-
Notifications
You must be signed in to change notification settings - Fork 12
/
DreamTeamToken.sol
508 lines (464 loc) · 24.8 KB
/
DreamTeamToken.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
pragma solidity ^0.4.24;
interface tokenRecipient {
function receiveApproval (address from, uint256 value, address token, bytes extraData) external;
}
interface ERC20CompatibleToken {
function transfer (address to, uint256 value) external returns (bool);
}
/**
* Math operations with safety checks that throw on overflows.
*/
library SafeMath {
function mul (uint256 a, uint256 b) internal pure returns (uint256 c) {
if (a == 0) {
return 0;
}
c = a * b;
require(c / a == b);
return c;
}
function div (uint256 a, uint256 b) internal pure returns (uint256) {
// assert(b > 0); // Solidity automatically throws when dividing by 0
// uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return a / b;
}
function sub (uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);
return a - b;
}
function add (uint256 a, uint256 b) internal pure returns (uint256 c) {
c = a + b;
require(c >= a);
return c;
}
}
/**
* DreamTeam token contract. It implements the next capabilities:
* 1. Standard ERC20 functionality. [OK]
* 2. Additional utility function approveAndCall. [OK]
* 3. Function to rescue "lost forever" tokens, which were accidentally sent to the contract address. [OK]
* 4. Additional transfer and approve functions which allow to distinct the transaction signer and executor,
* which enables accounts with no Ether on their balances to make token transfers and use DreamTeam services. [OK]
* 5. Token sale distribution rules. [OK]
*/
contract DreamTeamToken {
using SafeMath for uint256;
string public name;
string public symbol;
uint8 public decimals = 6; // Makes JavaScript able to handle precise calculations (until totalSupply < 9 milliards)
uint256 public totalSupply;
mapping(address => uint256) public balanceOf;
mapping(address => mapping(address => uint256)) public allowance;
mapping(address => mapping(uint => bool)) public usedSigIds; // Used in *ViaSignature(..)
address public tokenDistributor; // Account authorized to distribute tokens only during the token distribution event
address public rescueAccount; // Account authorized to withdraw tokens accidentally sent to this contract
event Transfer(address indexed from, address indexed to, uint256 value);
event Approval(address indexed owner, address indexed spender, uint256 value);
modifier rescueAccountOnly {require(msg.sender == rescueAccount); _;}
modifier tokenDistributionPeriodOnly {require(tokenDistributor == msg.sender); _;}
enum sigStandard { typed, personal, stringHex }
enum sigDestination { transfer, approve, approveAndCall, transferFrom }
bytes constant public ethSignedMessagePrefix = "\x19Ethereum Signed Message:\n";
bytes32 constant public sigDestinationTransfer = keccak256(
"address Token Contract Address",
"address Sender's Address",
"address Recipient's Address",
"uint256 Amount to Transfer (last six digits are decimals)",
"uint256 Fee in Tokens Paid to Executor (last six digits are decimals)",
"address Account which will Receive Fee",
"uint256 Signature Expiration Timestamp (unix timestamp)",
"uint256 Signature ID"
); // `transferViaSignature`: keccak256(address(this), from, to, value, fee, deadline, sigId)
bytes32 constant public sigDestinationTransferFrom = keccak256(
"address Token Contract Address",
"address Address Approved for Withdraw",
"address Account to Withdraw From",
"address Withdrawal Recipient Address",
"uint256 Amount to Transfer (last six digits are decimals)",
"uint256 Fee in Tokens Paid to Executor (last six digits are decimals)",
"address Account which will Receive Fee",
"uint256 Signature Expiration Timestamp (unix timestamp)",
"uint256 Signature ID"
); // `transferFromViaSignature`: keccak256(address(this), signer, from, to, value, fee, deadline, sigId)
bytes32 constant public sigDestinationApprove = keccak256(
"address Token Contract Address",
"address Withdrawal Approval Address",
"address Withdrawal Recipient Address",
"uint256 Amount to Transfer (last six digits are decimals)",
"uint256 Fee in Tokens Paid to Executor (last six digits are decimals)",
"address Account which will Receive Fee",
"uint256 Signature Expiration Timestamp (unix timestamp)",
"uint256 Signature ID"
); // `approveViaSignature`: keccak256(address(this), from, spender, value, fee, deadline, sigId)
bytes32 constant public sigDestinationApproveAndCall = keccak256(
"address Token Contract Address",
"address Withdrawal Approval Address",
"address Withdrawal Recipient Address",
"uint256 Amount to Transfer (last six digits are decimals)",
"bytes Data to Transfer",
"uint256 Fee in Tokens Paid to Executor (last six digits are decimals)",
"address Account which will Receive Fee",
"uint256 Signature Expiration Timestamp (unix timestamp)",
"uint256 Signature ID"
); // `approveAndCallViaSignature`: keccak256(address(this), from, spender, value, extraData, fee, deadline, sigId)
/**
* @param tokenName - full token name
* @param tokenSymbol - token symbol
*/
constructor (string tokenName, string tokenSymbol) public {
name = tokenName;
symbol = tokenSymbol;
rescueAccount = tokenDistributor = msg.sender;
}
/**
* Utility internal function used to safely transfer `value` tokens `from` -> `to`. Throws if transfer is impossible.
* @param from - account to make the transfer from
* @param to - account to transfer `value` tokens to
* @param value - tokens to transfer to account `to`
*/
function internalTransfer (address from, address to, uint value) internal {
require(to != 0x0); // Prevent people from accidentally burning their tokens
balanceOf[from] = balanceOf[from].sub(value);
balanceOf[to] = balanceOf[to].add(value);
emit Transfer(from, to, value);
}
/**
* Utility internal function used to safely transfer `value1` tokens `from` -> `to1`, and `value2` tokens
* `from` -> `to2`, minimizing gas usage (calling `internalTransfer` twice is more expensive). Throws if
* transfers are impossible.
* @param from - account to make the transfer from
* @param to1 - account to transfer `value1` tokens to
* @param value1 - tokens to transfer to account `to1`
* @param to2 - account to transfer `value2` tokens to
* @param value2 - tokens to transfer to account `to2`
*/
function internalDoubleTransfer (address from, address to1, uint value1, address to2, uint value2) internal {
require(to1 != 0x0 && to2 != 0x0); // Prevent people from accidentally burning their tokens
balanceOf[from] = balanceOf[from].sub(value1.add(value2));
balanceOf[to1] = balanceOf[to1].add(value1);
emit Transfer(from, to1, value1);
if (value2 > 0) {
balanceOf[to2] = balanceOf[to2].add(value2);
emit Transfer(from, to2, value2);
}
}
/**
* Internal method that makes sure that the given signature corresponds to a given data and is made by `signer`.
* It utilizes three (four) standards of message signing in Ethereum, as at the moment of this smart contract
* development there is no single signing standard defined. For example, Metamask and Geth both support
* personal_sign standard, SignTypedData is only supported by Matamask, Trezor does not support "widely adopted"
* Ethereum personal_sign but rather personal_sign with fixed prefix and so on.
* Note that it is always possible to forge any of these signatures using the private key, the problem is that
* third-party wallets must adopt a single standard for signing messages.
* @param data - original data which had to be signed by `signer`
* @param signer - account which made a signature
* @param deadline - until when the signature is valid
* @param sigId - signature unique ID. Signatures made with the same signature ID cannot be submitted twice
* @param sig - signature made by `from`, which is the proof of `from`'s agreement with the above parameters
* @param sigStd - chosen standard for signature validation. The signer must explicitly tell which standard they use
* @param sigDest - for which type of action this signature was made for
*/
function requireSignature (
bytes32 data,
address signer,
uint256 deadline,
uint256 sigId,
bytes sig,
sigStandard sigStd,
sigDestination sigDest
) internal {
bytes32 r;
bytes32 s;
uint8 v;
assembly { // solium-disable-line security/no-inline-assembly
r := mload(add(sig, 32))
s := mload(add(sig, 64))
v := byte(0, mload(add(sig, 96)))
}
if (v < 27)
v += 27;
require(block.timestamp <= deadline && !usedSigIds[signer][sigId]); // solium-disable-line security/no-block-members
if (sigStd == sigStandard.typed) { // Typed signature. This is the most likely scenario to be used and accepted
require(
signer == ecrecover(
keccak256(
sigDest == sigDestination.transfer
? sigDestinationTransfer
: sigDest == sigDestination.approve
? sigDestinationApprove
: sigDest == sigDestination.approveAndCall
? sigDestinationApproveAndCall
: sigDestinationTransferFrom,
data
),
v, r, s
)
);
} else if (sigStd == sigStandard.personal) { // Ethereum signed message signature (Geth and Trezor)
require(
signer == ecrecover(keccak256(ethSignedMessagePrefix, "32", data), v, r, s) // Geth-adopted
||
signer == ecrecover(keccak256(ethSignedMessagePrefix, "\x20", data), v, r, s) // Trezor-adopted
);
} else { // == 2; Signed string hash signature (the most expensive but universal)
require(
signer == ecrecover(keccak256(ethSignedMessagePrefix, "64", hexToString(data)), v, r, s) // Geth
||
signer == ecrecover(keccak256(ethSignedMessagePrefix, "\x40", hexToString(data)), v, r, s) // Trezor
);
}
usedSigIds[signer][sigId] = true;
}
/**
* Utility costly function to encode bytes HEX representation as string.
* @param sig - signature as bytes32 to represent as string
*/
function hexToString (bytes32 sig) internal pure returns (bytes) { // /to-try/ convert to two uint256 and test gas
bytes memory str = new bytes(64);
for (uint8 i = 0; i < 32; ++i) {
str[2 * i] = byte((uint8(sig[i]) / 16 < 10 ? 48 : 87) + uint8(sig[i]) / 16);
str[2 * i + 1] = byte((uint8(sig[i]) % 16 < 10 ? 48 : 87) + (uint8(sig[i]) % 16));
}
return str;
}
/**
* Transfer `value` tokens to `to` address from the account of sender.
* @param to - the address of the recipient
* @param value - the amount to send
*/
function transfer (address to, uint256 value) public returns (bool) {
internalTransfer(msg.sender, to, value);
return true;
}
/**
* This function distincts transaction signer from transaction executor. It allows anyone to transfer tokens
* from the `from` account by providing a valid signature, which can only be obtained from the `from` account
* owner.
* Note that passed parameter sigId is unique and cannot be passed twice (prevents replay attacks). When there's
* a need to make signature once again (because the first on is lost or whatever), user should sign the message
* with the same sigId, thus ensuring that the previous signature won't be used if the new one passes.
* Use case: the user wants to send some tokens to other user or smart contract, but don't have ether to do so.
* @param from - the account giving its signature to transfer `value` tokens to `to` address
* @param to - the account receiving `value` tokens
* @param value - the value in tokens to transfer
* @param fee - a fee to pay to `feeRecipient`
* @param feeRecipient - account which will receive fee
* @param deadline - until when the signature is valid
* @param sigId - signature unique ID. Signatures made with the same signature ID cannot be submitted twice
* @param sig - signature made by `from`, which is the proof of `from`'s agreement with the above parameters
* @param sigStd - chosen standard for signature validation. The signer must explicitly tell which standard they use
*/
function transferViaSignature (
address from,
address to,
uint256 value,
uint256 fee,
address feeRecipient,
uint256 deadline,
uint256 sigId,
bytes sig,
sigStandard sigStd
) external returns (bool) {
requireSignature(
keccak256(address(this), from, to, value, fee, feeRecipient, deadline, sigId),
from, deadline, sigId, sig, sigStd, sigDestination.transfer
);
internalDoubleTransfer(from, to, value, feeRecipient, fee);
return true;
}
/**
* Allow `spender` to take `value` tokens from the transaction sender's account.
* Beware that changing an allowance with this method brings the risk that `spender` may use both the old
* and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
* race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* @param spender - the address authorized to spend
* @param value - the maximum amount they can spend
*/
function approve (address spender, uint256 value) public returns (bool) {
allowance[msg.sender][spender] = value;
emit Approval(msg.sender, spender, value);
return true;
}
/**
* Same as `transferViaSignature`, but for `approve`.
* Use case: the user wants to set an allowance for the smart contract or another user without having ether on their
* balance.
* @param from - the account to approve withdrawal from, which signed all below parameters
* @param spender - the account allowed to withdraw tokens from `from` address
* @param value - the value in tokens to approve to withdraw
* @param fee - a fee to pay to `feeRecipient`
* @param feeRecipient - account which will receive fee
* @param deadline - until when the signature is valid
* @param sigId - signature unique ID. Signatures made with the same signature ID cannot be submitted twice
* @param sig - signature made by `from`, which is the proof of `from`'s agreement with the above parameters
* @param sigStd - chosen standard for signature validation. The signer must explicitely tell which standard they use
*/
function approveViaSignature (
address from,
address spender,
uint256 value,
uint256 fee,
address feeRecipient,
uint256 deadline,
uint256 sigId,
bytes sig,
sigStandard sigStd
) external returns (bool) {
requireSignature(
keccak256(address(this), from, spender, value, fee, feeRecipient, deadline, sigId),
from, deadline, sigId, sig, sigStd, sigDestination.approve
);
allowance[from][spender] = value;
emit Approval(from, spender, value);
internalTransfer(from, feeRecipient, fee);
return true;
}
/**
* Transfer `value` tokens to `to` address from the `from` account, using the previously set allowance.
* @param from - the address to transfer tokens from
* @param to - the address of the recipient
* @param value - the amount to send
*/
function transferFrom (address from, address to, uint256 value) public returns (bool) {
allowance[from][msg.sender] = allowance[from][msg.sender].sub(value);
internalTransfer(from, to, value);
return true;
}
/**
* Same as `transferViaSignature`, but for `transferFrom`.
* Use case: the user wants to withdraw tokens from a smart contract or another user who allowed the user to
* do so. Important note: the fee is subtracted from the `value`, and `to` address receives `value - fee`.
* @param signer - the address allowed to call transferFrom, which signed all below parameters
* @param from - the account to make withdrawal from
* @param to - the address of the recipient
* @param value - the value in tokens to withdraw
* @param fee - a fee to pay to `feeRecipient`
* @param feeRecipient - account which will receive fee
* @param deadline - until when the signature is valid
* @param sigId - signature unique ID. Signatures made with the same signature ID cannot be submitted twice
* @param sig - signature made by `from`, which is the proof of `from`'s agreement with the above parameters
* @param sigStd - chosen standard for signature validation. The signer must explicitly tell which standard they use
*/
function transferFromViaSignature (
address signer,
address from,
address to,
uint256 value,
uint256 fee,
address feeRecipient,
uint256 deadline,
uint256 sigId,
bytes sig,
sigStandard sigStd
) external returns (bool) {
requireSignature(
keccak256(address(this), from, to, value, fee, feeRecipient, deadline, sigId),
signer, deadline, sigId, sig, sigStd, sigDestination.transferFrom
);
allowance[from][signer] = allowance[from][signer].sub(value);
internalDoubleTransfer(from, to, value.sub(fee), feeRecipient, fee);
return true;
}
/**
* Utility function, which acts the same as approve(...) does, but also calls `receiveApproval` function on a
* `spender` address, which is usually the address of the smart contract. In the same call, smart contract can
* withdraw tokens from the sender's account and receive additional `extraData` for processing.
* @param spender - the address to be authorized to spend tokens
* @param value - the max amount the `spender` can withdraw
* @param extraData - some extra information to send to the approved contract
*/
function approveAndCall (address spender, uint256 value, bytes extraData) public returns (bool) {
approve(spender, value);
tokenRecipient(spender).receiveApproval(msg.sender, value, this, extraData);
return true;
}
/**
* Same as `approveViaSignature`, but for `approveAndCall`.
* Use case: the user wants to send tokens to the smart contract and pass additional data within one transaction.
* @param from - the account to approve withdrawal from, which signed all below parameters
* @param spender - the account allowed to withdraw tokens from `from` address (in this case, smart contract only)
* @param value - the value in tokens to approve to withdraw
* @param extraData - additional data to pass to the `spender` smart contract
* @param fee - a fee to pay to `feeRecipient`
* @param feeRecipient - account which will receive fee
* @param deadline - until when the signature is valid
* @param sigId - signature unique ID. Signatures made with the same signature ID cannot be submitted twice
* @param sig - signature made by `from`, which is the proof of `from`'s agreement with the above parameters
* @param sigStd - chosen standard for signature validation. The signer must explicitly tell which standard they use
*/
function approveAndCallViaSignature (
address from,
address spender,
uint256 value,
bytes extraData,
uint256 fee,
address feeRecipient,
uint256 deadline,
uint256 sigId,
bytes sig,
sigStandard sigStd
) external returns (bool) {
requireSignature(
keccak256(address(this), from, spender, value, extraData, fee, feeRecipient, deadline, sigId),
from, deadline, sigId, sig, sigStd, sigDestination.approveAndCall
);
allowance[from][spender] = value;
emit Approval(from, spender, value);
tokenRecipient(spender).receiveApproval(from, value, this, extraData);
internalTransfer(from, feeRecipient, fee);
return true;
}
/**
* `tokenDistributor` is authorized to distribute tokens to the parties who participated in the token sale by the
* time the `lastMint` function is triggered, which closes the ability to mint any new tokens forever.
* Once the token distribution even ends (lastMint is triggered), tokenDistributor will become 0x0 and multiMint
* function will never work again.
* @param recipients - addresses of token recipients
* @param amounts - corresponding amount of each token recipient in `recipients`
*/
function multiMint (address[] recipients, uint256[] amounts) external tokenDistributionPeriodOnly {
require(recipients.length == amounts.length);
uint total = 0;
for (uint i = 0; i < recipients.length; ++i) {
balanceOf[recipients[i]] = balanceOf[recipients[i]].add(amounts[i]);
total = total.add(amounts[i]);
emit Transfer(0x0, recipients[i], amounts[i]);
}
totalSupply = totalSupply.add(total);
}
/**
* The last mint that will ever happen. Disables the multiMint function and mints remaining 40% of tokens (in
* regard of 60% tokens minted before) to a `tokenDistributor` address.
*/
function lastMint () external tokenDistributionPeriodOnly {
require(totalSupply > 0);
uint256 remaining = totalSupply.mul(40).div(60); // Portion of tokens for DreamTeam (40%)
// To make the total supply rounded (no fractional part), subtract the fractional part from DreamTeam's balance
uint256 fractionalPart = remaining.add(totalSupply) % (uint256(10) ** decimals);
remaining = remaining.sub(fractionalPart); // Remove the fractional part to round the totalSupply
balanceOf[tokenDistributor] = balanceOf[tokenDistributor].add(remaining);
emit Transfer(0x0, tokenDistributor, remaining);
totalSupply = totalSupply.add(remaining);
tokenDistributor = 0x0; // Disable multiMint and lastMint functions forever
}
/**
* ERC20 tokens are not designed to hold any other tokens (or Ether) on their balances. There were thousands
* of cases when people accidentally transfer tokens to a contract address while there is no way to get them
* back. This function adds a possibility to "rescue" tokens that were accidentally sent to this smart contract.
* @param tokenContract - ERC20-compatible token
* @param value - amount to rescue
*/
function rescueLostTokens (ERC20CompatibleToken tokenContract, uint256 value) external rescueAccountOnly {
tokenContract.transfer(rescueAccount, value);
}
/**
* Utility function that allows to change the rescueAccount address, which can "rescue" tokens accidentally sent to
* this smart contract address.
* @param newRescueAccount - account which will become authorized to rescue tokens
*/
function changeRescueAccount (address newRescueAccount) external rescueAccountOnly {
rescueAccount = newRescueAccount;
}
}