Untitled Diff

Created Diff never expires
483 removals
557 lines
640 additions
704 lines
// SPDX-License-Identifier: MIT
/**
pragma solidity ^0.8.0;
*Submitted for verification at Etherscan.io on 2022-02-01
*/


// OpenZeppelin contracts
pragma solidity 0.4.26;
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
import {ReentrancyGuard} from "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";


// LooksRare interfaces
library SafeMath {
import {ICurrencyManager} from "./interfaces/ICurrencyManager.sol";
import {IExecutionManager} from "./interfaces/IExecutionManager.sol";
import {IExecutionStrategy} from "./interfaces/IExecutionStrategy.sol";
import {IRoyaltyFeeManager} from "./interfaces/IRoyaltyFeeManager.sol";
import {ILooksRareExchange} from "./interfaces/ILooksRareExchange.sol";
import {ITransferManagerNFT} from "./interfaces/ITransferManagerNFT.sol";
import {ITransferSelectorNFT} from "./interfaces/ITransferSelectorNFT.sol";
import {IWETH} from "./interfaces/IWETH.sol";


// LooksRare libraries
/**
import {OrderTypes} from "./libraries/OrderTypes.sol";
* @dev Multiplies two numbers, throws on overflow.
import {SignatureChecker} from "./libraries/SignatureChecker.sol";
*/
contract LooksRareExchange is ILooksRareExchange, ReentrancyGuard, Ownable {
function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
using SafeERC20 for IERC20;
if (a == 0) {
return 0;
}
c = a * b;
assert(c / a == b);
return c;
}


using OrderTypes for OrderTypes.MakerOrder;
/**
using OrderTypes for OrderTypes.TakerOrder;
* @dev Integer division of two numbers, truncating the quotient.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
// assert(b > 0); // Solidity automatically throws when dividing by 0
// uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return a / b;
}


address public immutable WETH;
/**
bytes32 public immutable DOMAIN_SEPARATOR;
* @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
assert(b <= a);
return a - b;
}


address public protocolFeeRecipient;
/**
* @dev Adds two numbers, throws on overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256 c) {
c = a + b;
assert(c >= a);
return c;
}
}


ICurrencyManager public currencyManager;
contract Ownable {
IExecutionManager public executionManager;
address public owner;
IRoyaltyFeeManager public royaltyFeeManager;
ITransferSelectorNFT public transferSelectorNFT;


mapping(address => uint256) public userMinOrderNonce;
mapping(address => mapping(uint256 => bool)) private _isUserOrderNonceExecutedOrCancelled;


event CancelAllOrders(address indexed user, uint256 newMinNonce);
event OwnershipRenounced(address indexed previousOwner);
event CancelMultipleOrders(address indexed user, uint256[] orderNonces);
event OwnershipTransferred(
event NewCurrencyManager(address indexed currencyManager);
address indexed previousOwner,
event NewExecutionManager(address indexed executionManager);
address indexed newOwner
event NewProtocolFeeRecipient(address indexed protocolFeeRecipient);
);
event NewRoyaltyFeeManager(address indexed royaltyFeeManager);
event NewTransferSelectorNFT(address indexed transferSelectorNFT);


event RoyaltyPayment(
address indexed collection,
uint256 indexed tokenId,
address indexed royaltyRecipient,
address currency,
uint256 amount
);


event TakerAsk(
/**
bytes32 orderHash, // bid hash of the maker order
* @dev The Ownable constructor sets the original `owner` of the contract to the sender
uint256 orderNonce, // user order nonce
* account.
address indexed taker, // sender address for the taker ask order
*/
address indexed maker, // maker address of the initial bid order
constructor() public {
address indexed strategy, // strategy that defines the execution
owner = msg.sender;
address currency, // currency address
}
address collection, // collection address
uint256 tokenId, // tokenId transferred
uint256 amount, // amount of tokens transferred
uint256 price // final transacted price
);


event TakerBid(
/**
bytes32 orderHash, // ask hash of the maker order
* @dev Throws if called by any account other than the owner.
uint256 orderNonce, // user order nonce
*/
address indexed taker, // sender address for the taker bid order
modifier onlyOwner() {
address indexed maker, // maker address of the initial ask order
require(msg.sender == owner);
address indexed strategy, // strategy that defines the execution
_;
address currency, // currency address
}
address collection, // collection address

uint256 tokenId, // tokenId transferred
/**
uint256 amount, // amount of tokens transferred
* @dev Allows the current owner to transfer control of the contract to a newOwner.
uint256 price // final transacted price
* @param newOwner The address to transfer ownership to.
);
*/
function transferOwnership(address newOwner) public onlyOwner {
require(newOwner != address(0));
emit OwnershipTransferred(owner, newOwner);
owner = newOwner;
}

/**
* @dev Allows the current owner to relinquish control of the contract.
*/
function renounceOwnership() public onlyOwner {
emit OwnershipRenounced(owner);
owner = address(0);
}
}

contract ERC20Basic {
function totalSupply() public view returns (uint256);
function balanceOf(address who) public view returns (uint256);
function transfer(address to, uint256 value) public returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
}

contract ERC20 is ERC20Basic {
function allowance(address owner, address spender)
public view returns (uint256);

function transferFrom(address from, address to, uint256 value)
public returns (bool);

function approve(address spender, uint256 value) public returns (bool);
event Approval(
address indexed owner,
address indexed spender,
uint256 value
);
}

library ArrayUtils {


/**
/**
* @notice Constructor
* Replace bytes in an array with bytes in another array, guarded by a bitmask
* @param _currencyManager currency manager address
* Efficiency of this function is a bit unpredictable because of the EVM's word-specific model (arrays under 32 bytes will be slower)
* @param _executionManager execution manager address
*
* @param _royaltyFeeManager royalty fee manager address
* @dev Mask must be the size of the byte array. A nonzero byte means the byte array can be changed.
* @param _WETH wrapped ether address (for other chains, use wrapped native asset)
* @param array The original array
* @param _protocolFeeRecipient protocol fee recipient
* @param desired The target array
* @param mask The mask specifying which bits can be changed
* @return The updated byte array (the parameter will be modified inplace)
*/
*/
constructor(
function guardedArrayReplace(bytes memory array, bytes memory desired, bytes memory mask)
address _currencyManager,
internal
address _executionManager,
pure
address _royaltyFeeManager,
{
address _WETH,
require(array.length == desired.length);
address _protocolFeeRecipient
require(array.length == mask.length);
) {
// Calculate the domain separator
DOMAIN_SEPARATOR = keccak256(
abi.encode(
0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f, // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
0xda9101ba92939daf4bb2e18cd5f942363b9297fbc3232c9dd964abb1fb70ed71, // keccak256("LooksRareExchange")
0xc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc6, // keccak256(bytes("1")) for versionId = 1
block.chainid,
address(this)
)
);


currencyManager = ICurrencyManager(_currencyManager);
uint words = array.length / 0x20;
executionManager = IExecutionManager(_executionManager);
uint index = words * 0x20;
royaltyFeeManager = IRoyaltyFeeManager(_royaltyFeeManager);
assert(index / 0x20 == words);
WETH = _WETH;
uint i;
protocolFeeRecipient = _protocolFeeRecipient;

for (i = 0; i < words; i++) {
/* Conceptually: array[i] = (!mask[i] && array[i]) || (mask[i] && desired[i]), bitwise in word chunks. */
assembly {
let commonIndex := mul(0x20, add(1, i))
let maskValue := mload(add(mask, commonIndex))
mstore(add(array, commonIndex), or(and(not(maskValue), mload(add(array, commonIndex))), and(maskValue, mload(add(desired, commonIndex)))))
}
}

/* Deal with the last section of the byte array. */
if (words > 0) {
/* This overlaps with bytes already set but is still more efficient than iterating through each of the remaining bytes individually. */
i = words;
assembly {
let commonIndex := mul(0x20, add(1, i))
let maskValue := mload(add(mask, commonIndex))
mstore(add(array, commonIndex), or(and(not(maskValue), mload(add(array, commonIndex))), and(maskValue, mload(add(desired, commonIndex)))))
}
} else {
/* If the byte array is shorter than a word, we must unfortunately do the whole thing bytewise.
(bounds checks could still probably be optimized away in assembly, but this is a rare case) */
for (i = index; i < array.length; i++) {
array[i] = ((mask[i] ^ 0xff) & array[i]) | (mask[i] & desired[i]);
}
}
}
}


/**
/**
* @notice Cancel all pending orders for a sender
* Test if two arrays are equal
* @param minNonce minimum user nonce
* @param a First array
* @param b Second array
* @return Whether or not all bytes in the arrays are equal
*/
*/
function cancelAllOrdersForSender(uint256 minNonce) external {
function arrayEq(bytes memory a, bytes memory b)
require(minNonce > userMinOrderNonce[msg.sender], "Cancel: Order nonce lower than current");
internal
require(minNonce < userMinOrderNonce[msg.sender] + 500000, "Cancel: Cannot cancel more orders");
pure
userMinOrderNonce[msg.sender] = minNonce;
returns (bool)

{
emit CancelAllOrders(msg.sender, minNonce);
return keccak256(a) == keccak256(b);
}
}


/**
/**
* @notice Cancel maker orders
* Unsafe write byte array into a memory location
* @param orderNonces array of order nonces
*
* @param index Memory location
* @param source Byte array to write
* @return End memory index
*/
*/
function cancelMultipleMakerOrders(uint256[] calldata orderNonces) external {
function unsafeWriteBytes(uint index, bytes source)
require(orderNonces.length > 0, "Cancel: Cannot be empty");
internal

pure
for (uint256 i = 0; i < orderNonces.length; i++) {
returns (uint)
require(orderNonces[i] >= userMinOrderNonce[msg.sender], "Cancel: Order nonce lower than current");
{
_isUserOrderNonceExecutedOrCancelled[msg.sender][orderNonces[i]] = true;
if (source.length > 0) {
assembly {
let length := mload(source)
let end := add(source, add(0x20, length))
let arrIndex := add(source, 0x20)
let tempIndex := index
for { } eq(lt(arrIndex, end), 1) {
arrIndex := add(arrIndex, 0x20)
tempIndex := add(tempIndex, 0x20)
} {
mstore(tempIndex, mload(arrIndex))
}
index := add(index, length)
}
}
}

return index;
emit CancelMultipleOrders(msg.sender, orderNonces);
}
}


/**
/**
* @notice Match ask with a taker bid order using ETH
* Unsafe write address into a memory location
* @param takerBid taker bid order
*
* @param makerAsk maker ask order
* @param index Memory location
* @param source Address to write
* @return End memory index
*/
*/
function matchAskWithTakerBidUsingETHAndWETH(
function unsafeWriteAddress(uint index, address source)
OrderTypes.TakerOrder calldata takerBid,
internal
OrderTypes.MakerOrder calldata makerAsk
pure
) external payable override nonReentrant {
returns (uint)
require((makerAsk.isOrderAsk) && (!takerBid.isOrderAsk), "Order: Wrong sides");
{
require(makerAsk.currency == WETH, "Order: Currency must be WETH");
uint conv = uint(source) << 0x60;
require(msg.sender == takerBid.taker, "Order: Taker must be the sender");
assembly {

mstore(index, conv)
// If not enough ETH to cover the price, use WETH
index := add(index, 0x14)
if (takerBid.price > msg.value) {
IERC20(WETH).safeTransferFrom(msg.sender, address(this), (takerBid.price - msg.value));
} else {
require(takerBid.price == msg.value, "Order: Msg.value too high");
}
}

return index;
// Wrap ETH sent to this contract
}
IWETH(WETH).deposit{value: msg.value}();

// Check the maker ask order
bytes32 askHash = makerAsk.hash();
_validateOrder(makerAsk, askHash);

// Retrieve execution parameters
(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerAsk.strategy)
.canExecuteTakerBid(takerBid, makerAsk);

require(isExecutionValid, "Strategy: Execution invalid");

// Update maker ask order status to true (prevents replay)
_isUserOrderNonceExecutedOrCancelled[makerAsk.signer][makerAsk.nonce] = true;


// Execution part 1/2
/**
_transferFeesAndFundsWithWETH(
* Unsafe write address into a memory location using entire word
makerAsk.strategy,
*
makerAsk.collection,
* @param index Memory location
tokenId,
* @param source uint to write
makerAsk.signer,
* @return End memory index
takerBid.price,
*/
makerAsk.minPercentageToAsk
function unsafeWriteAddressWord(uint index, address source)
);
internal
pure
returns (uint)
{
assembly {
mstore(index, source)
index := add(index, 0x20)
}
return index;
}


// Execution part 2/2
/**
_transferNonFungibleToken(makerAsk.collection, makerAsk.signer, takerBid.taker, tokenId, amount);
* Unsafe write uint into a memory location
*
* @param index Memory location
* @param source uint to write
* @return End memory index
*/
function unsafeWriteUint(uint index, uint source)
internal
pure
returns (uint)
{
assembly {
mstore(index, source)
index := add(index, 0x20)
}
return index;
}


emit TakerBid(
/**
askHash,
* Unsafe write uint8 into a memory location
makerAsk.nonce,
*
takerBid.taker,
* @param index Memory location
makerAsk.signer,
* @param source uint8 to write
makerAsk.strategy,
* @return End memory index
makerAsk.currency,
*/
makerAsk.collection,
function unsafeWriteUint8(uint index, uint8 source)
tokenId,
internal
amount,
pure
takerBid.price
returns (uint)
);
{
assembly {
mstore8(index, source)
index := add(index, 0x1)
}
return index;
}
}


/**
/**
* @notice Match a takerBid with a matchAsk
* Unsafe write uint8 into a memory location using entire word
* @param takerBid taker bid order
*
* @param makerAsk maker ask order
* @param index Memory location
* @param source uint to write
* @return End memory index
*/
*/
function matchAskWithTakerBid(OrderTypes.TakerOrder calldata takerBid, OrderTypes.MakerOrder calldata makerAsk)
function unsafeWriteUint8Word(uint index, uint8 source)
external
internal
override
pure
nonReentrant
returns (uint)
{
{
require((makerAsk.isOrderAsk) && (!takerBid.isOrderAsk), "Order: Wrong sides");
assembly {
require(msg.sender == takerBid.taker, "Order: Taker must be the sender");
mstore(index, source)
index := add(index, 0x20)
}
return index;
}


// Check the maker ask order
/**
bytes32 askHash = makerAsk.hash();
* Unsafe write bytes32 into a memory location using entire word
_validateOrder(makerAsk, askHash);
*
* @param index Memory location
* @param source uint to write
* @return End memory index
*/
function unsafeWriteBytes32(uint index, bytes32 source)
internal
pure
returns (uint)
{
assembly {
mstore(index, source)
index := add(index, 0x20)
}
return index;
}
}


(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerAsk.strategy)
contract ReentrancyGuarded {
.canExecuteTakerBid(takerBid, makerAsk);


require(isExecutionValid, "Strategy: Execution invalid");
bool reentrancyLock = false;


// Update maker ask order status to true (prevents replay)
/* Prevent a contract function from being reentrant-called. */
_isUserOrderNonceExecutedOrCancelled[makerAsk.signer][makerAsk.nonce] = true;
modifier reentrancyGuard {
if (reentrancyLock) {
revert();
}
reentrancyLock = true;
_;
reentrancyLock = false;
}


// Execution part 1/2
}
_transferFeesAndFunds(
makerAsk.strategy,
makerAsk.collection,
tokenId,
makerAsk.currency,
msg.sender,
makerAsk.signer,
takerBid.price,
makerAsk.minPercentageToAsk
);


// Execution part 2/2
contract TokenRecipient {
_transferNonFungibleToken(makerAsk.collection, makerAsk.signer, takerBid.taker, tokenId, amount);
event ReceivedEther(address indexed sender, uint amount);
event ReceivedTokens(address indexed from, uint256 value, address indexed token, bytes extraData);


emit TakerBid(
/**
askHash,
* @dev Receive tokens and generate a log event
makerAsk.nonce,
* @param from Address from which to transfer tokens
takerBid.taker,
* @param value Amount of tokens to transfer
makerAsk.signer,
* @param token Address of token
makerAsk.strategy,
* @param extraData Additional data to log
makerAsk.currency,
*/
makerAsk.collection,
function receiveApproval(address from, uint256 value, address token, bytes extraData) public {
tokenId,
ERC20 t = ERC20(token);
amount,
require(t.transferFrom(from, this, value));
takerBid.price
emit ReceivedTokens(from, value, token, extraData);
);
}
}


/**
/**
* @notice Match a takerAsk with a makerBid
* @dev Receive Ether and generate a log event
* @param takerAsk taker ask order
* @param makerBid maker bid order
*/
*/
function matchBidWithTakerAsk(OrderTypes.TakerOrder calldata takerAsk, OrderTypes.MakerOrder calldata makerBid)
function () payable public {
external
emit ReceivedEther(msg.sender, msg.value);
override
}
nonReentrant
}
{
require((!makerBid.isOrderAsk) && (takerAsk.isOrderAsk), "Order: Wrong sides");
require(msg.sender == takerAsk.taker, "Order: Taker must be the sender");


// Check the maker bid order
contract ExchangeCore is ReentrancyGuarded, Ownable {
bytes32 bidHash = makerBid.hash();
string public constant name = "Wyvern Exchange Contract";
_validateOrder(makerBid, bidHash);
string public constant version = "2.3";


(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerBid.strategy)
// NOTE: these hashes are derived and verified in the constructor.
.canExecuteTakerAsk(takerAsk, makerBid);
bytes32 private constant _EIP_712_DOMAIN_TYPEHASH = 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
bytes32 private constant _NAME_HASH = 0x9a2ed463836165738cfa54208ff6e7847fd08cbaac309aac057086cb0a144d13;
bytes32 private constant _VERSION_HASH = 0xe2fd538c762ee69cab09ccd70e2438075b7004dd87577dc3937e9fcc8174bb64;
bytes32 private constant _ORDER_TYPEHASH = 0xdba08a88a748f356e8faf8578488343eab21b1741728779c9dcfdc782bc800f8;


require(isExecutionValid, "Strategy: Execution invalid");
bytes4 private constant _EIP_1271_MAGIC_VALUE = 0x1626ba7e;


// Update maker bid order status to true (prevents replay)
// // NOTE: chainId opcode is not supported in solidiy 0.4.x; here we hardcode as 1.
_isUserOrderNonceExecutedOrCancelled[makerBid.signer][makerBid.nonce] = true;
// In order to protect against orders that are replayable across forked chains,
// either the solidity version needs to be bumped up or it needs to be retrieved
// from another contract.
uint256 private constant _CHAIN_ID = 1;


// Execution part 1/2
// Note: the domain separator is derived and verified in the constructor. */
_transferNonFungibleToken(makerBid.collection, msg.sender, makerBid.signer, tokenId, amount);
bytes32 public constant DOMAIN_SEPARATOR = 0x72982d92449bfb3d338412ce4738761aff47fb975ceb17a1bc3712ec716a5a68;


// Execution part 2/2
/* The token used to pay exchange fees. */
_transferFeesAndFunds(
ERC20 public exchangeToken;
makerBid.strategy,
makerBid.collection,
tokenId,
makerBid.currency,
makerBid.signer,
takerAsk.taker,
takerAsk.price,
takerAsk.minPercentageToAsk
);


emit TakerAsk(
/* User registry. */
bidHash,
ProxyRegistry public registry;
makerBid.nonce,

takerAsk.taker,
/* Token transfer proxy. */
makerBid.signer,
TokenTransferProxy public tokenTransferProxy;
makerBid.strategy,

makerBid.currency,
/* Cancelled / finalized orders, by hash. */
makerBid.collection,
mapping(bytes32 => bool) public cancelledOrFinalized;
tokenId,

amount,
/* Orders verified by on-chain approval (alternative to ECDSA signatures so that smart contracts can place orders directly). */
takerAsk.price
/* Note that the maker's nonce at the time of approval **plus one** is stored in the mapping. */
mapping(bytes32 => uint256) private _approvedOrdersByNonce;

/* Track per-maker nonces that can be incremented by the maker to cancel orders in bulk. */
// The current nonce for the maker represents the only valid nonce that can be signed by the maker
// If a signature was signed with a nonce that's different from the one stored in nonces, it
// will fail validation.
mapping(address => uint256) public nonces;

/* For split fee orders, minimum required protocol maker fee, in basis points. Paid to owner (who can change it). */
uint public minimumMakerProtocolFee = 0;

/* For split fee orders, minimum required protocol taker fee, in basis points. Paid to owner (who can change it). */
uint public minimumTakerProtocolFee = 0;

/* Recipient of protocol fees. */
address public protocolFeeRecipient;

/* Fee method: protocol fee or split fee. */
enum FeeMethod { ProtocolFee, SplitFee }

/* Inverse basis point. */
uint public constant INVERSE_BASIS_POINT = 10000;

/* An ECDSA signature. */
struct Sig {
/* v parameter */
uint8 v;
/* r parameter */
bytes32 r;
/* s parameter */
bytes32 s;
}

/* An order on the exchange. */
struct Order {
/* Exchange address, intended as a versioning mechanism. */
address exchange;
/* Order maker address. */
address maker;
/* Order taker address, if specified. */
address taker;
/* Maker relayer fee of the order, unused for taker order. */
uint makerRelayerFee;
/* Taker relayer fee of the order, or maximum taker fee for a taker order. */
uint takerRelayerFee;
/* Maker protocol fee of the order, unused for taker order. */
uint makerProtocolFee;
/* Taker protocol fee of the order, or maximum taker fee for a taker order. */
uint takerProtocolFee;
/* Order fee recipient or zero address for taker order. */
address feeRecipient;
/* Fee method (protocol token or split fee). */
FeeMethod feeMethod;
/* Side (buy/sell). */
SaleKindInterface.Side side;
/* Kind of sale. */
SaleKindInterface.SaleKind saleKind;
/* Target. */
address target;
/* HowToCall. */
AuthenticatedProxy.HowToCall howToCall;
/* Calldata. */
bytes calldata;
/* Calldata replacement pattern, or an empty byte array for no replacement. */
bytes replacementPattern;
/* Static call target, zero-address for no static call. */
address staticTarget;
/* Static call extra data. */
bytes staticExtradata;
/* Token used to pay for the order, or the zero-address as a sentinel value for Ether. */
address paymentToken;
/* Base price of the order (in paymentTokens). */
uint basePrice;
/* Auction extra parameter - minimum bid increment for English auctions, starting/ending price difference. */
uint extra;
/* Listing timestamp. */
uint listingTime;
/* Expiration timestamp - 0 for no expiry. */
uint expirationTime;
/* Order salt, used to prevent duplicate hashes. */
uint salt;
/* NOTE: uint nonce is an additional component of the order but is read from storage */
}

event OrderApprovedPartOne (bytes32 indexed hash, address exchange, address indexed maker, address taker, uint makerRelayerFee, uint takerRelayerFee, uint makerProtocolFee, uint takerProtocolFee, address indexed feeRecipient, FeeMethod feeMethod, SaleKindInterface.Side side, SaleKindInterface.SaleKind saleKind, address target);
event OrderApprovedPartTwo (bytes32 indexed hash, AuthenticatedProxy.HowToCall howToCall, bytes calldata, bytes replacementPattern, address staticTarget, bytes staticExtradata, address paymentToken, uint basePrice, uint extra, uint listingTime, uint expirationTime, uint salt, bool orderbookInclusionDesired);
event OrderCancelled (bytes32 indexed hash);
event OrdersMatched (bytes32 buyHash, bytes32 sellHash, address indexed maker, address indexed taker, uint price, bytes32 indexed metadata);
event NonceIncremented (address indexed maker, uint newNonce);

constructor () public {
require(keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)") == _EIP_712_DOMAIN_TYPEHASH);
require(keccak256(bytes(name)) == _NAME_HASH);
require(keccak256(bytes(version)) == _VERSION_HASH);
require(keccak256("Order(address exchange,address maker,address taker,uint256 makerRelayerFee,uint256 takerRelayerFee,uint256 makerProtocolFee,uint256 takerProtocolFee,address feeRecipient,uint8 feeMethod,uint8 side,uint8 saleKind,address target,uint8 howToCall,bytes calldata,bytes replacementPattern,address staticTarget,bytes staticExtradata,address paymentToken,uint256 basePrice,uint256 extra,uint256 listingTime,uint256 expirationTime,uint256 salt,uint256 nonce)") == _ORDER_TYPEHASH);
require(DOMAIN_SEPARATOR == _deriveDomainSeparator());
}

/**
* @dev Derive the domain separator for EIP-712 signatures.
* @return The domain separator.
*/
function _deriveDomainSeparator() private view returns (bytes32) {
return keccak256(
abi.encode(
_EIP_712_DOMAIN_TYPEHASH, // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
_NAME_HASH, // keccak256("Wyvern Exchange Contract")
_VERSION_HASH, // keccak256(bytes("2.3"))
_CHAIN_ID, // NOTE: this is fixed, need to use solidity 0.5+ or make external call to support!
address(this)
)
);
);
}
}


/**
/**
* @notice Update currency manager
* Increment a particular maker's nonce, thereby invalidating all orders that were not signed
* @param _currencyManager new currency manager address
* with the original nonce.
*/
*/
function updateCurrencyManager(address _currencyManager) external onlyOwner {
function incrementNonce() external {
require(_currencyManager != address(0), "Owner: Cannot be null address");
uint newNonce = ++nonces[msg.sender];
currencyManager = ICurrencyManager(_currencyManager);
emit NonceIncremented(msg.sender, newNonce);
emit NewCurrencyManager(_currencyManager);
}
}


/**
/**
* @notice Update execution manager
* @dev Change the minimum maker fee paid to the protocol (owner only)
* @param _executionManager new execution manager address
* @param newMinimumMakerProtocolFee New fee to set in basis points
*/
*/
function updateExecutionManager(address _executionManager) external onlyOwner {
function changeMinimumMakerProtocolFee(uint newMinimumMakerProtocolFee)
require(_executionManager != address(0), "Owner: Cannot be null address");
public
executionManager = IExecutionManager(_executionManager);
onlyOwner
emit NewExecutionManager(_executionManager);
{
minimumMakerProtocolFee = newMinimumMakerProtocolFee;
}
}


/**
/**
* @notice Update protocol fee and recipient
* @dev Change the minimum taker fee paid to the protocol (owner only)
* @param _protocolFeeRecipient new recipient for protocol fees
* @param newMinimumTakerProtocolFee New fee to set in basis points
*/
*/
function updateProtocolFeeRecipient(address _protocolFeeRecipient) external onlyOwner {
function changeMinimumTakerProtocolFee(uint newMinimumTakerProtocolFee)
protocolFeeRecipient = _protocolFeeRecipient;
public
emit NewProtocolFeeRecipient(_protocolFeeRecipient);
onlyOwner
{
minimumTakerProtocolFee = newMinimumTakerProtocolFee;
}
}


/**
/**
* @notice Update royalty fee manager
* @dev Change the protocol fee recipient (owner only)
* @param _royaltyFeeManager new fee manager address
* @param newProtocolFeeRecipient New protocol fee recipient address
*/
*/
function updateRoyaltyFeeManager(address _royaltyFeeManager) external onlyOwner {
function changeProtocolFeeRecipient(address newProtocolFeeRecipient)
require(_royaltyFeeManager != address(0), "Owner: Cannot be null address");
public
royaltyFeeManager = IRoyaltyFeeManager(_royaltyFeeManager);
onlyOwner
emit NewRoyaltyFeeManager(_royaltyFeeManager);
{
protocolFeeRecipient = newProtocolFeeRecipient;
}
}


/**
/**
* @notice Update transfer selector NFT
* @dev Transfer tokens
* @param _transferSelectorNFT new transfer selector address
* @param token Token to transfer
* @param from Address to charge fees
* @param to Address to receive fees
* @param amount Amount of protocol tokens to charge
*/
*/
function updateTransferSelectorNFT(address _transferSelectorNFT) external onlyOwner {
function transferTokens(address token, address from, address to, uint amount)
require(_transferSelectorNFT != address(0), "Owner: Cannot be null address");
internal
transferSelectorNFT = ITransferSelectorNFT(_transferSelectorNFT);
{

if (amount > 0) {
emit NewTransferSelectorNFT(_transferSelectorNFT);
require(tokenTransferProxy.transferFrom(token, from, to, amount));
}
}
}


/**
/**
* @notice Check whether user order nonce is executed or cancelled
* @dev Charge a fee in protocol tokens
* @param user address of user
* @param from Address to charge fees
* @param orderNonce nonce of the order
* @param to Address to receive fees
* @param amount Amount of protocol tokens to charge
*/
*/
function isUserOrderNonceExecutedOrCancelled(address user, uint256 orderNonce) external view returns (bool) {
function chargeProtocolFee(address from, address to, uint amount)
return _isUserOrderNonceExecutedOrCancelled[user][orderNonce];
internal
{
transferTokens(exchangeToken, from, to, amount);
}
}


/**
/**
* @notice Transfer fees and funds to royalty recipient, protocol, and seller
* @dev Execute a STATICCALL (introduced with Ethereum Metropolis, non-state-modifying external call)
* @param strategy address of the execution strategy
* @param target Contract to call
* @param collection non fungible token address for the transfer
* @param calldata Calldata (appended to extradata)
* @param tokenId tokenId
* @param extradata Base data for STATICCALL (probably function selector and argument encoding)
* @param currency currency being used for the purchase (e.g., WETH/USDC)
* @return The result of the call (success or failure)
* @param from sender of the funds
* @param to seller's recipient
* @param amount amount being transferred (in currency)
* @param minPercentageToAsk minimum percentage of the gross amount that goes to ask
*/
*/
function _transferFeesAndFunds(
function staticCall(address target, bytes memory calldata, bytes memory extradata)
address strategy,
public
address collection,
view
uint256 tokenId,
returns (bool result)
address currency,
{
address from,
bytes memory combined = new bytes(calldata.length + extradata.length);
address to,
uint index;
uint256 amount,
assembly {
uint256 minPercentageToAsk
index := add(combined, 0x20)
) internal {
// Initialize the final amount that is transferred to seller
uint256 finalSellerAmount = amount;

// 1. Protocol fee
{
uint256 protocolFeeAmount = _calculateProtocolFee(strategy, amount);

// Check if the protocol fee is different than 0 for this strategy
if ((protocolFeeRecipient != address(0)) && (protocolFeeAmount != 0)) {
IERC20(currency).safeTransferFrom(from, protocolFeeRecipient, protocolFeeAmount);
finalSellerAmount -= protocolFeeAmount;
}
}

// 2. Royalty fee
{
(address royaltyFeeRecipient, uint256 royaltyFeeAmount) = royaltyFeeManager
.calculateRoyaltyFeeAndGetRecipient(collection, tokenId, amount);

// Check if there is a royalty fee and that it is different to 0
if ((royaltyFeeRecipient != address(0)) && (royaltyFeeAmount != 0)) {
IERC20(currency).safeTransferFrom(from, royaltyFeeRecipient, royaltyFeeAmount);
finalSellerAmount -= royaltyFeeAmount;

emit RoyaltyPayment(collection, tokenId, royaltyFeeRecipient, currency, royaltyFeeAmount);
}
}
}

index = ArrayUtils.unsafeWriteBytes(index, extradata);
require((finalSellerAmount * 10000) >= (minPercentageToAsk * amount), "Fees: Higher than expected");
ArrayUtils.unsafeWriteBytes(index, calldata);

assembly {
// 3. Transfer final amount (post-fees) to seller
result := staticcall(gas, target, add(combined, 0x20), mload(combined), mload(0x40), 0)
{
IERC20(currency).safeTransferFrom(from, to, finalSellerAmount);
}
}
return result;
}
}


/**
/**
* @notice Transfer fees and funds to royalty recipient, protocol, and seller
* @dev Hash an order, returning the canonical EIP-712 order hash without the domain separator
* @param strategy address of the execution strategy
* @param order Order to hash
* @param collection non fungible token address for the transfer
* @param nonce maker nonce to hash
* @param tokenId tokenId
* @return Hash of order
* @param to seller's recipient
* @param amount amount being transferred (in currency)
* @param minPercentageToAsk minimum percentage of the gross amount that goes to ask
*/
*/
function _transferFeesAndFundsWithWETH(
function hashOrder(Order memory order, uint nonce)
address strategy,
internal
address collection,
pure
uint256 tokenId,
returns (bytes32 hash)
address to,
{
uint256 amount,
/* Unfortunately abi.encodePacked doesn't work here, stack size constraints. */
uint256 minPercentageToAsk
uint size = 800;
) internal {
bytes memory array = new bytes(size);
// Initialize the final amount that is transferred to seller
uint index;
uint256 finalSellerAmount = amount;
assembly {

index := add(array, 0x20)
// 1. Protocol fee
{
uint256 protocolFeeAmount = _calculateProtocolFee(strategy, amount);

// Check if the protocol fee is different than 0 for this strategy
if ((protocolFeeRecipient != address(0)) && (protocolFeeAmount != 0)) {
IERC20(WETH).safeTransfer(protocolFeeRecipient, protocolFeeAmount);
finalSellerAmount -= protocolFeeAmount;
}
}

// 2. Royalty fee
{
(address royaltyFeeRecipient, uint256 royaltyFeeAmount) = royaltyFeeManager
.calculateRoyaltyFeeAndGetRecipient(collection, tokenId, amount);

// Check if there is a royalty fee and that it is different to 0
if ((royaltyFeeRecipient != address(0)) && (royaltyFeeAmount != 0)) {
IERC20(WETH).safeTransfer(royaltyFeeRecipient, royaltyFeeAmount);
finalSellerAmount -= royaltyFeeAmount;

emit RoyaltyPayment(collection, tokenId, royaltyFeeRecipient, address(WETH), royaltyFeeAmount);
}
}
}

index = ArrayUtils.unsafeWriteBytes32(index, _ORDER_TYPEHASH);
require((finalSellerAmount * 10000) >= (minPercentageToAsk * amount), "Fees: Higher than expected");
index = ArrayUtils.unsafeWriteAddressWord(index, order.exchange);

index = ArrayUtils.unsafeWriteAddressWord(index, order.maker);
// 3. Transfer final amount (post-fees) to seller
index = ArrayUtils.unsafeWriteAddressWord(index, order.taker);
{
index = ArrayUtils.unsafeWriteUint(index, order.makerRelayerFee);
IERC20(WETH).safeTransfer(to, finalSellerAmount);
index = ArrayUtils.unsafeWriteUint(index, order.takerRelayerFee);
index = ArrayUtils.unsafeWriteUint(index, order.makerProtocolFee);
index = ArrayUtils.unsafeWriteUint(index, order.takerProtocolFee);
index = ArrayUtils.unsafeWriteAddressWord(index, order.feeRecipient);
index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.feeMethod));
index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.side));
index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.saleKind));
index = ArrayUtils.unsafeWriteAddressWord(index, order.target);
index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.howToCall));
index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.calldata));
index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.replacementPattern));
index = ArrayUtils.unsafeWriteAddressWord(index, order.staticTarget);
index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.staticExtradata));
index = ArrayUtils.unsafeWriteAddressWord(index, order.paymentToken);
index = ArrayUtils.unsafeWriteUint(index, order.basePrice);
index = ArrayUtils.unsafeWriteUint(index, order.extra);
index = ArrayUtils.unsafeWriteUint(index, order.listingTime);
index = ArrayUtils.unsafeWriteUint(index, order.expirationTime);
index = ArrayUtils.unsafeWriteUint(index, order.salt);
index = ArrayUtils.unsafeWriteUint(index, nonce);
assembly {
hash := keccak256(add(array, 0x20), size)
}
}
return hash;
}
}


/**
/**
* @notice Transfer NFT
* @dev Hash an order, returning the hash that a client must sign via EIP-712 including the message prefix
* @param collection address of the token collection
* @param order Order to hash
* @param from address of the sender
* @param nonce Nonce to hash
* @param to address of the recipient
* @return Hash of message prefix and order hash per Ethereum format
* @param tokenId tokenId
* @param amount amount of tokens (1 for ERC721, 1+ for ERC1155)
* @dev For ERC721, amount is not used
*/
*/
function _transferNonFungibleToken(
function hashToSign(Order memory order, uint nonce)
address collection,
internal
address from,
pure
address to,
returns (bytes32)
uint256 tokenId,
{
uint256 amount
return keccak256(
) internal {
abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR, hashOrder(order, nonce))
// Retrieve the transfer manager address
);
address transferManager = transferSelectorNFT.checkTransferManagerForToken(collection);

// If no transfer manager found, it returns address(0)
require(transferManager != address(0), "Transfer: No NFT transfer manager available");

// If one is found, transfer the token
ITransferManagerNFT(transferManager).transferNonFungibleToken(collection, from, to, tokenId, amount);
}
}


/**
/**
* @notice Calculate protocol fee for an execution strategy
* @dev Assert an order is valid and return its hash
* @param executionStrategy strategy
* @param order Order to validate
* @param amount amount to transfer
* @param nonce Nonce to validate
* @param sig ECDSA signature
*/
*/
function _calculateProtocolFee(address executionStrategy, uint256 amount) internal view returns (uint256) {
function requireValidOrder(Order memory order, Sig memory sig, uint nonce)
uint256 protocolFee = IExecutionStrategy(executionStrategy).viewProtocolFee();
internal
return (protocolFee * amount) / 10000;
view
returns (bytes32)
{
bytes32 hash = hashToSign(order, nonce);
require(validateOrder(hash, order, sig));
return hash;
}
}


/**
/**
* @notice Verify the validity of the maker order
* @dev Validate order parameters (does *not* check signature validity)
* @param makerOrder maker order
* @param order Order to validate
* @param orderHash computed hash for the order
*/
*/
function _validateOrder(OrderTypes.MakerOrder calldata makerOrder, bytes32 orderHash) internal view {
function validateOrderParameters(Order memory order)
// Verify whether order nonce has expired
internal
require(
view
(!_isUserOrderNonceExecutedOrCancelled[makerOrder.signer][makerOrder.nonce]) &&
returns (bool)
(makerOrder.nonce >= userMinOrderNonce[makerOrder.signer]),
{
"Order: Matching order expired"
/* Order must be targeted at this protocol version (this Exchange contract). */
);
if (order.exchange != address(this)) {

// Verify the signer is not address(0)
require(makerOrder.signer != address(0), "Order: Invalid signer");

// Verify the amount is not 0
require(makerOrder.amount > 0, "Order: Amount cannot be 0");

// Verify the validity of the signature
require(
SignatureChecker.verify(
orderHash,
makerOrder.signer,
makerOrder.v,
makerOrder.r,
makerOrder.s,
DOMAIN_SEPARATOR
),
"Signature: Invalid"
);

// Verify whether the currency is whitelisted
require(currencyManager.isCurrencyWhitelisted(makerOrder.currency), "Currency: Not whitelisted");


// Verify whether strategy can be executed
require(executionManager.isStrategyWhitelisted(makerOrder.strategy), "Strategy: Not whitelisted");
}
}