Address Contract Partially Verified
Address
0x414CbB5c7cf637b7030965B5ee84504C64C10c29
Balance
0 ETH
Nonce
1
Code Size
3336 bytes
Creator
0x000755Fb...ff62 at tx 0xb4c554ed...8d087c
Indexed Transactions
0
Contract Bytecode
3336 bytes
0x608060405234801561001057600080fd5b50600436106100a95760003560e01c80638d1fdf2f116100715780638d1fdf2f1461013f5780638da5cb5b14610152578063de1be3c21461017d578063e211158614610190578063e786818e146101b0578063f2fde38b146101c357600080fd5b806312d18ed6146100ae5780631a7ae0b6146100c35780631c1b8772146100d657806320ce64de14610109578063562beba81461011c575b600080fd5b6100c16100bc3660046109e7565b6101d6565b005b6100c16100d1366004610a5f565b6103a3565b6100f66100e4366004610acb565b60026020526000908152604090205481565b6040519081526020015b60405180910390f35b6100c1610117366004610aed565b61046a565b61012f61012a366004610b40565b610543565b6040519015158152602001610100565b6100c161014d366004610acb565b6105ac565b600054610165906001600160a01b031681565b6040516001600160a01b039091168152602001610100565b6100c161018b366004610b6a565b610680565b6100f661019e366004610acb565b60016020526000908152604090205481565b6100c16101be366004610b40565b6106e8565b6100c16101d1366004610acb565b6107ea565b6001600160a01b038616600090815260016020526040812054900361022b5760405162461bcd60e51b8152602060048201526006602482015265333937bd32b760d11b60448201526064015b60405180910390fd5b6102358686610543565b1561027a5760405162461bcd60e51b8152602060048201526015602482015274223937b81030b63932b0b23c9031b630b4b6b2b21760591b6044820152606401610222565b604080516020808201889052606087901b6bffffffffffffffffffffffff191682840152605480830187905283518084039091018152607490920183528151918101919091206001600160a01b03891660009081526001909252919020546102e690849084908461085f565b6103235760405162461bcd60e51b815260206004820152600e60248201526d24b73b30b634b210383937b7b31760911b6044820152606401610222565b61032d8787610899565b6103416001600160a01b03881686866108fe565b6001600160a01b038781166000818152600260209081526040918290205482518b815291820189905293891692917f4766921f5c59646d22d7d266a29164c8e9623684d8dfdbd931731dfdca025238910160405180910390a450505050505050565b6000546001600160a01b031633146103cd5760405162461bcd60e51b815260040161022290610bac565b8281146104065760405162461bcd60e51b815260206004820152600760248201526604298cadccee8d60cb1b6044820152606401610222565b8260005b818110156104625761045a86868381811061042757610427610bd2565b905060200201602081019061043c9190610acb565b85858481811061044e5761044e610bd2565b905060200201356106e8565b60010161040a565b505050505050565b60005b8181101561053d5761052d83838381811061048a5761048a610bd2565b905060200281019061049c9190610be8565b6104aa906020810190610acb565b8484848181106104bc576104bc610bd2565b90506020028101906104ce9190610be8565b60200135868686868181106104e5576104e5610bd2565b90506020028101906104f79190610be8565b6040013587878781811061050d5761050d610bd2565b905060200281019061051f9190610be8565b6100bc906060810190610c08565b61053681610c68565b905061046d565b50505050565b60008061055261010084610c97565b9050600061056261010085610cab565b6001600160a01b03861660009081526003602090815260408083206002835281842054845282528083209583529490529290922054600190921b9182169091149150505b92915050565b6000546001600160a01b031633146105d65760405162461bcd60e51b815260040161022290610bac565b6001600160a01b038116600090815260016020526040812054900361062e5760405162461bcd60e51b815260206004820152600e60248201526d20b63932b0b23c90333937bd32b760911b6044820152606401610222565b6001600160a01b038116600081815260016020908152604080832083905560029091528082205490519092917f68e0d8c112165d0949ce87205b719ed7d98c7401866c34a159f7c67c6f5620e791a350565b6000546001600160a01b031633146106aa5760405162461bcd60e51b815260040161022290610bac565b8060005b8181101561053d576106e08484838181106106cb576106cb610bd2565b905060200201602081019061014d9190610acb565b6001016106ae565b6000546001600160a01b031633146107125760405162461bcd60e51b815260040161022290610bac565b6001600160a01b038216600090815260016020526040902054156107655760405162461bcd60e51b815260206004820152600a6024820152692737ba10333937bd32b760b11b6044820152606401610222565b6001600160a01b038216600090815260026020526040812080546001929061078e908490610cbf565b90915550506001600160a01b038216600081815260016020908152604080832085905560029091528082205490519092849290917fbdc375de8a677af383c6ee6f8b2027dbd231c3c47453ce81d1ce8f1bcdb722dc9190a45050565b6000546001600160a01b031633146108145760405162461bcd60e51b815260040161022290610bac565b600080546001600160a01b0319166001600160a01b0383169081178255604051909133917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a350565b60008315610891578360051b8501855b803580851160051b9485526020948518526040600020930181811061086f5750505b501492915050565b60006108a761010083610c97565b905060006108b761010084610cab565b6001600160a01b03949094166000908152600360209081526040808320600283528184205484528252808320948352939052919091208054600190941b9093179092555050565b600060405163a9059cbb60e01b81526001600160a01b0384166004820152826024820152602060006044836000895af13d15601f3d116001600051141617169150508061053d5760405162461bcd60e51b815260206004820152600f60248201526e1514905394d1915497d19052531151608a1b6044820152606401610222565b80356001600160a01b038116811461099657600080fd5b919050565b60008083601f8401126109ad57600080fd5b50813567ffffffffffffffff8111156109c557600080fd5b6020830191508360208260051b85010111156109e057600080fd5b9250929050565b60008060008060008060a08789031215610a0057600080fd5b610a098761097f565b955060208701359450610a1e6040880161097f565b935060608701359250608087013567ffffffffffffffff811115610a4157600080fd5b610a4d89828a0161099b565b979a9699509497509295939492505050565b60008060008060408587031215610a7557600080fd5b843567ffffffffffffffff80821115610a8d57600080fd5b610a998883890161099b565b90965094506020870135915080821115610ab257600080fd5b50610abf8782880161099b565b95989497509550505050565b600060208284031215610add57600080fd5b610ae68261097f565b9392505050565b600080600060408486031215610b0257600080fd5b610b0b8461097f565b9250602084013567ffffffffffffffff811115610b2757600080fd5b610b338682870161099b565b9497909650939450505050565b60008060408385031215610b5357600080fd5b610b5c8361097f565b946020939093013593505050565b60008060208385031215610b7d57600080fd5b823567ffffffffffffffff811115610b9457600080fd5b610ba08582860161099b565b90969095509350505050565b6020808252600c908201526b15539055551213d49256915160a21b604082015260600190565b634e487b7160e01b600052603260045260246000fd5b60008235607e19833603018112610bfe57600080fd5b9190910192915050565b6000808335601e19843603018112610c1f57600080fd5b83018035915067ffffffffffffffff821115610c3a57600080fd5b6020019150600581901b36038213156109e057600080fd5b634e487b7160e01b600052601160045260246000fd5b600060018201610c7a57610c7a610c52565b5060010190565b634e487b7160e01b600052601260045260246000fd5b600082610ca657610ca6610c81565b500490565b600082610cba57610cba610c81565b500690565b808201808211156105a6576105a6610c5256fea264697066735822122006eb1757ae857aeef1e90507e4d77b2652562d12ee7c58433f94e80f1241176a64736f6c63430008140033
Verified Source Code Partial Match
Compiler: v0.8.20+commit.a1b79de6
EVM: paris
Optimization: Yes (200 runs)
Merkle.sol 777 lines
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/// @notice Simple single owner authorization mixin.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/auth/Owned.sol)
abstract contract Owned {
/*//////////////////////////////////////////////////////////////
EVENTS
//////////////////////////////////////////////////////////////*/
event OwnershipTransferred(address indexed user, address indexed newOwner);
/*//////////////////////////////////////////////////////////////
OWNERSHIP STORAGE
//////////////////////////////////////////////////////////////*/
address public owner;
modifier onlyOwner() virtual {
require(msg.sender == owner, "UNAUTHORIZED");
_;
}
/*//////////////////////////////////////////////////////////////
CONSTRUCTOR
//////////////////////////////////////////////////////////////*/
constructor(address _owner) {
owner = _owner;
emit OwnershipTransferred(address(0), _owner);
}
/*//////////////////////////////////////////////////////////////
OWNERSHIP LOGIC
//////////////////////////////////////////////////////////////*/
function transferOwnership(address newOwner) public virtual onlyOwner {
owner = newOwner;
emit OwnershipTransferred(msg.sender, newOwner);
}
}
/// @notice Modern and gas efficient ERC20 + EIP-2612 implementation.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC20.sol)
/// @author Modified from Uniswap (https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/UniswapV2ERC20.sol)
/// @dev Do not manually set balances without updating totalSupply, as the sum of all user balances must not exceed it.
abstract contract ERC20 {
/*//////////////////////////////////////////////////////////////
EVENTS
//////////////////////////////////////////////////////////////*/
event Transfer(address indexed from, address indexed to, uint256 amount);
event Approval(address indexed owner, address indexed spender, uint256 amount);
/*//////////////////////////////////////////////////////////////
METADATA STORAGE
//////////////////////////////////////////////////////////////*/
string public name;
string public symbol;
uint8 public immutable decimals;
/*//////////////////////////////////////////////////////////////
ERC20 STORAGE
//////////////////////////////////////////////////////////////*/
uint256 public totalSupply;
mapping(address => uint256) public balanceOf;
mapping(address => mapping(address => uint256)) public allowance;
/*//////////////////////////////////////////////////////////////
EIP-2612 STORAGE
//////////////////////////////////////////////////////////////*/
uint256 internal immutable INITIAL_CHAIN_ID;
bytes32 internal immutable INITIAL_DOMAIN_SEPARATOR;
mapping(address => uint256) public nonces;
/*//////////////////////////////////////////////////////////////
CONSTRUCTOR
//////////////////////////////////////////////////////////////*/
constructor(
string memory _name,
string memory _symbol,
uint8 _decimals
) {
name = _name;
symbol = _symbol;
decimals = _decimals;
INITIAL_CHAIN_ID = block.chainid;
INITIAL_DOMAIN_SEPARATOR = computeDomainSeparator();
}
/*//////////////////////////////////////////////////////////////
ERC20 LOGIC
//////////////////////////////////////////////////////////////*/
function approve(address spender, uint256 amount) public virtual returns (bool) {
allowance[msg.sender][spender] = amount;
emit Approval(msg.sender, spender, amount);
return true;
}
function transfer(address to, uint256 amount) public virtual returns (bool) {
balanceOf[msg.sender] -= amount;
// Cannot overflow because the sum of all user
// balances can't exceed the max uint256 value.
unchecked {
balanceOf[to] += amount;
}
emit Transfer(msg.sender, to, amount);
return true;
}
function transferFrom(
address from,
address to,
uint256 amount
) public virtual returns (bool) {
uint256 allowed = allowance[from][msg.sender]; // Saves gas for limited approvals.
if (allowed != type(uint256).max) allowance[from][msg.sender] = allowed - amount;
balanceOf[from] -= amount;
// Cannot overflow because the sum of all user
// balances can't exceed the max uint256 value.
unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
return true;
}
/*//////////////////////////////////////////////////////////////
EIP-2612 LOGIC
//////////////////////////////////////////////////////////////*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual {
require(deadline >= block.timestamp, "PERMIT_DEADLINE_EXPIRED");
// Unchecked because the only math done is incrementing
// the owner's nonce which cannot realistically overflow.
unchecked {
address recoveredAddress = ecrecover(
keccak256(
abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR(),
keccak256(
abi.encode(
keccak256(
"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
),
owner,
spender,
value,
nonces[owner]++,
deadline
)
)
)
),
v,
r,
s
);
require(recoveredAddress != address(0) && recoveredAddress == owner, "INVALID_SIGNER");
allowance[recoveredAddress][spender] = value;
}
emit Approval(owner, spender, value);
}
function DOMAIN_SEPARATOR() public view virtual returns (bytes32) {
return block.chainid == INITIAL_CHAIN_ID ? INITIAL_DOMAIN_SEPARATOR : computeDomainSeparator();
}
function computeDomainSeparator() internal view virtual returns (bytes32) {
return
keccak256(
abi.encode(
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
keccak256(bytes(name)),
keccak256("1"),
block.chainid,
address(this)
)
);
}
/*//////////////////////////////////////////////////////////////
INTERNAL MINT/BURN LOGIC
//////////////////////////////////////////////////////////////*/
function _mint(address to, uint256 amount) internal virtual {
totalSupply += amount;
// Cannot overflow because the sum of all user
// balances can't exceed the max uint256 value.
unchecked {
balanceOf[to] += amount;
}
emit Transfer(address(0), to, amount);
}
function _burn(address from, uint256 amount) internal virtual {
balanceOf[from] -= amount;
// Cannot underflow because a user's balance
// will never be larger than the total supply.
unchecked {
totalSupply -= amount;
}
emit Transfer(from, address(0), amount);
}
}
/// @notice Safe ETH and ERC20 transfer library that gracefully handles missing return values.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol)
/// @dev Use with caution! Some functions in this library knowingly create dirty bits at the destination of the free memory pointer.
/// @dev Note that none of the functions in this library check that a token has code at all! That responsibility is delegated to the caller.
library SafeTransferLib {
/*//////////////////////////////////////////////////////////////
ETH OPERATIONS
//////////////////////////////////////////////////////////////*/
function safeTransferETH(address to, uint256 amount) internal {
bool success;
/// @solidity memory-safe-assembly
assembly {
// Transfer the ETH and store if it succeeded or not.
success := call(gas(), to, amount, 0, 0, 0, 0)
}
require(success, "ETH_TRANSFER_FAILED");
}
/*//////////////////////////////////////////////////////////////
ERC20 OPERATIONS
//////////////////////////////////////////////////////////////*/
function safeTransferFrom(
ERC20 token,
address from,
address to,
uint256 amount
) internal {
bool success;
/// @solidity memory-safe-assembly
assembly {
// Get a pointer to some free memory.
let freeMemoryPointer := mload(0x40)
// Write the abi-encoded calldata into memory, beginning with the function selector.
mstore(freeMemoryPointer, 0x23b872dd00000000000000000000000000000000000000000000000000000000)
mstore(add(freeMemoryPointer, 4), and(from, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "from" argument.
mstore(add(freeMemoryPointer, 36), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "to" argument.
mstore(add(freeMemoryPointer, 68), amount) // Append the "amount" argument. Masking not required as it's a full 32 byte type.
success := and(
// Set success to whether the call reverted, if not we check it either
// returned exactly 1 (can't just be non-zero data), or had no return data.
or(and(eq(mload(0), 1), gt(returndatasize(), 31)), iszero(returndatasize())),
// We use 100 because the length of our calldata totals up like so: 4 + 32 * 3.
// We use 0 and 32 to copy up to 32 bytes of return data into the scratch space.
// Counterintuitively, this call must be positioned second to the or() call in the
// surrounding and() call or else returndatasize() will be zero during the computation.
call(gas(), token, 0, freeMemoryPointer, 100, 0, 32)
)
}
require(success, "TRANSFER_FROM_FAILED");
}
function safeTransfer(
ERC20 token,
address to,
uint256 amount
) internal {
bool success;
/// @solidity memory-safe-assembly
assembly {
// Get a pointer to some free memory.
let freeMemoryPointer := mload(0x40)
// Write the abi-encoded calldata into memory, beginning with the function selector.
mstore(freeMemoryPointer, 0xa9059cbb00000000000000000000000000000000000000000000000000000000)
mstore(add(freeMemoryPointer, 4), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "to" argument.
mstore(add(freeMemoryPointer, 36), amount) // Append the "amount" argument. Masking not required as it's a full 32 byte type.
success := and(
// Set success to whether the call reverted, if not we check it either
// returned exactly 1 (can't just be non-zero data), or had no return data.
or(and(eq(mload(0), 1), gt(returndatasize(), 31)), iszero(returndatasize())),
// We use 68 because the length of our calldata totals up like so: 4 + 32 * 2.
// We use 0 and 32 to copy up to 32 bytes of return data into the scratch space.
// Counterintuitively, this call must be positioned second to the or() call in the
// surrounding and() call or else returndatasize() will be zero during the computation.
call(gas(), token, 0, freeMemoryPointer, 68, 0, 32)
)
}
require(success, "TRANSFER_FAILED");
}
function safeApprove(
ERC20 token,
address to,
uint256 amount
) internal {
bool success;
/// @solidity memory-safe-assembly
assembly {
// Get a pointer to some free memory.
let freeMemoryPointer := mload(0x40)
// Write the abi-encoded calldata into memory, beginning with the function selector.
mstore(freeMemoryPointer, 0x095ea7b300000000000000000000000000000000000000000000000000000000)
mstore(add(freeMemoryPointer, 4), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "to" argument.
mstore(add(freeMemoryPointer, 36), amount) // Append the "amount" argument. Masking not required as it's a full 32 byte type.
success := and(
// Set success to whether the call reverted, if not we check it either
// returned exactly 1 (can't just be non-zero data), or had no return data.
or(and(eq(mload(0), 1), gt(returndatasize(), 31)), iszero(returndatasize())),
// We use 68 because the length of our calldata totals up like so: 4 + 32 * 2.
// We use 0 and 32 to copy up to 32 bytes of return data into the scratch space.
// Counterintuitively, this call must be positioned second to the or() call in the
// surrounding and() call or else returndatasize() will be zero during the computation.
call(gas(), token, 0, freeMemoryPointer, 68, 0, 32)
)
}
require(success, "APPROVE_FAILED");
}
}
/// @notice Arithmetic library with operations for fixed-point numbers.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/FixedPointMathLib.sol)
/// @author Inspired by USM (https://github.com/usmfum/USM/blob/master/contracts/WadMath.sol)
library FixedPointMathLib {
/*//////////////////////////////////////////////////////////////
SIMPLIFIED FIXED POINT OPERATIONS
//////////////////////////////////////////////////////////////*/
uint256 internal constant MAX_UINT256 = 2**256 - 1;
uint256 internal constant WAD = 1e18; // The scalar of ETH and most ERC20s.
function mulWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down.
}
function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up.
}
function divWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down.
}
function divWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up.
}
/*//////////////////////////////////////////////////////////////
LOW LEVEL FIXED POINT OPERATIONS
//////////////////////////////////////////////////////////////*/
function mulDivDown(
uint256 x,
uint256 y,
uint256 denominator
) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
// Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y))
if iszero(mul(denominator, iszero(mul(y, gt(x, div(MAX_UINT256, y)))))) {
revert(0, 0)
}
// Divide x * y by the denominator.
z := div(mul(x, y), denominator)
}
}
function mulDivUp(
uint256 x,
uint256 y,
uint256 denominator
) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
// Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y))
if iszero(mul(denominator, iszero(mul(y, gt(x, div(MAX_UINT256, y)))))) {
revert(0, 0)
}
// If x * y modulo the denominator is strictly greater than 0,
// 1 is added to round up the division of x * y by the denominator.
z := add(gt(mod(mul(x, y), denominator), 0), div(mul(x, y), denominator))
}
}
function rpow(
uint256 x,
uint256 n,
uint256 scalar
) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
switch x
case 0 {
switch n
case 0 {
// 0 ** 0 = 1
z := scalar
}
default {
// 0 ** n = 0
z := 0
}
}
default {
switch mod(n, 2)
case 0 {
// If n is even, store scalar in z for now.
z := scalar
}
default {
// If n is odd, store x in z for now.
z := x
}
// Shifting right by 1 is like dividing by 2.
let half := shr(1, scalar)
for {
// Shift n right by 1 before looping to halve it.
n := shr(1, n)
} n {
// Shift n right by 1 each iteration to halve it.
n := shr(1, n)
} {
// Revert immediately if x ** 2 would overflow.
// Equivalent to iszero(eq(div(xx, x), x)) here.
if shr(128, x) {
revert(0, 0)
}
// Store x squared.
let xx := mul(x, x)
// Round to the nearest number.
let xxRound := add(xx, half)
// Revert if xx + half overflowed.
if lt(xxRound, xx) {
revert(0, 0)
}
// Set x to scaled xxRound.
x := div(xxRound, scalar)
// If n is even:
if mod(n, 2) {
// Compute z * x.
let zx := mul(z, x)
// If z * x overflowed:
if iszero(eq(div(zx, x), z)) {
// Revert if x is non-zero.
if iszero(iszero(x)) {
revert(0, 0)
}
}
// Round to the nearest number.
let zxRound := add(zx, half)
// Revert if zx + half overflowed.
if lt(zxRound, zx) {
revert(0, 0)
}
// Return properly scaled zxRound.
z := div(zxRound, scalar)
}
}
}
}
}
/*//////////////////////////////////////////////////////////////
GENERAL NUMBER UTILITIES
//////////////////////////////////////////////////////////////*/
function sqrt(uint256 x) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
let y := x // We start y at x, which will help us make our initial estimate.
z := 181 // The "correct" value is 1, but this saves a multiplication later.
// This segment is to get a reasonable initial estimate for the Babylonian method. With a bad
// start, the correct # of bits increases ~linearly each iteration instead of ~quadratically.
// We check y >= 2^(k + 8) but shift right by k bits
// each branch to ensure that if x >= 256, then y >= 256.
if iszero(lt(y, 0x10000000000000000000000000000000000)) {
y := shr(128, y)
z := shl(64, z)
}
if iszero(lt(y, 0x1000000000000000000)) {
y := shr(64, y)
z := shl(32, z)
}
if iszero(lt(y, 0x10000000000)) {
y := shr(32, y)
z := shl(16, z)
}
if iszero(lt(y, 0x1000000)) {
y := shr(16, y)
z := shl(8, z)
}
// Goal was to get z*z*y within a small factor of x. More iterations could
// get y in a tighter range. Currently, we will have y in [256, 256*2^16).
// We ensured y >= 256 so that the relative difference between y and y+1 is small.
// That's not possible if x < 256 but we can just verify those cases exhaustively.
// Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256.
// Correctness can be checked exhaustively for x < 256, so we assume y >= 256.
// Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps.
// For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range
// (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256.
// Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate
// sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18.
// There is no overflow risk here since y < 2^136 after the first branch above.
z := shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181.
// Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough.
z := shr(1, add(z, div(x, z)))
z := shr(1, add(z, div(x, z)))
z := shr(1, add(z, div(x, z)))
z := shr(1, add(z, div(x, z)))
z := shr(1, add(z, div(x, z)))
z := shr(1, add(z, div(x, z)))
z := shr(1, add(z, div(x, z)))
// If x+1 is a perfect square, the Babylonian method cycles between
// floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor.
// See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division
// Since the ceil is rare, we save gas on the assignment and repeat division in the rare case.
// If you don't care whether the floor or ceil square root is returned, you can remove this statement.
z := sub(z, lt(div(x, z), z))
}
}
function unsafeMod(uint256 x, uint256 y) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
// Mod x by y. Note this will return
// 0 instead of reverting if y is zero.
z := mod(x, y)
}
}
function unsafeDiv(uint256 x, uint256 y) internal pure returns (uint256 r) {
/// @solidity memory-safe-assembly
assembly {
// Divide x by y. Note this will return
// 0 instead of reverting if y is zero.
r := div(x, y)
}
}
function unsafeDivUp(uint256 x, uint256 y) internal pure returns (uint256 z) {
/// @solidity memory-safe-assembly
assembly {
// Add 1 to x * y if x % y > 0. Note this will
// return 0 instead of reverting if y is zero.
z := add(gt(mod(x, y), 0), div(x, y))
}
}
}
/// @notice Gas optimized merkle proof verification library.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/MerkleProofLib.sol)
/// @author Modified from Solady (https://github.com/Vectorized/solady/blob/main/src/utils/MerkleProofLib.sol)
library MerkleProofLib {
function verify(
bytes32[] calldata proof,
bytes32 root,
bytes32 leaf
) internal pure returns (bool isValid) {
/// @solidity memory-safe-assembly
assembly {
if proof.length {
// Left shifting by 5 is like multiplying by 32.
let end := add(proof.offset, shl(5, proof.length))
// Initialize offset to the offset of the proof in calldata.
let offset := proof.offset
// Iterate over proof elements to compute root hash.
// prettier-ignore
for {} 1 {} {
// Slot where the leaf should be put in scratch space. If
// leaf > calldataload(offset): slot 32, otherwise: slot 0.
let leafSlot := shl(5, gt(leaf, calldataload(offset)))
// Store elements to hash contiguously in scratch space.
// The xor puts calldataload(offset) in whichever slot leaf
// is not occupying, so 0 if leafSlot is 32, and 32 otherwise.
mstore(leafSlot, leaf)
mstore(xor(leafSlot, 32), calldataload(offset))
// Reuse leaf to store the hash to reduce stack operations.
leaf := keccak256(0, 64) // Hash both slots of scratch space.
offset := add(offset, 32) // Shift 1 word per cycle.
// prettier-ignore
if iszero(lt(offset, end)) { break }
}
}
isValid := eq(leaf, root) // The proof is valid if the roots match.
}
}
}
contract Merkle is Owned {
using FixedPointMathLib for uint256;
using SafeTransferLib for ERC20;
struct claimParam {
address token;
uint256 index;
uint256 amount;
bytes32[] merkleProof;
}
// environment variables for updateable merkle
mapping(address => bytes32) public merkleRoot;
mapping(address => uint256) public update;
// This is a packed array of booleans.
mapping(address => mapping(uint256 => mapping(uint256 => uint256))) private claimedBitMap;
constructor(address _owner) Owned(_owner){}
function isClaimed(address token, uint256 index) public view returns (bool) {
uint256 claimedWordIndex = index / 256;
uint256 claimedBitIndex = index % 256;
uint256 claimedWord = claimedBitMap[token][update[token]][claimedWordIndex];
uint256 mask = (1 << claimedBitIndex);
return claimedWord & mask == mask;
}
function _setClaimed(address token, uint256 index) private {
uint256 claimedWordIndex = index / 256;
uint256 claimedBitIndex = index % 256;
claimedBitMap[token][update[token]][claimedWordIndex] = claimedBitMap[token][update[token]][claimedWordIndex] | (1 << claimedBitIndex);
}
function claim(address token, uint256 index, address account, uint256 amount, bytes32[] calldata merkleProof) public {
require(merkleRoot[token] != 0, 'frozen');
require(!isClaimed(token, index), 'Drop already claimed.');
// Verify the merkle proof.
bytes32 node = keccak256(abi.encodePacked(index, account, amount));
require(MerkleProofLib.verify(merkleProof, merkleRoot[token], node), 'Invalid proof.');
_setClaimed(token, index);
ERC20(token).safeTransfer(account, amount);
emit Claimed(token, index, amount, account, update[token]);
}
function claimMulti(address account, claimParam[] calldata claims) external {
for(uint256 i=0;i<claims.length;++i) {
claim(claims[i].token, claims[i].index, account, claims[i].amount, claims[i].merkleProof);
}
}
// MULTI SIG FUNCTIONS //
function freeze(address token) public onlyOwner {
require(merkleRoot[token] != 0, "Already frozen");
// Set the new merkle root
merkleRoot[token] = 0;
emit Frozen(token, update[token]);
}
function multiFreeze(address[] calldata tokens) public onlyOwner {
uint256 length = tokens.length;
uint256 i = 0;
for(; i < length; ) {
freeze(tokens[i]);
unchecked {
++i;
}
}
}
function updateMerkleRoot(address token, bytes32 _merkleRoot) public onlyOwner {
require(merkleRoot[token] == 0, "Not frozen");
// Increment the update (simulates the clearing of the claimedBitMap)
update[token] += 1;
// Set the new merkle root
merkleRoot[token] = _merkleRoot;
emit MerkleRootUpdated(token, _merkleRoot, update[token]);
}
function multiUpdateMerkleRoot(address[] calldata tokens, bytes32[] calldata _merkleRoots) public onlyOwner {
require(tokens.length == _merkleRoots.length, "!Length");
uint256 length = tokens.length;
uint256 i = 0;
for(; i < length; ) {
updateMerkleRoot(tokens[i], _merkleRoots[i]);
unchecked {
++i;
}
}
}
// EVENTS //
event Claimed(address indexed token, uint256 index, uint256 amount, address indexed account, uint256 indexed update);
event MerkleRootUpdated(address indexed token, bytes32 indexed merkleRoot, uint256 indexed update);
event Frozen(address indexed token, uint256 indexed update);
}
Read Contract
isClaimed 0x562beba8 → bool
merkleRoot 0xe2111586 → bytes32
owner 0x8da5cb5b → address
update 0x1c1b8772 → uint256
Write Contract 7 functions
These functions modify contract state and require a wallet transaction to execute.
claim 0x12d18ed6
address token
uint256 index
address account
uint256 amount
bytes32[] merkleProof
claimMulti 0xa833da5a
address account
tuple[] claims
freeze 0x8d1fdf2f
address token
multiFreeze 0xde1be3c2
address[] tokens
multiUpdateMerkleRoot 0x1a7ae0b6
address[] tokens
bytes32[] _merkleRoots
transferOwnership 0xf2fde38b
address newOwner
updateMerkleRoot 0xe786818e
address token
bytes32 _merkleRoot
Token Balances (1)
View Transfers →Recent Transactions
No transactions found for this address