oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: move brother_node development artifact to dev/test-nodes subdirectory

Browse Source 
Development Artifact Cleanup:
 BROTHER_NODE REORGANIZATION: Moved development test node to appropriate location
- dev/test-nodes/brother_node/: Moved from root directory for better organization
- Contains development configuration, test logs, and test chain data
- No impact on production systems - purely development/testing artifact

 DEVELOPMENT ARTIFACTS IDENTIFIED:
- Chain ID: aitbc-brother-chain (test/development chain)
- Ports: 8010 (P2P) and 8011 (RPC) - different from production
- Environment: .env file with test configuration
- Logs: rpc.log and node.log from development testing session (March 15, 2026)

 ROOT DIRECTORY CLEANUP: Removed development clutter from production directory
- brother_node/ moved to dev/test-nodes/brother_node/
- Root directory now contains only production-ready components
- Development artifacts properly organized in dev/ subdirectory

DIRECTORY STRUCTURE IMPROVEMENT:
📁 dev/test-nodes/: Development and testing node configurations
🏗️ Root Directory: Clean production structure with only essential components
🧪 Development Isolation: Test environments separated from production

BENEFITS:
 Clean Production Directory: No development artifacts in root
 Better Organization: Development nodes grouped in dev/ subdirectory
 Clear Separation: Production vs development environments clearly distinguished
 Maintainability: Easier to identify and manage development components

RESULT: Successfully moved brother_node development artifact to dev/test-nodes/ subdirectory, cleaning up the root directory while preserving development testing environment for future use.
This commit is contained in:
aitbc
2026-03-30 17:09:06 +02:00
parent bf730dcb4a
commit 816e258d4c
11734 changed files with 2001707 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

818
dev/env/node_modules/@openzeppelin/contracts/governance/Governor.sol generated vendored Executable file
View File

@@ -0,0 +1,818 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/Governor.sol)
pragma solidity ^0.8.24;
import {IERC721Receiver} from "../token/ERC721/IERC721Receiver.sol";
import {IERC1155Receiver} from "../token/ERC1155/IERC1155Receiver.sol";
import {EIP712} from "../utils/cryptography/EIP712.sol";
import {SignatureChecker} from "../utils/cryptography/SignatureChecker.sol";
import {IERC165, ERC165} from "../utils/introspection/ERC165.sol";
import {SafeCast} from "../utils/math/SafeCast.sol";
import {DoubleEndedQueue} from "../utils/structs/DoubleEndedQueue.sol";
import {Address} from "../utils/Address.sol";
import {Context} from "../utils/Context.sol";
import {Nonces} from "../utils/Nonces.sol";
import {Strings} from "../utils/Strings.sol";
import {IGovernor, IERC6372} from "./IGovernor.sol";
/**
* @dev Core of the governance system, designed to be extended through various modules.
*
* This contract is abstract and requires several functions to be implemented in various modules:
*
* - A counting module must implement {_quorumReached}, {_voteSucceeded} and {_countVote}
* - A voting module must implement {_getVotes}
* - Additionally, {votingPeriod}, {votingDelay}, and {quorum} must also be implemented
*/
abstract contract Governor is Context, ERC165, EIP712, Nonces, IGovernor, IERC721Receiver, IERC1155Receiver {
using DoubleEndedQueue for DoubleEndedQueue.Bytes32Deque;
bytes32 public constant BALLOT_TYPEHASH =
keccak256("Ballot(uint256 proposalId,uint8 support,address voter,uint256 nonce)");
bytes32 public constant EXTENDED_BALLOT_TYPEHASH =
keccak256(
"ExtendedBallot(uint256 proposalId,uint8 support,address voter,uint256 nonce,string reason,bytes params)"
);
struct ProposalCore {
address proposer;
uint48 voteStart;
uint32 voteDuration;
bool executed;
bool canceled;
uint48 etaSeconds;
}
bytes32 private constant ALL_PROPOSAL_STATES_BITMAP = bytes32((2 ** (uint8(type(ProposalState).max) + 1)) - 1);
string private _name;
mapping(uint256 proposalId => ProposalCore) private _proposals;
// This queue keeps track of the governor operating on itself. Calls to functions protected by the {onlyGovernance}
// modifier needs to be whitelisted in this queue. Whitelisting is set in {execute}, consumed by the
// {onlyGovernance} modifier and eventually reset after {_executeOperations} completes. This ensures that the
// execution of {onlyGovernance} protected calls can only be achieved through successful proposals.
DoubleEndedQueue.Bytes32Deque private _governanceCall;
/**
* @dev Restricts a function so it can only be executed through governance proposals. For example, governance
* parameter setters in {GovernorSettings} are protected using this modifier.
*
* The governance executing address may be different from the Governor's own address, for example it could be a
* timelock. This can be customized by modules by overriding {_executor}. The executor is only able to invoke these
* functions during the execution of the governor's {execute} function, and not under any other circumstances. Thus,
* for example, additional timelock proposers are not able to change governance parameters without going through the
* governance protocol (since v4.6).
*/
modifier onlyGovernance() {
_checkGovernance();
_;
}
/**
* @dev Sets the value for {name} and {version}
*/
constructor(string memory name_) EIP712(name_, version()) {
_name = name_;
}
/**
* @dev Function to receive ETH that will be handled by the governor (disabled if executor is a third party contract)
*/
receive() external payable virtual {
if (_executor() != address(this)) {
revert GovernorDisabledDeposit();
}
}
/// @inheritdoc IERC165
function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC165) returns (bool) {
return
interfaceId == type(IGovernor).interfaceId ||
interfaceId == type(IGovernor).interfaceId ^ IGovernor.getProposalId.selector ||
interfaceId == type(IERC1155Receiver).interfaceId ||
super.supportsInterface(interfaceId);
}
/// @inheritdoc IGovernor
function name() public view virtual returns (string memory) {
return _name;
}
/// @inheritdoc IGovernor
function version() public view virtual returns (string memory) {
return "1";
}
/**
* @dev See {IGovernor-hashProposal}.
*
* The proposal id is produced by hashing the ABI encoded `targets` array, the `values` array, the `calldatas` array
* and the descriptionHash (bytes32 which itself is the keccak256 hash of the description string). This proposal id
* can be produced from the proposal data which is part of the {ProposalCreated} event. It can even be computed in
* advance, before the proposal is submitted.
*
* Note that the chainId and the governor address are not part of the proposal id computation. Consequently, the
* same proposal (with same operation and same description) will have the same id if submitted on multiple governors
* across multiple networks. This also means that in order to execute the same operation twice (on the same
* governor) the proposer will have to change the description in order to avoid proposal id conflicts.
*/
function hashProposal(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public pure virtual returns (uint256) {
return uint256(keccak256(abi.encode(targets, values, calldatas, descriptionHash)));
}
/// @inheritdoc IGovernor
function getProposalId(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public view virtual returns (uint256) {
return hashProposal(targets, values, calldatas, descriptionHash);
}
/// @inheritdoc IGovernor
function state(uint256 proposalId) public view virtual returns (ProposalState) {
// We read the struct fields into the stack at once so Solidity emits a single SLOAD
ProposalCore storage proposal = _proposals[proposalId];
bool proposalExecuted = proposal.executed;
bool proposalCanceled = proposal.canceled;
if (proposalExecuted) {
return ProposalState.Executed;
}
if (proposalCanceled) {
return ProposalState.Canceled;
}
uint256 snapshot = proposalSnapshot(proposalId);
if (snapshot == 0) {
revert GovernorNonexistentProposal(proposalId);
}
uint256 currentTimepoint = clock();
if (snapshot >= currentTimepoint) {
return ProposalState.Pending;
}
uint256 deadline = proposalDeadline(proposalId);
if (deadline >= currentTimepoint) {
return ProposalState.Active;
} else if (!_quorumReached(proposalId) || !_voteSucceeded(proposalId)) {
return ProposalState.Defeated;
} else if (proposalEta(proposalId) == 0) {
return ProposalState.Succeeded;
} else {
return ProposalState.Queued;
}
}
/// @inheritdoc IGovernor
function proposalThreshold() public view virtual returns (uint256) {
return 0;
}
/// @inheritdoc IGovernor
function proposalSnapshot(uint256 proposalId) public view virtual returns (uint256) {
return _proposals[proposalId].voteStart;
}
/// @inheritdoc IGovernor
function proposalDeadline(uint256 proposalId) public view virtual returns (uint256) {
return _proposals[proposalId].voteStart + _proposals[proposalId].voteDuration;
}
/// @inheritdoc IGovernor
function proposalProposer(uint256 proposalId) public view virtual returns (address) {
return _proposals[proposalId].proposer;
}
/// @inheritdoc IGovernor
function proposalEta(uint256 proposalId) public view virtual returns (uint256) {
return _proposals[proposalId].etaSeconds;
}
/// @inheritdoc IGovernor
function proposalNeedsQueuing(uint256) public view virtual returns (bool) {
return false;
}
/**
* @dev Reverts if the `msg.sender` is not the executor. In case the executor is not this contract
* itself, the function reverts if `msg.data` is not whitelisted as a result of an {execute}
* operation. See {onlyGovernance}.
*/
function _checkGovernance() internal virtual {
if (_executor() != _msgSender()) {
revert GovernorOnlyExecutor(_msgSender());
}
if (_executor() != address(this)) {
bytes32 msgDataHash = keccak256(_msgData());
// loop until popping the expected operation - throw if deque is empty (operation not authorized)
while (_governanceCall.popFront() != msgDataHash) {}
}
}
/**
* @dev Amount of votes already cast passes the threshold limit.
*/
function _quorumReached(uint256 proposalId) internal view virtual returns (bool);
/**
* @dev Is the proposal successful or not.
*/
function _voteSucceeded(uint256 proposalId) internal view virtual returns (bool);
/**
* @dev Get the voting weight of `account` at a specific `timepoint`, for a vote as described by `params`.
*/
function _getVotes(address account, uint256 timepoint, bytes memory params) internal view virtual returns (uint256);
/**
* @dev Register a vote for `proposalId` by `account` with a given `support`, voting `weight` and voting `params`.
*
* Note: Support is generic and can represent various things depending on the voting system used.
*/
function _countVote(
uint256 proposalId,
address account,
uint8 support,
uint256 totalWeight,
bytes memory params
) internal virtual returns (uint256);
/**
* @dev Hook that should be called every time the tally for a proposal is updated.
*
* Note: This function must run successfully. Reverts will result in the bricking of governance
*/
function _tallyUpdated(uint256 proposalId) internal virtual {}
/**
* @dev Default additional encoded parameters used by castVote methods that don't include them
*
* Note: Should be overridden by specific implementations to use an appropriate value, the
* meaning of the additional params, in the context of that implementation
*/
function _defaultParams() internal view virtual returns (bytes memory) {
return "";
}
/**
* @dev See {IGovernor-propose}. This function has opt-in frontrunning protection, described in {_isValidDescriptionForProposer}.
*/
function propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description
) public virtual returns (uint256) {
address proposer = _msgSender();
// check description restriction
if (!_isValidDescriptionForProposer(proposer, description)) {
revert GovernorRestrictedProposer(proposer);
}
// check proposal threshold
uint256 votesThreshold = proposalThreshold();
if (votesThreshold > 0) {
uint256 proposerVotes = getVotes(proposer, clock() - 1);
if (proposerVotes < votesThreshold) {
revert GovernorInsufficientProposerVotes(proposer, proposerVotes, votesThreshold);
}
}
return _propose(targets, values, calldatas, description, proposer);
}
/**
* @dev Internal propose mechanism. Can be overridden to add more logic on proposal creation.
*
* Emits a {IGovernor-ProposalCreated} event.
*/
function _propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description,
address proposer
) internal virtual returns (uint256 proposalId) {
proposalId = getProposalId(targets, values, calldatas, keccak256(bytes(description)));
if (targets.length != values.length || targets.length != calldatas.length || targets.length == 0) {
revert GovernorInvalidProposalLength(targets.length, calldatas.length, values.length);
}
if (_proposals[proposalId].voteStart != 0) {
revert GovernorUnexpectedProposalState(proposalId, state(proposalId), bytes32(0));
}
uint256 snapshot = clock() + votingDelay();
uint256 duration = votingPeriod();
ProposalCore storage proposal = _proposals[proposalId];
proposal.proposer = proposer;
proposal.voteStart = SafeCast.toUint48(snapshot);
proposal.voteDuration = SafeCast.toUint32(duration);
emit ProposalCreated(
proposalId,
proposer,
targets,
values,
new string[](targets.length),
calldatas,
snapshot,
snapshot + duration,
description
);
// Using a named return variable to avoid stack too deep errors
}
/// @inheritdoc IGovernor
function queue(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public virtual returns (uint256) {
uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
_validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Succeeded));
uint48 etaSeconds = _queueOperations(proposalId, targets, values, calldatas, descriptionHash);
if (etaSeconds != 0) {
_proposals[proposalId].etaSeconds = etaSeconds;
emit ProposalQueued(proposalId, etaSeconds);
} else {
revert GovernorQueueNotImplemented();
}
return proposalId;
}
/**
* @dev Internal queuing mechanism. Can be overridden (without a super call) to modify the way queuing is
* performed (for example adding a vault/timelock).
*
* This is empty by default, and must be overridden to implement queuing.
*
* This function returns a timestamp that describes the expected ETA for execution. If the returned value is 0
* (which is the default value), the core will consider queueing did not succeed, and the public {queue} function
* will revert.
*
* NOTE: Calling this function directly will NOT check the current state of the proposal, or emit the
* `ProposalQueued` event. Queuing a proposal should be done using {queue}.
*/
function _queueOperations(
uint256 /*proposalId*/,
address[] memory /*targets*/,
uint256[] memory /*values*/,
bytes[] memory /*calldatas*/,
bytes32 /*descriptionHash*/
) internal virtual returns (uint48) {
return 0;
}
/// @inheritdoc IGovernor
function execute(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public payable virtual returns (uint256) {
uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
_validateStateBitmap(
proposalId,
_encodeStateBitmap(ProposalState.Succeeded) | _encodeStateBitmap(ProposalState.Queued)
);
// mark as executed before calls to avoid reentrancy
_proposals[proposalId].executed = true;
// before execute: register governance call in queue.
if (_executor() != address(this)) {
for (uint256 i = 0; i < targets.length; ++i) {
if (targets[i] == address(this)) {
_governanceCall.pushBack(keccak256(calldatas[i]));
}
}
}
_executeOperations(proposalId, targets, values, calldatas, descriptionHash);
// after execute: cleanup governance call queue.
if (_executor() != address(this) && !_governanceCall.empty()) {
_governanceCall.clear();
}
emit ProposalExecuted(proposalId);
return proposalId;
}
/**
* @dev Internal execution mechanism. Can be overridden (without a super call) to modify the way execution is
* performed (for example adding a vault/timelock).
*
* NOTE: Calling this function directly will NOT check the current state of the proposal, set the executed flag to
* true or emit the `ProposalExecuted` event. Executing a proposal should be done using {execute}.
*/
function _executeOperations(
uint256 /* proposalId */,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 /*descriptionHash*/
) internal virtual {
for (uint256 i = 0; i < targets.length; ++i) {
(bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]);
Address.verifyCallResult(success, returndata);
}
}
/// @inheritdoc IGovernor
function cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public virtual returns (uint256) {
// The proposalId will be recomputed in the `_cancel` call further down. However we need the value before we
// do the internal call, because we need to check the proposal state BEFORE the internal `_cancel` call
// changes it. The `getProposalId` duplication has a cost that is limited, and that we accept.
uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
address caller = _msgSender();
if (!_validateCancel(proposalId, caller)) revert GovernorUnableToCancel(proposalId, caller);
return _cancel(targets, values, calldatas, descriptionHash);
}
/**
* @dev Internal cancel mechanism with minimal restrictions. A proposal can be cancelled in any state other than
* Canceled, Expired, or Executed. Once cancelled a proposal can't be re-submitted.
*
* Emits a {IGovernor-ProposalCanceled} event.
*/
function _cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) internal virtual returns (uint256) {
uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
_validateStateBitmap(
proposalId,
ALL_PROPOSAL_STATES_BITMAP ^
_encodeStateBitmap(ProposalState.Canceled) ^
_encodeStateBitmap(ProposalState.Expired) ^
_encodeStateBitmap(ProposalState.Executed)
);
_proposals[proposalId].canceled = true;
emit ProposalCanceled(proposalId);
return proposalId;
}
/// @inheritdoc IGovernor
function getVotes(address account, uint256 timepoint) public view virtual returns (uint256) {
return _getVotes(account, timepoint, _defaultParams());
}
/// @inheritdoc IGovernor
function getVotesWithParams(
address account,
uint256 timepoint,
bytes memory params
) public view virtual returns (uint256) {
return _getVotes(account, timepoint, params);
}
/// @inheritdoc IGovernor
function castVote(uint256 proposalId, uint8 support) public virtual returns (uint256) {
address voter = _msgSender();
return _castVote(proposalId, voter, support, "");
}
/// @inheritdoc IGovernor
function castVoteWithReason(
uint256 proposalId,
uint8 support,
string calldata reason
) public virtual returns (uint256) {
address voter = _msgSender();
return _castVote(proposalId, voter, support, reason);
}
/// @inheritdoc IGovernor
function castVoteWithReasonAndParams(
uint256 proposalId,
uint8 support,
string calldata reason,
bytes memory params
) public virtual returns (uint256) {
address voter = _msgSender();
return _castVote(proposalId, voter, support, reason, params);
}
/// @inheritdoc IGovernor
function castVoteBySig(
uint256 proposalId,
uint8 support,
address voter,
bytes memory signature
) public virtual returns (uint256) {
if (!_validateVoteSig(proposalId, support, voter, signature)) {
revert GovernorInvalidSignature(voter);
}
return _castVote(proposalId, voter, support, "");
}
/// @inheritdoc IGovernor
function castVoteWithReasonAndParamsBySig(
uint256 proposalId,
uint8 support,
address voter,
string calldata reason,
bytes memory params,
bytes memory signature
) public virtual returns (uint256) {
if (!_validateExtendedVoteSig(proposalId, support, voter, reason, params, signature)) {
revert GovernorInvalidSignature(voter);
}
return _castVote(proposalId, voter, support, reason, params);
}
/// @dev Validate the `signature` used in {castVoteBySig} function.
function _validateVoteSig(
uint256 proposalId,
uint8 support,
address voter,
bytes memory signature
) internal virtual returns (bool) {
return
SignatureChecker.isValidSignatureNow(
voter,
_hashTypedDataV4(keccak256(abi.encode(BALLOT_TYPEHASH, proposalId, support, voter, _useNonce(voter)))),
signature
);
}
/// @dev Validate the `signature` used in {castVoteWithReasonAndParamsBySig} function.
function _validateExtendedVoteSig(
uint256 proposalId,
uint8 support,
address voter,
string memory reason,
bytes memory params,
bytes memory signature
) internal virtual returns (bool) {
return
SignatureChecker.isValidSignatureNow(
voter,
_hashTypedDataV4(
keccak256(
abi.encode(
EXTENDED_BALLOT_TYPEHASH,
proposalId,
support,
voter,
_useNonce(voter),
keccak256(bytes(reason)),
keccak256(params)
)
)
),
signature
);
}
/**
* @dev Internal vote casting mechanism: Check that the vote is pending, that it has not been cast yet, retrieve
* voting weight using {IGovernor-getVotes} and call the {_countVote} internal function. Uses the _defaultParams().
*
* Emits a {IGovernor-VoteCast} event.
*/
function _castVote(
uint256 proposalId,
address account,
uint8 support,
string memory reason
) internal virtual returns (uint256) {
return _castVote(proposalId, account, support, reason, _defaultParams());
}
/**
* @dev Internal vote casting mechanism: Check that the vote is pending, that it has not been cast yet, retrieve
* voting weight using {IGovernor-getVotes} and call the {_countVote} internal function.
*
* Emits a {IGovernor-VoteCast} event.
*/
function _castVote(
uint256 proposalId,
address account,
uint8 support,
string memory reason,
bytes memory params
) internal virtual returns (uint256) {
_validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Active));
uint256 totalWeight = _getVotes(account, proposalSnapshot(proposalId), params);
uint256 votedWeight = _countVote(proposalId, account, support, totalWeight, params);
if (params.length == 0) {
emit VoteCast(account, proposalId, support, votedWeight, reason);
} else {
emit VoteCastWithParams(account, proposalId, support, votedWeight, reason, params);
}
_tallyUpdated(proposalId);
return votedWeight;
}
/**
* @dev Relays a transaction or function call to an arbitrary target. In cases where the governance executor
* is some contract other than the governor itself, like when using a timelock, this function can be invoked
* in a governance proposal to recover tokens or Ether that was sent to the governor contract by mistake.
* Note that if the executor is simply the governor itself, use of `relay` is redundant.
*/
function relay(address target, uint256 value, bytes calldata data) external payable virtual onlyGovernance {
(bool success, bytes memory returndata) = target.call{value: value}(data);
Address.verifyCallResult(success, returndata);
}
/**
* @dev Address through which the governor executes action. Will be overloaded by module that execute actions
* through another contract such as a timelock.
*/
function _executor() internal view virtual returns (address) {
return address(this);
}
/**
* @dev See {IERC721Receiver-onERC721Received}.
* Receiving tokens is disabled if the governance executor is other than the governor itself (eg. when using with a timelock).
*/
function onERC721Received(address, address, uint256, bytes memory) public virtual returns (bytes4) {
if (_executor() != address(this)) {
revert GovernorDisabledDeposit();
}
return this.onERC721Received.selector;
}
/**
* @dev See {IERC1155Receiver-onERC1155Received}.
* Receiving tokens is disabled if the governance executor is other than the governor itself (eg. when using with a timelock).
*/
function onERC1155Received(address, address, uint256, uint256, bytes memory) public virtual returns (bytes4) {
if (_executor() != address(this)) {
revert GovernorDisabledDeposit();
}
return this.onERC1155Received.selector;
}
/**
* @dev See {IERC1155Receiver-onERC1155BatchReceived}.
* Receiving tokens is disabled if the governance executor is other than the governor itself (eg. when using with a timelock).
*/
function onERC1155BatchReceived(
address,
address,
uint256[] memory,
uint256[] memory,
bytes memory
) public virtual returns (bytes4) {
if (_executor() != address(this)) {
revert GovernorDisabledDeposit();
}
return this.onERC1155BatchReceived.selector;
}
/**
* @dev Encodes a `ProposalState` into a `bytes32` representation where each bit enabled corresponds to
* the underlying position in the `ProposalState` enum. For example:
*
* 0x000...10000
* ^^^^^^------ ...
* ^----- Succeeded
* ^---- Defeated
* ^--- Canceled
* ^-- Active
* ^- Pending
*/
function _encodeStateBitmap(ProposalState proposalState) internal pure returns (bytes32) {
return bytes32(1 << uint8(proposalState));
}
/**
* @dev Check that the current state of a proposal matches the requirements described by the `allowedStates` bitmap.
* This bitmap should be built using `_encodeStateBitmap`.
*
* If requirements are not met, reverts with a {GovernorUnexpectedProposalState} error.
*/
function _validateStateBitmap(uint256 proposalId, bytes32 allowedStates) internal view returns (ProposalState) {
ProposalState currentState = state(proposalId);
if (_encodeStateBitmap(currentState) & allowedStates == bytes32(0)) {
revert GovernorUnexpectedProposalState(proposalId, currentState, allowedStates);
}
return currentState;
}
/*
* @dev Check if the proposer is authorized to submit a proposal with the given description.
*
* If the proposal description ends with `#proposer=0x???`, where `0x???` is an address written as a hex string
* (case insensitive), then the submission of this proposal will only be authorized to said address.
*
* This is used for frontrunning protection. By adding this pattern at the end of their proposal, one can ensure
* that no other address can submit the same proposal. An attacker would have to either remove or change that part,
* which would result in a different proposal id.
*
* If the description does not match this pattern, it is unrestricted and anyone can submit it. This includes:
* - If the `0x???` part is not a valid hex string.
* - If the `0x???` part is a valid hex string, but does not contain exactly 40 hex digits.
* - If it ends with the expected suffix followed by newlines or other whitespace.
* - If it ends with some other similar suffix, e.g. `#other=abc`.
* - If it does not end with any such suffix.
*/
function _isValidDescriptionForProposer(
address proposer,
string memory description
) internal view virtual returns (bool) {
unchecked {
uint256 length = bytes(description).length;
// Length is too short to contain a valid proposer suffix
if (length < 52) {
return true;
}
// Extract what would be the `#proposer=` marker beginning the suffix
bytes10 marker = bytes10(_unsafeReadBytesOffset(bytes(description), length - 52));
// If the marker is not found, there is no proposer suffix to check
if (marker != bytes10("#proposer=")) {
return true;
}
// Check that the last 42 characters (after the marker) are a properly formatted address.
(bool success, address recovered) = Strings.tryParseAddress(description, length - 42, length);
return !success || recovered == proposer;
}
}
/**
* @dev Check if the `caller` can cancel the proposal with the given `proposalId`.
*
* The default implementation allows the proposal proposer to cancel the proposal during the pending state.
*/
function _validateCancel(uint256 proposalId, address caller) internal view virtual returns (bool) {
return (state(proposalId) == ProposalState.Pending) && caller == proposalProposer(proposalId);
}
/// @inheritdoc IERC6372
function clock() public view virtual returns (uint48);
/// @inheritdoc IERC6372
// solhint-disable-next-line func-name-mixedcase
function CLOCK_MODE() public view virtual returns (string memory);
/// @inheritdoc IGovernor
function votingDelay() public view virtual returns (uint256);
/// @inheritdoc IGovernor
function votingPeriod() public view virtual returns (uint256);
/// @inheritdoc IGovernor
function quorum(uint256 timepoint) public view virtual returns (uint256);
/**
* @dev Reads a bytes32 from a bytes array without bounds checking.
*
* NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the
* assembly block as such would prevent some optimizations.
*/
function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {
// This is not memory safe in the general case, but all calls to this private function are within bounds.
assembly ("memory-safe") {
value := mload(add(add(buffer, 0x20), offset))
}
}
}

454
dev/env/node_modules/@openzeppelin/contracts/governance/IGovernor.sol generated vendored Executable file
View File

@@ -0,0 +1,454 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/IGovernor.sol)
pragma solidity >=0.8.4;
import {IERC165} from "../interfaces/IERC165.sol";
import {IERC6372} from "../interfaces/IERC6372.sol";
/**
* @dev Interface of the {Governor} core.
*
* NOTE: Event parameters lack the `indexed` keyword for compatibility with GovernorBravo events.
* Making event parameters `indexed` affects how events are decoded, potentially breaking existing indexers.
*/
interface IGovernor is IERC165, IERC6372 {
enum ProposalState {
Pending,
Active,
Canceled,
Defeated,
Succeeded,
Queued,
Expired,
Executed
}
/**
* @dev Empty proposal or a mismatch between the parameters length for a proposal call.
*/
error GovernorInvalidProposalLength(uint256 targets, uint256 calldatas, uint256 values);
/**
* @dev The vote was already cast.
*/
error GovernorAlreadyCastVote(address voter);
/**
* @dev Token deposits are disabled in this contract.
*/
error GovernorDisabledDeposit();
/**
* @dev The `account` is not the governance executor.
*/
error GovernorOnlyExecutor(address account);
/**
* @dev The `proposalId` doesn't exist.
*/
error GovernorNonexistentProposal(uint256 proposalId);
/**
* @dev The current state of a proposal is not the required for performing an operation.
* The `expectedStates` is a bitmap with the bits enabled for each ProposalState enum position
* counting from right to left.
*
* NOTE: If `expectedState` is `bytes32(0)`, the proposal is expected to not be in any state (i.e. not exist).
* This is the case when a proposal that is expected to be unset is already initiated (the proposal is duplicated).
*
* See {Governor-_encodeStateBitmap}.
*/
error GovernorUnexpectedProposalState(uint256 proposalId, ProposalState current, bytes32 expectedStates);
/**
* @dev The voting period set is not a valid period.
*/
error GovernorInvalidVotingPeriod(uint256 votingPeriod);
/**
* @dev The `proposer` does not have the required votes to create a proposal.
*/
error GovernorInsufficientProposerVotes(address proposer, uint256 votes, uint256 threshold);
/**
* @dev The `proposer` is not allowed to create a proposal.
*/
error GovernorRestrictedProposer(address proposer);
/**
* @dev The vote type used is not valid for the corresponding counting module.
*/
error GovernorInvalidVoteType();
/**
* @dev The provided params buffer is not supported by the counting module.
*/
error GovernorInvalidVoteParams();
/**
* @dev Queue operation is not implemented for this governor. Execute should be called directly.
*/
error GovernorQueueNotImplemented();
/**
* @dev The proposal hasn't been queued yet.
*/
error GovernorNotQueuedProposal(uint256 proposalId);
/**
* @dev The proposal has already been queued.
*/
error GovernorAlreadyQueuedProposal(uint256 proposalId);
/**
* @dev The provided signature is not valid for the expected `voter`.
* If the `voter` is a contract, the signature is not valid using {IERC1271-isValidSignature}.
*/
error GovernorInvalidSignature(address voter);
/**
* @dev The given `account` is unable to cancel the proposal with given `proposalId`.
*/
error GovernorUnableToCancel(uint256 proposalId, address account);
/**
* @dev Emitted when a proposal is created.
*/
event ProposalCreated(
uint256 proposalId,
address proposer,
address[] targets,
uint256[] values,
string[] signatures,
bytes[] calldatas,
uint256 voteStart,
uint256 voteEnd,
string description
);
/**
* @dev Emitted when a proposal is queued.
*/
event ProposalQueued(uint256 proposalId, uint256 etaSeconds);
/**
* @dev Emitted when a proposal is executed.
*/
event ProposalExecuted(uint256 proposalId);
/**
* @dev Emitted when a proposal is canceled.
*/
event ProposalCanceled(uint256 proposalId);
/**
* @dev Emitted when a vote is cast without params.
*
* Note: `support` values should be seen as buckets. Their interpretation depends on the voting module used.
*/
event VoteCast(address indexed voter, uint256 proposalId, uint8 support, uint256 weight, string reason);
/**
* @dev Emitted when a vote is cast with params.
*
* Note: `support` values should be seen as buckets. Their interpretation depends on the voting module used.
* `params` are additional encoded parameters. Their interpretation also depends on the voting module used.
*/
event VoteCastWithParams(
address indexed voter,
uint256 proposalId,
uint8 support,
uint256 weight,
string reason,
bytes params
);
/**
* @notice module:core
* @dev Name of the governor instance (used in building the EIP-712 domain separator).
*/
function name() external view returns (string memory);
/**
* @notice module:core
* @dev Version of the governor instance (used in building the EIP-712 domain separator). Default: "1"
*/
function version() external view returns (string memory);
/**
* @notice module:voting
* @dev A description of the possible `support` values for {castVote} and the way these votes are counted, meant to
* be consumed by UIs to show correct vote options and interpret the results. The string is a URL-encoded sequence of
* key-value pairs that each describe one aspect, for example `support=bravo&quorum=for,abstain`.
*
* There are 2 standard keys: `support` and `quorum`.
*
* - `support=bravo` refers to the vote options 0 = Against, 1 = For, 2 = Abstain, as in `GovernorBravo`.
* - `quorum=bravo` means that only For votes are counted towards quorum.
* - `quorum=for,abstain` means that both For and Abstain votes are counted towards quorum.
*
* If a counting module makes use of encoded `params`, it should include this under a `params` key with a unique
* name that describes the behavior. For example:
*
* - `params=fractional` might refer to a scheme where votes are divided fractionally between for/against/abstain.
* - `params=erc721` might refer to a scheme where specific NFTs are delegated to vote.
*
* NOTE: The string can be decoded by the standard
* https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams[`URLSearchParams`]
* JavaScript class.
*/
// solhint-disable-next-line func-name-mixedcase
function COUNTING_MODE() external view returns (string memory);
/**
* @notice module:core
* @dev Hashing function used to (re)build the proposal id from the proposal details.
*
* NOTE: For all off-chain and external calls, use {getProposalId}.
*/
function hashProposal(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) external pure returns (uint256);
/**
* @notice module:core
* @dev Function used to get the proposal id from the proposal details.
*/
function getProposalId(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) external view returns (uint256);
/**
* @notice module:core
* @dev Current state of a proposal, following Compound's convention
*/
function state(uint256 proposalId) external view returns (ProposalState);
/**
* @notice module:core
* @dev The number of votes required in order for a voter to become a proposer.
*/
function proposalThreshold() external view returns (uint256);
/**
* @notice module:core
* @dev Timepoint used to retrieve user's votes and quorum. If using block number (as per Compound's Comp), the
* snapshot is performed at the end of this block. Hence, voting for this proposal starts at the beginning of the
* following block.
*/
function proposalSnapshot(uint256 proposalId) external view returns (uint256);
/**
* @notice module:core
* @dev Timepoint at which votes close. If using block number, votes close at the end of this block, so it is
* possible to cast a vote during this block.
*/
function proposalDeadline(uint256 proposalId) external view returns (uint256);
/**
* @notice module:core
* @dev The account that created a proposal.
*/
function proposalProposer(uint256 proposalId) external view returns (address);
/**
* @notice module:core
* @dev The time when a queued proposal becomes executable ("ETA"). Unlike {proposalSnapshot} and
* {proposalDeadline}, this doesn't use the governor clock, and instead relies on the executor's clock which may be
* different. In most cases this will be a timestamp.
*/
function proposalEta(uint256 proposalId) external view returns (uint256);
/**
* @notice module:core
* @dev Whether a proposal needs to be queued before execution.
*/
function proposalNeedsQueuing(uint256 proposalId) external view returns (bool);
/**
* @notice module:user-config
* @dev Delay, between the proposal is created and the vote starts. The unit this duration is expressed in depends
* on the clock (see ERC-6372) this contract uses.
*
* This can be increased to leave time for users to buy voting power, or delegate it, before the voting of a
* proposal starts.
*
* NOTE: While this interface returns a uint256, timepoints are stored as uint48 following the ERC-6372 clock type.
* Consequently this value must fit in a uint48 (when added to the current clock). See {IERC6372-clock}.
*/
function votingDelay() external view returns (uint256);
/**
* @notice module:user-config
* @dev Delay between the vote start and vote end. The unit this duration is expressed in depends on the clock
* (see ERC-6372) this contract uses.
*
* NOTE: The {votingDelay} can delay the start of the vote. This must be considered when setting the voting
* duration compared to the voting delay.
*
* NOTE: This value is stored when the proposal is submitted so that possible changes to the value do not affect
* proposals that have already been submitted. The type used to save it is a uint32. Consequently, while this
* interface returns a uint256, the value it returns should fit in a uint32.
*/
function votingPeriod() external view returns (uint256);
/**
* @notice module:user-config
* @dev Minimum number of cast voted required for a proposal to be successful.
*
* NOTE: The `timepoint` parameter corresponds to the snapshot used for counting vote. This allows to scale the
* quorum depending on values such as the totalSupply of a token at this timepoint (see {ERC20Votes}).
*/
function quorum(uint256 timepoint) external view returns (uint256);
/**
* @notice module:reputation
* @dev Voting power of an `account` at a specific `timepoint`.
*
* Note: this can be implemented in a number of ways, for example by reading the delegated balance from one (or
* multiple), {ERC20Votes} tokens.
*/
function getVotes(address account, uint256 timepoint) external view returns (uint256);
/**
* @notice module:reputation
* @dev Voting power of an `account` at a specific `timepoint` given additional encoded parameters.
*/
function getVotesWithParams(
address account,
uint256 timepoint,
bytes memory params
) external view returns (uint256);
/**
* @notice module:voting
* @dev Returns whether `account` has cast a vote on `proposalId`.
*/
function hasVoted(uint256 proposalId, address account) external view returns (bool);
/**
* @dev Create a new proposal. Vote start after a delay specified by {IGovernor-votingDelay} and lasts for a
* duration specified by {IGovernor-votingPeriod}.
*
* Emits a {ProposalCreated} event.
*
* NOTE: The state of the Governor and `targets` may change between the proposal creation and its execution.
* This may be the result of third party actions on the targeted contracts, or other governor proposals.
* For example, the balance of this contract could be updated or its access control permissions may be modified,
* possibly compromising the proposal's ability to execute successfully (e.g. the governor doesn't have enough
* value to cover a proposal with multiple transfers).
*/
function propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description
) external returns (uint256 proposalId);
/**
* @dev Queue a proposal. Some governors require this step to be performed before execution can happen. If queuing
* is not necessary, this function may revert.
* Queuing a proposal requires the quorum to be reached, the vote to be successful, and the deadline to be reached.
*
* Emits a {ProposalQueued} event.
*/
function queue(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) external returns (uint256 proposalId);
/**
* @dev Execute a successful proposal. This requires the quorum to be reached, the vote to be successful, and the
* deadline to be reached. Depending on the governor it might also be required that the proposal was queued and
* that some delay passed.
*
* Emits a {ProposalExecuted} event.
*
* NOTE: Some modules can modify the requirements for execution, for example by adding an additional timelock.
*/
function execute(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) external payable returns (uint256 proposalId);
/**
* @dev Cancel a proposal. A proposal is cancellable by the proposer, but only while it is Pending state, i.e.
* before the vote starts.
*
* Emits a {ProposalCanceled} event.
*/
function cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) external returns (uint256 proposalId);
/**
* @dev Cast a vote
*
* Emits a {VoteCast} event.
*/
function castVote(uint256 proposalId, uint8 support) external returns (uint256 balance);
/**
* @dev Cast a vote with a reason
*
* Emits a {VoteCast} event.
*/
function castVoteWithReason(
uint256 proposalId,
uint8 support,
string calldata reason
) external returns (uint256 balance);
/**
* @dev Cast a vote with a reason and additional encoded parameters
*
* Emits a {VoteCast} or {VoteCastWithParams} event depending on the length of params.
*/
function castVoteWithReasonAndParams(
uint256 proposalId,
uint8 support,
string calldata reason,
bytes memory params
) external returns (uint256 balance);
/**
* @dev Cast a vote using the voter's signature, including ERC-1271 signature support.
*
* Emits a {VoteCast} event.
*/
function castVoteBySig(
uint256 proposalId,
uint8 support,
address voter,
bytes memory signature
) external returns (uint256 balance);
/**
* @dev Cast a vote with a reason and additional encoded parameters using the voter's signature,
* including ERC-1271 signature support.
*
* Emits a {VoteCast} or {VoteCastWithParams} event depending on the length of params.
*/
function castVoteWithReasonAndParamsBySig(
uint256 proposalId,
uint8 support,
address voter,
string calldata reason,
bytes memory params,
bytes memory signature
) external returns (uint256 balance);
}

471
dev/env/node_modules/@openzeppelin/contracts/governance/TimelockController.sol generated vendored Executable file
View File

@@ -0,0 +1,471 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/TimelockController.sol)
pragma solidity ^0.8.20;
import {AccessControl} from "../access/AccessControl.sol";
import {ERC721Holder} from "../token/ERC721/utils/ERC721Holder.sol";
import {ERC1155Holder} from "../token/ERC1155/utils/ERC1155Holder.sol";
import {Address} from "../utils/Address.sol";
import {IERC165} from "../utils/introspection/ERC165.sol";
/**
* @dev Contract module which acts as a timelocked controller. When set as the
* owner of an `Ownable` smart contract, it enforces a timelock on all
* `onlyOwner` maintenance operations. This gives time for users of the
* controlled contract to exit before a potentially dangerous maintenance
* operation is applied.
*
* By default, this contract is self administered, meaning administration tasks
* have to go through the timelock process. The proposer (resp executor) role
* is in charge of proposing (resp executing) operations. A common use case is
* to position this {TimelockController} as the owner of a smart contract, with
* a multisig or a DAO as the sole proposer.
*/
contract TimelockController is AccessControl, ERC721Holder, ERC1155Holder {
bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE");
bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE");
bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE");
uint256 internal constant _DONE_TIMESTAMP = uint256(1);
mapping(bytes32 id => uint256) private _timestamps;
uint256 private _minDelay;
enum OperationState {
Unset,
Waiting,
Ready,
Done
}
/**
* @dev Mismatch between the parameters length for an operation call.
*/
error TimelockInvalidOperationLength(uint256 targets, uint256 payloads, uint256 values);
/**
* @dev The schedule operation doesn't meet the minimum delay.
*/
error TimelockInsufficientDelay(uint256 delay, uint256 minDelay);
/**
* @dev The current state of an operation is not as required.
* The `expectedStates` is a bitmap with the bits enabled for each OperationState enum position
* counting from right to left.
*
* See {_encodeStateBitmap}.
*/
error TimelockUnexpectedOperationState(bytes32 operationId, bytes32 expectedStates);
/**
* @dev The predecessor to an operation not yet done.
*/
error TimelockUnexecutedPredecessor(bytes32 predecessorId);
/**
* @dev The caller account is not authorized.
*/
error TimelockUnauthorizedCaller(address caller);
/**
* @dev Emitted when a call is scheduled as part of operation `id`.
*/
event CallScheduled(
bytes32 indexed id,
uint256 indexed index,
address target,
uint256 value,
bytes data,
bytes32 predecessor,
uint256 delay
);
/**
* @dev Emitted when a call is performed as part of operation `id`.
*/
event CallExecuted(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data);
/**
* @dev Emitted when new proposal is scheduled with non-zero salt.
*/
event CallSalt(bytes32 indexed id, bytes32 salt);
/**
* @dev Emitted when operation `id` is cancelled.
*/
event Cancelled(bytes32 indexed id);
/**
* @dev Emitted when the minimum delay for future operations is modified.
*/
event MinDelayChange(uint256 oldDuration, uint256 newDuration);
/**
* @dev Initializes the contract with the following parameters:
*
* - `minDelay`: initial minimum delay in seconds for operations
* - `proposers`: accounts to be granted proposer and canceller roles
* - `executors`: accounts to be granted executor role
* - `admin`: optional account to be granted admin role; disable with zero address
*
* IMPORTANT: The optional admin can aid with initial configuration of roles after deployment
* without being subject to delay, but this role should be subsequently renounced in favor of
* administration through timelocked proposals. Previous versions of this contract would assign
* this admin to the deployer automatically and should be renounced as well.
*/
constructor(uint256 minDelay, address[] memory proposers, address[] memory executors, address admin) {
// self administration
_grantRole(DEFAULT_ADMIN_ROLE, address(this));
// optional admin
if (admin != address(0)) {
_grantRole(DEFAULT_ADMIN_ROLE, admin);
}
// register proposers and cancellers
for (uint256 i = 0; i < proposers.length; ++i) {
_grantRole(PROPOSER_ROLE, proposers[i]);
_grantRole(CANCELLER_ROLE, proposers[i]);
}
// register executors
for (uint256 i = 0; i < executors.length; ++i) {
_grantRole(EXECUTOR_ROLE, executors[i]);
}
_minDelay = minDelay;
emit MinDelayChange(0, minDelay);
}
/**
* @dev Modifier to make a function callable only by a certain role. In
* addition to checking the sender's role, `address(0)` 's role is also
* considered. Granting a role to `address(0)` is equivalent to enabling
* this role for everyone.
*/
modifier onlyRoleOrOpenRole(bytes32 role) {
if (!hasRole(role, address(0))) {
_checkRole(role, _msgSender());
}
_;
}
/**
* @dev Contract might receive/hold ETH as part of the maintenance process.
*/
receive() external payable virtual {}
/// @inheritdoc IERC165
function supportsInterface(
bytes4 interfaceId
) public view virtual override(AccessControl, ERC1155Holder) returns (bool) {
return super.supportsInterface(interfaceId);
}
/**
* @dev Returns whether an id corresponds to a registered operation. This
* includes both Waiting, Ready, and Done operations.
*/
function isOperation(bytes32 id) public view returns (bool) {
return getOperationState(id) != OperationState.Unset;
}
/**
* @dev Returns whether an operation is pending or not. Note that a "pending" operation may also be "ready".
*/
function isOperationPending(bytes32 id) public view returns (bool) {
OperationState state = getOperationState(id);
return state == OperationState.Waiting || state == OperationState.Ready;
}
/**
* @dev Returns whether an operation is ready for execution. Note that a "ready" operation is also "pending".
*/
function isOperationReady(bytes32 id) public view returns (bool) {
return getOperationState(id) == OperationState.Ready;
}
/**
* @dev Returns whether an operation is done or not.
*/
function isOperationDone(bytes32 id) public view returns (bool) {
return getOperationState(id) == OperationState.Done;
}
/**
* @dev Returns the timestamp at which an operation becomes ready (0 for
* unset operations, 1 for done operations).
*/
function getTimestamp(bytes32 id) public view virtual returns (uint256) {
return _timestamps[id];
}
/**
* @dev Returns operation state.
*/
function getOperationState(bytes32 id) public view virtual returns (OperationState) {
uint256 timestamp = getTimestamp(id);
if (timestamp == 0) {
return OperationState.Unset;
} else if (timestamp == _DONE_TIMESTAMP) {
return OperationState.Done;
} else if (timestamp > block.timestamp) {
return OperationState.Waiting;
} else {
return OperationState.Ready;
}
}
/**
* @dev Returns the minimum delay in seconds for an operation to become valid.
*
* This value can be changed by executing an operation that calls `updateDelay`.
*/
function getMinDelay() public view virtual returns (uint256) {
return _minDelay;
}
/**
* @dev Returns the identifier of an operation containing a single
* transaction.
*/
function hashOperation(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt
) public pure virtual returns (bytes32) {
return keccak256(abi.encode(target, value, data, predecessor, salt));
}
/**
* @dev Returns the identifier of an operation containing a batch of
* transactions.
*/
function hashOperationBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt
) public pure virtual returns (bytes32) {
return keccak256(abi.encode(targets, values, payloads, predecessor, salt));
}
/**
* @dev Schedule an operation containing a single transaction.
*
* Emits {CallSalt} if salt is nonzero, and {CallScheduled}.
*
* Requirements:
*
* - the caller must have the 'proposer' role.
*/
function schedule(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual onlyRole(PROPOSER_ROLE) {
bytes32 id = hashOperation(target, value, data, predecessor, salt);
_schedule(id, delay);
emit CallScheduled(id, 0, target, value, data, predecessor, delay);
if (salt != bytes32(0)) {
emit CallSalt(id, salt);
}
}
/**
* @dev Schedule an operation containing a batch of transactions.
*
* Emits {CallSalt} if salt is nonzero, and one {CallScheduled} event per transaction in the batch.
*
* Requirements:
*
* - the caller must have the 'proposer' role.
*/
function scheduleBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual onlyRole(PROPOSER_ROLE) {
if (targets.length != values.length || targets.length != payloads.length) {
revert TimelockInvalidOperationLength(targets.length, payloads.length, values.length);
}
bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt);
_schedule(id, delay);
for (uint256 i = 0; i < targets.length; ++i) {
emit CallScheduled(id, i, targets[i], values[i], payloads[i], predecessor, delay);
}
if (salt != bytes32(0)) {
emit CallSalt(id, salt);
}
}
/**
* @dev Schedule an operation that is to become valid after a given delay.
*/
function _schedule(bytes32 id, uint256 delay) private {
if (isOperation(id)) {
revert TimelockUnexpectedOperationState(id, _encodeStateBitmap(OperationState.Unset));
}
uint256 minDelay = getMinDelay();
if (delay < minDelay) {
revert TimelockInsufficientDelay(delay, minDelay);
}
_timestamps[id] = block.timestamp + delay;
}
/**
* @dev Cancel an operation.
*
* Requirements:
*
* - the caller must have the 'canceller' role.
*/
function cancel(bytes32 id) public virtual onlyRole(CANCELLER_ROLE) {
if (!isOperationPending(id)) {
revert TimelockUnexpectedOperationState(
id,
_encodeStateBitmap(OperationState.Waiting) | _encodeStateBitmap(OperationState.Ready)
);
}
delete _timestamps[id];
emit Cancelled(id);
}
/**
* @dev Execute an (ready) operation containing a single transaction.
*
* Emits a {CallExecuted} event.
*
* Requirements:
*
* - the caller must have the 'executor' role.
*/
// This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
// thus any modifications to the operation during reentrancy should be caught.
// slither-disable-next-line reentrancy-eth
function execute(
address target,
uint256 value,
bytes calldata payload,
bytes32 predecessor,
bytes32 salt
) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) {
bytes32 id = hashOperation(target, value, payload, predecessor, salt);
_beforeCall(id, predecessor);
_execute(target, value, payload);
emit CallExecuted(id, 0, target, value, payload);
_afterCall(id);
}
/**
* @dev Execute an (ready) operation containing a batch of transactions.
*
* Emits one {CallExecuted} event per transaction in the batch.
*
* Requirements:
*
* - the caller must have the 'executor' role.
*/
// This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
// thus any modifications to the operation during reentrancy should be caught.
// slither-disable-next-line reentrancy-eth
function executeBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt
) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) {
if (targets.length != values.length || targets.length != payloads.length) {
revert TimelockInvalidOperationLength(targets.length, payloads.length, values.length);
}
bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt);
_beforeCall(id, predecessor);
for (uint256 i = 0; i < targets.length; ++i) {
address target = targets[i];
uint256 value = values[i];
bytes calldata payload = payloads[i];
_execute(target, value, payload);
emit CallExecuted(id, i, target, value, payload);
}
_afterCall(id);
}
/**
* @dev Execute an operation's call.
*/
function _execute(address target, uint256 value, bytes calldata data) internal virtual {
(bool success, bytes memory returndata) = target.call{value: value}(data);
Address.verifyCallResult(success, returndata);
}
/**
* @dev Checks before execution of an operation's calls.
*/
function _beforeCall(bytes32 id, bytes32 predecessor) private view {
if (!isOperationReady(id)) {
revert TimelockUnexpectedOperationState(id, _encodeStateBitmap(OperationState.Ready));
}
if (predecessor != bytes32(0) && !isOperationDone(predecessor)) {
revert TimelockUnexecutedPredecessor(predecessor);
}
}
/**
* @dev Checks after execution of an operation's calls.
*/
function _afterCall(bytes32 id) private {
if (!isOperationReady(id)) {
revert TimelockUnexpectedOperationState(id, _encodeStateBitmap(OperationState.Ready));
}
_timestamps[id] = _DONE_TIMESTAMP;
}
/**
* @dev Changes the minimum timelock duration for future operations.
*
* Emits a {MinDelayChange} event.
*
* Requirements:
*
* - the caller must be the timelock itself. This can only be achieved by scheduling and later executing
* an operation where the timelock is the target and the data is the ABI-encoded call to this function.
*/
function updateDelay(uint256 newDelay) external virtual {
address sender = _msgSender();
if (sender != address(this)) {
revert TimelockUnauthorizedCaller(sender);
}
emit MinDelayChange(_minDelay, newDelay);
_minDelay = newDelay;
}
/**
* @dev Encodes a `OperationState` into a `bytes32` representation where each bit enabled corresponds to
* the underlying position in the `OperationState` enum. For example:
*
* 0x000...1000
* ^^^^^^----- ...
* ^---- Done
* ^--- Ready
* ^-- Waiting
* ^- Unset
*/
function _encodeStateBitmap(OperationState operationState) internal pure returns (bytes32) {
return bytes32(1 << uint8(operationState));
}
}

190
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorCountingFractional.sol generated vendored Executable file
View File

@@ -0,0 +1,190 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorCountingFractional.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
import {GovernorCountingSimple} from "./GovernorCountingSimple.sol";
import {Math} from "../../utils/math/Math.sol";
/**
* @dev Extension of {Governor} for fractional voting.
*
* Similar to {GovernorCountingSimple}, this contract is a votes counting module for {Governor} that supports 3 options:
* Against, For, Abstain. Additionally, it includes a fourth option: Fractional, which allows voters to split their voting
* power amongst the other 3 options.
*
* Votes cast with the Fractional support must be accompanied by a `params` argument that is three packed `uint128` values
* representing the weight the delegate assigns to Against, For, and Abstain respectively. For those votes cast for the other
* 3 options, the `params` argument must be empty.
*
* This is mostly useful when the delegate is a contract that implements its own rules for voting. These delegate-contracts
* can cast fractional votes according to the preferences of multiple entities delegating their voting power.
*
* Some example use cases include:
*
* * Voting from tokens that are held by a DeFi pool
* * Voting from an L2 with tokens held by a bridge
* * Voting privately from a shielded pool using zero knowledge proofs.
*
* Based on ScopeLift's https://github.com/ScopeLift/flexible-voting/blob/e5de2efd1368387b840931f19f3c184c85842761/src/GovernorCountingFractional.sol[`GovernorCountingFractional`]
*
* _Available since v5.1._
*/
abstract contract GovernorCountingFractional is Governor {
using Math for *;
uint8 internal constant VOTE_TYPE_FRACTIONAL = 255;
struct ProposalVote {
uint256 againstVotes;
uint256 forVotes;
uint256 abstainVotes;
mapping(address voter => uint256) usedVotes;
}
/**
* @dev Mapping from proposal ID to vote tallies for that proposal.
*/
mapping(uint256 proposalId => ProposalVote) private _proposalVotes;
/**
* @dev A fractional vote params uses more votes than are available for that user.
*/
error GovernorExceedRemainingWeight(address voter, uint256 usedVotes, uint256 remainingWeight);
/// @inheritdoc IGovernor
// solhint-disable-next-line func-name-mixedcase
function COUNTING_MODE() public pure virtual override returns (string memory) {
return "support=bravo,fractional&quorum=for,abstain&params=fractional";
}
/// @inheritdoc IGovernor
function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) {
return usedVotes(proposalId, account) > 0;
}
/**
* @dev Get the number of votes already cast by `account` for a proposal with `proposalId`. Useful for
* integrations that allow delegates to cast rolling, partial votes.
*/
function usedVotes(uint256 proposalId, address account) public view virtual returns (uint256) {
return _proposalVotes[proposalId].usedVotes[account];
}
/**
* @dev Get current distribution of votes for a given proposal.
*/
function proposalVotes(
uint256 proposalId
) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
return (proposalVote.againstVotes, proposalVote.forVotes, proposalVote.abstainVotes);
}
/// @inheritdoc Governor
function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
return quorum(proposalSnapshot(proposalId)) <= proposalVote.forVotes + proposalVote.abstainVotes;
}
/**
* @dev See {Governor-_voteSucceeded}. In this module, forVotes must be > againstVotes.
*/
function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
return proposalVote.forVotes > proposalVote.againstVotes;
}
/**
* @dev See {Governor-_countVote}. Function that records the delegate's votes.
*
* Executing this function consumes (part of) the delegate's weight on the proposal. This weight can be
* distributed amongst the 3 options (Against, For, Abstain) by specifying a fractional `support`.
*
* This counting module supports two vote casting modes: nominal and fractional.
*
* - Nominal: A nominal vote is cast by setting `support` to one of the 3 bravo options (Against, For, Abstain).
* - Fractional: A fractional vote is cast by setting `support` to `type(uint8).max` (255).
*
* Casting a nominal vote requires `params` to be empty and consumes the delegate's full remaining weight on the
* proposal for the specified `support` option. This is similar to the {GovernorCountingSimple} module and follows
* the `VoteType` enum from Governor Bravo. As a consequence, no vote weight remains unspent so no further voting
* is possible (for this `proposalId` and this `account`).
*
* Casting a fractional vote consumes a fraction of the delegate's remaining weight on the proposal according to the
* weights the delegate assigns to each support option (Against, For, Abstain respectively). The sum total of the
* three decoded vote weights _must_ be less than or equal to the delegate's remaining weight on the proposal (i.e.
* their checkpointed total weight minus votes already cast on the proposal). This format can be produced using:
*
* `abi.encodePacked(uint128(againstVotes), uint128(forVotes), uint128(abstainVotes))`
*
* NOTE: Consider that fractional voting restricts the number of casted votes (in each category) to 128 bits.
* Depending on how many decimals the underlying token has, a single voter may require to split their vote into
* multiple vote operations. For precision higher than ~30 decimals, large token holders may require a
* potentially large number of calls to cast all their votes. The voter has the possibility to cast all the
* remaining votes in a single operation using the traditional "bravo" vote.
*/
// slither-disable-next-line cyclomatic-complexity
function _countVote(
uint256 proposalId,
address account,
uint8 support,
uint256 totalWeight,
bytes memory params
) internal virtual override returns (uint256) {
// Compute number of remaining votes. Returns 0 on overflow.
(, uint256 remainingWeight) = totalWeight.trySub(usedVotes(proposalId, account));
if (remainingWeight == 0) {
revert GovernorAlreadyCastVote(account);
}
uint256 againstVotes = 0;
uint256 forVotes = 0;
uint256 abstainVotes = 0;
uint256 usedWeight = 0;
// For clarity of event indexing, fractional voting must be clearly advertised in the "support" field.
//
// Supported `support` value must be:
// - "Full" voting: `support = 0` (Against), `1` (For) or `2` (Abstain), with empty params.
// - "Fractional" voting: `support = 255`, with 48 bytes params.
if (support == uint8(GovernorCountingSimple.VoteType.Against)) {
if (params.length != 0) revert GovernorInvalidVoteParams();
usedWeight = againstVotes = remainingWeight;
} else if (support == uint8(GovernorCountingSimple.VoteType.For)) {
if (params.length != 0) revert GovernorInvalidVoteParams();
usedWeight = forVotes = remainingWeight;
} else if (support == uint8(GovernorCountingSimple.VoteType.Abstain)) {
if (params.length != 0) revert GovernorInvalidVoteParams();
usedWeight = abstainVotes = remainingWeight;
} else if (support == VOTE_TYPE_FRACTIONAL) {
// The `params` argument is expected to be three packed `uint128`:
// `abi.encodePacked(uint128(againstVotes), uint128(forVotes), uint128(abstainVotes))`
if (params.length != 0x30) revert GovernorInvalidVoteParams();
assembly ("memory-safe") {
againstVotes := shr(128, mload(add(params, 0x20)))
forVotes := shr(128, mload(add(params, 0x30)))
abstainVotes := shr(128, mload(add(params, 0x40)))
usedWeight := add(add(againstVotes, forVotes), abstainVotes) // inputs are uint128: cannot overflow
}
// check parsed arguments are valid
if (usedWeight > remainingWeight) {
revert GovernorExceedRemainingWeight(account, usedWeight, remainingWeight);
}
} else {
revert GovernorInvalidVoteType();
}
// update votes tracking
ProposalVote storage details = _proposalVotes[proposalId];
if (againstVotes > 0) details.againstVotes += againstVotes;
if (forVotes > 0) details.forVotes += forVotes;
if (abstainVotes > 0) details.abstainVotes += abstainVotes;
details.usedVotes[account] += usedWeight;
return usedWeight;
}
}

222
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorCountingOverridable.sol generated vendored Executable file
View File

@@ -0,0 +1,222 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorCountingOverridable.sol)
pragma solidity ^0.8.24;
import {SignatureChecker} from "../../utils/cryptography/SignatureChecker.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
import {VotesExtended} from "../utils/VotesExtended.sol";
import {GovernorVotes} from "./GovernorVotes.sol";
import {IGovernor, Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} which enables delegators to override the vote of their delegates. This module requires a
* token that inherits {VotesExtended}.
*/
abstract contract GovernorCountingOverridable is GovernorVotes {
bytes32 public constant OVERRIDE_BALLOT_TYPEHASH =
keccak256("OverrideBallot(uint256 proposalId,uint8 support,address voter,uint256 nonce,string reason)");
/**
* @dev Supported vote types. Matches Governor Bravo ordering.
*/
enum VoteType {
Against,
For,
Abstain
}
struct VoteReceipt {
uint8 casted; // 0 if vote was not casted. Otherwise: support + 1
bool hasOverridden;
uint208 overriddenWeight;
}
struct ProposalVote {
uint256[3] votes;
mapping(address voter => VoteReceipt) voteReceipt;
}
/// @dev The votes casted by `delegate` were reduced by `weight` after an override vote was casted by the original token holder
event VoteReduced(address indexed delegate, uint256 proposalId, uint8 support, uint256 weight);
/// @dev A delegated vote on `proposalId` was overridden by `weight`
event OverrideVoteCast(address indexed voter, uint256 proposalId, uint8 support, uint256 weight, string reason);
error GovernorAlreadyOverriddenVote(address account);
mapping(uint256 proposalId => ProposalVote) private _proposalVotes;
/// @inheritdoc IGovernor
// solhint-disable-next-line func-name-mixedcase
function COUNTING_MODE() public pure virtual override returns (string memory) {
return "support=bravo,override&quorum=for,abstain&overridable=true";
}
/**
* @dev See {IGovernor-hasVoted}.
*
* NOTE: Calling {castVote} (or similar) casts a vote using the voting power that is delegated to the voter.
* Conversely, calling {castOverrideVote} (or similar) uses the voting power of the account itself, from its asset
* balances. Casting an "override vote" does not count as voting and won't be reflected by this getter. Consider
* using {hasVotedOverride} to check if an account has casted an "override vote" for a given proposal id.
*/
function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) {
return _proposalVotes[proposalId].voteReceipt[account].casted != 0;
}
/**
* @dev Check if an `account` has overridden their delegate for a proposal.
*/
function hasVotedOverride(uint256 proposalId, address account) public view virtual returns (bool) {
return _proposalVotes[proposalId].voteReceipt[account].hasOverridden;
}
/**
* @dev Accessor to the internal vote counts.
*/
function proposalVotes(
uint256 proposalId
) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) {
uint256[3] storage votes = _proposalVotes[proposalId].votes;
return (votes[uint8(VoteType.Against)], votes[uint8(VoteType.For)], votes[uint8(VoteType.Abstain)]);
}
/// @inheritdoc Governor
function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) {
uint256[3] storage votes = _proposalVotes[proposalId].votes;
return quorum(proposalSnapshot(proposalId)) <= votes[uint8(VoteType.For)] + votes[uint8(VoteType.Abstain)];
}
/**
* @dev See {Governor-_voteSucceeded}. In this module, the forVotes must be strictly over the againstVotes.
*/
function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) {
uint256[3] storage votes = _proposalVotes[proposalId].votes;
return votes[uint8(VoteType.For)] > votes[uint8(VoteType.Against)];
}
/**
* @dev See {Governor-_countVote}. In this module, the support follows the `VoteType` enum (from Governor Bravo).
*
* NOTE: called by {Governor-_castVote} which emits the {IGovernor-VoteCast} (or {IGovernor-VoteCastWithParams})
* event.
*/
function _countVote(
uint256 proposalId,
address account,
uint8 support,
uint256 totalWeight,
bytes memory /*params*/
) internal virtual override returns (uint256) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
if (support > uint8(VoteType.Abstain)) {
revert GovernorInvalidVoteType();
}
if (proposalVote.voteReceipt[account].casted != 0) {
revert GovernorAlreadyCastVote(account);
}
totalWeight -= proposalVote.voteReceipt[account].overriddenWeight;
proposalVote.votes[support] += totalWeight;
proposalVote.voteReceipt[account].casted = support + 1;
return totalWeight;
}
/**
* @dev Variant of {Governor-_countVote} that deals with vote overrides.
*
* NOTE: See {hasVoted} for more details about the difference between {castVote} and {castOverrideVote}.
*/
function _countOverride(uint256 proposalId, address account, uint8 support) internal virtual returns (uint256) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
if (support > uint8(VoteType.Abstain)) {
revert GovernorInvalidVoteType();
}
if (proposalVote.voteReceipt[account].hasOverridden) {
revert GovernorAlreadyOverriddenVote(account);
}
uint256 snapshot = proposalSnapshot(proposalId);
uint256 overriddenWeight = VotesExtended(address(token())).getPastBalanceOf(account, snapshot);
address delegate = VotesExtended(address(token())).getPastDelegate(account, snapshot);
uint8 delegateCasted = proposalVote.voteReceipt[delegate].casted;
proposalVote.voteReceipt[account].hasOverridden = true;
proposalVote.votes[support] += overriddenWeight;
if (delegateCasted == 0) {
proposalVote.voteReceipt[delegate].overriddenWeight += SafeCast.toUint208(overriddenWeight);
} else {
uint8 delegateSupport = delegateCasted - 1;
proposalVote.votes[delegateSupport] -= overriddenWeight;
emit VoteReduced(delegate, proposalId, delegateSupport, overriddenWeight);
}
return overriddenWeight;
}
/// @dev Variant of {Governor-_castVote} that deals with vote overrides. Returns the overridden weight.
function _castOverride(
uint256 proposalId,
address account,
uint8 support,
string calldata reason
) internal virtual returns (uint256) {
_validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Active));
uint256 overriddenWeight = _countOverride(proposalId, account, support);
emit OverrideVoteCast(account, proposalId, support, overriddenWeight, reason);
_tallyUpdated(proposalId);
return overriddenWeight;
}
/// @dev Public function for casting an override vote. Returns the overridden weight.
function castOverrideVote(
uint256 proposalId,
uint8 support,
string calldata reason
) public virtual returns (uint256) {
address voter = _msgSender();
return _castOverride(proposalId, voter, support, reason);
}
/// @dev Public function for casting an override vote using a voter's signature. Returns the overridden weight.
function castOverrideVoteBySig(
uint256 proposalId,
uint8 support,
address voter,
string calldata reason,
bytes calldata signature
) public virtual returns (uint256) {
bool valid = SignatureChecker.isValidSignatureNow(
voter,
_hashTypedDataV4(
keccak256(
abi.encode(
OVERRIDE_BALLOT_TYPEHASH,
proposalId,
support,
voter,
_useNonce(voter),
keccak256(bytes(reason))
)
)
),
signature
);
if (!valid) {
revert GovernorInvalidSignature(voter);
}
return _castOverride(proposalId, voter, support, reason);
}
}

96
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorCountingSimple.sol generated vendored Executable file
View File

@@ -0,0 +1,96 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorCountingSimple.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} for simple, 3 options, vote counting.
*/
abstract contract GovernorCountingSimple is Governor {
/**
* @dev Supported vote types. Matches Governor Bravo ordering.
*/
enum VoteType {
Against,
For,
Abstain
}
struct ProposalVote {
uint256 againstVotes;
uint256 forVotes;
uint256 abstainVotes;
mapping(address voter => bool) hasVoted;
}
mapping(uint256 proposalId => ProposalVote) private _proposalVotes;
/// @inheritdoc IGovernor
// solhint-disable-next-line func-name-mixedcase
function COUNTING_MODE() public pure virtual override returns (string memory) {
return "support=bravo&quorum=for,abstain";
}
/// @inheritdoc IGovernor
function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) {
return _proposalVotes[proposalId].hasVoted[account];
}
/**
* @dev Accessor to the internal vote counts.
*/
function proposalVotes(
uint256 proposalId
) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
return (proposalVote.againstVotes, proposalVote.forVotes, proposalVote.abstainVotes);
}
/// @inheritdoc Governor
function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
return quorum(proposalSnapshot(proposalId)) <= proposalVote.forVotes + proposalVote.abstainVotes;
}
/**
* @dev See {Governor-_voteSucceeded}. In this module, the forVotes must be strictly over the againstVotes.
*/
function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
return proposalVote.forVotes > proposalVote.againstVotes;
}
/**
* @dev See {Governor-_countVote}. In this module, the support follows the `VoteType` enum (from Governor Bravo).
*/
function _countVote(
uint256 proposalId,
address account,
uint8 support,
uint256 totalWeight,
bytes memory // params
) internal virtual override returns (uint256) {
ProposalVote storage proposalVote = _proposalVotes[proposalId];
if (proposalVote.hasVoted[account]) {
revert GovernorAlreadyCastVote(account);
}
proposalVote.hasVoted[account] = true;
if (support == uint8(VoteType.Against)) {
proposalVote.againstVotes += totalWeight;
} else if (support == uint8(VoteType.For)) {
proposalVote.forVotes += totalWeight;
} else if (support == uint8(VoteType.Abstain)) {
proposalVote.abstainVotes += totalWeight;
} else {
revert GovernorInvalidVoteType();
}
return totalWeight;
}
}

91
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorNoncesKeyed.sol generated vendored Executable file
View File

@@ -0,0 +1,91 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorNoncesKeyed.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
import {Nonces} from "../../utils/Nonces.sol";
import {NoncesKeyed} from "../../utils/NoncesKeyed.sol";
import {SignatureChecker} from "../../utils/cryptography/SignatureChecker.sol";
/**
* @dev An extension of {Governor} that extends existing nonce management to use {NoncesKeyed}, where the key is the low-order 192 bits of the `proposalId`.
* This is useful for voting by signature while maintaining separate sequences of nonces for each proposal.
*
* NOTE: Traditional (un-keyed) nonces are still supported and can continue to be used as if this extension was not present.
*/
abstract contract GovernorNoncesKeyed is Governor, NoncesKeyed {
function _useCheckedNonce(address owner, uint256 nonce) internal virtual override(Nonces, NoncesKeyed) {
super._useCheckedNonce(owner, nonce);
}
/**
* @dev Check the signature against keyed nonce and falls back to the traditional nonce.
*
* NOTE: This function won't call `super._validateVoteSig` if the keyed nonce is valid.
* Side effects may be skipped depending on the linearization of the function.
*/
function _validateVoteSig(
uint256 proposalId,
uint8 support,
address voter,
bytes memory signature
) internal virtual override returns (bool) {
if (
SignatureChecker.isValidSignatureNow(
voter,
_hashTypedDataV4(
keccak256(
abi.encode(BALLOT_TYPEHASH, proposalId, support, voter, nonces(voter, uint192(proposalId)))
)
),
signature
)
) {
_useNonce(voter, uint192(proposalId));
return true;
} else {
return super._validateVoteSig(proposalId, support, voter, signature);
}
}
/**
* @dev Check the signature against keyed nonce and falls back to the traditional nonce.
*
* NOTE: This function won't call `super._validateExtendedVoteSig` if the keyed nonce is valid.
* Side effects may be skipped depending on the linearization of the function.
*/
function _validateExtendedVoteSig(
uint256 proposalId,
uint8 support,
address voter,
string memory reason,
bytes memory params,
bytes memory signature
) internal virtual override returns (bool) {
if (
SignatureChecker.isValidSignatureNow(
voter,
_hashTypedDataV4(
keccak256(
abi.encode(
EXTENDED_BALLOT_TYPEHASH,
proposalId,
support,
voter,
nonces(voter, uint192(proposalId)),
keccak256(bytes(reason)),
keccak256(params)
)
)
),
signature
)
) {
_useNonce(voter, uint192(proposalId));
return true;
} else {
return super._validateExtendedVoteSig(proposalId, support, voter, reason, params, signature);
}
}
}

92
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorPreventLateQuorum.sol generated vendored Executable file
View File

@@ -0,0 +1,92 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorPreventLateQuorum.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
import {Math} from "../../utils/math/Math.sol";
/**
* @dev A module that ensures there is a minimum voting period after quorum is reached. This prevents a large voter from
* swaying a vote and triggering quorum at the last minute, by ensuring there is always time for other voters to react
* and try to oppose the decision.
*
* If a vote causes quorum to be reached, the proposal's voting period may be extended so that it does not end before at
* least a specified time has passed (the "vote extension" parameter). This parameter can be set through a governance
* proposal.
*/
abstract contract GovernorPreventLateQuorum is Governor {
uint48 private _voteExtension;
mapping(uint256 proposalId => uint48) private _extendedDeadlines;
/// @dev Emitted when a proposal deadline is pushed back due to reaching quorum late in its voting period.
event ProposalExtended(uint256 indexed proposalId, uint64 extendedDeadline);
/// @dev Emitted when the {lateQuorumVoteExtension} parameter is changed.
event LateQuorumVoteExtensionSet(uint64 oldVoteExtension, uint64 newVoteExtension);
/**
* @dev Initializes the vote extension parameter: the time in either number of blocks or seconds (depending on the
* governor clock mode) that is required to pass since the moment a proposal reaches quorum until its voting period
* ends. If necessary the voting period will be extended beyond the one set during proposal creation.
*/
constructor(uint48 initialVoteExtension) {
_setLateQuorumVoteExtension(initialVoteExtension);
}
/**
* @dev Returns the proposal deadline, which may have been extended beyond that set at proposal creation, if the
* proposal reached quorum late in the voting period. See {Governor-proposalDeadline}.
*/
function proposalDeadline(uint256 proposalId) public view virtual override returns (uint256) {
return Math.max(super.proposalDeadline(proposalId), _extendedDeadlines[proposalId]);
}
/**
* @dev Vote tally updated and detects if it caused quorum to be reached, potentially extending the voting period.
*
* May emit a {ProposalExtended} event.
*/
function _tallyUpdated(uint256 proposalId) internal virtual override {
super._tallyUpdated(proposalId);
if (_extendedDeadlines[proposalId] == 0 && _quorumReached(proposalId)) {
uint48 extendedDeadline = clock() + lateQuorumVoteExtension();
if (extendedDeadline > proposalDeadline(proposalId)) {
emit ProposalExtended(proposalId, extendedDeadline);
}
_extendedDeadlines[proposalId] = extendedDeadline;
}
}
/**
* @dev Returns the current value of the vote extension parameter: the number of blocks that are required to pass
* from the time a proposal reaches quorum until its voting period ends.
*/
function lateQuorumVoteExtension() public view virtual returns (uint48) {
return _voteExtension;
}
/**
* @dev Changes the {lateQuorumVoteExtension}. This operation can only be performed by the governance executor,
* generally through a governance proposal.
*
* Emits a {LateQuorumVoteExtensionSet} event.
*/
function setLateQuorumVoteExtension(uint48 newVoteExtension) public virtual onlyGovernance {
_setLateQuorumVoteExtension(newVoteExtension);
}
/**
* @dev Changes the {lateQuorumVoteExtension}. This is an internal function that can be exposed in a public function
* like {setLateQuorumVoteExtension} if another access control mechanism is needed.
*
* Emits a {LateQuorumVoteExtensionSet} event.
*/
function _setLateQuorumVoteExtension(uint48 newVoteExtension) internal virtual {
emit LateQuorumVoteExtensionSet(_voteExtension, newVoteExtension);
_voteExtension = newVoteExtension;
}
}

58
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorProposalGuardian.sol generated vendored Executable file
View File

@@ -0,0 +1,58 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorProposalGuardian.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} which adds a proposal guardian that can cancel proposals at any stage in the proposal's lifecycle.
*
* NOTE: if the proposal guardian is not configured, then proposers take this role for their proposals.
*/
abstract contract GovernorProposalGuardian is Governor {
address private _proposalGuardian;
event ProposalGuardianSet(address oldProposalGuardian, address newProposalGuardian);
/**
* @dev Getter that returns the address of the proposal guardian.
*/
function proposalGuardian() public view virtual returns (address) {
return _proposalGuardian;
}
/**
* @dev Update the proposal guardian's address. This operation can only be performed through a governance proposal.
*
* Emits a {ProposalGuardianSet} event.
*/
function setProposalGuardian(address newProposalGuardian) public virtual onlyGovernance {
_setProposalGuardian(newProposalGuardian);
}
/**
* @dev Internal setter for the proposal guardian.
*
* Emits a {ProposalGuardianSet} event.
*/
function _setProposalGuardian(address newProposalGuardian) internal virtual {
emit ProposalGuardianSet(_proposalGuardian, newProposalGuardian);
_proposalGuardian = newProposalGuardian;
}
/**
* @dev Override {Governor-_validateCancel} to implement the extended cancellation logic.
*
* * The {proposalGuardian} can cancel any proposal at any point.
* * If no proposal guardian is set, the {IGovernor-proposalProposer} can cancel their proposals at any point.
* * In any case, permissions defined in {Governor-_validateCancel} (or another override) remains valid.
*/
function _validateCancel(uint256 proposalId, address caller) internal view virtual override returns (bool) {
address guardian = proposalGuardian();
return
guardian == caller ||
(guardian == address(0) && caller == proposalProposer(proposalId)) ||
super._validateCancel(proposalId, caller);
}
}

75
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorSequentialProposalId.sol generated vendored Executable file
View File

@@ -0,0 +1,75 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorSequentialProposalId.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} that changes the numbering of proposal ids from the default hash-based approach to
* sequential ids.
*/
abstract contract GovernorSequentialProposalId is Governor {
uint256 private _latestProposalId;
mapping(uint256 proposalHash => uint256 proposalId) private _proposalIds;
/**
* @dev The {latestProposalId} may only be initialized if it hasn't been set yet
* (through initialization or the creation of a proposal).
*/
error GovernorAlreadyInitializedLatestProposalId();
/// @inheritdoc IGovernor
function getProposalId(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) public view virtual override returns (uint256) {
uint256 proposalHash = hashProposal(targets, values, calldatas, descriptionHash);
uint256 storedProposalId = _proposalIds[proposalHash];
if (storedProposalId == 0) {
revert GovernorNonexistentProposal(0);
}
return storedProposalId;
}
/**
* @dev Returns the latest proposal id. A return value of 0 means no proposals have been created yet.
*/
function latestProposalId() public view virtual returns (uint256) {
return _latestProposalId;
}
/**
* @dev See {IGovernor-_propose}.
* Hook into the proposing mechanism to increment proposal count.
*/
function _propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description,
address proposer
) internal virtual override returns (uint256) {
uint256 proposalHash = hashProposal(targets, values, calldatas, keccak256(bytes(description)));
uint256 storedProposalId = _proposalIds[proposalHash];
if (storedProposalId == 0) {
_proposalIds[proposalHash] = ++_latestProposalId;
}
return super._propose(targets, values, calldatas, description, proposer);
}
/**
* @dev Internal function to set the {latestProposalId}. This function is helpful when transitioning
* from another governance system. The next proposal id will be `newLatestProposalId` + 1.
*
* May only call this function if the current value of {latestProposalId} is 0.
*/
function _initializeLatestProposalId(uint256 newLatestProposalId) internal virtual {
if (_latestProposalId != 0) {
revert GovernorAlreadyInitializedLatestProposalId();
}
_latestProposalId = newLatestProposalId;
}
}

106
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorSettings.sol generated vendored Executable file
View File

@@ -0,0 +1,106 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorSettings.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} for settings updatable through governance.
*/
abstract contract GovernorSettings is Governor {
// amount of token
uint256 private _proposalThreshold;
// timepoint: limited to uint48 in core (same as clock() type)
uint48 private _votingDelay;
// duration: limited to uint32 in core
uint32 private _votingPeriod;
event VotingDelaySet(uint256 oldVotingDelay, uint256 newVotingDelay);
event VotingPeriodSet(uint256 oldVotingPeriod, uint256 newVotingPeriod);
event ProposalThresholdSet(uint256 oldProposalThreshold, uint256 newProposalThreshold);
/**
* @dev Initialize the governance parameters.
*/
constructor(uint48 initialVotingDelay, uint32 initialVotingPeriod, uint256 initialProposalThreshold) {
_setVotingDelay(initialVotingDelay);
_setVotingPeriod(initialVotingPeriod);
_setProposalThreshold(initialProposalThreshold);
}
/// @inheritdoc IGovernor
function votingDelay() public view virtual override returns (uint256) {
return _votingDelay;
}
/// @inheritdoc IGovernor
function votingPeriod() public view virtual override returns (uint256) {
return _votingPeriod;
}
/// @inheritdoc Governor
function proposalThreshold() public view virtual override returns (uint256) {
return _proposalThreshold;
}
/**
* @dev Update the voting delay. This operation can only be performed through a governance proposal.
*
* Emits a {VotingDelaySet} event.
*/
function setVotingDelay(uint48 newVotingDelay) public virtual onlyGovernance {
_setVotingDelay(newVotingDelay);
}
/**
* @dev Update the voting period. This operation can only be performed through a governance proposal.
*
* Emits a {VotingPeriodSet} event.
*/
function setVotingPeriod(uint32 newVotingPeriod) public virtual onlyGovernance {
_setVotingPeriod(newVotingPeriod);
}
/**
* @dev Update the proposal threshold. This operation can only be performed through a governance proposal.
*
* Emits a {ProposalThresholdSet} event.
*/
function setProposalThreshold(uint256 newProposalThreshold) public virtual onlyGovernance {
_setProposalThreshold(newProposalThreshold);
}
/**
* @dev Internal setter for the voting delay.
*
* Emits a {VotingDelaySet} event.
*/
function _setVotingDelay(uint48 newVotingDelay) internal virtual {
emit VotingDelaySet(_votingDelay, newVotingDelay);
_votingDelay = newVotingDelay;
}
/**
* @dev Internal setter for the voting period.
*
* Emits a {VotingPeriodSet} event.
*/
function _setVotingPeriod(uint32 newVotingPeriod) internal virtual {
if (newVotingPeriod == 0) {
revert GovernorInvalidVotingPeriod(0);
}
emit VotingPeriodSet(_votingPeriod, newVotingPeriod);
_votingPeriod = newVotingPeriod;
}
/**
* @dev Internal setter for the proposal threshold.
*
* Emits a {ProposalThresholdSet} event.
*/
function _setProposalThreshold(uint256 newProposalThreshold) internal virtual {
emit ProposalThresholdSet(_proposalThreshold, newProposalThreshold);
_proposalThreshold = newProposalThreshold;
}
}

125
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorStorage.sol generated vendored Executable file
View File

@@ -0,0 +1,125 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorStorage.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} that implements storage of proposal details. This modules also provides primitives for
* the enumerability of proposals.
*
* Use cases for this module include:
* - UIs that explore the proposal state without relying on event indexing.
* - Using only the proposalId as an argument in the {Governor-queue} and {Governor-execute} functions for L2 chains
* where storage is cheap compared to calldata.
*/
abstract contract GovernorStorage is Governor {
struct ProposalDetails {
address[] targets;
uint256[] values;
bytes[] calldatas;
bytes32 descriptionHash;
}
uint256[] private _proposalIds;
mapping(uint256 proposalId => ProposalDetails) private _proposalDetails;
/**
* @dev Hook into the proposing mechanism
*/
function _propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description,
address proposer
) internal virtual override returns (uint256) {
uint256 proposalId = super._propose(targets, values, calldatas, description, proposer);
// store
_proposalIds.push(proposalId);
_proposalDetails[proposalId] = ProposalDetails({
targets: targets,
values: values,
calldatas: calldatas,
descriptionHash: keccak256(bytes(description))
});
return proposalId;
}
/**
* @dev Version of {IGovernor-queue} with only `proposalId` as an argument.
*/
function queue(uint256 proposalId) public virtual {
// here, using storage is more efficient than memory
ProposalDetails storage details = _proposalDetails[proposalId];
queue(details.targets, details.values, details.calldatas, details.descriptionHash);
}
/**
* @dev Version of {IGovernor-execute} with only `proposalId` as an argument.
*/
function execute(uint256 proposalId) public payable virtual {
// here, using storage is more efficient than memory
ProposalDetails storage details = _proposalDetails[proposalId];
execute(details.targets, details.values, details.calldatas, details.descriptionHash);
}
/**
* @dev ProposalId version of {IGovernor-cancel}.
*/
function cancel(uint256 proposalId) public virtual {
// here, using storage is more efficient than memory
ProposalDetails storage details = _proposalDetails[proposalId];
cancel(details.targets, details.values, details.calldatas, details.descriptionHash);
}
/**
* @dev Returns the number of stored proposals.
*/
function proposalCount() public view virtual returns (uint256) {
return _proposalIds.length;
}
/**
* @dev Returns the details of a proposalId. Reverts if `proposalId` is not a known proposal.
*/
function proposalDetails(
uint256 proposalId
)
public
view
virtual
returns (address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash)
{
// here, using memory is more efficient than storage
ProposalDetails memory details = _proposalDetails[proposalId];
if (details.descriptionHash == 0) {
revert GovernorNonexistentProposal(proposalId);
}
return (details.targets, details.values, details.calldatas, details.descriptionHash);
}
/**
* @dev Returns the details (including the proposalId) of a proposal given its sequential index.
*/
function proposalDetailsAt(
uint256 index
)
public
view
virtual
returns (
uint256 proposalId,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
)
{
proposalId = _proposalIds[index];
(targets, values, calldatas, descriptionHash) = proposalDetails(proposalId);
}
}

58
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorSuperQuorum.sol generated vendored Executable file
View File

@@ -0,0 +1,58 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorSuperQuorum.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
/**
* @dev Extension of {Governor} with a super quorum. Proposals that meet the super quorum (and have a majority of for
* votes) advance to the `Succeeded` state before the proposal deadline. Counting modules that want to use this
* extension must implement {proposalVotes}.
*/
abstract contract GovernorSuperQuorum is Governor {
/**
* @dev Minimum number of cast votes required for a proposal to reach super quorum. Only FOR votes are counted
* towards the super quorum. Once the super quorum is reached, an active proposal can proceed to the next state
* without waiting for the proposal deadline.
*
* NOTE: The `timepoint` parameter corresponds to the snapshot used for counting the vote. This enables scaling of the
* quorum depending on values such as the `totalSupply` of a token at this timepoint (see {ERC20Votes}).
*
* NOTE: Make sure the value specified for the super quorum is greater than {quorum}, otherwise, it may be
* possible to pass a proposal with less votes than the default quorum.
*/
function superQuorum(uint256 timepoint) public view virtual returns (uint256);
/**
* @dev Accessor to the internal vote counts. This must be implemented by the counting module. Counting modules
* that don't implement this function are incompatible with this module
*/
function proposalVotes(
uint256 proposalId
) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes);
/**
* @dev Overridden version of the {Governor-state} function that checks if the proposal has reached the super
* quorum.
*
* NOTE: If the proposal reaches super quorum but {_voteSucceeded} returns false, eg, assuming the super quorum
* has been set low enough that both FOR and AGAINST votes have exceeded it and AGAINST votes exceed FOR votes,
* the proposal continues to be active until {_voteSucceeded} returns true or the proposal deadline is reached.
* This means that with a low super quorum it is also possible that a vote can succeed prematurely before enough
* AGAINST voters have a chance to vote. Hence, it is recommended to set a high enough super quorum to avoid these
* types of scenarios.
*/
function state(uint256 proposalId) public view virtual override returns (ProposalState) {
ProposalState currentState = super.state(proposalId);
if (currentState != ProposalState.Active) return currentState;
(, uint256 forVotes, ) = proposalVotes(proposalId);
if (forVotes < superQuorum(proposalSnapshot(proposalId)) || !_voteSucceeded(proposalId)) {
return ProposalState.Active;
} else if (proposalEta(proposalId) == 0) {
return ProposalState.Succeeded;
} else {
return ProposalState.Queued;
}
}
}

346
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorTimelockAccess.sol generated vendored Executable file
View File

@@ -0,0 +1,346 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorTimelockAccess.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
import {AuthorityUtils} from "../../access/manager/AuthorityUtils.sol";
import {IAccessManager} from "../../access/manager/IAccessManager.sol";
import {Address} from "../../utils/Address.sol";
import {Math} from "../../utils/math/Math.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
import {Time} from "../../utils/types/Time.sol";
/**
* @dev This module connects a {Governor} instance to an {AccessManager} instance, allowing the governor to make calls
* that are delay-restricted by the manager using the normal {queue} workflow. An optional base delay is applied to
* operations that are not delayed externally by the manager. Execution of a proposal will be delayed as much as
* necessary to meet the required delays of all of its operations.
*
* This extension allows the governor to hold and use its own assets and permissions, unlike {GovernorTimelockControl}
* and {GovernorTimelockCompound}, where the timelock is a separate contract that must be the one to hold assets and
* permissions. Operations that are delay-restricted by the manager, however, will be executed through the
* {AccessManager-execute} function.
*
* ==== Security Considerations
*
* Some operations may be cancelable in the `AccessManager` by the admin or a set of guardians, depending on the
* restricted function being invoked. Since proposals are atomic, the cancellation by a guardian of a single operation
* in a proposal will cause all of the proposal to become unable to execute. Consider proposing cancellable operations
* separately.
*
* By default, function calls will be routed through the associated `AccessManager` whenever it claims the target
* function to be restricted by it. However, admins may configure the manager to make that claim for functions that a
* governor would want to call directly (e.g., token transfers) in an attempt to deny it access to those functions. To
* mitigate this attack vector, the governor is able to ignore the restrictions claimed by the `AccessManager` using
* {setAccessManagerIgnored}. While permanent denial of service is mitigated, temporary DoS may still be technically
* possible. All of the governor's own functions (e.g., {setBaseDelaySeconds}) ignore the `AccessManager` by default.
*
* NOTE: `AccessManager` does not support scheduling more than one operation with the same target and calldata at
* the same time. See {AccessManager-schedule} for a workaround.
*/
abstract contract GovernorTimelockAccess is Governor {
// An execution plan is produced at the moment a proposal is created, in order to fix at that point the exact
// execution semantics of the proposal, namely whether a call will go through {AccessManager-execute}.
struct ExecutionPlan {
uint16 length;
uint32 delay;
// We use mappings instead of arrays because it allows us to pack values in storage more tightly without
// storing the length redundantly.
// We pack 8 operations' data in each bucket. Each uint32 value is set to 1 upon proposal creation if it has
// to be scheduled and executed through the manager. Upon queuing, the value is set to nonce + 2, where the
// nonce is received from the manager when scheduling the operation.
mapping(uint256 operationBucket => uint32[8]) managerData;
}
// The meaning of the "toggle" set to true depends on the target contract.
// If target == address(this), the manager is ignored by default, and a true toggle means it won't be ignored.
// For all other target contracts, the manager is used by default, and a true toggle means it will be ignored.
mapping(address target => mapping(bytes4 selector => bool)) private _ignoreToggle;
mapping(uint256 proposalId => ExecutionPlan) private _executionPlan;
uint32 private _baseDelay;
IAccessManager private immutable _manager;
error GovernorUnmetDelay(uint256 proposalId, uint256 neededTimestamp);
error GovernorMismatchedNonce(uint256 proposalId, uint256 expectedNonce, uint256 actualNonce);
error GovernorLockedIgnore();
event BaseDelaySet(uint32 oldBaseDelaySeconds, uint32 newBaseDelaySeconds);
event AccessManagerIgnoredSet(address target, bytes4 selector, bool ignored);
/**
* @dev Initialize the governor with an {AccessManager} and initial base delay.
*/
constructor(address manager, uint32 initialBaseDelay) {
_manager = IAccessManager(manager);
_setBaseDelaySeconds(initialBaseDelay);
}
/**
* @dev Returns the {AccessManager} instance associated to this governor.
*/
function accessManager() public view virtual returns (IAccessManager) {
return _manager;
}
/**
* @dev Base delay that will be applied to all function calls. Some may be further delayed by their associated
* `AccessManager` authority; in this case the final delay will be the maximum of the base delay and the one
* demanded by the authority.
*
* NOTE: Execution delays are processed by the `AccessManager` contracts, and according to that contract are
* expressed in seconds. Therefore, the base delay is also in seconds, regardless of the governor's clock mode.
*/
function baseDelaySeconds() public view virtual returns (uint32) {
return _baseDelay;
}
/**
* @dev Change the value of {baseDelaySeconds}. This operation can only be invoked through a governance proposal.
*/
function setBaseDelaySeconds(uint32 newBaseDelay) public virtual onlyGovernance {
_setBaseDelaySeconds(newBaseDelay);
}
/**
* @dev Change the value of {baseDelaySeconds}. Internal function without access control.
*/
function _setBaseDelaySeconds(uint32 newBaseDelay) internal virtual {
emit BaseDelaySet(_baseDelay, newBaseDelay);
_baseDelay = newBaseDelay;
}
/**
* @dev Check if restrictions from the associated {AccessManager} are ignored for a target function. Returns true
* when the target function will be invoked directly regardless of `AccessManager` settings for the function.
* See {setAccessManagerIgnored} and Security Considerations above.
*/
function isAccessManagerIgnored(address target, bytes4 selector) public view virtual returns (bool) {
bool isGovernor = target == address(this);
return _ignoreToggle[target][selector] != isGovernor; // equivalent to: isGovernor ? !toggle : toggle
}
/**
* @dev Configure whether restrictions from the associated {AccessManager} are ignored for a target function.
* See Security Considerations above.
*/
function setAccessManagerIgnored(
address target,
bytes4[] calldata selectors,
bool ignored
) public virtual onlyGovernance {
for (uint256 i = 0; i < selectors.length; ++i) {
_setAccessManagerIgnored(target, selectors[i], ignored);
}
}
/**
* @dev Internal version of {setAccessManagerIgnored} without access restriction.
*/
function _setAccessManagerIgnored(address target, bytes4 selector, bool ignored) internal virtual {
bool isGovernor = target == address(this);
if (isGovernor && selector == this.setAccessManagerIgnored.selector) {
revert GovernorLockedIgnore();
}
_ignoreToggle[target][selector] = ignored != isGovernor; // equivalent to: isGovernor ? !ignored : ignored
emit AccessManagerIgnoredSet(target, selector, ignored);
}
/**
* @dev Public accessor to check the execution plan, including the number of seconds that the proposal will be
* delayed since queuing, an array indicating which of the proposal actions will be executed indirectly through
* the associated {AccessManager}, and another indicating which will be scheduled in {queue}. Note that
* those that must be scheduled are cancellable by `AccessManager` guardians.
*/
function proposalExecutionPlan(
uint256 proposalId
) public view returns (uint32 delay, bool[] memory indirect, bool[] memory withDelay) {
ExecutionPlan storage plan = _executionPlan[proposalId];
uint32 length = plan.length;
delay = plan.delay;
indirect = new bool[](length);
withDelay = new bool[](length);
for (uint256 i = 0; i < length; ++i) {
(indirect[i], withDelay[i], ) = _getManagerData(plan, i);
}
return (delay, indirect, withDelay);
}
/// @inheritdoc IGovernor
function proposalNeedsQueuing(uint256 proposalId) public view virtual override returns (bool) {
return _executionPlan[proposalId].delay > 0;
}
/// @inheritdoc IGovernor
function propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description
) public virtual override returns (uint256) {
uint256 proposalId = super.propose(targets, values, calldatas, description);
uint32 neededDelay = baseDelaySeconds();
ExecutionPlan storage plan = _executionPlan[proposalId];
plan.length = SafeCast.toUint16(targets.length);
for (uint256 i = 0; i < targets.length; ++i) {
if (calldatas[i].length < 4) {
continue;
}
address target = targets[i];
bytes4 selector = bytes4(calldatas[i]);
(bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay(
address(_manager),
address(this),
target,
selector
);
if ((immediate || delay > 0) && !isAccessManagerIgnored(target, selector)) {
_setManagerData(plan, i, !immediate, 0);
// downcast is safe because both arguments are uint32
neededDelay = uint32(Math.max(delay, neededDelay));
}
}
plan.delay = neededDelay;
return proposalId;
}
/**
* @dev Mechanism to queue a proposal, potentially scheduling some of its operations in the AccessManager.
*
* NOTE: The execution delay is chosen based on the delay information retrieved in {propose}. This value may be
* off if the delay was updated since proposal creation. In this case, the proposal needs to be recreated.
*/
function _queueOperations(
uint256 proposalId,
address[] memory targets,
uint256[] memory /* values */,
bytes[] memory calldatas,
bytes32 /* descriptionHash */
) internal virtual override returns (uint48) {
ExecutionPlan storage plan = _executionPlan[proposalId];
uint48 etaSeconds = Time.timestamp() + plan.delay;
for (uint256 i = 0; i < targets.length; ++i) {
(, bool withDelay, ) = _getManagerData(plan, i);
if (withDelay) {
// This function can reenter when calling `_manager.schedule` before performing state updates in `_setManagerData`.
// However, the `manager` is a trusted contract in the current context's security model (e.g. an `AccessManager`).
// slither-disable-next-line reentrancy-no-eth
(, uint32 nonce) = _manager.schedule(targets[i], calldatas[i], etaSeconds);
_setManagerData(plan, i, true, nonce);
}
}
return etaSeconds;
}
/**
* @dev Mechanism to execute a proposal, potentially going through {AccessManager-execute} for delayed operations.
*/
function _executeOperations(
uint256 proposalId,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 /* descriptionHash */
) internal virtual override {
uint48 etaSeconds = SafeCast.toUint48(proposalEta(proposalId));
if (block.timestamp < etaSeconds) {
revert GovernorUnmetDelay(proposalId, etaSeconds);
}
ExecutionPlan storage plan = _executionPlan[proposalId];
for (uint256 i = 0; i < targets.length; ++i) {
(bool controlled, bool withDelay, uint32 nonce) = _getManagerData(plan, i);
if (controlled) {
uint32 executedNonce = _manager.execute{value: values[i]}(targets[i], calldatas[i]);
if (withDelay && executedNonce != nonce) {
revert GovernorMismatchedNonce(proposalId, nonce, executedNonce);
}
} else {
(bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]);
Address.verifyCallResult(success, returndata);
}
}
}
/// @inheritdoc Governor
function _cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) internal virtual override returns (uint256) {
uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash);
uint48 etaSeconds = SafeCast.toUint48(proposalEta(proposalId));
ExecutionPlan storage plan = _executionPlan[proposalId];
// If the proposal has been scheduled it will have an ETA and we may have to externally cancel
if (etaSeconds != 0) {
for (uint256 i = 0; i < targets.length; ++i) {
(, bool withDelay, uint32 nonce) = _getManagerData(plan, i);
// Only attempt to cancel if the execution plan included a delay
if (withDelay) {
bytes32 operationId = _manager.hashOperation(address(this), targets[i], calldatas[i]);
// Check first if the current operation nonce is the one that we observed previously. It could
// already have been cancelled and rescheduled. We don't want to cancel unless it is exactly the
// instance that we previously scheduled.
if (nonce == _manager.getNonce(operationId)) {
// It is important that all calls have an opportunity to be cancelled. We chose to ignore
// potential failures of some of the cancel operations to give the other operations a chance to
// be properly cancelled. In particular cancel might fail if the operation was already cancelled
// by guardians previously. We don't match on the revert reason to avoid encoding assumptions
// about specific errors.
try _manager.cancel(address(this), targets[i], calldatas[i]) {} catch {}
}
}
}
}
return proposalId;
}
/**
* @dev Returns whether the operation at an index is delayed by the manager, and its scheduling nonce once queued.
*/
function _getManagerData(
ExecutionPlan storage plan,
uint256 index
) private view returns (bool controlled, bool withDelay, uint32 nonce) {
(uint256 bucket, uint256 subindex) = _getManagerDataIndices(index);
uint32 value = plan.managerData[bucket][subindex];
unchecked {
return (value > 0, value > 1, value > 1 ? value - 2 : 0);
}
}
/**
* @dev Marks an operation at an index as permissioned by the manager, potentially delayed, and
* when delayed sets its scheduling nonce.
*/
function _setManagerData(ExecutionPlan storage plan, uint256 index, bool withDelay, uint32 nonce) private {
(uint256 bucket, uint256 subindex) = _getManagerDataIndices(index);
plan.managerData[bucket][subindex] = withDelay ? nonce + 2 : 1;
}
/**
* @dev Returns bucket and subindex for reading manager data from the packed array mapping.
*/
function _getManagerDataIndices(uint256 index) private pure returns (uint256 bucket, uint256 subindex) {
bucket = index >> 3; // index / 8
subindex = index & 7; // index % 8
}
}

165
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorTimelockCompound.sol generated vendored Executable file
View File

@@ -0,0 +1,165 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorTimelockCompound.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
import {ICompoundTimelock} from "../../vendor/compound/ICompoundTimelock.sol";
import {Address} from "../../utils/Address.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
/**
* @dev Extension of {Governor} that binds the execution process to a Compound Timelock. This adds a delay, enforced by
* the external timelock to all successful proposals (in addition to the voting duration). The {Governor} needs to be
* the admin of the timelock for any operation to be performed. A public, unrestricted,
* {GovernorTimelockCompound-__acceptAdmin} is available to accept ownership of the timelock.
*
* Using this model means the proposal will be operated by the {TimelockController} and not by the {Governor}. Thus,
* the assets and permissions must be attached to the {TimelockController}. Any asset sent to the {Governor} will be
* inaccessible from a proposal, unless executed via {Governor-relay}.
*/
abstract contract GovernorTimelockCompound is Governor {
ICompoundTimelock private _timelock;
/**
* @dev Emitted when the timelock controller used for proposal execution is modified.
*/
event TimelockChange(address oldTimelock, address newTimelock);
/**
* @dev Set the timelock.
*/
constructor(ICompoundTimelock timelockAddress) {
_updateTimelock(timelockAddress);
}
/**
* @dev Overridden version of the {Governor-state} function with added support for the `Expired` state.
*/
function state(uint256 proposalId) public view virtual override returns (ProposalState) {
ProposalState currentState = super.state(proposalId);
return
(currentState == ProposalState.Queued &&
block.timestamp >= proposalEta(proposalId) + _timelock.GRACE_PERIOD())
? ProposalState.Expired
: currentState;
}
/**
* @dev Public accessor to check the address of the timelock
*/
function timelock() public view virtual returns (address) {
return address(_timelock);
}
/// @inheritdoc IGovernor
function proposalNeedsQueuing(uint256) public view virtual override returns (bool) {
return true;
}
/**
* @dev Function to queue a proposal to the timelock.
*/
function _queueOperations(
uint256 proposalId,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 /*descriptionHash*/
) internal virtual override returns (uint48) {
uint48 etaSeconds = SafeCast.toUint48(block.timestamp + _timelock.delay());
for (uint256 i = 0; i < targets.length; ++i) {
if (
_timelock.queuedTransactions(keccak256(abi.encode(targets[i], values[i], "", calldatas[i], etaSeconds)))
) {
revert GovernorAlreadyQueuedProposal(proposalId);
}
_timelock.queueTransaction(targets[i], values[i], "", calldatas[i], etaSeconds);
}
return etaSeconds;
}
/**
* @dev Overridden version of the {Governor-_executeOperations} function that run the already queued proposal
* through the timelock.
*/
function _executeOperations(
uint256 proposalId,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 /*descriptionHash*/
) internal virtual override {
uint256 etaSeconds = proposalEta(proposalId);
if (etaSeconds == 0) {
revert GovernorNotQueuedProposal(proposalId);
}
Address.sendValue(payable(_timelock), msg.value);
for (uint256 i = 0; i < targets.length; ++i) {
_timelock.executeTransaction(targets[i], values[i], "", calldatas[i], etaSeconds);
}
}
/**
* @dev Overridden version of the {Governor-_cancel} function to cancel the timelocked proposal if it has already
* been queued.
*/
function _cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) internal virtual override returns (uint256) {
uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash);
uint256 etaSeconds = proposalEta(proposalId);
if (etaSeconds > 0) {
// do external call later
for (uint256 i = 0; i < targets.length; ++i) {
_timelock.cancelTransaction(targets[i], values[i], "", calldatas[i], etaSeconds);
}
}
return proposalId;
}
/**
* @dev Address through which the governor executes action. In this case, the timelock.
*/
function _executor() internal view virtual override returns (address) {
return address(_timelock);
}
/**
* @dev Accept admin right over the timelock.
*/
// solhint-disable-next-line private-vars-leading-underscore
function __acceptAdmin() public {
_timelock.acceptAdmin();
}
/**
* @dev Public endpoint to update the underlying timelock instance. Restricted to the timelock itself, so updates
* must be proposed, scheduled, and executed through governance proposals.
*
* For security reasons, the timelock must be handed over to another admin before setting up a new one. The two
* operations (hand over the timelock) and do the update can be batched in a single proposal.
*
* Note that if the timelock admin has been handed over in a previous operation, we refuse updates made through the
* timelock if admin of the timelock has already been accepted and the operation is executed outside the scope of
* governance.
* CAUTION: It is not recommended to change the timelock while there are other queued governance proposals.
*/
function updateTimelock(ICompoundTimelock newTimelock) external virtual onlyGovernance {
_updateTimelock(newTimelock);
}
function _updateTimelock(ICompoundTimelock newTimelock) private {
emit TimelockChange(address(_timelock), address(newTimelock));
_timelock = newTimelock;
}
}

167
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorTimelockControl.sol generated vendored Executable file
View File

@@ -0,0 +1,167 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorTimelockControl.sol)
pragma solidity ^0.8.24;
import {IGovernor, Governor} from "../Governor.sol";
import {TimelockController} from "../TimelockController.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
/**
* @dev Extension of {Governor} that binds the execution process to an instance of {TimelockController}. This adds a
* delay, enforced by the {TimelockController} to all successful proposal (in addition to the voting duration). The
* {Governor} needs the proposer (and ideally the executor and canceller) roles for the {Governor} to work properly.
*
* Using this model means the proposal will be operated by the {TimelockController} and not by the {Governor}. Thus,
* the assets and permissions must be attached to the {TimelockController}. Any asset sent to the {Governor} will be
* inaccessible from a proposal, unless executed via {Governor-relay}.
*
* WARNING: Setting up the TimelockController to have additional proposers or cancelers besides the governor is very
* risky, as it grants them the ability to: 1) execute operations as the timelock, and thus possibly performing
* operations or accessing funds that are expected to only be accessible through a vote, and 2) block governance
* proposals that have been approved by the voters, effectively executing a Denial of Service attack.
*/
abstract contract GovernorTimelockControl is Governor {
TimelockController private _timelock;
mapping(uint256 proposalId => bytes32) private _timelockIds;
/**
* @dev Emitted when the timelock controller used for proposal execution is modified.
*/
event TimelockChange(address oldTimelock, address newTimelock);
/**
* @dev Set the timelock.
*/
constructor(TimelockController timelockAddress) {
_updateTimelock(timelockAddress);
}
/**
* @dev Overridden version of the {Governor-state} function that considers the status reported by the timelock.
*/
function state(uint256 proposalId) public view virtual override returns (ProposalState) {
ProposalState currentState = super.state(proposalId);
if (currentState != ProposalState.Queued) {
return currentState;
}
bytes32 queueid = _timelockIds[proposalId];
if (_timelock.isOperationPending(queueid)) {
return ProposalState.Queued;
} else if (_timelock.isOperationDone(queueid)) {
// This can happen if the proposal is executed directly on the timelock.
return ProposalState.Executed;
} else {
// This can happen if the proposal is canceled directly on the timelock.
return ProposalState.Canceled;
}
}
/**
* @dev Public accessor to check the address of the timelock
*/
function timelock() public view virtual returns (address) {
return address(_timelock);
}
/// @inheritdoc IGovernor
function proposalNeedsQueuing(uint256) public view virtual override returns (bool) {
return true;
}
/**
* @dev Function to queue a proposal to the timelock.
*/
function _queueOperations(
uint256 proposalId,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) internal virtual override returns (uint48) {
uint256 delay = _timelock.getMinDelay();
bytes32 salt = _timelockSalt(descriptionHash);
_timelockIds[proposalId] = _timelock.hashOperationBatch(targets, values, calldatas, 0, salt);
_timelock.scheduleBatch(targets, values, calldatas, 0, salt, delay);
return SafeCast.toUint48(block.timestamp + delay);
}
/**
* @dev Overridden version of the {Governor-_executeOperations} function that runs the already queued proposal
* through the timelock.
*/
function _executeOperations(
uint256 proposalId,
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) internal virtual override {
// execute
_timelock.executeBatch{value: msg.value}(targets, values, calldatas, 0, _timelockSalt(descriptionHash));
// cleanup for refund
delete _timelockIds[proposalId];
}
/**
* @dev Overridden version of the {Governor-_cancel} function to cancel the timelocked proposal if it has already
* been queued.
*/
// This function can reenter through the external call to the timelock, but we assume the timelock is trusted and
// well behaved (according to TimelockController) and this will not happen.
// slither-disable-next-line reentrancy-no-eth
function _cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
) internal virtual override returns (uint256) {
uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash);
bytes32 timelockId = _timelockIds[proposalId];
if (timelockId != 0) {
// cancel
_timelock.cancel(timelockId);
// cleanup
delete _timelockIds[proposalId];
}
return proposalId;
}
/**
* @dev Address through which the governor executes action. In this case, the timelock.
*/
function _executor() internal view virtual override returns (address) {
return address(_timelock);
}
/**
* @dev Public endpoint to update the underlying timelock instance. Restricted to the timelock itself, so updates
* must be proposed, scheduled, and executed through governance proposals.
*
* CAUTION: It is not recommended to change the timelock while there are other queued governance proposals.
*/
function updateTimelock(TimelockController newTimelock) external virtual onlyGovernance {
_updateTimelock(newTimelock);
}
function _updateTimelock(TimelockController newTimelock) private {
emit TimelockChange(address(_timelock), address(newTimelock));
_timelock = newTimelock;
}
/**
* @dev Computes the {TimelockController} operation salt.
*
* It is computed with the governor address itself to avoid collisions across governor instances using the
* same timelock.
*/
function _timelockSalt(bytes32 descriptionHash) private view returns (bytes32) {
return bytes20(address(this)) ^ descriptionHash;
}
}

63
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorVotes.sol generated vendored Executable file
View File

@@ -0,0 +1,63 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorVotes.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
import {IVotes} from "../utils/IVotes.sol";
import {IERC5805} from "../../interfaces/IERC5805.sol";
import {Time} from "../../utils/types/Time.sol";
/**
* @dev Extension of {Governor} for voting weight extraction from an {ERC20Votes} token, or since v4.5 an {ERC721Votes}
* token.
*/
abstract contract GovernorVotes is Governor {
IERC5805 private immutable _token;
constructor(IVotes tokenAddress) {
_token = IERC5805(address(tokenAddress));
}
/**
* @dev The token that voting power is sourced from.
*/
function token() public view virtual returns (IERC5805) {
return _token;
}
/**
* @dev Clock (as specified in ERC-6372) is set to match the token's clock. Fallback to block numbers if the token
* does not implement ERC-6372.
*/
function clock() public view virtual override returns (uint48) {
try token().clock() returns (uint48 timepoint) {
return timepoint;
} catch {
return Time.blockNumber();
}
}
/**
* @dev Machine-readable description of the clock as specified in ERC-6372.
*/
// solhint-disable-next-line func-name-mixedcase
function CLOCK_MODE() public view virtual override returns (string memory) {
try token().CLOCK_MODE() returns (string memory clockmode) {
return clockmode;
} catch {
return "mode=blocknumber&from=default";
}
}
/**
* Read the voting weight from the token's built in snapshot mechanism (see {Governor-_getVotes}).
*/
function _getVotes(
address account,
uint256 timepoint,
bytes memory /*params*/
) internal view virtual override returns (uint256) {
return token().getPastVotes(account, timepoint);
}
}

113
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol generated vendored Executable file
View File

@@ -0,0 +1,113 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorVotesQuorumFraction.sol)
pragma solidity ^0.8.24;
import {GovernorVotes} from "./GovernorVotes.sol";
import {Math} from "../../utils/math/Math.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
import {Checkpoints} from "../../utils/structs/Checkpoints.sol";
/**
* @dev Extension of {Governor} for voting weight extraction from an {ERC20Votes} token and a quorum expressed as a
* fraction of the total supply.
*/
abstract contract GovernorVotesQuorumFraction is GovernorVotes {
using Checkpoints for Checkpoints.Trace208;
Checkpoints.Trace208 private _quorumNumeratorHistory;
event QuorumNumeratorUpdated(uint256 oldQuorumNumerator, uint256 newQuorumNumerator);
/**
* @dev The quorum set is not a valid fraction.
*/
error GovernorInvalidQuorumFraction(uint256 quorumNumerator, uint256 quorumDenominator);
/**
* @dev Initialize quorum as a fraction of the token's total supply.
*
* The fraction is specified as `numerator / denominator`. By default the denominator is 100, so quorum is
* specified as a percent: a numerator of 10 corresponds to quorum being 10% of total supply. The denominator can be
* customized by overriding {quorumDenominator}.
*/
constructor(uint256 quorumNumeratorValue) {
_updateQuorumNumerator(quorumNumeratorValue);
}
/**
* @dev Returns the current quorum numerator. See {quorumDenominator}.
*/
function quorumNumerator() public view virtual returns (uint256) {
return _quorumNumeratorHistory.latest();
}
/**
* @dev Returns the quorum numerator at a specific timepoint. See {quorumDenominator}.
*/
function quorumNumerator(uint256 timepoint) public view virtual returns (uint256) {
return _optimisticUpperLookupRecent(_quorumNumeratorHistory, timepoint);
}
/**
* @dev Returns the quorum denominator. Defaults to 100, but may be overridden.
*/
function quorumDenominator() public view virtual returns (uint256) {
return 100;
}
/**
* @dev Returns the quorum for a timepoint, in terms of number of votes: `supply * numerator / denominator`.
*/
function quorum(uint256 timepoint) public view virtual override returns (uint256) {
return Math.mulDiv(token().getPastTotalSupply(timepoint), quorumNumerator(timepoint), quorumDenominator());
}
/**
* @dev Changes the quorum numerator.
*
* Emits a {QuorumNumeratorUpdated} event.
*
* Requirements:
*
* - Must be called through a governance proposal.
* - New numerator must be smaller or equal to the denominator.
*/
function updateQuorumNumerator(uint256 newQuorumNumerator) external virtual onlyGovernance {
_updateQuorumNumerator(newQuorumNumerator);
}
/**
* @dev Changes the quorum numerator.
*
* Emits a {QuorumNumeratorUpdated} event.
*
* Requirements:
*
* - New numerator must be smaller or equal to the denominator.
*/
function _updateQuorumNumerator(uint256 newQuorumNumerator) internal virtual {
uint256 denominator = quorumDenominator();
if (newQuorumNumerator > denominator) {
revert GovernorInvalidQuorumFraction(newQuorumNumerator, denominator);
}
uint256 oldQuorumNumerator = quorumNumerator();
_quorumNumeratorHistory.push(clock(), SafeCast.toUint208(newQuorumNumerator));
emit QuorumNumeratorUpdated(oldQuorumNumerator, newQuorumNumerator);
}
/**
* @dev Returns the numerator at a specific timepoint.
*/
function _optimisticUpperLookupRecent(
Checkpoints.Trace208 storage ckpts,
uint256 timepoint
) internal view returns (uint256) {
// If trace is empty, key and value are both equal to 0.
// In that case `key <= timepoint` is true, and it is ok to return 0.
(, uint48 key, uint208 value) = ckpts.latestCheckpoint();
return key <= timepoint ? value : ckpts.upperLookupRecent(SafeCast.toUint48(timepoint));
}
}

134
dev/env/node_modules/@openzeppelin/contracts/governance/extensions/GovernorVotesSuperQuorumFraction.sol generated vendored Executable file
View File

@@ -0,0 +1,134 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/extensions/GovernorVotesSuperQuorumFraction.sol)
pragma solidity ^0.8.24;
import {Governor} from "../Governor.sol";
import {GovernorSuperQuorum} from "./GovernorSuperQuorum.sol";
import {GovernorVotesQuorumFraction} from "./GovernorVotesQuorumFraction.sol";
import {Math} from "../../utils/math/Math.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
import {Checkpoints} from "../../utils/structs/Checkpoints.sol";
/**
* @dev Extension of {GovernorVotesQuorumFraction} with a super quorum expressed as a
* fraction of the total supply. Proposals that meet the super quorum (and have a majority of for votes) advance to
* the `Succeeded` state before the proposal deadline.
*/
abstract contract GovernorVotesSuperQuorumFraction is GovernorVotesQuorumFraction, GovernorSuperQuorum {
using Checkpoints for Checkpoints.Trace208;
Checkpoints.Trace208 private _superQuorumNumeratorHistory;
event SuperQuorumNumeratorUpdated(uint256 oldSuperQuorumNumerator, uint256 newSuperQuorumNumerator);
/**
* @dev The super quorum set is not valid as it exceeds the quorum denominator.
*/
error GovernorInvalidSuperQuorumFraction(uint256 superQuorumNumerator, uint256 denominator);
/**
* @dev The super quorum set is not valid as it is smaller or equal to the quorum.
*/
error GovernorInvalidSuperQuorumTooSmall(uint256 superQuorumNumerator, uint256 quorumNumerator);
/**
* @dev The quorum set is not valid as it exceeds the super quorum.
*/
error GovernorInvalidQuorumTooLarge(uint256 quorumNumerator, uint256 superQuorumNumerator);
/**
* @dev Initialize super quorum as a fraction of the token's total supply.
*
* The super quorum is specified as a fraction of the token's total supply and has to
* be greater than the quorum.
*/
constructor(uint256 superQuorumNumeratorValue) {
_updateSuperQuorumNumerator(superQuorumNumeratorValue);
}
/**
* @dev Returns the current super quorum numerator.
*/
function superQuorumNumerator() public view virtual returns (uint256) {
return _superQuorumNumeratorHistory.latest();
}
/**
* @dev Returns the super quorum numerator at a specific `timepoint`.
*/
function superQuorumNumerator(uint256 timepoint) public view virtual returns (uint256) {
return _optimisticUpperLookupRecent(_superQuorumNumeratorHistory, timepoint);
}
/**
* @dev Returns the super quorum for a `timepoint`, in terms of number of votes: `supply * numerator / denominator`.
* See {GovernorSuperQuorum-superQuorum} for more details.
*/
function superQuorum(uint256 timepoint) public view virtual override returns (uint256) {
return Math.mulDiv(token().getPastTotalSupply(timepoint), superQuorumNumerator(timepoint), quorumDenominator());
}
/**
* @dev Changes the super quorum numerator.
*
* Emits a {SuperQuorumNumeratorUpdated} event.
*
* Requirements:
*
* - Must be called through a governance proposal.
* - New super quorum numerator must be smaller or equal to the denominator.
* - New super quorum numerator must be greater than or equal to the quorum numerator.
*/
function updateSuperQuorumNumerator(uint256 newSuperQuorumNumerator) public virtual onlyGovernance {
_updateSuperQuorumNumerator(newSuperQuorumNumerator);
}
/**
* @dev Changes the super quorum numerator.
*
* Emits a {SuperQuorumNumeratorUpdated} event.
*
* Requirements:
*
* - New super quorum numerator must be smaller or equal to the denominator.
* - New super quorum numerator must be greater than or equal to the quorum numerator.
*/
function _updateSuperQuorumNumerator(uint256 newSuperQuorumNumerator) internal virtual {
uint256 denominator = quorumDenominator();
if (newSuperQuorumNumerator > denominator) {
revert GovernorInvalidSuperQuorumFraction(newSuperQuorumNumerator, denominator);
}
uint256 quorumNumerator = quorumNumerator();
if (newSuperQuorumNumerator < quorumNumerator) {
revert GovernorInvalidSuperQuorumTooSmall(newSuperQuorumNumerator, quorumNumerator);
}
uint256 oldSuperQuorumNumerator = _superQuorumNumeratorHistory.latest();
_superQuorumNumeratorHistory.push(clock(), SafeCast.toUint208(newSuperQuorumNumerator));
emit SuperQuorumNumeratorUpdated(oldSuperQuorumNumerator, newSuperQuorumNumerator);
}
/**
* @dev Overrides {GovernorVotesQuorumFraction-_updateQuorumNumerator} to ensure the super
* quorum numerator is greater than or equal to the quorum numerator.
*/
function _updateQuorumNumerator(uint256 newQuorumNumerator) internal virtual override {
// Ignoring check when the superQuorum was never set (construction sets quorum before superQuorum)
if (_superQuorumNumeratorHistory.length() > 0) {
uint256 superQuorumNumerator_ = superQuorumNumerator();
if (newQuorumNumerator > superQuorumNumerator_) {
revert GovernorInvalidQuorumTooLarge(newQuorumNumerator, superQuorumNumerator_);
}
}
super._updateQuorumNumerator(newQuorumNumerator);
}
/// @inheritdoc GovernorSuperQuorum
function state(
uint256 proposalId
) public view virtual override(Governor, GovernorSuperQuorum) returns (ProposalState) {
return super.state(proposalId);
}
}

59
dev/env/node_modules/@openzeppelin/contracts/governance/utils/IVotes.sol generated vendored Executable file
View File

@@ -0,0 +1,59 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (governance/utils/IVotes.sol)
pragma solidity >=0.8.4;
/**
* @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts.
*/
interface IVotes {
/**
* @dev The signature used has expired.
*/
error VotesExpiredSignature(uint256 expiry);
/**
* @dev Emitted when an account changes their delegate.
*/
event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);
/**
* @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of voting units.
*/
event DelegateVotesChanged(address indexed delegate, uint256 previousVotes, uint256 newVotes);
/**
* @dev Returns the current amount of votes that `account` has.
*/
function getVotes(address account) external view returns (uint256);
/**
* @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*/
function getPastVotes(address account, uint256 timepoint) external view returns (uint256);
/**
* @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.
* Votes that have not been delegated are still part of total supply, even though they would not participate in a
* vote.
*/
function getPastTotalSupply(uint256 timepoint) external view returns (uint256);
/**
* @dev Returns the delegate that `account` has chosen.
*/
function delegates(address account) external view returns (address);
/**
* @dev Delegates votes from the sender to `delegatee`.
*/
function delegate(address delegatee) external;
/**
* @dev Delegates votes from signer to `delegatee`.
*/
function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) external;
}

252
dev/env/node_modules/@openzeppelin/contracts/governance/utils/Votes.sol generated vendored Executable file
View File

@@ -0,0 +1,252 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (governance/utils/Votes.sol)
pragma solidity ^0.8.20;
import {IERC5805} from "../../interfaces/IERC5805.sol";
import {Context} from "../../utils/Context.sol";
import {Nonces} from "../../utils/Nonces.sol";
import {EIP712} from "../../utils/cryptography/EIP712.sol";
import {Checkpoints} from "../../utils/structs/Checkpoints.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
import {ECDSA} from "../../utils/cryptography/ECDSA.sol";
import {Time} from "../../utils/types/Time.sol";
/**
* @dev This is a base abstract contract that tracks voting units, which are a measure of voting power that can be
* transferred, and provides a system of vote delegation, where an account can delegate its voting units to a sort of
* "representative" that will pool delegated voting units from different accounts and can then use it to vote in
* decisions. In fact, voting units _must_ be delegated in order to count as actual votes, and an account has to
* delegate those votes to itself if it wishes to participate in decisions and does not have a trusted representative.
*
* This contract is often combined with a token contract such that voting units correspond to token units. For an
* example, see {ERC721Votes}.
*
* The full history of delegate votes is tracked on-chain so that governance protocols can consider votes as distributed
* at a particular block number to protect against flash loans and double voting. The opt-in delegate system makes the
* cost of this history tracking optional.
*
* When using this module the derived contract must implement {_getVotingUnits} (for example, make it return
* {ERC721-balanceOf}), and can use {_transferVotingUnits} to track a change in the distribution of those units (in the
* previous example, it would be included in {ERC721-_update}).
*/
abstract contract Votes is Context, EIP712, Nonces, IERC5805 {
using Checkpoints for Checkpoints.Trace208;
bytes32 private constant DELEGATION_TYPEHASH =
keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)");
mapping(address account => address) private _delegatee;
mapping(address delegatee => Checkpoints.Trace208) private _delegateCheckpoints;
Checkpoints.Trace208 private _totalCheckpoints;
/**
* @dev The clock was incorrectly modified.
*/
error ERC6372InconsistentClock();
/**
* @dev Lookup to future votes is not available.
*/
error ERC5805FutureLookup(uint256 timepoint, uint48 clock);
/**
* @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based
* checkpoints (and voting), in which case {CLOCK_MODE} should be overridden as well to match.
*/
function clock() public view virtual returns (uint48) {
return Time.blockNumber();
}
/**
* @dev Machine-readable description of the clock as specified in ERC-6372.
*/
// solhint-disable-next-line func-name-mixedcase
function CLOCK_MODE() public view virtual returns (string memory) {
// Check that the clock was not modified
if (clock() != Time.blockNumber()) {
revert ERC6372InconsistentClock();
}
return "mode=blocknumber&from=default";
}
/**
* @dev Validate that a timepoint is in the past, and return it as a uint48.
*/
function _validateTimepoint(uint256 timepoint) internal view returns (uint48) {
uint48 currentTimepoint = clock();
if (timepoint >= currentTimepoint) revert ERC5805FutureLookup(timepoint, currentTimepoint);
return SafeCast.toUint48(timepoint);
}
/**
* @dev Returns the current amount of votes that `account` has.
*/
function getVotes(address account) public view virtual returns (uint256) {
return _delegateCheckpoints[account].latest();
}
/**
* @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* Requirements:
*
* - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.
*/
function getPastVotes(address account, uint256 timepoint) public view virtual returns (uint256) {
return _delegateCheckpoints[account].upperLookupRecent(_validateTimepoint(timepoint));
}
/**
* @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.
* Votes that have not been delegated are still part of total supply, even though they would not participate in a
* vote.
*
* Requirements:
*
* - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.
*/
function getPastTotalSupply(uint256 timepoint) public view virtual returns (uint256) {
return _totalCheckpoints.upperLookupRecent(_validateTimepoint(timepoint));
}
/**
* @dev Returns the current total supply of votes.
*/
function _getTotalSupply() internal view virtual returns (uint256) {
return _totalCheckpoints.latest();
}
/**
* @dev Returns the delegate that `account` has chosen.
*/
function delegates(address account) public view virtual returns (address) {
return _delegatee[account];
}
/**
* @dev Delegates votes from the sender to `delegatee`.
*/
function delegate(address delegatee) public virtual {
address account = _msgSender();
_delegate(account, delegatee);
}
/**
* @dev Delegates votes from signer to `delegatee`.
*/
function delegateBySig(
address delegatee,
uint256 nonce,
uint256 expiry,
uint8 v,
bytes32 r,
bytes32 s
) public virtual {
if (block.timestamp > expiry) {
revert VotesExpiredSignature(expiry);
}
address signer = ECDSA.recover(
_hashTypedDataV4(keccak256(abi.encode(DELEGATION_TYPEHASH, delegatee, nonce, expiry))),
v,
r,
s
);
_useCheckedNonce(signer, nonce);
_delegate(signer, delegatee);
}
/**
* @dev Delegate all of `account`'s voting units to `delegatee`.
*
* Emits events {IVotes-DelegateChanged} and {IVotes-DelegateVotesChanged}.
*/
function _delegate(address account, address delegatee) internal virtual {
address oldDelegate = delegates(account);
_delegatee[account] = delegatee;
emit DelegateChanged(account, oldDelegate, delegatee);
_moveDelegateVotes(oldDelegate, delegatee, _getVotingUnits(account));
}
/**
* @dev Transfers, mints, or burns voting units. To register a mint, `from` should be zero. To register a burn, `to`
* should be zero. Total supply of voting units will be adjusted with mints and burns.
*/
function _transferVotingUnits(address from, address to, uint256 amount) internal virtual {
if (from == address(0)) {
_push(_totalCheckpoints, _add, SafeCast.toUint208(amount));
}
if (to == address(0)) {
_push(_totalCheckpoints, _subtract, SafeCast.toUint208(amount));
}
_moveDelegateVotes(delegates(from), delegates(to), amount);
}
/**
* @dev Moves delegated votes from one delegate to another.
*/
function _moveDelegateVotes(address from, address to, uint256 amount) internal virtual {
if (from != to && amount > 0) {
if (from != address(0)) {
(uint256 oldValue, uint256 newValue) = _push(
_delegateCheckpoints[from],
_subtract,
SafeCast.toUint208(amount)
);
emit DelegateVotesChanged(from, oldValue, newValue);
}
if (to != address(0)) {
(uint256 oldValue, uint256 newValue) = _push(
_delegateCheckpoints[to],
_add,
SafeCast.toUint208(amount)
);
emit DelegateVotesChanged(to, oldValue, newValue);
}
}
}
/**
* @dev Get number of checkpoints for `account`.
*/
function _numCheckpoints(address account) internal view virtual returns (uint32) {
return SafeCast.toUint32(_delegateCheckpoints[account].length());
}
/**
* @dev Get the `pos`-th checkpoint for `account`.
*/
function _checkpoints(
address account,
uint32 pos
) internal view virtual returns (Checkpoints.Checkpoint208 memory) {
return _delegateCheckpoints[account].at(pos);
}
function _push(
Checkpoints.Trace208 storage store,
function(uint208, uint208) view returns (uint208) op,
uint208 delta
) private returns (uint208 oldValue, uint208 newValue) {
return store.push(clock(), op(store.latest(), delta));
}
function _add(uint208 a, uint208 b) private pure returns (uint208) {
return a + b;
}
function _subtract(uint208 a, uint208 b) private pure returns (uint208) {
return a - b;
}
/**
* @dev Must return the voting units held by an account.
*/
function _getVotingUnits(address) internal view virtual returns (uint256);
}

84
dev/env/node_modules/@openzeppelin/contracts/governance/utils/VotesExtended.sol generated vendored Executable file
View File

@@ -0,0 +1,84 @@
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (governance/utils/VotesExtended.sol)
pragma solidity ^0.8.20;
import {Checkpoints} from "../../utils/structs/Checkpoints.sol";
import {Votes} from "./Votes.sol";
import {SafeCast} from "../../utils/math/SafeCast.sol";
/**
* @dev Extension of {Votes} that adds checkpoints for delegations and balances.
*
* WARNING: While this contract extends {Votes}, valid uses of {Votes} may not be compatible with
* {VotesExtended} without additional considerations. This implementation of {_transferVotingUnits} must
* run AFTER the voting weight movement is registered, such that it is reflected on {_getVotingUnits}.
*
* Said differently, {VotesExtended} MUST be integrated in a way that calls {_transferVotingUnits} AFTER the
* asset transfer is registered and balances are updated:
*
* ```solidity
* contract VotingToken is Token, VotesExtended {
* function transfer(address from, address to, uint256 tokenId) public override {
* super.transfer(from, to, tokenId); // <- Perform the transfer first ...
* _transferVotingUnits(from, to, 1); // <- ... then call _transferVotingUnits.
* }
*
* function _getVotingUnits(address account) internal view override returns (uint256) {
* return balanceOf(account);
* }
* }
* ```
*
* {ERC20Votes} and {ERC721Votes} follow this pattern and are thus safe to use with {VotesExtended}.
*/
abstract contract VotesExtended is Votes {
using Checkpoints for Checkpoints.Trace160;
using Checkpoints for Checkpoints.Trace208;
mapping(address delegator => Checkpoints.Trace160) private _userDelegationCheckpoints;
mapping(address account => Checkpoints.Trace208) private _userVotingUnitsCheckpoints;
/**
* @dev Returns the delegate of an `account` at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* Requirements:
*
* - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.
*/
function getPastDelegate(address account, uint256 timepoint) public view virtual returns (address) {
return address(_userDelegationCheckpoints[account].upperLookupRecent(_validateTimepoint(timepoint)));
}
/**
* @dev Returns the `balanceOf` of an `account` at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* Requirements:
*
* - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.
*/
function getPastBalanceOf(address account, uint256 timepoint) public view virtual returns (uint256) {
return _userVotingUnitsCheckpoints[account].upperLookupRecent(_validateTimepoint(timepoint));
}
/// @inheritdoc Votes
function _delegate(address account, address delegatee) internal virtual override {
super._delegate(account, delegatee);
_userDelegationCheckpoints[account].push(clock(), uint160(delegatee));
}
/// @inheritdoc Votes
function _transferVotingUnits(address from, address to, uint256 amount) internal virtual override {
super._transferVotingUnits(from, to, amount);
if (from != to) {
if (from != address(0)) {
_userVotingUnitsCheckpoints[from].push(clock(), SafeCast.toUint208(_getVotingUnits(from)));
}
if (to != address(0)) {
_userVotingUnitsCheckpoints[to].push(clock(), SafeCast.toUint208(_getVotingUnits(to)));
}
}
}
}