's contract, where Pools implement\n * their own custom logic. This typically requires additional information from the user (such as the expected number\n * of Pool shares). This can be encoded in the `userData` argument, which is ignored by the Vault and passed\n * directly to the Pool's contract, as is `recipient`.\n *\n * Emits a `PoolBalanceChanged` event.\n */\n function joinPool(\n bytes32 poolId,\n address sender,\n address recipient,\n JoinPoolRequest memory request\n ) external payable;\n\n struct JoinPoolRequest {\n IAsset[] assets;\n uint256[] maxAmountsIn;\n bytes userData;\n bool fromInternalBalance;\n }\n\n /**\n * @dev Called by users to exit a Pool, which transfers tokens from the Pool's balance to `recipient`. This will\n * trigger custom Pool behavior, which will typically ask for something in return from `sender` - often tokenized\n * Pool shares. The amount of tokens that can be withdrawn is limited by the Pool's `cash` balance (see\n * `getPoolTokenInfo`).\n *\n * If the caller is not `sender`, it must be an authorized relayer for them.\n *\n * The `tokens` and `minAmountsOut` arrays must have the same length, and each entry in these indicates the minimum\n * token amount to receive for each token contract. The amounts to send are decided by the Pool and not the Vault:\n * it just enforces these minimums.\n *\n * If exiting a Pool that holds WETH, it is possible to receive ETH directly: the Vault will do the unwrapping. To\n * enable this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead\n * of the WETH address. Note that it is not possible to combine ETH and WETH in the same exit.\n *\n * `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when\n * interacting with Pools that register and deregister tokens frequently. If receiving ETH however, the array must\n * be sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the\n * final `assets` array might not be sorted. Pools with no registered tokens cannot be exited.\n *\n * If `toInternalBalance` is true, the tokens will be deposited to `recipient`'s Internal Balance. Otherwise,\n * an ERC20 transfer will be performed. Note that ETH cannot be deposited to Internal Balance: attempting to\n * do so will trigger a revert.\n *\n * `minAmountsOut` is the minimum amount of tokens the user expects to get out of the Pool, for each token in the\n * `tokens` array. This array must match the Pool's registered tokens.\n *\n * This causes the Vault to call the `IBasePool.onExitPool` hook on the Pool's contract, where Pools implement\n * their own custom logic. This typically requires additional information from the user (such as the expected number\n * of Pool shares to return). This can be encoded in the `userData` argument, which is ignored by the Vault and\n * passed directly to the Pool's contract.\n *\n * Emits a `PoolBalanceChanged` event.\n */\n function exitPool(\n bytes32 poolId,\n address sender,\n address payable recipient,\n ExitPoolRequest memory request\n ) external;\n\n struct ExitPoolRequest {\n IAsset[] assets;\n uint256[] minAmountsOut;\n bytes userData;\n bool toInternalBalance;\n }\n\n /**\n * @dev Emitted when a user joins or exits a Pool by calling `joinPool` or `exitPool`, respectively.\n */\n event PoolBalanceChanged(\n bytes32 indexed poolId,\n address indexed liquidityProvider,\n IERC20[] tokens,\n int256[] deltas,\n uint256[] protocolFeeAmounts\n );\n\n enum PoolBalanceChangeKind { JOIN, EXIT }\n\n // Swaps\n //\n // Users can swap tokens with Pools by calling the `swap` and `batchSwap` functions. To do this,\n // they need not trust Pool contracts in any way: all security checks are made by the Vault. They must however be\n // aware of the Pools' pricing algorithms in order to estimate the prices Pools will quote.\n //\n // The `swap` function executes a single swap, while `batchSwap` can perform multiple swaps in sequence.\n // In each individual swap, tokens of one kind are sent from the sender to the Pool (this is the 'token in'),\n // and tokens of another kind are sent from the Pool to the recipient in exchange (this is the 'token out').\n // More complex swaps, such as one token in to multiple tokens out can be achieved by batching together\n // individual swaps.\n //\n // There are two swap kinds:\n // - 'given in' swaps, where the amount of tokens in (sent to the Pool) is known, and the Pool determines (via the\n // `onSwap` hook) the amount of tokens out (to send to the recipient).\n // - 'given out' swaps, where the amount of tokens out (received from the Pool) is known, and the Pool determines\n // (via the `onSwap` hook) the amount of tokens in (to receive from the sender).\n //\n // Additionally, it is possible to chain swaps using a placeholder input amount, which the Vault replaces with\n // the calculated output of the previous swap. If the previous swap was 'given in', this will be the calculated\n // tokenOut amount. If the previous swap was 'given out', it will use the calculated tokenIn amount. These extended\n // swaps are known as 'multihop' swaps, since they 'hop' through a number of intermediate tokens before arriving at\n // the final intended token.\n //\n // In all cases, tokens are only transferred in and out of the Vault (or withdrawn from and deposited into Internal\n // Balance) after all individual swaps have been completed, and the net token balance change computed. This makes\n // certain swap patterns, such as multihops, or swaps that interact with the same token pair in multiple Pools, cost\n // much less gas than they would otherwise.\n //\n // It also means that under certain conditions it is possible to perform arbitrage by swapping with multiple\n // Pools in a way that results in net token movement out of the Vault (profit), with no tokens being sent in (only\n // updating the Pool's internal accounting).\n //\n // To protect users from front-running or the market changing rapidly, they supply a list of 'limits' for each token\n // involved in the swap, where either the maximum number of tokens to send (by passing a positive value) or the\n // minimum amount of tokens to receive (by passing a negative value) is specified.\n //\n // Additionally, a 'deadline' timestamp can also be provided, forcing the swap to fail if it occurs after\n // this point in time (e.g. if the transaction failed to be included in a block promptly).\n //\n // If interacting with Pools that hold WETH, it is possible to both send and receive ETH directly: the Vault will do\n // the wrapping and unwrapping. To enable this mechanism, the IAsset sentinel value (the zero address) must be\n // passed in the `assets` array instead of the WETH address. Note that it is possible to combine ETH and WETH in the\n // same swap. Any excess ETH will be sent back to the caller (not the sender, which is relevant for relayers).\n //\n // Finally, Internal Balance can be used when either sending or receiving tokens.\n\n enum SwapKind { GIVEN_IN, GIVEN_OUT }\n\n /**\n * @dev Performs a swap with a single Pool.\n *\n * If the swap is 'given in' (the number of tokens to send to the Pool is known), it returns the amount of tokens\n * taken from the Pool, which must be greater than or equal to `limit`.\n *\n * If the swap is 'given out' (the number of tokens to take from the Pool is known), it returns the amount of tokens\n * sent to the Pool, which must be less than or equal to `limit`.\n *\n * Internal Balance usage and the recipient are determined by the `funds` struct.\n *\n * Emits a `Swap` event.\n */\n function swap(\n SingleSwap memory singleSwap,\n FundManagement memory funds,\n uint256 limit,\n uint256 deadline\n ) external payable returns (uint256);\n\n /**\n * @dev Data for a single swap executed by `swap`. `amount` is either `amountIn` or `amountOut` depending on\n * the `kind` value.\n *\n * `assetIn` and `assetOut` are either token addresses, or the IAsset sentinel value for ETH (the zero address).\n * Note that Pools never interact with ETH directly: it will be wrapped to or unwrapped from WETH by the Vault.\n *\n * The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be\n * used to extend swap behavior.\n */\n struct SingleSwap {\n bytes32 poolId;\n SwapKind kind;\n IAsset assetIn;\n IAsset assetOut;\n uint256 amount;\n bytes userData;\n }\n\n /**\n * @dev Performs a series of swaps with one or multiple Pools. In each individual swap, the caller determines either\n * the amount of tokens sent to or received from the Pool, depending on the `kind` value.\n *\n * Returns an array with the net Vault asset balance deltas. Positive amounts represent tokens (or ETH) sent to the\n * Vault, and negative amounts represent tokens (or ETH) sent by the Vault. Each delta corresponds to the asset at\n * the same index in the `assets` array.\n *\n * Swaps are executed sequentially, in the order specified by the `swaps` array. Each array element describes a\n * Pool, the token to be sent to this Pool, the token to receive from it, and an amount that is either `amountIn` or\n * `amountOut` depending on the swap kind.\n *\n * Multihop swaps can be executed by passing an `amount` value of zero for a swap. This will cause the amount in/out\n * of the previous swap to be used as the amount in for the current one. In a 'given in' swap, 'tokenIn' must equal\n * the previous swap's `tokenOut`. For a 'given out' swap, `tokenOut` must equal the previous swap's `tokenIn`.\n *\n * The `assets` array contains the addresses of all assets involved in the swaps. These are either token addresses,\n * or the IAsset sentinel value for ETH (the zero address). Each entry in the `swaps` array specifies tokens in and\n * out by referencing an index in `assets`. Note that Pools never interact with ETH directly: it will be wrapped to\n * or unwrapped from WETH by the Vault.\n *\n * Internal Balance usage, sender, and recipient are determined by the `funds` struct. The `limits` array specifies\n * the minimum or maximum amount of each token the vault is allowed to transfer.\n *\n * `batchSwap` can be used to make a single swap, like `swap` does, but doing so requires more gas than the\n * equivalent `swap` call.\n *\n * Emits `Swap` events.\n */\n function batchSwap(\n SwapKind kind,\n BatchSwapStep[] memory swaps,\n IAsset[] memory assets,\n FundManagement memory funds,\n int256[] memory limits,\n uint256 deadline\n ) external payable returns (int256[] memory);\n\n /**\n * @dev Data for each individual swap executed by `batchSwap`. The asset in and out fields are indexes into the\n * `assets` array passed to that function, and ETH assets are converted to WETH.\n *\n * If `amount` is zero, the multihop mechanism is used to determine the actual amount based on the amount in/out\n * from the previous swap, depending on the swap kind.\n *\n * The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be\n * used to extend swap behavior.\n */\n struct BatchSwapStep {\n bytes32 poolId;\n uint256 assetInIndex;\n uint256 assetOutIndex;\n uint256 amount;\n bytes userData;\n }\n\n /**\n * @dev Emitted for each individual swap performed by `swap` or `batchSwap`.\n */\n event Swap(\n bytes32 indexed poolId,\n IERC20 indexed tokenIn,\n IERC20 indexed tokenOut,\n uint256 amountIn,\n uint256 amountOut\n );\n\n /**\n * @dev All tokens in a swap are either sent from the `sender` account to the Vault, or from the Vault to the\n * `recipient` account.\n *\n * If the caller is not `sender`, it must be an authorized relayer for them.\n *\n * If `fromInternalBalance` is true, the `sender`'s Internal Balance will be preferred, performing an ERC20\n * transfer for the difference between the requested amount and the User's Internal Balance (if any). The `sender`\n * must have allowed the Vault to use their tokens via `IERC20.approve()`. This matches the behavior of\n * `joinPool`.\n *\n * If `toInternalBalance` is true, tokens will be deposited to `recipient`'s internal balance instead of\n * transferred. This matches the behavior of `exitPool`.\n *\n * Note that ETH cannot be deposited to or withdrawn from Internal Balance: attempting to do so will trigger a\n * revert.\n */\n struct FundManagement {\n address sender;\n bool fromInternalBalance;\n address payable recipient;\n bool toInternalBalance;\n }\n\n /**\n * @dev Simulates a call to `batchSwap`, returning an array of Vault asset deltas. Calls to `swap` cannot be\n * simulated directly, but an equivalent `batchSwap` call can and will yield the exact same result.\n *\n * Each element in the array corresponds to the asset at the same index, and indicates the number of tokens (or ETH)\n * the Vault would take from the sender (if positive) or send to the recipient (if negative). The arguments it\n * receives are the same that an equivalent `batchSwap` call would receive.\n *\n * Unlike `batchSwap`, this function performs no checks on the sender or recipient field in the `funds` struct.\n * This makes it suitable to be called by off-chain applications via eth_call without needing to hold tokens,\n * approve them for the Vault, or even know a user's address.\n *\n * Note that this function is not 'view' (due to implementation details): the client code must explicitly execute\n * eth_call instead of eth_sendTransaction.\n */\n function queryBatchSwap(\n SwapKind kind,\n BatchSwapStep[] memory swaps,\n IAsset[] memory assets,\n FundManagement memory funds\n ) external returns (int256[] memory assetDeltas);\n\n // Flash Loans\n\n /**\n * @dev Performs a 'flash loan', sending tokens to `recipient`, executing the `receiveFlashLoan` hook on it,\n * and then reverting unless the tokens plus a proportional protocol fee have been returned.\n *\n * The `tokens` and `amounts` arrays must have the same length, and each entry in these indicates the loan amount\n * for each token contract. `tokens` must be sorted in ascending order.\n *\n * The 'userData' field is ignored by the Vault, and forwarded as-is to `recipient` as part of the\n * `receiveFlashLoan` call.\n */\n function flashLoan(\n IFlashLoanRecipient recipient,\n IERC20[] memory tokens,\n uint256[] memory amounts,\n bytes memory userData\n ) external;\n\n // Asset Management\n //\n // Each token registered for a Pool can be assigned an Asset Manager, which is able to freely withdraw the Pool's\n // tokens from the Vault, deposit them, or assign arbitrary values to its `managed` balance (see\n // `getPoolTokenInfo`). This makes them extremely powerful and dangerous. Even if an Asset Manager only directly\n // controls one of the tokens in a Pool, a malicious manager could set that token's balance to manipulate the\n // prices of the other tokens, and then drain the Pool with swaps. The risk of using Asset Managers is therefore\n // not constrained to the tokens they are managing, but extends to the entire Pool's holdings.\n //\n // However, a properly designed Asset Manager smart contract can be safely used for the Pool's benefit,\n // for example by lending unused tokens out for interest, or using them to participate in voting protocols.\n //\n // This concept is unrelated to the IAsset interface.\n\n /**\n * @dev Performs a set of Pool balance operations, which may be either withdrawals, deposits or updates.\n *\n * Pool Balance management features batching, which means a single contract call can be used to perform multiple\n * operations of different kinds, with different Pools and tokens, at once.\n *\n * For each operation, the caller must be registered as the Asset Manager for `token` in `poolId`.\n */\n function managePoolBalance(PoolBalanceOp[] memory ops) external;\n\n struct PoolBalanceOp {\n PoolBalanceOpKind kind;\n bytes32 poolId;\n IERC20 token;\n uint256 amount;\n }\n\n /**\n * Withdrawals decrease the Pool's cash, but increase its managed balance, leaving the total balance unchanged.\n *\n * Deposits increase the Pool's cash, but decrease its managed balance, leaving the total balance unchanged.\n *\n * Updates don't affect the Pool's cash balance, but because the managed balance changes, it does alter the total.\n * The external amount can be either increased or decreased by this call (i.e., reporting a gain or a loss).\n */\n enum PoolBalanceOpKind { WITHDRAW, DEPOSIT, UPDATE }\n\n /**\n * @dev Emitted when a Pool's token Asset Manager alters its balance via `managePoolBalance`.\n */\n event PoolBalanceManaged(\n bytes32 indexed poolId,\n address indexed assetManager,\n IERC20 indexed token,\n int256 cashDelta,\n int256 managedDelta\n );\n\n // Protocol Fees\n //\n // Some operations cause the Vault to collect tokens in the form of protocol fees, which can then be withdrawn by\n // permissioned accounts.\n //\n // There are two kinds of protocol fees:\n //\n // - flash loan fees: charged on all flash loans, as a percentage of the amounts lent.\n //\n // - swap fees: a percentage of the fees charged by Pools when performing swaps. For a number of reasons, including\n // swap gas costs and interface simplicity, protocol swap fees are not charged on each individual swap. Rather,\n // Pools are expected to keep track of how much they have charged in swap fees, and pay any outstanding debts to the\n // Vault when they are joined or exited. This prevents users from joining a Pool with unpaid debt, as well as\n // exiting a Pool in debt without first paying their share.\n\n /**\n * @dev Returns the current protocol fee module.\n */\n function getProtocolFeesCollector() external view returns (ProtocolFeesCollector);\n\n /**\n * @dev Safety mechanism to pause most Vault operations in the event of an emergency - typically detection of an\n * error in some part of the system.\n *\n * The Vault can only be paused during an initial time period, after which pausing is forever disabled.\n *\n * While the contract is paused, the following features are disabled:\n * - depositing and transferring internal balance\n * - transferring external balance (using the Vault's allowance)\n * - swaps\n * - joining Pools\n * - Asset Manager interactions\n *\n * Internal Balance can still be withdrawn, and Pools exited.\n */\n function setPaused(bool paused) external;\n\n /**\n * @dev Returns the Vault's WETH instance.\n */\n function WETH() external view returns (IWETH);\n // solhint-disable-previous-line func-name-mixedcase\n}\n"
},
"src.sol/amm/vault/interfaces/IAuthorizer.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\ninterface IAuthorizer {\n /**\n * @dev Returns true if `account` can perform the action described by `actionId` in the contract `where`.\n */\n function canPerform(\n bytes32 actionId,\n address account,\n address where\n ) external view returns (bool);\n}\n"
},
"src.sol/amm/vault/interfaces/IFlashLoanRecipient.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\n// Inspired by Aave Protocol's IFlashLoanReceiver.\n\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\ninterface IFlashLoanRecipient {\n /**\n * @dev When `flashLoan` is called on the Vault, it invokes the `receiveFlashLoan` hook on the recipient.\n *\n * At the time of the call, the Vault will have transferred `amounts` for `tokens` to the recipient. Before this\n * call returns, the recipient must have transferred `amounts` plus `feeAmounts` for each token back to the\n * Vault, or else the entire flash loan will revert.\n *\n * `userData` is the same value passed in the `IVault.flashLoan` call.\n */\n function receiveFlashLoan(\n IERC20[] memory tokens,\n uint256[] memory amounts,\n uint256[] memory feeAmounts,\n bytes memory userData\n ) external;\n}\n"
},
"src.sol/amm/vault/interfaces/ISignaturesValidator.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\n/**\n * @dev Interface for the SignatureValidator helper, used to support meta-transactions.\n */\ninterface ISignaturesValidator {\n /**\n * @dev Returns the EIP712 domain separator.\n */\n function getDomainSeparator() external view returns (bytes32);\n\n /**\n * @dev Returns the next nonce used by an address to sign messages.\n */\n function getNextNonce(address user) external view returns (uint256);\n}\n"
},
"src.sol/amm/vault/ProtocolFeesCollector.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/helpers/InputHelpers.sol\";\nimport \"../lib/helpers/Authentication.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\n\nimport \"./interfaces/IVault.sol\";\nimport \"./interfaces/IAuthorizer.sol\";\n\n/**\n * @dev This an auxiliary contract to the Vault, deployed by it during construction. It offloads some of the tasks the\n * Vault performs to reduce its overall bytecode size.\n *\n * The current values for all protocol fee percentages are stored here, and any tokens charged as protocol fees are\n * sent to this contract, where they may be withdrawn by authorized entities. All authorization tasks are delegated\n * to the Vault's own authorizer.\n */\ncontract ProtocolFeesCollector is Authentication, ReentrancyGuard {\n using SafeERC20 for IERC20;\n\n // Absolute maximum fee percentages (1e18 = 100%, 1e16 = 1%).\n uint256 private constant _MAX_PROTOCOL_SWAP_FEE_PERCENTAGE = 50e16; // 50%\n uint256 private constant _MAX_PROTOCOL_FLASH_LOAN_FEE_PERCENTAGE = 1e16; // 1%\n\n IVault public immutable vault;\n\n // All fee percentages are 18-decimal fixed point numbers.\n\n // The swap fee is charged whenever a swap occurs, as a percentage of the fee charged by the Pool. These are not\n // actually charged on each individual swap: the `Vault` relies on the Pools being honest and reporting fees due\n // when users join and exit them.\n uint256 private _swapFeePercentage;\n\n // The flash loan fee is charged whenever a flash loan occurs, as a percentage of the tokens lent.\n uint256 private _flashLoanFeePercentage;\n\n event SwapFeePercentageChanged(uint256 newSwapFeePercentage);\n event FlashLoanFeePercentageChanged(uint256 newFlashLoanFeePercentage);\n\n constructor(IVault _vault)\n // The ProtocolFeesCollector is a singleton, so it simply uses its own address to disambiguate action\n // identifiers.\n Authentication(bytes32(uint256(address(this))))\n {\n vault = _vault;\n }\n\n function withdrawCollectedFees(\n IERC20[] calldata tokens,\n uint256[] calldata amounts,\n address recipient\n ) external nonReentrant authenticate {\n InputHelpers.ensureInputLengthMatch(tokens.length, amounts.length);\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n IERC20 token = tokens[i];\n uint256 amount = amounts[i];\n token.safeTransfer(recipient, amount);\n }\n }\n\n function setSwapFeePercentage(uint256 newSwapFeePercentage) external authenticate {\n _require(newSwapFeePercentage <= _MAX_PROTOCOL_SWAP_FEE_PERCENTAGE, Errors.SWAP_FEE_PERCENTAGE_TOO_HIGH);\n _swapFeePercentage = newSwapFeePercentage;\n emit SwapFeePercentageChanged(newSwapFeePercentage);\n }\n\n function setFlashLoanFeePercentage(uint256 newFlashLoanFeePercentage) external authenticate {\n _require(\n newFlashLoanFeePercentage <= _MAX_PROTOCOL_FLASH_LOAN_FEE_PERCENTAGE,\n Errors.FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH\n );\n _flashLoanFeePercentage = newFlashLoanFeePercentage;\n emit FlashLoanFeePercentageChanged(newFlashLoanFeePercentage);\n }\n\n function getSwapFeePercentage() external view returns (uint256) {\n return _swapFeePercentage;\n }\n\n function getFlashLoanFeePercentage() external view returns (uint256) {\n return _flashLoanFeePercentage;\n }\n\n function getCollectedFeeAmounts(IERC20[] memory tokens) external view returns (uint256[] memory feeAmounts) {\n feeAmounts = new uint256[](tokens.length);\n for (uint256 i = 0; i < tokens.length; ++i) {\n feeAmounts[i] = tokens[i].balanceOf(address(this));\n }\n }\n\n function getAuthorizer() external view returns (IAuthorizer) {\n return _getAuthorizer();\n }\n\n function _canPerform(bytes32 actionId, address account) internal view override returns (bool) {\n return _getAuthorizer().canPerform(actionId, account, address(this));\n }\n\n function _getAuthorizer() internal view returns (IAuthorizer) {\n return vault.getAuthorizer();\n }\n}\n"
},
"src.sol/amm/lib/helpers/InputHelpers.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../openzeppelin/IERC20.sol\";\n\nimport \"./BalancerErrors.sol\";\n\nimport \"../../vault/interfaces/IAsset.sol\";\n\nlibrary InputHelpers {\n function ensureInputLengthMatch(uint256 a, uint256 b) internal pure {\n _require(a == b, Errors.INPUT_LENGTH_MISMATCH);\n }\n\n function ensureInputLengthMatch(\n uint256 a,\n uint256 b,\n uint256 c\n ) internal pure {\n _require(a == b && b == c, Errors.INPUT_LENGTH_MISMATCH);\n }\n\n function ensureArrayIsSorted(IAsset[] memory array) internal pure {\n address[] memory addressArray;\n // solhint-disable-next-line no-inline-assembly\n assembly {\n addressArray := array\n }\n ensureArrayIsSorted(addressArray);\n }\n\n function ensureArrayIsSorted(IERC20[] memory array) internal pure {\n address[] memory addressArray;\n // solhint-disable-next-line no-inline-assembly\n assembly {\n addressArray := array\n }\n ensureArrayIsSorted(addressArray);\n }\n\n function ensureArrayIsSorted(address[] memory array) internal pure {\n if (array.length < 2) {\n return;\n }\n\n address previous = array[0];\n for (uint256 i = 1; i < array.length; ++i) {\n address current = array[i];\n _require(previous < current, Errors.UNSORTED_ARRAY);\n previous = current;\n }\n }\n}\n"
},
"src.sol/amm/lib/helpers/Authentication.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"./BalancerErrors.sol\";\nimport \"./IAuthentication.sol\";\n\n/**\n * @dev Building block for performing access control on external functions.\n *\n * This contract is used via the `authenticate` modifier (or the `_authenticateCaller` function), which can be applied\n * to external functions to only make them callable by authorized accounts.\n *\n * Derived contracts must implement the `_canPerform` function, which holds the actual access control logic.\n */\nabstract contract Authentication is IAuthentication {\n bytes32 private immutable _actionIdDisambiguator;\n\n /**\n * @dev The main purpose of the `actionIdDisambiguator` is to prevent accidental function selector collisions in\n * multi contract systems.\n *\n * There are two main uses for it:\n * - if the contract is a singleton, any unique identifier can be used to make the associated action identifiers\n * unique. The contract's own address is a good option.\n * - if the contract belongs to a family that shares action identifiers for the same functions, an identifier\n * shared by the entire family (and no other contract) should be used instead.\n */\n constructor(bytes32 actionIdDisambiguator) {\n _actionIdDisambiguator = actionIdDisambiguator;\n }\n\n /**\n * @dev Reverts unless the caller is allowed to call this function. Should only be applied to external functions.\n */\n modifier authenticate() {\n _authenticateCaller();\n _;\n }\n\n /**\n * @dev Reverts unless the caller is allowed to call the entry point function.\n */\n function _authenticateCaller() internal view {\n bytes32 actionId = getActionId(msg.sig);\n _require(_canPerform(actionId, msg.sender), Errors.SENDER_NOT_ALLOWED);\n }\n\n function getActionId(bytes4 selector) public view override returns (bytes32) {\n // Each external function is dynamically assigned an action identifier as the hash of the disambiguator and the\n // function selector. Disambiguation is necessary to avoid potential collisions in the function selectors of\n // multiple contracts.\n return keccak256(abi.encodePacked(_actionIdDisambiguator, selector));\n }\n\n function _canPerform(bytes32 actionId, address user) internal view virtual returns (bool);\n}\n"
},
"src.sol/amm/lib/openzeppelin/ReentrancyGuard.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n// Based on the ReentrancyGuard library from OpenZeppelin contracts, altered to reduce bytecode size.\n// Modifier code is inlined by the compiler, which causes its code to appear multiple times in the codebase. By using\n// private functions, we achieve the same end result with slightly higher runtime gas costs but reduced bytecode size.\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n *\n * TIP: If you would like to learn more about reentrancy and alternative ways\n * to protect against it, check out our blog post\n * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].\n */\nabstract contract ReentrancyGuard {\n // Booleans are more expensive than uint256 or any type that takes up a full\n // word because each write operation emits an extra SLOAD to first read the\n // slot's contents, replace the bits taken up by the boolean, and then write\n // back. This is the compiler's defense against contract upgrades and\n // pointer aliasing, and it cannot be disabled.\n\n // The values being non-zero value makes deployment a bit more expensive,\n // but in exchange the refund on every call to nonReentrant will be lower in\n // amount. Since refunds are capped to a percentage of the total\n // transaction's gas, it is best to keep them low in cases like this one, to\n // increase the likelihood of the full refund coming into effect.\n uint256 private constant _NOT_ENTERED = 1;\n uint256 private constant _ENTERED = 2;\n\n uint256 private _status;\n\n constructor() {\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and make it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _enterNonReentrant();\n _;\n _exitNonReentrant();\n }\n\n function _enterNonReentrant() private {\n // On the first call to nonReentrant, _status will be _NOT_ENTERED\n _require(_status != _ENTERED, Errors.REENTRANCY);\n\n // Any calls to nonReentrant after this point will fail\n _status = _ENTERED;\n }\n\n function _exitNonReentrant() private {\n // By storing the original value once again, a refund is triggered (see\n // https://eips.ethereum.org/EIPS/eip-2200)\n _status = _NOT_ENTERED;\n }\n}\n"
},
"src.sol/amm/lib/helpers/IAuthentication.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\ninterface IAuthentication {\n /**\n * @dev Returns the action identifier associated with the external function described by `selector`.\n */\n function getActionId(bytes4 selector) external view returns (bytes32);\n}\n"
},
"src.sol/amm/vault/Fees.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/math/FixedPoint.sol\";\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\n\nimport \"./ProtocolFeesCollector.sol\";\nimport \"./VaultAuthorization.sol\";\nimport \"./interfaces/IVault.sol\";\n\n/**\n * @dev To reduce the bytecode size of the Vault, most of the protocol fee logic is not here, but in the\n * ProtocolFeesCollector contract.\n */\nabstract contract Fees is IVault {\n using SafeERC20 for IERC20;\n\n ProtocolFeesCollector private immutable _protocolFeesCollector;\n\n constructor() {\n _protocolFeesCollector = new ProtocolFeesCollector(IVault(this));\n }\n\n function getProtocolFeesCollector() public view override returns (ProtocolFeesCollector) {\n return _protocolFeesCollector;\n }\n\n /**\n * @dev Returns the protocol swap fee percentage.\n */\n function _getProtocolSwapFeePercentage() internal view returns (uint256) {\n return getProtocolFeesCollector().getSwapFeePercentage();\n }\n\n /**\n * @dev Returns the protocol fee amount to charge for a flash loan of `amount`.\n */\n function _calculateFlashLoanFeeAmount(uint256 amount) internal view returns (uint256) {\n // Fixed point multiplication introduces error: we round up, which means in certain scenarios the charged\n // percentage can be slightly higher than intended.\n uint256 percentage = getProtocolFeesCollector().getFlashLoanFeePercentage();\n return FixedPoint.mulUp(amount, percentage);\n }\n\n function _payFee(IERC20 token, uint256 amount) internal {\n if (amount > 0) {\n token.safeTransfer(address(getProtocolFeesCollector()), amount);\n }\n }\n}\n"
},
"src.sol/amm/lib/math/FixedPoint.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"./LogExpMath.sol\";\nimport \"../helpers/BalancerErrors.sol\";\n\n/* solhint-disable private-vars-leading-underscore */\n\nlibrary FixedPoint {\n uint256 internal constant ONE = 1e18; // 18 decimal places\n uint256 internal constant MAX_POW_RELATIVE_ERROR = 10000; // 10^(-14)\n\n // Minimum base for the power function when the exponent is 'free' (larger than ONE).\n uint256 internal constant MIN_POW_BASE_FREE_EXPONENT = 0.7e18;\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n // Fixed Point addition is the same as regular checked addition\n\n uint256 c = a + b;\n _require(c >= a, Errors.ADD_OVERFLOW);\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n // Fixed Point addition is the same as regular checked addition\n\n _require(b <= a, Errors.SUB_OVERFLOW);\n uint256 c = a - b;\n return c;\n }\n\n function mulDown(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 product = a * b;\n _require(a == 0 || product / a == b, Errors.MUL_OVERFLOW);\n\n return product / ONE;\n }\n\n function mulUp(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 product = a * b;\n _require(a == 0 || product / a == b, Errors.MUL_OVERFLOW);\n\n if (product == 0) {\n return 0;\n } else {\n // The traditional divUp formula is:\n // divUp(x, y) := (x + y - 1) / y\n // To avoid intermediate overflow in the addition, we distribute the division and get:\n // divUp(x, y) := (x - 1) / y + 1\n // Note that this requires x != 0, which we already tested for.\n\n return ((product - 1) / ONE) + 1;\n }\n }\n\n function divDown(uint256 a, uint256 b) internal pure returns (uint256) {\n _require(b != 0, Errors.ZERO_DIVISION);\n\n if (a == 0) {\n return 0;\n } else {\n uint256 aInflated = a * ONE;\n _require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow\n\n return aInflated / b;\n }\n }\n\n function divUp(uint256 a, uint256 b) internal pure returns (uint256) {\n _require(b != 0, Errors.ZERO_DIVISION);\n\n if (a == 0) {\n return 0;\n } else {\n uint256 aInflated = a * ONE;\n _require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow\n\n // The traditional divUp formula is:\n // divUp(x, y) := (x + y - 1) / y\n // To avoid intermediate overflow in the addition, we distribute the division and get:\n // divUp(x, y) := (x - 1) / y + 1\n // Note that this requires x != 0, which we already tested for.\n\n return ((aInflated - 1) / b) + 1;\n }\n }\n\n /**\n * @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above\n * the true value (that is, the error function expected - actual is always positive).\n */\n function powDown(uint256 x, uint256 y) internal pure returns (uint256) {\n uint256 raw = LogExpMath.pow(x, y);\n uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);\n\n if (raw < maxError) {\n return 0;\n } else {\n return sub(raw, maxError);\n }\n }\n\n /**\n * @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below\n * the true value (that is, the error function expected - actual is always negative).\n */\n function powUp(uint256 x, uint256 y) internal pure returns (uint256) {\n uint256 raw = LogExpMath.pow(x, y);\n uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);\n\n return add(raw, maxError);\n }\n\n /**\n * @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1.\n *\n * Useful when computing the complement for values with some level of relative error, as it strips this error and\n * prevents intermediate negative values.\n */\n function complement(uint256 x) internal pure returns (uint256) {\n return (x < ONE) ? (ONE - x) : 0;\n }\n}\n"
},
"src.sol/amm/vault/VaultAuthorization.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/helpers/Authentication.sol\";\nimport \"../lib/helpers/TemporarilyPausable.sol\";\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/helpers/SignaturesValidator.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\n\nimport \"./interfaces/IVault.sol\";\nimport \"./interfaces/IAuthorizer.sol\";\n\n/**\n * @dev Manages access control of Vault permissioned functions by relying on the Authorizer and signature validation.\n *\n * Additionally handles relayer access and approval.\n */\nabstract contract VaultAuthorization is\n IVault,\n ReentrancyGuard,\n Authentication,\n SignaturesValidator,\n TemporarilyPausable\n{\n // Ideally, we'd store the type hashes as immutable state variables to avoid computing the hash at runtime, but\n // unfortunately immutable variables cannot be used in assembly, so we just keep the precomputed hashes instead.\n\n // _JOIN_TYPE_HASH = keccak256(\"JoinPool(bytes calldata,address sender,uint256 nonce,uint256 deadline)\");\n bytes32 private constant _JOIN_TYPE_HASH = 0x3f7b71252bd19113ff48c19c6e004a9bcfcca320a0d74d58e85877cbd7dcae58;\n\n // _EXIT_TYPE_HASH = keccak256(\"ExitPool(bytes calldata,address sender,uint256 nonce,uint256 deadline)\");\n bytes32 private constant _EXIT_TYPE_HASH = 0x8bbc57f66ea936902f50a71ce12b92c43f3c5340bb40c27c4e90ab84eeae3353;\n\n // _SWAP_TYPE_HASH = keccak256(\"Swap(bytes calldata,address sender,uint256 nonce,uint256 deadline)\");\n bytes32 private constant _SWAP_TYPE_HASH = 0xe192dcbc143b1e244ad73b813fd3c097b832ad260a157340b4e5e5beda067abe;\n\n // _BATCH_SWAP_TYPE_HASH = keccak256(\"BatchSwap(bytes calldata,address sender,uint256 nonce,uint256 deadline)\");\n bytes32 private constant _BATCH_SWAP_TYPE_HASH = 0x9bfc43a4d98313c6766986ffd7c916c7481566d9f224c6819af0a53388aced3a;\n\n // _SET_RELAYER_TYPE_HASH =\n // keccak256(\"SetRelayerApproval(bytes calldata,address sender,uint256 nonce,uint256 deadline)\");\n bytes32\n private constant _SET_RELAYER_TYPE_HASH = 0xa3f865aa351e51cfeb40f5178d1564bb629fe9030b83caf6361d1baaf5b90b5a;\n\n IAuthorizer private _authorizer;\n mapping(address => mapping(address => bool)) private _approvedRelayers;\n\n /**\n * @dev Reverts unless `user` is the caller, or the caller is approved by the Authorizer to call this function (that\n * is, it is a relayer for that function), and either:\n * a) `user` approved the caller as a relayer (via `setRelayerApproval`), or\n * b) a valid signature from them was appended to the calldata.\n *\n * Should only be applied to external functions.\n */\n modifier authenticateFor(address user) {\n _authenticateFor(user);\n _;\n }\n\n constructor(IAuthorizer authorizer)\n // The Vault is a singleton, so it simply uses its own address to disambiguate action identifiers.\n Authentication(bytes32(uint256(address(this))))\n SignaturesValidator(\"Balancer V2 Vault\")\n {\n _authorizer = authorizer;\n }\n\n function changeAuthorizer(IAuthorizer newAuthorizer) external override nonReentrant authenticate {\n emit AuthorizerChanged(_authorizer, newAuthorizer);\n _authorizer = newAuthorizer;\n }\n\n function getAuthorizer() external view override returns (IAuthorizer) {\n return _authorizer;\n }\n\n function setRelayerApproval(\n address sender,\n address relayer,\n bool approved\n ) external override nonReentrant whenNotPaused authenticateFor(sender) {\n _approvedRelayers[sender][relayer] = approved;\n emit RelayerApprovalChanged(relayer, sender, approved);\n }\n\n function hasApprovedRelayer(address user, address relayer) external view override returns (bool) {\n return _hasApprovedRelayer(user, relayer);\n }\n\n /**\n * @dev Reverts unless `user` is the caller, or the caller is approved by the Authorizer to call the entry point\n * function (that is, it is a relayer for that function) and either:\n * a) `user` approved the caller as a relayer (via `setRelayerApproval`), or\n * b) a valid signature from them was appended to the calldata.\n */\n function _authenticateFor(address user) internal {\n if (msg.sender != user) {\n // In this context, 'permission to call a function' means 'being a relayer for a function'.\n _authenticateCaller();\n\n // Being a relayer is not sufficient: `user` must have also approved the caller either via\n // `setRelayerApproval`, or by providing a signature appended to the calldata.\n if (!_hasApprovedRelayer(user, msg.sender)) {\n _validateSignature(user, Errors.USER_DOESNT_ALLOW_RELAYER);\n }\n }\n }\n\n /**\n * @dev Returns true if `user` approved `relayer` to act as a relayer for them.\n */\n function _hasApprovedRelayer(address user, address relayer) internal view returns (bool) {\n return _approvedRelayers[user][relayer];\n }\n\n function _canPerform(bytes32 actionId, address user) internal view override returns (bool) {\n // Access control is delegated to the Authorizer.\n return _authorizer.canPerform(actionId, user, address(this));\n }\n\n function _typeHash() internal pure override returns (bytes32 hash) {\n // This is a simple switch-case statement, trivially written in Solidity by chaining else-if statements, but the\n // assembly implementation results in much denser bytecode.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n // The function selector is located at the first 4 bytes of calldata. We copy the first full calldata\n // 256 word, and then perform a logical shift to the right, moving the selector to the least significant\n // 4 bytes.\n let selector := shr(224, calldataload(0))\n\n // With the selector in the least significant 4 bytes, we can use 4 byte literals with leading zeros,\n // resulting in dense bytecode (PUSH4 opcodes).\n switch selector\n case 0xb95cac28 {\n hash := _JOIN_TYPE_HASH\n }\n case 0x8bdb3913 {\n hash := _EXIT_TYPE_HASH\n }\n case 0x52bbbe29 {\n hash := _SWAP_TYPE_HASH\n }\n case 0x945bcec9 {\n hash := _BATCH_SWAP_TYPE_HASH\n }\n case 0xfa6e671d {\n hash := _SET_RELAYER_TYPE_HASH\n }\n default {\n hash := 0x0000000000000000000000000000000000000000000000000000000000000000\n }\n }\n }\n}\n"
},
"src.sol/amm/lib/math/LogExpMath.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General internal License for more details.\n\n// You should have received a copy of the GNU General internal License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/* solhint-disable */\n\n/**\n * @dev Exponentiation and logarithm functions for 18 decimal fixed point numbers (both base and exponent/argument).\n *\n * Exponentiation and logarithm with arbitrary bases (x^y and log_x(y)) are implemented by conversion to natural\n * exponentiation and logarithm (where the base is Euler's number).\n *\n * @author Fernando Martinelli - @fernandomartinelli\n * @author Sergio Yuhjtman - @sergioyuhjtman\n * @author Daniel Fernandez - @dmf7z\n */\nlibrary LogExpMath {\n // All fixed point multiplications and divisions are inlined. This means we need to divide by ONE when multiplying\n // two numbers, and multiply by ONE when dividing them.\n\n // All arguments and return values are 18 decimal fixed point numbers.\n int256 constant ONE_18 = 1e18;\n\n // Internally, intermediate values are computed with higher precision as 20 decimal fixed point numbers, and in the\n // case of ln36, 36 decimals.\n int256 constant ONE_20 = 1e20;\n int256 constant ONE_36 = 1e36;\n\n // The domain of natural exponentiation is bound by the word size and number of decimals used.\n //\n // Because internally the result will be stored using 20 decimals, the largest possible result is\n // (2^255 - 1) / 10^20, which makes the largest exponent ln((2^255 - 1) / 10^20) = 130.700829182905140221.\n // The smallest possible result is 10^(-18), which makes largest negative argument\n // ln(10^(-18)) = -41.446531673892822312.\n // We use 130.0 and -41.0 to have some safety margin.\n int256 constant MAX_NATURAL_EXPONENT = 130e18;\n int256 constant MIN_NATURAL_EXPONENT = -41e18;\n\n // Bounds for ln_36's argument. Both ln(0.9) and ln(1.1) can be represented with 36 decimal places in a fixed point\n // 256 bit integer.\n int256 constant LN_36_LOWER_BOUND = ONE_18 - 1e17;\n int256 constant LN_36_UPPER_BOUND = ONE_18 + 1e17;\n\n uint256 constant MILD_EXPONENT_BOUND = 2**254 / uint256(ONE_20);\n\n // 18 decimal constants\n int256 constant x0 = 128000000000000000000; // 2ˆ7\n int256 constant a0 = 38877084059945950922200000000000000000000000000000000000; // eˆ(x0) (no decimals)\n int256 constant x1 = 64000000000000000000; // 2ˆ6\n int256 constant a1 = 6235149080811616882910000000; // eˆ(x1) (no decimals)\n\n // 20 decimal constants\n int256 constant x2 = 3200000000000000000000; // 2ˆ5\n int256 constant a2 = 7896296018268069516100000000000000; // eˆ(x2)\n int256 constant x3 = 1600000000000000000000; // 2ˆ4\n int256 constant a3 = 888611052050787263676000000; // eˆ(x3)\n int256 constant x4 = 800000000000000000000; // 2ˆ3\n int256 constant a4 = 298095798704172827474000; // eˆ(x4)\n int256 constant x5 = 400000000000000000000; // 2ˆ2\n int256 constant a5 = 5459815003314423907810; // eˆ(x5)\n int256 constant x6 = 200000000000000000000; // 2ˆ1\n int256 constant a6 = 738905609893065022723; // eˆ(x6)\n int256 constant x7 = 100000000000000000000; // 2ˆ0\n int256 constant a7 = 271828182845904523536; // eˆ(x7)\n int256 constant x8 = 50000000000000000000; // 2ˆ-1\n int256 constant a8 = 164872127070012814685; // eˆ(x8)\n int256 constant x9 = 25000000000000000000; // 2ˆ-2\n int256 constant a9 = 128402541668774148407; // eˆ(x9)\n int256 constant x10 = 12500000000000000000; // 2ˆ-3\n int256 constant a10 = 113314845306682631683; // eˆ(x10)\n int256 constant x11 = 6250000000000000000; // 2ˆ-4\n int256 constant a11 = 106449445891785942956; // eˆ(x11)\n\n /**\n * @dev Exponentiation (x^y) with unsigned 18 decimal fixed point base and exponent.\n *\n * Reverts if ln(x) * y is smaller than `MIN_NATURAL_EXPONENT`, or larger than `MAX_NATURAL_EXPONENT`.\n */\n function pow(uint256 x, uint256 y) internal pure returns (uint256) {\n if (y == 0) {\n // We solve the 0^0 indetermination by making it equal one.\n return uint256(ONE_18);\n }\n\n if (x == 0) {\n return 0;\n }\n\n // Instead of computing x^y directly, we instead rely on the properties of logarithms and exponentiation to\n // arrive at that result. In particular, exp(ln(x)) = x, and ln(x^y) = y * ln(x). This means\n // x^y = exp(y * ln(x)).\n\n // The ln function takes a signed value, so we need to make sure x fits in the signed 256 bit range.\n _require(x < 2**255, Errors.X_OUT_OF_BOUNDS);\n int256 x_int256 = int256(x);\n\n // We will compute y * ln(x) in a single step. Depending on the value of x, we can either use ln or ln_36. In\n // both cases, we leave the division by ONE_18 (due to fixed point multiplication) to the end.\n\n // This prevents y * ln(x) from overflowing, and at the same time guarantees y fits in the signed 256 bit range.\n _require(y < MILD_EXPONENT_BOUND, Errors.Y_OUT_OF_BOUNDS);\n int256 y_int256 = int256(y);\n\n int256 logx_times_y;\n if (LN_36_LOWER_BOUND < x_int256 && x_int256 < LN_36_UPPER_BOUND) {\n int256 ln_36_x = ln_36(x_int256);\n\n // ln_36_x has 36 decimal places, so multiplying by y_int256 isn't as straightforward, since we can't just\n // bring y_int256 to 36 decimal places, as it might overflow. Instead, we perform two 18 decimal\n // multiplications and add the results: one with the first 18 decimals of ln_36_x, and one with the\n // (downscaled) last 18 decimals.\n logx_times_y = ((ln_36_x / ONE_18) * y_int256 + ((ln_36_x % ONE_18) * y_int256) / ONE_18);\n } else {\n logx_times_y = ln(x_int256) * y_int256;\n }\n logx_times_y /= ONE_18;\n\n // Finally, we compute exp(y * ln(x)) to arrive at x^y\n _require(\n MIN_NATURAL_EXPONENT <= logx_times_y && logx_times_y <= MAX_NATURAL_EXPONENT,\n Errors.PRODUCT_OUT_OF_BOUNDS\n );\n\n return uint256(exp(logx_times_y));\n }\n\n /**\n * @dev Natural exponentiaton (e^x) with signed 18 decimal fixed point exponent.\n *\n * Reverts if `x` is smaller than MIN_NATURAL_EXPONENT, or larger than `MAX_NATURAL_EXPONENT`.\n */\n function exp(int256 x) internal pure returns (int256) {\n _require(x >= MIN_NATURAL_EXPONENT && x <= MAX_NATURAL_EXPONENT, Errors.INVALID_EXPONENT);\n\n if (x < 0) {\n // We only handle positive exponents: e^(-x) is computed as 1 / e^x. We can safely make x positive since it\n // fits in the signed 256 bit range (as it is larger than MIN_NATURAL_EXPONENT).\n // Fixed point division requires multiplying by ONE_18.\n return ((ONE_18 * ONE_18) / exp(-x));\n }\n\n // First, we use the fact that e^(x+y) = e^x * e^y to decompose x into a sum of powers of two, which we call x_n,\n // where x_n == 2^(7 - n), and e^x_n = a_n has been precomputed. We choose the first x_n, x0, to equal 2^7\n // because all larger powers are larger than MAX_NATURAL_EXPONENT, and therefore not present in the\n // decomposition.\n // At the end of this process we will have the product of all e^x_n = a_n that apply, and the remainder of this\n // decomposition, which will be lower than the smallest x_n.\n // exp(x) = k_0 * a_0 * k_1 * a_1 * ... + k_n * a_n * exp(remainder), where each k_n equals either 0 or 1.\n // We mutate x by subtracting x_n, making it the remainder of the decomposition.\n\n // The first two a_n (e^(2^7) and e^(2^6)) are too large if stored as 18 decimal numbers, and could cause\n // intermediate overflows. Instead we store them as plain integers, with 0 decimals.\n // Additionally, x0 + x1 is larger than MAX_NATURAL_EXPONENT, which means they will not both be present in the\n // decomposition.\n\n // For each x_n, we test if that term is present in the decomposition (if x is larger than it), and if so deduct\n // it and compute the accumulated product.\n\n int256 firstAN;\n if (x >= x0) {\n x -= x0;\n firstAN = a0;\n } else if (x >= x1) {\n x -= x1;\n firstAN = a1;\n } else {\n firstAN = 1; // One with no decimal places\n }\n\n // We now transform x into a 20 decimal fixed point number, to have enhanced precision when computing the\n // smaller terms.\n x *= 100;\n\n // `product` is the accumulated product of all a_n (except a0 and a1), which starts at 20 decimal fixed point\n // one. Recall that fixed point multiplication requires dviding by ONE_20.\n int256 product = ONE_20;\n\n if (x >= x2) {\n x -= x2;\n product = (product * a2) / ONE_20;\n }\n if (x >= x3) {\n x -= x3;\n product = (product * a3) / ONE_20;\n }\n if (x >= x4) {\n x -= x4;\n product = (product * a4) / ONE_20;\n }\n if (x >= x5) {\n x -= x5;\n product = (product * a5) / ONE_20;\n }\n if (x >= x6) {\n x -= x6;\n product = (product * a6) / ONE_20;\n }\n if (x >= x7) {\n x -= x7;\n product = (product * a7) / ONE_20;\n }\n if (x >= x8) {\n x -= x8;\n product = (product * a8) / ONE_20;\n }\n if (x >= x9) {\n x -= x9;\n product = (product * a9) / ONE_20;\n }\n\n // x10 and x11 are unnecessary here since we have high enough precision already.\n\n // Now we need to compute e^x, where x is small (in particular, it is smaller than x9). We use the Taylor series\n // expansion for e^x: 1 + x + (x^2 / 2!) + (x^3 / 3!) + ... + (x^n / n!).\n\n int256 seriesSum = ONE_20; // The initial one in the sum, with 20 decimal places.\n int256 term; // Each term in the sum, where the nth term is (x^n / n!).\n\n // The first term is simply x.\n term = x;\n seriesSum += term;\n\n // Each term (x^n / n!) equals the previous one times x, divided by n. Since x is a fixed point number,\n // multiplying by it requires dividing by ONE_20, but dividing by the non-fixed point n values does not.\n\n term = ((term * x) / ONE_20) / 2;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 3;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 4;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 5;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 6;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 7;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 8;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 9;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 10;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 11;\n seriesSum += term;\n\n term = ((term * x) / ONE_20) / 12;\n seriesSum += term;\n\n // 12 Taylor terms are sufficient for 18 decimal precision.\n\n // We now have the first a_n (with no decimals), and the product of all other a_n present, and the Taylor\n // approximation of the exponention of the remainder (both with 20 decimals). All that remains is to multiply\n // all three (one 20 decimal fixed point multiplication, dividing by ONE_20, and one integer multiplication),\n // and then drop two digits to return an 18 decimal value.\n\n return (((product * seriesSum) / ONE_20) * firstAN) / 100;\n }\n\n /**\n * @dev Natural logarithm (ln(a)) with signed 18 decimal fixed point argument.\n */\n function ln(int256 a) internal pure returns (int256) {\n // The real natural logarithm is not defined for negative numbers or zero.\n _require(a > 0, Errors.OUT_OF_BOUNDS);\n\n if (a < ONE_18) {\n // Since ln(a^k) = k * ln(a), we can compute ln(a) as ln(a) = ln((1/a)^(-1)) = - ln((1/a)). If a is less\n // than one, 1/a will be greater than one, and this if statement will not be entered in the recursive call.\n // Fixed point division requires multiplying by ONE_18.\n return (-ln((ONE_18 * ONE_18) / a));\n }\n\n // First, we use the fact that ln^(a * b) = ln(a) + ln(b) to decompose ln(a) into a sum of powers of two, which\n // we call x_n, where x_n == 2^(7 - n), which are the natural logarithm of precomputed quantities a_n (that is,\n // ln(a_n) = x_n). We choose the first x_n, x0, to equal 2^7 because the exponential of all larger powers cannot\n // be represented as 18 fixed point decimal numbers in 256 bits, and are therefore larger than a.\n // At the end of this process we will have the sum of all x_n = ln(a_n) that apply, and the remainder of this\n // decomposition, which will be lower than the smallest a_n.\n // ln(a) = k_0 * x_0 + k_1 * x_1 + ... + k_n * x_n + ln(remainder), where each k_n equals either 0 or 1.\n // We mutate a by subtracting a_n, making it the remainder of the decomposition.\n\n // For reasons related to how `exp` works, the first two a_n (e^(2^7) and e^(2^6)) are not stored as fixed point\n // numbers with 18 decimals, but instead as plain integers with 0 decimals, so we need to multiply them by\n // ONE_18 to convert them to fixed point.\n // For each a_n, we test if that term is present in the decomposition (if a is larger than it), and if so divide\n // by it and compute the accumulated sum.\n\n int256 sum = 0;\n if (a >= a0 * ONE_18) {\n a /= a0; // Integer, not fixed point division\n sum += x0;\n }\n\n if (a >= a1 * ONE_18) {\n a /= a1; // Integer, not fixed point division\n sum += x1;\n }\n\n // All other a_n and x_n are stored as 20 digit fixed point numbers, so we convert the sum and a to this format.\n sum *= 100;\n a *= 100;\n\n // Because further a_n are 20 digit fixed point numbers, we multiply by ONE_20 when dividing by them.\n\n if (a >= a2) {\n a = (a * ONE_20) / a2;\n sum += x2;\n }\n\n if (a >= a3) {\n a = (a * ONE_20) / a3;\n sum += x3;\n }\n\n if (a >= a4) {\n a = (a * ONE_20) / a4;\n sum += x4;\n }\n\n if (a >= a5) {\n a = (a * ONE_20) / a5;\n sum += x5;\n }\n\n if (a >= a6) {\n a = (a * ONE_20) / a6;\n sum += x6;\n }\n\n if (a >= a7) {\n a = (a * ONE_20) / a7;\n sum += x7;\n }\n\n if (a >= a8) {\n a = (a * ONE_20) / a8;\n sum += x8;\n }\n\n if (a >= a9) {\n a = (a * ONE_20) / a9;\n sum += x9;\n }\n\n if (a >= a10) {\n a = (a * ONE_20) / a10;\n sum += x10;\n }\n\n if (a >= a11) {\n a = (a * ONE_20) / a11;\n sum += x11;\n }\n\n // a is now a small number (smaller than a_11, which roughly equals 1.06). This means we can use a Taylor series\n // that converges rapidly for values of `a` close to one - the same one used in ln_36.\n // Let z = (a - 1) / (a + 1).\n // ln(a) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))\n\n // Recall that 20 digit fixed point division requires multiplying by ONE_20, and multiplication requires\n // division by ONE_20.\n int256 z = ((a - ONE_20) * ONE_20) / (a + ONE_20);\n int256 z_squared = (z * z) / ONE_20;\n\n // num is the numerator of the series: the z^(2 * n + 1) term\n int256 num = z;\n\n // seriesSum holds the accumulated sum of each term in the series, starting with the initial z\n int256 seriesSum = num;\n\n // In each step, the numerator is multiplied by z^2\n num = (num * z_squared) / ONE_20;\n seriesSum += num / 3;\n\n num = (num * z_squared) / ONE_20;\n seriesSum += num / 5;\n\n num = (num * z_squared) / ONE_20;\n seriesSum += num / 7;\n\n num = (num * z_squared) / ONE_20;\n seriesSum += num / 9;\n\n num = (num * z_squared) / ONE_20;\n seriesSum += num / 11;\n\n // 6 Taylor terms are sufficient for 36 decimal precision.\n\n // Finally, we multiply by 2 (non fixed point) to compute ln(remainder)\n seriesSum *= 2;\n\n // We now have the sum of all x_n present, and the Taylor approximation of the logarithm of the remainder (both\n // with 20 decimals). All that remains is to sum these two, and then drop two digits to return a 18 decimal\n // value.\n\n return (sum + seriesSum) / 100;\n }\n\n /**\n * @dev Logarithm (log(arg, base), with signed 18 decimal fixed point base and argument argument.\n */\n function log(int256 arg, int256 base) internal pure returns (int256) {\n // This performs a simple base change: log(arg, base) = ln(arg) / ln(base).\n\n // Both logBase and logArg are computed as 36 decimal fixed point numbers, either by using ln_36, or by\n // upscaling.\n\n int256 logBase;\n if (LN_36_LOWER_BOUND < base && base < LN_36_UPPER_BOUND) {\n logBase = ln_36(base);\n } else {\n logBase = ln(base) * ONE_18;\n }\n\n int256 logArg;\n if (LN_36_LOWER_BOUND < arg && arg < LN_36_UPPER_BOUND) {\n logArg = ln_36(arg);\n } else {\n logArg = ln(arg) * ONE_18;\n }\n\n // When dividing, we multiply by ONE_18 to arrive at a result with 18 decimal places\n return (logArg * ONE_18) / logBase;\n }\n\n /**\n * @dev High precision (36 decimal places) natural logarithm (ln(x)) with signed 18 decimal fixed point argument,\n * for x close to one.\n *\n * Should only be used if x is between LN_36_LOWER_BOUND and LN_36_UPPER_BOUND.\n */\n function ln_36(int256 x) private pure returns (int256) {\n // Since ln(1) = 0, a value of x close to one will yield a very small result, which makes using 36 digits\n // worthwhile.\n\n // First, we transform x to a 36 digit fixed point value.\n x *= ONE_18;\n\n // We will use the following Taylor expansion, which converges very rapidly. Let z = (x - 1) / (x + 1).\n // ln(x) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))\n\n // Recall that 36 digit fixed point division requires multiplying by ONE_36, and multiplication requires\n // division by ONE_36.\n int256 z = ((x - ONE_36) * ONE_36) / (x + ONE_36);\n int256 z_squared = (z * z) / ONE_36;\n\n // num is the numerator of the series: the z^(2 * n + 1) term\n int256 num = z;\n\n // seriesSum holds the accumulated sum of each term in the series, starting with the initial z\n int256 seriesSum = num;\n\n // In each step, the numerator is multiplied by z^2\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 3;\n\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 5;\n\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 7;\n\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 9;\n\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 11;\n\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 13;\n\n num = (num * z_squared) / ONE_36;\n seriesSum += num / 15;\n\n // 8 Taylor terms are sufficient for 36 decimal precision.\n\n // All that remains is multiplying by 2 (non fixed point).\n return seriesSum * 2;\n }\n}\n"
},
"src.sol/amm/lib/helpers/TemporarilyPausable.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"./BalancerErrors.sol\";\n\n/**\n * @dev Allows for a contract to be paused during an initial period after deployment, disabling functionality. Can be\n * used as an emergency switch in case a security vulnerability or threat is identified.\n *\n * The contract can only be paused during the Pause Window, a period that starts at deployment. It can also be\n * unpaused and repaused any number of times during this period. This is intended to serve as a safety measure: it lets\n * system managers react quickly to potentially dangerous situations, knowing that this action is reversible if careful\n * analysis later determines there was a false alarm.\n *\n * If the contract is paused when the Pause Window finishes, it will remain in the paused state through an additional\n * Buffer Period, after which it will be automatically unpaused forever. This is to ensure there is always enough time\n * to react to an emergency, even if the threat is discovered shortly before the Pause Window expires.\n *\n * Note that since the contract can only be paused within the Pause Window, unpausing during the Buffer Period is\n * irreversible.\n */\nabstract contract TemporarilyPausable {\n // The Pause Window and Buffer Period are timestamp-based: they should not be relied upon for sub-minute accuracy.\n // solhint-disable not-rely-on-time\n\n uint256 private constant _MAX_PAUSE_WINDOW_DURATION = 90 days;\n uint256 private constant _MAX_BUFFER_PERIOD_DURATION = 30 days;\n\n uint256 private immutable _pauseWindowEndTime;\n uint256 private immutable _bufferPeriodEndTime;\n\n bool private _paused;\n\n event PausedStateChanged(bool paused);\n\n constructor(uint256 pauseWindowDuration, uint256 bufferPeriodDuration) {\n _require(pauseWindowDuration <= _MAX_PAUSE_WINDOW_DURATION, Errors.MAX_PAUSE_WINDOW_DURATION);\n _require(bufferPeriodDuration <= _MAX_BUFFER_PERIOD_DURATION, Errors.MAX_BUFFER_PERIOD_DURATION);\n\n uint256 pauseWindowEndTime = block.timestamp + pauseWindowDuration;\n\n _pauseWindowEndTime = pauseWindowEndTime;\n _bufferPeriodEndTime = pauseWindowEndTime + bufferPeriodDuration;\n }\n\n /**\n * @dev Reverts if the contract is paused.\n */\n modifier whenNotPaused() {\n _ensureNotPaused();\n _;\n }\n\n /**\n * @dev Returns the current contract pause status, as well as the end times of the Pause Window and Buffer\n * Period.\n */\n function getPausedState()\n external\n view\n returns (\n bool paused,\n uint256 pauseWindowEndTime,\n uint256 bufferPeriodEndTime\n )\n {\n paused = !_isNotPaused();\n pauseWindowEndTime = _getPauseWindowEndTime();\n bufferPeriodEndTime = _getBufferPeriodEndTime();\n }\n\n /**\n * @dev Sets the pause state to `paused`. The contract can only be paused until the end of the Pause Window, and\n * unpaused until the end of the Buffer Period.\n *\n * Once the Buffer Period expires, this function reverts unconditionally.\n */\n function _setPaused(bool paused) internal {\n if (paused) {\n _require(block.timestamp < _getPauseWindowEndTime(), Errors.PAUSE_WINDOW_EXPIRED);\n } else {\n _require(block.timestamp < _getBufferPeriodEndTime(), Errors.BUFFER_PERIOD_EXPIRED);\n }\n\n _paused = paused;\n emit PausedStateChanged(paused);\n }\n\n /**\n * @dev Reverts if the contract is paused.\n */\n function _ensureNotPaused() internal view {\n _require(_isNotPaused(), Errors.PAUSED);\n }\n\n /**\n * @dev Returns true if the contract is unpaused.\n *\n * Once the Buffer Period expires, the gas cost of calling this function is reduced dramatically, as storage is no\n * longer accessed.\n */\n function _isNotPaused() internal view returns (bool) {\n // After the Buffer Period, the (inexpensive) timestamp check short-circuits the storage access.\n return block.timestamp > _getBufferPeriodEndTime() || !_paused;\n }\n\n // These getters lead to reduced bytecode size by inlining the immutable variables in a single place.\n\n function _getPauseWindowEndTime() private view returns (uint256) {\n return _pauseWindowEndTime;\n }\n\n function _getBufferPeriodEndTime() private view returns (uint256) {\n return _bufferPeriodEndTime;\n }\n}\n"
},
"src.sol/amm/lib/helpers/SignaturesValidator.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"./BalancerErrors.sol\";\n\nimport \"../openzeppelin/EIP712.sol\";\nimport \"../../vault/interfaces/ISignaturesValidator.sol\";\n\n/**\n * @dev Utility for signing Solidity function calls.\n *\n * This contract relies on the fact that Solidity contracts can be called with extra calldata, and enables\n * metatransaction schemes by appending an EIP712 signature of the original calldata at the end.\n *\n * Derived contracts must implement the `_typeHash` function to map function selectors to EIP712 structs.\n */\nabstract contract SignaturesValidator is ISignaturesValidator, EIP712 {\n // The appended data consists of a deadline, plus the [v,r,s] signature. For simplicity, we use a full 256 bit slot\n // for each of these values, even if 'v' is typically an 8 bit value.\n uint256 internal constant _EXTRA_CALLDATA_LENGTH = 4 * 32;\n\n // Replay attack prevention for each user.\n mapping(address => uint256) internal _nextNonce;\n\n constructor(string memory name) EIP712(name, \"1\") {\n // solhint-disable-previous-line no-empty-blocks\n }\n\n function getDomainSeparator() external view override returns (bytes32) {\n return _domainSeparatorV4();\n }\n\n function getNextNonce(address user) external view override returns (uint256) {\n return _nextNonce[user];\n }\n\n /**\n * @dev Reverts with `errorCode` unless a valid signature for `user` was appended to the calldata.\n */\n function _validateSignature(address user, uint256 errorCode) internal {\n uint256 nextNonce = _nextNonce[user]++;\n _require(_isSignatureValid(user, nextNonce), errorCode);\n }\n\n function _isSignatureValid(address user, uint256 nonce) private view returns (bool) {\n uint256 deadline = _deadline();\n\n // The deadline is timestamp-based: it should not be relied upon for sub-minute accuracy.\n // solhint-disable-next-line not-rely-on-time\n if (deadline < block.timestamp) {\n return false;\n }\n\n bytes32 typeHash = _typeHash();\n if (typeHash == bytes32(0)) {\n // Prevent accidental signature validation for functions that don't have an associated type hash.\n return false;\n }\n\n // All type hashes have this format: (bytes calldata, address sender, uint256 nonce, uint256 deadline).\n bytes32 structHash = keccak256(abi.encode(typeHash, keccak256(_calldata()), msg.sender, nonce, deadline));\n bytes32 digest = _hashTypedDataV4(structHash);\n (uint8 v, bytes32 r, bytes32 s) = _signature();\n\n address recoveredAddress = ecrecover(digest, v, r, s);\n\n // ecrecover returns the zero address on recover failure, so we need to handle that explicitly.\n return recoveredAddress != address(0) && recoveredAddress == user;\n }\n\n /**\n * @dev Returns the EIP712 type hash for the current entry point function, which can be identified by its function\n * selector (available as `msg.sig`).\n *\n * The typehash must conform to the following format:\n * (bytes calldata, address sender, uint256 nonce, uint256 deadline)\n *\n * If 0x00, all signatures will be considered invalid.\n */\n function _typeHash() internal view virtual returns (bytes32);\n\n /**\n * @dev Extracts the signature deadline from extra calldata.\n *\n * This function returns bogus data if no signature is included.\n */\n function _deadline() internal pure returns (uint256) {\n // The deadline is the first extra argument at the end of the original calldata.\n return uint256(_decodeExtraCalldataWord(0));\n }\n\n /**\n * @dev Extracts the signature parameters from extra calldata.\n *\n * This function returns bogus data if no signature is included. This is not a security risk, as that data would not\n * be considered a valid signature in the first place.\n */\n function _signature()\n internal\n pure\n returns (\n uint8 v,\n bytes32 r,\n bytes32 s\n )\n {\n // v, r and s are appended after the signature deadline, in that order.\n v = uint8(uint256(_decodeExtraCalldataWord(0x20)));\n r = _decodeExtraCalldataWord(0x40);\n s = _decodeExtraCalldataWord(0x60);\n }\n\n /**\n * @dev Returns the original calldata, without the extra bytes containing the signature.\n *\n * This function returns bogus data if no signature is included.\n */\n function _calldata() internal pure returns (bytes memory result) {\n result = msg.data; // A calldata to memory assignment results in memory allocation and copy of contents.\n if (result.length > _EXTRA_CALLDATA_LENGTH) {\n // solhint-disable-next-line no-inline-assembly\n assembly {\n // We simply overwrite the array length with the reduced one.\n mstore(result, sub(calldatasize(), _EXTRA_CALLDATA_LENGTH))\n }\n }\n }\n\n /**\n * @dev Returns a 256 bit word from 'extra' calldata, at some offset from the expected end of the original calldata.\n *\n * This function returns bogus data if no signature is included.\n */\n function _decodeExtraCalldataWord(uint256 offset) private pure returns (bytes32 result) {\n // solhint-disable-next-line no-inline-assembly\n assembly {\n result := calldataload(add(sub(calldatasize(), _EXTRA_CALLDATA_LENGTH), offset))\n }\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/EIP712.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.\n *\n * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,\n * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding\n * they need in their contracts using a combination of `abi.encode` and `keccak256`.\n *\n * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding\n * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA\n * ({_hashTypedDataV4}).\n *\n * The implementation of the domain separator was designed to be as efficient as possible while still properly updating\n * the chain id to protect against replay attacks on an eventual fork of the chain.\n *\n * NOTE: This contract implements the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].\n *\n * _Available since v3.4._\n */\nabstract contract EIP712 {\n /* solhint-disable var-name-mixedcase */\n bytes32 private immutable _HASHED_NAME;\n bytes32 private immutable _HASHED_VERSION;\n bytes32 private immutable _TYPE_HASH;\n\n /* solhint-enable var-name-mixedcase */\n\n /**\n * @dev Initializes the domain separator and parameter caches.\n *\n * The meaning of `name` and `version` is specified in\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:\n *\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n * - `version`: the current major version of the signing domain.\n *\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n * contract upgrade].\n */\n constructor(string memory name, string memory version) {\n _HASHED_NAME = keccak256(bytes(name));\n _HASHED_VERSION = keccak256(bytes(version));\n _TYPE_HASH = keccak256(\"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\");\n }\n\n /**\n * @dev Returns the domain separator for the current chain.\n */\n function _domainSeparatorV4() internal view virtual returns (bytes32) {\n return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, _getChainId(), address(this)));\n }\n\n /**\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n * function returns the hash of the fully encoded EIP712 message for this domain.\n *\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n *\n * ```solidity\n * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(\n * keccak256(\"Mail(address to,string contents)\"),\n * mailTo,\n * keccak256(bytes(mailContents))\n * )));\n * address signer = ECDSA.recover(digest, signature);\n * ```\n */\n function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x01\", _domainSeparatorV4(), structHash));\n }\n\n function _getChainId() private view returns (uint256 chainId) {\n // Silence state mutability warning without generating bytecode.\n // See https://github.com/ethereum/solidity/issues/10090#issuecomment-741789128 and\n // https://github.com/ethereum/solidity/issues/2691\n this;\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n chainId := chainid()\n }\n }\n}\n"
},
"src.sol/amm/vault/PoolBalances.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/math/Math.sol\";\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/helpers/InputHelpers.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\n\nimport \"./Fees.sol\";\nimport \"./PoolTokens.sol\";\nimport \"./UserBalance.sol\";\nimport \"./interfaces/IBasePool.sol\";\n\n/**\n * @dev Stores the Asset Managers (by Pool and token), and implements the top level Asset Manager and Pool interfaces,\n * such as registering and deregistering tokens, joining and exiting Pools, and informational functions like `getPool`\n * and `getPoolTokens`, delegating to specialization-specific functions as needed.\n *\n * `managePoolBalance` handles all Asset Manager interactions.\n */\nabstract contract PoolBalances is Fees, ReentrancyGuard, PoolTokens, UserBalance {\n using Math for uint256;\n using SafeERC20 for IERC20;\n using BalanceAllocation for bytes32;\n using BalanceAllocation for bytes32[];\n\n function joinPool(\n bytes32 poolId,\n address sender,\n address recipient,\n JoinPoolRequest memory request\n ) external payable override whenNotPaused {\n // This function doesn't have the nonReentrant modifier: it is applied to `_joinOrExit` instead.\n\n // Note that `recipient` is not actually payable in the context of a join - we cast it because we handle both\n // joins and exits at once.\n _joinOrExit(PoolBalanceChangeKind.JOIN, poolId, sender, payable(recipient), _toPoolBalanceChange(request));\n }\n\n function exitPool(\n bytes32 poolId,\n address sender,\n address payable recipient,\n ExitPoolRequest memory request\n ) external override {\n // This function doesn't have the nonReentrant modifier: it is applied to `_joinOrExit` instead.\n _joinOrExit(PoolBalanceChangeKind.EXIT, poolId, sender, recipient, _toPoolBalanceChange(request));\n }\n\n // This has the exact same layout as JoinPoolRequest and ExitPoolRequest, except the `maxAmountsIn` and\n // `minAmountsOut` are called `limits`. Internally we use this struct for both since these two functions are quite\n // similar, but expose the others to callers for clarity.\n struct PoolBalanceChange {\n IAsset[] assets;\n uint256[] limits;\n bytes userData;\n bool useInternalBalance;\n }\n\n /**\n * @dev Converts a JoinPoolRequest into a PoolBalanceChange, with no runtime cost.\n */\n function _toPoolBalanceChange(JoinPoolRequest memory request)\n private\n pure\n returns (PoolBalanceChange memory change)\n {\n // solhint-disable-next-line no-inline-assembly\n assembly {\n change := request\n }\n }\n\n /**\n * @dev Converts an ExitPoolRequest into a PoolBalanceChange, with no runtime cost.\n */\n function _toPoolBalanceChange(ExitPoolRequest memory request)\n private\n pure\n returns (PoolBalanceChange memory change)\n {\n // solhint-disable-next-line no-inline-assembly\n assembly {\n change := request\n }\n }\n\n /**\n * @dev Implements both `joinPool` and `exitPool`, based on `kind`.\n */\n function _joinOrExit(\n PoolBalanceChangeKind kind,\n bytes32 poolId,\n address sender,\n address payable recipient,\n PoolBalanceChange memory change\n ) private nonReentrant withRegisteredPool(poolId) authenticateFor(sender) {\n // This function uses a large number of stack variables (poolId, sender and recipient, balances, amounts, fees,\n // etc.), which leads to 'stack too deep' issues. It relies on private functions with seemingly arbitrary\n // interfaces to work around this limitation.\n\n InputHelpers.ensureInputLengthMatch(change.assets.length, change.limits.length);\n\n // We first check that the caller passed the Pool's registered tokens in the correct order, and retrieve the\n // current balance for each.\n IERC20[] memory tokens = _translateToIERC20(change.assets);\n bytes32[] memory balances = _validateTokensAndGetBalances(poolId, tokens);\n\n // The bulk of the work is done here: the corresponding Pool hook is called, its final balances are computed,\n // assets are transferred, and fees are paid.\n (\n bytes32[] memory finalBalances,\n uint256[] memory amountsInOrOut,\n uint256[] memory paidProtocolSwapFeeAmounts\n ) = _callPoolBalanceChange(kind, poolId, sender, recipient, change, balances);\n\n // All that remains is storing the new Pool balances.\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n _setTwoTokenPoolCashBalances(poolId, tokens[0], finalBalances[0], tokens[1], finalBalances[1]);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n _setMinimalSwapInfoPoolBalances(poolId, tokens, finalBalances);\n } else {\n // PoolSpecialization.GENERAL\n _setGeneralPoolBalances(poolId, finalBalances);\n }\n\n bool positive = kind == PoolBalanceChangeKind.JOIN; // Amounts in are positive, out are negative\n emit PoolBalanceChanged(\n poolId,\n sender,\n tokens,\n // We can unsafely cast to int256 because balances are actually stored as uint112\n _unsafeCastToInt256(amountsInOrOut, positive),\n paidProtocolSwapFeeAmounts\n );\n }\n\n /**\n * @dev Calls the corresponding Pool hook to get the amounts in/out plus protocol fee amounts, and performs the\n * associated token transfers and fee payments, returning the Pool's final balances.\n */\n function _callPoolBalanceChange(\n PoolBalanceChangeKind kind,\n bytes32 poolId,\n address sender,\n address payable recipient,\n PoolBalanceChange memory change,\n bytes32[] memory balances\n )\n private\n returns (\n bytes32[] memory finalBalances,\n uint256[] memory amountsInOrOut,\n uint256[] memory dueProtocolFeeAmounts\n )\n {\n (uint256[] memory totalBalances, uint256 lastChangeBlock) = balances.totalsAndLastChangeBlock();\n\n IBasePool pool = IBasePool(_getPoolAddress(poolId));\n (amountsInOrOut, dueProtocolFeeAmounts) = kind == PoolBalanceChangeKind.JOIN\n ? pool.onJoinPool(\n poolId,\n sender,\n recipient,\n totalBalances,\n lastChangeBlock,\n _getProtocolSwapFeePercentage(),\n change.userData\n )\n : pool.onExitPool(\n poolId,\n sender,\n recipient,\n totalBalances,\n lastChangeBlock,\n _getProtocolSwapFeePercentage(),\n change.userData\n );\n\n InputHelpers.ensureInputLengthMatch(balances.length, amountsInOrOut.length, dueProtocolFeeAmounts.length);\n\n // The Vault ignores the `recipient` in joins and the `sender` in exits: it is up to the Pool to keep track of\n // their participation.\n finalBalances = kind == PoolBalanceChangeKind.JOIN\n ? _processJoinPoolTransfers(sender, change, balances, amountsInOrOut, dueProtocolFeeAmounts)\n : _processExitPoolTransfers(recipient, change, balances, amountsInOrOut, dueProtocolFeeAmounts);\n }\n\n /**\n * @dev Transfers `amountsIn` from `sender`, checking that they are within their accepted limits, and pays\n * accumulated protocol swap fees.\n *\n * Returns the Pool's final balances, which are the current balances plus `amountsIn` minus accumulated protocol\n * swap fees.\n */\n function _processJoinPoolTransfers(\n address sender,\n PoolBalanceChange memory change,\n bytes32[] memory balances,\n uint256[] memory amountsIn,\n uint256[] memory dueProtocolFeeAmounts\n ) private returns (bytes32[] memory finalBalances) {\n // We need to track how much of the received ETH was used and wrapped into WETH to return any excess.\n uint256 wrappedEth = 0;\n\n finalBalances = new bytes32[](balances.length);\n for (uint256 i = 0; i < change.assets.length; ++i) {\n uint256 amountIn = amountsIn[i];\n _require(amountIn <= change.limits[i], Errors.JOIN_ABOVE_MAX);\n\n // Receive assets from the sender - possibly from Internal Balance.\n IAsset asset = change.assets[i];\n _receiveAsset(asset, amountIn, sender, change.useInternalBalance);\n\n if (_isETH(asset)) {\n wrappedEth = wrappedEth.add(amountIn);\n }\n\n uint256 feeAmount = dueProtocolFeeAmounts[i];\n _payFee(_translateToIERC20(asset), feeAmount);\n\n // Compute the new Pool balances. Note that the fee amount might be larger than `amountIn`,\n // resulting in an overall decrease of the Pool's balance for a token.\n finalBalances[i] = (amountIn >= feeAmount) // This lets us skip checked arithmetic\n ? balances[i].increaseCash(amountIn - feeAmount)\n : balances[i].decreaseCash(feeAmount - amountIn);\n }\n\n // Handle any used and remaining ETH.\n _handleRemainingEth(wrappedEth);\n }\n\n /**\n * @dev Transfers `amountsOut` to `recipient`, checking that they are within their accepted limits, and pays\n * accumulated protocol swap fees from the Pool.\n *\n * Returns the Pool's final balances, which are the current `balances` minus `amountsOut` and fees paid\n * (`dueProtocolFeeAmounts`).\n */\n function _processExitPoolTransfers(\n address payable recipient,\n PoolBalanceChange memory change,\n bytes32[] memory balances,\n uint256[] memory amountsOut,\n uint256[] memory dueProtocolFeeAmounts\n ) private returns (bytes32[] memory finalBalances) {\n finalBalances = new bytes32[](balances.length);\n for (uint256 i = 0; i < change.assets.length; ++i) {\n uint256 amountOut = amountsOut[i];\n _require(amountOut >= change.limits[i], Errors.EXIT_BELOW_MIN);\n\n // Send tokens to the recipient - possibly to Internal Balance\n IAsset asset = change.assets[i];\n _sendAsset(asset, amountOut, recipient, change.useInternalBalance);\n\n uint256 feeAmount = dueProtocolFeeAmounts[i];\n _payFee(_translateToIERC20(asset), feeAmount);\n\n // Compute the new Pool balances. A Pool's token balance always decreases after an exit (potentially by 0).\n finalBalances[i] = balances[i].decreaseCash(amountOut.add(feeAmount));\n }\n }\n\n /**\n * @dev Returns the total balance for `poolId`'s `expectedTokens`.\n *\n * `expectedTokens` must exactly equal the token array returned by `getPoolTokens`: both arrays must have the same\n * length, elements and order. Additionally, the Pool must have at least one registered token.\n */\n function _validateTokensAndGetBalances(bytes32 poolId, IERC20[] memory expectedTokens)\n private\n view\n returns (bytes32[] memory)\n {\n (IERC20[] memory actualTokens, bytes32[] memory balances) = _getPoolTokens(poolId);\n InputHelpers.ensureInputLengthMatch(actualTokens.length, expectedTokens.length);\n _require(actualTokens.length > 0, Errors.POOL_NO_TOKENS);\n\n for (uint256 i = 0; i < actualTokens.length; ++i) {\n _require(actualTokens[i] == expectedTokens[i], Errors.TOKENS_MISMATCH);\n }\n\n return balances;\n }\n\n /**\n * @dev Casts an array of uint256 to int256, setting the sign of the result according to the `positive` flag,\n * without checking whether the values fit in the signed 256 bit range.\n */\n function _unsafeCastToInt256(uint256[] memory values, bool positive)\n private\n pure\n returns (int256[] memory signedValues)\n {\n signedValues = new int256[](values.length);\n for (uint256 i = 0; i < values.length; i++) {\n signedValues[i] = positive ? int256(values[i]) : -int256(values[i]);\n }\n }\n}\n"
},
"src.sol/amm/vault/PoolTokens.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\n\nimport \"./AssetManagers.sol\";\nimport \"./PoolRegistry.sol\";\nimport \"./balances/BalanceAllocation.sol\";\n\nabstract contract PoolTokens is ReentrancyGuard, PoolRegistry, AssetManagers {\n using BalanceAllocation for bytes32;\n using BalanceAllocation for bytes32[];\n\n function registerTokens(\n bytes32 poolId,\n IERC20[] memory tokens,\n address[] memory assetManagers\n ) external override nonReentrant whenNotPaused onlyPool(poolId) {\n InputHelpers.ensureInputLengthMatch(tokens.length, assetManagers.length);\n\n // Validates token addresses and assigns Asset Managers\n for (uint256 i = 0; i < tokens.length; ++i) {\n IERC20 token = tokens[i];\n _require(token != IERC20(0), Errors.INVALID_TOKEN);\n\n _poolAssetManagers[poolId][token] = assetManagers[i];\n }\n\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n _require(tokens.length == 2, Errors.TOKENS_LENGTH_MUST_BE_2);\n _registerTwoTokenPoolTokens(poolId, tokens[0], tokens[1]);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n _registerMinimalSwapInfoPoolTokens(poolId, tokens);\n } else {\n // PoolSpecialization.GENERAL\n _registerGeneralPoolTokens(poolId, tokens);\n }\n\n emit TokensRegistered(poolId, tokens, assetManagers);\n }\n\n function deregisterTokens(bytes32 poolId, IERC20[] memory tokens)\n external\n override\n nonReentrant\n whenNotPaused\n onlyPool(poolId)\n {\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n _require(tokens.length == 2, Errors.TOKENS_LENGTH_MUST_BE_2);\n _deregisterTwoTokenPoolTokens(poolId, tokens[0], tokens[1]);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n _deregisterMinimalSwapInfoPoolTokens(poolId, tokens);\n } else {\n // PoolSpecialization.GENERAL\n _deregisterGeneralPoolTokens(poolId, tokens);\n }\n\n // The deregister calls above ensure the total token balance is zero. Therefore it is now safe to remove any\n // associated Asset Managers, since they hold no Pool balance.\n for (uint256 i = 0; i < tokens.length; ++i) {\n delete _poolAssetManagers[poolId][tokens[i]];\n }\n\n emit TokensDeregistered(poolId, tokens);\n }\n\n function getPoolTokens(bytes32 poolId)\n external\n view\n override\n withRegisteredPool(poolId)\n returns (\n IERC20[] memory tokens,\n uint256[] memory balances,\n uint256 lastChangeBlock\n )\n {\n bytes32[] memory rawBalances;\n (tokens, rawBalances) = _getPoolTokens(poolId);\n (balances, lastChangeBlock) = rawBalances.totalsAndLastChangeBlock();\n }\n\n function getPoolTokenInfo(bytes32 poolId, IERC20 token)\n external\n view\n override\n withRegisteredPool(poolId)\n returns (\n uint256 cash,\n uint256 managed,\n uint256 lastChangeBlock,\n address assetManager\n )\n {\n bytes32 balance;\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n balance = _getTwoTokenPoolBalance(poolId, token);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n balance = _getMinimalSwapInfoPoolBalance(poolId, token);\n } else {\n // PoolSpecialization.GENERAL\n balance = _getGeneralPoolBalance(poolId, token);\n }\n\n cash = balance.cash();\n managed = balance.managed();\n lastChangeBlock = balance.lastChangeBlock();\n assetManager = _poolAssetManagers[poolId][token];\n }\n\n /**\n * @dev Returns all of `poolId`'s registered tokens, along with their raw balances.\n */\n function _getPoolTokens(bytes32 poolId) internal view returns (IERC20[] memory tokens, bytes32[] memory balances) {\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n return _getTwoTokenPoolTokens(poolId);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n return _getMinimalSwapInfoPoolTokens(poolId);\n } else {\n // PoolSpecialization.GENERAL\n return _getGeneralPoolTokens(poolId);\n }\n }\n}\n"
},
"src.sol/amm/vault/UserBalance.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/math/Math.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\nimport \"../lib/openzeppelin/SafeCast.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\n\nimport \"./AssetTransfersHandler.sol\";\nimport \"./VaultAuthorization.sol\";\n\n/**\n * Implement User Balance interactions, which combine Internal Balance and using the Vault's ERC20 allowance.\n *\n * Users can deposit tokens into the Vault, where they are allocated to their Internal Balance, and later\n * transferred or withdrawn. It can also be used as a source of tokens when joining Pools, as a destination\n * when exiting them, and as either when performing swaps. This usage of Internal Balance results in greatly reduced\n * gas costs when compared to relying on plain ERC20 transfers, leading to large savings for frequent users.\n *\n * Internal Balance management features batching, which means a single contract call can be used to perform multiple\n * operations of different kinds, with different senders and recipients, at once.\n */\nabstract contract UserBalance is ReentrancyGuard, AssetTransfersHandler, VaultAuthorization {\n using Math for uint256;\n using SafeCast for uint256;\n using SafeERC20 for IERC20;\n\n // Internal Balance for each token, for each account.\n mapping(address => mapping(IERC20 => uint256)) private _internalTokenBalance;\n\n function getInternalBalance(address user, IERC20[] memory tokens)\n external\n view\n override\n returns (uint256[] memory balances)\n {\n balances = new uint256[](tokens.length);\n for (uint256 i = 0; i < tokens.length; i++) {\n balances[i] = _getInternalBalance(user, tokens[i]);\n }\n }\n\n function manageUserBalance(UserBalanceOp[] memory ops) external payable override nonReentrant {\n // We need to track how much of the received ETH was used and wrapped into WETH to return any excess.\n uint256 ethWrapped = 0;\n\n // Cache for these checks so we only perform them once (if at all).\n bool checkedCallerIsRelayer = false;\n bool checkedNotPaused = false;\n\n for (uint256 i = 0; i < ops.length; i++) {\n UserBalanceOpKind kind;\n IAsset asset;\n uint256 amount;\n address sender;\n address payable recipient;\n\n // This destructuring by calling `_validateUserBalanceOp` seems odd, but results in reduced bytecode size.\n (kind, asset, amount, sender, recipient, checkedCallerIsRelayer) = _validateUserBalanceOp(\n ops[i],\n checkedCallerIsRelayer\n );\n\n if (kind == UserBalanceOpKind.WITHDRAW_INTERNAL) {\n // Internal Balance withdrawals can always be performed by an authorized account.\n _withdrawFromInternalBalance(asset, sender, recipient, amount);\n } else {\n // All other operations are blocked if the contract is paused.\n\n // We cache the result of the pause check and skip it for other operations in this same transaction\n // (if any).\n if (!checkedNotPaused) {\n _ensureNotPaused();\n checkedNotPaused = true;\n }\n\n if (kind == UserBalanceOpKind.DEPOSIT_INTERNAL) {\n _depositToInternalBalance(asset, sender, recipient, amount);\n\n // Keep track of all ETH wrapped into WETH as part of a deposit.\n if (_isETH(asset)) {\n ethWrapped = ethWrapped.add(amount);\n }\n } else {\n // Transfers don't support ETH.\n _require(!_isETH(asset), Errors.CANNOT_USE_ETH_SENTINEL);\n IERC20 token = _asIERC20(asset);\n\n if (kind == UserBalanceOpKind.TRANSFER_INTERNAL) {\n _transferInternalBalance(token, sender, recipient, amount);\n } else {\n // TRANSFER_EXTERNAL\n _transferToExternalBalance(token, sender, recipient, amount);\n }\n }\n }\n }\n\n // Handle any remaining ETH.\n _handleRemainingEth(ethWrapped);\n }\n\n function _depositToInternalBalance(\n IAsset asset,\n address sender,\n address recipient,\n uint256 amount\n ) private {\n _increaseInternalBalance(recipient, _translateToIERC20(asset), amount);\n _receiveAsset(asset, amount, sender, false);\n }\n\n function _withdrawFromInternalBalance(\n IAsset asset,\n address sender,\n address payable recipient,\n uint256 amount\n ) private {\n // A partial decrease of Internal Balance is disallowed: `sender` must have the full `amount`.\n _decreaseInternalBalance(sender, _translateToIERC20(asset), amount, false);\n _sendAsset(asset, amount, recipient, false);\n }\n\n function _transferInternalBalance(\n IERC20 token,\n address sender,\n address recipient,\n uint256 amount\n ) private {\n // A partial decrease of Internal Balance is disallowed: `sender` must have the full `amount`.\n _decreaseInternalBalance(sender, token, amount, false);\n _increaseInternalBalance(recipient, token, amount);\n }\n\n function _transferToExternalBalance(\n IERC20 token,\n address sender,\n address recipient,\n uint256 amount\n ) private {\n if (amount > 0) {\n token.safeTransferFrom(sender, recipient, amount);\n emit ExternalBalanceTransfer(token, sender, recipient, amount);\n }\n }\n\n /**\n * @dev Increases `account`'s Internal Balance for `token` by `amount`.\n */\n function _increaseInternalBalance(\n address account,\n IERC20 token,\n uint256 amount\n ) internal override {\n uint256 currentBalance = _getInternalBalance(account, token);\n uint256 newBalance = currentBalance.add(amount);\n _setInternalBalance(account, token, newBalance, amount.toInt256());\n }\n\n /**\n * @dev Decreases `account`'s Internal Balance for `token` by `amount`. If `allowPartial` is true, this function\n * doesn't revert if `account` doesn't have enough balance, and sets it to zero and returns the deducted amount\n * instead.\n */\n function _decreaseInternalBalance(\n address account,\n IERC20 token,\n uint256 amount,\n bool allowPartial\n ) internal override returns (uint256 deducted) {\n uint256 currentBalance = _getInternalBalance(account, token);\n _require(allowPartial || (currentBalance >= amount), Errors.INSUFFICIENT_INTERNAL_BALANCE);\n\n deducted = Math.min(currentBalance, amount);\n // By construction, `deducted` is lower or equal to `currentBalance`, so we don't need to use checked\n // arithmetic.\n uint256 newBalance = currentBalance - deducted;\n _setInternalBalance(account, token, newBalance, -(deducted.toInt256()));\n }\n\n /**\n * @dev Sets `account`'s Internal Balance for `token` to `newBalance`.\n *\n * Emits an `InternalBalanceChanged` event. This event includes `delta`, which is the amount the balance increased\n * (if positive) or decreased (if negative). To avoid reading the current balance in order to compute the delta,\n * this function relies on the caller providing it directly.\n */\n function _setInternalBalance(\n address account,\n IERC20 token,\n uint256 newBalance,\n int256 delta\n ) private {\n _internalTokenBalance[account][token] = newBalance;\n emit InternalBalanceChanged(account, token, delta);\n }\n\n /**\n * @dev Returns `account`'s Internal Balance for `token`.\n */\n function _getInternalBalance(address account, IERC20 token) internal view returns (uint256) {\n return _internalTokenBalance[account][token];\n }\n\n /**\n * @dev Destructures a User Balance operation, validating that the contract caller is allowed to perform it.\n */\n function _validateUserBalanceOp(UserBalanceOp memory op, bool checkedCallerIsRelayer)\n private\n view\n returns (\n UserBalanceOpKind,\n IAsset,\n uint256,\n address,\n address payable,\n bool\n )\n {\n // The only argument we need to validate is `sender`, which can only be either the contract caller, or a\n // relayer approved by `sender`.\n address sender = op.sender;\n\n if (sender != msg.sender) {\n // We need to check both that the contract caller is a relayer, and that `sender` approved them.\n\n // Because the relayer check is global (i.e. independent of `sender`), we cache that result and skip it for\n // other operations in this same transaction (if any).\n if (!checkedCallerIsRelayer) {\n _authenticateCaller();\n checkedCallerIsRelayer = true;\n }\n\n _require(_hasApprovedRelayer(sender, msg.sender), Errors.USER_DOESNT_ALLOW_RELAYER);\n }\n\n return (op.kind, op.asset, op.amount, sender, op.recipient, checkedCallerIsRelayer);\n }\n}\n"
},
"src.sol/amm/vault/interfaces/IBasePool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"./IVault.sol\";\nimport \"./IPoolSwapStructs.sol\";\n\n/**\n * @dev Interface for adding and removing liquidity that all Pool contracts should implement. Note that this is not\n * the complete Pool contract interface, as it is missing the swap hooks. Pool contracts should also inherit from\n * either IGeneralPool or IMinimalSwapInfoPool\n */\ninterface IBasePool is IPoolSwapStructs {\n /**\n * @dev Called by the Vault when a user calls `IVault.joinPool` to add liquidity to this Pool. Returns how many of\n * each registered token the user should provide, as well as the amount of protocol fees the Pool owes to the Vault.\n * The Vault will then take tokens from `sender` and add them to the Pool's balances, as well as collect\n * the reported amount in protocol fees, which the pool should calculate based on `protocolSwapFeePercentage`.\n *\n * Protocol fees are reported and charged on join events so that the Pool is free of debt whenever new users join.\n *\n * `sender` is the account performing the join (from which tokens will be withdrawn), and `recipient` is the account\n * designated to receive any benefits (typically pool shares). `currentBalances` contains the total balances\n * for each token the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.\n *\n * `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total\n * balance.\n *\n * `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of\n * join (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)\n *\n * Contracts implementing this function should check that the caller is indeed the Vault before performing any\n * state-changing operations, such as minting pool shares.\n */\n function onJoinPool(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n ) external returns (uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts);\n\n /**\n * @dev Called by the Vault when a user calls `IVault.exitPool` to remove liquidity from this Pool. Returns how many\n * tokens the Vault should deduct from the Pool's balances, as well as the amount of protocol fees the Pool owes\n * to the Vault. The Vault will then take tokens from the Pool's balances and send them to `recipient`,\n * as well as collect the reported amount in protocol fees, which the Pool should calculate based on\n * `protocolSwapFeePercentage`.\n *\n * Protocol fees are charged on exit events to guarantee that users exiting the Pool have paid their share.\n *\n * `sender` is the account performing the exit (typically the pool shareholder), and `recipient` is the account\n * to which the Vault will send the proceeds. `currentBalances` contains the total token balances for each token\n * the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.\n *\n * `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total\n * balance.\n *\n * `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of\n * exit (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)\n *\n * Contracts implementing this function should check that the caller is indeed the Vault before performing any\n * state-changing operations, such as burning pool shares.\n */\n function onExitPool(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n ) external returns (uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts);\n}\n"
},
"src.sol/amm/vault/AssetManagers.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/math/Math.sol\";\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/helpers/InputHelpers.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\n\nimport \"./UserBalance.sol\";\nimport \"./balances/BalanceAllocation.sol\";\nimport \"./balances/GeneralPoolsBalance.sol\";\nimport \"./balances/MinimalSwapInfoPoolsBalance.sol\";\nimport \"./balances/TwoTokenPoolsBalance.sol\";\n\nabstract contract AssetManagers is\n ReentrancyGuard,\n GeneralPoolsBalance,\n MinimalSwapInfoPoolsBalance,\n TwoTokenPoolsBalance\n{\n using Math for uint256;\n using SafeERC20 for IERC20;\n\n // Stores the Asset Manager for each token of each Pool.\n mapping(bytes32 => mapping(IERC20 => address)) internal _poolAssetManagers;\n\n function managePoolBalance(PoolBalanceOp[] memory ops) external override nonReentrant whenNotPaused {\n // This variable could be declared inside the loop, but that causes the compiler to allocate memory on each\n // loop iteration, increasing gas costs.\n PoolBalanceOp memory op;\n\n for (uint256 i = 0; i < ops.length; ++i) {\n // By indexing the array only once, we don't spend extra gas in the same bounds check.\n op = ops[i];\n\n bytes32 poolId = op.poolId;\n _ensureRegisteredPool(poolId);\n\n IERC20 token = op.token;\n _require(_isTokenRegistered(poolId, token), Errors.TOKEN_NOT_REGISTERED);\n _require(_poolAssetManagers[poolId][token] == msg.sender, Errors.SENDER_NOT_ASSET_MANAGER);\n\n PoolBalanceOpKind kind = op.kind;\n uint256 amount = op.amount;\n (int256 cashDelta, int256 managedDelta) = _performPoolManagementOperation(kind, poolId, token, amount);\n\n emit PoolBalanceManaged(poolId, msg.sender, token, cashDelta, managedDelta);\n }\n }\n\n /**\n * @dev Performs the `kind` Asset Manager operation on a Pool.\n *\n * Withdrawals will transfer `amount` tokens to the caller, deposits will transfer `amount` tokens from the caller,\n * and updates will set the managed balance to `amount`.\n *\n * Returns a tuple with the 'cash' and 'managed' balance deltas as a result of this call.\n */\n function _performPoolManagementOperation(\n PoolBalanceOpKind kind,\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) private returns (int256, int256) {\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n\n if (kind == PoolBalanceOpKind.WITHDRAW) {\n return _withdrawPoolBalance(poolId, specialization, token, amount);\n } else if (kind == PoolBalanceOpKind.DEPOSIT) {\n return _depositPoolBalance(poolId, specialization, token, amount);\n } else {\n // PoolBalanceOpKind.UPDATE\n return _updateManagedBalance(poolId, specialization, token, amount);\n }\n }\n\n /**\n * @dev Moves `amount` tokens from a Pool's 'cash' to 'managed' balance, and transfers them to the caller.\n *\n * Returns the 'cash' and 'managed' balance deltas as a result of this call, which will be complementary.\n */\n function _withdrawPoolBalance(\n bytes32 poolId,\n PoolSpecialization specialization,\n IERC20 token,\n uint256 amount\n ) private returns (int256 cashDelta, int256 managedDelta) {\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n _twoTokenPoolCashToManaged(poolId, token, amount);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n _minimalSwapInfoPoolCashToManaged(poolId, token, amount);\n } else {\n // PoolSpecialization.GENERAL\n _generalPoolCashToManaged(poolId, token, amount);\n }\n\n if (amount > 0) {\n token.safeTransfer(msg.sender, amount);\n }\n\n // Since 'cash' and 'managed' are stored as uint112, `amount` is guaranteed to also fit in 112 bits. It will\n // therefore always fit in a 256 bit integer.\n cashDelta = int256(-amount);\n managedDelta = int256(amount);\n }\n\n /**\n * @dev Moves `amount` tokens from a Pool's 'managed' to 'cash' balance, and transfers them from the caller.\n *\n * Returns the 'cash' and 'managed' balance deltas as a result of this call, which will be complementary.\n */\n function _depositPoolBalance(\n bytes32 poolId,\n PoolSpecialization specialization,\n IERC20 token,\n uint256 amount\n ) private returns (int256 cashDelta, int256 managedDelta) {\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n _twoTokenPoolManagedToCash(poolId, token, amount);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n _minimalSwapInfoPoolManagedToCash(poolId, token, amount);\n } else {\n // PoolSpecialization.GENERAL\n _generalPoolManagedToCash(poolId, token, amount);\n }\n\n if (amount > 0) {\n token.safeTransferFrom(msg.sender, address(this), amount);\n }\n\n // Since 'cash' and 'managed' are stored as uint112, `amount` is guaranteed to also fit in 112 bits. It will\n // therefore always fit in a 256 bit integer.\n cashDelta = int256(amount);\n managedDelta = int256(-amount);\n }\n\n /**\n * @dev Sets a Pool's 'managed' balance to `amount`.\n *\n * Returns the 'cash' and 'managed' balance deltas as a result of this call (the 'cash' delta will always be zero).\n */\n function _updateManagedBalance(\n bytes32 poolId,\n PoolSpecialization specialization,\n IERC20 token,\n uint256 amount\n ) private returns (int256 cashDelta, int256 managedDelta) {\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n managedDelta = _setTwoTokenPoolManagedBalance(poolId, token, amount);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n managedDelta = _setMinimalSwapInfoPoolManagedBalance(poolId, token, amount);\n } else {\n // PoolSpecialization.GENERAL\n managedDelta = _setGeneralPoolManagedBalance(poolId, token, amount);\n }\n\n cashDelta = 0;\n }\n\n /**\n * @dev Returns true if `token` is registered for `poolId`.\n */\n function _isTokenRegistered(bytes32 poolId, IERC20 token) private view returns (bool) {\n PoolSpecialization specialization = _getPoolSpecialization(poolId);\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n return _isTwoTokenPoolTokenRegistered(poolId, token);\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n return _isMinimalSwapInfoPoolTokenRegistered(poolId, token);\n } else {\n // PoolSpecialization.GENERAL\n return _isGeneralPoolTokenRegistered(poolId, token);\n }\n }\n}\n"
},
"src.sol/amm/vault/PoolRegistry.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\n\nimport \"./VaultAuthorization.sol\";\n\n/**\n * @dev Maintains the Pool ID data structure, implements Pool ID creation and registration, and defines useful modifiers\n * and helper functions for ensuring correct behavior when working with Pools.\n */\nabstract contract PoolRegistry is ReentrancyGuard, VaultAuthorization {\n // Each pool is represented by their unique Pool ID. We use `bytes32` for them, for lack of a way to define new\n // types.\n mapping(bytes32 => bool) private _isPoolRegistered;\n\n // We keep an increasing nonce to make Pool IDs unique. It is interpreted as a `uint80`, but storing it as a\n // `uint256` results in reduced bytecode on reads and writes due to the lack of masking.\n uint256 private _nextPoolNonce;\n\n /**\n * @dev Reverts unless `poolId` corresponds to a registered Pool.\n */\n modifier withRegisteredPool(bytes32 poolId) {\n _ensureRegisteredPool(poolId);\n _;\n }\n\n /**\n * @dev Reverts unless `poolId` corresponds to a registered Pool, and the caller is the Pool's contract.\n */\n modifier onlyPool(bytes32 poolId) {\n _ensurePoolIsSender(poolId);\n _;\n }\n\n /**\n * @dev Reverts unless `poolId` corresponds to a registered Pool.\n */\n function _ensureRegisteredPool(bytes32 poolId) internal view {\n _require(_isPoolRegistered[poolId], Errors.INVALID_POOL_ID);\n }\n\n /**\n * @dev Reverts unless `poolId` corresponds to a registered Pool, and the caller is the Pool's contract.\n */\n function _ensurePoolIsSender(bytes32 poolId) private view {\n _ensureRegisteredPool(poolId);\n _require(msg.sender == _getPoolAddress(poolId), Errors.CALLER_NOT_POOL);\n }\n\n function registerPool(PoolSpecialization specialization)\n external\n override\n nonReentrant\n whenNotPaused\n returns (bytes32)\n {\n // Each Pool is assigned a unique ID based on an incrementing nonce. This assumes there will never be more than\n // 2**80 Pools, and the nonce will not overflow.\n\n bytes32 poolId = _toPoolId(msg.sender, specialization, uint80(_nextPoolNonce));\n\n _require(!_isPoolRegistered[poolId], Errors.INVALID_POOL_ID); // Should never happen as Pool IDs are unique.\n _isPoolRegistered[poolId] = true;\n\n _nextPoolNonce += 1;\n\n emit PoolRegistered(poolId);\n return poolId;\n }\n\n function getPool(bytes32 poolId)\n external\n view\n override\n withRegisteredPool(poolId)\n returns (address, PoolSpecialization)\n {\n return (_getPoolAddress(poolId), _getPoolSpecialization(poolId));\n }\n\n /**\n * @dev Creates a Pool ID.\n *\n * These are deterministically created by packing the Pool's contract address and its specialization setting into\n * the ID. This saves gas by making this data easily retrievable from a Pool ID with no storage accesses.\n *\n * Since a single contract can register multiple Pools, a unique nonce must be provided to ensure Pool IDs are\n * unique.\n *\n * Pool IDs have the following layout:\n * | 20 bytes pool contract address | 2 bytes specialization setting | 10 bytes nonce |\n * MSB LSB\n *\n * 2 bytes for the specialization setting is a bit overkill: there only three of them, which means two bits would\n * suffice. However, there's nothing else of interest to store in this extra space.\n */\n function _toPoolId(\n address pool,\n PoolSpecialization specialization,\n uint80 nonce\n ) internal pure returns (bytes32) {\n bytes32 serialized;\n\n serialized |= bytes32(uint256(nonce));\n serialized |= bytes32(uint256(specialization)) << (10 * 8);\n serialized |= bytes32(uint256(pool)) << (12 * 8);\n\n return serialized;\n }\n\n /**\n * @dev Returns the address of a Pool's contract.\n *\n * Due to how Pool IDs are created, this is done with no storage accesses and costs little gas.\n */\n function _getPoolAddress(bytes32 poolId) internal pure returns (address) {\n // 12 byte logical shift left to remove the nonce and specialization setting. We don't need to mask,\n // since the logical shift already sets the upper bits to zero.\n return address(uint256(poolId) >> (12 * 8));\n }\n\n /**\n * @dev Returns the specialization setting of a Pool.\n *\n * Due to how Pool IDs are created, this is done with no storage accesses and costs little gas.\n */\n function _getPoolSpecialization(bytes32 poolId) internal pure returns (PoolSpecialization specialization) {\n // 10 byte logical shift left to remove the nonce, followed by a 2 byte mask to remove the address.\n uint256 value = uint256(poolId >> (10 * 8)) & (2**(2 * 8) - 1);\n\n // Casting a value into an enum results in a runtime check that reverts unless the value is within the enum's\n // range. Passing an invalid Pool ID to this function would then result in an obscure revert with no reason\n // string: we instead perform the check ourselves to help in error diagnosis.\n\n // There are three Pool specialization settings: general, minimal swap info and two tokens, which correspond to\n // values 0, 1 and 2.\n _require(value < 3, Errors.INVALID_POOL_ID);\n\n // Because we have checked that `value` is within the enum range, we can use assembly to skip the runtime check.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n specialization := value\n }\n }\n}\n"
},
"src.sol/amm/vault/balances/BalanceAllocation.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/math/Math.sol\";\n\n// This library is used to create a data structure that represents a token's balance for a Pool. 'cash' is how many\n// tokens the Pool has sitting inside of the Vault. 'managed' is how many tokens were withdrawn from the Vault by the\n// Pool's Asset Manager. 'total' is the sum of these two, and represents the Pool's total token balance, including\n// tokens that are *not* inside of the Vault.\n//\n// 'cash' is updated whenever tokens enter and exit the Vault, while 'managed' is only updated if the reason tokens are\n// moving is due to an Asset Manager action. This is reflected in the different methods available: 'increaseCash'\n// and 'decreaseCash' for swaps and add/remove liquidity events, and 'cashToManaged' and 'managedToCash' for events\n// transferring funds to and from the Asset Manager.\n//\n// The Vault disallows the Pool's 'cash' from becoming negative. In other words, it can never use any tokens that are\n// not inside the Vault.\n//\n// One of the goals of this library is to store the entire token balance in a single storage slot, which is why we use\n// 112 bit unsigned integers for 'cash' and 'managed'. For consistency, we also disallow any combination of 'cash' and\n// 'managed' that yields a 'total' that doesn't fit in 112 bits.\n//\n// The remaining 32 bits of the slot are used to store the most recent block when the total balance changed. This\n// can be used to implement price oracles that are resilient to 'sandwich' attacks.\n//\n// We could use a Solidity struct to pack these three values together in a single storage slot, but unfortunately\n// Solidity only allows for structs to live in either storage, calldata or memory. Because a memory struct still takes\n// up a slot in the stack (to store its memory location), and because the entire balance fits in a single stack slot\n// (two 112 bit values plus the 32 bit block), using memory is strictly less gas performant. Therefore, we do manual\n// packing and unpacking.\n//\n// Since we cannot define new types, we rely on bytes32 to represent these values instead, as it doesn't have any\n// associated arithmetic operations and therefore reduces the chance of misuse.\nlibrary BalanceAllocation {\n using Math for uint256;\n\n // The 'cash' portion of the balance is stored in the least significant 112 bits of a 256 bit word, while the\n // 'managed' part uses the following 112 bits. The most significant 32 bits are used to store the block\n\n /**\n * @dev Returns the total amount of Pool tokens, including those that are not currently in the Vault ('managed').\n */\n function total(bytes32 balance) internal pure returns (uint256) {\n // Since 'cash' and 'managed' are 112 bit values, we don't need checked arithmetic. Additionally, `toBalance`\n // ensures that 'total' always fits in 112 bits.\n return cash(balance) + managed(balance);\n }\n\n /**\n * @dev Returns the amount of Pool tokens currently in the Vault.\n */\n function cash(bytes32 balance) internal pure returns (uint256) {\n uint256 mask = 2**(112) - 1;\n return uint256(balance) & mask;\n }\n\n /**\n * @dev Returns the amount of Pool tokens that are being managed by an Asset Manager.\n */\n function managed(bytes32 balance) internal pure returns (uint256) {\n uint256 mask = 2**(112) - 1;\n return uint256(balance >> 112) & mask;\n }\n\n /**\n * @dev Returns the last block when the total balance changed.\n */\n function lastChangeBlock(bytes32 balance) internal pure returns (uint256) {\n uint256 mask = 2**(32) - 1;\n return uint256(balance >> 224) & mask;\n }\n\n /**\n * @dev Returns the difference in 'managed' between two balances.\n */\n function managedDelta(bytes32 newBalance, bytes32 oldBalance) internal pure returns (int256) {\n // Because `managed` is a 112 bit value, we can safely perform unchecked arithmetic in 256 bits.\n return int256(managed(newBalance)) - int256(managed(oldBalance));\n }\n\n /**\n * @dev Returns the total balance for each entry in `balances`, as well as the latest block when the total\n * balance of *any* of them last changed.\n */\n function totalsAndLastChangeBlock(bytes32[] memory balances)\n internal\n pure\n returns (\n uint256[] memory results,\n uint256 lastChangeBlock_ // Avoid shadowing\n )\n {\n results = new uint256[](balances.length);\n lastChangeBlock_ = 0;\n\n for (uint256 i = 0; i < results.length; i++) {\n bytes32 balance = balances[i];\n results[i] = total(balance);\n lastChangeBlock_ = Math.max(lastChangeBlock_, lastChangeBlock(balance));\n }\n }\n\n /**\n * @dev Returns true if `balance`'s 'total' balance is zero. Costs less gas than computing 'total' and comparing\n * with zero.\n */\n function isZero(bytes32 balance) internal pure returns (bool) {\n // We simply need to check the least significant 224 bytes of the word: the block does not affect this.\n uint256 mask = 2**(224) - 1;\n return (uint256(balance) & mask) == 0;\n }\n\n /**\n * @dev Returns true if `balance`'s 'total' balance is not zero. Costs less gas than computing 'total' and comparing\n * with zero.\n */\n function isNotZero(bytes32 balance) internal pure returns (bool) {\n return !isZero(balance);\n }\n\n /**\n * @dev Packs together `cash` and `managed` amounts with a block to create a balance value.\n *\n * For consistency, this also checks that the sum of `cash` and `managed` (`total`) fits in 112 bits.\n */\n function toBalance(\n uint256 _cash,\n uint256 _managed,\n uint256 _blockNumber\n ) internal pure returns (bytes32) {\n uint256 _total = _cash + _managed;\n\n // Since both 'cash' and 'managed' are positive integers, by checking that their sum ('total') fits in 112 bits\n // we are also indirectly checking that both 'cash' and 'managed' themselves fit in 112 bits.\n _require(_total >= _cash && _total < 2**112, Errors.BALANCE_TOTAL_OVERFLOW);\n\n // We assume the block fits in 32 bits - this is expected to hold for at least a few decades.\n return _pack(_cash, _managed, _blockNumber);\n }\n\n /**\n * @dev Increases a Pool's 'cash' (and therefore its 'total'). Called when Pool tokens are sent to the Vault (except\n * for Asset Manager deposits).\n *\n * Updates the last total balance change block, even if `amount` is zero.\n */\n function increaseCash(bytes32 balance, uint256 amount) internal view returns (bytes32) {\n uint256 newCash = cash(balance).add(amount);\n uint256 currentManaged = managed(balance);\n uint256 newLastChangeBlock = block.number;\n\n return toBalance(newCash, currentManaged, newLastChangeBlock);\n }\n\n /**\n * @dev Decreases a Pool's 'cash' (and therefore its 'total'). Called when Pool tokens are sent from the Vault\n * (except for Asset Manager withdrawals).\n *\n * Updates the last total balance change block, even if `amount` is zero.\n */\n function decreaseCash(bytes32 balance, uint256 amount) internal view returns (bytes32) {\n uint256 newCash = cash(balance).sub(amount);\n uint256 currentManaged = managed(balance);\n uint256 newLastChangeBlock = block.number;\n\n return toBalance(newCash, currentManaged, newLastChangeBlock);\n }\n\n /**\n * @dev Moves 'cash' into 'managed', leaving 'total' unchanged. Called when an Asset Manager withdraws Pool tokens\n * from the Vault.\n */\n function cashToManaged(bytes32 balance, uint256 amount) internal pure returns (bytes32) {\n uint256 newCash = cash(balance).sub(amount);\n uint256 newManaged = managed(balance).add(amount);\n uint256 currentLastChangeBlock = lastChangeBlock(balance);\n\n return toBalance(newCash, newManaged, currentLastChangeBlock);\n }\n\n /**\n * @dev Moves 'managed' into 'cash', leaving 'total' unchanged. Called when an Asset Manager deposits Pool tokens\n * into the Vault.\n */\n function managedToCash(bytes32 balance, uint256 amount) internal pure returns (bytes32) {\n uint256 newCash = cash(balance).add(amount);\n uint256 newManaged = managed(balance).sub(amount);\n uint256 currentLastChangeBlock = lastChangeBlock(balance);\n\n return toBalance(newCash, newManaged, currentLastChangeBlock);\n }\n\n /**\n * @dev Sets 'managed' balance to an arbitrary value, changing 'total'. Called when the Asset Manager reports\n * profits or losses. It's the Manager's responsibility to provide a meaningful value.\n *\n * Updates the last total balance change block, even if `newManaged` is equal to the current 'managed' value.\n */\n function setManaged(bytes32 balance, uint256 newManaged) internal view returns (bytes32) {\n uint256 currentCash = cash(balance);\n uint256 newLastChangeBlock = block.number;\n return toBalance(currentCash, newManaged, newLastChangeBlock);\n }\n\n // Alternative mode for Pools with the Two Token specialization setting\n\n // Instead of storing cash and external for each 'token in' a single storage slot, Two Token Pools store the cash\n // for both tokens in the same slot, and the managed for both in another one. This reduces the gas cost for swaps,\n // because the only slot that needs to be updated is the one with the cash. However, it also means that managing\n // balances is more cumbersome, as both tokens need to be read/written at the same time.\n //\n // The field with both cash balances packed is called sharedCash, and the one with external amounts is called\n // sharedManaged. These two are collectively called the 'shared' balance fields. In both of these, the portion\n // that corresponds to token A is stored in the least significant 112 bits of a 256 bit word, while token B's part\n // uses the next least significant 112 bits.\n //\n // Because only cash is written to during a swap, we store the last total balance change block with the\n // packed cash fields. Typically Pools have a distinct block per token: in the case of Two Token Pools they\n // are the same.\n\n /**\n * @dev Extracts the part of the balance that corresponds to token A. This function can be used to decode both\n * shared cash and managed balances.\n */\n function _decodeBalanceA(bytes32 sharedBalance) private pure returns (uint256) {\n uint256 mask = 2**(112) - 1;\n return uint256(sharedBalance) & mask;\n }\n\n /**\n * @dev Extracts the part of the balance that corresponds to token B. This function can be used to decode both\n * shared cash and managed balances.\n */\n function _decodeBalanceB(bytes32 sharedBalance) private pure returns (uint256) {\n uint256 mask = 2**(112) - 1;\n return uint256(sharedBalance >> 112) & mask;\n }\n\n // To decode the last balance change block, we can simply use the `blockNumber` function.\n\n /**\n * @dev Unpacks the shared token A and token B cash and managed balances into the balance for token A.\n */\n function fromSharedToBalanceA(bytes32 sharedCash, bytes32 sharedManaged) internal pure returns (bytes32) {\n // Note that we extract the block from the sharedCash field, which is the one that is updated by swaps.\n // Both token A and token B use the same block\n return toBalance(_decodeBalanceA(sharedCash), _decodeBalanceA(sharedManaged), lastChangeBlock(sharedCash));\n }\n\n /**\n * @dev Unpacks the shared token A and token B cash and managed balances into the balance for token B.\n */\n function fromSharedToBalanceB(bytes32 sharedCash, bytes32 sharedManaged) internal pure returns (bytes32) {\n // Note that we extract the block from the sharedCash field, which is the one that is updated by swaps.\n // Both token A and token B use the same block\n return toBalance(_decodeBalanceB(sharedCash), _decodeBalanceB(sharedManaged), lastChangeBlock(sharedCash));\n }\n\n /**\n * @dev Returns the sharedCash shared field, given the current balances for token A and token B.\n */\n function toSharedCash(bytes32 tokenABalance, bytes32 tokenBBalance) internal pure returns (bytes32) {\n // Both balances are assigned the same block Since it is possible a single one of them has changed (for\n // example, in an Asset Manager update), we keep the latest (largest) one.\n uint32 newLastChangeBlock = uint32(Math.max(lastChangeBlock(tokenABalance), lastChangeBlock(tokenBBalance)));\n\n return _pack(cash(tokenABalance), cash(tokenBBalance), newLastChangeBlock);\n }\n\n /**\n * @dev Returns the sharedManaged shared field, given the current balances for token A and token B.\n */\n function toSharedManaged(bytes32 tokenABalance, bytes32 tokenBBalance) internal pure returns (bytes32) {\n // We don't bother storing a last change block, as it is read from the shared cash field.\n return _pack(managed(tokenABalance), managed(tokenBBalance), 0);\n }\n\n // Shared functions\n\n /**\n * @dev Packs together two uint112 and one uint32 into a bytes32\n */\n function _pack(\n uint256 _leastSignificant,\n uint256 _midSignificant,\n uint256 _mostSignificant\n ) private pure returns (bytes32) {\n return bytes32((_mostSignificant << 224) + (_midSignificant << 112) + _leastSignificant);\n }\n}\n"
},
"src.sol/amm/vault/balances/GeneralPoolsBalance.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/helpers/BalancerErrors.sol\";\nimport \"../../lib/openzeppelin/EnumerableMap.sol\";\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./BalanceAllocation.sol\";\n\nabstract contract GeneralPoolsBalance {\n using BalanceAllocation for bytes32;\n using EnumerableMap for EnumerableMap.IERC20ToBytes32Map;\n\n // Data for Pools with the General specialization setting\n //\n // These Pools use the IGeneralPool interface, which means the Vault must query the balance for *all* of their\n // tokens in every swap. If we kept a mapping of token to balance plus a set (array) of tokens, it'd be very gas\n // intensive to read all token addresses just to then do a lookup on the balance mapping.\n //\n // Instead, we use our customized EnumerableMap, which lets us read the N balances in N+1 storage accesses (one for\n // each token in the Pool), access the index of any 'token in' a single read (required for the IGeneralPool call),\n // and update an entry's value given its index.\n\n // Map of token -> balance pairs for each Pool with this specialization. Many functions rely on storage pointers to\n // a Pool's EnumerableMap to save gas when computing storage slots.\n mapping(bytes32 => EnumerableMap.IERC20ToBytes32Map) internal _generalPoolsBalances;\n\n /**\n * @dev Registers a list of tokens in a General Pool.\n *\n * This function assumes `poolId` exists and corresponds to the General specialization setting.\n *\n * Requirements:\n *\n * - `tokens` must not be registered in the Pool\n * - `tokens` must not contain duplicates\n */\n function _registerGeneralPoolTokens(bytes32 poolId, IERC20[] memory tokens) internal {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n // EnumerableMaps require an explicit initial value when creating a key-value pair: we use zero, the same\n // value that is found in uninitialized storage, which corresponds to an empty balance.\n bool added = poolBalances.set(tokens[i], 0);\n _require(added, Errors.TOKEN_ALREADY_REGISTERED);\n }\n }\n\n /**\n * @dev Deregisters a list of tokens in a General Pool.\n *\n * This function assumes `poolId` exists and corresponds to the General specialization setting.\n *\n * Requirements:\n *\n * - `tokens` must be registered in the Pool\n * - `tokens` must have zero balance in the Vault\n * - `tokens` must not contain duplicates\n */\n function _deregisterGeneralPoolTokens(bytes32 poolId, IERC20[] memory tokens) internal {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n IERC20 token = tokens[i];\n bytes32 currentBalance = _getGeneralPoolBalance(poolBalances, token);\n _require(currentBalance.isZero(), Errors.NONZERO_TOKEN_BALANCE);\n\n // We don't need to check remove's return value, since _getGeneralPoolBalance already checks that the token\n // was registered.\n poolBalances.remove(token);\n }\n }\n\n /**\n * @dev Sets the balances of a General Pool's tokens to `balances`.\n *\n * WARNING: this assumes `balances` has the same length and order as the Pool's tokens.\n */\n function _setGeneralPoolBalances(bytes32 poolId, bytes32[] memory balances) internal {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n\n for (uint256 i = 0; i < balances.length; ++i) {\n // Since we assume all balances are properly ordered, we can simply use `unchecked_setAt` to avoid one less\n // storage read per token.\n poolBalances.unchecked_setAt(i, balances[i]);\n }\n }\n\n /**\n * @dev Transforms `amount` of `token`'s balance in a General Pool from cash into managed.\n *\n * This function assumes `poolId` exists, corresponds to the General specialization setting, and that `token` is\n * registered for that Pool.\n */\n function _generalPoolCashToManaged(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal {\n _updateGeneralPoolBalance(poolId, token, BalanceAllocation.cashToManaged, amount);\n }\n\n /**\n * @dev Transforms `amount` of `token`'s balance in a General Pool from managed into cash.\n *\n * This function assumes `poolId` exists, corresponds to the General specialization setting, and that `token` is\n * registered for that Pool.\n */\n function _generalPoolManagedToCash(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal {\n _updateGeneralPoolBalance(poolId, token, BalanceAllocation.managedToCash, amount);\n }\n\n /**\n * @dev Sets `token`'s managed balance in a General Pool to `amount`.\n *\n * This function assumes `poolId` exists, corresponds to the General specialization setting, and that `token` is\n * registered for that Pool.\n *\n * Returns the managed balance delta as a result of this call.\n */\n function _setGeneralPoolManagedBalance(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal returns (int256) {\n return _updateGeneralPoolBalance(poolId, token, BalanceAllocation.setManaged, amount);\n }\n\n /**\n * @dev Sets `token`'s balance in a General Pool to the result of the `mutation` function when called with the\n * current balance and `amount`.\n *\n * This function assumes `poolId` exists, corresponds to the General specialization setting, and that `token` is\n * registered for that Pool.\n *\n * Returns the managed balance delta as a result of this call.\n */\n function _updateGeneralPoolBalance(\n bytes32 poolId,\n IERC20 token,\n function(bytes32, uint256) returns (bytes32) mutation,\n uint256 amount\n ) private returns (int256) {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n bytes32 currentBalance = _getGeneralPoolBalance(poolBalances, token);\n\n bytes32 newBalance = mutation(currentBalance, amount);\n poolBalances.set(token, newBalance);\n\n return newBalance.managedDelta(currentBalance);\n }\n\n /**\n * @dev Returns an array with all the tokens and balances in a General Pool. The order may change when tokens are\n * registered or deregistered.\n *\n * This function assumes `poolId` exists and corresponds to the General specialization setting.\n */\n function _getGeneralPoolTokens(bytes32 poolId)\n internal\n view\n returns (IERC20[] memory tokens, bytes32[] memory balances)\n {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n tokens = new IERC20[](poolBalances.length());\n balances = new bytes32[](tokens.length);\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n // Because the iteration is bounded by `tokens.length`, which matches the EnumerableMap's length, we can use\n // `unchecked_at` as we know `i` is a valid token index, saving storage reads.\n (tokens[i], balances[i]) = poolBalances.unchecked_at(i);\n }\n }\n\n /**\n * @dev Returns the balance of a token in a General Pool.\n *\n * This function assumes `poolId` exists and corresponds to the General specialization setting.\n *\n * Requirements:\n *\n * - `token` must be registered in the Pool\n */\n function _getGeneralPoolBalance(bytes32 poolId, IERC20 token) internal view returns (bytes32) {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n return _getGeneralPoolBalance(poolBalances, token);\n }\n\n /**\n * @dev Same as `_getGeneralPoolBalance` but using a Pool's storage pointer, which saves gas in repeated reads and\n * writes.\n */\n function _getGeneralPoolBalance(EnumerableMap.IERC20ToBytes32Map storage poolBalances, IERC20 token)\n private\n view\n returns (bytes32)\n {\n return poolBalances.get(token, Errors.TOKEN_NOT_REGISTERED);\n }\n\n /**\n * @dev Returns true if `token` is registered in a General Pool.\n *\n * This function assumes `poolId` exists and corresponds to the General specialization setting.\n */\n function _isGeneralPoolTokenRegistered(bytes32 poolId, IERC20 token) internal view returns (bool) {\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[poolId];\n return poolBalances.contains(token);\n }\n}\n"
},
"src.sol/amm/vault/balances/MinimalSwapInfoPoolsBalance.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../lib/helpers/BalancerErrors.sol\";\nimport \"../../lib/openzeppelin/EnumerableSet.sol\";\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./BalanceAllocation.sol\";\nimport \"../PoolRegistry.sol\";\n\nabstract contract MinimalSwapInfoPoolsBalance is PoolRegistry {\n using BalanceAllocation for bytes32;\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // Data for Pools with the Minimal Swap Info specialization setting\n //\n // These Pools use the IMinimalSwapInfoPool interface, and so the Vault must read the balance of the two tokens\n // in the swap. The best solution is to use a mapping from token to balance, which lets us read or write any token's\n // balance in a single storage access.\n //\n // We also keep a set of registered tokens. Because tokens with non-zero balance are by definition registered, in\n // some balance getters we skip checking for token registration if a non-zero balance is found, saving gas by\n // performing a single read instead of two.\n\n mapping(bytes32 => mapping(IERC20 => bytes32)) internal _minimalSwapInfoPoolsBalances;\n mapping(bytes32 => EnumerableSet.AddressSet) internal _minimalSwapInfoPoolsTokens;\n\n /**\n * @dev Registers a list of tokens in a Minimal Swap Info Pool.\n *\n * This function assumes `poolId` exists and corresponds to the Minimal Swap Info specialization setting.\n *\n * Requirements:\n *\n * - `tokens` must not be registered in the Pool\n * - `tokens` must not contain duplicates\n */\n function _registerMinimalSwapInfoPoolTokens(bytes32 poolId, IERC20[] memory tokens) internal {\n EnumerableSet.AddressSet storage poolTokens = _minimalSwapInfoPoolsTokens[poolId];\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n bool added = poolTokens.add(address(tokens[i]));\n _require(added, Errors.TOKEN_ALREADY_REGISTERED);\n // Note that we don't initialize the balance mapping: the default value of zero corresponds to an empty\n // balance.\n }\n }\n\n /**\n * @dev Deregisters a list of tokens in a Minimal Swap Info Pool.\n *\n * This function assumes `poolId` exists and corresponds to the Minimal Swap Info specialization setting.\n *\n * Requirements:\n *\n * - `tokens` must be registered in the Pool\n * - `tokens` must have zero balance in the Vault\n * - `tokens` must not contain duplicates\n */\n function _deregisterMinimalSwapInfoPoolTokens(bytes32 poolId, IERC20[] memory tokens) internal {\n EnumerableSet.AddressSet storage poolTokens = _minimalSwapInfoPoolsTokens[poolId];\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n IERC20 token = tokens[i];\n _require(_minimalSwapInfoPoolsBalances[poolId][token].isZero(), Errors.NONZERO_TOKEN_BALANCE);\n\n // For consistency with other Pool specialization settings, we explicitly reset the balance (which may have\n // a non-zero last change block).\n delete _minimalSwapInfoPoolsBalances[poolId][token];\n\n bool removed = poolTokens.remove(address(token));\n _require(removed, Errors.TOKEN_NOT_REGISTERED);\n }\n }\n\n /**\n * @dev Sets the balances of a Minimal Swap Info Pool's tokens to `balances`.\n *\n * WARNING: this assumes `balances` has the same length and order as the Pool's tokens.\n */\n function _setMinimalSwapInfoPoolBalances(\n bytes32 poolId,\n IERC20[] memory tokens,\n bytes32[] memory balances\n ) internal {\n for (uint256 i = 0; i < tokens.length; ++i) {\n _minimalSwapInfoPoolsBalances[poolId][tokens[i]] = balances[i];\n }\n }\n\n /**\n * @dev Transforms `amount` of `token`'s balance in a Minimal Swap Info Pool from cash into managed.\n *\n * This function assumes `poolId` exists, corresponds to the Minimal Swap Info specialization setting, and that\n * `token` is registered for that Pool.\n */\n function _minimalSwapInfoPoolCashToManaged(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal {\n _updateMinimalSwapInfoPoolBalance(poolId, token, BalanceAllocation.cashToManaged, amount);\n }\n\n /**\n * @dev Transforms `amount` of `token`'s balance in a Minimal Swap Info Pool from managed into cash.\n *\n * This function assumes `poolId` exists, corresponds to the Minimal Swap Info specialization setting, and that\n * `token` is registered for that Pool.\n */\n function _minimalSwapInfoPoolManagedToCash(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal {\n _updateMinimalSwapInfoPoolBalance(poolId, token, BalanceAllocation.managedToCash, amount);\n }\n\n /**\n * @dev Sets `token`'s managed balance in a Minimal Swap Info Pool to `amount`.\n *\n * This function assumes `poolId` exists, corresponds to the Minimal Swap Info specialization setting, and that\n * `token` is registered for that Pool.\n *\n * Returns the managed balance delta as a result of this call.\n */\n function _setMinimalSwapInfoPoolManagedBalance(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal returns (int256) {\n return _updateMinimalSwapInfoPoolBalance(poolId, token, BalanceAllocation.setManaged, amount);\n }\n\n /**\n * @dev Sets `token`'s balance in a Minimal Swap Info Pool to the result of the `mutation` function when called with\n * the current balance and `amount`.\n *\n * This function assumes `poolId` exists, corresponds to the Minimal Swap Info specialization setting, and that\n * `token` is registered for that Pool.\n *\n * Returns the managed balance delta as a result of this call.\n */\n function _updateMinimalSwapInfoPoolBalance(\n bytes32 poolId,\n IERC20 token,\n function(bytes32, uint256) returns (bytes32) mutation,\n uint256 amount\n ) internal returns (int256) {\n bytes32 currentBalance = _getMinimalSwapInfoPoolBalance(poolId, token);\n\n bytes32 newBalance = mutation(currentBalance, amount);\n _minimalSwapInfoPoolsBalances[poolId][token] = newBalance;\n\n return newBalance.managedDelta(currentBalance);\n }\n\n /**\n * @dev Returns an array with all the tokens and balances in a Minimal Swap Info Pool. The order may change when\n * tokens are registered or deregistered.\n *\n * This function assumes `poolId` exists and corresponds to the Minimal Swap Info specialization setting.\n */\n function _getMinimalSwapInfoPoolTokens(bytes32 poolId)\n internal\n view\n returns (IERC20[] memory tokens, bytes32[] memory balances)\n {\n EnumerableSet.AddressSet storage poolTokens = _minimalSwapInfoPoolsTokens[poolId];\n tokens = new IERC20[](poolTokens.length());\n balances = new bytes32[](tokens.length);\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n // Because the iteration is bounded by `tokens.length`, which matches the EnumerableSet's length, we can use\n // `unchecked_at` as we know `i` is a valid token index, saving storage reads.\n IERC20 token = IERC20(poolTokens.unchecked_at(i));\n tokens[i] = token;\n balances[i] = _minimalSwapInfoPoolsBalances[poolId][token];\n }\n }\n\n /**\n * @dev Returns the balance of a token in a Minimal Swap Info Pool.\n *\n * Requirements:\n *\n * - `poolId` must be a Minimal Swap Info Pool\n * - `token` must be registered in the Pool\n */\n function _getMinimalSwapInfoPoolBalance(bytes32 poolId, IERC20 token) internal view returns (bytes32) {\n bytes32 balance = _minimalSwapInfoPoolsBalances[poolId][token];\n\n // A non-zero balance guarantees that the token is registered. If zero, we manually check if the token is\n // registered in the Pool. Token registration implies that the Pool is registered as well, which lets us save\n // gas by not performing the check.\n bool tokenRegistered = balance.isNotZero() || _minimalSwapInfoPoolsTokens[poolId].contains(address(token));\n\n if (!tokenRegistered) {\n // The token might not be registered because the Pool itself is not registered. We check this to provide a\n // more accurate revert reason.\n _ensureRegisteredPool(poolId);\n _revert(Errors.TOKEN_NOT_REGISTERED);\n }\n\n return balance;\n }\n\n /**\n * @dev Returns true if `token` is registered in a Minimal Swap Info Pool.\n *\n * This function assumes `poolId` exists and corresponds to the Minimal Swap Info specialization setting.\n */\n function _isMinimalSwapInfoPoolTokenRegistered(bytes32 poolId, IERC20 token) internal view returns (bool) {\n EnumerableSet.AddressSet storage poolTokens = _minimalSwapInfoPoolsTokens[poolId];\n return poolTokens.contains(address(token));\n }\n}\n"
},
"src.sol/amm/vault/balances/TwoTokenPoolsBalance.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../lib/helpers/BalancerErrors.sol\";\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./BalanceAllocation.sol\";\nimport \"../PoolRegistry.sol\";\n\nabstract contract TwoTokenPoolsBalance is PoolRegistry {\n using BalanceAllocation for bytes32;\n\n // Data for Pools with the Two Token specialization setting\n //\n // These are similar to the Minimal Swap Info Pool case (because the Pool only has two tokens, and therefore there\n // are only two balances to read), but there's a key difference in how data is stored. Keeping a set makes little\n // sense, as it will only ever hold two tokens, so we can just store those two directly.\n //\n // The gas savings associated with using these Pools come from how token balances are stored: cash amounts for token\n // A and token B are packed together, as are managed amounts. Because only cash changes in a swap, there's no need\n // to write to this second storage slot. A single last change block number for both tokens is stored with the packed\n // cash fields.\n\n struct TwoTokenPoolBalances {\n bytes32 sharedCash;\n bytes32 sharedManaged;\n }\n\n // We could just keep a mapping from Pool ID to TwoTokenSharedBalances, but there's an issue: we wouldn't know to\n // which tokens those balances correspond. This would mean having to also check which are registered with the Pool.\n //\n // What we do instead to save those storage reads is keep a nested mapping from the token pair hash to the balances\n // struct. The Pool only has two tokens, so only a single entry of this mapping is set (the one that corresponds to\n // that pair's hash).\n //\n // This has the trade-off of making Vault code that interacts with these Pools cumbersome: both balances must be\n // accessed at the same time by using both token addresses, and some logic is needed to determine how the pair hash\n // is computed. We do this by sorting the tokens, calling the token with the lowest numerical address value token A,\n // and the other one token B. In functions where the token arguments could be either A or B, we use X and Y instead.\n //\n // If users query a token pair containing an unregistered token, the Pool will generate a hash for a mapping entry\n // that was not set, and return zero balances. Non-zero balances are only possible if both tokens in the pair\n // are registered with the Pool, which means we don't have to check the TwoTokenPoolTokens struct, and can save\n // storage reads.\n\n struct TwoTokenPoolTokens {\n IERC20 tokenA;\n IERC20 tokenB;\n mapping(bytes32 => TwoTokenPoolBalances) balances;\n }\n\n mapping(bytes32 => TwoTokenPoolTokens) private _twoTokenPoolTokens;\n\n /**\n * @dev Registers tokens in a Two Token Pool.\n *\n * This function assumes `poolId` exists and corresponds to the Two Token specialization setting.\n *\n * Requirements:\n *\n * - `tokenX` and `tokenY` must not be the same\n * - The tokens must be ordered: tokenX < tokenY\n */\n function _registerTwoTokenPoolTokens(\n bytes32 poolId,\n IERC20 tokenX,\n IERC20 tokenY\n ) internal {\n // Not technically true since we didn't register yet, but this is consistent with the error messages of other\n // specialization settings.\n _require(tokenX != tokenY, Errors.TOKEN_ALREADY_REGISTERED);\n\n _require(tokenX < tokenY, Errors.UNSORTED_TOKENS);\n\n // A Two Token Pool with no registered tokens is identified by having zero addresses for tokens A and B.\n TwoTokenPoolTokens storage poolTokens = _twoTokenPoolTokens[poolId];\n _require(poolTokens.tokenA == IERC20(0) && poolTokens.tokenB == IERC20(0), Errors.TOKENS_ALREADY_SET);\n\n // Since tokenX < tokenY, tokenX is A and tokenY is B\n poolTokens.tokenA = tokenX;\n poolTokens.tokenB = tokenY;\n\n // Note that we don't initialize the balance mapping: the default value of zero corresponds to an empty\n // balance.\n }\n\n /**\n * @dev Deregisters tokens in a Two Token Pool.\n *\n * This function assumes `poolId` exists and corresponds to the Two Token specialization setting.\n *\n * Requirements:\n *\n * - `tokenX` and `tokenY` must be registered in the Pool\n * - both tokens must have zero balance in the Vault\n */\n function _deregisterTwoTokenPoolTokens(\n bytes32 poolId,\n IERC20 tokenX,\n IERC20 tokenY\n ) internal {\n (\n bytes32 balanceA,\n bytes32 balanceB,\n TwoTokenPoolBalances storage poolBalances\n ) = _getTwoTokenPoolSharedBalances(poolId, tokenX, tokenY);\n\n _require(balanceA.isZero() && balanceB.isZero(), Errors.NONZERO_TOKEN_BALANCE);\n\n delete _twoTokenPoolTokens[poolId];\n\n // For consistency with other Pool specialization settings, we explicitly reset the packed cash field (which may\n // have a non-zero last change block).\n delete poolBalances.sharedCash;\n }\n\n /**\n * @dev Sets the cash balances of a Two Token Pool's tokens.\n *\n * WARNING: this assumes `tokenA` and `tokenB` are the Pool's two registered tokens, and are in the correct order.\n */\n function _setTwoTokenPoolCashBalances(\n bytes32 poolId,\n IERC20 tokenA,\n bytes32 balanceA,\n IERC20 tokenB,\n bytes32 balanceB\n ) internal {\n bytes32 pairHash = _getTwoTokenPairHash(tokenA, tokenB);\n TwoTokenPoolBalances storage poolBalances = _twoTokenPoolTokens[poolId].balances[pairHash];\n poolBalances.sharedCash = BalanceAllocation.toSharedCash(balanceA, balanceB);\n }\n\n /**\n * @dev Transforms `amount` of `token`'s balance in a Two Token Pool from cash into managed.\n *\n * This function assumes `poolId` exists, corresponds to the Two Token specialization setting, and that `token` is\n * registered for that Pool.\n */\n function _twoTokenPoolCashToManaged(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal {\n _updateTwoTokenPoolSharedBalance(poolId, token, BalanceAllocation.cashToManaged, amount);\n }\n\n /**\n * @dev Transforms `amount` of `token`'s balance in a Two Token Pool from managed into cash.\n *\n * This function assumes `poolId` exists, corresponds to the Two Token specialization setting, and that `token` is\n * registered for that Pool.\n */\n function _twoTokenPoolManagedToCash(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal {\n _updateTwoTokenPoolSharedBalance(poolId, token, BalanceAllocation.managedToCash, amount);\n }\n\n /**\n * @dev Sets `token`'s managed balance in a Two Token Pool to `amount`.\n *\n * This function assumes `poolId` exists, corresponds to the Two Token specialization setting, and that `token` is\n * registered for that Pool.\n *\n * Returns the managed balance delta as a result of this call.\n */\n function _setTwoTokenPoolManagedBalance(\n bytes32 poolId,\n IERC20 token,\n uint256 amount\n ) internal returns (int256) {\n return _updateTwoTokenPoolSharedBalance(poolId, token, BalanceAllocation.setManaged, amount);\n }\n\n /**\n * @dev Sets `token`'s balance in a Two Token Pool to the result of the `mutation` function when called with\n * the current balance and `amount`.\n *\n * This function assumes `poolId` exists, corresponds to the Two Token specialization setting, and that `token` is\n * registered for that Pool.\n *\n * Returns the managed balance delta as a result of this call.\n */\n function _updateTwoTokenPoolSharedBalance(\n bytes32 poolId,\n IERC20 token,\n function(bytes32, uint256) returns (bytes32) mutation,\n uint256 amount\n ) private returns (int256) {\n (\n TwoTokenPoolBalances storage balances,\n IERC20 tokenA,\n bytes32 balanceA,\n ,\n bytes32 balanceB\n ) = _getTwoTokenPoolBalances(poolId);\n\n int256 delta;\n if (token == tokenA) {\n bytes32 newBalance = mutation(balanceA, amount);\n delta = newBalance.managedDelta(balanceA);\n balanceA = newBalance;\n } else {\n // token == tokenB\n bytes32 newBalance = mutation(balanceB, amount);\n delta = newBalance.managedDelta(balanceB);\n balanceB = newBalance;\n }\n\n balances.sharedCash = BalanceAllocation.toSharedCash(balanceA, balanceB);\n balances.sharedManaged = BalanceAllocation.toSharedManaged(balanceA, balanceB);\n\n return delta;\n }\n\n /*\n * @dev Returns an array with all the tokens and balances in a Two Token Pool. The order may change when\n * tokens are registered or deregistered.\n *\n * This function assumes `poolId` exists and corresponds to the Two Token specialization setting.\n */\n function _getTwoTokenPoolTokens(bytes32 poolId)\n internal\n view\n returns (IERC20[] memory tokens, bytes32[] memory balances)\n {\n (, IERC20 tokenA, bytes32 balanceA, IERC20 tokenB, bytes32 balanceB) = _getTwoTokenPoolBalances(poolId);\n\n // Both tokens will either be zero (if unregistered) or non-zero (if registered), but we keep the full check for\n // clarity.\n if (tokenA == IERC20(0) || tokenB == IERC20(0)) {\n return (new IERC20[](0), new bytes32[](0));\n }\n\n // Note that functions relying on this getter expect tokens to be properly ordered, so we use the (A, B)\n // ordering.\n\n tokens = new IERC20[](2);\n tokens[0] = tokenA;\n tokens[1] = tokenB;\n\n balances = new bytes32[](2);\n balances[0] = balanceA;\n balances[1] = balanceB;\n }\n\n /**\n * @dev Same as `_getTwoTokenPoolTokens`, except it returns the two tokens and balances directly instead of using\n * an array, as well as a storage pointer to the `TwoTokenPoolBalances` struct, which can be used to update it\n * without having to recompute the pair hash and storage slot.\n */\n function _getTwoTokenPoolBalances(bytes32 poolId)\n private\n view\n returns (\n TwoTokenPoolBalances storage poolBalances,\n IERC20 tokenA,\n bytes32 balanceA,\n IERC20 tokenB,\n bytes32 balanceB\n )\n {\n TwoTokenPoolTokens storage poolTokens = _twoTokenPoolTokens[poolId];\n tokenA = poolTokens.tokenA;\n tokenB = poolTokens.tokenB;\n\n bytes32 pairHash = _getTwoTokenPairHash(tokenA, tokenB);\n poolBalances = poolTokens.balances[pairHash];\n\n bytes32 sharedCash = poolBalances.sharedCash;\n bytes32 sharedManaged = poolBalances.sharedManaged;\n\n balanceA = BalanceAllocation.fromSharedToBalanceA(sharedCash, sharedManaged);\n balanceB = BalanceAllocation.fromSharedToBalanceB(sharedCash, sharedManaged);\n }\n\n /**\n * @dev Returns the balance of a token in a Two Token Pool.\n *\n * This function assumes `poolId` exists and corresponds to the General specialization setting.\n *\n * This function is convenient but not particularly gas efficient, and should be avoided during gas-sensitive\n * operations, such as swaps. For those, _getTwoTokenPoolSharedBalances provides a more flexible interface.\n *\n * Requirements:\n *\n * - `token` must be registered in the Pool\n */\n function _getTwoTokenPoolBalance(bytes32 poolId, IERC20 token) internal view returns (bytes32) {\n // We can't just read the balance of token, because we need to know the full pair in order to compute the pair\n // hash and access the balance mapping. We therefore rely on `_getTwoTokenPoolBalances`.\n (, IERC20 tokenA, bytes32 balanceA, IERC20 tokenB, bytes32 balanceB) = _getTwoTokenPoolBalances(poolId);\n\n if (token == tokenA) {\n return balanceA;\n } else if (token == tokenB) {\n return balanceB;\n } else {\n _revert(Errors.TOKEN_NOT_REGISTERED);\n }\n }\n\n /**\n * @dev Returns the balance of the two tokens in a Two Token Pool.\n *\n * The returned balances are those of token A and token B, where token A is the lowest of token X and token Y, and\n * token B the other.\n *\n * This function also returns a storage pointer to the TwoTokenPoolBalances struct associated with the token pair,\n * which can be used to update it without having to recompute the pair hash and storage slot.\n *\n * Requirements:\n *\n * - `poolId` must be a Minimal Swap Info Pool\n * - `tokenX` and `tokenY` must be registered in the Pool\n */\n function _getTwoTokenPoolSharedBalances(\n bytes32 poolId,\n IERC20 tokenX,\n IERC20 tokenY\n )\n internal\n view\n returns (\n bytes32 balanceA,\n bytes32 balanceB,\n TwoTokenPoolBalances storage poolBalances\n )\n {\n (IERC20 tokenA, IERC20 tokenB) = _sortTwoTokens(tokenX, tokenY);\n bytes32 pairHash = _getTwoTokenPairHash(tokenA, tokenB);\n\n poolBalances = _twoTokenPoolTokens[poolId].balances[pairHash];\n\n // Because we're reading balances using the pair hash, if either token X or token Y is not registered then\n // *both* balance entries will be zero.\n bytes32 sharedCash = poolBalances.sharedCash;\n bytes32 sharedManaged = poolBalances.sharedManaged;\n\n // A non-zero balance guarantees that both tokens are registered. If zero, we manually check whether each\n // token is registered in the Pool. Token registration implies that the Pool is registered as well, which\n // lets us save gas by not performing the check.\n bool tokensRegistered = sharedCash.isNotZero() ||\n sharedManaged.isNotZero() ||\n (_isTwoTokenPoolTokenRegistered(poolId, tokenA) && _isTwoTokenPoolTokenRegistered(poolId, tokenB));\n\n if (!tokensRegistered) {\n // The tokens might not be registered because the Pool itself is not registered. We check this to provide a\n // more accurate revert reason.\n _ensureRegisteredPool(poolId);\n _revert(Errors.TOKEN_NOT_REGISTERED);\n }\n\n balanceA = BalanceAllocation.fromSharedToBalanceA(sharedCash, sharedManaged);\n balanceB = BalanceAllocation.fromSharedToBalanceB(sharedCash, sharedManaged);\n }\n\n /**\n * @dev Returns true if `token` is registered in a Two Token Pool.\n *\n * This function assumes `poolId` exists and corresponds to the Two Token specialization setting.\n */\n function _isTwoTokenPoolTokenRegistered(bytes32 poolId, IERC20 token) internal view returns (bool) {\n TwoTokenPoolTokens storage poolTokens = _twoTokenPoolTokens[poolId];\n\n // The zero address can never be a registered token.\n return (token == poolTokens.tokenA || token == poolTokens.tokenB) && token != IERC20(0);\n }\n\n /**\n * @dev Returns the hash associated with a given token pair.\n */\n function _getTwoTokenPairHash(IERC20 tokenA, IERC20 tokenB) private pure returns (bytes32) {\n return keccak256(abi.encodePacked(tokenA, tokenB));\n }\n\n /**\n * @dev Sorts two tokens in ascending order, returning them as a (tokenA, tokenB) tuple.\n */\n function _sortTwoTokens(IERC20 tokenX, IERC20 tokenY) private pure returns (IERC20, IERC20) {\n return tokenX < tokenY ? (tokenX, tokenY) : (tokenY, tokenX);\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/SafeCast.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/**\n * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow\n * checks.\n *\n * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can\n * easily result in undesired exploitation or bugs, since developers usually\n * assume that overflows raise errors. `SafeCast` restores this intuition by\n * reverting the transaction when such an operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n *\n * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing\n * all math on `uint256` and `int256` and then downcasting.\n */\nlibrary SafeCast {\n /**\n * @dev Converts an unsigned uint256 into a signed int256.\n *\n * Requirements:\n *\n * - input must be less than or equal to maxInt256.\n */\n function toInt256(uint256 value) internal pure returns (int256) {\n _require(value < 2**255, Errors.SAFE_CAST_VALUE_CANT_FIT_INT256);\n return int256(value);\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/EnumerableMap.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\n// Based on the EnumerableMap library from OpenZeppelin contracts, altered to include the following:\n// * a map from IERC20 to bytes32\n// * entries are stored in mappings instead of arrays, reducing implicit storage reads for out-of-bounds checks\n// * unchecked_at and unchecked_valueAt, which allow for more gas efficient data reads in some scenarios\n// * unchecked_indexOf and unchecked_setAt, which allow for more gas efficient data writes in some scenarios\n//\n// Additionally, the base private functions that work on bytes32 were removed and replaced with a native implementation\n// for IERC20 keys, to reduce bytecode size and runtime costs.\n\n// We're using non-standard casing for the unchecked functions to differentiate them, so we need to turn off that rule\n// solhint-disable func-name-mixedcase\n\nimport \"./IERC20.sol\";\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/**\n * @dev Library for managing an enumerable variant of Solidity's\n * https://solidity.readthedocs.io/en/latest/types.html#mapping-types[`mapping`]\n * type.\n *\n * Maps have the following properties:\n *\n * - Entries are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Entries are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableMap for EnumerableMap.UintToAddressMap;\n *\n * // Declare a set state variable\n * EnumerableMap.UintToAddressMap private myMap;\n * }\n * ```\n */\nlibrary EnumerableMap {\n // The original OpenZeppelin implementation uses a generic Map type with bytes32 keys: this was replaced with\n // IERC20ToBytes32Map, which uses IERC20 keys natively, resulting in more dense bytecode.\n\n struct IERC20ToBytes32MapEntry {\n IERC20 _key;\n bytes32 _value;\n }\n\n struct IERC20ToBytes32Map {\n // Number of entries in the map\n uint256 _length;\n // Storage of map keys and values\n mapping(uint256 => IERC20ToBytes32MapEntry) _entries;\n // Position of the entry defined by a key in the `entries` array, plus 1\n // because index 0 means a key is not in the map.\n mapping(IERC20 => uint256) _indexes;\n }\n\n /**\n * @dev Adds a key-value pair to a map, or updates the value for an existing\n * key. O(1).\n *\n * Returns true if the key was added to the map, that is if it was not\n * already present.\n */\n function set(\n IERC20ToBytes32Map storage map,\n IERC20 key,\n bytes32 value\n ) internal returns (bool) {\n // We read and store the key's index to prevent multiple reads from the same storage slot\n uint256 keyIndex = map._indexes[key];\n\n // Equivalent to !contains(map, key)\n if (keyIndex == 0) {\n uint256 previousLength = map._length;\n map._entries[previousLength] = IERC20ToBytes32MapEntry({ _key: key, _value: value });\n map._length = previousLength + 1;\n\n // The entry is stored at previousLength, but we add 1 to all indexes\n // and use 0 as a sentinel value\n map._indexes[key] = previousLength + 1;\n return true;\n } else {\n map._entries[keyIndex - 1]._value = value;\n return false;\n }\n }\n\n /**\n * @dev Updates the value for an entry, given its key's index. The key index can be retrieved via\n * {unchecked_indexOf}, and it should be noted that key indices may change when calling {set} or {remove}. O(1).\n *\n * This function performs one less storage read than {set}, but it should only be used when `index` is known to be\n * within bounds.\n */\n function unchecked_setAt(\n IERC20ToBytes32Map storage map,\n uint256 index,\n bytes32 value\n ) internal {\n map._entries[index]._value = value;\n }\n\n /**\n * @dev Removes a key-value pair from a map. O(1).\n *\n * Returns true if the key was removed from the map, that is if it was present.\n */\n function remove(IERC20ToBytes32Map storage map, IERC20 key) internal returns (bool) {\n // We read and store the key's index to prevent multiple reads from the same storage slot\n uint256 keyIndex = map._indexes[key];\n\n // Equivalent to contains(map, key)\n if (keyIndex != 0) {\n // To delete a key-value pair from the _entries pseudo-array in O(1), we swap the entry to delete with the\n // one at the highest index, and then remove this last entry (sometimes called as 'swap and pop').\n // This modifies the order of the pseudo-array, as noted in {at}.\n\n uint256 toDeleteIndex = keyIndex - 1;\n uint256 lastIndex = map._length - 1;\n\n // When the entry to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n IERC20ToBytes32MapEntry storage lastEntry = map._entries[lastIndex];\n\n // Move the last entry to the index where the entry to delete is\n map._entries[toDeleteIndex] = lastEntry;\n // Update the index for the moved entry\n map._indexes[lastEntry._key] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved entry was stored\n delete map._entries[lastIndex];\n map._length = lastIndex;\n\n // Delete the index for the deleted slot\n delete map._indexes[key];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the key is in the map. O(1).\n */\n function contains(IERC20ToBytes32Map storage map, IERC20 key) internal view returns (bool) {\n return map._indexes[key] != 0;\n }\n\n /**\n * @dev Returns the number of key-value pairs in the map. O(1).\n */\n function length(IERC20ToBytes32Map storage map) internal view returns (uint256) {\n return map._length;\n }\n\n /**\n * @dev Returns the key-value pair stored at position `index` in the map. O(1).\n *\n * Note that there are no guarantees on the ordering of entries inside the\n * array, and it may change when more entries are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(IERC20ToBytes32Map storage map, uint256 index) internal view returns (IERC20, bytes32) {\n _require(map._length > index, Errors.OUT_OF_BOUNDS);\n return unchecked_at(map, index);\n }\n\n /**\n * @dev Same as {at}, except this doesn't revert if `index` it outside of the map (i.e. if it is equal or larger\n * than {length}). O(1).\n *\n * This function performs one less storage read than {at}, but should only be used when `index` is known to be\n * within bounds.\n */\n function unchecked_at(IERC20ToBytes32Map storage map, uint256 index) internal view returns (IERC20, bytes32) {\n IERC20ToBytes32MapEntry storage entry = map._entries[index];\n return (entry._key, entry._value);\n }\n\n /**\n * @dev Same as {unchecked_At}, except it only returns the value and not the key (performing one less storage\n * read). O(1).\n */\n function unchecked_valueAt(IERC20ToBytes32Map storage map, uint256 index) internal view returns (bytes32) {\n return map._entries[index]._value;\n }\n\n /**\n * @dev Returns the value associated with `key`. O(1).\n *\n * Requirements:\n *\n * - `key` must be in the map. Reverts with `errorCode` otherwise.\n */\n function get(\n IERC20ToBytes32Map storage map,\n IERC20 key,\n uint256 errorCode\n ) internal view returns (bytes32) {\n uint256 index = map._indexes[key];\n _require(index > 0, errorCode);\n return unchecked_valueAt(map, index - 1);\n }\n\n /**\n * @dev Returns the index for `key` **plus one**. Does not revert if the key is not in the map, and returns 0\n * instead.\n */\n function unchecked_indexOf(IERC20ToBytes32Map storage map, IERC20 key) internal view returns (uint256) {\n return map._indexes[key];\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/EnumerableSet.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n// Based on the EnumerableSet library from OpenZeppelin contracts, altered to remove the base private functions that\n// work on bytes32, replacing them with a native implementation for address values, to reduce bytecode size and runtime\n// costs.\n// The `unchecked_at` function was also added, which allows for more gas efficient data reads in some scenarios.\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // The original OpenZeppelin implementation uses a generic Set type with bytes32 values: this was replaced with\n // AddressSet, which uses address keys natively, resulting in more dense bytecode.\n\n struct AddressSet {\n // Storage of set values\n address[] _values;\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping(address => uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n if (!contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) {\n // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n address lastValue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastValue;\n // Update the index for the moved value\n set._indexes[lastValue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n _require(set._values.length > index, Errors.OUT_OF_BOUNDS);\n return unchecked_at(set, index);\n }\n\n /**\n * @dev Same as {at}, except this doesn't revert if `index` it outside of the set (i.e. if it is equal or larger\n * than {length}). O(1).\n *\n * This function performs one less storage read than {at}, but should only be used when `index` is known to be\n * within bounds.\n */\n function unchecked_at(AddressSet storage set, uint256 index) internal view returns (address) {\n return set._values[index];\n }\n}\n"
},
"src.sol/amm/vault/interfaces/IPoolSwapStructs.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./IVault.sol\";\n\ninterface IPoolSwapStructs {\n // This is not really an interface - it just defines common structs used by other interfaces: IGeneralPool and\n // IMinimalSwapInfoPool.\n //\n // This data structure represents a request for a token swap, where `kind` indicates the swap type ('given in' or\n // 'given out') which indicates whether or not the amount sent by the pool is known.\n //\n // The pool receives `tokenIn` and sends `tokenOut`. `amount` is the number of `tokenIn` tokens the pool will take\n // in, or the number of `tokenOut` tokens the Pool will send out, depending on the given swap `kind`.\n //\n // All other fields are not strictly necessary for most swaps, but are provided to support advanced scenarios in\n // some Pools.\n //\n // `poolId` is the ID of the Pool involved in the swap - this is useful for Pool contracts that implement more than\n // one Pool.\n //\n // The meaning of `lastChangeBlock` depends on the Pool specialization:\n // - Two Token or Minimal Swap Info: the last block in which either `tokenIn` or `tokenOut` changed its total\n // balance.\n // - General: the last block in which *any* of the Pool's registered tokens changed its total balance.\n //\n // `from` is the origin address for the funds the Pool receives, and `to` is the destination address\n // where the Pool sends the outgoing tokens.\n //\n // `userData` is extra data provided by the caller - typically a signature from a trusted party.\n struct SwapRequest {\n IVault.SwapKind kind;\n IERC20 tokenIn;\n IERC20 tokenOut;\n uint256 amount;\n // Misc data\n bytes32 poolId;\n uint256 lastChangeBlock;\n address from;\n address to;\n bytes userData;\n }\n}\n"
},
"src.sol/amm/vault/Swaps.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/math/Math.sol\";\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/helpers/InputHelpers.sol\";\nimport \"../lib/openzeppelin/EnumerableMap.sol\";\nimport \"../lib/openzeppelin/EnumerableSet.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\nimport \"../lib/openzeppelin/SafeCast.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\n\nimport \"./PoolBalances.sol\";\nimport \"./interfaces/IPoolSwapStructs.sol\";\nimport \"./interfaces/IGeneralPool.sol\";\nimport \"./interfaces/IMinimalSwapInfoPool.sol\";\nimport \"./balances/BalanceAllocation.sol\";\n\n/**\n * Implements the Vault's high-level swap functionality.\n *\n * Users can swap tokens with Pools by calling the `swap` and `batchSwap` functions. They need not trust the Pool\n * contracts to do this: all security checks are made by the Vault.\n *\n * The `swap` function executes a single swap, while `batchSwap` can perform multiple swaps in sequence.\n * In each individual swap, tokens of one kind are sent from the sender to the Pool (this is the 'token in'),\n * and tokens of another kind are sent from the Pool to the recipient in exchange (this is the 'token out').\n * More complex swaps, such as one 'token in' to multiple tokens out can be achieved by batching together\n * individual swaps.\n */\nabstract contract Swaps is ReentrancyGuard, PoolBalances {\n using SafeERC20 for IERC20;\n using EnumerableSet for EnumerableSet.AddressSet;\n using EnumerableMap for EnumerableMap.IERC20ToBytes32Map;\n\n using Math for int256;\n using Math for uint256;\n using SafeCast for uint256;\n using BalanceAllocation for bytes32;\n\n function swap(\n SingleSwap memory singleSwap,\n FundManagement memory funds,\n uint256 limit,\n uint256 deadline\n )\n external\n payable\n override\n nonReentrant\n whenNotPaused\n authenticateFor(funds.sender)\n returns (uint256 amountCalculated)\n {\n // The deadline is timestamp-based: it should not be relied upon for sub-minute accuracy.\n // solhint-disable-next-line not-rely-on-time\n _require(block.timestamp <= deadline, Errors.SWAP_DEADLINE);\n\n // This revert reason is for consistency with `batchSwap`: an equivalent `swap` performed using that function\n // would result in this error.\n _require(singleSwap.amount > 0, Errors.UNKNOWN_AMOUNT_IN_FIRST_SWAP);\n\n IERC20 tokenIn = _translateToIERC20(singleSwap.assetIn);\n IERC20 tokenOut = _translateToIERC20(singleSwap.assetOut);\n _require(tokenIn != tokenOut, Errors.CANNOT_SWAP_SAME_TOKEN);\n\n // Initializing each struct field one-by-one uses less gas than setting all at once.\n IPoolSwapStructs.SwapRequest memory poolRequest;\n poolRequest.poolId = singleSwap.poolId;\n poolRequest.kind = singleSwap.kind;\n poolRequest.tokenIn = tokenIn;\n poolRequest.tokenOut = tokenOut;\n poolRequest.amount = singleSwap.amount;\n poolRequest.userData = singleSwap.userData;\n poolRequest.from = funds.sender;\n poolRequest.to = funds.recipient;\n // The lastChangeBlock field is left uninitialized.\n\n uint256 amountIn;\n uint256 amountOut;\n\n (amountCalculated, amountIn, amountOut) = _swapWithPool(poolRequest);\n _require(singleSwap.kind == SwapKind.GIVEN_IN ? amountOut >= limit : amountIn <= limit, Errors.SWAP_LIMIT);\n\n _receiveAsset(singleSwap.assetIn, amountIn, funds.sender, funds.fromInternalBalance);\n _sendAsset(singleSwap.assetOut, amountOut, funds.recipient, funds.toInternalBalance);\n\n // If the asset in is ETH, then `amountIn` ETH was wrapped into WETH.\n _handleRemainingEth(_isETH(singleSwap.assetIn) ? amountIn : 0);\n }\n\n function batchSwap(\n SwapKind kind,\n BatchSwapStep[] memory swaps,\n IAsset[] memory assets,\n FundManagement memory funds,\n int256[] memory limits,\n uint256 deadline\n )\n external\n payable\n override\n nonReentrant\n whenNotPaused\n authenticateFor(funds.sender)\n returns (int256[] memory assetDeltas)\n {\n // The deadline is timestamp-based: it should not be relied upon for sub-minute accuracy.\n // solhint-disable-next-line not-rely-on-time\n _require(block.timestamp <= deadline, Errors.SWAP_DEADLINE);\n\n InputHelpers.ensureInputLengthMatch(assets.length, limits.length);\n\n // Perform the swaps, updating the Pool token balances and computing the net Vault asset deltas.\n assetDeltas = _swapWithPools(swaps, assets, funds, kind);\n\n // Process asset deltas, by either transferring assets from the sender (for positive deltas) or to the recipient\n // (for negative deltas).\n uint256 wrappedEth = 0;\n for (uint256 i = 0; i < assets.length; ++i) {\n IAsset asset = assets[i];\n int256 delta = assetDeltas[i];\n _require(delta <= limits[i], Errors.SWAP_LIMIT);\n\n if (delta > 0) {\n uint256 toReceive = uint256(delta);\n _receiveAsset(asset, toReceive, funds.sender, funds.fromInternalBalance);\n\n if (_isETH(asset)) {\n wrappedEth = wrappedEth.add(toReceive);\n }\n } else if (delta < 0) {\n uint256 toSend = uint256(-delta);\n _sendAsset(asset, toSend, funds.recipient, funds.toInternalBalance);\n }\n }\n\n // Handle any used and remaining ETH.\n _handleRemainingEth(wrappedEth);\n }\n\n // For `_swapWithPools` to handle both 'given in' and 'given out' swaps, it internally tracks the 'given' amount\n // (supplied by the caller), and the 'calculated' amount (returned by the Pool in response to the swap request).\n\n /**\n * @dev Given the two swap tokens and the swap kind, returns which one is the 'given' token (the token whose\n * amount is supplied by the caller).\n */\n function _tokenGiven(\n SwapKind kind,\n IERC20 tokenIn,\n IERC20 tokenOut\n ) private pure returns (IERC20) {\n return kind == SwapKind.GIVEN_IN ? tokenIn : tokenOut;\n }\n\n /**\n * @dev Given the two swap tokens and the swap kind, returns which one is the 'calculated' token (the token whose\n * amount is calculated by the Pool).\n */\n function _tokenCalculated(\n SwapKind kind,\n IERC20 tokenIn,\n IERC20 tokenOut\n ) private pure returns (IERC20) {\n return kind == SwapKind.GIVEN_IN ? tokenOut : tokenIn;\n }\n\n /**\n * @dev Returns an ordered pair (amountIn, amountOut) given the 'given' and 'calculated' amounts, and the swap kind.\n */\n function _getAmounts(\n SwapKind kind,\n uint256 amountGiven,\n uint256 amountCalculated\n ) private pure returns (uint256 amountIn, uint256 amountOut) {\n if (kind == SwapKind.GIVEN_IN) {\n (amountIn, amountOut) = (amountGiven, amountCalculated);\n } else {\n // SwapKind.GIVEN_OUT\n (amountIn, amountOut) = (amountCalculated, amountGiven);\n }\n }\n\n /**\n * @dev Performs all `swaps`, calling swap hooks on the Pool contracts and updating their balances. Does not cause\n * any transfer of tokens - instead it returns the net Vault token deltas: positive if the Vault should receive\n * tokens, and negative if it should send them.\n */\n function _swapWithPools(\n BatchSwapStep[] memory swaps,\n IAsset[] memory assets,\n FundManagement memory funds,\n SwapKind kind\n ) private returns (int256[] memory assetDeltas) {\n assetDeltas = new int256[](assets.length);\n\n // These variables could be declared inside the loop, but that causes the compiler to allocate memory on each\n // loop iteration, increasing gas costs.\n BatchSwapStep memory batchSwapStep;\n IPoolSwapStructs.SwapRequest memory poolRequest;\n\n // These store data about the previous swap here to implement multihop logic across swaps.\n IERC20 previousTokenCalculated;\n uint256 previousAmountCalculated;\n\n for (uint256 i = 0; i < swaps.length; ++i) {\n batchSwapStep = swaps[i];\n\n bool withinBounds = batchSwapStep.assetInIndex < assets.length &&\n batchSwapStep.assetOutIndex < assets.length;\n _require(withinBounds, Errors.OUT_OF_BOUNDS);\n\n IERC20 tokenIn = _translateToIERC20(assets[batchSwapStep.assetInIndex]);\n IERC20 tokenOut = _translateToIERC20(assets[batchSwapStep.assetOutIndex]);\n _require(tokenIn != tokenOut, Errors.CANNOT_SWAP_SAME_TOKEN);\n\n // Sentinel value for multihop logic\n if (batchSwapStep.amount == 0) {\n // When the amount given is zero, we use the calculated amount for the previous swap, as long as the\n // current swap's given token is the previous calculated token. This makes it possible to swap a\n // given amount of token A for token B, and then use the resulting token B amount to swap for token C.\n _require(i > 0, Errors.UNKNOWN_AMOUNT_IN_FIRST_SWAP);\n bool usingPreviousToken = previousTokenCalculated == _tokenGiven(kind, tokenIn, tokenOut);\n _require(usingPreviousToken, Errors.MALCONSTRUCTED_MULTIHOP_SWAP);\n batchSwapStep.amount = previousAmountCalculated;\n }\n\n // Initializing each struct field one-by-one uses less gas than setting all at once\n poolRequest.poolId = batchSwapStep.poolId;\n poolRequest.kind = kind;\n poolRequest.tokenIn = tokenIn;\n poolRequest.tokenOut = tokenOut;\n poolRequest.amount = batchSwapStep.amount;\n poolRequest.userData = batchSwapStep.userData;\n poolRequest.from = funds.sender;\n poolRequest.to = funds.recipient;\n // The lastChangeBlock field is left uninitialized\n\n uint256 amountIn;\n uint256 amountOut;\n (previousAmountCalculated, amountIn, amountOut) = _swapWithPool(poolRequest);\n\n previousTokenCalculated = _tokenCalculated(kind, tokenIn, tokenOut);\n\n // Accumulate Vault deltas across swaps\n assetDeltas[batchSwapStep.assetInIndex] = assetDeltas[batchSwapStep.assetInIndex].add(amountIn.toInt256());\n assetDeltas[batchSwapStep.assetOutIndex] = assetDeltas[batchSwapStep.assetOutIndex].sub(\n amountOut.toInt256()\n );\n }\n }\n\n /**\n * @dev Performs a swap according to the parameters specified in `request`, calling the Pool's contract hook and\n * updating the Pool's balance.\n *\n * Returns the amount of tokens going into or out of the Vault as a result of this swap, depending on the swap kind.\n */\n function _swapWithPool(IPoolSwapStructs.SwapRequest memory request)\n private\n returns (\n uint256 amountCalculated,\n uint256 amountIn,\n uint256 amountOut\n )\n {\n // Get the calculated amount from the Pool and update its balances\n address pool = _getPoolAddress(request.poolId);\n PoolSpecialization specialization = _getPoolSpecialization(request.poolId);\n\n if (specialization == PoolSpecialization.TWO_TOKEN) {\n amountCalculated = _processTwoTokenPoolSwapRequest(request, IMinimalSwapInfoPool(pool));\n } else if (specialization == PoolSpecialization.MINIMAL_SWAP_INFO) {\n amountCalculated = _processMinimalSwapInfoPoolSwapRequest(request, IMinimalSwapInfoPool(pool));\n } else {\n // PoolSpecialization.GENERAL\n amountCalculated = _processGeneralPoolSwapRequest(request, IGeneralPool(pool));\n }\n\n (amountIn, amountOut) = _getAmounts(request.kind, request.amount, amountCalculated);\n emit Swap(request.poolId, request.tokenIn, request.tokenOut, amountIn, amountOut);\n }\n\n function _processTwoTokenPoolSwapRequest(IPoolSwapStructs.SwapRequest memory request, IMinimalSwapInfoPool pool)\n private\n returns (uint256 amountCalculated)\n {\n // For gas efficiency reasons, this function uses low-level knowledge of how Two Token Pool balances are\n // stored internally, instead of using getters and setters for all operations.\n\n (\n bytes32 tokenABalance,\n bytes32 tokenBBalance,\n TwoTokenPoolBalances storage poolBalances\n ) = _getTwoTokenPoolSharedBalances(request.poolId, request.tokenIn, request.tokenOut);\n\n // We have the two Pool balances, but we don't know which one is 'token in' or 'token out'.\n bytes32 tokenInBalance;\n bytes32 tokenOutBalance;\n\n // In Two Token Pools, token A has a smaller address than token B\n if (request.tokenIn < request.tokenOut) {\n // in is A, out is B\n tokenInBalance = tokenABalance;\n tokenOutBalance = tokenBBalance;\n } else {\n // in is B, out is A\n tokenOutBalance = tokenABalance;\n tokenInBalance = tokenBBalance;\n }\n\n // Perform the swap request and compute the new balances for 'token in' and 'token out' after the swap\n (tokenInBalance, tokenOutBalance, amountCalculated) = _callMinimalSwapInfoPoolOnSwapHook(\n request,\n pool,\n tokenInBalance,\n tokenOutBalance\n );\n\n // We check the token ordering again to create the new shared cash packed struct\n poolBalances.sharedCash = request.tokenIn < request.tokenOut\n ? BalanceAllocation.toSharedCash(tokenInBalance, tokenOutBalance) // in is A, out is B\n : BalanceAllocation.toSharedCash(tokenOutBalance, tokenInBalance); // in is B, out is A\n }\n\n function _processMinimalSwapInfoPoolSwapRequest(\n IPoolSwapStructs.SwapRequest memory request,\n IMinimalSwapInfoPool pool\n ) private returns (uint256 amountCalculated) {\n bytes32 tokenInBalance = _getMinimalSwapInfoPoolBalance(request.poolId, request.tokenIn);\n bytes32 tokenOutBalance = _getMinimalSwapInfoPoolBalance(request.poolId, request.tokenOut);\n\n // Perform the swap request and compute the new balances for 'token in' and 'token out' after the swap\n (tokenInBalance, tokenOutBalance, amountCalculated) = _callMinimalSwapInfoPoolOnSwapHook(\n request,\n pool,\n tokenInBalance,\n tokenOutBalance\n );\n\n _minimalSwapInfoPoolsBalances[request.poolId][request.tokenIn] = tokenInBalance;\n _minimalSwapInfoPoolsBalances[request.poolId][request.tokenOut] = tokenOutBalance;\n }\n\n /**\n * @dev Calls the onSwap hook for a Pool that implements IMinimalSwapInfoPool: both Minimal Swap Info and Two Token\n * Pools do this.\n */\n function _callMinimalSwapInfoPoolOnSwapHook(\n IPoolSwapStructs.SwapRequest memory request,\n IMinimalSwapInfoPool pool,\n bytes32 tokenInBalance,\n bytes32 tokenOutBalance\n )\n internal\n returns (\n bytes32 newTokenInBalance,\n bytes32 newTokenOutBalance,\n uint256 amountCalculated\n )\n {\n uint256 tokenInTotal = tokenInBalance.total();\n uint256 tokenOutTotal = tokenOutBalance.total();\n request.lastChangeBlock = Math.max(tokenInBalance.lastChangeBlock(), tokenOutBalance.lastChangeBlock());\n\n // Perform the swap request callback, and compute the new balances for 'token in' and 'token out' after the swap\n amountCalculated = pool.onSwap(request, tokenInTotal, tokenOutTotal);\n (uint256 amountIn, uint256 amountOut) = _getAmounts(request.kind, request.amount, amountCalculated);\n\n newTokenInBalance = tokenInBalance.increaseCash(amountIn);\n newTokenOutBalance = tokenOutBalance.decreaseCash(amountOut);\n }\n\n function _processGeneralPoolSwapRequest(IPoolSwapStructs.SwapRequest memory request, IGeneralPool pool)\n private\n returns (uint256 amountCalculated)\n {\n bytes32 tokenInBalance;\n bytes32 tokenOutBalance;\n\n // We access both token indexes without checking existence, because we will do it manually immediately after.\n EnumerableMap.IERC20ToBytes32Map storage poolBalances = _generalPoolsBalances[request.poolId];\n uint256 indexIn = poolBalances.unchecked_indexOf(request.tokenIn);\n uint256 indexOut = poolBalances.unchecked_indexOf(request.tokenOut);\n\n if (indexIn == 0 || indexOut == 0) {\n // The tokens might not be registered because the Pool itself is not registered. We check this to provide a\n // more accurate revert reason.\n _ensureRegisteredPool(request.poolId);\n _revert(Errors.TOKEN_NOT_REGISTERED);\n }\n\n // EnumerableMap stores indices *plus one* to use the zero index as a sentinel value - because these are valid,\n // we can undo this.\n indexIn -= 1;\n indexOut -= 1;\n\n uint256 tokenAmount = poolBalances.length();\n uint256[] memory currentBalances = new uint256[](tokenAmount);\n\n request.lastChangeBlock = 0;\n for (uint256 i = 0; i < tokenAmount; i++) {\n // Because the iteration is bounded by `tokenAmount`, and no tokens are registered or deregistered here, we\n // know `i` is a valid token index and can use `unchecked_valueAt` to save storage reads.\n bytes32 balance = poolBalances.unchecked_valueAt(i);\n\n currentBalances[i] = balance.total();\n request.lastChangeBlock = Math.max(request.lastChangeBlock, balance.lastChangeBlock());\n\n if (i == indexIn) {\n tokenInBalance = balance;\n } else if (i == indexOut) {\n tokenOutBalance = balance;\n }\n }\n\n // Perform the swap request callback and compute the new balances for 'token in' and 'token out' after the swap\n amountCalculated = pool.onSwap(request, currentBalances, indexIn, indexOut);\n (uint256 amountIn, uint256 amountOut) = _getAmounts(request.kind, request.amount, amountCalculated);\n tokenInBalance = tokenInBalance.increaseCash(amountIn);\n tokenOutBalance = tokenOutBalance.decreaseCash(amountOut);\n\n // Because no tokens were registered or deregistered between now or when we retrieved the indexes for\n // 'token in' and 'token out', we can use `unchecked_setAt` to save storage reads.\n poolBalances.unchecked_setAt(indexIn, tokenInBalance);\n poolBalances.unchecked_setAt(indexOut, tokenOutBalance);\n }\n\n // This function is not marked as `nonReentrant` because the underlying mechanism relies on reentrancy\n function queryBatchSwap(\n SwapKind kind,\n BatchSwapStep[] memory swaps,\n IAsset[] memory assets,\n FundManagement memory funds\n ) external override returns (int256[] memory) {\n // In order to accurately 'simulate' swaps, this function actually does perform the swaps, including calling the\n // Pool hooks and updating balances in storage. However, once it computes the final Vault Deltas, it\n // reverts unconditionally, returning this array as the revert data.\n //\n // By wrapping this reverting call, we can decode the deltas 'returned' and return them as a normal Solidity\n // function would. The only caveat is the function becomes non-view, but off-chain clients can still call it\n // via eth_call to get the expected result.\n //\n // This technique was inspired by the work from the Gnosis team in the Gnosis Safe contract:\n // https://github.com/gnosis/safe-contracts/blob/v1.2.0/contracts/GnosisSafe.sol#L265\n //\n // Most of this function is implemented using inline assembly, as the actual work it needs to do is not\n // significant, and Solidity is not particularly well-suited to generate this behavior, resulting in a large\n // amount of generated bytecode.\n\n if (msg.sender != address(this)) {\n // We perform an external call to ourselves, forwarding the same calldata. In this call, the else clause of\n // the preceding if statement will be executed instead.\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, ) = address(this).call(msg.data);\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n // This call should always revert to decode the actual asset deltas from the revert reason\n switch success\n case 0 {\n // Note we are manually writing the memory slot 0. We can safely overwrite whatever is\n // stored there as we take full control of the execution and then immediately return.\n\n // We copy the first 4 bytes to check if it matches with the expected signature, otherwise\n // there was another revert reason and we should forward it.\n returndatacopy(0, 0, 0x04)\n let error := and(mload(0), 0xffffffff00000000000000000000000000000000000000000000000000000000)\n\n // If the first 4 bytes don't match with the expected signature, we forward the revert reason.\n if eq(eq(error, 0xfa61cc1200000000000000000000000000000000000000000000000000000000), 0) {\n returndatacopy(0, 0, returndatasize())\n revert(0, returndatasize())\n }\n\n // The returndata contains the signature, followed by the raw memory representation of an array:\n // length + data. We need to return an ABI-encoded representation of this array.\n // An ABI-encoded array contains an additional field when compared to its raw memory\n // representation: an offset to the location of the length. The offset itself is 32 bytes long,\n // so the smallest value we can use is 32 for the data to be located immediately after it.\n mstore(0, 32)\n\n // We now copy the raw memory array from returndata into memory. Since the offset takes up 32\n // bytes, we start copying at address 0x20. We also get rid of the error signature, which takes\n // the first four bytes of returndata.\n let size := sub(returndatasize(), 0x04)\n returndatacopy(0x20, 0x04, size)\n\n // We finally return the ABI-encoded array, which has a total length equal to that of the array\n // (returndata), plus the 32 bytes for the offset.\n return(0, add(size, 32))\n }\n default {\n // This call should always revert, but we fail nonetheless if that didn't happen\n invalid()\n }\n }\n } else {\n int256[] memory deltas = _swapWithPools(swaps, assets, funds, kind);\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n // We will return a raw representation of the array in memory, which is composed of a 32 byte length,\n // followed by the 32 byte int256 values. Because revert expects a size in bytes, we multiply the array\n // length (stored at `deltas`) by 32.\n let size := mul(mload(deltas), 32)\n\n // We send one extra value for the error signature \"QueryError(int256[])\" which is 0xfa61cc12.\n // We store it in the previous slot to the `deltas` array. We know there will be at least one available\n // slot due to how the memory scratch space works.\n // We can safely overwrite whatever is stored in this slot as we will revert immediately after that.\n mstore(sub(deltas, 0x20), 0x00000000000000000000000000000000000000000000000000000000fa61cc12)\n let start := sub(deltas, 0x04)\n\n // When copying from `deltas` into returndata, we copy an additional 36 bytes to also return the array's\n // length and the error signature.\n revert(start, add(size, 36))\n }\n }\n }\n}\n"
},
"src.sol/amm/vault/interfaces/IGeneralPool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"./IBasePool.sol\";\n\n/**\n * @dev IPools with the General specialization setting should implement this interface.\n *\n * This is called by the Vault when a user calls `IVault.swap` or `IVault.batchSwap` to swap with this Pool.\n * Returns the number of tokens the Pool will grant to the user in a 'given in' swap, or that the user will\n * grant to the pool in a 'given out' swap.\n *\n * This can often be implemented by a `view` function, since many pricing algorithms don't need to track state\n * changes in swaps. However, contracts implementing this in non-view functions should check that the caller is\n * indeed the Vault.\n */\ninterface IGeneralPool is IBasePool {\n function onSwap(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) external returns (uint256 amount);\n}\n"
},
"src.sol/amm/vault/interfaces/IMinimalSwapInfoPool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"./IBasePool.sol\";\n\n/**\n * @dev Pool contracts with the MinimalSwapInfo or TwoToken specialization settings should implement this interface.\n *\n * This is called by the Vault when a user calls `IVault.swap` or `IVault.batchSwap` to swap with this Pool.\n * Returns the number of tokens the Pool will grant to the user in a 'given in' swap, or that the user will grant\n * to the pool in a 'given out' swap.\n *\n * This can often be implemented by a `view` function, since many pricing algorithms don't need to track state\n * changes in swaps. However, contracts implementing this in non-view functions should check that the caller is\n * indeed the Vault.\n */\ninterface IMinimalSwapInfoPool is IBasePool {\n function onSwap(\n SwapRequest memory swapRequest,\n uint256 currentBalanceTokenIn,\n uint256 currentBalanceTokenOut\n ) external returns (uint256 amount);\n}\n"
},
"src.sol/amm/vault/Vault.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"./interfaces/IAuthorizer.sol\";\nimport \"./interfaces/IWETH.sol\";\n\nimport \"./VaultAuthorization.sol\";\nimport \"./FlashLoans.sol\";\nimport \"./Swaps.sol\";\n\n/**\n * @dev The `Vault` is Balancer V2's core contract. A single instance of it exists for the entire network, and it is the\n * entity used to interact with Pools by Liquidity Providers who join and exit them, Traders who swap, and Asset\n * Managers who withdraw and deposit tokens.\n *\n * The `Vault`'s source code is split among a number of sub-contracts, with the goal of improving readability and making\n * understanding the system easier. Most sub-contracts have been marked as `abstract` to explicitly indicate that only\n * the full `Vault` is meant to be deployed.\n *\n * Roughly speaking, these are the contents of each sub-contract:\n *\n * - `AssetManagers`: Pool token Asset Manager registry, and Asset Manager interactions.\n * - `Fees`: set and compute protocol fees.\n * - `FlashLoans`: flash loan transfers and fees.\n * - `PoolBalances`: Pool joins and exits.\n * - `PoolRegistry`: Pool registration, ID management, and basic queries.\n * - `PoolTokens`: Pool token registration and registration, and balance queries.\n * - `Swaps`: Pool swaps.\n * - `UserBalance`: manage user balances (Internal Balance operations and external balance transfers)\n * - `VaultAuthorization`: access control, relayers and signature validation.\n *\n * Additionally, the different Pool specializations are handled by the `GeneralPoolsBalance`,\n * `MinimalSwapInfoPoolsBalance` and `TwoTokenPoolsBalance` sub-contracts, which in turn make use of the\n * `BalanceAllocation` library.\n *\n * The most important goal of the `Vault` is to make token swaps use as little gas as possible. This is reflected in a\n * multitude of design decisions, from minor things like the format used to store Pool IDs, to major features such as\n * the different Pool specialization settings.\n *\n * Finally, the large number of tasks carried out by the Vault means its bytecode is very large, close to exceeding\n * the contract size limit imposed by EIP 170 (https://eips.ethereum.org/EIPS/eip-170). Manual tuning of the source code\n * was required to improve code generation and bring the bytecode size below this limit. This includes extensive\n * utilization of `internal` functions (particularly inside modifiers), usage of named return arguments, dedicated\n * storage access methods, dynamic revert reason generation, and usage of inline assembly, to name a few.\n */\ncontract Vault is VaultAuthorization, FlashLoans, Swaps {\n constructor(\n IAuthorizer authorizer,\n IWETH weth,\n uint256 pauseWindowDuration,\n uint256 bufferPeriodDuration\n ) VaultAuthorization(authorizer) AssetHelpers(weth) TemporarilyPausable(pauseWindowDuration, bufferPeriodDuration) {\n // solhint-disable-previous-line no-empty-blocks\n }\n\n function setPaused(bool paused) external override nonReentrant authenticate {\n _setPaused(paused);\n }\n\n // solhint-disable-next-line func-name-mixedcase\n function WETH() external view override returns (IWETH) {\n return _WETH();\n }\n}\n"
},
"src.sol/amm/vault/FlashLoans.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\n// This flash loan provider was based on the Aave protocol's open source\n// implementation and terminology and interfaces are intentionally kept\n// similar\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/helpers/BalancerErrors.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/ReentrancyGuard.sol\";\nimport \"../lib/openzeppelin/SafeERC20.sol\";\n\nimport \"./Fees.sol\";\nimport \"./interfaces/IFlashLoanRecipient.sol\";\n\n/**\n * @dev Handles Flash Loans through the Vault. Calls the `receiveFlashLoan` hook on the flash loan recipient\n * contract, which implements the `IFlashLoanRecipient` interface.\n */\nabstract contract FlashLoans is Fees, ReentrancyGuard, TemporarilyPausable {\n using SafeERC20 for IERC20;\n\n function flashLoan(\n IFlashLoanRecipient recipient,\n IERC20[] memory tokens,\n uint256[] memory amounts,\n bytes memory userData\n ) external override nonReentrant whenNotPaused {\n InputHelpers.ensureInputLengthMatch(tokens.length, amounts.length);\n\n uint256[] memory feeAmounts = new uint256[](tokens.length);\n uint256[] memory preLoanBalances = new uint256[](tokens.length);\n\n // Used to ensure `tokens` is sorted in ascending order, which ensures token uniqueness.\n IERC20 previousToken = IERC20(0);\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n IERC20 token = tokens[i];\n uint256 amount = amounts[i];\n\n _require(token > previousToken, token == IERC20(0) ? Errors.ZERO_TOKEN : Errors.UNSORTED_TOKENS);\n previousToken = token;\n\n preLoanBalances[i] = token.balanceOf(address(this));\n feeAmounts[i] = _calculateFlashLoanFeeAmount(amount);\n\n _require(preLoanBalances[i] >= amount, Errors.INSUFFICIENT_FLASH_LOAN_BALANCE);\n token.safeTransfer(address(recipient), amount);\n }\n\n recipient.receiveFlashLoan(tokens, amounts, feeAmounts, userData);\n\n for (uint256 i = 0; i < tokens.length; ++i) {\n IERC20 token = tokens[i];\n uint256 preLoanBalance = preLoanBalances[i];\n\n // Checking for loan repayment first (without accounting for fees) makes for simpler debugging, and results\n // in more accurate revert reasons if the flash loan protocol fee percentage is zero.\n uint256 postLoanBalance = token.balanceOf(address(this));\n _require(postLoanBalance >= preLoanBalance, Errors.INVALID_POST_LOAN_BALANCE);\n\n // No need for checked arithmetic since we know the loan was fully repaid.\n uint256 receivedFees = postLoanBalance - preLoanBalance;\n _require(receivedFees >= feeAmounts[i], Errors.INSUFFICIENT_FLASH_LOAN_FEES);\n\n _payFee(token, receivedFees);\n }\n }\n}\n"
},
"src.sol/amm/vault/Authorizer.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"./interfaces/IAuthorizer.sol\";\nimport \"../lib/openzeppelin/AccessControl.sol\";\nimport \"../lib/helpers/InputHelpers.sol\";\n\n/**\n * @dev Basic Authorizer implementation, based on OpenZeppelin's Access Control.\n *\n * Users are allowed to perform actions if they have the role with the same identifier. In this sense, roles are not\n * being truly used as such, since they each map to a single action identifier.\n *\n * This temporary implementation is expected to be replaced soon after launch by a more sophisticated one, able to\n * manage permissions across multiple contracts and to natively handle timelocks.\n */\ncontract Authorizer is AccessControl, IAuthorizer {\n constructor(address admin) {\n _setupRole(DEFAULT_ADMIN_ROLE, admin);\n }\n\n function canPerform(\n bytes32 actionId,\n address account,\n address\n ) public view override returns (bool) {\n // This Authorizer ignores the 'where' field completely.\n return AccessControl.hasRole(actionId, account);\n }\n\n /**\n * @dev Grants multiple roles to a single account.\n */\n function grantRoles(bytes32[] memory roles, address account) external {\n for (uint256 i = 0; i < roles.length; i++) {\n grantRole(roles[i], account);\n }\n }\n\n /**\n * @dev Grants roles to a list of accounts.\n */\n function grantRolesToMany(bytes32[] memory roles, address[] memory accounts) external {\n InputHelpers.ensureInputLengthMatch(roles.length, accounts.length);\n for (uint256 i = 0; i < roles.length; i++) {\n grantRole(roles[i], accounts[i]);\n }\n }\n\n /**\n * @dev Revokes multiple roles from a single account.\n */\n function revokeRoles(bytes32[] memory roles, address account) external {\n for (uint256 i = 0; i < roles.length; i++) {\n revokeRole(roles[i], account);\n }\n }\n\n /**\n * @dev Revokes roles from a list of accounts.\n */\n function revokeRolesFromMany(bytes32[] memory roles, address[] memory accounts) external {\n InputHelpers.ensureInputLengthMatch(roles.length, accounts.length);\n for (uint256 i = 0; i < roles.length; i++) {\n revokeRole(roles[i], accounts[i]);\n }\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/AccessControl.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\nimport \"./EnumerableSet.sol\";\n\n/**\n * @dev Contract module that allows children to implement role-based access\n * control mechanisms.\n *\n * Roles are referred to by their `bytes32` identifier. These should be exposed\n * in the external API and be unique. The best way to achieve this is by\n * using `public constant` hash digests:\n *\n * ```\n * bytes32 public constant MY_ROLE = keccak256(\"MY_ROLE\");\n * ```\n *\n * Roles can be used to represent a set of permissions. To restrict access to a\n * function call, use {hasRole}:\n *\n * ```\n * function foo() public {\n * require(hasRole(MY_ROLE, msg.sender));\n * ...\n * }\n * ```\n *\n * Roles can be granted and revoked dynamically via the {grantRole} and\n * {revokeRole} functions. Each role has an associated admin role, and only\n * accounts that have a role's admin role can call {grantRole} and {revokeRole}.\n *\n * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means\n * that only accounts with this role will be able to grant or revoke other\n * roles. More complex role relationships can be created by using\n * {_setRoleAdmin}.\n *\n * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to\n * grant and revoke this role. Extra precautions should be taken to secure\n * accounts that have been granted it.\n */\nabstract contract AccessControl {\n using EnumerableSet for EnumerableSet.AddressSet;\n\n struct RoleData {\n EnumerableSet.AddressSet members;\n bytes32 adminRole;\n }\n\n mapping(bytes32 => RoleData) private _roles;\n\n bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;\n\n /**\n * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`\n *\n * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite\n * {RoleAdminChanged} not being emitted signaling this.\n *\n * _Available since v3.1._\n */\n event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);\n\n /**\n * @dev Emitted when `account` is granted `role`.\n *\n * `sender` is the account that originated the contract call, an admin role\n * bearer except when using {_setupRole}.\n */\n event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);\n\n /**\n * @dev Emitted when `account` is revoked `role`.\n *\n * `sender` is the account that originated the contract call:\n * - if using `revokeRole`, it is the admin role bearer\n * - if using `renounceRole`, it is the role bearer (i.e. `account`)\n */\n event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);\n\n /**\n * @dev Returns `true` if `account` has been granted `role`.\n */\n function hasRole(bytes32 role, address account) public view virtual returns (bool) {\n return _roles[role].members.contains(account);\n }\n\n /**\n * @dev Returns the number of accounts that have `role`. Can be used\n * together with {getRoleMember} to enumerate all bearers of a role.\n */\n function getRoleMemberCount(bytes32 role) public view returns (uint256) {\n return _roles[role].members.length();\n }\n\n /**\n * @dev Returns one of the accounts that have `role`. `index` must be a\n * value between 0 and {getRoleMemberCount}, non-inclusive.\n *\n * Role bearers are not sorted in any particular way, and their ordering may\n * change at any point.\n *\n * WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure\n * you perform all queries on the same block. See the following\n * https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]\n * for more information.\n */\n function getRoleMember(bytes32 role, uint256 index) public view returns (address) {\n return _roles[role].members.at(index);\n }\n\n /**\n * @dev Returns the admin role that controls `role`. See {grantRole} and\n * {revokeRole}.\n *\n * To change a role's admin, use {_setRoleAdmin}.\n */\n function getRoleAdmin(bytes32 role) public view returns (bytes32) {\n return _roles[role].adminRole;\n }\n\n /**\n * @dev Grants `role` to `account`.\n *\n * If `account` had not been already granted `role`, emits a {RoleGranted}\n * event.\n *\n * Requirements:\n *\n * - the caller must have ``role``'s admin role.\n */\n function grantRole(bytes32 role, address account) public virtual {\n _require(hasRole(_roles[role].adminRole, msg.sender), Errors.GRANT_SENDER_NOT_ADMIN);\n\n _grantRole(role, account);\n }\n\n /**\n * @dev Revokes `role` from `account`.\n *\n * If `account` had already been granted `role`, emits a {RoleRevoked} event.\n *\n * Requirements:\n *\n * - the caller must have ``role``'s admin role.\n */\n function revokeRole(bytes32 role, address account) public virtual {\n _require(hasRole(_roles[role].adminRole, msg.sender), Errors.REVOKE_SENDER_NOT_ADMIN);\n\n _revokeRole(role, account);\n }\n\n /**\n * @dev Revokes `role` from the calling account.\n *\n * Roles are often managed via {grantRole} and {revokeRole}: this function's\n * purpose is to provide a mechanism for accounts to lose their privileges\n * if they are compromised (such as when a trusted device is misplaced).\n *\n * If the calling account had been granted `role`, emits a {RoleRevoked}\n * event.\n *\n * Requirements:\n *\n * - the caller must be `account`.\n */\n function renounceRole(bytes32 role, address account) public virtual {\n _require(account == msg.sender, Errors.RENOUNCE_SENDER_NOT_ALLOWED);\n\n _revokeRole(role, account);\n }\n\n /**\n * @dev Grants `role` to `account`.\n *\n * If `account` had not been already granted `role`, emits a {RoleGranted}\n * event. Note that unlike {grantRole}, this function doesn't perform any\n * checks on the calling account.\n *\n * [WARNING]\n * ====\n * This function should only be called from the constructor when setting\n * up the initial roles for the system.\n *\n * Using this function in any other way is effectively circumventing the admin\n * system imposed by {AccessControl}.\n * ====\n */\n function _setupRole(bytes32 role, address account) internal virtual {\n _grantRole(role, account);\n }\n\n /**\n * @dev Sets `adminRole` as ``role``'s admin role.\n *\n * Emits a {RoleAdminChanged} event.\n */\n function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {\n emit RoleAdminChanged(role, _roles[role].adminRole, adminRole);\n _roles[role].adminRole = adminRole;\n }\n\n function _grantRole(bytes32 role, address account) private {\n if (_roles[role].members.add(account)) {\n emit RoleGranted(role, account, msg.sender);\n }\n }\n\n function _revokeRole(bytes32 role, address account) private {\n if (_roles[role].members.remove(account)) {\n emit RoleRevoked(role, account, msg.sender);\n }\n }\n}\n"
},
"src.sol/amm/pools/weighted/WeightedPool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../lib/math/FixedPoint.sol\";\nimport \"../../lib/helpers/InputHelpers.sol\";\n\nimport \"../BaseMinimalSwapInfoPool.sol\";\n\nimport \"./WeightedMath.sol\";\nimport \"./WeightedPoolUserDataHelpers.sol\";\n\n// This contract relies on tons of immutable state variables to perform efficient lookup, without resorting to storage\n// reads. Because immutable arrays are not supported, we instead declare a fixed set of state variables plus total\n// count, resulting in a large number of state variables.\n\ncontract WeightedPool is BaseMinimalSwapInfoPool, WeightedMath {\n using FixedPoint for uint256;\n using WeightedPoolUserDataHelpers for bytes;\n\n // The protocol fees will always be charged using the token associated with the max weight in the pool.\n // Since these Pools will register tokens only once, we can assume this index will be constant.\n uint256 private immutable _maxWeightTokenIndex;\n\n uint256 private immutable _normalizedWeight0;\n uint256 private immutable _normalizedWeight1;\n uint256 private immutable _normalizedWeight2;\n uint256 private immutable _normalizedWeight3;\n uint256 private immutable _normalizedWeight4;\n uint256 private immutable _normalizedWeight5;\n uint256 private immutable _normalizedWeight6;\n uint256 private immutable _normalizedWeight7;\n\n uint256 private _lastInvariant;\n\n enum JoinKind { INIT, EXACT_TOKENS_IN_FOR_BPT_OUT, TOKEN_IN_FOR_EXACT_BPT_OUT }\n enum ExitKind { EXACT_BPT_IN_FOR_ONE_TOKEN_OUT, EXACT_BPT_IN_FOR_TOKENS_OUT, BPT_IN_FOR_EXACT_TOKENS_OUT }\n\n constructor(\n IVault vault,\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256[] memory normalizedWeights,\n uint256 swapFeePercentage,\n uint256 pauseWindowDuration,\n uint256 bufferPeriodDuration,\n address owner\n )\n BaseMinimalSwapInfoPool(\n vault,\n name,\n symbol,\n tokens,\n swapFeePercentage,\n pauseWindowDuration,\n bufferPeriodDuration,\n owner\n )\n {\n uint256 numTokens = tokens.length;\n InputHelpers.ensureInputLengthMatch(numTokens, normalizedWeights.length);\n\n // Ensure each normalized weight is above them minimum and find the token index of the maximum weight\n uint256 normalizedSum = 0;\n uint256 maxWeightTokenIndex = 0;\n uint256 maxNormalizedWeight = 0;\n for (uint8 i = 0; i < numTokens; i++) {\n uint256 normalizedWeight = normalizedWeights[i];\n _require(normalizedWeight >= _MIN_WEIGHT, Errors.MIN_WEIGHT);\n\n normalizedSum = normalizedSum.add(normalizedWeight);\n if (normalizedWeight > maxNormalizedWeight) {\n maxWeightTokenIndex = i;\n maxNormalizedWeight = normalizedWeight;\n }\n }\n // Ensure that the normalized weights sum to ONE\n _require(normalizedSum == FixedPoint.ONE, Errors.NORMALIZED_WEIGHT_INVARIANT);\n\n _maxWeightTokenIndex = maxWeightTokenIndex;\n _normalizedWeight0 = normalizedWeights.length > 0 ? normalizedWeights[0] : 0;\n _normalizedWeight1 = normalizedWeights.length > 1 ? normalizedWeights[1] : 0;\n _normalizedWeight2 = normalizedWeights.length > 2 ? normalizedWeights[2] : 0;\n _normalizedWeight3 = normalizedWeights.length > 3 ? normalizedWeights[3] : 0;\n _normalizedWeight4 = normalizedWeights.length > 4 ? normalizedWeights[4] : 0;\n _normalizedWeight5 = normalizedWeights.length > 5 ? normalizedWeights[5] : 0;\n _normalizedWeight6 = normalizedWeights.length > 6 ? normalizedWeights[6] : 0;\n _normalizedWeight7 = normalizedWeights.length > 7 ? normalizedWeights[7] : 0;\n }\n\n function _normalizedWeight(IERC20 token) internal view virtual returns (uint256) {\n // prettier-ignore\n if (token == _token0) { return _normalizedWeight0; }\n else if (token == _token1) { return _normalizedWeight1; }\n else if (token == _token2) { return _normalizedWeight2; }\n else if (token == _token3) { return _normalizedWeight3; }\n else if (token == _token4) { return _normalizedWeight4; }\n else if (token == _token5) { return _normalizedWeight5; }\n else if (token == _token6) { return _normalizedWeight6; }\n else if (token == _token7) { return _normalizedWeight7; }\n else {\n _revert(Errors.INVALID_TOKEN);\n }\n }\n\n function _normalizedWeights() internal view virtual returns (uint256[] memory) {\n uint256 totalTokens = _getTotalTokens();\n uint256[] memory normalizedWeights = new uint256[](totalTokens);\n\n // prettier-ignore\n {\n if (totalTokens > 0) { normalizedWeights[0] = _normalizedWeight0; } else { return normalizedWeights; }\n if (totalTokens > 1) { normalizedWeights[1] = _normalizedWeight1; } else { return normalizedWeights; }\n if (totalTokens > 2) { normalizedWeights[2] = _normalizedWeight2; } else { return normalizedWeights; }\n if (totalTokens > 3) { normalizedWeights[3] = _normalizedWeight3; } else { return normalizedWeights; }\n if (totalTokens > 4) { normalizedWeights[4] = _normalizedWeight4; } else { return normalizedWeights; }\n if (totalTokens > 5) { normalizedWeights[5] = _normalizedWeight5; } else { return normalizedWeights; }\n if (totalTokens > 6) { normalizedWeights[6] = _normalizedWeight6; } else { return normalizedWeights; }\n if (totalTokens > 7) { normalizedWeights[7] = _normalizedWeight7; } else { return normalizedWeights; }\n }\n\n return normalizedWeights;\n }\n\n function getLastInvariant() external view returns (uint256) {\n return _lastInvariant;\n }\n\n /**\n * @dev Returns the current value of the invariant.\n */\n function getInvariant() public view returns (uint256) {\n (, uint256[] memory balances, ) = getVault().getPoolTokens(getPoolId());\n\n // Since the Pool hooks always work with upscaled balances, we manually\n // upscale here for consistency\n _upscaleArray(balances, _scalingFactors());\n\n uint256[] memory normalizedWeights = _normalizedWeights();\n return WeightedMath._calculateInvariant(normalizedWeights, balances);\n }\n\n function getNormalizedWeights() external view returns (uint256[] memory) {\n return _normalizedWeights();\n }\n\n // Base Pool handlers\n\n // Swap\n\n function _onSwapGivenIn(\n SwapRequest memory swapRequest,\n uint256 currentBalanceTokenIn,\n uint256 currentBalanceTokenOut\n ) internal view virtual override whenNotPaused returns (uint256) {\n // Swaps are disabled while the contract is paused.\n\n return\n WeightedMath._calcOutGivenIn(\n currentBalanceTokenIn,\n _normalizedWeight(swapRequest.tokenIn),\n currentBalanceTokenOut,\n _normalizedWeight(swapRequest.tokenOut),\n swapRequest.amount\n );\n }\n\n function _onSwapGivenOut(\n SwapRequest memory swapRequest,\n uint256 currentBalanceTokenIn,\n uint256 currentBalanceTokenOut\n ) internal view virtual override whenNotPaused returns (uint256) {\n // Swaps are disabled while the contract is paused.\n\n return\n WeightedMath._calcInGivenOut(\n currentBalanceTokenIn,\n _normalizedWeight(swapRequest.tokenIn),\n currentBalanceTokenOut,\n _normalizedWeight(swapRequest.tokenOut),\n swapRequest.amount\n );\n }\n\n // Initialize\n\n function _onInitializePool(\n bytes32,\n address,\n address,\n bytes memory userData\n ) internal virtual override whenNotPaused returns (uint256, uint256[] memory) {\n // It would be strange for the Pool to be paused before it is initialized, but for consistency we prevent\n // initialization in this case.\n\n WeightedPool.JoinKind kind = userData.joinKind();\n _require(kind == WeightedPool.JoinKind.INIT, Errors.UNINITIALIZED);\n\n uint256[] memory amountsIn = userData.initialAmountsIn();\n InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);\n _upscaleArray(amountsIn, _scalingFactors());\n\n uint256[] memory normalizedWeights = _normalizedWeights();\n\n uint256 invariantAfterJoin = WeightedMath._calculateInvariant(normalizedWeights, amountsIn);\n\n // Set the initial BPT to the value of the invariant times the number of tokens. This makes BPT supply more\n // consistent in Pools with similar compositions but different number of tokens.\n uint256 bptAmountOut = Math.mul(invariantAfterJoin, _getTotalTokens());\n\n _lastInvariant = invariantAfterJoin;\n\n return (bptAmountOut, amountsIn);\n }\n\n // Join\n\n function _onJoinPool(\n bytes32,\n address,\n address,\n uint256[] memory balances,\n uint256,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n )\n internal\n virtual\n override\n whenNotPaused\n returns (\n uint256,\n uint256[] memory,\n uint256[] memory\n )\n {\n // All joins are disabled while the contract is paused.\n\n uint256[] memory normalizedWeights = _normalizedWeights();\n\n // Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous join\n // or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids spending gas\n // computing them on each individual swap\n uint256 invariantBeforeJoin = WeightedMath._calculateInvariant(normalizedWeights, balances);\n\n uint256[] memory dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(\n balances,\n normalizedWeights,\n _lastInvariant,\n invariantBeforeJoin,\n protocolSwapFeePercentage\n );\n\n // Update current balances by subtracting the protocol fee amounts\n _mutateAmounts(balances, dueProtocolFeeAmounts, FixedPoint.sub);\n (uint256 bptAmountOut, uint256[] memory amountsIn) = _doJoin(balances, normalizedWeights, userData);\n\n // Update the invariant with the balances the Pool will have after the join, in order to compute the\n // protocol swap fee amounts due in future joins and exits.\n _lastInvariant = _invariantAfterJoin(balances, amountsIn, normalizedWeights);\n\n return (bptAmountOut, amountsIn, dueProtocolFeeAmounts);\n }\n\n function _doJoin(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n bytes memory userData\n ) private view returns (uint256, uint256[] memory) {\n JoinKind kind = userData.joinKind();\n\n if (kind == JoinKind.EXACT_TOKENS_IN_FOR_BPT_OUT) {\n return _joinExactTokensInForBPTOut(balances, normalizedWeights, userData);\n } else if (kind == JoinKind.TOKEN_IN_FOR_EXACT_BPT_OUT) {\n return _joinTokenInForExactBPTOut(balances, normalizedWeights, userData);\n } else {\n _revert(Errors.UNHANDLED_JOIN_KIND);\n }\n }\n\n function _joinExactTokensInForBPTOut(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n bytes memory userData\n ) private view returns (uint256, uint256[] memory) {\n (uint256[] memory amountsIn, uint256 minBPTAmountOut) = userData.exactTokensInForBptOut();\n InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);\n\n _upscaleArray(amountsIn, _scalingFactors());\n\n uint256 bptAmountOut = WeightedMath._calcBptOutGivenExactTokensIn(\n balances,\n normalizedWeights,\n amountsIn,\n totalSupply(),\n _swapFeePercentage\n );\n\n _require(bptAmountOut >= minBPTAmountOut, Errors.BPT_OUT_MIN_AMOUNT);\n\n return (bptAmountOut, amountsIn);\n }\n\n function _joinTokenInForExactBPTOut(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n bytes memory userData\n ) private view returns (uint256, uint256[] memory) {\n (uint256 bptAmountOut, uint256 tokenIndex) = userData.tokenInForExactBptOut();\n // Note that there is no maximum amountIn parameter: this is handled by `IVault.joinPool`.\n\n _require(tokenIndex < _getTotalTokens(), Errors.OUT_OF_BOUNDS);\n\n uint256[] memory amountsIn = new uint256[](_getTotalTokens());\n amountsIn[tokenIndex] = WeightedMath._calcTokenInGivenExactBptOut(\n balances[tokenIndex],\n normalizedWeights[tokenIndex],\n bptAmountOut,\n totalSupply(),\n _swapFeePercentage\n );\n\n return (bptAmountOut, amountsIn);\n }\n\n // Exit\n\n function _onExitPool(\n bytes32,\n address,\n address,\n uint256[] memory balances,\n uint256,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n )\n internal\n virtual\n override\n returns (\n uint256 bptAmountIn,\n uint256[] memory amountsOut,\n uint256[] memory dueProtocolFeeAmounts\n )\n {\n // Exits are not completely disabled while the contract is paused: proportional exits (exact BPT in for tokens\n // out) remain functional.\n\n uint256[] memory normalizedWeights = _normalizedWeights();\n\n if (_isNotPaused()) {\n // Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous\n // join or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids\n // spending gas calculating the fees on each individual swap.\n uint256 invariantBeforeExit = WeightedMath._calculateInvariant(normalizedWeights, balances);\n dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(\n balances,\n normalizedWeights,\n _lastInvariant,\n invariantBeforeExit,\n protocolSwapFeePercentage\n );\n\n // Update current balances by subtracting the protocol fee amounts\n _mutateAmounts(balances, dueProtocolFeeAmounts, FixedPoint.sub);\n } else {\n // If the contract is paused, swap protocol fee amounts are not charged to avoid extra calculations and\n // reduce the potential for errors.\n dueProtocolFeeAmounts = new uint256[](_getTotalTokens());\n }\n\n (bptAmountIn, amountsOut) = _doExit(balances, normalizedWeights, userData);\n\n // Update the invariant with the balances the Pool will have after the exit, in order to compute the\n // protocol swap fees due in future joins and exits.\n _lastInvariant = _invariantAfterExit(balances, amountsOut, normalizedWeights);\n\n return (bptAmountIn, amountsOut, dueProtocolFeeAmounts);\n }\n\n function _doExit(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n bytes memory userData\n ) private view returns (uint256, uint256[] memory) {\n ExitKind kind = userData.exitKind();\n\n if (kind == ExitKind.EXACT_BPT_IN_FOR_ONE_TOKEN_OUT) {\n return _exitExactBPTInForTokenOut(balances, normalizedWeights, userData);\n } else if (kind == ExitKind.EXACT_BPT_IN_FOR_TOKENS_OUT) {\n return _exitExactBPTInForTokensOut(balances, userData);\n } else {\n // ExitKind.BPT_IN_FOR_EXACT_TOKENS_OUT\n return _exitBPTInForExactTokensOut(balances, normalizedWeights, userData);\n }\n }\n\n function _exitExactBPTInForTokenOut(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n bytes memory userData\n ) private view whenNotPaused returns (uint256, uint256[] memory) {\n // This exit function is disabled if the contract is paused.\n\n (uint256 bptAmountIn, uint256 tokenIndex) = userData.exactBptInForTokenOut();\n // Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.\n\n _require(tokenIndex < _getTotalTokens(), Errors.OUT_OF_BOUNDS);\n\n // We exit in a single token, so we initialize amountsOut with zeros\n uint256[] memory amountsOut = new uint256[](_getTotalTokens());\n\n // And then assign the result to the selected token\n amountsOut[tokenIndex] = WeightedMath._calcTokenOutGivenExactBptIn(\n balances[tokenIndex],\n normalizedWeights[tokenIndex],\n bptAmountIn,\n totalSupply(),\n _swapFeePercentage\n );\n\n return (bptAmountIn, amountsOut);\n }\n\n function _exitExactBPTInForTokensOut(uint256[] memory balances, bytes memory userData)\n private\n view\n returns (uint256, uint256[] memory)\n {\n // This exit function is the only one that is not disabled if the contract is paused: it remains unrestricted\n // in an attempt to provide users with a mechanism to retrieve their tokens in case of an emergency.\n // This particular exit function is the only one that remains available because it is the simplest one, and\n // therefore the one with the lowest likelihood of errors.\n\n uint256 bptAmountIn = userData.exactBptInForTokensOut();\n // Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.\n\n uint256[] memory amountsOut = WeightedMath._calcTokensOutGivenExactBptIn(balances, bptAmountIn, totalSupply());\n return (bptAmountIn, amountsOut);\n }\n\n function _exitBPTInForExactTokensOut(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n bytes memory userData\n ) private view whenNotPaused returns (uint256, uint256[] memory) {\n // This exit function is disabled if the contract is paused.\n\n (uint256[] memory amountsOut, uint256 maxBPTAmountIn) = userData.bptInForExactTokensOut();\n InputHelpers.ensureInputLengthMatch(amountsOut.length, _getTotalTokens());\n _upscaleArray(amountsOut, _scalingFactors());\n\n uint256 bptAmountIn = WeightedMath._calcBptInGivenExactTokensOut(\n balances,\n normalizedWeights,\n amountsOut,\n totalSupply(),\n _swapFeePercentage\n );\n _require(bptAmountIn <= maxBPTAmountIn, Errors.BPT_IN_MAX_AMOUNT);\n\n return (bptAmountIn, amountsOut);\n }\n\n // Helpers\n\n function _getDueProtocolFeeAmounts(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n uint256 previousInvariant,\n uint256 currentInvariant,\n uint256 protocolSwapFeePercentage\n ) private view returns (uint256[] memory) {\n // Initialize with zeros\n uint256[] memory dueProtocolFeeAmounts = new uint256[](_getTotalTokens());\n\n // Early return if the protocol swap fee percentage is zero, saving gas.\n if (protocolSwapFeePercentage == 0) {\n return dueProtocolFeeAmounts;\n }\n\n // The protocol swap fees are always paid using the token with the largest weight in the Pool. As this is the\n // token that is expected to have the largest balance, using it to pay fees should not unbalance the Pool.\n dueProtocolFeeAmounts[_maxWeightTokenIndex] = WeightedMath._calcDueTokenProtocolSwapFeeAmount(\n balances[_maxWeightTokenIndex],\n normalizedWeights[_maxWeightTokenIndex],\n previousInvariant,\n currentInvariant,\n protocolSwapFeePercentage\n );\n\n return dueProtocolFeeAmounts;\n }\n\n /**\n * @dev Returns the value of the invariant given `balances`, assuming they are increased by `amountsIn`. All\n * amounts are expected to be upscaled.\n */\n function _invariantAfterJoin(\n uint256[] memory balances,\n uint256[] memory amountsIn,\n uint256[] memory normalizedWeights\n ) private view returns (uint256) {\n _mutateAmounts(balances, amountsIn, FixedPoint.add);\n return WeightedMath._calculateInvariant(normalizedWeights, balances);\n }\n\n function _invariantAfterExit(\n uint256[] memory balances,\n uint256[] memory amountsOut,\n uint256[] memory normalizedWeights\n ) private view returns (uint256) {\n _mutateAmounts(balances, amountsOut, FixedPoint.sub);\n return WeightedMath._calculateInvariant(normalizedWeights, balances);\n }\n\n /**\n * @dev Mutates `amounts` by applying `mutation` with each entry in `arguments`.\n *\n * Equivalent to `amounts = amounts.map(mutation)`.\n */\n function _mutateAmounts(\n uint256[] memory toMutate,\n uint256[] memory arguments,\n function(uint256, uint256) pure returns (uint256) mutation\n ) private view {\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n toMutate[i] = mutation(toMutate[i], arguments[i]);\n }\n }\n\n /**\n * @dev This function returns the appreciation of one BPT relative to the\n * underlying tokens. This starts at 1 when the pool is created and grows over time\n */\n function getRate() public view returns (uint256) {\n // The initial BPT supply is equal to the invariant times the number of tokens.\n return Math.mul(getInvariant(), _getTotalTokens()).divDown(totalSupply());\n }\n}\n"
},
"src.sol/amm/pools/BaseMinimalSwapInfoPool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"./BasePool.sol\";\nimport \"../vault/interfaces/IMinimalSwapInfoPool.sol\";\n\n/**\n * @dev Extension of `BasePool`, adding a handler for `IMinimalSwapInfoPool.onSwap`.\n *\n * Derived contracts must implement `_onSwapGivenIn` and `_onSwapGivenOut` along with `BasePool`'s virtual functions.\n */\nabstract contract BaseMinimalSwapInfoPool is IMinimalSwapInfoPool, BasePool {\n constructor(\n IVault vault,\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256 swapFeePercentage,\n uint256 pauseWindowDuration,\n uint256 bufferPeriodDuration,\n address owner\n )\n BasePool(\n vault,\n tokens.length == 2 ? IVault.PoolSpecialization.TWO_TOKEN : IVault.PoolSpecialization.MINIMAL_SWAP_INFO,\n name,\n symbol,\n tokens,\n swapFeePercentage,\n pauseWindowDuration,\n bufferPeriodDuration,\n owner\n )\n {\n // solhint-disable-previous-line no-empty-blocks\n }\n\n // Swap Hooks\n\n function onSwap(\n SwapRequest memory request,\n uint256 balanceTokenIn,\n uint256 balanceTokenOut\n ) external view virtual override returns (uint256) {\n uint256 scalingFactorTokenIn = _scalingFactor(request.tokenIn);\n uint256 scalingFactorTokenOut = _scalingFactor(request.tokenOut);\n\n if (request.kind == IVault.SwapKind.GIVEN_IN) {\n // Fees are subtracted before scaling, to reduce the complexity of the rounding direction analysis.\n request.amount = _subtractSwapFeeAmount(request.amount);\n\n // All token amounts are upscaled.\n balanceTokenIn = _upscale(balanceTokenIn, scalingFactorTokenIn);\n balanceTokenOut = _upscale(balanceTokenOut, scalingFactorTokenOut);\n request.amount = _upscale(request.amount, scalingFactorTokenIn);\n\n uint256 amountOut = _onSwapGivenIn(request, balanceTokenIn, balanceTokenOut);\n\n // amountOut tokens are exiting the Pool, so we round down.\n return _downscaleDown(amountOut, scalingFactorTokenOut);\n } else {\n // All token amounts are upscaled.\n balanceTokenIn = _upscale(balanceTokenIn, scalingFactorTokenIn);\n balanceTokenOut = _upscale(balanceTokenOut, scalingFactorTokenOut);\n request.amount = _upscale(request.amount, scalingFactorTokenOut);\n\n uint256 amountIn = _onSwapGivenOut(request, balanceTokenIn, balanceTokenOut);\n\n // amountIn tokens are entering the Pool, so we round up.\n amountIn = _downscaleUp(amountIn, scalingFactorTokenIn);\n\n // Fees are added after scaling happens, to reduce the complexity of the rounding direction analysis.\n return _addSwapFeeAmount(amountIn);\n }\n }\n\n /*\n * @dev Called when a swap with the Pool occurs, where the amount of tokens entering the Pool is known.\n *\n * Returns the amount of tokens that will be taken from the Pool in return.\n *\n * All amounts inside `swapRequest`, `balanceTokenIn` and `balanceTokenOut` are upscaled. The swap fee has already\n * been deducted from `swapRequest.amount`.\n *\n * The return value is also considered upscaled, and will be downscaled (rounding down) before returning it to the\n * Vault.\n */\n function _onSwapGivenIn(\n SwapRequest memory swapRequest,\n uint256 balanceTokenIn,\n uint256 balanceTokenOut\n ) internal view virtual returns (uint256);\n\n /*\n * @dev Called when a swap with the Pool occurs, where the amount of tokens exiting the Pool is known.\n *\n * Returns the amount of tokens that will be granted to the Pool in return.\n *\n * All amounts inside `swapRequest`, `balanceTokenIn` and `balanceTokenOut` are upscaled.\n *\n * The return value is also considered upscaled, and will be downscaled (rounding up) before applying the swap fee\n * and returning it to the Vault.\n */\n function _onSwapGivenOut(\n SwapRequest memory swapRequest,\n uint256 balanceTokenIn,\n uint256 balanceTokenOut\n ) internal view virtual returns (uint256);\n}\n"
},
"src.sol/amm/pools/weighted/WeightedMath.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/math/FixedPoint.sol\";\nimport \"../../lib/math/Math.sol\";\nimport \"../../lib/helpers/InputHelpers.sol\";\n\n/* solhint-disable private-vars-leading-underscore */\n\ncontract WeightedMath {\n using FixedPoint for uint256;\n // A minimum normalized weight imposes a maximum weight ratio. We need this due to limitations in the\n // implementation of the power function, as these ratios are often exponents.\n uint256 internal constant _MIN_WEIGHT = 0.01e18;\n // Having a minimum normalized weight imposes a limit on the maximum number of tokens;\n // i.e., the largest possible pool is one where all tokens have exactly the minimum weight.\n uint256 internal constant _MAX_WEIGHTED_TOKENS = 100;\n\n // Pool limits that arise from limitations in the fixed point power function (and the imposed 1:100 maximum weight\n // ratio).\n\n // Swap limits: amounts swapped may not be larger than this percentage of total balance.\n uint256 internal constant _MAX_IN_RATIO = 0.3e18;\n uint256 internal constant _MAX_OUT_RATIO = 0.3e18;\n\n // Invariant growth limit: non-proportional joins cannot cause the invariant to increase by more than this ratio.\n uint256 internal constant _MAX_INVARIANT_RATIO = 3e18;\n // Invariant shrink limit: non-proportional exits cannot cause the invariant to decrease by less than this ratio.\n uint256 internal constant _MIN_INVARIANT_RATIO = 0.7e18;\n\n // Invariant is used to collect protocol swap fees by comparing its value between two times.\n // So we can round always to the same direction. It is also used to initiate the BPT amount\n // and, because there is a minimum BPT, we round down the invariant.\n function _calculateInvariant(uint256[] memory normalizedWeights, uint256[] memory balances)\n internal\n pure\n returns (uint256 invariant)\n {\n /**********************************************************************************************\n // invariant _____ //\n // wi = weight index i | | wi //\n // bi = balance index i | | bi ^ = i //\n // i = invariant //\n **********************************************************************************************/\n\n invariant = FixedPoint.ONE;\n for (uint256 i = 0; i < normalizedWeights.length; i++) {\n invariant = invariant.mulDown(balances[i].powDown(normalizedWeights[i]));\n }\n\n _require(invariant > 0, Errors.ZERO_INVARIANT);\n }\n\n // Computes how many tokens can be taken out of a pool if `amountIn` are sent, given the\n // current balances and weights.\n function _calcOutGivenIn(\n uint256 balanceIn,\n uint256 weightIn,\n uint256 balanceOut,\n uint256 weightOut,\n uint256 amountIn\n ) internal pure returns (uint256) {\n /**********************************************************************************************\n // outGivenIn //\n // aO = amountOut //\n // bO = balanceOut //\n // bI = balanceIn / / bI \\ (wI / wO) \\ //\n // aI = amountIn aO = bO * | 1 - | -------------------------- | ^ | //\n // wI = weightIn \\ \\ ( bI + aI ) / / //\n // wO = weightOut //\n **********************************************************************************************/\n\n // Amount out, so we round down overall.\n\n // The multiplication rounds down, and the subtrahend (power) rounds up (so the base rounds up too).\n // Because bI / (bI + aI) <= 1, the exponent rounds down.\n\n // Cannot exceed maximum in ratio\n _require(amountIn <= balanceIn.mulDown(_MAX_IN_RATIO), Errors.MAX_IN_RATIO);\n\n uint256 denominator = balanceIn.add(amountIn);\n uint256 base = balanceIn.divUp(denominator);\n uint256 exponent = weightIn.divDown(weightOut);\n uint256 power = base.powUp(exponent);\n\n return balanceOut.mulDown(power.complement());\n }\n\n // Computes how many tokens must be sent to a pool in order to take `amountOut`, given the\n // current balances and weights.\n function _calcInGivenOut(\n uint256 balanceIn,\n uint256 weightIn,\n uint256 balanceOut,\n uint256 weightOut,\n uint256 amountOut\n ) internal pure returns (uint256) {\n /**********************************************************************************************\n // inGivenOut //\n // aO = amountOut //\n // bO = balanceOut //\n // bI = balanceIn / / bO \\ (wO / wI) \\ //\n // aI = amountIn aI = bI * | | -------------------------- | ^ - 1 | //\n // wI = weightIn \\ \\ ( bO - aO ) / / //\n // wO = weightOut //\n **********************************************************************************************/\n\n // Amount in, so we round up overall.\n\n // The multiplication rounds up, and the power rounds up (so the base rounds up too).\n // Because b0 / (b0 - a0) >= 1, the exponent rounds up.\n\n // Cannot exceed maximum out ratio\n _require(amountOut <= balanceOut.mulDown(_MAX_OUT_RATIO), Errors.MAX_OUT_RATIO);\n\n uint256 base = balanceOut.divUp(balanceOut.sub(amountOut));\n uint256 exponent = weightOut.divUp(weightIn);\n uint256 power = base.powUp(exponent);\n\n // Because the base is larger than one (and the power rounds up), the power should always be larger than one, so\n // the following subtraction should never revert.\n uint256 ratio = power.sub(FixedPoint.ONE);\n\n return balanceIn.mulUp(ratio);\n }\n\n function _calcBptOutGivenExactTokensIn(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n uint256[] memory amountsIn,\n uint256 bptTotalSupply,\n uint256 swapFee\n ) internal pure returns (uint256) {\n // BPT out, so we round down overall.\n\n uint256[] memory balanceRatiosWithFee = new uint256[](amountsIn.length);\n\n uint256 invariantRatioWithFees = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n balanceRatiosWithFee[i] = balances[i].add(amountsIn[i]).divDown(balances[i]);\n invariantRatioWithFees = invariantRatioWithFees.add(balanceRatiosWithFee[i].mulDown(normalizedWeights[i]));\n }\n\n uint256 invariantRatio = FixedPoint.ONE;\n for (uint256 i = 0; i < balances.length; i++) {\n uint256 amountInWithoutFee;\n\n if (balanceRatiosWithFee[i] > invariantRatioWithFees) {\n uint256 nonTaxableAmount = balances[i].mulDown(invariantRatioWithFees.sub(FixedPoint.ONE));\n uint256 taxableAmount = amountsIn[i].sub(nonTaxableAmount);\n amountInWithoutFee = nonTaxableAmount.add(taxableAmount.mulDown(FixedPoint.ONE.sub(swapFee)));\n } else {\n amountInWithoutFee = amountsIn[i];\n }\n\n uint256 balanceRatio = balances[i].add(amountInWithoutFee).divDown(balances[i]);\n\n invariantRatio = invariantRatio.mulDown(balanceRatio.powDown(normalizedWeights[i]));\n }\n\n if (invariantRatio >= FixedPoint.ONE) {\n return bptTotalSupply.mulDown(invariantRatio.sub(FixedPoint.ONE));\n } else {\n return 0;\n }\n }\n\n function _calcTokenInGivenExactBptOut(\n uint256 balance,\n uint256 normalizedWeight,\n uint256 bptAmountOut,\n uint256 bptTotalSupply,\n uint256 swapFee\n ) internal pure returns (uint256) {\n /******************************************************************************************\n // tokenInForExactBPTOut //\n // a = amountIn //\n // b = balance / / totalBPT + bptOut \\ (1 / w) \\ //\n // bptOut = bptAmountOut a = b * | | -------------------------- | ^ - 1 | //\n // bpt = totalBPT \\ \\ totalBPT / / //\n // w = weight //\n ******************************************************************************************/\n\n // Token in, so we round up overall.\n\n // Calculate the factor by which the invariant will increase after minting BPTAmountOut\n uint256 invariantRatio = bptTotalSupply.add(bptAmountOut).divUp(bptTotalSupply);\n _require(invariantRatio <= _MAX_INVARIANT_RATIO, Errors.MAX_OUT_BPT_FOR_TOKEN_IN);\n\n // Calculate by how much the token balance has to increase to match the invariantRatio\n uint256 balanceRatio = invariantRatio.powUp(FixedPoint.ONE.divUp(normalizedWeight));\n\n uint256 amountInWithoutFee = balance.mulUp(balanceRatio.sub(FixedPoint.ONE));\n\n // We can now compute how much extra balance is being deposited and used in virtual swaps, and charge swap fees\n // accordingly.\n uint256 taxablePercentage = normalizedWeight.complement();\n uint256 taxableAmount = amountInWithoutFee.mulUp(taxablePercentage);\n uint256 nonTaxableAmount = amountInWithoutFee.sub(taxableAmount);\n\n return nonTaxableAmount.add(taxableAmount.divUp(swapFee.complement()));\n }\n\n function _calcBptInGivenExactTokensOut(\n uint256[] memory balances,\n uint256[] memory normalizedWeights,\n uint256[] memory amountsOut,\n uint256 bptTotalSupply,\n uint256 swapFee\n ) internal pure returns (uint256) {\n // BPT in, so we round up overall.\n\n uint256[] memory balanceRatiosWithoutFee = new uint256[](amountsOut.length);\n uint256 invariantRatioWithoutFees = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n balanceRatiosWithoutFee[i] = balances[i].sub(amountsOut[i]).divUp(balances[i]);\n invariantRatioWithoutFees = invariantRatioWithoutFees.add(\n balanceRatiosWithoutFee[i].mulUp(normalizedWeights[i])\n );\n }\n\n uint256 invariantRatio = FixedPoint.ONE;\n for (uint256 i = 0; i < balances.length; i++) {\n // Swap fees are typically charged on 'token in', but there is no 'token in' here,\n // o we apply it to 'token out'.\n // This results in slightly larger price impact.\n\n uint256 amountOutWithFee;\n if (invariantRatioWithoutFees > balanceRatiosWithoutFee[i]) {\n uint256 nonTaxableAmount = balances[i].mulDown(invariantRatioWithoutFees.complement());\n uint256 taxableAmount = amountsOut[i].sub(nonTaxableAmount);\n\n amountOutWithFee = nonTaxableAmount.add(taxableAmount.divUp(swapFee.complement()));\n } else {\n amountOutWithFee = amountsOut[i];\n }\n\n uint256 balanceRatio = balances[i].sub(amountOutWithFee).divDown(balances[i]);\n\n invariantRatio = invariantRatio.mulDown(balanceRatio.powDown(normalizedWeights[i]));\n }\n\n return bptTotalSupply.mulUp(invariantRatio.complement());\n }\n\n function _calcTokenOutGivenExactBptIn(\n uint256 balance,\n uint256 normalizedWeight,\n uint256 bptAmountIn,\n uint256 bptTotalSupply,\n uint256 swapFee\n ) internal pure returns (uint256) {\n /*****************************************************************************************\n // exactBPTInForTokenOut //\n // a = amountOut //\n // b = balance / / totalBPT - bptIn \\ (1 / w) \\ //\n // bptIn = bptAmountIn a = b * | 1 - | -------------------------- | ^ | //\n // bpt = totalBPT \\ \\ totalBPT / / //\n // w = weight //\n *****************************************************************************************/\n\n // Token out, so we round down overall. The multiplication rounds down, but the power rounds up (so the base\n // rounds up). Because (totalBPT - bptIn) / totalBPT <= 1, the exponent rounds down.\n\n // Calculate the factor by which the invariant will decrease after burning BPTAmountIn\n uint256 invariantRatio = bptTotalSupply.sub(bptAmountIn).divUp(bptTotalSupply);\n _require(invariantRatio >= _MIN_INVARIANT_RATIO, Errors.MIN_BPT_IN_FOR_TOKEN_OUT);\n\n // Calculate by how much the token balance has to decrease to match invariantRatio\n uint256 balanceRatio = invariantRatio.powUp(FixedPoint.ONE.divDown(normalizedWeight));\n\n // Because of rounding up, balanceRatio can be greater than one. Using complement prevents reverts.\n uint256 amountOutWithoutFee = balance.mulDown(balanceRatio.complement());\n\n // We can now compute how much excess balance is being withdrawn as a result of the virtual swaps, which result\n // in swap fees.\n uint256 taxablePercentage = normalizedWeight.complement();\n\n // Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it\n // to 'token out'. This results in slightly larger price impact. Fees are rounded up.\n uint256 taxableAmount = amountOutWithoutFee.mulUp(taxablePercentage);\n uint256 nonTaxableAmount = amountOutWithoutFee.sub(taxableAmount);\n\n return nonTaxableAmount.add(taxableAmount.mulDown(swapFee.complement()));\n }\n\n function _calcTokensOutGivenExactBptIn(\n uint256[] memory balances,\n uint256 bptAmountIn,\n uint256 totalBPT\n ) internal pure returns (uint256[] memory) {\n /**********************************************************************************************\n // exactBPTInForTokensOut //\n // (per token) //\n // aO = amountOut / bptIn \\ //\n // b = balance a0 = b * | --------------------- | //\n // bptIn = bptAmountIn \\ totalBPT / //\n // bpt = totalBPT //\n **********************************************************************************************/\n\n // Since we're computing an amount out, we round down overall. This means rounding down on both the\n // multiplication and division.\n\n uint256 bptRatio = bptAmountIn.divDown(totalBPT);\n\n uint256[] memory amountsOut = new uint256[](balances.length);\n for (uint256 i = 0; i < balances.length; i++) {\n amountsOut[i] = balances[i].mulDown(bptRatio);\n }\n\n return amountsOut;\n }\n\n function _calcDueTokenProtocolSwapFeeAmount(\n uint256 balance,\n uint256 normalizedWeight,\n uint256 previousInvariant,\n uint256 currentInvariant,\n uint256 protocolSwapFeePercentage\n ) internal pure returns (uint256) {\n /*********************************************************************************\n /* protocolSwapFeePercentage * balanceToken * ( 1 - (previousInvariant / currentInvariant) ^ (1 / weightToken))\n *********************************************************************************/\n\n if (currentInvariant <= previousInvariant) {\n // This shouldn't happen outside of rounding errors, but have this safeguard nonetheless to prevent the Pool\n // from entering a locked state in which joins and exits revert while computing accumulated swap fees.\n return 0;\n }\n\n // We round down to prevent issues in the Pool's accounting, even if it means paying slightly less in protocol\n // fees to the Vault.\n\n // Fee percentage and balance multiplications round down, while the subtrahend (power) rounds up (as does the\n // base). Because previousInvariant / currentInvariant <= 1, the exponent rounds down.\n\n uint256 base = previousInvariant.divUp(currentInvariant);\n uint256 exponent = FixedPoint.ONE.divDown(normalizedWeight);\n\n // Because the exponent is larger than one, the base of the power function has a lower bound. We cap to this\n // value to avoid numeric issues, which means in the extreme case (where the invariant growth is larger than\n // 1 / min exponent) the Pool will pay less in protocol fees than it should.\n base = Math.max(base, FixedPoint.MIN_POW_BASE_FREE_EXPONENT);\n\n uint256 power = base.powUp(exponent);\n\n uint256 tokenAccruedFees = balance.mulDown(power.complement());\n return tokenAccruedFees.mulDown(protocolSwapFeePercentage);\n }\n}\n"
},
"src.sol/amm/pools/weighted/WeightedPoolUserDataHelpers.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./WeightedPool.sol\";\n\nlibrary WeightedPoolUserDataHelpers {\n function joinKind(bytes memory self) internal pure returns (WeightedPool.JoinKind) {\n return abi.decode(self, (WeightedPool.JoinKind));\n }\n\n function exitKind(bytes memory self) internal pure returns (WeightedPool.ExitKind) {\n return abi.decode(self, (WeightedPool.ExitKind));\n }\n\n // Joins\n\n function initialAmountsIn(bytes memory self) internal pure returns (uint256[] memory amountsIn) {\n (, amountsIn) = abi.decode(self, (WeightedPool.JoinKind, uint256[]));\n }\n\n function exactTokensInForBptOut(bytes memory self)\n internal\n pure\n returns (uint256[] memory amountsIn, uint256 minBPTAmountOut)\n {\n (, amountsIn, minBPTAmountOut) = abi.decode(self, (WeightedPool.JoinKind, uint256[], uint256));\n }\n\n function tokenInForExactBptOut(bytes memory self) internal pure returns (uint256 bptAmountOut, uint256 tokenIndex) {\n (, bptAmountOut, tokenIndex) = abi.decode(self, (WeightedPool.JoinKind, uint256, uint256));\n }\n\n // Exits\n\n function exactBptInForTokenOut(bytes memory self) internal pure returns (uint256 bptAmountIn, uint256 tokenIndex) {\n (, bptAmountIn, tokenIndex) = abi.decode(self, (WeightedPool.ExitKind, uint256, uint256));\n }\n\n function exactBptInForTokensOut(bytes memory self) internal pure returns (uint256 bptAmountIn) {\n (, bptAmountIn) = abi.decode(self, (WeightedPool.ExitKind, uint256));\n }\n\n function bptInForExactTokensOut(bytes memory self)\n internal\n pure\n returns (uint256[] memory amountsOut, uint256 maxBPTAmountIn)\n {\n (, amountsOut, maxBPTAmountIn) = abi.decode(self, (WeightedPool.ExitKind, uint256[], uint256));\n }\n}\n"
},
"src.sol/amm/pools/BasePool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../lib/math/FixedPoint.sol\";\nimport \"../lib/helpers/InputHelpers.sol\";\nimport \"../lib/helpers/TemporarilyPausable.sol\";\nimport \"../lib/openzeppelin/ERC20.sol\";\n\nimport \"./BalancerPoolToken.sol\";\nimport \"./BasePoolAuthorization.sol\";\nimport \"../vault/interfaces/IVault.sol\";\nimport \"../vault/interfaces/IBasePool.sol\";\n\n// This contract relies on tons of immutable state variables to perform efficient lookup, without resorting to storage\n// reads. Because immutable arrays are not supported, we instead declare a fixed set of state variables plus a total\n// count, resulting in a large number of state variables.\n\n// solhint-disable max-states-count\n\n/**\n * @dev Reference implementation for the base layer of a Pool contract that manages a single Pool with an immutable set\n * of registered tokens, no Asset Managers, an admin-controlled swap fee percentage, and an emergency pause mechanism.\n *\n * Note that neither swap fees nor the pause mechanism are used by this contract. They are passed through so that\n * derived contracts can use them via the `_addSwapFeeAmount` and `_subtractSwapFeeAmount` functions, and the\n * `whenNotPaused` modifier.\n *\n * No admin permissions are checked here: instead, this contract delegates that to the Vault's own Authorizer.\n *\n * Because this contract doesn't implement the swap hooks, derived contracts should generally inherit from\n * BaseGeneralPool or BaseMinimalSwapInfoPool. Otherwise, subclasses must inherit from the corresponding interfaces\n * and implement the swap callbacks themselves.\n */\nabstract contract BasePool is IBasePool, BasePoolAuthorization, BalancerPoolToken, TemporarilyPausable {\n using FixedPoint for uint256;\n\n uint256 private constant _MIN_TOKENS = 2;\n uint256 private constant _MAX_TOKENS = 8;\n\n // 1e18 corresponds to 1.0, or a 100% fee\n uint256 private constant _MIN_SWAP_FEE_PERCENTAGE = 1e12; // 0.0001%\n uint256 private constant _MAX_SWAP_FEE_PERCENTAGE = 1e17; // 10%\n\n uint256 private constant _MINIMUM_BPT = 1e6;\n\n uint256 internal _swapFeePercentage;\n\n IVault private immutable _vault;\n bytes32 private immutable _poolId;\n uint256 private immutable _totalTokens;\n\n IERC20 internal immutable _token0;\n IERC20 internal immutable _token1;\n IERC20 internal immutable _token2;\n IERC20 internal immutable _token3;\n IERC20 internal immutable _token4;\n IERC20 internal immutable _token5;\n IERC20 internal immutable _token6;\n IERC20 internal immutable _token7;\n\n // All token balances are normalized to behave as if the token had 18 decimals. We assume a token's decimals will\n // not change throughout its lifetime, and store the corresponding scaling factor for each at construction time.\n // These factors are always greater than or equal to one: tokens with more than 18 decimals are not supported.\n\n uint256 internal immutable _scalingFactor0;\n uint256 internal immutable _scalingFactor1;\n uint256 internal immutable _scalingFactor2;\n uint256 internal immutable _scalingFactor3;\n uint256 internal immutable _scalingFactor4;\n uint256 internal immutable _scalingFactor5;\n uint256 internal immutable _scalingFactor6;\n uint256 internal immutable _scalingFactor7;\n\n event SwapFeeChanged(uint256 swapFeePercentage);\n\n constructor(\n IVault vault,\n IVault.PoolSpecialization specialization,\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256 swapFeePercentage,\n uint256 pauseWindowDuration,\n uint256 bufferPeriodDuration,\n address owner\n )\n // Base Pools are expected to be deployed using factories. By using the factory address as the action\n // disambiguator, we make all Pools deployed by the same factory share action identifiers. This allows for\n // simpler management of permissions (such as being able to manage granting the 'set fee percentage' action in\n // any Pool created by the same factory), while still making action identifiers unique among different factories\n // if the selectors match, preventing accidental errors.\n Authentication(bytes32(uint256(msg.sender)))\n BalancerPoolToken(name, symbol)\n BasePoolAuthorization(owner)\n TemporarilyPausable(pauseWindowDuration, bufferPeriodDuration)\n {\n _require(tokens.length >= _MIN_TOKENS, Errors.MIN_TOKENS);\n _require(tokens.length <= _MAX_TOKENS, Errors.MAX_TOKENS);\n\n // The Vault only requires the token list to be ordered for the Two Token Pools specialization. However,\n // to make the developer experience consistent, we are requiring this condition for all the native pools.\n // Also, since these Pools will register tokens only once, we can ensure the Pool tokens will follow the same\n // order. We rely on this property to make Pools simpler to write, as it lets us assume that the\n // order of token-specific parameters (such as token weights) will not change.\n InputHelpers.ensureArrayIsSorted(tokens);\n\n _require(swapFeePercentage >= _MIN_SWAP_FEE_PERCENTAGE, Errors.MIN_SWAP_FEE_PERCENTAGE);\n _require(swapFeePercentage <= _MAX_SWAP_FEE_PERCENTAGE, Errors.MAX_SWAP_FEE_PERCENTAGE);\n\n bytes32 poolId = vault.registerPool(specialization);\n\n // Pass in zero addresses for Asset Managers\n vault.registerTokens(poolId, tokens, new address[](tokens.length));\n\n // Set immutable state variables - these cannot be read from during construction\n\n _vault = vault;\n _poolId = poolId;\n _swapFeePercentage = swapFeePercentage;\n _totalTokens = tokens.length;\n\n // Immutable variables cannot be initialized inside an if statement, so we must do conditional assignments\n\n _token0 = tokens.length > 0 ? tokens[0] : IERC20(0);\n _token1 = tokens.length > 1 ? tokens[1] : IERC20(0);\n _token2 = tokens.length > 2 ? tokens[2] : IERC20(0);\n _token3 = tokens.length > 3 ? tokens[3] : IERC20(0);\n _token4 = tokens.length > 4 ? tokens[4] : IERC20(0);\n _token5 = tokens.length > 5 ? tokens[5] : IERC20(0);\n _token6 = tokens.length > 6 ? tokens[6] : IERC20(0);\n _token7 = tokens.length > 7 ? tokens[7] : IERC20(0);\n\n _scalingFactor0 = tokens.length > 0 ? _computeScalingFactor(tokens[0]) : 0;\n _scalingFactor1 = tokens.length > 1 ? _computeScalingFactor(tokens[1]) : 0;\n _scalingFactor2 = tokens.length > 2 ? _computeScalingFactor(tokens[2]) : 0;\n _scalingFactor3 = tokens.length > 3 ? _computeScalingFactor(tokens[3]) : 0;\n _scalingFactor4 = tokens.length > 4 ? _computeScalingFactor(tokens[4]) : 0;\n _scalingFactor5 = tokens.length > 5 ? _computeScalingFactor(tokens[5]) : 0;\n _scalingFactor6 = tokens.length > 6 ? _computeScalingFactor(tokens[6]) : 0;\n _scalingFactor7 = tokens.length > 7 ? _computeScalingFactor(tokens[7]) : 0;\n }\n\n // Getters / Setters\n\n function getVault() public view returns (IVault) {\n return _vault;\n }\n\n function getPoolId() public view returns (bytes32) {\n return _poolId;\n }\n\n function _getTotalTokens() internal view returns (uint256) {\n return _totalTokens;\n }\n\n function getSwapFeePercentage() external view returns (uint256) {\n return _swapFeePercentage;\n }\n\n // Caller must be approved by the Vault's Authorizer\n function setSwapFeePercentage(uint256 swapFeePercentage) external virtual authenticate whenNotPaused {\n _require(swapFeePercentage >= _MIN_SWAP_FEE_PERCENTAGE, Errors.MIN_SWAP_FEE_PERCENTAGE);\n _require(swapFeePercentage <= _MAX_SWAP_FEE_PERCENTAGE, Errors.MAX_SWAP_FEE_PERCENTAGE);\n\n _swapFeePercentage = swapFeePercentage;\n emit SwapFeeChanged(swapFeePercentage);\n }\n\n // Caller must be approved by the Vault's Authorizer\n function setPaused(bool paused) external authenticate {\n _setPaused(paused);\n }\n\n // Join / Exit Hooks\n\n modifier onlyVault(bytes32 poolId) {\n _require(msg.sender == address(getVault()), Errors.CALLER_NOT_VAULT);\n _require(poolId == getPoolId(), Errors.INVALID_POOL_ID);\n _;\n }\n\n function onJoinPool(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n ) external virtual override onlyVault(poolId) returns (uint256[] memory, uint256[] memory) {\n uint256[] memory scalingFactors = _scalingFactors();\n\n if (totalSupply() == 0) {\n (uint256 bptAmountOut, uint256[] memory amountsIn) = _onInitializePool(poolId, sender, recipient, userData);\n\n // On initialization, we lock _MINIMUM_BPT by minting it for the zero address. This BPT acts as a minimum\n // as it will never be burned, which reduces potential issues with rounding, and also prevents the Pool from\n // ever being fully drained.\n _require(bptAmountOut >= _MINIMUM_BPT, Errors.MINIMUM_BPT);\n _mintPoolTokens(address(0), _MINIMUM_BPT);\n _mintPoolTokens(recipient, bptAmountOut - _MINIMUM_BPT);\n\n // amountsIn are amounts entering the Pool, so we round up.\n _downscaleUpArray(amountsIn, scalingFactors);\n\n return (amountsIn, new uint256[](_getTotalTokens()));\n } else {\n _upscaleArray(balances, scalingFactors);\n (uint256 bptAmountOut, uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts) = _onJoinPool(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n protocolSwapFeePercentage,\n userData\n );\n\n // Note we no longer use `balances` after calling `_onJoinPool`, which may mutate it.\n\n _mintPoolTokens(recipient, bptAmountOut);\n\n // amountsIn are amounts entering the Pool, so we round up.\n _downscaleUpArray(amountsIn, scalingFactors);\n // dueProtocolFeeAmounts are amounts exiting the Pool, so we round down.\n _downscaleDownArray(dueProtocolFeeAmounts, scalingFactors);\n\n return (amountsIn, dueProtocolFeeAmounts);\n }\n }\n\n function onExitPool(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n ) external virtual override onlyVault(poolId) returns (uint256[] memory, uint256[] memory) {\n uint256[] memory scalingFactors = _scalingFactors();\n _upscaleArray(balances, scalingFactors);\n\n (uint256 bptAmountIn, uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts) = _onExitPool(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n protocolSwapFeePercentage,\n userData\n );\n\n // Note we no longer use `balances` after calling `_onExitPool`, which may mutate it.\n\n _burnPoolTokens(sender, bptAmountIn);\n\n // Both amountsOut and dueProtocolFeeAmounts are amounts exiting the Pool, so we round down.\n _downscaleDownArray(amountsOut, scalingFactors);\n _downscaleDownArray(dueProtocolFeeAmounts, scalingFactors);\n\n return (amountsOut, dueProtocolFeeAmounts);\n }\n\n // Query functions\n\n /**\n * @dev Returns the amount of BPT that would be granted to `recipient` if the `onJoinPool` hook were called by the\n * Vault with the same arguments, along with the number of tokens `sender` would have to supply.\n *\n * This function is not meant to be called directly, but rather from a helper contract that fetches current Vault\n * data, such as the protocol swap fee percentage and Pool balances.\n *\n * Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must\n * explicitly use eth_call instead of eth_sendTransaction.\n */\n function queryJoin(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n ) external returns (uint256 bptOut, uint256[] memory amountsIn) {\n InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens());\n\n _queryAction(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n protocolSwapFeePercentage,\n userData,\n _onJoinPool,\n _downscaleUpArray\n );\n\n // The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement,\n // and we don't need to return anything here - it just silences compiler warnings.\n return (bptOut, amountsIn);\n }\n\n /**\n * @dev Returns the amount of BPT that would be burned from `sender` if the `onExitPool` hook were called by the\n * Vault with the same arguments, along with the number of tokens `recipient` would receive.\n *\n * This function is not meant to be called directly, but rather from a helper contract that fetches current Vault\n * data, such as the protocol swap fee percentage and Pool balances.\n *\n * Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must\n * explicitly use eth_call instead of eth_sendTransaction.\n */\n function queryExit(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n ) external returns (uint256 bptIn, uint256[] memory amountsOut) {\n InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens());\n\n _queryAction(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n protocolSwapFeePercentage,\n userData,\n _onExitPool,\n _downscaleDownArray\n );\n\n // The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement,\n // and we don't need to return anything here - it just silences compiler warnings.\n return (bptIn, amountsOut);\n }\n\n // Internal hooks to be overridden by derived contracts - all token amounts (except BPT) in these interfaces are\n // upscaled.\n\n /**\n * @dev Called when the Pool is joined for the first time; that is, when the BPT total supply is zero.\n *\n * Returns the amount of BPT to mint, and the token amounts the Pool will receive in return.\n *\n * Minted BPT will be sent to `recipient`, except for _MINIMUM_BPT, which will be deducted from this amount and sent\n * to the zero address instead. This will cause that BPT to remain forever locked there, preventing total BTP from\n * ever dropping below that value, and ensuring `_onInitializePool` can only be called once in the entire Pool's\n * lifetime.\n *\n * The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will\n * be downscaled (rounding up) before being returned to the Vault.\n */\n function _onInitializePool(\n bytes32 poolId,\n address sender,\n address recipient,\n bytes memory userData\n ) internal virtual returns (uint256 bptAmountOut, uint256[] memory amountsIn);\n\n /**\n * @dev Called whenever the Pool is joined after the first initialization join (see `_onInitializePool`).\n *\n * Returns the amount of BPT to mint, the token amounts that the Pool will receive in return, and the number of\n * tokens to pay in protocol swap fees.\n *\n * Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when\n * performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.\n *\n * Minted BPT will be sent to `recipient`.\n *\n * The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will\n * be downscaled (rounding up) before being returned to the Vault.\n *\n * Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onJoinPool`). These\n * amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault.\n */\n function _onJoinPool(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n )\n internal\n virtual\n returns (\n uint256 bptAmountOut,\n uint256[] memory amountsIn,\n uint256[] memory dueProtocolFeeAmounts\n );\n\n /**\n * @dev Called whenever the Pool is exited.\n *\n * Returns the amount of BPT to burn, the token amounts for each Pool token that the Pool will grant in return, and\n * the number of tokens to pay in protocol swap fees.\n *\n * Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when\n * performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.\n *\n * BPT will be burnt from `sender`.\n *\n * The Pool will grant tokens to `recipient`. These amounts are considered upscaled and will be downscaled\n * (rounding down) before being returned to the Vault.\n *\n * Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onExitPool`). These\n * amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault.\n */\n function _onExitPool(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n )\n internal\n virtual\n returns (\n uint256 bptAmountIn,\n uint256[] memory amountsOut,\n uint256[] memory dueProtocolFeeAmounts\n );\n\n // Internal functions\n\n /**\n * @dev Adds swap fee amount to `amount`, returning a higher value.\n */\n function _addSwapFeeAmount(uint256 amount) internal view returns (uint256) {\n // This returns amount + fee amount, so we round up (favoring a higher fee amount).\n return amount.divUp(_swapFeePercentage.complement());\n }\n\n /**\n * @dev Subtracts swap fee amount from `amount`, returning a lower value.\n */\n function _subtractSwapFeeAmount(uint256 amount) internal view returns (uint256) {\n // This returns amount - fee amount, so we round up (favoring a higher fee amount).\n uint256 feeAmount = amount.mulUp(_swapFeePercentage);\n return amount.sub(feeAmount);\n }\n\n // Scaling\n\n /**\n * @dev Returns a scaling factor that, when multiplied to a token amount for `token`, normalizes its balance as if\n * it had 18 decimals.\n */\n function _computeScalingFactor(IERC20 token) private view returns (uint256) {\n // Tokens that don't implement the `decimals` method are not supported.\n uint256 tokenDecimals = ERC20(address(token)).decimals();\n\n // Tokens with more than 18 decimals are not supported.\n uint256 decimalsDifference = Math.sub(18, tokenDecimals);\n return 10**decimalsDifference;\n }\n\n /**\n * @dev Returns the scaling factor for one of the Pool's tokens. Reverts if `token` is not a token registered by the\n * Pool.\n */\n function _scalingFactor(IERC20 token) internal view returns (uint256) {\n // prettier-ignore\n if (token == _token0) { return _scalingFactor0; }\n else if (token == _token1) { return _scalingFactor1; }\n else if (token == _token2) { return _scalingFactor2; }\n else if (token == _token3) { return _scalingFactor3; }\n else if (token == _token4) { return _scalingFactor4; }\n else if (token == _token5) { return _scalingFactor5; }\n else if (token == _token6) { return _scalingFactor6; }\n else if (token == _token7) { return _scalingFactor7; }\n else {\n _revert(Errors.INVALID_TOKEN);\n }\n }\n\n /**\n * @dev Returns all the scaling factors in the same order as the registered tokens. The Vault will always\n * pass balances in this order when calling any of the Pool hooks\n */\n function _scalingFactors() internal view returns (uint256[] memory) {\n uint256 totalTokens = _getTotalTokens();\n uint256[] memory scalingFactors = new uint256[](totalTokens);\n\n // prettier-ignore\n {\n if (totalTokens > 0) { scalingFactors[0] = _scalingFactor0; } else { return scalingFactors; }\n if (totalTokens > 1) { scalingFactors[1] = _scalingFactor1; } else { return scalingFactors; }\n if (totalTokens > 2) { scalingFactors[2] = _scalingFactor2; } else { return scalingFactors; }\n if (totalTokens > 3) { scalingFactors[3] = _scalingFactor3; } else { return scalingFactors; }\n if (totalTokens > 4) { scalingFactors[4] = _scalingFactor4; } else { return scalingFactors; }\n if (totalTokens > 5) { scalingFactors[5] = _scalingFactor5; } else { return scalingFactors; }\n if (totalTokens > 6) { scalingFactors[6] = _scalingFactor6; } else { return scalingFactors; }\n if (totalTokens > 7) { scalingFactors[7] = _scalingFactor7; } else { return scalingFactors; }\n }\n\n return scalingFactors;\n }\n\n /**\n * @dev Applies `scalingFactor` to `amount`, resulting in a larger or equal value depending on whether it needed\n * scaling or not.\n */\n function _upscale(uint256 amount, uint256 scalingFactor) internal pure returns (uint256) {\n return Math.mul(amount, scalingFactor);\n }\n\n /**\n * @dev Same as `_upscale`, but for an entire array. This function does not return anything, but instead *mutates*\n * the `amounts` array.\n */\n function _upscaleArray(uint256[] memory amounts, uint256[] memory scalingFactors) internal view {\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n amounts[i] = Math.mul(amounts[i], scalingFactors[i]);\n }\n }\n\n /**\n * @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on\n * whether it needed scaling or not. The result is rounded down.\n */\n function _downscaleDown(uint256 amount, uint256 scalingFactor) internal pure returns (uint256) {\n return Math.divDown(amount, scalingFactor);\n }\n\n /**\n * @dev Same as `_downscaleDown`, but for an entire array. This function does not return anything, but instead\n * *mutates* the `amounts` array.\n */\n function _downscaleDownArray(uint256[] memory amounts, uint256[] memory scalingFactors) internal view {\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n amounts[i] = Math.divDown(amounts[i], scalingFactors[i]);\n }\n }\n\n /**\n * @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on\n * whether it needed scaling or not. The result is rounded up.\n */\n function _downscaleUp(uint256 amount, uint256 scalingFactor) internal pure returns (uint256) {\n return Math.divUp(amount, scalingFactor);\n }\n\n /**\n * @dev Same as `_downscaleUp`, but for an entire array. This function does not return anything, but instead\n * *mutates* the `amounts` array.\n */\n function _downscaleUpArray(uint256[] memory amounts, uint256[] memory scalingFactors) internal view {\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n amounts[i] = Math.divUp(amounts[i], scalingFactors[i]);\n }\n }\n\n function _getAuthorizer() internal view override returns (IAuthorizer) {\n // Access control management is delegated to the Vault's Authorizer. This lets Balancer Governance manage which\n // accounts can call permissioned functions: for example, to perform emergency pauses.\n // If the owner is delegated, then *all* permissioned functions, including `setSwapFeePercentage`, will be under\n // Governance control.\n return getVault().getAuthorizer();\n }\n\n function _queryAction(\n bytes32 poolId,\n address sender,\n address recipient,\n uint256[] memory balances,\n uint256 lastChangeBlock,\n uint256 protocolSwapFeePercentage,\n bytes memory userData,\n function(bytes32, address, address, uint256[] memory, uint256, uint256, bytes memory)\n internal\n returns (uint256, uint256[] memory, uint256[] memory) _action,\n function(uint256[] memory, uint256[] memory) internal view _downscaleArray\n ) private {\n // This uses the same technique used by the Vault in queryBatchSwap. Refer to that function for a detailed\n // explanation.\n\n if (msg.sender != address(this)) {\n // We perform an external call to ourselves, forwarding the same calldata. In this call, the else clause of\n // the preceding if statement will be executed instead.\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, ) = address(this).call(msg.data);\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n // This call should always revert to decode the bpt and token amounts from the revert reason\n switch success\n case 0 {\n // Note we are manually writing the memory slot 0. We can safely overwrite whatever is\n // stored there as we take full control of the execution and then immediately return.\n\n // We copy the first 4 bytes to check if it matches with the expected signature, otherwise\n // there was another revert reason and we should forward it.\n returndatacopy(0, 0, 0x04)\n let error := and(mload(0), 0xffffffff00000000000000000000000000000000000000000000000000000000)\n\n // If the first 4 bytes don't match with the expected signature, we forward the revert reason.\n if eq(eq(error, 0x43adbafb00000000000000000000000000000000000000000000000000000000), 0) {\n returndatacopy(0, 0, returndatasize())\n revert(0, returndatasize())\n }\n\n // The returndata contains the signature, followed by the raw memory representation of the\n // `bptAmount` and `tokenAmounts` (array: length + data). We need to return an ABI-encoded\n // representation of these.\n // An ABI-encoded response will include one additional field to indicate the starting offset of\n // the `tokenAmounts` array. The `bptAmount` will be laid out in the first word of the\n // returndata.\n //\n // In returndata:\n // [ signature ][ bptAmount ][ tokenAmounts length ][ tokenAmounts values ]\n // [ 4 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ]\n //\n // We now need to return (ABI-encoded values):\n // [ bptAmount ][ tokeAmounts offset ][ tokenAmounts length ][ tokenAmounts values ]\n // [ 32 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ]\n\n // We copy 32 bytes for the `bptAmount` from returndata into memory.\n // Note that we skip the first 4 bytes for the error signature\n returndatacopy(0, 0x04, 32)\n\n // The offsets are 32-bytes long, so the array of `tokenAmounts` will start after\n // the initial 64 bytes.\n mstore(0x20, 64)\n\n // We now copy the raw memory array for the `tokenAmounts` from returndata into memory.\n // Since bpt amount and offset take up 64 bytes, we start copying at address 0x40. We also\n // skip the first 36 bytes from returndata, which correspond to the signature plus bpt amount.\n returndatacopy(0x40, 0x24, sub(returndatasize(), 36))\n\n // We finally return the ABI-encoded uint256 and the array, which has a total length equal to\n // the size of returndata, plus the 32 bytes of the offset but without the 4 bytes of the\n // error signature.\n return(0, add(returndatasize(), 28))\n }\n default {\n // This call should always revert, but we fail nonetheless if that didn't happen\n invalid()\n }\n }\n } else {\n uint256[] memory scalingFactors = _scalingFactors();\n _upscaleArray(balances, scalingFactors);\n\n (uint256 bptAmount, uint256[] memory tokenAmounts, ) = _action(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n protocolSwapFeePercentage,\n userData\n );\n\n _downscaleArray(tokenAmounts, scalingFactors);\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n // We will return a raw representation of `bptAmount` and `tokenAmounts` in memory, which is composed of\n // a 32-byte uint256, followed by a 32-byte for the array length, and finally the 32-byte uint256 values\n // Because revert expects a size in bytes, we multiply the array length (stored at `tokenAmounts`) by 32\n let size := mul(mload(tokenAmounts), 32)\n\n // We store the `bptAmount` in the previous slot to the `tokenAmounts` array. We can make sure there\n // will be at least one available slot due to how the memory scratch space works.\n // We can safely overwrite whatever is stored in this slot as we will revert immediately after that.\n let start := sub(tokenAmounts, 0x20)\n mstore(start, bptAmount)\n\n // We send one extra value for the error signature \"QueryError(uint256,uint256[])\" which is 0x43adbafb\n // We use the previous slot to `bptAmount`.\n mstore(sub(start, 0x20), 0x0000000000000000000000000000000000000000000000000000000043adbafb)\n start := sub(start, 0x04)\n\n // When copying from `tokenAmounts` into returndata, we copy the additional 68 bytes to also return\n // the `bptAmount`, the array 's length, and the error signature.\n revert(start, add(size, 68))\n }\n }\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/ERC20.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\nimport \"./IERC20.sol\";\nimport \"./SafeMath.sol\";\n\n/**\n * @dev Implementation of the {IERC20} interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using {_mint}.\n * For a generic mechanism see {ERC20PresetMinterPauser}.\n *\n * TIP: For a detailed writeup see our guide\n * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How\n * to implement supply mechanisms].\n *\n * We have followed general OpenZeppelin guidelines: functions revert instead\n * of returning `false` on failure. This behavior is nonetheless conventional\n * and does not conflict with the expectations of ERC20 applications.\n *\n * Additionally, an {Approval} event is emitted on calls to {transferFrom}.\n * This allows applications to reconstruct the allowance for all accounts just\n * by listening to said events. Other implementations of the EIP may not emit\n * these events, as it isn't required by the specification.\n *\n * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}\n * functions have been added to mitigate the well-known issues around setting\n * allowances. See {IERC20-approve}.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n mapping(address => uint256) private _balances;\n\n mapping(address => mapping(address => uint256)) private _allowances;\n\n uint256 private _totalSupply;\n\n string private _name;\n string private _symbol;\n uint8 private _decimals;\n\n /**\n * @dev Sets the values for {name} and {symbol}, initializes {decimals} with\n * a default value of 18.\n *\n * To select a different value for {decimals}, use {_setupDecimals}.\n *\n * All three of these values are immutable: they can only be set once during\n * construction.\n */\n constructor(string memory name_, string memory symbol_) {\n _name = name_;\n _symbol = symbol_;\n _decimals = 18;\n }\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is\n * called.\n *\n * NOTE: This information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * {IERC20-balanceOf} and {IERC20-transfer}.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\n\n /**\n * @dev See {IERC20-totalSupply}.\n */\n function totalSupply() public view override returns (uint256) {\n return _totalSupply;\n }\n\n /**\n * @dev See {IERC20-balanceOf}.\n */\n function balanceOf(address account) public view override returns (uint256) {\n return _balances[account];\n }\n\n /**\n * @dev See {IERC20-transfer}.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public virtual override returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\n\n /**\n * @dev See {IERC20-allowance}.\n */\n function allowance(address owner, address spender) public view virtual override returns (uint256) {\n return _allowances[owner][spender];\n }\n\n /**\n * @dev See {IERC20-approve}.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 amount) public virtual override returns (bool) {\n _approve(msg.sender, spender, amount);\n return true;\n }\n\n /**\n * @dev See {IERC20-transferFrom}.\n *\n * Emits an {Approval} event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of {ERC20}.\n *\n * Requirements:\n *\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n * - the caller must have allowance for ``sender``'s tokens of at least\n * `amount`.\n */\n function transferFrom(\n address sender,\n address recipient,\n uint256 amount\n ) public virtual override returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(\n sender,\n msg.sender,\n _allowances[sender][msg.sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE)\n );\n return true;\n }\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to {approve} that can be used as a mitigation for\n * problems described in {IERC20-approve}.\n *\n * Emits an {Approval} event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to {approve} that can be used as a mitigation for\n * problems described in {IERC20-approve}.\n *\n * Emits an {Approval} event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {\n _approve(\n msg.sender,\n spender,\n _allowances[msg.sender][spender].sub(subtractedValue, Errors.ERC20_DECREASED_ALLOWANCE_BELOW_ZERO)\n );\n return true;\n }\n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to {transfer}, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a {Transfer} event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n function _transfer(\n address sender,\n address recipient,\n uint256 amount\n ) internal virtual {\n _require(sender != address(0), Errors.ERC20_TRANSFER_FROM_ZERO_ADDRESS);\n _require(recipient != address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS);\n\n _beforeTokenTransfer(sender, recipient, amount);\n\n _balances[sender] = _balances[sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_BALANCE);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\n\n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a {Transfer} event with `from` set to the zero address.\n *\n * Requirements:\n *\n * - `to` cannot be the zero address.\n */\n function _mint(address account, uint256 amount) internal virtual {\n _require(account != address(0), Errors.ERC20_MINT_TO_ZERO_ADDRESS);\n\n _beforeTokenTransfer(address(0), account, amount);\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\n\n /**\n * @dev Destroys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a {Transfer} event with `to` set to the zero address.\n *\n * Requirements:\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 amount) internal virtual {\n _require(account != address(0), Errors.ERC20_BURN_FROM_ZERO_ADDRESS);\n\n _beforeTokenTransfer(account, address(0), amount);\n\n _balances[account] = _balances[account].sub(amount, Errors.ERC20_BURN_EXCEEDS_ALLOWANCE);\n _totalSupply = _totalSupply.sub(amount);\n emit Transfer(account, address(0), amount);\n }\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.\n *\n * This internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(\n address owner,\n address spender,\n uint256 amount\n ) internal virtual {\n _require(owner != address(0), Errors.ERC20_APPROVE_FROM_ZERO_ADDRESS);\n _require(spender != address(0), Errors.ERC20_APPROVE_TO_ZERO_ADDRESS);\n\n _allowances[owner][spender] = amount;\n emit Approval(owner, spender, amount);\n }\n\n /**\n * @dev Sets {decimals} to a value other than the default one of 18.\n *\n * WARNING: This function should only be called from the constructor. Most\n * applications that interact with token contracts will not expect\n * {decimals} to ever change, and may work incorrectly if it does.\n */\n function _setupDecimals(uint8 decimals_) internal {\n _decimals = decimals_;\n }\n\n /**\n * @dev Hook that is called before any transfer of tokens. This includes\n * minting and burning.\n *\n * Calling conditions:\n *\n * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens\n * will be to transferred to `to`.\n * - when `from` is zero, `amount` tokens will be minted for `to`.\n * - when `to` is zero, `amount` of ``from``'s tokens will be burned.\n * - `from` and `to` are never both zero.\n *\n * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].\n */\n function _beforeTokenTransfer(\n address from,\n address to,\n uint256 amount\n ) internal virtual {}\n}\n"
},
"src.sol/amm/pools/BalancerPoolToken.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../lib/math/Math.sol\";\nimport \"../lib/openzeppelin/IERC20.sol\";\nimport \"../lib/openzeppelin/IERC20Permit.sol\";\nimport \"../lib/openzeppelin/EIP712.sol\";\n\n/**\n * @title Highly opinionated token implementation\n * @author Balancer Labs\n * @dev\n * - Includes functions to increase and decrease allowance as a workaround\n * for the well-known issue with `approve`:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * - Allows for 'infinite allowance', where an allowance of 0xff..ff is not\n * decreased by calls to transferFrom\n * - Lets a token holder use `transferFrom` to send their own tokens,\n * without first setting allowance\n * - Emits 'Approval' events whenever allowance is changed by `transferFrom`\n */\ncontract BalancerPoolToken is IERC20, IERC20Permit, EIP712 {\n using Math for uint256;\n\n // State variables\n\n uint8 private constant _DECIMALS = 18;\n\n mapping(address => uint256) private _balance;\n mapping(address => mapping(address => uint256)) private _allowance;\n uint256 private _totalSupply;\n\n string private _name;\n string private _symbol;\n\n mapping(address => uint256) private _nonces;\n\n // solhint-disable-next-line var-name-mixedcase\n bytes32 private immutable _PERMIT_TYPE_HASH = keccak256(\n \"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)\"\n );\n\n // Function declarations\n\n constructor(string memory tokenName, string memory tokenSymbol) EIP712(tokenName, \"1\") {\n _name = tokenName;\n _symbol = tokenSymbol;\n }\n\n // External functions\n\n function allowance(address owner, address spender) external view override returns (uint256) {\n return _allowance[owner][spender];\n }\n\n function balanceOf(address account) external view override returns (uint256) {\n return _balance[account];\n }\n\n function approve(address spender, uint256 amount) external override returns (bool) {\n _setAllowance(msg.sender, spender, amount);\n\n return true;\n }\n\n function increaseApproval(address spender, uint256 amount) external returns (bool) {\n _setAllowance(msg.sender, spender, _allowance[msg.sender][spender].add(amount));\n\n return true;\n }\n\n function decreaseApproval(address spender, uint256 amount) external returns (bool) {\n uint256 currentAllowance = _allowance[msg.sender][spender];\n\n if (amount >= currentAllowance) {\n _setAllowance(msg.sender, spender, 0);\n } else {\n _setAllowance(msg.sender, spender, currentAllowance.sub(amount));\n }\n\n return true;\n }\n\n function transfer(address recipient, uint256 amount) external override returns (bool) {\n _move(msg.sender, recipient, amount);\n\n return true;\n }\n\n function transferFrom(\n address sender,\n address recipient,\n uint256 amount\n ) external override returns (bool) {\n uint256 currentAllowance = _allowance[sender][msg.sender];\n _require(msg.sender == sender || currentAllowance >= amount, Errors.INSUFFICIENT_ALLOWANCE);\n\n _move(sender, recipient, amount);\n\n if (msg.sender != sender && currentAllowance != uint256(-1)) {\n // Because of the previous require, we know that if msg.sender != sender then currentAllowance >= amount\n _setAllowance(sender, msg.sender, currentAllowance - amount);\n }\n\n return true;\n }\n\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) public virtual override {\n // solhint-disable-next-line not-rely-on-time\n _require(block.timestamp <= deadline, Errors.EXPIRED_PERMIT);\n\n uint256 nonce = _nonces[owner];\n\n bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPE_HASH, owner, spender, value, nonce, deadline));\n\n bytes32 hash = _hashTypedDataV4(structHash);\n\n address signer = ecrecover(hash, v, r, s);\n _require((signer != address(0)) && (signer == owner), Errors.INVALID_SIGNATURE);\n\n _nonces[owner] = nonce + 1;\n _setAllowance(owner, spender, value);\n }\n\n // Public functions\n\n function name() public view returns (string memory) {\n return _name;\n }\n\n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n function decimals() public pure returns (uint8) {\n return _DECIMALS;\n }\n\n function totalSupply() public view override returns (uint256) {\n return _totalSupply;\n }\n\n function nonces(address owner) external view override returns (uint256) {\n return _nonces[owner];\n }\n\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view override returns (bytes32) {\n return _domainSeparatorV4();\n }\n\n // Internal functions\n\n function _mintPoolTokens(address recipient, uint256 amount) internal {\n _balance[recipient] = _balance[recipient].add(amount);\n _totalSupply = _totalSupply.add(amount);\n emit Transfer(address(0), recipient, amount);\n }\n\n function _burnPoolTokens(address sender, uint256 amount) internal {\n uint256 currentBalance = _balance[sender];\n _require(currentBalance >= amount, Errors.INSUFFICIENT_BALANCE);\n\n _balance[sender] = currentBalance - amount;\n _totalSupply = _totalSupply.sub(amount);\n emit Transfer(sender, address(0), amount);\n }\n\n function _move(\n address sender,\n address recipient,\n uint256 amount\n ) internal {\n uint256 currentBalance = _balance[sender];\n _require(currentBalance >= amount, Errors.INSUFFICIENT_BALANCE);\n // Prohibit transfers to the zero address to avoid confusion with the\n // Transfer event emitted by `_burnPoolTokens`\n _require(recipient != address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS);\n\n _balance[sender] = currentBalance - amount;\n _balance[recipient] = _balance[recipient].add(amount);\n\n emit Transfer(sender, recipient, amount);\n }\n\n // Private functions\n\n function _setAllowance(\n address owner,\n address spender,\n uint256 amount\n ) private {\n _allowance[owner][spender] = amount;\n emit Approval(owner, spender, amount);\n }\n}\n"
},
"src.sol/amm/pools/BasePoolAuthorization.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../lib/helpers/Authentication.sol\";\nimport \"../vault/interfaces/IAuthorizer.sol\";\n\nimport \"./BasePool.sol\";\n\n/**\n * @dev Base authorization layer implementation for Pools.\n *\n * The owner account can call some of the permissioned functions - access control of the rest is delegated to the\n * Authorizer. Note that this owner is immutable: more sophisticated permission schemes, such as multiple ownership,\n * granular roles, etc., could be built on top of this by making the owner a smart contract.\n *\n * Access control of all other permissioned functions is delegated to an Authorizer. It is also possible to delegate\n * control of *all* permissioned functions to the Authorizer by setting the owner address to `_DELEGATE_OWNER`.\n */\nabstract contract BasePoolAuthorization is Authentication {\n address private immutable _owner;\n\n address private constant _DELEGATE_OWNER = 0xBA1BA1ba1BA1bA1bA1Ba1BA1ba1BA1bA1ba1ba1B;\n\n constructor(address owner) {\n _owner = owner;\n }\n\n function getOwner() public view returns (address) {\n return _owner;\n }\n\n function getAuthorizer() external view returns (IAuthorizer) {\n return _getAuthorizer();\n }\n\n function _canPerform(bytes32 actionId, address account) internal view override returns (bool) {\n if ((getOwner() != _DELEGATE_OWNER) && _isOwnerOnlyAction(actionId)) {\n // Only the owner can perform \"owner only\" actions, unless the owner is delegated.\n return msg.sender == getOwner();\n } else {\n // Non-owner actions are always processed via the Authorizer, as \"owner only\" ones are when delegated.\n return _getAuthorizer().canPerform(actionId, account, address(this));\n }\n }\n\n function _isOwnerOnlyAction(bytes32 actionId) private view returns (bool) {\n // This implementation hardcodes the setSwapFeePercentage action identifier.\n return actionId == getActionId(BasePool.setSwapFeePercentage.selector);\n }\n\n function _getAuthorizer() internal view virtual returns (IAuthorizer);\n}\n"
},
"src.sol/amm/lib/openzeppelin/SafeMath.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n _require(c >= a, Errors.ADD_OVERFLOW);\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n return sub(a, b, Errors.SUB_OVERFLOW);\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, uint256 errorCode) internal pure returns (uint256) {\n _require(b <= a, errorCode);\n uint256 c = a - b;\n\n return c;\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/IERC20Permit.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20Permit {\n /**\n * @dev Sets `value` as the allowance of `spender` over `owner`'s tokens,\n * given `owner`'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for `permit`, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n"
},
"src.sol/amm/pools/weighted/WeightedPoolFactory.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../vault/interfaces/IVault.sol\";\n\nimport \"../factories/BasePoolFactory.sol\";\nimport \"../factories/FactoryWidePauseWindow.sol\";\n\nimport \"./WeightedPool.sol\";\n\ncontract WeightedPoolFactory is BasePoolFactory, FactoryWidePauseWindow {\n constructor(IVault vault) BasePoolFactory(vault) {\n // solhint-disable-previous-line no-empty-blocks\n }\n\n /**\n * @dev Deploys a new `WeightedPool`.\n */\n function create(\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256[] memory weights,\n uint256 swapFeePercentage,\n address owner\n ) external returns (address) {\n (uint256 pauseWindowDuration, uint256 bufferPeriodDuration) = getPauseConfiguration();\n\n address pool = address(\n new WeightedPool(\n getVault(),\n name,\n symbol,\n tokens,\n weights,\n swapFeePercentage,\n pauseWindowDuration,\n bufferPeriodDuration,\n owner\n )\n );\n _register(pool);\n return pool;\n }\n}\n"
},
"src.sol/amm/pools/factories/BasePoolFactory.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../vault/interfaces/IVault.sol\";\nimport \"../../vault/interfaces/IBasePool.sol\";\n\n/**\n * @dev Base contract for Pool factories.\n *\n * Pools are deployed from factories to allow third parties to reason about them. Unknown Pools may have arbitrary\n * logic: being able to assert that a Pool's behavior follows certain rules (those imposed by the contracts created by\n * the factory) is very powerful.\n */\nabstract contract BasePoolFactory {\n IVault private immutable _vault;\n mapping(address => bool) private _isPoolFromFactory;\n\n event PoolCreated(address indexed pool);\n\n constructor(IVault vault) {\n _vault = vault;\n }\n\n /**\n * @dev Returns the Vault's address.\n */\n function getVault() public view returns (IVault) {\n return _vault;\n }\n\n /**\n * @dev Returns true if `pool` was created by this factory.\n */\n function isPoolFromFactory(address pool) external view returns (bool) {\n return _isPoolFromFactory[pool];\n }\n\n /**\n * @dev Registers a new created pool.\n *\n * Emits a `PoolCreated` event.\n */\n function _register(address pool) internal {\n _isPoolFromFactory[pool] = true;\n emit PoolCreated(pool);\n }\n}\n"
},
"src.sol/amm/pools/factories/FactoryWidePauseWindow.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\n/**\n * @dev Utility to create Pool factories for Pools that use the `TemporarilyPausable` contract.\n *\n * By calling `TemporarilyPausable`'s constructor with the result of `getPauseConfiguration`, all Pools created by this\n * factory will share the same Pause Window end time, after which both old and new Pools will not be pausable.\n */\ncontract FactoryWidePauseWindow {\n // This contract relies on timestamps in a similar way as `TemporarilyPausable` does - the same caveats apply.\n // solhint-disable not-rely-on-time\n\n uint256 private constant _INITIAL_PAUSE_WINDOW_DURATION = 90 days;\n uint256 private constant _BUFFER_PERIOD_DURATION = 30 days;\n\n // Time when the pause window for all created Pools expires, and the pause window duration of new Pools becomes\n // zero.\n uint256 private immutable _poolsPauseWindowEndTime;\n\n constructor() {\n _poolsPauseWindowEndTime = block.timestamp + _INITIAL_PAUSE_WINDOW_DURATION;\n }\n\n /**\n * @dev Returns the current `TemporarilyPausable` configuration that will be applied to Pools created by this\n * factory.\n *\n * `pauseWindowDuration` will decrease over time until it reaches zero, at which point both it and\n * `bufferPeriodDuration` will be zero forever, meaning deployed Pools will not be pausable.\n */\n function getPauseConfiguration() public view returns (uint256 pauseWindowDuration, uint256 bufferPeriodDuration) {\n uint256 currentTime = block.timestamp;\n if (currentTime < _poolsPauseWindowEndTime) {\n // The buffer period is always the same since its duration is related to how much time is needed to respond\n // to a potential emergency. The Pause Window duration however decreases as the end time approaches.\n\n pauseWindowDuration = _poolsPauseWindowEndTime - currentTime; // No need for checked arithmetic.\n bufferPeriodDuration = _BUFFER_PERIOD_DURATION;\n } else {\n // After the end time, newly created Pools have no Pause Window, nor Buffer Period (since they are not\n // pausable in the first place).\n\n pauseWindowDuration = 0;\n bufferPeriodDuration = 0;\n }\n }\n}\n"
},
"src.sol/amm/pools/stable/StablePoolFactory.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../vault/interfaces/IVault.sol\";\n\nimport \"../factories/BasePoolFactory.sol\";\nimport \"../factories/FactoryWidePauseWindow.sol\";\n\nimport \"./StablePool.sol\";\n\ncontract StablePoolFactory is BasePoolFactory, FactoryWidePauseWindow {\n constructor(IVault vault) BasePoolFactory(vault) {\n // solhint-disable-previous-line no-empty-blocks\n }\n\n /**\n * @dev Deploys a new `StablePool`.\n */\n function create(\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256 amplificationParameter,\n uint256 swapFeePercentage,\n address owner\n ) external returns (address) {\n (uint256 pauseWindowDuration, uint256 bufferPeriodDuration) = getPauseConfiguration();\n\n address pool = address(\n new StablePool(\n getVault(),\n name,\n symbol,\n tokens,\n amplificationParameter,\n swapFeePercentage,\n pauseWindowDuration,\n bufferPeriodDuration,\n owner\n )\n );\n _register(pool);\n return pool;\n }\n}\n"
},
"src.sol/amm/pools/stable/StablePool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../../lib/math/FixedPoint.sol\";\nimport \"../../lib/helpers/InputHelpers.sol\";\n\nimport \"../BaseGeneralPool.sol\";\n\nimport \"./StableMath.sol\";\nimport \"./StablePoolUserDataHelpers.sol\";\n\ncontract StablePool is BaseGeneralPool, StableMath {\n using FixedPoint for uint256;\n using StablePoolUserDataHelpers for bytes;\n\n uint256 private immutable _amplificationParameter;\n\n uint256 private _lastInvariant;\n\n enum JoinKind { INIT, EXACT_TOKENS_IN_FOR_BPT_OUT, TOKEN_IN_FOR_EXACT_BPT_OUT }\n enum ExitKind { EXACT_BPT_IN_FOR_ONE_TOKEN_OUT, EXACT_BPT_IN_FOR_TOKENS_OUT, BPT_IN_FOR_EXACT_TOKENS_OUT }\n\n constructor(\n IVault vault,\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256 amplificationParameter,\n uint256 swapFeePercentage,\n uint256 pauseWindowDuration,\n uint256 bufferPeriodDuration,\n address owner\n )\n BaseGeneralPool(\n vault,\n name,\n symbol,\n tokens,\n swapFeePercentage,\n pauseWindowDuration,\n bufferPeriodDuration,\n owner\n )\n {\n _require(amplificationParameter >= _MIN_AMP, Errors.MIN_AMP);\n _require(amplificationParameter <= _MAX_AMP, Errors.MAX_AMP);\n\n _require(tokens.length <= _MAX_STABLE_TOKENS, Errors.MAX_STABLE_TOKENS);\n\n _amplificationParameter = amplificationParameter;\n }\n\n function getAmplificationParameter() external view returns (uint256) {\n return _amplificationParameter;\n }\n\n // Base Pool handlers\n\n // Swap\n\n function _onSwapGivenIn(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) internal view virtual override whenNotPaused returns (uint256) {\n uint256 amountOut = StableMath._calcOutGivenIn(\n _amplificationParameter,\n balances,\n indexIn,\n indexOut,\n swapRequest.amount\n );\n\n return amountOut;\n }\n\n function _onSwapGivenOut(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) internal view virtual override whenNotPaused returns (uint256) {\n uint256 amountIn = StableMath._calcInGivenOut(\n _amplificationParameter,\n balances,\n indexIn,\n indexOut,\n swapRequest.amount\n );\n\n return amountIn;\n }\n\n // Initialize\n\n function _onInitializePool(\n bytes32,\n address,\n address,\n bytes memory userData\n ) internal virtual override whenNotPaused returns (uint256, uint256[] memory) {\n StablePool.JoinKind kind = userData.joinKind();\n _require(kind == StablePool.JoinKind.INIT, Errors.UNINITIALIZED);\n\n uint256[] memory amountsIn = userData.initialAmountsIn();\n InputHelpers.ensureInputLengthMatch(amountsIn.length, _getTotalTokens());\n _upscaleArray(amountsIn, _scalingFactors());\n\n uint256 invariantAfterJoin = StableMath._calculateInvariant(_amplificationParameter, amountsIn);\n uint256 bptAmountOut = invariantAfterJoin;\n\n _lastInvariant = invariantAfterJoin;\n\n return (bptAmountOut, amountsIn);\n }\n\n // Join\n\n function _onJoinPool(\n bytes32,\n address,\n address,\n uint256[] memory balances,\n uint256,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n )\n internal\n virtual\n override\n whenNotPaused\n returns (\n uint256,\n uint256[] memory,\n uint256[] memory\n )\n {\n // Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous join\n // or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids spending gas to\n // calculate the fee amounts during each individual swap.\n uint256[] memory dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(\n balances,\n _lastInvariant,\n protocolSwapFeePercentage\n );\n\n // Update the balances by subtracting the protocol fee amounts that will be charged by the Vault once this\n // function returns.\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n balances[i] = balances[i].sub(dueProtocolFeeAmounts[i]);\n }\n\n (uint256 bptAmountOut, uint256[] memory amountsIn) = _doJoin(balances, userData);\n\n // Update the invariant with the balances the Pool will have after the join, in order to compute the\n // protocol swap fee amounts due in future joins and exits.\n _lastInvariant = _invariantAfterJoin(balances, amountsIn);\n\n return (bptAmountOut, amountsIn, dueProtocolFeeAmounts);\n }\n\n function _doJoin(uint256[] memory balances, bytes memory userData)\n private\n view\n returns (uint256, uint256[] memory)\n {\n JoinKind kind = userData.joinKind();\n\n if (kind == JoinKind.EXACT_TOKENS_IN_FOR_BPT_OUT) {\n return _joinExactTokensInForBPTOut(balances, userData);\n } else if (kind == JoinKind.TOKEN_IN_FOR_EXACT_BPT_OUT) {\n return _joinTokenInForExactBPTOut(balances, userData);\n } else {\n _revert(Errors.UNHANDLED_JOIN_KIND);\n }\n }\n\n function _joinExactTokensInForBPTOut(uint256[] memory balances, bytes memory userData)\n private\n view\n returns (uint256, uint256[] memory)\n {\n (uint256[] memory amountsIn, uint256 minBPTAmountOut) = userData.exactTokensInForBptOut();\n InputHelpers.ensureInputLengthMatch(_getTotalTokens(), amountsIn.length);\n _upscaleArray(amountsIn, _scalingFactors());\n\n uint256 bptAmountOut = StableMath._calcBptOutGivenExactTokensIn(\n _amplificationParameter,\n balances,\n amountsIn,\n totalSupply(),\n _swapFeePercentage\n );\n\n _require(bptAmountOut >= minBPTAmountOut, Errors.BPT_OUT_MIN_AMOUNT);\n\n return (bptAmountOut, amountsIn);\n }\n\n function _joinTokenInForExactBPTOut(uint256[] memory balances, bytes memory userData)\n private\n view\n returns (uint256, uint256[] memory)\n {\n (uint256 bptAmountOut, uint256 tokenIndex) = userData.tokenInForExactBptOut();\n\n uint256 amountIn = StableMath._calcTokenInGivenExactBptOut(\n _amplificationParameter,\n balances,\n tokenIndex,\n bptAmountOut,\n totalSupply(),\n _swapFeePercentage\n );\n\n // We are joining with a single token, so initialize downscaledAmountsIn with zeros, and\n // only set downscaledAmountsIn[tokenIndex]\n uint256[] memory downscaledAmountsIn = new uint256[](_getTotalTokens());\n downscaledAmountsIn[tokenIndex] = amountIn;\n\n return (bptAmountOut, downscaledAmountsIn);\n }\n\n // Exit\n\n function _onExitPool(\n bytes32,\n address,\n address,\n uint256[] memory balances,\n uint256,\n uint256 protocolSwapFeePercentage,\n bytes memory userData\n )\n internal\n virtual\n override\n returns (\n uint256 bptAmountIn,\n uint256[] memory amountsOut,\n uint256[] memory dueProtocolFeeAmounts\n )\n {\n if (_isNotPaused()) {\n // Due protocol swap fee amounts are computed by measuring the growth of the invariant between the previous\n // join or exit event and now - the invariant's growth is due exclusively to swap fees. This avoids\n // spending gas calculating fee amounts during each individual swap\n dueProtocolFeeAmounts = _getDueProtocolFeeAmounts(balances, _lastInvariant, protocolSwapFeePercentage);\n\n // Update the balances by subtracting the protocol fee amounts that will be charged by the Vault once this\n // function returns.\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n balances[i] = balances[i].sub(dueProtocolFeeAmounts[i]);\n }\n } else {\n // To avoid extra calculations, swap protocol fee amounts are not charged when the contract is paused.\n dueProtocolFeeAmounts = new uint256[](_getTotalTokens());\n }\n\n (bptAmountIn, amountsOut) = _doExit(balances, userData);\n\n // Update the invariant with the balances the Pool will have after the exit, in order to compute the\n // protocol swap fee amounts due in future joins and exits.\n _lastInvariant = _invariantAfterExit(balances, amountsOut);\n\n return (bptAmountIn, amountsOut, dueProtocolFeeAmounts);\n }\n\n function _doExit(uint256[] memory balances, bytes memory userData)\n private\n view\n returns (uint256, uint256[] memory)\n {\n ExitKind kind = userData.exitKind();\n\n if (kind == ExitKind.EXACT_BPT_IN_FOR_ONE_TOKEN_OUT) {\n return _exitExactBPTInForTokenOut(balances, userData);\n } else if (kind == ExitKind.EXACT_BPT_IN_FOR_TOKENS_OUT) {\n return _exitExactBPTInForTokensOut(balances, userData);\n } else {\n // ExitKind.BPT_IN_FOR_EXACT_TOKENS_OUT\n return _exitBPTInForExactTokensOut(balances, userData);\n }\n }\n\n function _exitExactBPTInForTokenOut(uint256[] memory balances, bytes memory userData)\n private\n view\n whenNotPaused\n returns (uint256, uint256[] memory)\n {\n // This exit function is disabled if the contract is paused.\n uint256 totalTokens = _getTotalTokens();\n (uint256 bptAmountIn, uint256 tokenIndex) = userData.exactBptInForTokenOut();\n _require(tokenIndex < totalTokens, Errors.OUT_OF_BOUNDS);\n\n // We exit in a single token, so initialize amountsOut with zeros and only set amountsOut[tokenIndex]\n uint256[] memory amountsOut = new uint256[](totalTokens);\n\n amountsOut[tokenIndex] = StableMath._calcTokenOutGivenExactBptIn(\n _amplificationParameter,\n balances,\n tokenIndex,\n bptAmountIn,\n totalSupply(),\n _swapFeePercentage\n );\n\n return (bptAmountIn, amountsOut);\n }\n\n function _exitExactBPTInForTokensOut(uint256[] memory balances, bytes memory userData)\n private\n view\n returns (uint256, uint256[] memory)\n {\n // This exit function is the only one that is not disabled if the contract is paused: it remains unrestricted\n // in an attempt to provide users with a mechanism to retrieve their tokens in case of an emergency.\n // This particular exit function is the only one that remains available because it is the simplest one, and\n // therefore the one with the lowest likelihood of errors.\n uint256 bptAmountIn = userData.exactBptInForTokensOut();\n\n uint256[] memory amountsOut = StableMath._calcTokensOutGivenExactBptIn(balances, bptAmountIn, totalSupply());\n\n return (bptAmountIn, amountsOut);\n }\n\n function _exitBPTInForExactTokensOut(uint256[] memory balances, bytes memory userData)\n private\n view\n whenNotPaused\n returns (uint256, uint256[] memory)\n {\n // This exit function is disabled if the contract is paused.\n\n (uint256[] memory amountsOut, uint256 maxBPTAmountIn) = userData.bptInForExactTokensOut();\n InputHelpers.ensureInputLengthMatch(amountsOut.length, _getTotalTokens());\n\n _upscaleArray(amountsOut, _scalingFactors());\n\n uint256 bptAmountIn = StableMath._calcBptInGivenExactTokensOut(\n _amplificationParameter,\n balances,\n amountsOut,\n totalSupply(),\n _swapFeePercentage\n );\n\n _require(bptAmountIn <= maxBPTAmountIn, Errors.BPT_IN_MAX_AMOUNT);\n\n return (bptAmountIn, amountsOut);\n }\n\n // Helpers\n\n function _getDueProtocolFeeAmounts(\n uint256[] memory balances,\n uint256 previousInvariant,\n uint256 protocolSwapFeePercentage\n ) private view returns (uint256[] memory) {\n // Initialize with zeros\n uint256[] memory dueProtocolFeeAmounts = new uint256[](_getTotalTokens());\n\n // Early exit if there is no protocol swap fee\n if (protocolSwapFeePercentage == 0) {\n return dueProtocolFeeAmounts;\n }\n\n // Instead of paying the protocol swap fee in all tokens proportionally, we will pay it in a single one. This\n // will reduce gas costs for single asset joins and exits, as at most only two Pool balances will change (the\n // token joined/exited, and the token in which fees will be paid).\n\n // The protocol fee is charged using the token with the highest balance in the pool.\n uint256 chosenTokenIndex = 0;\n uint256 maxBalance = balances[0];\n for (uint256 i = 1; i < _getTotalTokens(); ++i) {\n uint256 currentBalance = balances[i];\n if (currentBalance > maxBalance) {\n chosenTokenIndex = i;\n maxBalance = currentBalance;\n }\n }\n\n // Set the fee amount to pay in the selected token\n dueProtocolFeeAmounts[chosenTokenIndex] = StableMath._calcDueTokenProtocolSwapFeeAmount(\n _amplificationParameter,\n balances,\n previousInvariant,\n chosenTokenIndex,\n protocolSwapFeePercentage\n );\n\n return dueProtocolFeeAmounts;\n }\n\n function _invariantAfterJoin(uint256[] memory balances, uint256[] memory amountsIn) private view returns (uint256) {\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n balances[i] = balances[i].add(amountsIn[i]);\n }\n\n return StableMath._calculateInvariant(_amplificationParameter, balances);\n }\n\n function _invariantAfterExit(uint256[] memory balances, uint256[] memory amountsOut)\n private\n view\n returns (uint256)\n {\n for (uint256 i = 0; i < _getTotalTokens(); ++i) {\n balances[i] = balances[i].sub(amountsOut[i]);\n }\n\n return StableMath._calculateInvariant(_amplificationParameter, balances);\n }\n\n /**\n * @dev This function returns the appreciation of one BPT relative to the\n * underlying tokens. This starts at 1 when the pool is created and grows over time\n */\n function getRate() public view returns (uint256) {\n (, uint256[] memory balances, ) = getVault().getPoolTokens(getPoolId());\n return StableMath._calculateInvariant(_amplificationParameter, balances).divDown(totalSupply());\n }\n}\n"
},
"src.sol/amm/pools/BaseGeneralPool.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"./BasePool.sol\";\nimport \"../vault/interfaces/IGeneralPool.sol\";\n\n/**\n * @dev Extension of `BasePool`, adding a handler for `IGeneralPool.onSwap`.\n *\n * Derived contracts must implement `_onSwapGivenIn` and `_onSwapGivenOut` along with `BasePool`'s virtual functions.\n */\nabstract contract BaseGeneralPool is IGeneralPool, BasePool {\n constructor(\n IVault vault,\n string memory name,\n string memory symbol,\n IERC20[] memory tokens,\n uint256 swapFeePercentage,\n uint256 pauseWindowDuration,\n uint256 bufferPeriodDuration,\n address owner\n )\n BasePool(\n vault,\n IVault.PoolSpecialization.GENERAL,\n name,\n symbol,\n tokens,\n swapFeePercentage,\n pauseWindowDuration,\n bufferPeriodDuration,\n owner\n )\n {\n // solhint-disable-previous-line no-empty-blocks\n }\n\n // Swap Hooks\n\n function onSwap(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) external view virtual override returns (uint256) {\n _validateIndexes(indexIn, indexOut, _getTotalTokens());\n uint256[] memory scalingFactors = _scalingFactors();\n\n return\n swapRequest.kind == IVault.SwapKind.GIVEN_IN\n ? _swapGivenIn(swapRequest, balances, indexIn, indexOut, scalingFactors)\n : _swapGivenOut(swapRequest, balances, indexIn, indexOut, scalingFactors);\n }\n\n function _swapGivenIn(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut,\n uint256[] memory scalingFactors\n ) internal view returns (uint256) {\n // Fees are subtracted before scaling, to reduce the complexity of the rounding direction analysis.\n swapRequest.amount = _subtractSwapFeeAmount(swapRequest.amount);\n\n _upscaleArray(balances, scalingFactors);\n swapRequest.amount = _upscale(swapRequest.amount, scalingFactors[indexIn]);\n\n uint256 amountOut = _onSwapGivenIn(swapRequest, balances, indexIn, indexOut);\n\n // amountOut tokens are exiting the Pool, so we round down.\n return _downscaleDown(amountOut, scalingFactors[indexOut]);\n }\n\n function _swapGivenOut(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut,\n uint256[] memory scalingFactors\n ) internal view returns (uint256) {\n _upscaleArray(balances, scalingFactors);\n swapRequest.amount = _upscale(swapRequest.amount, scalingFactors[indexOut]);\n\n uint256 amountIn = _onSwapGivenOut(swapRequest, balances, indexIn, indexOut);\n\n // amountIn tokens are entering the Pool, so we round up.\n amountIn = _downscaleUp(amountIn, scalingFactors[indexIn]);\n\n // Fees are added after scaling happens, to reduce the complexity of the rounding direction analysis.\n return _addSwapFeeAmount(amountIn);\n }\n\n /*\n * @dev Called when a swap with the Pool occurs, where the amount of tokens entering the Pool is known.\n *\n * Returns the amount of tokens that will be taken from the Pool in return.\n *\n * All amounts inside `swapRequest` and `balances` are upscaled. The swap fee has already been deducted from\n * `swapRequest.amount`.\n *\n * The return value is also considered upscaled, and will be downscaled (rounding down) before returning it to the\n * Vault.\n */\n function _onSwapGivenIn(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) internal view virtual returns (uint256);\n\n /*\n * @dev Called when a swap with the Pool occurs, where the amount of tokens exiting the Pool is known.\n *\n * Returns the amount of tokens that will be granted to the Pool in return.\n *\n * All amounts inside `swapRequest` and `balances` are upscaled.\n *\n * The return value is also considered upscaled, and will be downscaled (rounding up) before applying the swap fee\n * and returning it to the Vault.\n */\n function _onSwapGivenOut(\n SwapRequest memory swapRequest,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) internal view virtual returns (uint256);\n\n function _validateIndexes(\n uint256 indexIn,\n uint256 indexOut,\n uint256 limit\n ) private pure {\n _require(indexIn < limit && indexOut < limit, Errors.OUT_OF_BOUNDS);\n }\n}\n"
},
"src.sol/amm/pools/stable/StableMath.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/math/Math.sol\";\nimport \"../../lib/math/FixedPoint.sol\";\n\n// This is a contract to emulate file-level functions. Convert to a library\n// after the migration to solc v0.7.1.\n\n// solhint-disable private-vars-leading-underscore\n// solhint-disable var-name-mixedcase\n\ncontract StableMath {\n using FixedPoint for uint256;\n\n uint256 internal constant _MIN_AMP = 1e18;\n uint256 internal constant _MAX_AMP = 5000 * (1e18);\n\n uint256 internal constant _MAX_STABLE_TOKENS = 5;\n\n // Computes the invariant given the current balances, using the Newton-Raphson approximation.\n // The amplification parameter equals: A n^(n-1)\n function _calculateInvariant(uint256 amplificationParameter, uint256[] memory balances)\n internal\n pure\n returns (uint256)\n {\n /**********************************************************************************************\n // invariant //\n // D = invariant D^(n+1) //\n // A = amplification coefficient A n^n S + D = A D n^n + ----------- //\n // S = sum of balances n^n P //\n // P = product of balances //\n // n = number of tokens //\n *********x************************************************************************************/\n\n // We round up the invariant.\n\n uint256 sum = 0;\n uint256 numTokens = balances.length;\n for (uint256 i = 0; i < numTokens; i++) {\n sum = sum.add(balances[i]);\n }\n if (sum == 0) {\n return 0;\n }\n uint256 prevInvariant = 0;\n uint256 invariant = sum;\n uint256 ampTimesTotal = Math.mul(amplificationParameter, numTokens);\n\n for (uint256 i = 0; i < 255; i++) {\n uint256 P_D = Math.mul(numTokens, balances[0]);\n for (uint256 j = 1; j < numTokens; j++) {\n P_D = Math.divUp(Math.mul(Math.mul(P_D, balances[j]), numTokens), invariant);\n }\n prevInvariant = invariant;\n invariant = Math.divUp(\n Math.mul(Math.mul(numTokens, invariant), invariant).add(Math.mul(Math.mul(ampTimesTotal, sum), P_D)),\n Math.mul(numTokens.add(1), invariant).add(Math.mul(ampTimesTotal.sub(1), P_D))\n );\n\n if (invariant > prevInvariant) {\n if (invariant.sub(prevInvariant) <= 1) {\n break;\n }\n } else if (prevInvariant.sub(invariant) <= 1) {\n break;\n }\n }\n return invariant;\n }\n\n // Computes how many tokens can be taken out of a pool if `tokenAmountIn` are sent, given the current balances.\n // The amplification parameter equals: A n^(n-1)\n function _calcOutGivenIn(\n uint256 amplificationParameter,\n uint256[] memory balances,\n uint256 tokenIndexIn,\n uint256 tokenIndexOut,\n uint256 tokenAmountIn\n ) internal pure returns (uint256) {\n /**************************************************************************************************************\n // outGivenIn token x for y - polynomial equation to solve //\n // ay = amount out to calculate //\n // by = balance token out //\n // y = by - ay (finalBalanceOut) //\n // D = invariant D D^(n+1) //\n // A = amplification coefficient y^2 + ( S - ---------- - D) * y - ------------- = 0 //\n // n = number of tokens (A * n^n) A * n^2n * P //\n // S = sum of final balances but y //\n // P = product of final balances but y //\n **************************************************************************************************************/\n\n // Amount out, so we round down overall.\n\n uint256 invariant = _calculateInvariant(amplificationParameter, balances);\n\n balances[tokenIndexIn] = balances[tokenIndexIn].add(tokenAmountIn);\n\n uint256 finalBalanceOut = _getTokenBalanceGivenInvariantAndAllOtherBalances(\n amplificationParameter,\n balances,\n invariant,\n tokenIndexOut\n );\n\n balances[tokenIndexIn] = balances[tokenIndexIn].sub(tokenAmountIn);\n\n return balances[tokenIndexOut].sub(finalBalanceOut).sub(1);\n }\n\n // Computes how many tokens must be sent to a pool if `tokenAmountOut` are sent given the\n // current balances, using the Newton-Raphson approximation.\n // The amplification parameter equals: A n^(n-1)\n function _calcInGivenOut(\n uint256 amplificationParameter,\n uint256[] memory balances,\n uint256 tokenIndexIn,\n uint256 tokenIndexOut,\n uint256 tokenAmountOut\n ) internal pure returns (uint256) {\n /**************************************************************************************************************\n // inGivenOut token x for y - polynomial equation to solve //\n // ax = amount in to calculate //\n // bx = balance token in //\n // x = bx + ax (finalBalanceIn) //\n // D = invariant D D^(n+1) //\n // A = amplification coefficient x^2 + ( S - ---------- - D) * x - ------------- = 0 //\n // n = number of tokens (A * n^n) A * n^2n * P //\n // S = sum of final balances but x //\n // P = product of final balances but x //\n **************************************************************************************************************/\n\n // Amount in, so we round up overall.\n\n uint256 invariant = _calculateInvariant(amplificationParameter, balances);\n\n balances[tokenIndexOut] = balances[tokenIndexOut].sub(tokenAmountOut);\n\n uint256 finalBalanceIn = _getTokenBalanceGivenInvariantAndAllOtherBalances(\n amplificationParameter,\n balances,\n invariant,\n tokenIndexIn\n );\n\n balances[tokenIndexOut] = balances[tokenIndexOut].add(tokenAmountOut);\n\n return finalBalanceIn.sub(balances[tokenIndexIn]).add(1);\n }\n\n /*\n TODO: document it correctly\n Flow of calculations:\n amountsTokenIn -> amountsInProportional ->\n amountsInPercentageExcess -> amountsInAfterFee -> newInvariant -> amountBPTOut\n TODO: remove equations below and save them to Notion documentation\n amountInPercentageExcess = 1 - amountInProportional/amountIn (if amountIn>amountInProportional)\n amountInAfterFee = amountIn * (1 - swapFeePercentage * amountInPercentageExcess)\n amountInAfterFee = amountIn - fee amount\n fee amount = (amountIn - amountInProportional) * swapFeePercentage\n amountInAfterFee = amountIn - (amountIn - amountInProportional) * swapFeePercentage\n amountInAfterFee = amountIn * (1 - (1 - amountInProportional/amountIn) * swapFeePercentage)\n amountInAfterFee = amountIn * (1 - amountInPercentageExcess * swapFeePercentage)\n */\n function _calcBptOutGivenExactTokensIn(\n uint256 amp,\n uint256[] memory balances,\n uint256[] memory amountsIn,\n uint256 bptTotalSupply,\n uint256 swapFeePercentage\n ) internal pure returns (uint256) {\n // BPT out, so we round down overall.\n\n // Get current invariant\n uint256 currentInvariant = _calculateInvariant(amp, balances);\n\n // First loop calculates the sum of all token balances, which will be used to calculate\n // the current weights of each token, relative to this sum\n uint256 sumBalances = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n sumBalances = sumBalances.add(balances[i]);\n }\n\n // Calculate the weighted balance ratio without considering fees\n uint256[] memory tokenBalanceRatiosWithoutFee = new uint256[](amountsIn.length);\n // The weighted sum of token balance ratios without fee\n uint256 weightedBalanceRatio = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n uint256 currentWeight = balances[i].divDown(sumBalances);\n tokenBalanceRatiosWithoutFee[i] = balances[i].add(amountsIn[i]).divDown(balances[i]);\n weightedBalanceRatio = weightedBalanceRatio.add(tokenBalanceRatiosWithoutFee[i].mulDown(currentWeight));\n }\n\n // Second loop calculates new amounts in, taking into account the fee on the percentage excess\n uint256[] memory newBalances = new uint256[](balances.length);\n for (uint256 i = 0; i < balances.length; i++) {\n // Percentage of the amount supplied that will be implicitly swapped for other tokens in the pool\n uint256 tokenBalancePercentageExcess;\n // Some tokens might have amounts supplied in excess of a 'balanced' join: these are identified if\n // the token's balance ratio without fee is larger than the weighted balance ratio, and swap fees are\n // charged on the swap amount\n if (weightedBalanceRatio >= tokenBalanceRatiosWithoutFee[i]) {\n tokenBalancePercentageExcess = 0;\n } else {\n tokenBalancePercentageExcess = tokenBalanceRatiosWithoutFee[i].sub(weightedBalanceRatio).divUp(\n tokenBalanceRatiosWithoutFee[i].sub(FixedPoint.ONE)\n );\n }\n\n uint256 swapFeeExcess = swapFeePercentage.mulUp(tokenBalancePercentageExcess);\n\n uint256 amountInAfterFee = amountsIn[i].mulDown(swapFeeExcess.complement());\n\n newBalances[i] = balances[i].add(amountInAfterFee);\n }\n\n // get the new invariant, taking swap fees into account\n uint256 newInvariant = _calculateInvariant(amp, newBalances);\n\n // return amountBPTOut\n return bptTotalSupply.mulDown(newInvariant.divDown(currentInvariant).sub(FixedPoint.ONE));\n }\n\n /*\n TODO: document it correctly\n Flow of calculations:\n amountBPTOut -> newInvariant -> (amountInProportional, amountInAfterFee) ->\n amountInPercentageExcess -> amountIn\n */\n function _calcTokenInGivenExactBptOut(\n uint256 amp,\n uint256[] memory balances,\n uint256 tokenIndex,\n uint256 bptAmountOut,\n uint256 bptTotalSupply,\n uint256 swapFeePercentage\n ) internal pure returns (uint256) {\n // Token in, so we round up overall.\n\n // Get the current invariant\n uint256 currentInvariant = _calculateInvariant(amp, balances);\n\n // Calculate new invariant\n uint256 newInvariant = bptTotalSupply.add(bptAmountOut).divUp(bptTotalSupply).mulUp(currentInvariant);\n\n // First calculate the sum of all token balances, which will be used to calculate\n // the current weight of each token\n uint256 sumBalances = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n sumBalances = sumBalances.add(balances[i]);\n }\n\n // get amountInAfterFee\n uint256 newBalanceTokenIndex = _getTokenBalanceGivenInvariantAndAllOtherBalances(\n amp,\n balances,\n newInvariant,\n tokenIndex\n );\n uint256 amountInAfterFee = newBalanceTokenIndex.sub(balances[tokenIndex]);\n\n // Get tokenBalancePercentageExcess\n uint256 currentWeight = balances[tokenIndex].divDown(sumBalances);\n uint256 tokenBalancePercentageExcess = currentWeight.complement();\n\n uint256 swapFeeExcess = swapFeePercentage.mulUp(tokenBalancePercentageExcess);\n\n return amountInAfterFee.divUp(swapFeeExcess.complement());\n }\n\n /*\n Flow of calculations:\n amountsTokenOut -> amountsOutProportional ->\n amountOutPercentageExcess -> amountOutBeforeFee -> newInvariant -> amountBPTIn\n */\n function _calcBptInGivenExactTokensOut(\n uint256 amp,\n uint256[] memory balances,\n uint256[] memory amountsOut,\n uint256 bptTotalSupply,\n uint256 swapFee\n ) internal pure returns (uint256) {\n // BPT in, so we round up overall.\n\n // Get the current invariant\n uint256 currentInvariant = _calculateInvariant(amp, balances);\n\n // First loop calculates the sum of all token balances, which will be used to calculate\n // the current weights of each token relative to this sum\n uint256 sumBalances = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n sumBalances = sumBalances.add(balances[i]);\n }\n\n // Calculate the weighted balance ratio without considering fees\n uint256[] memory tokenBalanceRatiosWithoutFee = new uint256[](amountsOut.length);\n uint256 weightedBalanceRatio = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n uint256 currentWeight = balances[i].divUp(sumBalances);\n tokenBalanceRatiosWithoutFee[i] = balances[i].sub(amountsOut[i]).divUp(balances[i]);\n weightedBalanceRatio = weightedBalanceRatio.add(tokenBalanceRatiosWithoutFee[i].mulUp(currentWeight));\n }\n\n // Second loop calculates new amounts in, taking into account the fee on the percentage excess\n uint256[] memory newBalances = new uint256[](balances.length);\n for (uint256 i = 0; i < balances.length; i++) {\n uint256 tokenBalancePercentageExcess;\n // Compare each tokenBalanceRatioWithoutFee to the total weighted ratio (weightedBalanceRatio), and\n // decrease the fee by the excess amount\n if (weightedBalanceRatio <= tokenBalanceRatiosWithoutFee[i]) {\n tokenBalancePercentageExcess = 0;\n } else {\n tokenBalancePercentageExcess = weightedBalanceRatio.sub(tokenBalanceRatiosWithoutFee[i]).divUp(\n tokenBalanceRatiosWithoutFee[i].complement()\n );\n }\n\n uint256 swapFeeExcess = swapFee.mulUp(tokenBalancePercentageExcess);\n\n uint256 amountOutBeforeFee = amountsOut[i].divUp(swapFeeExcess.complement());\n\n newBalances[i] = balances[i].sub(amountOutBeforeFee);\n }\n\n // get the new invariant, taking into account swap fees\n uint256 newInvariant = _calculateInvariant(amp, newBalances);\n\n // return amountBPTIn\n return bptTotalSupply.mulUp(newInvariant.divUp(currentInvariant).complement());\n }\n\n /*\n TODO: document it correctly\n Flow of calculations:\n amountBPTin -> newInvariant -> (amountOutProportional, amountOutBeforeFee) ->\n amountOutPercentageExcess -> amountOut\n */\n function _calcTokenOutGivenExactBptIn(\n uint256 amp,\n uint256[] memory balances,\n uint256 tokenIndex,\n uint256 bptAmountIn,\n uint256 bptTotalSupply,\n uint256 swapFeePercentage\n ) internal pure returns (uint256) {\n // Get the current invariant\n uint256 currentInvariant = _calculateInvariant(amp, balances);\n // Calculate the new invariant\n uint256 newInvariant = bptTotalSupply.sub(bptAmountIn).divUp(bptTotalSupply).mulUp(currentInvariant);\n\n // First calculate the sum of all token balances, which will be used to calculate\n // the current weight of each token\n uint256 sumBalances = 0;\n for (uint256 i = 0; i < balances.length; i++) {\n sumBalances = sumBalances.add(balances[i]);\n }\n\n // get amountOutBeforeFee\n uint256 newBalanceTokenIndex = _getTokenBalanceGivenInvariantAndAllOtherBalances(\n amp,\n balances,\n newInvariant,\n tokenIndex\n );\n uint256 amountOutBeforeFee = balances[tokenIndex].sub(newBalanceTokenIndex);\n\n // Calculate tokenBalancePercentageExcess\n uint256 currentWeight = balances[tokenIndex].divDown(sumBalances);\n uint256 tokenBalancePercentageExcess = currentWeight.complement();\n\n uint256 swapFeeExcess = swapFeePercentage.mulUp(tokenBalancePercentageExcess);\n\n return amountOutBeforeFee.mulDown(swapFeeExcess.complement());\n }\n\n function _calcTokensOutGivenExactBptIn(\n uint256[] memory balances,\n uint256 bptAmountIn,\n uint256 bptTotalSupply\n ) internal pure returns (uint256[] memory) {\n /**********************************************************************************************\n // exactBPTInForTokensOut //\n // (per token) //\n // aO = tokenAmountOut / bptIn \\ //\n // b = tokenBalance a0 = b * | --------------------- | //\n // bptIn = bptAmountIn \\ bptTotalSupply / //\n // bpt = bptTotalSupply //\n **********************************************************************************************/\n\n // Since we're computing an amount out, we round down overall. This means rounding down on both the\n // multiplication and division.\n\n uint256 bptRatio = bptAmountIn.divDown(bptTotalSupply);\n\n uint256[] memory amountsOut = new uint256[](balances.length);\n for (uint256 i = 0; i < balances.length; i++) {\n amountsOut[i] = balances[i].mulDown(bptRatio);\n }\n\n return amountsOut;\n }\n\n // The amplification parameter equals: A n^(n-1)\n function _calcDueTokenProtocolSwapFeeAmount(\n uint256 amplificationParameter,\n uint256[] memory balances,\n uint256 lastInvariant,\n uint256 tokenIndex,\n uint256 protocolSwapFeePercentage\n ) internal pure returns (uint256) {\n /**************************************************************************************************************\n // oneTokenSwapFee - polynomial equation to solve //\n // af = fee amount to calculate in one token //\n // bf = balance of fee token //\n // f = bf - af (finalBalanceFeeToken) //\n // D = old invariant D D^(n+1) //\n // A = amplification coefficient f^2 + ( S - ---------- - D) * f - ------------- = 0 //\n // n = number of tokens (A * n^n) A * n^2n * P //\n // S = sum of final balances but f //\n // P = product of final balances but f //\n **************************************************************************************************************/\n\n // Protocol swap fee amount, so we round down overall.\n\n uint256 finalBalanceFeeToken = _getTokenBalanceGivenInvariantAndAllOtherBalances(\n amplificationParameter,\n balances,\n lastInvariant,\n tokenIndex\n );\n\n // Result is rounded down\n uint256 accumulatedTokenSwapFees = balances[tokenIndex] > finalBalanceFeeToken\n ? balances[tokenIndex].sub(finalBalanceFeeToken)\n : 0;\n return accumulatedTokenSwapFees.mulDown(protocolSwapFeePercentage).divDown(FixedPoint.ONE);\n }\n\n // Private functions\n\n // This function calculates the balance of a given token (tokenIndex)\n // given all the other balances and the invariant\n function _getTokenBalanceGivenInvariantAndAllOtherBalances(\n uint256 amplificationParameter,\n uint256[] memory balances,\n uint256 invariant,\n uint256 tokenIndex\n ) private pure returns (uint256) {\n // Rounds result up overall\n\n uint256 ampTimesTotal = Math.mul(amplificationParameter, balances.length);\n uint256 sum = balances[0];\n uint256 P_D = Math.mul(balances.length, balances[0]);\n for (uint256 j = 1; j < balances.length; j++) {\n P_D = Math.divDown(Math.mul(Math.mul(P_D, balances[j]), balances.length), invariant);\n sum = sum.add(balances[j]);\n }\n sum = sum.sub(balances[tokenIndex]);\n\n uint256 c = Math.divUp(Math.mul(invariant, invariant), ampTimesTotal);\n // We remove the balance fromm c by multiplying it\n c = c.mulUp(balances[tokenIndex]).divUp(P_D);\n\n uint256 b = sum.add(invariant.divDown(ampTimesTotal));\n\n // We iterate to find the balance\n uint256 prevTokenBalance = 0;\n // We multiply the first iteration outside the loop with the invariant to set the value of the\n // initial approximation.\n uint256 tokenBalance = invariant.mulUp(invariant).add(c).divUp(invariant.add(b));\n\n for (uint256 i = 0; i < 255; i++) {\n prevTokenBalance = tokenBalance;\n\n tokenBalance = tokenBalance.mulUp(tokenBalance).add(c).divUp(\n Math.mul(tokenBalance, 2).add(b).sub(invariant)\n );\n\n if (tokenBalance > prevTokenBalance) {\n if (tokenBalance.sub(prevTokenBalance) <= 1) {\n break;\n }\n } else if (prevTokenBalance.sub(tokenBalance) <= 1) {\n break;\n }\n }\n return tokenBalance;\n }\n}\n"
},
"src.sol/amm/pools/stable/StablePoolUserDataHelpers.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\n\nimport \"../../lib/openzeppelin/IERC20.sol\";\n\nimport \"./StablePool.sol\";\n\nlibrary StablePoolUserDataHelpers {\n function joinKind(bytes memory self) internal pure returns (StablePool.JoinKind) {\n return abi.decode(self, (StablePool.JoinKind));\n }\n\n function exitKind(bytes memory self) internal pure returns (StablePool.ExitKind) {\n return abi.decode(self, (StablePool.ExitKind));\n }\n\n function initialAmountsIn(bytes memory self) internal pure returns (uint256[] memory amountsIn) {\n (, amountsIn) = abi.decode(self, (StablePool.JoinKind, uint256[]));\n }\n\n function exactTokensInForBptOut(bytes memory self)\n internal\n pure\n returns (uint256[] memory amountsIn, uint256 minBPTAmountIn)\n {\n (, amountsIn, minBPTAmountIn) = abi.decode(self, (StablePool.JoinKind, uint256[], uint256));\n }\n\n function tokenInForExactBptOut(bytes memory self) internal pure returns (uint256 bptAmountOut, uint256 tokenIndex) {\n (, bptAmountOut, tokenIndex) = abi.decode(self, (StablePool.JoinKind, uint256, uint256));\n }\n\n function exactBptInForTokenOut(bytes memory self) internal pure returns (uint256 bptAmountIn, uint256 tokenIndex) {\n (, bptAmountIn, tokenIndex) = abi.decode(self, (StablePool.ExitKind, uint256, uint256));\n }\n\n function exactBptInForTokensOut(bytes memory self) internal pure returns (uint256 bptAmountIn) {\n (, bptAmountIn) = abi.decode(self, (StablePool.ExitKind, uint256));\n }\n\n function bptInForExactTokensOut(bytes memory self)\n internal\n pure\n returns (uint256[] memory amountsOut, uint256 maxBPTAmountIn)\n {\n (, amountsOut, maxBPTAmountIn) = abi.decode(self, (StablePool.ExitKind, uint256[], uint256));\n }\n}\n"
},
"src.sol/amm/StableSwap.sol": {
"content": "// Wrapper StableMath\npragma solidity ^0.7.0;\n\nimport \"./lib/math/FixedPoint.sol\";\n\nimport \"./pools/stable/StablePoolUserDataHelpers.sol\";\nimport \"./pools/stable/StableMath.sol\";\n\ncontract StableSwap is StableMath {\n using FixedPoint for uint256;\n using StablePoolUserDataHelpers for bytes;\n address immutable owner;\n uint256 public amplificationParameter;\n\n constructor(uint256 _amplificationParameter) {\n owner = msg.sender;\n _require(_amplificationParameter >= _MIN_AMP, Errors.MIN_AMP);\n _require(_amplificationParameter <= _MAX_AMP, Errors.MAX_AMP);\n\n amplificationParameter = _amplificationParameter;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner, \"Only owner can call this function.\");\n _;\n }\n\n function updateAmplificationParameter(uint256 _amplificationParameter)\n public\n onlyOwner\n {\n amplificationParameter = _amplificationParameter;\n }\n\n function getAmplificationParameter() external view returns (uint256) {\n return amplificationParameter;\n }\n\n // Swap\n\n function onSwapGivenIn(\n uint256 amount,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) external view virtual returns (uint256) {\n uint256 amountOut =\n StableMath._calcOutGivenIn(\n amplificationParameter,\n balances,\n indexIn,\n indexOut,\n amount\n );\n\n return amountOut;\n }\n\n function onSwapGivenOut(\n uint256 amount,\n uint256[] memory balances,\n uint256 indexIn,\n uint256 indexOut\n ) external view virtual returns (uint256) {\n uint256 amountIn =\n StableMath._calcInGivenOut(\n amplificationParameter,\n balances,\n indexIn,\n indexOut,\n amount\n );\n\n return amountIn;\n }\n}\n"
},
"src.sol/amm/lib/helpers/BalancerHelpers.sol": {
"content": "// SPDX-License-Identifier: GPL-3.0-or-later\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see .\n\npragma solidity ^0.7.0;\npragma experimental ABIEncoderV2;\n\nimport \"../math/Math.sol\";\nimport \"../math/FixedPoint.sol\";\n\nimport \"./InputHelpers.sol\";\nimport \"./AssetHelpers.sol\";\nimport \"./BalancerErrors.sol\";\n\nimport \"../../pools/BasePool.sol\";\nimport \"../../vault/ProtocolFeesCollector.sol\";\nimport \"../../vault/interfaces/IWETH.sol\";\nimport \"../../vault/interfaces/IVault.sol\";\nimport \"../../vault/balances/BalanceAllocation.sol\";\n\n/**\n * @dev This contract simply builds on top of the Balancer V2 architecture to provide useful helpers to users.\n * It connects different functionalities of the protocol components to allow accessing information that would\n * have required a more cumbersome setup if we wanted to provide these already built-in.\n */\ncontract BalancerHelpers is AssetHelpers {\n using Math for uint256;\n using BalanceAllocation for bytes32;\n using BalanceAllocation for bytes32[];\n\n IVault public immutable vault;\n\n constructor(IVault _vault) AssetHelpers(_vault.WETH()) {\n vault = _vault;\n }\n\n function queryJoin(\n bytes32 poolId,\n address sender,\n address recipient,\n IVault.JoinPoolRequest memory request\n ) external returns (uint256 bptOut, uint256[] memory amountsIn) {\n (address pool, ) = vault.getPool(poolId);\n (uint256[] memory balances, uint256 lastChangeBlock) = _validateAssetsAndGetBalances(poolId, request.assets);\n ProtocolFeesCollector feesCollector = vault.getProtocolFeesCollector();\n\n (bptOut, amountsIn) = BasePool(pool).queryJoin(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n feesCollector.getSwapFeePercentage(),\n request.userData\n );\n }\n\n function queryExit(\n bytes32 poolId,\n address sender,\n address recipient,\n IVault.ExitPoolRequest memory request\n ) external returns (uint256 bptIn, uint256[] memory amountsOut) {\n (address pool, ) = vault.getPool(poolId);\n (uint256[] memory balances, uint256 lastChangeBlock) = _validateAssetsAndGetBalances(poolId, request.assets);\n ProtocolFeesCollector feesCollector = vault.getProtocolFeesCollector();\n\n (bptIn, amountsOut) = BasePool(pool).queryExit(\n poolId,\n sender,\n recipient,\n balances,\n lastChangeBlock,\n feesCollector.getSwapFeePercentage(),\n request.userData\n );\n }\n\n function _validateAssetsAndGetBalances(bytes32 poolId, IAsset[] memory expectedAssets)\n internal\n view\n returns (uint256[] memory balances, uint256 lastChangeBlock)\n {\n IERC20[] memory actualTokens;\n IERC20[] memory expectedTokens = _translateToIERC20(expectedAssets);\n\n (actualTokens, balances, lastChangeBlock) = vault.getPoolTokens(poolId);\n InputHelpers.ensureInputLengthMatch(actualTokens.length, expectedTokens.length);\n\n for (uint256 i = 0; i < actualTokens.length; ++i) {\n IERC20 token = actualTokens[i];\n _require(token == expectedTokens[i], Errors.TOKENS_MISMATCH);\n }\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/ERC20Burnable.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"./ERC20.sol\";\n\n/**\n * @dev Extension of {ERC20} that allows token holders to destroy both their own\n * tokens and those that they have an allowance for, in a way that can be\n * recognized off-chain (via event analysis).\n */\nabstract contract ERC20Burnable is ERC20 {\n using SafeMath for uint256;\n\n /**\n * @dev Destroys `amount` tokens from the caller.\n *\n * See {ERC20-_burn}.\n */\n function burn(uint256 amount) public virtual {\n _burn(msg.sender, amount);\n }\n\n /**\n * @dev Destroys `amount` tokens from `account`, deducting from the caller's\n * allowance.\n *\n * See {ERC20-_burn} and {ERC20-allowance}.\n *\n * Requirements:\n *\n * - the caller must have allowance for ``accounts``'s tokens of at least\n * `amount`.\n */\n function burnFrom(address account, uint256 amount) public virtual {\n uint256 decreasedAllowance = allowance(account, msg.sender).sub(amount, Errors.ERC20_BURN_EXCEEDS_ALLOWANCE);\n\n _approve(account, msg.sender, decreasedAllowance);\n _burn(account, amount);\n }\n}\n"
},
"src.sol/amm/lib/openzeppelin/Create2.sol": {
"content": "// SPDX-License-Identifier: MIT\n\npragma solidity ^0.7.0;\n\nimport \"../helpers/BalancerErrors.sol\";\n\n/**\n * @dev Helper to make usage of the `CREATE2` EVM opcode easier and safer.\n * `CREATE2` can be used to compute in advance the address where a smart\n * contract will be deployed, which allows for interesting new mechanisms known\n * as 'counterfactual interactions'.\n *\n * See the https://eips.ethereum.org/EIPS/eip-1014#motivation[EIP] for more\n * information.\n */\nlibrary Create2 {\n /**\n * @dev Deploys a contract using `CREATE2`. The address where the contract\n * will be deployed can be known in advance via {computeAddress}.\n *\n * The bytecode for a contract can be obtained from Solidity with\n * `type(contractName).creationCode`.\n *\n * Requirements:\n *\n * - `bytecode` must not be empty.\n * - `salt` must have not been used for `bytecode` already.\n * - the factory must have a balance of at least `amount`.\n * - if `amount` is non-zero, `bytecode` must have a `payable` constructor.\n */\n function deploy(uint256 amount, bytes32 salt, bytes memory bytecode) internal returns (address) {\n address addr;\n require(address(this).balance >= amount, 'CREATE2_INSUFFICIENT_BALANCE');\n require(bytecode.length != 0, 'CREATE2_BYTECODE_ZERO');\n // solhint-disable-next-line no-inline-assembly\n assembly {\n addr := create2(amount, add(bytecode, 0x20), mload(bytecode), salt)\n }\n require(addr != address(0), 'CREATE2_DEPLOY_FAILED');\n return addr;\n }\n\n /**\n * @dev Returns the address where a contract will be stored if deployed via {deploy}. Any change in the\n * `bytecodeHash` or `salt` will result in a new destination address.\n */\n function computeAddress(bytes32 salt, bytes32 bytecodeHash) internal view returns (address) {\n return computeAddress(salt, bytecodeHash, address(this));\n }\n\n /**\n * @dev Returns the address where a contract will be stored if deployed via {deploy} from a contract located at\n * `deployer`. If `deployer` is this contract's address, returns the same value as {computeAddress}.\n */\n function computeAddress(bytes32 salt, bytes32 bytecodeHash, address deployer) internal pure returns (address) {\n bytes32 _data = keccak256(\n abi.encodePacked(bytes1(0xff), deployer, salt, bytecodeHash)\n );\n return address(uint256(_data));\n }\n}\n"
}
},
"settings": {
"optimizer": {
"enabled": true,
"runs": 200
},
"outputSelection": {
"*": {
"*": [
"abi",
"evm.bytecode",
"evm.deployedBytecode",
"evm.methodIdentifiers",
"metadata",
"devdoc",
"userdoc",
"storageLayout",
"evm.gasEstimates"
],
"": [
"ast"
]
}
},
"metadata": {
"useLiteralContent": true
}
}
}