forked from runtimeverification/verified-smart-contracts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
WarmWallet.inlined.sol
510 lines (394 loc) · 13.3 KB
/
WarmWallet.inlined.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
pragma solidity ^0.4.18;
/// auth.sol -- widely-used access control pattern for Ethereum
contract DSAuthority {
function canCall(
address src, address dst, bytes4 sig
) constant returns (bool);
}
contract DSAuthEvents {
event LogSetAuthority (address indexed authority);
event LogSetOwner (address indexed owner);
}
contract DSAuth is DSAuthEvents {
DSAuthority public authority;
address public owner;
function DSAuth() {
owner = msg.sender;
LogSetOwner(msg.sender);
}
function setOwner(address owner_)
auth
{
owner = owner_;
LogSetOwner(owner);
}
function setAuthority(DSAuthority authority_)
auth
{
authority = authority_;
LogSetAuthority(authority);
}
modifier auth {
assert(isAuthorized(msg.sender, msg.sig));
_;
}
function isAuthorized(address src, bytes4 sig) internal returns (bool) {
if (src == address(this)) {
return true;
} else if (src == owner) {
return true;
} else if (authority == DSAuthority(0)) {
return false;
} else {
return authority.canCall(src, this, sig);
}
}
}
/// note.sol -- the `note' modifier, for logging calls as events
contract DSNote {
event LogNote(
bytes4 indexed sig,
address indexed guy,
bytes32 indexed foo,
bytes32 indexed bar,
uint wad,
bytes fax
) anonymous;
modifier note {
bytes32 foo;
bytes32 bar;
assembly {
foo := calldataload(4)
bar := calldataload(36)
}
LogNote(msg.sig, msg.sender, foo, bar, msg.value, msg.data);
_;
}
}
/// stop.sol -- mixin for enable/disable functionality
contract DSStop is DSNote, DSAuth {
bool public stopped;
modifier stoppable {
assert (!stopped);
_;
}
function stop() auth note {
stopped = true;
}
function start() auth note {
stopped = false;
}
}
// Token standard API
// https://github.com/ethereum/EIPs/issues/20
contract ERC20 {
function totalSupply() constant returns (uint supply);
function balanceOf( address who ) constant returns (uint value);
function allowance( address owner, address spender ) constant returns (uint _allowance);
function transfer( address to, uint value) returns (bool ok);
function transferFrom( address from, address to, uint value) returns (bool ok);
function approve( address spender, uint value ) returns (bool ok);
event Transfer( address indexed from, address indexed to, uint value);
event Approval( address indexed owner, address indexed spender, uint value);
}
/// math.sol -- mixin for inline numerical wizardry
contract DSMath {
/*
standard uint256 functions
*/
function add(uint256 x, uint256 y) constant internal returns (uint256 z) {
assert((z = x + y) >= x);
}
function sub(uint256 x, uint256 y) constant internal returns (uint256 z) {
assert((z = x - y) <= x);
}
function mul(uint256 x, uint256 y) constant internal returns (uint256 z) {
z = x * y;
assert(x == 0 || z / x == y);
}
function div(uint256 x, uint256 y) constant internal returns (uint256 z) {
z = x / y;
}
function min(uint256 x, uint256 y) constant internal returns (uint256 z) {
return x <= y ? x : y;
}
function max(uint256 x, uint256 y) constant internal returns (uint256 z) {
return x >= y ? x : y;
}
/*
uint128 functions (h is for half)
*/
function hadd(uint128 x, uint128 y) constant internal returns (uint128 z) {
assert((z = x + y) >= x);
}
function hsub(uint128 x, uint128 y) constant internal returns (uint128 z) {
assert((z = x - y) <= x);
}
function hmul(uint128 x, uint128 y) constant internal returns (uint128 z) {
z = x * y;
assert(x == 0 || z / x == y);
}
function hdiv(uint128 x, uint128 y) constant internal returns (uint128 z) {
z = x / y;
}
function hmin(uint128 x, uint128 y) constant internal returns (uint128 z) {
return x <= y ? x : y;
}
function hmax(uint128 x, uint128 y) constant internal returns (uint128 z) {
return x >= y ? x : y;
}
/*
int256 functions
*/
function imin(int256 x, int256 y) constant internal returns (int256 z) {
return x <= y ? x : y;
}
function imax(int256 x, int256 y) constant internal returns (int256 z) {
return x >= y ? x : y;
}
/*
WAD math
*/
uint128 constant WAD = 10 ** 18;
function wadd(uint128 x, uint128 y) constant internal returns (uint128) {
return hadd(x, y);
}
function wsub(uint128 x, uint128 y) constant internal returns (uint128) {
return hsub(x, y);
}
function wmul(uint128 x, uint128 y) constant internal returns (uint128 z) {
z = cast((uint256(x) * y + WAD / 2) / WAD);
}
function wdiv(uint128 x, uint128 y) constant internal returns (uint128 z) {
z = cast((uint256(x) * WAD + y / 2) / y);
}
function wmin(uint128 x, uint128 y) constant internal returns (uint128) {
return hmin(x, y);
}
function wmax(uint128 x, uint128 y) constant internal returns (uint128) {
return hmax(x, y);
}
/*
RAY math
*/
uint128 constant RAY = 10 ** 27;
function radd(uint128 x, uint128 y) constant internal returns (uint128) {
return hadd(x, y);
}
function rsub(uint128 x, uint128 y) constant internal returns (uint128) {
return hsub(x, y);
}
function rmul(uint128 x, uint128 y) constant internal returns (uint128 z) {
z = cast((uint256(x) * y + RAY / 2) / RAY);
}
function rdiv(uint128 x, uint128 y) constant internal returns (uint128 z) {
z = cast((uint256(x) * RAY + y / 2) / y);
}
function rpow(uint128 x, uint64 n) constant internal returns (uint128 z) {
// This famous algorithm is called "exponentiation by squaring"
// and calculates x^n with x as fixed-point and n as regular unsigned.
//
// It's O(log n), instead of O(n) for naive repeated multiplication.
//
// These facts are why it works:
//
// If n is even, then x^n = (x^2)^(n/2).
// If n is odd, then x^n = x * x^(n-1),
// and applying the equation for even x gives
// x^n = x * (x^2)^((n-1) / 2).
//
// Also, EVM division is flooring and
// floor[(n-1) / 2] = floor[n / 2].
z = n % 2 != 0 ? x : RAY;
for (n /= 2; n != 0; n /= 2) {
x = rmul(x, x);
if (n % 2 != 0) {
z = rmul(z, x);
}
}
}
function rmin(uint128 x, uint128 y) constant internal returns (uint128) {
return hmin(x, y);
}
function rmax(uint128 x, uint128 y) constant internal returns (uint128) {
return hmax(x, y);
}
function cast(uint256 x) constant internal returns (uint128 z) {
assert((z = uint128(x)) == x);
}
}
/// base.sol -- basic ERC20 implementation
contract DSTokenBase is ERC20, DSMath {
uint256 _supply;
mapping (address => uint256) _balances;
mapping (address => mapping (address => uint256)) _approvals;
function DSTokenBase(uint256 supply) {
_balances[msg.sender] = supply;
_supply = supply;
}
function totalSupply() constant returns (uint256) {
return _supply;
}
function balanceOf(address src) constant returns (uint256) {
return _balances[src];
}
function allowance(address src, address guy) constant returns (uint256) {
return _approvals[src][guy];
}
function transfer(address dst, uint wad) returns (bool) {
assert(_balances[msg.sender] >= wad);
_balances[msg.sender] = sub(_balances[msg.sender], wad);
_balances[dst] = add(_balances[dst], wad);
Transfer(msg.sender, dst, wad);
return true;
}
function transferFrom(address src, address dst, uint wad) returns (bool) {
assert(_balances[src] >= wad);
assert(_approvals[src][msg.sender] >= wad);
_approvals[src][msg.sender] = sub(_approvals[src][msg.sender], wad);
_balances[src] = sub(_balances[src], wad);
_balances[dst] = add(_balances[dst], wad);
Transfer(src, dst, wad);
return true;
}
function approve(address guy, uint256 wad) returns (bool) {
_approvals[msg.sender][guy] = wad;
Approval(msg.sender, guy, wad);
return true;
}
}
/// token.sol -- ERC20 implementation with minting and burning
contract DSToken is DSTokenBase(0), DSStop {
bytes32 public symbol;
uint256 public decimals = 18; // standard token precision. override to customize
function DSToken(bytes32 symbol_) {
symbol = symbol_;
}
function transfer(address dst, uint wad) stoppable note returns (bool) {
return super.transfer(dst, wad);
}
function transferFrom(
address src, address dst, uint wad
) stoppable note returns (bool) {
return super.transferFrom(src, dst, wad);
}
function approve(address guy, uint wad) stoppable note returns (bool) {
return super.approve(guy, wad);
}
function push(address dst, uint128 wad) returns (bool) {
return transfer(dst, wad);
}
function pull(address src, uint128 wad) returns (bool) {
return transferFrom(src, msg.sender, wad);
}
function mint(uint128 wad) auth stoppable note {
_balances[msg.sender] = add(_balances[msg.sender], wad);
_supply = add(_supply, wad);
}
function burn(uint128 wad) auth stoppable note {
_balances[msg.sender] = sub(_balances[msg.sender], wad);
_supply = sub(_supply, wad);
}
// Optional token name
bytes32 public name = "";
function setName(bytes32 name_) auth {
name = name_;
}
}
contract WarmWalletEvents {
event LogSetWithdrawer (address indexed withdrawer);
event LogSetWithdrawLimit (address indexed sender, uint value);
event LogSetOwner(address indexed _owner);
}
contract WarmWallet is WarmWalletEvents{
DSToken public key;
address public hotWallet;
address public coldWallet;
//@note
address public withdrawer;
uint public withdrawLimit;
uint256 public lastWithdrawTime;
address public owner;
bool public paused;
modifier onlyWithdrawer {
require(msg.sender == withdrawer);
_;
}
modifier onlyOwner {
require(msg.sender == owner);
_;
}
modifier notPaused {
require(!paused);
_;
}
// overrideable for easy testing
function time() public constant returns (uint) {
return now;
}
function WarmWallet(DSToken _key, address _hot, address _cold, address _withdrawer, uint _limit) public {
require(_key != address(0) );
require(_hot != address(0) );
require(_cold != address(0) );
require(_withdrawer != address(0) );
require(_limit > 0);
require(_key != _hot);
require(_key != _cold);
require(_key != _withdrawer);
key = _key;
hotWallet = _hot;
coldWallet = _cold;
withdrawer = _withdrawer;
withdrawLimit = _limit;
lastWithdrawTime = 0;
owner = msg.sender;
paused = false;
}
function forwardToHotWallet(uint _amount) public notPaused onlyWithdrawer {
require(_amount > 0);
uint _time = time();
require(_time > (lastWithdrawTime + 24 hours));
uint amount = _amount;
if (amount > withdrawLimit) {
amount = withdrawLimit;
}
lastWithdrawTime = _time;
key.transfer(hotWallet, amount);
}
function restoreToColdWallet(uint _amount) public onlyWithdrawer {
require(_amount > 0);
key.transfer(coldWallet, _amount);
}
function setWithdrawer(address _withdrawer) public onlyOwner {
require(_withdrawer != address(0) );
withdrawer = _withdrawer;
LogSetWithdrawer(_withdrawer);
}
function setOwner(address _owner) public onlyOwner {
owner = _owner;
LogSetOwner(_owner);
}
function setWithdrawLimit(uint _limit) public onlyOwner {
require(_limit > 0);
withdrawLimit = _limit;
LogSetWithdrawLimit(msg.sender, _limit);
}
function pauseStart() public onlyOwner {
paused = true;
}
function pauseEnd() public onlyOwner {
paused = false;
}
// @notice This method can be used by the controller to extract mistakenly
// sent tokens to this contract.
// @param dst The address that will be receiving the tokens
// @param wad The amount of tokens to transfer
// @param _token The address of the token contract that you want to recover
function transferTokens(address dst, uint wad, address _token) public onlyWithdrawer {
require(_token != address(key));
if (wad > 0) {
ERC20 token = ERC20(_token);
token.transfer(dst, wad);
}
}
}