# Solidity 智能合約分析 --- ## 智能合約分析 - CyberKongz & Banana ### 合約 CyberKongz contract (Kongz): https://etherscan.io/address/0x57a204aa1042f6e66dd7730813f4024114d74f37#code Banana contract (YieldToken): https://etherscan.io/address/0xe2311ae37502105b442bbef831e9b53c5d2e9b3b#code ### Banana ```solidity= contract YieldToken is ERC20("Banana", "BANANA") { using SafeMath for uint256; uint256 constant public BASE_RATE = 10 ether; uint256 constant public INITIAL_ISSUANCE = 300 ether; // Tue Mar 18 2031 17:46:47 GMT+0000 uint256 constant public END = 1931622407; mapping(address => uint256) public rewards; mapping(address => uint256) public lastUpdate; IKongz public kongzContract; event RewardPaid(address indexed user, uint256 reward); constructor(address _kongz) public{ kongzContract = IKongz(_kongz); } function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } // called when minting many NFTs // updated_amount = (balanceOG(user) * base_rate * delta / 86400) + amount * initial rate function updateRewardOnMint(address _user, uint256 _amount) external { require(msg.sender == address(kongzContract), "Can't call this"); uint256 time = min(block.timestamp, END); uint256 timerUser = lastUpdate[_user]; if (timerUser > 0) rewards[_user] = rewards[_user].add(kongzContract.balanceOG(_user).mul(BASE_RATE.mul((time.sub(timerUser)))).div(86400) .add(_amount.mul(INITIAL_ISSUANCE))); else rewards[_user] = rewards[_user].add(_amount.mul(INITIAL_ISSUANCE)); lastUpdate[_user] = time; } // called on transfers function updateReward(address _from, address _to, uint256 _tokenId) external { require(msg.sender == address(kongzContract)); if (_tokenId < 1001) { uint256 time = min(block.timestamp, END); uint256 timerFrom = lastUpdate[_from]; if (timerFrom > 0) rewards[_from] += kongzContract.balanceOG(_from).mul(BASE_RATE.mul((time.sub(timerFrom)))).div(86400); if (timerFrom != END) lastUpdate[_from] = time; if (_to != address(0)) { uint256 timerTo = lastUpdate[_to]; if (timerTo > 0) rewards[_to] += kongzContract.balanceOG(_to).mul(BASE_RATE.mul((time.sub(timerTo)))).div(86400); if (timerTo != END) lastUpdate[_to] = time; } } } function getReward(address _to) external { require(msg.sender == address(kongzContract)); uint256 reward = rewards[_to]; if (reward > 0) { rewards[_to] = 0; _mint(_to, reward); emit RewardPaid(_to, reward); } } function burn(address _from, uint256 _amount) external { require(msg.sender == address(kongzContract)); _burn(_from, _amount); } function getTotalClaimable(address _user) external view returns(uint256) { uint256 time = min(block.timestamp, END); uint256 pending = kongzContract.balanceOG(_user).mul(BASE_RATE.mul((time.sub(lastUpdate[_user])))).div(86400); return rewards[_user] + pending; } } ``` * 香蕉發放的速度是 `BASE_RATE = 10 ether;` 也就是 `10 * 10^18` * ether 不代表以太幣，只是代表 10^18 * 可領取的香蕉的總量 = getTotalClaimable(_user) ```solidity= function getTotalClaimable(address _user) external view returns(uint256) { uint256 time = min(block.timestamp, END); uint256 pending = kongzContract.balanceOG(_user).mul(BASE_RATE.mul((time.sub(lastUpdate[_user])))).div(86400); return rewards[_user] + pending; } ``` pending 可以簡化為 ``` pending = balanceOG(_user) * BASE_RATE * (time - lastUpdate[_user]) / 86400; ``` balanceOG(_user) 為 _user 擁有的 genesis Kongz 的數量 lastUpdate[_user] 為上次更新 reward 的時間 * 之前結算的獎勵的數量會暫存在 rewards 裡 * 呼叫 getReward 後才會轉化成 Banana ERC20 token ### Kongz ```solidity= contract Kongz is ERC721Namable, Ownable { using ECDSA for bytes32; struct Kong { uint256 genes; uint256 bornAt; } address public constant burn = address(0x000000000000000000000000000000000000dEaD); IERC1155 public constant OPENSEA_STORE = IERC1155(0x495f947276749Ce646f68AC8c248420045cb7b5e); address constant public SIGNER = address(0x5E5e683b687f509968D90Acd31ce6b8Cfa3d25E4); uint256 constant public BREED_PRICE = 600 ether; mapping(uint256 => Kong) public kongz; mapping(address => uint256) public balanceOG; uint256 public bebeCount; YieldToken public yieldToken; IBreedManager breedManager; // Events event KongIncubated (uint256 tokenId, uint256 matron, uint256 sire); event KongBorn(uint256 tokenId, uint256 genes); event KongAscended(uint256 tokenId, uint256 genes); constructor(string memory _name, string memory _symbol, string[] memory _names, uint256[] memory _ids) public ERC721Namable(_name, _symbol, _names, _ids) { _setBaseURI("https://kongz.herokuapp.com/api/metadata/"); _mint(msg.sender, 1001); _mint(msg.sender, 1002); _mint(msg.sender, 1003); kongz[1001] = Kong(0, block.timestamp); kongz[1002] = Kong(0, block.timestamp); kongz[1003] = Kong(0, block.timestamp); emit KongIncubated(1001, 0, 0); emit KongIncubated(1002, 0, 0); emit KongIncubated(1003, 0, 0); bebeCount = 3; } function updateURI(string memory newURI) public onlyOwner { _setBaseURI(newURI); } function setBreedingManager(address _manager) external onlyOwner { breedManager = IBreedManager(_manager); } function setYieldToken(address _yield) external onlyOwner { yieldToken = YieldToken(_yield); } function changeNamePrice(uint256 _price) external onlyOwner { nameChangePrice = _price; } function isValidKong(uint256 _id) pure internal returns(bool) { // making sure the ID fits the opensea format: // first 20 bytes are the maker address // next 7 bytes are the nft ID // last 5 bytes the value associated to the ID, here will always be equal to 1 // There will only be 1000 kongz, we can fix boundaries and remove 5 ids that dont match kongz if (_id >> 96 != 0x000000000000000000000000a2548e7ad6cee01eeb19d49bedb359aea3d8ad1d) return false; if (_id & 0x000000000000000000000000000000000000000000000000000000ffffffffff != 1) return false; uint256 id = (_id & 0x0000000000000000000000000000000000000000ffffffffffffff0000000000) >> 40; if (id > 1005 || id == 262 || id == 197 || id == 75 || id == 34 || id == 18 || id == 0) return false; return true; } function returnCorrectId(uint256 _id) pure internal returns(uint256) { _id = (_id & 0x0000000000000000000000000000000000000000ffffffffffffff0000000000) >> 40; if (_id > 262) return _id - 5; else if (_id > 197) return _id - 4; else if (_id > 75) return _id - 3; else if (_id > 34) return _id - 2; else if (_id > 18) return _id - 1; else return _id; } // SIGNER 允許的情況下可以 ascend token function ascend(uint256 _tokenId, uint256 _genes, bytes calldata _sig) external { require(isValidKong(_tokenId), "Not valid Kong"); uint256 id = returnCorrectId(_tokenId); require(keccak256(abi.encodePacked(id, _genes)).toEthSignedMessageHash().recover(_sig) == SIGNER, "Sig not valid"); kongz[id] = Kong(_genes, block.timestamp); _mint(msg.sender, id); OPENSEA_STORE.safeTransferFrom(msg.sender, burn, _tokenId, 1, ""); yieldToken.updateRewardOnMint(msg.sender, 1); balanceOG[msg.sender]++; emit KongAscended(id, _genes); } function breed(uint256 _sire, uint256 _matron) external { require(ownerOf(_sire) == msg.sender && ownerOf(_matron) == msg.sender); require(breedManager.tryBreed(_sire, _matron)); yieldToken.burn(msg.sender, BREED_PRICE); bebeCount++; uint256 id = 1000 + bebeCount; kongz[id] = Kong(0, block.timestamp); _mint(msg.sender, id); emit KongIncubated(id, _matron, _sire); } function evolve(uint256 _tokenId) external { require(ownerOf(_tokenId) == msg.sender); Kong storage kong = kongz[_tokenId]; require(kong.genes == 0); uint256 genes = breedManager.tryEvolve(_tokenId); kong.genes = genes; emit KongBorn(_tokenId, genes); } function changeName(uint256 tokenId, string memory newName) public override { yieldToken.burn(msg.sender, nameChangePrice); super.changeName(tokenId, newName); } function changeBio(uint256 tokenId, string memory _bio) public override { yieldToken.burn(msg.sender, BIO_CHANGE_PRICE); super.changeBio(tokenId, _bio); } // 領取 Banana function getReward() external { yieldToken.updateReward(msg.sender, address(0), 0); yieldToken.getReward(msg.sender); } // transfer kongz 的時候更新 Banana reward function transferFrom(address from, address to, uint256 tokenId) public override { yieldToken.updateReward(from, to, tokenId); if (tokenId < 1001) { balanceOG[from]--; balanceOG[to]++; } ERC721.transferFrom(from, to, tokenId); } function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory _data) public override { yieldToken.updateReward(from, to, tokenId); if (tokenId < 1001) { balanceOG[from]--; balanceOG[to]++; } ERC721.safeTransferFrom(from, to, tokenId, _data); } function onERC1155Received(address _operator, address _from, uint256 _id, uint256 _value, bytes calldata _data) external returns(bytes4) { require(msg.sender == address(OPENSEA_STORE), "WrappedKongz: not opensea asset"); return Kongz.onERC1155Received.selector; } } ``` ### 合約繼承關係  YieldToken 就是 Banana token contract。 Kongz 合約有權限發放 YieldToken reward ### CyberKongz Q&A #### Q: FOMO Dog 能不能現在加入跟 CyberKongz 完全相同的產生香蕉的機制？ A: 無法完全相同。 CyberKongz 的合約一開始設計好「持有 Kongz 就能獲得領取 Banana 的權利」，並且每當 Kongz 轉移，就會自動更新雙方生成 Banana 的速率。這是 FOMO Dog 無法現在加入了機制。 sol 1: 可以另做一個合約，讓人 stake FOMO Dog 就能持續生成某種 ERC20 token。可參考 [SVS BLOOD contract](https://etherscan.io/address/0x12753244901f9E612A471c15C7E5336e813D2e0B#code)。 但這樣做會讓 NFT 都彷彿集中在一個 owner 手上。見 [SVS opensea](https://opensea.io/collection/sneaky-vampire-syndicate?search[sortAscending]=true&search[sortBy]=PRICE&search[toggles][0]=BUY_NOW)。 sol 2: 另一個作法是在鏈下計算 token reward， 然後項目方用 private key 簽一個東西允許持有者 mint ERC20 token。 甚至項目方空投 缺點：項目方有很大的權限可以 mint ERC20 token。 sol 3: 要求使用者每次 transfer/sale 時都先領取 reward --- ## Scholarz TransparentUpgradeableProxy: https://etherscan.io/address/0xdd67892e722be69909d7c285db572852d5f8897c#code Scholarz: https://etherscan.io/address/0xda0a33ea99891822627a1389483fd4772c5bff73#code ### EIP-1967: Standard Proxy Storage Slots 規範 logic contract 的地址要存放在合約內的什麼位置 https://eips.ethereum.org/EIPS/eip-1967 ### mintWithExp ```solidity= function mintWithExp(bytes32 key, bytes calldata signature, uint amount, uint timestamp) public { require(publicSaleActive, "Public sale has not started."); require(msg.sender == tx.origin, "Contracts are not allowed to purchase."); require(totalSupply() + amount <= MAX_GENESIS_AMOUNT, "Purchase exceeds total genesis."); require(!usedKey[key], "Key has been used."); require(block.timestamp < timestamp, "Expired mint time."); require(keccak256(abi.encode(msg.sender, "EXP", amount, timestamp, key)).toEthSignedMessageHash().recover(signature) == _signer, "Invalid signature"); for (uint i = 0; i < amount; i++) { _mintScholarz(msg.sender, 0, false); } usedKey[key] = true; emit MintedWithExp(msg.sender, key); } ``` 想 mint NFT 的人必須從開發團隊拿到一個簽名，擁有這個簽名的人才可以成功呼叫這個 mintWithExp 造出 NFT。 開發團隊擁有一個 private key 專門用來簽這些簽名。 簽的資料長這樣： ```solidity= keccak256(abi.encode(msg.sender, "EXP", amount, timestamp, key)) abi.encode: 把資料串接起來，例如： 0x123456789012345678901234567890123456789000011644738239123 keccak256: 某一種 hash，把任意長度的資料變成 256 bits 的 hash 值 ``` 大概可以想像成這樣： { minter: "0x1234567890123456789012345678901234567890", reason: "EXP" amount: 1, timestamp: 1644738239, key: 123 } --- ## Superfarm SuperFarm ERC20 token: https://etherscan.io/address/0xe53ec727dbdeb9e2d5456c3be40cff031ab40a55#code ERC1155: https://etherscan.io/address/0xe4597f9182ba947f7f3bf8cbc6562285751d5aee#code // TODO staker.sol https://etherscan.io/address/0xf35a92585ceee7251388e14f268d9065f5206207#code token: ERC20, SUPER points: 不可轉移，非 ERC20，應該就是 gem ```solidity= // SPDX-License-Identifier: GPL-3.0 pragma solidity 0.6.12; pragma experimental ABIEncoderV2; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/access/Ownable.sol"; import "@openzeppelin/contracts/utils/ReentrancyGuard.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/math/SafeMath.sol"; /** @title An asset staking contract. @author Tim Clancy This staking contract disburses tokens from its internal reservoir according to a fixed emission schedule. Assets can be assigned varied staking weights. This code is inspired by and modified from Sushi's Master Chef contract. https://github.com/sushiswap/sushiswap/blob/master/contracts/MasterChef.sol */ contract Staker is Ownable, ReentrancyGuard { using SafeMath for uint256; using SafeERC20 for IERC20; // A user-specified, descriptive name for this Staker. string public name; // The token to disburse. IERC20 public token; // The amount of the disbursed token deposited by users. This is used for the // special case where a staking pool has been created for the disbursed token. // This is required to prevent the Staker itself from reducing emissions. uint256 public totalTokenDeposited; // A flag signalling whether the contract owner can add or set developers. bool public canAlterDevelopers; // An array of developer addresses for finding shares in the share mapping. address[] public developerAddresses; // A mapping of developer addresses to their percent share of emissions. // Share percentages are represented as 1/1000th of a percent. That is, a 1% // share of emissions should map an address to 1000. mapping (address => uint256) public developerShares; // A flag signalling whether or not the contract owner can alter emissions. bool public canAlterTokenEmissionSchedule; bool public canAlterPointEmissionSchedule; // The token emission schedule of the Staker. This emission schedule maps a // block number to the amount of tokens or points that should be disbursed with every // block beginning at said block number. struct EmissionPoint { uint256 blockNumber; uint256 rate; } // An array of emission schedule key blocks for finding emission rate changes. uint256 public tokenEmissionBlockCount; mapping (uint256 => EmissionPoint) public tokenEmissionBlocks; uint256 public pointEmissionBlockCount; mapping (uint256 => EmissionPoint) public pointEmissionBlocks; // Store the very earliest possible emission block for quick reference. uint256 MAX_INT = 2**256 - 1; uint256 internal earliestTokenEmissionBlock; uint256 internal earliestPointEmissionBlock; // Information for each pool that can be staked in. // - token: the address of the ERC20 asset that is being staked in the pool. // - strength: the relative token emission strength of this pool. // - lastRewardBlock: the last block number where token distribution occurred. // - tokensPerShare: accumulated tokens per share times 1e12. // - pointsPerShare: accumulated points per share times 1e12. struct PoolInfo { IERC20 token; uint256 tokenStrength; uint256 tokensPerShare; uint256 pointStrength; uint256 pointsPerShare; uint256 lastRewardBlock; } IERC20[] public poolTokens; // Stored information for each available pool per its token address. mapping (IERC20 => PoolInfo) public poolInfo; // Information for each user per staking pool: // - amount: the amount of the pool asset being provided by the user. // - tokenPaid: the value of the user's total earning that has been paid out. // -- pending reward = (user.amount * pool.tokensPerShare) - user.rewardDebt. // - pointPaid: the value of the user's total point earnings that has been paid out. struct UserInfo { uint256 amount; uint256 tokenPaid; uint256 pointPaid; } // Stored information for each user staking in each pool. mapping (IERC20 => mapping (address => UserInfo)) public userInfo; // The total sum of the strength of all pools. uint256 public totalTokenStrength; uint256 public totalPointStrength; // The total amount of the disbursed token ever emitted by this Staker. uint256 public totalTokenDisbursed; // Users additionally accrue non-token points for participating via staking. mapping (address => uint256) public userPoints; mapping (address => uint256) public userSpentPoints; // A map of all external addresses that are permitted to spend user points. mapping (address => bool) public approvedPointSpenders; // Events for depositing assets into the Staker and later withdrawing them. event Deposit(address indexed user, IERC20 indexed token, uint256 amount); event Withdraw(address indexed user, IERC20 indexed token, uint256 amount); // An event for tracking when a user has spent points. event SpentPoints(address indexed source, address indexed user, uint256 amount); /** Construct a new Staker by providing it a name and the token to disburse. @param _name The name of the Staker contract. @param _token The token to reward stakers in this contract with. */ constructor(string memory _name, IERC20 _token) public { name = _name; token = _token; token.approve(address(this), MAX_INT); canAlterDevelopers = true; canAlterTokenEmissionSchedule = true; earliestTokenEmissionBlock = MAX_INT; canAlterPointEmissionSchedule = true; earliestPointEmissionBlock = MAX_INT; } /** Add a new developer to the Staker or overwrite an existing one. This operation requires that developer address addition is not locked. @param _developerAddress The additional developer's address. @param _share The share in 1/1000th of a percent of each token emission sent to this new developer. */ function addDeveloper(address _developerAddress, uint256 _share) external onlyOwner { require(canAlterDevelopers, "This Staker has locked the addition of developers; no more may be added."); developerAddresses.push(_developerAddress); developerShares[_developerAddress] = _share; } /** Permanently forfeits owner ability to alter the state of Staker developers. Once called, this function is intended to give peace of mind to the Staker's developers and community that the fee structure is now immutable. */ function lockDevelopers() external onlyOwner { canAlterDevelopers = false; } /** A developer may at any time update their address or voluntarily reduce their share of emissions by calling this function from their current address. Note that updating a developer's share to zero effectively removes them. @param _newDeveloperAddress An address to update this developer's address. @param _newShare The new share in 1/1000th of a percent of each token emission sent to this developer. */ function updateDeveloper(address _newDeveloperAddress, uint256 _newShare) external { uint256 developerShare = developerShares[msg.sender]; require(developerShare > 0, "You are not a developer of this Staker."); require(_newShare <= developerShare, "You cannot increase your developer share."); developerShares[msg.sender] = 0; developerAddresses.push(_newDeveloperAddress); developerShares[_newDeveloperAddress] = _newShare; } /** Set new emission details to the Staker or overwrite existing ones. This operation requires that emission schedule alteration is not locked. @param _tokenSchedule An array of EmissionPoints defining the token schedule. @param _pointSchedule An array of EmissionPoints defining the point schedule. */ function setEmissions(EmissionPoint[] memory _tokenSchedule, EmissionPoint[] memory _pointSchedule) external onlyOwner { if (_tokenSchedule.length > 0) { require(canAlterTokenEmissionSchedule, "This Staker has locked the alteration of token emissions."); tokenEmissionBlockCount = _tokenSchedule.length; for (uint256 i = 0; i < tokenEmissionBlockCount; i++) { tokenEmissionBlocks[i] = _tokenSchedule[i]; if (earliestTokenEmissionBlock > _tokenSchedule[i].blockNumber) { earliestTokenEmissionBlock = _tokenSchedule[i].blockNumber; } } } require(tokenEmissionBlockCount > 0, "You must set the token emission schedule."); if (_pointSchedule.length > 0) { require(canAlterPointEmissionSchedule, "This Staker has locked the alteration of point emissions."); pointEmissionBlockCount = _pointSchedule.length; for (uint256 i = 0; i < pointEmissionBlockCount; i++) { pointEmissionBlocks[i] = _pointSchedule[i]; if (earliestPointEmissionBlock > _pointSchedule[i].blockNumber) { earliestPointEmissionBlock = _pointSchedule[i].blockNumber; } } } require(tokenEmissionBlockCount > 0, "You must set the point emission schedule."); } /** Permanently forfeits owner ability to alter the emission schedule. Once called, this function is intended to give peace of mind to the Staker's developers and community that the inflation rate is now immutable. */ function lockTokenEmissions() external onlyOwner { canAlterTokenEmissionSchedule = false; } /** Permanently forfeits owner ability to alter the emission schedule. Once called, this function is intended to give peace of mind to the Staker's developers and community that the inflation rate is now immutable. */ function lockPointEmissions() external onlyOwner { canAlterPointEmissionSchedule = false; } /** Returns the length of the developer address array. @return the length of the developer address array. */ function getDeveloperCount() external view returns (uint256) { return developerAddresses.length; } /** Returns the length of the staking pool array. @return the length of the staking pool array. */ function getPoolCount() external view returns (uint256) { return poolTokens.length; } /** Returns the amount of token that has not been disbursed by the Staker yet. @return the amount of token that has not been disbursed by the Staker yet. */ function getRemainingToken() external view returns (uint256) { return token.balanceOf(address(this)); } /** Allows the contract owner to add a new asset pool to the Staker or overwrite an existing one. @param _token The address of the asset to base this staking pool off of. @param _tokenStrength The relative strength of the new asset for earning token. @param _pointStrength The relative strength of the new asset for earning points. */ function addPool(IERC20 _token, uint256 _tokenStrength, uint256 _pointStrength) external onlyOwner { require(tokenEmissionBlockCount > 0 && pointEmissionBlockCount > 0, "Staking pools cannot be addded until an emission schedule has been defined."); uint256 lastTokenRewardBlock = block.number > earliestTokenEmissionBlock ? block.number : earliestTokenEmissionBlock; uint256 lastPointRewardBlock = block.number > earliestPointEmissionBlock ? block.number : earliestPointEmissionBlock; uint256 lastRewardBlock = lastTokenRewardBlock > lastPointRewardBlock ? lastTokenRewardBlock : lastPointRewardBlock; if (address(poolInfo[_token].token) == address(0)) { poolTokens.push(_token); totalTokenStrength = totalTokenStrength.add(_tokenStrength); totalPointStrength = totalPointStrength.add(_pointStrength); poolInfo[_token] = PoolInfo({ token: _token, tokenStrength: _tokenStrength, tokensPerShare: 0, pointStrength: _pointStrength, pointsPerShare: 0, lastRewardBlock: lastRewardBlock }); } else { totalTokenStrength = totalTokenStrength.sub(poolInfo[_token].tokenStrength).add(_tokenStrength); poolInfo[_token].tokenStrength = _tokenStrength; totalPointStrength = totalPointStrength.sub(poolInfo[_token].pointStrength).add(_pointStrength); poolInfo[_token].pointStrength = _pointStrength; } } /** Uses the emission schedule to calculate the total amount of staking reward token that was emitted between two specified block numbers. @param _fromBlock The block to begin calculating emissions from. @param _toBlock The block to calculate total emissions up to. */ function getTotalEmittedTokens(uint256 _fromBlock, uint256 _toBlock) public view returns (uint256) { require(_toBlock >= _fromBlock, "Tokens cannot be emitted from a higher block to a lower block."); uint256 totalEmittedTokens = 0; uint256 workingRate = 0; uint256 workingBlock = _fromBlock; for (uint256 i = 0; i < tokenEmissionBlockCount; ++i) { uint256 emissionBlock = tokenEmissionBlocks[i].blockNumber; uint256 emissionRate = tokenEmissionBlocks[i].rate; if (_toBlock < emissionBlock) { totalEmittedTokens = totalEmittedTokens.add(_toBlock.sub(workingBlock).mul(workingRate)); return totalEmittedTokens; } else if (workingBlock < emissionBlock) { totalEmittedTokens = totalEmittedTokens.add(emissionBlock.sub(workingBlock).mul(workingRate)); workingBlock = emissionBlock; } workingRate = emissionRate; } if (workingBlock < _toBlock) { totalEmittedTokens = totalEmittedTokens.add(_toBlock.sub(workingBlock).mul(workingRate)); } return totalEmittedTokens; } /** Uses the emission schedule to calculate the total amount of points emitted between two specified block numbers. @param _fromBlock The block to begin calculating emissions from. @param _toBlock The block to calculate total emissions up to. */ function getTotalEmittedPoints(uint256 _fromBlock, uint256 _toBlock) public view returns (uint256) { require(_toBlock >= _fromBlock, "Points cannot be emitted from a higher block to a lower block."); uint256 totalEmittedPoints = 0; uint256 workingRate = 0; uint256 workingBlock = _fromBlock; for (uint256 i = 0; i < pointEmissionBlockCount; ++i) { uint256 emissionBlock = pointEmissionBlocks[i].blockNumber; uint256 emissionRate = pointEmissionBlocks[i].rate; if (_toBlock < emissionBlock) { totalEmittedPoints = totalEmittedPoints.add(_toBlock.sub(workingBlock).mul(workingRate)); return totalEmittedPoints; } else if (workingBlock < emissionBlock) { totalEmittedPoints = totalEmittedPoints.add(emissionBlock.sub(workingBlock).mul(workingRate)); workingBlock = emissionBlock; } workingRate = emissionRate; } if (workingBlock < _toBlock) { totalEmittedPoints = totalEmittedPoints.add(_toBlock.sub(workingBlock).mul(workingRate)); } return totalEmittedPoints; } /** Update the pool corresponding to the specified token address. @param _token The address of the asset to update the corresponding pool for. */ function updatePool(IERC20 _token) internal { PoolInfo storage pool = poolInfo[_token]; if (block.number <= pool.lastRewardBlock) { return; } uint256 poolTokenSupply = pool.token.balanceOf(address(this)); if (address(_token) == address(token)) { poolTokenSupply = totalTokenDeposited; } if (poolTokenSupply <= 0) { pool.lastRewardBlock = block.number; return; } // Calculate tokens and point rewards for this pool. uint256 totalEmittedTokens = getTotalEmittedTokens(pool.lastRewardBlock, block.number); uint256 tokensReward = totalEmittedTokens.mul(pool.tokenStrength).div(totalTokenStrength).mul(1e12); uint256 totalEmittedPoints = getTotalEmittedPoints(pool.lastRewardBlock, block.number); uint256 pointsReward = totalEmittedPoints.mul(pool.pointStrength).div(totalPointStrength).mul(1e30); // Directly pay developers their corresponding share of tokens and points. for (uint256 i = 0; i < developerAddresses.length; ++i) { address developer = developerAddresses[i]; uint256 share = developerShares[developer]; uint256 devTokens = tokensReward.mul(share).div(100000); tokensReward = tokensReward - devTokens; uint256 devPoints = pointsReward.mul(share).div(100000); pointsReward = pointsReward - devPoints; token.safeTransferFrom(address(this), developer, devTokens.div(1e12)); userPoints[developer] = userPoints[developer].add(devPoints.div(1e30)); } // Update the pool rewards per share to pay users the amount remaining. pool.tokensPerShare = pool.tokensPerShare.add(tokensReward.div(poolTokenSupply)); pool.pointsPerShare = pool.pointsPerShare.add(pointsReward.div(poolTokenSupply)); pool.lastRewardBlock = block.number; } /** A function to easily see the amount of token rewards pending for a user on a given pool. Returns the pending reward token amount. @param _token The address of a particular staking pool asset to check for a pending reward. @param _user The user address to check for a pending reward. @return the pending reward token amount. */ function getPendingTokens(IERC20 _token, address _user) public view returns (uint256) { PoolInfo storage pool = poolInfo[_token]; UserInfo storage user = userInfo[_token][_user]; uint256 tokensPerShare = pool.tokensPerShare; uint256 poolTokenSupply = pool.token.balanceOf(address(this)); if (address(_token) == address(token)) { poolTokenSupply = totalTokenDeposited; } if (block.number > pool.lastRewardBlock && poolTokenSupply > 0) { uint256 totalEmittedTokens = getTotalEmittedTokens(pool.lastRewardBlock, block.number); uint256 tokensReward = totalEmittedTokens.mul(pool.tokenStrength).div(totalTokenStrength).mul(1e12); tokensPerShare = tokensPerShare.add(tokensReward.div(poolTokenSupply)); } return user.amount.mul(tokensPerShare).div(1e12).sub(user.tokenPaid); } /** A function to easily see the amount of point rewards pending for a user on a given pool. Returns the pending reward point amount. @param _token The address of a particular staking pool asset to check for a pending reward. @param _user The user address to check for a pending reward. @return the pending reward token amount. */ function getPendingPoints(IERC20 _token, address _user) public view returns (uint256) { PoolInfo storage pool = poolInfo[_token]; UserInfo storage user = userInfo[_token][_user]; uint256 pointsPerShare = pool.pointsPerShare; uint256 poolTokenSupply = pool.token.balanceOf(address(this)); if (address(_token) == address(token)) { poolTokenSupply = totalTokenDeposited; } if (block.number > pool.lastRewardBlock && poolTokenSupply > 0) { uint256 totalEmittedPoints = getTotalEmittedPoints(pool.lastRewardBlock, block.number); uint256 pointsReward = totalEmittedPoints.mul(pool.pointStrength).div(totalPointStrength).mul(1e30); pointsPerShare = pointsPerShare.add(pointsReward.div(poolTokenSupply)); } return user.amount.mul(pointsPerShare).div(1e30).sub(user.pointPaid); } /** Return the number of points that the user has available to spend. @return the number of points that the user has available to spend. */ function getAvailablePoints(address _user) public view returns (uint256) { uint256 concreteTotal = userPoints[_user]; uint256 pendingTotal = 0; for (uint256 i = 0; i < poolTokens.length; ++i) { IERC20 poolToken = poolTokens[i]; uint256 _pendingPoints = getPendingPoints(poolToken, _user); pendingTotal = pendingTotal.add(_pendingPoints); } uint256 spentTotal = userSpentPoints[_user]; return concreteTotal.add(pendingTotal).sub(spentTotal); } /** Return the total number of points that the user has ever accrued. @return the total number of points that the user has ever accrued. */ function getTotalPoints(address _user) external view returns (uint256) { uint256 concreteTotal = userPoints[_user]; uint256 pendingTotal = 0; for (uint256 i = 0; i < poolTokens.length; ++i) { IERC20 poolToken = poolTokens[i]; uint256 _pendingPoints = getPendingPoints(poolToken, _user); pendingTotal = pendingTotal.add(_pendingPoints); } return concreteTotal.add(pendingTotal); } /** Return the total number of points that the user has ever spent. @return the total number of points that the user has ever spent. */ function getSpentPoints(address _user) external view returns (uint256) { return userSpentPoints[_user]; } /** Deposit some particular assets to a particular pool on the Staker. @param _token The asset to stake into its corresponding pool. @param _amount The amount of the provided asset to stake. */ function deposit(IERC20 _token, uint256 _amount) external nonReentrant { PoolInfo storage pool = poolInfo[_token]; require(pool.tokenStrength > 0 || pool.pointStrength > 0, "You cannot deposit assets into an inactive pool."); UserInfo storage user = userInfo[_token][msg.sender]; updatePool(_token); if (user.amount > 0) { uint256 pendingTokens = user.amount.mul(pool.tokensPerShare).div(1e12).sub(user.tokenPaid); token.safeTransferFrom(address(this), msg.sender, pendingTokens); totalTokenDisbursed = totalTokenDisbursed.add(pendingTokens); uint256 pendingPoints = user.amount.mul(pool.pointsPerShare).div(1e30).sub(user.pointPaid); userPoints[msg.sender] = userPoints[msg.sender].add(pendingPoints); } pool.token.safeTransferFrom(address(msg.sender), address(this), _amount); if (address(_token) == address(token)) { totalTokenDeposited = totalTokenDeposited.add(_amount); } user.amount = user.amount.add(_amount); user.tokenPaid = user.amount.mul(pool.tokensPerShare).div(1e12); user.pointPaid = user.amount.mul(pool.pointsPerShare).div(1e30); emit Deposit(msg.sender, _token, _amount); } /** Withdraw some particular assets from a particular pool on the Staker. @param _token The asset to withdraw from its corresponding staking pool. @param _amount The amount of the provided asset to withdraw. */ function withdraw(IERC20 _token, uint256 _amount) external nonReentrant { PoolInfo storage pool = poolInfo[_token]; UserInfo storage user = userInfo[_token][msg.sender]; require(user.amount >= _amount, "You cannot withdraw that much of the specified token; you are not owed it."); updatePool(_token); uint256 pendingTokens = user.amount.mul(pool.tokensPerShare).div(1e12).sub(user.tokenPaid); token.safeTransferFrom(address(this), msg.sender, pendingTokens); totalTokenDisbursed = totalTokenDisbursed.add(pendingTokens); uint256 pendingPoints = user.amount.mul(pool.pointsPerShare).div(1e30).sub(user.pointPaid); userPoints[msg.sender] = userPoints[msg.sender].add(pendingPoints); if (address(_token) == address(token)) { totalTokenDeposited = totalTokenDeposited.sub(_amount); } user.amount = user.amount.sub(_amount); user.tokenPaid = user.amount.mul(pool.tokensPerShare).div(1e12); user.pointPaid = user.amount.mul(pool.pointsPerShare).div(1e30); pool.token.safeTransfer(address(msg.sender), _amount); emit Withdraw(msg.sender, _token, _amount); } /** Allows the owner of this Staker to grant or remove approval to an external spender of the points that users accrue from staking resources. @param _spender The external address allowed to spend user points. @param _approval The updated user approval status. */ function approvePointSpender(address _spender, bool _approval) external onlyOwner { approvedPointSpenders[_spender] = _approval; } /** Allows an approved spender of points to spend points on behalf of a user. @param _user The user whose points are being spent. @param _amount The amount of the user's points being spent. */ function spendPoints(address _user, uint256 _amount) external { require(approvedPointSpenders[msg.sender], "You are not permitted to spend user points."); uint256 _userPoints = getAvailablePoints(_user); require(_userPoints >= _amount, "The user does not have enough points to spend the requested amount."); userSpentPoints[_user] = userSpentPoints[_user].add(_amount); emit SpentPoints(msg.sender, _user, _amount); } /** Sweep all of a particular ERC-20 token from the contract. @param _token The token to sweep the balance from. */ function sweep(IERC20 _token) external onlyOwner { uint256 balance = _token.balanceOf(address(this)); _token.safeTransferFrom(address(this), msg.sender, balance); } } ``` --- ## ERC721A official website: https://www.erc721a.org/ github: https://github.com/chiru-labs/ERC721A blog post: https://www.azuki.com/erc721a ### 原理 請讀 blog post: https://www.azuki.com/erc721a #### ERC721 的問題 一般的 ERC721，如果我要 mint 編號 101~105 的 NFT， 就會把 _owners[101] 到 _owners[105] 都設成我的地址。 在合約裡寫入是很消耗 gas 的。 寫入五次資料（將 0 改成非 0），會需要 20000 * 5 gas。 | tokenId | owner | | ------- | ----- | | 101 | 0x1111111111111111111111111111111111111111 | | 102 | 0x1111111111111111111111111111111111111111 | | 103 | 0x1111111111111111111111111111111111111111 | | 104 | 0x1111111111111111111111111111111111111111 | | 105 | 0x1111111111111111111111111111111111111111 | #### ERC721A 的改進 使用 ERC721A，如果我要 mint 編號 101~105 的 NFT， 就只把編號 _owners[101] 設成我， _owners[102] 到 _owners[105] 保持 default value address(0)。 這樣就只需要寫入一次。 之後在查詢 owner 的時候採用特殊方法。 | tokenId | owner | | ------- | ----- | | 101 | 0x1111111111111111111111111111111111111111 | | 102 | <not set> | | 103 | <not set> | | 104 | <not set> | | 105 | <not set> | 註：<not set> 的情況下查詢 _owners[tokenId] 會回傳 address(0)，也就是 0x0000000000000000000000000000000000000000。 ERC721A 查詢編號為 tokenId 的 NFT 的 owner 的方法： 1. 如果 tokenId 尚未被 mint （透過 _exists(tokenId) 查詢），就回傳 address(0) 2. 如果 tokenId 已經被 mint a. 而且 _owners[tokenId] 不是 address(0)，就回傳 _owners[tokenId] b. 但是 _owners[tokenId] 是 address(0)，就往下看 tokenId - 1, tokenId - 2, ... 直到找到第一個非 address(0) 的地址，就回傳該地址 但是之後 transfer 的時候終究需要把 _owners 寫上去，所以最終還是無法避免 _owners 的寫入。 比方說當我要傳送 103 時，除了要將 _owners[103] 寫成傳送對象的地址，還需要將 _owners[104] 寫成我的地址，才能確保 104, 105 還是在我手上。 所以並不是演算法層面的改進 ERC721，只是將寫入的時間推遲，讓最初 mint 時的成本降低。 | tokenId | owner | | ------- | ----- | | 101 | 0x1111111111111111111111111111111111111111 | | 102 | <not set> | | 103 | 0x2222222222222222222222222222222222222222 | | 104 | 0x1111111111111111111111111111111111111111 | | 105 | <not set> | ### 評價 我的話不會採用，因為讓合約邏輯變複雜了，而節省 gas 的效益並不是持續的，反而在之後每次 transfer 時都要多檢查一些東西，造成額外成本（估計數量級在 100 gas 左右）。 --- ### Neo Tokyo Neo Tokyo: NTCTZN Token: https://etherscan.io/address/0xb668beb1fa440f6cf2da0399f8c28cab993bdd65#code ```solidity= bytesContract = 0x7d647b1A0dcD5525e9C6B3D14BE58f27674f8c95; vaultContract = 0xab0b0dD7e4EaB0F9e31a539074a03f1C1Be80879; itemContract = 0x0938E3F7AC6D7f674FeD551c93f363109bda3AF9; identityContract = 0x86357A19E5537A8Fba9A004E555713BC943a66C0; boughtIdentityContract = 0x835a60cc60B808e47825daa79A9Da6C9fF3a892E; landContract = 0x3C54b798b3aAD4F6089533aF3bdbD6ce233019bB; citizenMintContract = 0xf1F199C5a6B41231902B2f6E93e8edC59FaF507b; ``` ### createCitizen ```solidity= function createCitizen(uint256 identityId, uint256 vaultId, uint256 itemCacheId, uint256 landDeedId, bool genderFemale, string memory specialMessage) public nonReentrant { require(citizenMintActive, "Uploading is not currently active"); require(identityValidated(identityId), "You are not the owner of that identity"); require(itemCacheValidated(itemCacheId), "You are not the owner of that item cache"); require(landDeedValidated(landDeedId), "You are not the owner of that land deed"); if(genderFemale) { require(femaleActive, "Females cannot be uploaded yet"); } if(vaultId > 0) { require(vaultValidated(vaultId), "You are not the owner of that vault box"); } _safeMint(_msgSender(), newestCitizen + 1); newestCitizen++; ERC721 _identityContract; if(identityId < 2300) { _identityContract = ERC721(identityContract); } else { _identityContract = ERC721(boughtIdentityContract); } _identityContract.transferFrom(_msgSender(), address(this), identityId); if(vaultId > 0) { ERC721 _vaultContract = ERC721(vaultContract); _vaultContract.transferFrom(_msgSender(), address(this), vaultId); _vaultDataByCitizenId[newestCitizen] = vaultId; } ERC721 _itemContract = ERC721(itemContract); _itemContract.transferFrom(_msgSender(), address(this), itemCacheId); ERC721 _landContract = ERC721(landContract); _landContract.transferFrom(_msgSender(), address(this), landDeedId); // Set the underlying component data mappings _identityDataByCitizenId[newestCitizen] = identityId; _itemCacheDataByCitizenId[newestCitizen] = itemCacheId; _landDeedDataByCitizenId[newestCitizen] = landDeedId; if(genderFemale) { _genderFemale[newestCitizen] = genderFemale; } if(bytes(specialMessage).length > 0) { _specialMessageByCitizenId[newestCitizen] = specialMessage; } _rewardRateByCitizenId[newestCitizen] = calculateCitizenReward(identityId, vaultId); _citizenCreationTime[newestCitizen] = block.timestamp; IByteContract byteToken = IByteContract(bytesContract); byteToken.updateRewardOnMint(_msgSender(), newestCitizen); } ``` 功能： 1. mint 新的 citizen 2. 將四個 NFT 傳進來存在這個合約裡 ### disassembleCitizen ```solidity= function disassembleCitizen(uint256 citizenId)public nonReentrant { require(ownerOf(citizenId) == _msgSender(), "You do not own that citizen"); ERC721 _identityContract; if(_identityDataByCitizenId[citizenId] < 2300) { _identityContract = ERC721(identityContract); } else { _identityContract = ERC721(boughtIdentityContract); } _identityContract.transferFrom(address(this), _msgSender(), _identityDataByCitizenId[citizenId]); if(_vaultDataByCitizenId[citizenId] > 0) { ERC721 _vaultContract = ERC721(vaultContract); _vaultContract.transferFrom(address(this), _msgSender(), _vaultDataByCitizenId[citizenId]); } ERC721 _itemContract = ERC721(itemContract); _itemContract.transferFrom(address(this), _msgSender(), _itemCacheDataByCitizenId[citizenId]); ERC721 _landContract = ERC721(landContract); _landContract.transferFrom(address(this), _msgSender(), _landDeedDataByCitizenId[citizenId]); _burn(citizenId); delete _identityDataByCitizenId[citizenId]; delete _vaultDataByCitizenId[citizenId]; delete _itemCacheDataByCitizenId[citizenId]; delete _landDeedDataByCitizenId[citizenId]; delete _genderFemale[citizenId]; delete _specialMessageByCitizenId[citizenId]; delete _rewardRateByCitizenId[citizenId]; } ``` ---