文件 1 的 1:ShadowStaking.sol
pragma solidity ^0.6.12;
library SafeMath {
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return div(a, b, "SafeMath: division by zero");
}
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b > 0, errorMessage);
uint256 c = a / b;
return c;
}
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b != 0, errorMessage);
return a % b;
}
}
abstract contract Context {
function _msgSender() internal view virtual returns (address payable) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes memory) {
this;
return msg.data;
}
}
contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
constructor () internal {
address msgSender = _msgSender();
_owner = msgSender;
emit OwnershipTransferred(address(0), msgSender);
}
function owner() public view returns (address) {
return _owner;
}
modifier onlyOwner() {
require(_owner == _msgSender(), "Ownable: caller is not the owner");
_;
}
function renounceOwnership() public virtual onlyOwner {
emit OwnershipTransferred(_owner, address(0));
_owner = address(0);
}
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
emit OwnershipTransferred(_owner, newOwner);
_owner = newOwner;
}
}
library Address {
function isContract(address account) internal view returns (bool) {
bytes32 codehash;
bytes32 accountHash = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470;
assembly { codehash := extcodehash(account) }
return (codehash != accountHash && codehash != 0x0);
}
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{ value: amount }("");
require(success, "Address: unable to send value, recipient may have reverted");
}
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {
return _functionCallWithValue(target, data, 0, errorMessage);
}
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
return _functionCallWithValue(target, data, value, errorMessage);
}
function _functionCallWithValue(address target, bytes memory data, uint256 weiValue, string memory errorMessage) private returns (bytes memory) {
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{ value: weiValue }(data);
if (success) {
return returndata;
} else {
if (returndata.length > 0) {
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
contract SolRsaVerify {
function memcpy(uint _dest, uint _src, uint _len) pure internal {
for ( ;_len >= 32; _len -= 32) {
assembly {
mstore(_dest, mload(_src))
}
_dest += 32;
_src += 32;
}
uint mask = 256 ** (32 - _len) - 1;
assembly {
let srcpart := and(mload(_src), not(mask))
let destpart := and(mload(_dest), mask)
mstore(_dest, or(destpart, srcpart))
}
}
function join(
bytes memory _s, bytes memory _e, bytes memory _m
) pure internal returns (bytes memory) {
uint inputLen = 0x60+_s.length+_e.length+_m.length;
uint slen = _s.length;
uint elen = _e.length;
uint mlen = _m.length;
uint sptr;
uint eptr;
uint mptr;
uint inputPtr;
bytes memory input = new bytes(inputLen);
assembly {
sptr := add(_s,0x20)
eptr := add(_e,0x20)
mptr := add(_m,0x20)
mstore(add(input,0x20),slen)
mstore(add(input,0x40),elen)
mstore(add(input,0x60),mlen)
inputPtr := add(input,0x20)
}
memcpy(inputPtr+0x60,sptr,_s.length);
memcpy(inputPtr+0x60+_s.length,eptr,_e.length);
memcpy(inputPtr+0x60+_s.length+_e.length,mptr,_m.length);
return input;
}
function pkcs1Sha256Verify(
bytes32 _sha256,
bytes memory _s, bytes memory _e, bytes memory _m
) public view returns (uint) {
uint8[19] memory sha256Prefix = [
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
];
require(_m.length >= sha256Prefix.length+_sha256.length+11);
uint i;
bytes memory input = join(_s,_e,_m);
uint inputlen = input.length;
uint decipherlen = _m.length;
bytes memory decipher = new bytes(decipherlen);
assembly {
pop(staticcall(sub(gas(), 2000), 5, add(input,0x20), inputlen, add(decipher,0x20), decipherlen))
}
uint paddingLen = decipherlen - 3 - sha256Prefix.length - 32;
if (decipher[0] != 0 || uint8(decipher[1]) != 1) {
return 1;
}
for (i = 2;i<2+paddingLen;i++) {
if (decipher[i] != 0xff) {
return 2;
}
}
if (decipher[2+paddingLen] != 0) {
return 3;
}
for (i = 0;i<sha256Prefix.length;i++) {
if (uint8(decipher[3+paddingLen+i])!=sha256Prefix[i]) {
return 4;
}
}
for (i = 0;i<_sha256.length;i++) {
if (decipher[3+paddingLen+sha256Prefix.length+i]!=_sha256[i]) {
return 5;
}
}
return 0;
}
function pkcs1Sha256VerifyRaw(
bytes memory _data,
bytes memory _s, bytes memory _e, bytes memory _m
) public view returns (uint) {
return pkcs1Sha256Verify(sha256(_data),_s,_e,_m);
}
}
interface IERC20 {
function totalSupply() external view returns (uint256);
function balanceOf(address account) external view returns (uint256);
function transfer(address recipient, uint256 amount) external returns (bool);
function allowance(address owner, address spender) external view returns (uint256);
function approve(address spender, uint256 amount) external returns (bool);
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
event Approval(address indexed owner, address indexed spender, uint256 value);
}
library SafeERC20 {
using SafeMath for uint256;
using Address for address;
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
function safeApprove(IERC20 token, address spender, uint256 value) internal {
require((value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 newAllowance = token.allowance(address(this), spender).add(value);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function _callOptionalReturn(IERC20 token, bytes memory data) private {
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
if (returndata.length > 0) {
require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
}
}
interface IMilk2Token {
function mint(address _to, uint256 _amount) external returns (bool);
function burn(address _to, uint256 _amount) external returns (bool);
}
contract MultiplierMath {
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
function getInterval(uint256 a, uint256 b) internal pure returns(uint256) {
return a > b ? a - b : 0;
}
}
contract ShadowStaking is Ownable, SolRsaVerify, MultiplierMath {
using SafeMath for uint256;
using SafeERC20 for IERC20;
struct UserInfo {
uint256 rewardDebt;
uint256 lastBlock;
}
struct PoolInfo {
IERC20 lpToken;
uint256 allocPointAmount;
uint256 blockCreation;
}
struct KeyInfo{
bytes keyModule;
bytes exponent;
bool keyStatus;
}
IMilk2Token public milk;
mapping (address => UserInfo) private userInfo;
address[] internal users;
PoolInfo[] private poolInfo;
KeyInfo[] private keyInfo;
uint256 private totalPoints;
uint256[5] internal epochs;
uint256[5] internal multipliers;
event Harvest(address sender, uint256 amount, uint256 blockNumber);
event AddNewPool(address token, uint256 pid);
event PoolUpdate(uint256 poolPid, uint256 previusPoints, uint256 newPoints);
event AddNewKey(bytes keyHash, uint256 id);
constructor(IMilk2Token _milk, uint256[5] memory _epochs, uint256[5] memory _multipliers) public {
milk = _milk;
epochs = _epochs;
multipliers = _multipliers;
}
function addNewPool(IERC20 _lpToken, uint256 _newPoints) public onlyOwner {
totalPoints = totalPoints.add(_newPoints);
poolInfo.push(PoolInfo({lpToken: _lpToken, allocPointAmount: _newPoints, blockCreation:block.number}));
emit AddNewPool(address(_lpToken), _newPoints);
}
function setPoll(uint256 _poolPid, uint256 _newPoints) public onlyOwner {
PoolInfo memory _poolInfo = poolInfo[_poolPid];
uint256 _previousPoints = poolInfo[_poolPid].allocPointAmount;
_poolInfo.allocPointAmount = _newPoints;
totalPoints = totalPoints.sub(poolInfo[_poolPid].allocPointAmount).add(_newPoints);
emit PoolUpdate(_poolPid, _previousPoints, _newPoints);
}
function getPool(uint256 _poolPid) public view returns(address _lpToken, uint256 _block, uint256 _weight) {
PoolInfo memory _poolInfo = poolInfo[_poolPid];
_lpToken = address(_poolInfo.lpToken);
_block = _poolInfo.blockCreation;
_weight = _poolInfo.allocPointAmount;
}
function getPoolsCount() public view returns(uint256) {
return poolInfo.length;
}
function getRewards(address _user) public view returns(uint256) {
return userInfo[_user].rewardDebt;
}
function getLastBlock(address _user) public view returns(uint256) {
return userInfo[_user].lastBlock;
}
function getTotalPoints() public view returns(uint256) {
return totalPoints;
}
function withdraw( uint256 _keyId,
uint256 _amount,
uint256 _lastBlockNumber,
uint256 _currentBlockNumber,
bytes memory _sign) public {
require(_keyId < keyInfo.length, "This key is not exist");
require(keyInfo[_keyId].keyStatus, "This key is disable");
require(_currentBlockNumber < block.number, "currentBlockNumber cannot be larger than the last block");
require(pkcs1Sha256Verify(getData(_amount, _lastBlockNumber, _currentBlockNumber, msg.sender), _sign, keyInfo[_keyId].exponent, keyInfo[_keyId].keyModule) == 0, "Incorrect data");
require(userInfo[msg.sender].lastBlock == _lastBlockNumber, "lastBlockNumber must be equal to the value in the storage");
userInfo[msg.sender].rewardDebt = userInfo[msg.sender].rewardDebt.add(_amount);
userInfo[msg.sender].lastBlock = _currentBlockNumber;
if (_amount > 0) {
milk.mint(msg.sender, _amount);
}
emit Harvest(msg.sender, _amount, _currentBlockNumber);
}
function registration() public {
require(userInfo[msg.sender].lastBlock == 0, "User already exist");
UserInfo storage _userInfo = userInfo[msg.sender];
_userInfo.rewardDebt = 0;
_userInfo.lastBlock = block.number;
users.push(msg.sender);
}
function getData(uint256 _amount,
uint256 _lastBlockNumber,
uint256 _currentBlockNumber,
address _sender) public pure returns(bytes32) {
return sha256(abi.encode(_amount, _lastBlockNumber, _currentBlockNumber, _sender));
}
function addNewKey(bytes memory _newModule, bytes memory _keyExponent) public onlyOwner returns(uint256) {
keyInfo.push(KeyInfo({keyModule: _newModule, exponent: _keyExponent, keyStatus: true}));
emit AddNewKey(_newModule, keyInfo.length - 1);
return keyInfo.length - 1;
}
function enableKey(uint256 _keyId) public onlyOwner {
require(!keyInfo[_keyId].keyStatus, "This key already enable");
keyInfo[_keyId].keyStatus = true;
}
function disableKey(uint256 _keyId) public onlyOwner {
require(keyInfo[_keyId].keyStatus, "This key already disable");
keyInfo[_keyId].keyStatus = false;
}
function getKeyInfo(uint256 _keyId) public view returns(bytes memory _key, bytes memory _exponent, bool _status) {
_key = keyInfo[_keyId].keyModule;
_exponent = keyInfo[_keyId].exponent;
_status = keyInfo[_keyId].keyStatus;
}
function getKeyCount() public view returns(uint256) {
return keyInfo.length;
}
function getUsersCount() public view returns(uint256) {
return users.length;
}
function getUser(uint256 _userId) public view returns(address) {
return users[_userId];
}
function getTotalRewards(address _user) public view returns(uint256) {
return userInfo[_user].rewardDebt;
}
function getValueMultiplier(uint256 _id) public view returns(uint256) {
return multipliers[_id];
}
function getValueEpoch(uint256 _id) public view returns(uint256) {
return epochs[_id];
}
function getMultiplier(uint256 f, uint256 t) public view returns(uint256) {
return getInterval(min(t, epochs[1]), max(f, epochs[0])) * multipliers[0] +
getInterval(min(t, epochs[2]), max(f, epochs[1])) * multipliers[1] +
getInterval(min(t, epochs[3]), max(f, epochs[2])) * multipliers[2] +
getInterval(min(t, epochs[4]), max(f, epochs[3])) * multipliers[3] +
getInterval(max(t, epochs[4]), max(f, epochs[4])) * multipliers[4];
}
function getCurrentMultiplier() public view returns(uint256) {
if (block.number < epochs[0]) {
return 0;
}
if (block.number < epochs[1]) {
return multipliers[0];
}
if (block.number < epochs[2]) {
return multipliers[1];
}
if (block.number < epochs[3]) {
return multipliers[2];
}
if (block.number < epochs[4]) {
return multipliers[3];
}
if (block.number > epochs[4]) {
return multipliers[4];
}
}
}
