テキスト比較

2 つのテキストファイルの違いを見つける

ライブエディター

未変更行を折りたたむ

折り返しなし

レイアウト

比較精度

シンタックスハイライト

Diffchecker Desktop Diffcheckerを実行する最も安全な方法。Diffchecker Desktopアプリを入手：あなたの差分はコンピューターから出ることはありません！Desktopを入手

Kashi <> Cauldron

作成日 5 年前差分は期限切れになりません

218 削除

行
合計
削除

文字
合計
削除

この機能を引き続き使用するには、アップグレードしてください Diffchecker Pro 価格を見る

681 行

189 追加

行
合計
追加

文字
合計
追加

この機能を引き続き使用するには、アップグレードしてください Diffchecker Pro 価格を見る

646 行

/**

*Submitted for verification at Etherscan.io on 2021-03-27

*Submitted for verification at Etherscan.io on 2021-07-06

// SPDX-License-Identifier: UNLICENSED

// SPDX-License-Identifier: MIXED

// Kashi Lending Medium Risk

// __ __ __ __ _____ __ __

// | |/ .---.-.-----| |--|__| | |_.-----.-----.--| |__.-----.-----.

// | <| _ |__ --| | | | | -__| | _ | | | _ |

// |__|\__|___._|_____|__|__|__| |_______|_____|__|__|_____|__|__|__|___ |

// |_____|

// Twitter: @Boring_Crypto

// Special thanks to:

// @0xKeno - for all his invaluable contributions

// @burger_crypto - for the idea of trying to let the LPs benefit from liquidations

// Version: 22-Feb-2021

Text moved to lines 622-624

pragma solidity 0.6.12;

pragma experimental ABIEncoderV2;

// solhint-disable avoid-low-level-calls

// solhint-disable no-inline-assembly

// solhint-disable not-rely-on-time

// File @boringcrypto/boring-solidity/contracts/libraries/BoringMath.sol@v1.2.0

// File @boringcrypto/boring-solidity/contracts/libraries/BoringMath.sol@v1.2.2

// License-Identifier: MIT

pragma solidity 0.6.12;

/// @notice A library for performing overflow-/underflow-safe math,

/// updated with awesomeness from of DappHub (https://github.com/dapphub/ds-math).

library BoringMath {

function add(uint256 a, uint256 b) internal pure returns (uint256 c) {

require((c = a + b) >= b, "BoringMath: Add Overflow");

}

function sub(uint256 a, uint256 b) internal pure returns (uint256 c) {

require((c = a - b) <= a, "BoringMath: Underflow");

}

function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {

require(b == 0 || (c = a * b) / b == a, "BoringMath: Mul Overflow");

}

function to128(uint256 a) internal pure returns (uint128 c) {

require(a <= uint128(-1), "BoringMath: uint128 Overflow");

c = uint128(a);

}

function to64(uint256 a) internal pure returns (uint64 c) {

require(a <= uint64(-1), "BoringMath: uint64 Overflow");

c = uint64(a);

}

function to32(uint256 a) internal pure returns (uint32 c) {

require(a <= uint32(-1), "BoringMath: uint32 Overflow");

c = uint32(a);

}

/// @notice A library for performing overflow-/underflow-safe addition and subtraction on uint128.

library BoringMath128 {

function add(uint128 a, uint128 b) internal pure returns (uint128 c) {

require((c = a + b) >= b, "BoringMath: Add Overflow");

}

function sub(uint128 a, uint128 b) internal pure returns (uint128 c) {

require((c = a - b) <= a, "BoringMath: Underflow");

}

// File @boringcrypto/boring-solidity/contracts/BoringOwnable.sol@v1.2.0

/// @notice A library for performing overflow-/underflow-safe addition and subtraction on uint64.

library BoringMath64 {

function add(uint64 a, uint64 b) internal pure returns (uint64 c) {

require((c = a + b) >= b, "BoringMath: Add Overflow");

}

function sub(uint64 a, uint64 b) internal pure returns (uint64 c) {

require((c = a - b) <= a, "BoringMath: Underflow");

}

/// @notice A library for performing overflow-/underflow-safe addition and subtraction on uint32.

library BoringMath32 {

function add(uint32 a, uint32 b) internal pure returns (uint32 c) {

require((c = a + b) >= b, "BoringMath: Add Overflow");

}

function sub(uint32 a, uint32 b) internal pure returns (uint32 c) {

require((c = a - b) <= a, "BoringMath: Underflow");

}

// File @boringcrypto/boring-solidity/contracts/BoringOwnable.sol@v1.2.2

// License-Identifier: MIT

pragma solidity 0.6.12;

// Audit on 5-Jan-2021 by Keno and BoringCrypto

// Source: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol + Claimable.sol

// Edited by BoringCrypto

contract BoringOwnableData {

address public owner;

address public pendingOwner;

}

contract BoringOwnable is BoringOwnableData {

event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

/// @notice `owner` defaults to msg.sender on construction.

constructor() public {

owner = msg.sender;

emit OwnershipTransferred(address(0), msg.sender);

}

/// @notice Transfers ownership to `newOwner`. Either directly or claimable by the new pending owner.

/// Can only be invoked by the current `owner`.

/// @param newOwner Address of the new owner.

/// @param direct True if `newOwner` should be set immediately. False if `newOwner` needs to use `claimOwnership`.

/// @param renounce Allows the `newOwner` to be `address(0)` if `direct` and `renounce` is True. Has no effect otherwise.

function transferOwnership(

address newOwner,

bool direct,

bool renounce

) public onlyOwner {

if (direct) {

// Checks

require(newOwner != address(0) || renounce, "Ownable: zero address");

// Effects

emit OwnershipTransferred(owner, newOwner);

owner = newOwner;

pendingOwner = address(0);

} else {

// Effects

pendingOwner = newOwner;

}

/// @notice Needs to be called by `pendingOwner` to claim ownership.

function claimOwnership() public {

address _pendingOwner = pendingOwner;

// Checks

require(msg.sender == _pendingOwner, "Ownable: caller != pending owner");

// Effects

emit OwnershipTransferred(owner, _pendingOwner);

owner = _pendingOwner;

pendingOwner = address(0);

}

/// @notice Only allows the `owner` to execute the function.

modifier onlyOwner() {

require(msg.sender == owner, "Ownable: caller is not the owner");

}

// File @boringcrypto/boring-solidity/contracts/Domain.sol@v1.2.0

// File @boringcrypto/boring-solidity/contracts/interfaces/IERC20.sol@v1.2.2

// License-Identifier: MIT

Text moved with changes from lines 403-412 (96.7% similarity)

pragma solidity 0.6.12;

interface IERC20 {

function totalSupply() external view returns (uint256);

function balanceOf(address account) external view returns (uint256);

function allowance(address owner, address spender) external view returns (uint256);

function approve(address spender, uint256 amount) external returns (bool);

event Transfer(address indexed from, address indexed to, uint256 value);

event Approval(address indexed owner, address indexed spender, uint256 value);

Text moved from lines 417-426

/// @notice EIP 2612

function permit(

address owner,

address spender,

uint256 value,

uint256 deadline,

uint8 v,

bytes32 r,

bytes32 s

) external;

}

// File @boringcrypto/boring-solidity/contracts/Domain.sol@v1.2.2

// License-Identifier: MIT

// Based on code and smartness by Ross Campbell and Keno

// Uses immutable to store the domain separator to reduce gas usage

// If the chain id changes due to a fork, the forked chain will calculate on the fly.

pragma solidity 0.6.12;

// solhint-disable no-inline-assembly

contract Domain {

bytes32 private constant DOMAIN_SEPARATOR_SIGNATURE_HASH = keccak256("EIP712Domain(uint256 chainId,address verifyingContract)");

// See https://eips.ethereum.org/EIPS/eip-191

string private constant EIP191_PREFIX_FOR_EIP712_STRUCTURED_DATA = "\x19\x01";

// solhint-disable var-name-mixedcase

bytes32 private immutable _DOMAIN_SEPARATOR;

uint256 private immutable DOMAIN_SEPARATOR_CHAIN_ID;

/// @dev Calculate the DOMAIN_SEPARATOR

function _calculateDomainSeparator(uint256 chainId) private view returns (bytes32) {

return keccak256(abi.encode(DOMAIN_SEPARATOR_SIGNATURE_HASH, chainId, address(this)));

return keccak256(

abi.encode(

DOMAIN_SEPARATOR_SIGNATURE_HASH,

chainId,

address(this)

)

);

}

constructor() public {

uint256 chainId;

uint256 chainId; assembly {chainId := chainid()}

assembly {

chainId := chainid()

}

_DOMAIN_SEPARATOR = _calculateDomainSeparator(DOMAIN_SEPARATOR_CHAIN_ID = chainId);

}

/// @dev Return the DOMAIN_SEPARATOR

// It's named internal to allow making it public from the contract that uses it by creating a simple view function

// with the desired public name, such as DOMAIN_SEPARATOR or domainSeparator.

// solhint-disable-next-line func-name-mixedcase

function DOMAIN_SEPARATOR() public view returns (bytes32) {

function _domainSeparator() internal view returns (bytes32) {

uint256 chainId;

uint256 chainId; assembly {chainId := chainid()}

assembly {

chainId := chainid()

}

return chainId == DOMAIN_SEPARATOR_CHAIN_ID ? _DOMAIN_SEPARATOR : _calculateDomainSeparator(chainId);

}

function _getDigest(bytes32 dataHash) internal view returns (bytes32 digest) {

digest = keccak256(abi.encodePacked(EIP191_PREFIX_FOR_EIP712_STRUCTURED_DATA, DOMAIN_SEPARATOR(), dataHash));

digest =

keccak256(

abi.encodePacked(

EIP191_PREFIX_FOR_EIP712_STRUCTURED_DATA,

_domainSeparator(),

dataHash

)

);

}

// File @boringcrypto/boring-solidity/contracts/ERC20.sol@v1.2.0

// File @boringcrypto/boring-solidity/contracts/ERC20.sol@v1.2.2

// License-Identifier: MIT

pragma solidity 0.6.12;

// solhint-disable no-inline-assembly

// solhint-disable not-rely-on-time

// Data part taken out for building of contracts that receive delegate calls

contract ERC20Data {

/// @notice owner > balance mapping.

mapping(address => uint256) public balanceOf;

/// @notice owner > spender > allowance mapping.

mapping(address => mapping(address => uint256)) public allowance;

/// @notice owner > nonce mapping. Used in `permit`.

mapping(address => uint256) public nonces;

}

contract ERC20 is ERC20Data, Domain {

abstract contract ERC20 is IERC20, Domain {

/// @notice owner > balance mapping.

mapping(address => uint256) public override balanceOf;

/// @notice owner > spender > allowance mapping.

mapping(address => mapping(address => uint256)) public override allowance;

/// @notice owner > nonce mapping. Used in `permit`.

mapping(address => uint256) public nonces;

event Transfer(address indexed _from, address indexed _to, uint256 _value);

event Approval(address indexed _owner, address indexed _spender, uint256 _value);

/// @notice Transfers `amount` tokens from `msg.sender` to `to`.

/// @param to The address to move the tokens.

/// @param amount of the tokens to move.

/// @return (bool) Returns True if succeeded.

function transfer(address to, uint256 amount) public returns (bool) {

// If `amount` is 0, or `msg.sender` is `to` nothing happens

if (amount != 0) {

if (amount != 0 || msg.sender == to) {

uint256 srcBalance = balanceOf[msg.sender];

require(srcBalance >= amount, "ERC20: balance too low");

if (msg.sender != to) {

require(to != address(0), "ERC20: no zero address"); // Moved down so low balance calls safe some gas

balanceOf[msg.sender] = srcBalance - amount; // Underflow is checked

balanceOf[to] += amount; // Can't overflow because totalSupply would be greater than 2^256-1

balanceOf[to] += amount;

}

emit Transfer(msg.sender, to, amount);

return true;

}

/// @notice Transfers `amount` tokens from `from` to `to`. Caller needs approval for `from`.

/// @param from Address to draw tokens from.

/// @param to The address to move the tokens.

/// @param amount The token amount to move.

/// @return (bool) Returns True if succeeded.

function transferFrom(

address from,

address to,

uint256 amount

) public returns (bool) {

// If `amount` is 0, or `from` is `to` nothing happens

if (amount != 0) {

uint256 srcBalance = balanceOf[from];

require(srcBalance >= amount, "ERC20: balance too low");

if (from != to) {

uint256 spenderAllowance = allowance[from][msg.sender];

// If allowance is infinite, don't decrease it to save on gas (breaks with EIP-20).

if (spenderAllowance != type(uint256).max) {

require(spenderAllowance >= amount, "ERC20: allowance too low");

allowance[from][msg.sender] = spenderAllowance - amount; // Underflow is checked

}

require(to != address(0), "ERC20: no zero address"); // Moved down so other failed calls safe some gas

balanceOf[from] = srcBalance - amount; // Underflow is checked

balanceOf[to] += amount; // Can't overflow because totalSupply would be greater than 2^256-1

balanceOf[to] += amount;

}

emit Transfer(from, to, amount);

return true;

}

/// @notice Approves `amount` from sender to be spend by `spender`.

/// @param spender Address of the party that can draw from msg.sender's account.

/// @param amount The maximum collective amount that `spender` can draw.

/// @return (bool) Returns True if approved.

function approve(address spender, uint256 amount) public returns (bool) {

function approve(address spender, uint256 amount) public override returns (bool) {

allowance[msg.sender][spender] = amount;

emit Approval(msg.sender, spender, amount);

return true;

}

// solhint-disable-next-line func-name-mixedcase

function DOMAIN_SEPARATOR() external view returns (bytes32) {

return _domainSeparator();

}

// keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");

bytes32 private constant PERMIT_SIGNATURE_HASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;

/// @notice Approves `value` from `owner_` to be spend by `spender`.

/// @param owner_ Address of the owner.

/// @param spender The address of the spender that gets approved to draw from `owner_`.

/// @param value The maximum collective amount that `spender` can draw.

/// @param deadline This permit must be redeemed before this deadline (UTC timestamp in seconds).

function permit(

address owner_,

address spender,

uint256 value,

uint256 deadline,

uint8 v,

bytes32 r,

bytes32 s

) external {

) external override {

require(owner_ != address(0), "ERC20: Owner cannot be 0");

require(block.timestamp < deadline, "ERC20: Expired");

require(

ecrecover(_getDigest(keccak256(abi.encode(PERMIT_SIGNATURE_HASH, owner_, spender, value, nonces[owner_]++, deadline))), v, r, s) ==

owner_,

"ERC20: Invalid Signature"

);

allowance[owner_][spender] = value;

emit Approval(owner_, spender, value);

}

// File @boringcrypto/boring-solidity/contracts/interfaces/IMasterContract.sol@v1.2.0

contract ERC20WithSupply is IERC20, ERC20 {

uint256 public override totalSupply;

function _mint(address user, uint256 amount) private {

uint256 newTotalSupply = totalSupply + amount;

require(newTotalSupply >= totalSupply, "Mint overflow");

totalSupply = newTotalSupply;

balanceOf[user] += amount;

}

function _burn(address user, uint256 amount) private {

require(balanceOf[user] >= amount, "Burn too much");

totalSupply -= amount;

balanceOf[user] -= amount;

}

// File @boringcrypto/boring-solidity/contracts/interfaces/IMasterContract.sol@v1.2.2

// License-Identifier: MIT

pragma solidity 0.6.12;

interface IMasterContract {

/// @notice Init function that gets called from `BoringFactory.deploy`.

/// Also kown as the constructor for cloned contracts.

/// Any ETH send to `BoringFactory.deploy` ends up here.

/// @param data Can be abi encoded arguments or anything else.

function init(bytes calldata data) external payable;

}

// File @boringcrypto/boring-solidity/contracts/libraries/BoringRebase.sol@v1.2.0

// File @boringcrypto/boring-solidity/contracts/libraries/BoringRebase.sol@v1.2.2

// License-Identifier: MIT

pragma solidity 0.6.12;

struct Rebase {

uint128 elastic;

uint128 base;

}

/// @notice A rebasing library using overflow-/underflow-safe math.

library RebaseLibrary {

using BoringMath for uint256;

using BoringMath128 for uint128;

/// @notice Calculates the base value in relationship to `elastic` and `total`.

function toBase(

Rebase memory total,

uint256 elastic,

bool roundUp

) internal pure returns (uint256 base) {

if (total.elastic == 0) {

base = elastic;

} else {

base = elastic.mul(total.base) / total.elastic;

if (roundUp && base.mul(total.elastic) / total.base < elastic) {

base = base.add(1);

}

/// @notice Calculates the elastic value in relationship to `base` and `total`.

function toElastic(

Rebase memory total,

uint256 base,

bool roundUp

) internal pure returns (uint256 elastic) {

if (total.base == 0) {

elastic = base;

} else {

elastic = base.mul(total.elastic) / total.base;

if (roundUp && elastic.mul(total.base) / total.elastic < base) {

elastic = elastic.add(1);

}

/// @notice Add `elastic` to `total` and doubles `total.base`.

/// @return (Rebase) The new total.

/// @return base in relationship to `elastic`.

function add(

Rebase memory total,

uint256 elastic,

bool roundUp

) internal pure returns (Rebase memory, uint256 base) {

base = toBase(total, elastic, roundUp);

total.elastic = total.elastic.add(elastic.to128());

total.base = total.base.add(base.to128());

return (total, base);

}

/// @notice Sub `base` from `total` and update `total.elastic`.

/// @return (Rebase) The new total.

/// @return elastic in relationship to `base`.

function sub(

Rebase memory total,

uint256 base,

bool roundUp

) internal pure returns (Rebase memory, uint256 elastic) {

elastic = toElastic(total, base, roundUp);

total.elastic = total.elastic.sub(elastic.to128());

total.base = total.base.sub(base.to128());

return (total, elastic);

}

/// @notice Add `elastic` and `base` to `total`.

function add(

Rebase memory total,

uint256 elastic,

uint256 base

) internal pure returns (Rebase memory) {

total.elastic = total.elastic.add(elastic.to128());

total.base = total.base.add(base.to128());

return total;

}

/// @notice Subtract `elastic` and `base` to `total`.

function sub(

Rebase memory total,

uint256 elastic,

uint256 base

) internal pure returns (Rebase memory) {

total.elastic = total.elastic.sub(elastic.to128());

total.base = total.base.sub(base.to128());

return total;

}

// File @boringcrypto/boring-solidity/contracts/interfaces/IERC20.sol@v1.2.0

Text moved with changes to lines 143-152 (96.7% similarity)

// License-Identifier: MIT

interface IERC20 {

function totalSupply() external view returns (uint256);

function balanceOf(address account) external view returns (uint256);

function allowance(address owner, address spender) external view returns (uint256);

function approve(address spender, uint256 amount) external returns (bool);

event Transfer(address indexed from, address indexed to, uint256 value);

/// @notice Add `elastic` to `total` and update storage.

event Approval(address indexed owner, address indexed spender, uint256 value);

/// @return newElastic Returns updated `elastic`.

function addElastic(Rebase storage total, uint256 elastic) internal returns (uint256 newElastic) {

newElastic = total.elastic = total.elastic.add(elastic.to128());

}

Text moved to lines 157-166

/// @notice EIP 2612

/// @notice Subtract `elastic` from `total` and update storage.

function permit(

/// @return newElastic Returns updated `elastic`.

address owner,

function subElastic(Rebase storage total, uint256 elastic) internal returns (uint256 newElastic) {

address spender,

newElastic = total.elastic = total.elastic.sub(elastic.to128());

uint256 value,

}

uint256 deadline,

uint8 v,

bytes32 r,

bytes32 s

) external;

}

// File @boringcrypto/boring-solidity/contracts/libraries/BoringERC20.sol@v1.2.0

// File @boringcrypto/boring-solidity/contracts/libraries/BoringERC20.sol@v1.2.2

// License-Identifier: MIT

pragma solidity 0.6.12;

// solhint-disable avoid-low-level-calls

library BoringERC20 {

bytes4 private constant SIG_SYMBOL = 0x95d89b41; // symbol()

bytes4 private constant SIG_NAME = 0x06fdde03; // name()

bytes4 private constant SIG_DECIMALS = 0x313ce567; // decimals()

bytes4 private constant SIG_TRANSFER = 0xa9059cbb; // transfer(address,uint256)

bytes4 private constant SIG_TRANSFER_FROM = 0x23b872dd; // transferFrom(address,address,uint256)

function returnDataToString(bytes memory data) internal pure returns (string memory) {

if (data.length >= 64) {

return abi.decode(data, (string));

} else if (data.length == 32) {

uint8 i = 0;

while (i < 32 && data[i] != 0) {

while(i < 32 && data[i] != 0) {

i++;

}

bytes memory bytesArray = new bytes(i);

for (i = 0; i < 32 && data[i] != 0; i++) {

bytesArray[i] = data[i];

}

return string(bytesArray);

} else {

return "???";

}

/// @notice Provides a safe ERC20.symbol version which returns '???' as fallback string.

/// @param token The address of the ERC-20 token contract.

/// @return (string) Token symbol.

function safeSymbol(IERC20 token) internal view returns (string memory) {

(bool success, bytes memory data) = address(token).staticcall(abi.encodeWithSelector(SIG_SYMBOL));

return success ? returnDataToString(data) : "???";

}

/// @notice Provides a safe ERC20.name version which returns '???' as fallback string.

/// @param token The address of the ERC-20 token contract.

/// @return (string) Token name.

function safeName(IERC20 token) internal view returns (string memory) {

(bool success, bytes memory data) = address(token).staticcall(abi.encodeWithSelector(SIG_NAME));

return success ? returnDataToString(data) : "???";

}

/// @notice Provides a safe ERC20.decimals version which returns '18' as fallback value.

/// @param token The address of the ERC-20 token contract.

/// @return (uint8) Token decimals.

function safeDecimals(IERC20 token) internal view returns (uint8) {

(bool success, bytes memory data) = address(token).staticcall(abi.encodeWithSelector(SIG_DECIMALS));

return success && data.length == 32 ? abi.decode(data, (uint8)) : 18;

}

/// @notice Provides a safe ERC20.transfer version for different ERC-20 implementations.

/// Reverts on a failed transfer.

/// @param token The address of the ERC-20 token.

/// @param to Transfer tokens to.

/// @param amount The token amount.

function safeTransfer(

IERC20 token,

address to,

uint256 amount

) internal {

(bool success, bytes memory data) = address(token).call(abi.encodeWithSelector(SIG_TRANSFER, to, amount));

require(success && (data.length == 0 || abi.decode(data, (bool))), "BoringERC20: Transfer failed");

}

/// @notice Provides a safe ERC20.transferFrom version for different ERC-20 implementations.

/// Reverts on a failed transfer.

/// @param token The address of the ERC-20 token.

/// @param from Transfer tokens from.

/// @param to Transfer tokens to.

/// @param amount The token amount.

Text moved with changes from lines 601-606 (91.4% similarity)

function safeTransferFrom(

IERC20 token,

address from,

address to,

uint256 amount

) internal {

(bool success, bytes memory data) = address(token).call(abi.encodeWithSelector(SIG_TRANSFER_FROM, from, to, amount));

require(success && (data.length == 0 || abi.decode(data, (bool))), "BoringERC20: TransferFrom failed");

}

// File @sushiswap/bentobox-sdk/contracts/IBatchFlashBorrower.sol@v1.0.1

// File @sushiswap/bentobox-sdk/contracts/IBatchFlashBorrower.sol@v1.0.2

// License-Identifier: MIT

pragma solidity 0.6.12;

interface IBatchFlashBorrower {

function onBatchFlashLoan(

address sender,

IERC20[] calldata tokens,

uint256[] calldata amounts,

uint256[] calldata fees,

bytes calldata data

) external;

}

// File @sushiswap/bentobox-sdk/contracts/IFlashBorrower.sol@v1.0.1

// File @sushiswap/bentobox-sdk/contracts/IFlashBorrower.sol@v1.0.2

// License-Identifier: MIT

pragma solidity 0.6.12;

interface IFlashBorrower {

function onFlashLoan(

address sender,

IERC20 token,

uint256 amount,

uint256 fee,

bytes calldata data

) external;

}

// File @sushiswap/bentobox-sdk/contracts/IStrategy.sol@v1.0.1

// File @sushiswap/bentobox-sdk/contracts/IStrategy.sol@v1.0.2

// License-Identifier: MIT

pragma solidity 0.6.12;

interface IStrategy {

// Send the assets to the Strategy and call skim to invest them

function skim(uint256 amount) external;

// Harvest any profits made converted to the asset and pass them to the caller

function harvest(uint256 balance, address sender) external returns (int256 amountAdded);

// Withdraw assets. The returned amount can differ from the requested amount due to rounding.

// The actualAmount should be very close to the amount. The difference should NOT be used to report a loss. That's what harvest is for.

function withdraw(uint256 amount) external returns (uint256 actualAmount);

// Withdraw all assets in the safest way possible. This shouldn't fail.

function exit(uint256 balance) external returns (int256 amountAdded);

}

// File @sushiswap/bentobox-sdk/contracts/IBentoBoxV1.sol@v1.0.1

// File @sushiswap/bentobox-sdk/contracts/IBentoBoxV1.sol@v1.0.2

// License-Identifier: MIT

Text moved from lines 22-24

pragma solidity 0.6.12;

pragma experimental ABIEncoderV2;

interface IBentoBoxV1 {

event LogDeploy(address indexed masterContract, bytes data, address indexed cloneAddress);

event LogDeposit(address indexed token, address indexed from, address indexed to, uint256 amount, uint256 share);

event LogFlashLoan(address indexed borrower, address indexed token, uint256 amount, uint256 feeAmount, address indexed receiver);

event LogRegisterProtocol(address indexed protocol);

event LogSetMasterContractApproval(address indexed masterContract, address indexed user, bool approved);

event LogStrategyDivest(address indexed token, uint256 amount);

event LogStrategyInvest(address indexed token, uint256 amount);

event LogStrategyLoss(address indexed token, uint256 amount);

event LogStrategyProfit(address indexed token, uint256 amount);

event LogStrategyQueued(address indexed token, address indexed strategy);

event LogStrategySet(address indexed token, address indexed strategy);

event LogStrategyTargetPercentage(address indexed token, uint256 targetPercentage);

event LogTransfer(address indexed token, address indexed from, address indexed to, uint256 share);

event LogWhiteListMasterContract(address indexed masterContract, bool approved);

event LogWithdraw(address indexed token, address indexed from, address indexed to, uint256 amount, uint256 share);

event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

function balanceOf(IERC20, address) external view returns (uint

function balanceOf(IERC20, address) external view returns (uint256);

function batch(bytes[] calldata calls, bool revertOnFail) external payable returns (bool[] memory successes, bytes[] memory results);

function batchFlashLoan(

IBatchFlashBorrower borrower,

address[] calldata receivers,

IERC20[] calldata tokens,

uint256[] calldata amounts,

bytes calldata data

) external;

function claimOwnership() external;

function deploy(

address masterContract,

bytes calldata data,

bool useCreate2

) external payable;

function deposit(

IERC20 token_,

address from,

address to,

uint256 amount,

uint256 share

) external payable returns (uint256 amountOut, uint256 shareOut);

function flashLoan(

IFlashBorrower borrower,

address receiver,

IERC20 token,

uint256 amount,

bytes calldata data

) external;

function harvest(

IERC20 token,

bool balance,

uint256 maxChangeAmount

) external;

function masterContractApproved(address, address) external view returns (bool);

function masterContractOf(address) external view returns (address);

function nonces(address) external view returns (uint256);

function owner() external view returns (address);

function pendingOwner() external view returns (address);

function pendingStrategy(IERC20) external view returns (IStrategy);

Text moved with changes to lines 562-567 (91.4% similarity)

function permitToken(

IERC20 token,

address from,

address to,

uint256 amount,

uint256 deadline,

uint8 v,

bytes32 r,

bytes32 s

) external;

function registerProtocol() external;

function setMasterContractApproval(

address user,

address masterContract,

bool approved,

uint8 v,

bytes32 r,

bytes32 s

) external;

function setStrategy(IERC20 token, IStrategy newStrategy) external;

function setStrategyTargetPercentage(IERC20 token, uint64 targetPercentage_) external;

function strategy(IERC20) external view returns (IStrategy);

function strategyData(IERC20)

external

view

returns (

uint64 strategyStartDate,

uint64 targetPercentage,

uint128 balance

);

function toAmount(

IERC20 token,

uint256 share,

bool roundUp

) external view returns (uint256 amount);

function toShare(

IERC20 token,

uint256 amount,

bool roundUp

) external view returns (uint256 share);

function totals(IERC20) external view returns (Rebase memory totals_);

function transfer(

IERC20 token,

address from,

address to,

uint256 share

) external;

function transferMultiple(

IERC20 token,

address from,

address[] calldata tos,

uint256[] calldata shares

) external;

function transferOwnership(

address newOwner,

bool direct,

bool renounce

) external;

function whitelistMasterContract(address masterContract, bool approved) external;

function whitelistedMasterContracts(address) external view returns (bool);

function withdraw(

IERC20 token_,

address from,

address to,

uint256 amount,

保存された差分

原文

ファイルを開く

/**
 *Submitted for verification at Etherscan.io on 2021-03-27
*/

// SPDX-License-Identifier: UNLICENSED
// Kashi Lending Medium Risk

//  __  __             __    __      _____                  __ __
// |  |/  .---.-.-----|  |--|__|    |     |_.-----.-----.--|  |__.-----.-----.
// |     <|  _  |__ --|     |  |    |       |  -__|     |  _  |  |     |  _  |
// |__|\__|___._|_____|__|__|__|    |_______|_____|__|__|_____|__|__|__|___  |
//                                                                     |_____|

// Copyright (c) 2021 BoringCrypto - All rights reserved
// Twitter: @Boring_Crypto

// Special thanks to:
// @0xKeno - for all his invaluable contributions
// @burger_crypto - for the idea of trying to let the LPs benefit from liquidations

// Version: 22-Feb-2021
pragma solidity 0.6.12;
pragma experimental ABIEncoderV2;

// solhint-disable avoid-low-level-calls
// solhint-disable no-inline-assembly
// solhint-disable not-rely-on-time

// File @boringcrypto/boring-solidity/contracts/libraries/BoringMath.sol@v1.2.0
// License-Identifier: MIT

/// @notice A library for performing overflow-/underflow-safe math,
/// updated with awesomeness from of DappHub (https://github.com/dapphub/ds-math).
library BoringMath {
    function add(uint256 a, uint256 b) internal pure returns (uint256 c) {
        require((c = a + b) >= b, "BoringMath: Add Overflow");
    }

function sub(uint256 a, uint256 b) internal pure returns (uint256 c) {
        require((c = a - b) <= a, "BoringMath: Underflow");
    }

function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
        require(b == 0 || (c = a * b) / b == a, "BoringMath: Mul Overflow");
    }

function to128(uint256 a) internal pure returns (uint128 c) {
        require(a <= uint128(-1), "BoringMath: uint128 Overflow");
        c = uint128(a);
    }

function to64(uint256 a) internal pure returns (uint64 c) {
        require(a <= uint64(-1), "BoringMath: uint64 Overflow");
        c = uint64(a);
    }

function to32(uint256 a) internal pure returns (uint32 c) {
        require(a <= uint32(-1), "BoringMath: uint32 Overflow");
        c = uint32(a);
    }
}

/// @notice A library for performing overflow-/underflow-safe addition and subtraction on uint128.
library BoringMath128 {
    function add(uint128 a, uint128 b) internal pure returns (uint128 c) {
        require((c = a + b) >= b, "BoringMath: Add Overflow");
    }

function sub(uint128 a, uint128 b) internal pure returns (uint128 c) {
        require((c = a - b) <= a, "BoringMath: Underflow");
    }
}

// File @boringcrypto/boring-solidity/contracts/BoringOwnable.sol@v1.2.0
// License-Identifier: MIT

// Audit on 5-Jan-2021 by Keno and BoringCrypto
// Source: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol + Claimable.sol
// Edited by BoringCrypto

contract BoringOwnableData {
    address public owner;
    address public pendingOwner;
}

contract BoringOwnable is BoringOwnableData {
    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

/// @notice `owner` defaults to msg.sender on construction.
    constructor() public {
        owner = msg.sender;
        emit OwnershipTransferred(address(0), msg.sender);
    }

/// @notice Transfers ownership to `newOwner`. Either directly or claimable by the new pending owner.
    /// Can only be invoked by the current `owner`.
    /// @param newOwner Address of the new owner.
    /// @param direct True if `newOwner` should be set immediately. False if `newOwner` needs to use `claimOwnership`.
    /// @param renounce Allows the `newOwner` to be `address(0)` if `direct` and `renounce` is True. Has no effect otherwise.
    function transferOwnership(
        address newOwner,
        bool direct,
        bool renounce
    ) public onlyOwner {
        if (direct) {
            // Checks
            require(newOwner != address(0) || renounce, "Ownable: zero address");

// Effects
            emit OwnershipTransferred(owner, newOwner);
            owner = newOwner;
            pendingOwner = address(0);
        } else {
            // Effects
            pendingOwner = newOwner;
        }
    }

/// @notice Needs to be called by `pendingOwner` to claim ownership.
    function claimOwnership() public {
        address _pendingOwner = pendingOwner;

// Checks
        require(msg.sender == _pendingOwner, "Ownable: caller != pending owner");

// Effects
        emit OwnershipTransferred(owner, _pendingOwner);
        owner = _pendingOwner;
        pendingOwner = address(0);
    }

/// @notice Only allows the `owner` to execute the function.
    modifier onlyOwner() {
        require(msg.sender == owner, "Ownable: caller is not the owner");
        _;
    }
}

// File @boringcrypto/boring-solidity/contracts/Domain.sol@v1.2.0
// License-Identifier: MIT
// Based on code and smartness by Ross Campbell and Keno
// Uses immutable to store the domain separator to reduce gas usage
// If the chain id changes due to a fork, the forked chain will calculate on the fly.

contract Domain {
    bytes32 private constant DOMAIN_SEPARATOR_SIGNATURE_HASH = keccak256("EIP712Domain(uint256 chainId,address verifyingContract)");
    // See https://eips.ethereum.org/EIPS/eip-191
    string private constant EIP191_PREFIX_FOR_EIP712_STRUCTURED_DATA = "\x19\x01";

// solhint-disable var-name-mixedcase
    bytes32 private immutable _DOMAIN_SEPARATOR;
    uint256 private immutable DOMAIN_SEPARATOR_CHAIN_ID;

/// @dev Calculate the DOMAIN_SEPARATOR
    function _calculateDomainSeparator(uint256 chainId) private view returns (bytes32) {
        return keccak256(abi.encode(DOMAIN_SEPARATOR_SIGNATURE_HASH, chainId, address(this)));
    }

constructor() public {
        uint256 chainId;
        assembly {
            chainId := chainid()
        }
        _DOMAIN_SEPARATOR = _calculateDomainSeparator(DOMAIN_SEPARATOR_CHAIN_ID = chainId);
    }

/// @dev Return the DOMAIN_SEPARATOR
    // It's named internal to allow making it public from the contract that uses it by creating a simple view function
    // with the desired public name, such as DOMAIN_SEPARATOR or domainSeparator.
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() public view returns (bytes32) {
        uint256 chainId;
        assembly {
            chainId := chainid()
        }
        return chainId == DOMAIN_SEPARATOR_CHAIN_ID ? _DOMAIN_SEPARATOR : _calculateDomainSeparator(chainId);
    }

function _getDigest(bytes32 dataHash) internal view returns (bytes32 digest) {
        digest = keccak256(abi.encodePacked(EIP191_PREFIX_FOR_EIP712_STRUCTURED_DATA, DOMAIN_SEPARATOR(), dataHash));
    }
}

// File @boringcrypto/boring-solidity/contracts/ERC20.sol@v1.2.0
// License-Identifier: MIT

// solhint-disable no-inline-assembly
// solhint-disable not-rely-on-time

// Data part taken out for building of contracts that receive delegate calls
contract ERC20Data {
    /// @notice owner > balance mapping.
    mapping(address => uint256) public balanceOf;
    /// @notice owner > spender > allowance mapping.
    mapping(address => mapping(address => uint256)) public allowance;
    /// @notice owner > nonce mapping. Used in `permit`.
    mapping(address => uint256) public nonces;
}

contract ERC20 is ERC20Data, Domain {
    event Transfer(address indexed _from, address indexed _to, uint256 _value);
    event Approval(address indexed _owner, address indexed _spender, uint256 _value);

/// @notice Transfers `amount` tokens from `msg.sender` to `to`.
    /// @param to The address to move the tokens.
    /// @param amount of the tokens to move.
    /// @return (bool) Returns True if succeeded.
    function transfer(address to, uint256 amount) public returns (bool) {
        // If `amount` is 0, or `msg.sender` is `to` nothing happens
        if (amount != 0) {
            uint256 srcBalance = balanceOf[msg.sender];
            require(srcBalance >= amount, "ERC20: balance too low");
            if (msg.sender != to) {
                require(to != address(0), "ERC20: no zero address"); // Moved down so low balance calls safe some gas

balanceOf[msg.sender] = srcBalance - amount; // Underflow is checked
                balanceOf[to] += amount; // Can't overflow because totalSupply would be greater than 2^256-1
            }
        }
        emit Transfer(msg.sender, to, amount);
        return true;
    }

/// @notice Transfers `amount` tokens from `from` to `to`. Caller needs approval for `from`.
    /// @param from Address to draw tokens from.
    /// @param to The address to move the tokens.
    /// @param amount The token amount to move.
    /// @return (bool) Returns True if succeeded.
    function transferFrom(
        address from,
        address to,
        uint256 amount
    ) public returns (bool) {
        // If `amount` is 0, or `from` is `to` nothing happens
        if (amount != 0) {
            uint256 srcBalance = balanceOf[from];
            require(srcBalance >= amount, "ERC20: balance too low");

if (from != to) {
                uint256 spenderAllowance = allowance[from][msg.sender];
                // If allowance is infinite, don't decrease it to save on gas (breaks with EIP-20).
                if (spenderAllowance != type(uint256).max) {
                    require(spenderAllowance >= amount, "ERC20: allowance too low");
                    allowance[from][msg.sender] = spenderAllowance - amount; // Underflow is checked
                }
                require(to != address(0), "ERC20: no zero address"); // Moved down so other failed calls safe some gas

balanceOf[from] = srcBalance - amount; // Underflow is checked
                balanceOf[to] += amount; // Can't overflow because totalSupply would be greater than 2^256-1
            }
        }
        emit Transfer(from, to, amount);
        return true;
    }

/// @notice Approves `amount` from sender to be spend by `spender`.
    /// @param spender Address of the party that can draw from msg.sender's account.
    /// @param amount The maximum collective amount that `spender` can draw.
    /// @return (bool) Returns True if approved.
    function approve(address spender, uint256 amount) public returns (bool) {
        allowance[msg.sender][spender] = amount;
        emit Approval(msg.sender, spender, amount);
        return true;
    }

// keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
    bytes32 private constant PERMIT_SIGNATURE_HASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;

/// @notice Approves `value` from `owner_` to be spend by `spender`.
    /// @param owner_ Address of the owner.
    /// @param spender The address of the spender that gets approved to draw from `owner_`.
    /// @param value The maximum collective amount that `spender` can draw.
    /// @param deadline This permit must be redeemed before this deadline (UTC timestamp in seconds).
    function permit(
        address owner_,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external {
        require(owner_ != address(0), "ERC20: Owner cannot be 0");
        require(block.timestamp < deadline, "ERC20: Expired");
        require(
            ecrecover(_getDigest(keccak256(abi.encode(PERMIT_SIGNATURE_HASH, owner_, spender, value, nonces[owner_]++, deadline))), v, r, s) ==
                owner_,
            "ERC20: Invalid Signature"
        );
        allowance[owner_][spender] = value;
        emit Approval(owner_, spender, value);
    }
}

// File @boringcrypto/boring-solidity/contracts/interfaces/IMasterContract.sol@v1.2.0
// License-Identifier: MIT

interface IMasterContract {
    /// @notice Init function that gets called from `BoringFactory.deploy`.
    /// Also kown as the constructor for cloned contracts.
    /// Any ETH send to `BoringFactory.deploy` ends up here.
    /// @param data Can be abi encoded arguments or anything else.
    function init(bytes calldata data) external payable;
}

// File @boringcrypto/boring-solidity/contracts/libraries/BoringRebase.sol@v1.2.0
// License-Identifier: MIT

struct Rebase {
    uint128 elastic;
    uint128 base;
}

/// @notice A rebasing library using overflow-/underflow-safe math.
library RebaseLibrary {
    using BoringMath for uint256;
    using BoringMath128 for uint128;

/// @notice Calculates the base value in relationship to `elastic` and `total`.
    function toBase(
        Rebase memory total,
        uint256 elastic,
        bool roundUp
    ) internal pure returns (uint256 base) {
        if (total.elastic == 0) {
            base = elastic;
        } else {
            base = elastic.mul(total.base) / total.elastic;
            if (roundUp && base.mul(total.elastic) / total.base < elastic) {
                base = base.add(1);
            }
        }
    }

/// @notice Calculates the elastic value in relationship to `base` and `total`.
    function toElastic(
        Rebase memory total,
        uint256 base,
        bool roundUp
    ) internal pure returns (uint256 elastic) {
        if (total.base == 0) {
            elastic = base;
        } else {
            elastic = base.mul(total.elastic) / total.base;
            if (roundUp && elastic.mul(total.base) / total.elastic < base) {
                elastic = elastic.add(1);
            }
        }
    }

/// @notice Add `elastic` to `total` and doubles `total.base`.
    /// @return (Rebase) The new total.
    /// @return base in relationship to `elastic`.
    function add(
        Rebase memory total,
        uint256 elastic,
        bool roundUp
    ) internal pure returns (Rebase memory, uint256 base) {
        base = toBase(total, elastic, roundUp);
        total.elastic = total.elastic.add(elastic.to128());
        total.base = total.base.add(base.to128());
        return (total, base);
    }

/// @notice Sub `base` from `total` and update `total.elastic`.
    /// @return (Rebase) The new total.
    /// @return elastic in relationship to `base`.
    function sub(
        Rebase memory total,
        uint256 base,
        bool roundUp
    ) internal pure returns (Rebase memory, uint256 elastic) {
        elastic = toElastic(total, base, roundUp);
        total.elastic = total.elastic.sub(elastic.to128());
        total.base = total.base.sub(base.to128());
        return (total, elastic);
    }

/// @notice Add `elastic` and `base` to `total`.
    function add(
        Rebase memory total,
        uint256 elastic,
        uint256 base
    ) internal pure returns (Rebase memory) {
        total.elastic = total.elastic.add(elastic.to128());
        total.base = total.base.add(base.to128());
        return total;
    }

/// @notice Subtract `elastic` and `base` to `total`.
    function sub(
        Rebase memory total,
        uint256 elastic,
        uint256 base
    ) internal pure returns (Rebase memory) {
        total.elastic = total.elastic.sub(elastic.to128());
        total.base = total.base.sub(base.to128());
        return total;
    }
}

// File @boringcrypto/boring-solidity/contracts/interfaces/IERC20.sol@v1.2.0
// License-Identifier: MIT

interface IERC20 {
    function totalSupply() external view returns (uint256);

function balanceOf(address account) external view returns (uint256);

function allowance(address owner, address spender) external view returns (uint256);

function approve(address spender, uint256 amount) external returns (bool);

event Transfer(address indexed from, address indexed to, uint256 value);
    event Approval(address indexed owner, address indexed spender, uint256 value);

/// @notice EIP 2612
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;
}

// File @boringcrypto/boring-solidity/contracts/libraries/BoringERC20.sol@v1.2.0
// License-Identifier: MIT

library BoringERC20 {
    bytes4 private constant SIG_SYMBOL = 0x95d89b41; // symbol()
    bytes4 private constant SIG_NAME = 0x06fdde03; // name()
    bytes4 private constant SIG_DECIMALS = 0x313ce567; // decimals()
    bytes4 private constant SIG_TRANSFER = 0xa9059cbb; // transfer(address,uint256)
    bytes4 private constant SIG_TRANSFER_FROM = 0x23b872dd; // transferFrom(address,address,uint256)

/// @notice Provides a safe ERC20.symbol version which returns '???' as fallback string.
    /// @param token The address of the ERC-20 token contract.
    /// @return (string) Token symbol.
    function safeSymbol(IERC20 token) internal view returns (string memory) {
        (bool success, bytes memory data) = address(token).staticcall(abi.encodeWithSelector(SIG_SYMBOL));
        return success ? returnDataToString(data) : "???";
    }

/// @notice Provides a safe ERC20.name version which returns '???' as fallback string.
    /// @param token The address of the ERC-20 token contract.
    /// @return (string) Token name.
    function safeName(IERC20 token) internal view returns (string memory) {
        (bool success, bytes memory data) = address(token).staticcall(abi.encodeWithSelector(SIG_NAME));
        return success ? returnDataToString(data) : "???";
    }

/// @notice Provides a safe ERC20.decimals version which returns '18' as fallback value.
    /// @param token The address of the ERC-20 token contract.
    /// @return (uint8) Token decimals.
    function safeDecimals(IERC20 token) internal view returns (uint8) {
        (bool success, bytes memory data) = address(token).staticcall(abi.encodeWithSelector(SIG_DECIMALS));
        return success && data.length == 32 ? abi.decode(data, (uint8)) : 18;
    }
}

// File @sushiswap/bentobox-sdk/contracts/IBatchFlashBorrower.sol@v1.0.1
// License-Identifier: MIT

interface IBatchFlashBorrower {
    function onBatchFlashLoan(
        address sender,
        IERC20[] calldata tokens,
        uint256[] calldata amounts,
        uint256[] calldata fees,
        bytes calldata data
    ) external;
}

// File @sushiswap/bentobox-sdk/contracts/IFlashBorrower.sol@v1.0.1
// License-Identifier: MIT

interface IFlashBorrower {
    function onFlashLoan(
        address sender,
        IERC20 token,
        uint256 amount,
        uint256 fee,
        bytes calldata data
    ) external;
}

// File @sushiswap/bentobox-sdk/contracts/IStrategy.sol@v1.0.1
// License-Identifier: MIT

interface IStrategy {
    // Send the assets to the Strategy and call skim to invest them
    function skim(uint256 amount) external;

// Harvest any profits made converted to the asset and pass them to the caller
    function harvest(uint256 balance, address sender) external returns (int256 amountAdded);

// Withdraw assets. The returned amount can differ from the requested amount due to rounding.
    // The actualAmount should be very close to the amount. The difference should NOT be used to report a loss. That's what harvest is for.
    function withdraw(uint256 amount) external returns (uint256 actualAmount);

// Withdraw all assets in the safest way possible. This shouldn't fail.
    function exit(uint256 balance) external returns (int256 amountAdded);
}

// File @sushiswap/bentobox-sdk/contracts/IBentoBoxV1.sol@v1.0.1
// License-Identifier: MIT

function balanceOf(IERC20, address) external view returns (uint256);

function batch(bytes[] calldata calls, bool revertOnFail) external payable returns (bool[] memory successes, bytes[] memory results);

function batchFlashLoan(
        IBatchFlashBorrower borrower,
        address[] calldata receivers,
        IERC20[] calldata tokens,
        uint256[] calldata amounts,
        bytes calldata data
    ) external;

function claimOwnership() external;

function deploy(
        address masterContract,
        bytes calldata data,
        bool useCreate2
    ) external payable;

function deposit(
        IERC20 token_,
        address from,
        address to,
        uint256 amount,
        uint256 share
    ) external payable returns (uint256 amountOut, uint256 shareOut);

function flashLoan(
        IFlashBorrower borrower,
        address receiver,
        IERC20 token,
        uint256 amount,
        bytes calldata data
    ) external;

function harvest(
        IERC20 token,
        bool balance,
        uint256 maxChangeAmount
    ) external;

function masterContractApproved(address, address) external view returns (bool);

function masterContractOf(address) external view returns (address);

function nonces(address) external view returns (uint256);

function owner() external view returns (address);

function pendingOwner() external view returns (address);

function pendingStrategy(IERC20) external view returns (IStrategy);

function permitToken(
        IERC20 token,
        address from,
        address to,
        uint256 amount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

function registerProtocol() external;

function setMasterContractApproval(
        address user,
        address masterContract,
        bool approved,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

function setStrategy(IERC20 token, IStrategy newStrategy) external;

function setStrategyTargetPercentage(IERC20 token, uint64 targetPercentage_) external;

function strategy(IERC20) external view returns (IStrategy);

function strategyData(IERC20)
        external
        view
        returns (
            uint64 strategyStartDate,
            uint64 targetPercentage,
            uint128 balance
        );

function toAmount(
        IERC20 token,
        uint256 share,
        bool roundUp
    ) external view returns (uint256 amount);

function toShare(
        IERC20 token,
        uint256 amount,
        bool roundUp
    ) external view returns (uint256 share);

function totals(IERC20) external view returns (Rebase memory totals_);

function transfer(
        IERC20 token,
        address from,
        address to,
        uint256 share
    ) external;

function transferMultiple(
        IERC20 token,
        address from,
        address[] calldata tos,
        uint256[] calldata shares
    ) external;

function transferOwnership(
        address newOwner,
        bool direct,
        bool renounce
    ) external;

function whitelistMasterContract(address masterContract, bool approved) external;

function whitelistedMasterContracts(address) external view returns (bool);

function withdraw(
        IERC20 token_,
        address from,
        address to,
        uint256 amount,
        uint256 share
    ) external returns (uint256 amountOut, uint256 shareOut);
}

// File contracts/interfaces/IOracle.sol
// License-Identifier: MIT

interface IOracle {
    /// @notice Get the latest exchange rate.
    /// @param data Usually abi encoded, implementation specific data that contains information and arguments to & about the oracle.
    /// For example:
    /// (string memory collateralSymbol, string memory assetSymbol, uint256 division) = abi.decode(data, (string, string, uint256));
    /// @return success if no valid (recent) rate is available, return false else true.
    /// @return rate The rate of the requested asset / pair / pool.
    function get(bytes calldata data) external returns (bool success, uint256 rate);

/// @notice Check the last exchange rate without any state changes.
    /// @param data Usually abi encoded, implementation specific data that contains information and arguments to & about the oracle.
    /// For example:
    /// (string memory collateralSymbol, string memory assetSymbol, uint256 division) = abi.decode(data, (string, string, uint256));
    /// @return success if no valid (recent) rate is available, return false else true.
    /// @return rate The rate of the requested asset / pair / pool.
    function peek(bytes calldata data) external view returns (bool success, uint256 rate);

/// @notice Check the current spot exchange rate without any state changes. For oracles like TWAP this will be different from peek().
    /// @param data Usually abi encoded, implementation specific data that contains information and arguments to & about the oracle.
    /// For example:
    /// (string memory collateralSymbol, string memory assetSymbol, uint256 division) = abi.decode(data, (string, string, uint256));
    /// @return rate The rate of the requested asset / pair / pool.
    function peekSpot(bytes calldata data) external view returns (uint256 rate);

/// @notice Returns a human readable (short) name about this oracle.
    /// @param data Usually abi encoded, implementation specific data that contains information and arguments to & about the oracle.
    /// For example:
    /// (string memory collateralSymbol, string memory assetSymbol, uint256 division) = abi.decode(data, (string, string, uint256));
    /// @return (string) A human readable symbol name about this oracle.
    function symbol(bytes calldata data) external view returns (string memory);

/// @notice Returns a human readable name about this oracle.
    /// @param data Usually abi encoded, implementation specific data that contains information and arguments to & about the oracle.
    /// For example:
    /// (string memory collateralSymbol, string memory assetSymbol, uint256 division) = abi.decode(data, (string, string, uint256));
    /// @return (string) A human readable name about this oracle.
    function name(bytes calldata data) external view returns (string memory);
}

// File contracts/interfaces/ISwapper.sol
// License-Identifier: MIT

interface ISwapper {
    /// @notice Withdraws 'amountFrom' of token 'from' from the BentoBox account for this swapper.
    /// Swaps it for at least 'amountToMin' of token 'to'.
    /// Transfers the swapped tokens of 'to' into the BentoBox using a plain ERC20 transfer.
    /// Returns the amount of tokens 'to' transferred to BentoBox.
    /// (The BentoBox skim function will be used by the caller to get the swapped funds).
    function swap(
        IERC20 fromToken,
        IERC20 toToken,
        address recipient,
        uint256 shareToMin,
        uint256 shareFrom
    ) external returns (uint256 extraShare, uint256 shareReturned);

/// @notice Calculates the amount of token 'from' needed to complete the swap (amountFrom),
    /// this should be less than or equal to amountFromMax.
    /// Withdraws 'amountFrom' of token 'from' from the BentoBox account for this swapper.
    /// Swaps it for exactly 'exactAmountTo' of token 'to'.
    /// Transfers the swapped tokens of 'to' into the BentoBox using a plain ERC20 transfer.
    /// Transfers allocated, but unused 'from' tokens within the BentoBox to 'refundTo' (amountFromMax - amountFrom).
    /// Returns the amount of 'from' tokens withdrawn from BentoBox (amountFrom).
    /// (The BentoBox skim function will be used by the caller to get the swapped funds).
    function swapExact(
        IERC20 fromToken,
        IERC20 toToken,
        address recipient,
        address refundTo,
        uint256 shareFromSupplied,
        uint256 shareToExact
    ) external returns (uint256 shareUsed, uint256 shareReturned);
}

// File contracts/KashiPair.sol
// License-Identifier: UNLICENSED
// Kashi Lending Medium Risk

/// @title KashiPair
/// @dev This contract allows contract calls to any contract (except BentoBox)
/// from arbitrary callers thus, don't trust calls from this contract in any circumstances.
contract KashiPairMediumRiskV1 is ERC20, BoringOwnable, IMasterContract {
    using BoringMath for uint256;
    using BoringMath128 for uint128;
    using RebaseLibrary for Rebase;
    using BoringERC20 for IERC20;

event LogExchangeRate(uint256 rate);
    event LogAccrue(uint256 accruedAmount, uint256 feeFraction, uint64 rate, uint256 utilization);
    event LogAddCollateral(address indexed from, address indexed to, uint256 share);
    event LogAddAsset(address indexed from, address indexed to, uint256 share, uint256 fraction);
    event LogRemoveCollateral(address indexed from, address indexed to, uint256 share);
    event LogRemoveAsset(address indexed from, address indexed to, uint256 share, uint256 fraction);
    event LogBorrow(address indexed from, address indexed to, uint256 amount, uint256 feeAmount, uint256 part);
    event LogRepay(address indexed from, address indexed to, uint256 amount, uint256 part);
    event LogFeeTo(address indexed newFeeTo);
    event LogWithdrawFees(address indexed feeTo, uint256 feesEarnedFraction);

// Immutables (for MasterContract and all clones)
    IBentoBoxV1 public immutable bentoBox;
    KashiPairMediumRiskV1 public immutable masterContract;

// MasterContract variables
    address public feeTo;
    mapping(ISwapper => bool) public swappers;

// Per clone variables
    // Clone init settings
    IERC20 public collateral;
    IERC20 public asset;
    IOracle public oracle;
    bytes public oracleData;

// Total amounts
    uint256 public totalCollateralShare; // Total collateral supplied
    Rebase public totalAsset; // elastic = BentoBox shares held by the KashiPair, base = Total fractions held by asset suppliers
    Rebase public totalBorrow; // elastic = Total token amount to be repayed by borrowers, base = Total parts of the debt held by borrowers

// User balances
    mapping(address => uint256) public userCollateralShare;
    // userAssetFraction is called balanceOf for ERC20 compatibility (it's in ERC20.sol)
    mapping(address => uint256) public userBorrowPart;

/// @notice Exchange and interest rate tracking.
    /// This is 'cached' here because calls to Oracles can be very expensive.
    uint256 public exchangeRate;

struct AccrueInfo {
        uint64 interestPerSecond;
        uint64 lastAccrued;
        uint128 feesEarnedFraction;
    }

AccrueInfo public accrueInfo;

// ERC20 'variables'
    function symbol() external view returns (string memory) {
        return string(abi.encodePacked("km", collateral.safeSymbol(), "/", asset.safeSymbol(), "-", oracle.symbol(oracleData)));
    }

function name() external view returns (string memory) {
        return string(abi.encodePacked("Kashi Medium Risk ", collateral.safeName(), "/", asset.safeName(), "-", oracle.name(oracleData)));
    }

function decimals() external view returns (uint8) {
        return asset.safeDecimals();
    }

// totalSupply for ERC20 compatibility
    function totalSupply() public view returns (uint256) {
        return totalAsset.base;
    }

// Settings for the Medium Risk KashiPair
    uint256 private constant CLOSED_COLLATERIZATION_RATE = 75000; // 75%
    uint256 private constant OPEN_COLLATERIZATION_RATE = 77000; // 77%
    uint256 private constant COLLATERIZATION_RATE_PRECISION = 1e5; // Must be less than EXCHANGE_RATE_PRECISION (due to optimization in math)
    uint256 private constant MINIMUM_TARGET_UTILIZATION = 7e17; // 70%
    uint256 private constant MAXIMUM_TARGET_UTILIZATION = 8e17; // 80%
    uint256 private constant UTILIZATION_PRECISION = 1e18;
    uint256 private constant FULL_UTILIZATION = 1e18;
    uint256 private constant FULL_UTILIZATION_MINUS_MAX = FULL_UTILIZATION - MAXIMUM_TARGET_UTILIZATION;
    uint256 private constant FACTOR_PRECISION = 1e18;

uint64 private constant STARTING_INTEREST_PER_SECOND = 317097920; // approx 1% APR
    uint64 private constant MINIMUM_INTEREST_PER_SECOND = 79274480; // approx 0.25% APR
    uint64 private constant MAXIMUM_INTEREST_PER_SECOND = 317097920000; // approx 1000% APR
    uint256 private constant INTEREST_ELASTICITY = 28800e36; // Half or double in 28800 seconds (8 hours) if linear

uint256 private constant EXCHANGE_RATE_PRECISION = 1e18;

uint256 private constant LIQUIDATION_MULTIPLIER = 112000; // add 12%
    uint256 private constant LIQUIDATION_MULTIPLIER_PRECISION = 1e5;

// Fees
    uint256 private constant PROTOCOL_FEE = 10000; // 10%
    uint256 private constant PROTOCOL_FEE_DIVISOR = 1e5;
    uint256 private constant BORROW_OPENING_FEE = 50; // 0.05%
    uint256 private constant BORROW_OPENING_FEE_PRECISION = 1e5;

/// @notice The constructor is only used for the initial master contract. Subsequent clones are initialised via `init`.
    constructor(IBentoBoxV1 bentoBox_) public {
        bentoBox = bentoBox_;
        masterContract = this;
    }

/// @notice Serves as the constructor for clones, as clones can't have a regular constructor
    /// @dev `data` is abi encoded in the format: (IERC20 collateral, IERC20 asset, IOracle oracle, bytes oracleData)
    function init(bytes calldata data) public payable override {
        require(address(collateral) == address(0), "KashiPair: already initialized");
        (collateral, asset, oracle, oracleData) = abi.decode(data, (IERC20, IERC20, IOracle, bytes));
        require(address(collateral) != address(0), "KashiPair: bad pair");

accrueInfo.interestPerSecond = uint64(STARTING_INTEREST_PER_SECOND); // 1% APR, with 1e18 being 100%
    }

/// @notice Accrues the interest on the borrowed tokens and handles the accumulation of fees.
    function accrue() public {
        AccrueInfo memory _accrueInfo = accrueInfo;
        // Number of seconds since accrue was called
        uint256 elapsedTime = block.timestamp - _accrueInfo.lastAccrued;
        if (elapsedTime == 0) {
            return;
        }
        _accrueInfo.lastAccrued = uint64(block.timestamp);

Rebase memory _totalBorrow = totalBorrow;
        if (_totalBorrow.base == 0) {
            // If there are no borrows, reset the interest rate
            if (_accrueInfo.interestPerSecond != STARTING_INTEREST_PER_SECOND) {
                _accrueInfo.interestPerSecond = STARTING_INTEREST_PER_SECOND;
                emit LogAccrue(0, 0, STARTING_INTEREST_PER_SECOND, 0);
            }
            accrueInfo = _accrueInfo;
            return;
        }

uint256 extraAmount = 0;
        uint256 feeFraction = 0;
        Rebase memory _totalAsset = totalAsset;

// Accrue interest
        extraAmount = uint256(_totalBorrow.elastic).mul(_accrueInfo.interestPerSecond).mul(elapsedTime) / 1e18;
        _totalBorrow.elastic = _totalBorrow.elastic.add(extraAmount.to128());
        uint256 fullAssetAmount = bentoBox.toAmount(asset, _totalAsset.elastic, false).add(_totalBorrow.elastic);

uint256 feeAmount = extraAmount.mul(PROTOCOL_FEE) / PROTOCOL_FEE_DIVISOR; // % of interest paid goes to fee
        feeFraction = feeAmount.mul(_totalAsset.base) / fullAssetAmount;
        _accrueInfo.feesEarnedFraction = _accrueInfo.feesEarnedFraction.add(feeFraction.to128());
        totalAsset.base = _totalAsset.base.add(feeFraction.to128());
        totalBorrow = _totalBorrow;

// Update interest rate
        uint256 utilization = uint256(_totalBorrow.elastic).mul(UTILIZATION_PRECISION) / fullAssetAmount;
        if (utilization < MINIMUM_TARGET_UTILIZATION) {
            uint256 underFactor = MINIMUM_TARGET_UTILIZATION.sub(utilization).mul(FACTOR_PRECISION) / MINIMUM_TARGET_UTILIZATION;
            uint256 scale = INTEREST_ELASTICITY.add(underFactor.mul(underFactor).mul(elapsedTime));
            _accrueInfo.interestPerSecond = uint64(uint256(_accrueInfo.interestPerSecond).mul(INTEREST_ELASTICITY) / scale);

if (_accrueInfo.interestPerSecond < MINIMUM_INTEREST_PER_SECOND) {
                _accrueInfo.interestPerSecond = MINIMUM_INTEREST_PER_SECOND; // 0.25% APR minimum
            }
        } else if (utilization > MAXIMUM_TARGET_UTILIZATION) {
            uint256 overFactor = utilization.sub(MAXIMUM_TARGET_UTILIZATION).mul(FACTOR_PRECISION) / FULL_UTILIZATION_MINUS_MAX;
            uint256 scale = INTEREST_ELASTICITY.add(overFactor.mul(overFactor).mul(elapsedTime));
            uint256 newInterestPerSecond = uint256(_accrueInfo.interestPerSecond).mul(scale) / INTEREST_ELASTICITY;
            if (newInterestPerSecond > MAXIMUM_INTEREST_PER_SECOND) {
                newInterestPerSecond = MAXIMUM_INTEREST_PER_SECOND; // 1000% APR maximum
            }
            _accrueInfo.interestPerSecond = uint64(newInterestPerSecond);
        }

emit LogAccrue(extraAmount, feeFraction, _accrueInfo.interestPerSecond, utilization);
        accrueInfo = _accrueInfo;
    }

/// @notice Concrete implementation of `isSolvent`. Includes a third parameter to allow caching `exchangeRate`.
    /// @param _exchangeRate The exchange rate. Used to cache the `exchangeRate` between calls.
    function _isSolvent(
        address user,
        bool open,
        uint256 _exchangeRate
    ) internal view returns (bool) {
        // accrue must have already been called!
        uint256 borrowPart = userBorrowPart[user];
        if (borrowPart == 0) return true;
        uint256 collateralShare = userCollateralShare[user];
        if (collateralShare == 0) return false;

Rebase memory _totalBorrow = totalBorrow;

return
            bentoBox.toAmount(
                collateral,
                collateralShare.mul(EXCHANGE_RATE_PRECISION / COLLATERIZATION_RATE_PRECISION).mul(
                    open ? OPEN_COLLATERIZATION_RATE : CLOSED_COLLATERIZATION_RATE
                ),
                false
            ) >=
            // Moved exchangeRate here instead of dividing the other side to preserve more precision
            borrowPart.mul(_totalBorrow.elastic).mul(_exchangeRate) / _totalBorrow.base;
    }

/// @dev Checks if the user is solvent in the closed liquidation case at the end of the function body.
    modifier solvent() {
        _;
        require(_isSolvent(msg.sender, false, exchangeRate), "KashiPair: user insolvent");
    }

/// @notice Gets the exchange rate. I.e how much collateral to buy 1e18 asset.
    /// This function is supposed to be invoked if needed because Oracle queries can be expensive.
    /// @return updated True if `exchangeRate` was updated.
    /// @return rate The new exchange rate.
    function updateExchangeRate() public returns (bool updated, uint256 rate) {
        (updated, rate) = oracle.get(oracleData);

if (updated) {
            exchangeRate = rate;
            emit LogExchangeRate(rate);
        } else {
            // Return the old rate if fetching wasn't successful
            rate = exchangeRate;
        }
    }

/// @dev Helper function to move tokens.
    /// @param token The ERC-20 token.
    /// @param share The amount in shares to add.
    /// @param total Grand total amount to deduct from this contract's balance. Only applicable if `skim` is True.
    /// Only used for accounting checks.
    /// @param skim If True, only does a balance check on this contract.
    /// False if tokens from msg.sender in `bentoBox` should be transferred.
    function _addTokens(
        IERC20 token,
        uint256 share,
        uint256 total,
        bool skim
    ) internal {
        if (skim) {
            require(share <= bentoBox.balanceOf(token, address(this)).sub(total), "KashiPair: Skim too much");
        } else {
            bentoBox.transfer(token, msg.sender, address(this), share);
        }
    }

/// @notice Adds `collateral` from msg.sender to the account `to`.
    /// @param to The receiver of the tokens.
    /// @param skim True if the amount should be skimmed from the deposit balance of msg.sender.
    /// False if tokens from msg.sender in `bentoBox` should be transferred.
    /// @param share The amount of shares to add for `to`.
    function addCollateral(
        address to,
        bool skim,
        uint256 share
    ) public {
        userCollateralShare[to] = userCollateralShare[to].add(share);
        uint256 oldTotalCollateralShare = totalCollateralShare;
        totalCollateralShare = oldTotalCollateralShare.add(share);
        _addTokens(collateral, share, oldTotalCollateralShare, skim);
        emit LogAddCollateral(skim ? address(bentoBox) : msg.sender, to, share);
    }

/// @dev Concrete implementation of `removeCollateral`.
    function _removeCollateral(address to, uint256 share) internal {
        userCollateralShare[msg.sender] = userCollateralShare[msg.sender].sub(share);
        totalCollateralShare = totalCollateralShare.sub(share);
        emit LogRemoveCollateral(msg.sender, to, share);
        bentoBox.transfer(collateral, address(this), to, share);
    }

/// @notice Removes `share` amount of collateral and transfers it to `to`.
    /// @param to The receiver of the shares.
    /// @param share Amount of shares to remove.
    function removeCollateral(address to, uint256 share) public solvent {
        // accrue must be called because we check solvency
        accrue();
        _removeCollateral(to, share);
    }

/// @dev Concrete implementation of `addAsset`.
    function _addAsset(
        address to,
        bool skim,
        uint256 share
    ) internal returns (uint256 fraction) {
        Rebase memory _totalAsset = totalAsset;
        uint256 totalAssetShare = _totalAsset.elastic;
        uint256 allShare = _totalAsset.elastic + bentoBox.toShare(asset, totalBorrow.elastic, true);
        fraction = allShare == 0 ? share : share.mul(_totalAsset.base) / allShare;
        if (_totalAsset.base.add(fraction.to128()) < 1000) {
            return 0;
        }
        totalAsset = _totalAsset.add(share, fraction);
        balanceOf[to] = balanceOf[to].add(fraction);
        emit Transfer(address(0), to, fraction);
        _addTokens(asset, share, totalAssetShare, skim);
        emit LogAddAsset(skim ? address(bentoBox) : msg.sender, to, share, fraction);
    }

/// @notice Adds assets to the lending pair.
    /// @param to The address of the user to receive the assets.
    /// @param skim True if the amount should be skimmed from the deposit balance of msg.sender.
    /// False if tokens from msg.sender in `bentoBox` should be transferred.
    /// @param share The amount of shares to add.
    /// @return fraction Total fractions added.
    function addAsset(
        address to,
        bool skim,
        uint256 share
    ) public returns (uint256 fraction) {
        accrue();
        fraction = _addAsset(to, skim, share);
    }

/// @dev Concrete implementation of `removeAsset`.
    function _removeAsset(address to, uint256 fraction) internal returns (uint256 share) {
        Rebase memory _totalAsset = totalAsset;
        uint256 allShare = _totalAsset.elastic + bentoBox.toShare(asset, totalBorrow.elastic, true);
        share = fraction.mul(allShare) / _totalAsset.base;
        balanceOf[msg.sender] = balanceOf[msg.sender].sub(fraction);
        emit Transfer(msg.sender, address(0), fraction);
        _totalAsset.elastic = _totalAsset.elastic.sub(share.to128());
        _totalAsset.base = _totalAsset.base.sub(fraction.to128());
        require(_totalAsset.base >= 1000, "Kashi: below minimum");
        totalAsset = _totalAsset;
        emit LogRemoveAsset(msg.sender, to, share, fraction);
        bentoBox.transfer(asset, address(this), to, share);
    }

/// @notice Removes an asset from msg.sender and transfers it to `to`.
    /// @param to The user that receives the removed assets.
    /// @param fraction The amount/fraction of assets held to remove.
    /// @return share The amount of shares transferred to `to`.
    function removeAsset(address to, uint256 fraction) public returns (uint256 share) {
        accrue();
        share = _removeAsset(to, fraction);
    }

(totalBorrow, part) = totalBorrow.add(amount.add(feeAmount), true);
        userBorrowPart[msg.sender] = userBorrowPart[msg.sender].add(part);
        emit LogBorrow(msg.sender, to, amount, feeAmount, part);

share = bentoBox.toShare(asset, amount, false);
        Rebase memory _totalAsset = totalAsset;
        require(_totalAsset.base >= 1000, "Kashi: below minimum");
        _totalAsset.elastic = _totalAsset.elastic.sub(share.to128());
        totalAsset = _totalAsset;
        bentoBox.transfer(asset, address(this), to, share);
    }

/// @notice Sender borrows `amount` and transfers it to `to`.
    /// @return part Total part of the debt held by borrowers.
    /// @return share Total amount in shares borrowed.
    function borrow(address to, uint256 amount) public solvent returns (uint256 part, uint256 share) {
        accrue();
        (part, share) = _borrow(to, amount);
    }

/// @dev Concrete implementation of `repay`.
    function _repay(
        address to,
        bool skim,
        uint256 part
    ) internal returns (uint256 amount) {
        (totalBorrow, amount) = totalBorrow.sub(part, true);
        userBorrowPart[to] = userBorrowPart[to].sub(part);

uint256 share = bentoBox.toShare(asset, amount, true);
        uint128 totalShare = totalAsset.elastic;
        _addTokens(asset, share, uint256(totalShare), skim);
        totalAsset.elastic = totalShare.add(share.to128());
        emit LogRepay(skim ? address(bentoBox) : msg.sender, to, amount, part);
    }

/// @notice Repays a loan.
    /// @param to Address of the user this payment should go.
    /// @param skim True if the amount should be skimmed from the deposit balance of msg.sender.
    /// False if tokens from msg.sender in `bentoBox` should be transferred.
    /// @param part The amount to repay. See `userBorrowPart`.
    /// @return amount The total amount repayed.
    function repay(
        address to,
        bool skim,
        uint256 part
    ) public returns (uint256 amount) {
        accrue();
        amount = _repay(to, skim, part);
    }

// Functions that need accrue to be called
    uint8 internal constant ACTION_ADD_ASSET = 1;
    uint8 internal constant ACTION_REPAY = 2;
    uint8 internal constant ACTION_REMOVE_ASSET = 3;
    uint8 internal constant ACTION_REMOVE_COLLATERAL = 4;
    uint8 internal constant ACTION_BORROW = 5;
    uint8 internal constant ACTION_GET_REPAY_SHARE = 6;
    uint8 internal constant ACTION_GET_REPAY_PART = 7;
    uint8 internal constant ACTION_ACCRUE = 8;

// Functions that don't need accrue to be called
    uint8 internal constant ACTION_ADD_COLLATERAL = 10;
    uint8 internal constant ACTION_UPDATE_EXCHANGE_RATE = 11;

// Function on BentoBox
    uint8 internal constant ACTION_BENTO_DEPOSIT = 20;
    uint8 internal constant ACTION_BENTO_WITHDRAW = 21;
    uint8 internal constant ACTION_BENTO_TRANSFER = 22;
    uint8 internal constant ACTION_BENTO_TRANSFER_MULTIPLE = 23;
    uint8 internal constant ACTION_BENTO_SETAPPROVAL = 24;

// Any external call (except to BentoBox)
    uint8 internal constant ACTION_CALL = 30;

int256 internal constant USE_VALUE1 = -1;
    int256 internal constant USE_VALUE2 = -2;

/// @dev Helper function for choosing the correct value (`value1` or `value2`) depending on `inNum`.
    function _num(
        int256 inNum,
        uint256 value1,
        uint256 value2
    ) internal pure returns (uint256 outNum) {
        outNum = inNum >= 0 ? uint256(inNum) : (inNum == USE_VALUE1 ? value1 : value2);
    }

/// @dev Helper function for depositing into `bentoBox`.
    function _bentoDeposit(
        bytes memory data,
        uint256 value,
        uint256 value1,
        uint256 value2
    ) internal returns (uint256, uint256) {
        (IERC20 token, address to, int256 amount, int256 share) = abi.decode(data, (IERC20, address, int256, int256));
        amount = int256(_num(amount, value1, value2)); // Done this way to avoid stack too deep errors
        share = int256(_num(share, value1, value2));
        return bentoBox.deposit{value: value}(token, msg.sender, to, uint256(amount), uint256(share));
    }

/// @dev Helper function to withdraw from the `bentoBox`.
    function _bentoWithdraw(
        bytes memory data,
        uint256 value1,
        uint256 value2
    ) internal returns (uint256, uint256) {
        (IERC20 token, address to, int256 amount, int256 share) = abi.decode(data, (IERC20, address, int256, int256));
        return bentoBox.withdraw(token, msg.sender, to, _num(amount, value1, value2), _num(share, value1, value2));
    }

/// @dev Helper function to perform a contract call and eventually extracting revert messages on failure.
    /// Calls to `bentoBox` are not allowed for obvious security reasons.
    /// This also means that calls made from this contract shall *not* be trusted.
    function _call(
        uint256 value,
        bytes memory data,
        uint256 value1,
        uint256 value2
    ) internal returns (bytes memory, uint8) {
        (address callee, bytes memory callData, bool useValue1, bool useValue2, uint8 returnValues) =
            abi.decode(data, (address, bytes, bool, bool, uint8));

if (useValue1 && !useValue2) {
            callData = abi.encodePacked(callData, value1);
        } else if (!useValue1 && useValue2) {
            callData = abi.encodePacked(callData, value2);
        } else if (useValue1 && useValue2) {
            callData = abi.encodePacked(callData, value1, value2);
        }

require(callee != address(bentoBox) && callee != address(this), "KashiPair: can't call");

(bool success, bytes memory returnData) = callee.call{value: value}(callData);
        require(success, "KashiPair: call failed");
        return (returnData, returnValues);
    }

struct CookStatus {
        bool needsSolvencyCheck;
        bool hasAccrued;
    }

/// @notice Executes a set of actions and allows composability (contract calls) to other contracts.
    /// @param actions An array with a sequence of actions to execute (see ACTION_ declarations).
    /// @param values A one-to-one mapped array to `actions`. ETH amounts to send along with the actions.
    /// Only applicable to `ACTION_CALL`, `ACTION_BENTO_DEPOSIT`.
    /// @param datas A one-to-one mapped array to `actions`. Contains abi encoded data of function arguments.
    /// @return value1 May contain the first positioned return value of the last executed action (if applicable).
    /// @return value2 May contain the second positioned return value of the last executed action which returns 2 values (if applicable).
    function cook(
        uint8[] calldata actions,
        uint256[] calldata values,
        bytes[] calldata datas
    ) external payable returns (uint256 value1, uint256 value2) {
        CookStatus memory status;
        for (uint256 i = 0; i < actions.length; i++) {
            uint8 action = actions[i];
            if (!status.hasAccrued && action < 10) {
                accrue();
                status.hasAccrued = true;
            }
            if (action == ACTION_ADD_COLLATERAL) {
                (int256 share, address to, bool skim) = abi.decode(datas[i], (int256, address, bool));
                addCollateral(to, skim, _num(share, value1, value2));
            } else if (action == ACTION_ADD_ASSET) {
                (int256 share, address to, bool skim) = abi.decode(datas[i], (int256, address, bool));
                value1 = _addAsset(to, skim, _num(share, value1, value2));
            } else if (action == ACTION_REPAY) {
                (int256 part, address to, bool skim) = abi.decode(datas[i], (int256, address, bool));
                _repay(to, skim, _num(part, value1, value2));
            } else if (action == ACTION_REMOVE_ASSET) {
                (int256 fraction, address to) = abi.decode(datas[i], (int256, address));
                value1 = _removeAsset(to, _num(fraction, value1, value2));
            } else if (action == ACTION_REMOVE_COLLATERAL) {
                (int256 share, address to) = abi.decode(datas[i], (int256, address));
                _removeCollateral(to, _num(share, value1, value2));
                status.needsSolvencyCheck = true;
            } else if (action == ACTION_BORROW) {
                (int256 amount, address to) = abi.decode(datas[i], (int256, address));
                (value1, value2) = _borrow(to, _num(amount, value1, value2));
                status.needsSolvencyCheck = true;
            } else if (action == ACTION_UPDATE_EXCHANGE_RATE) {
                (bool must_update, uint256 minRate, uint256 maxRate) = abi.decode(datas[i], (bool, uint256, uint256));
                (bool updated, uint256 rate) = updateExchangeRate();
                require((!must_update || updated) && rate > minRate && (maxRate == 0 || rate > maxRate), "KashiPair: rate not ok");
            } else if (action == ACTION_BENTO_SETAPPROVAL) {
                (address user, address _masterContract, bool approved, uint8 v, bytes32 r, bytes32 s) =
                    abi.decode(datas[i], (address, address, bool, uint8, bytes32, bytes32));
                bentoBox.setMasterContractApproval(user, _masterContract, approved, v, r, s);
            } else if (action == ACTION_BENTO_DEPOSIT) {
                (value1, value2) = _bentoDeposit(datas[i], values[i], value1, value2);
            } else if (action == ACTION_BENTO_WITHDRAW) {
                (value1, value2) = _bentoWithdraw(datas[i], value1, value2);
            } else if (action == ACTION_BENTO_TRANSFER) {
                (IERC20 token, address to, int256 share) = abi.decode(datas[i], (IERC20, address, int256));
                bentoBox.transfer(token, msg.sender, to, _num(share, value1, value2));
            } else if (action == ACTION_BENTO_TRANSFER_MULTIPLE) {
                (IERC20 token, address[] memory tos, uint256[] memory shares) = abi.decode(datas[i], (IERC20, address[], uint256[]));
                bentoBox.transferMultiple(token, msg.sender, tos, shares);
            } else if (action == ACTION_CALL) {
                (bytes memory returnData, uint8 returnValues) = _call(values[i], datas[i], value1, value2);

if (returnValues == 1) {
                    (value1) = abi.decode(returnData, (uint256));
                } else if (returnValues == 2) {
                    (value1, value2) = abi.decode(returnData, (uint256, uint256));
                }
            } else if (action == ACTION_GET_REPAY_SHARE) {
                int256 part = abi.decode(datas[i], (int256));
                value1 = bentoBox.toShare(asset, totalBorrow.toElastic(_num(part, value1, value2), true), true);
            } else if (action == ACTION_GET_REPAY_PART) {
                int256 amount = abi.decode(datas[i], (int256));
                value1 = totalBorrow.toBase(_num(amount, value1, value2), false);
            }
        }

if (status.needsSolvencyCheck) {
            require(_isSolvent(msg.sender, false, exchangeRate), "KashiPair: user insolvent");
        }
    }

/// @notice Handles the liquidation of users' balances, once the users' amount of collateral is too low.
    /// @param users An array of user addresses.
    /// @param maxBorrowParts A one-to-one mapping to `users`, contains maximum (partial) borrow amounts (to liquidate) of the respective user.
    /// @param to Address of the receiver in open liquidations if `swapper` is zero.
    /// @param swapper Contract address of the `ISwapper` implementation. Swappers are restricted for closed liquidations. See `setSwapper`.
    /// @param open True to perform a open liquidation else False.
    function liquidate(
        address[] calldata users,
        uint256[] calldata maxBorrowParts,
        address to,
        ISwapper swapper,
        bool open
    ) public {
        // Oracle can fail but we still need to allow liquidations
        (, uint256 _exchangeRate) = updateExchangeRate();
        accrue();

uint256 allCollateralShare;
        uint256 allBorrowAmount;
        uint256 allBorrowPart;
        Rebase memory _totalBorrow = totalBorrow;
        Rebase memory bentoBoxTotals = bentoBox.totals(collateral);
        for (uint256 i = 0; i < users.length; i++) {
            address user = users[i];
            if (!_isSolvent(user, open, _exchangeRate)) {
                uint256 borrowPart;
                {
                    uint256 availableBorrowPart = userBorrowPart[user];
                    borrowPart = maxBorrowParts[i] > availableBorrowPart ? availableBorrowPart : maxBorrowParts[i];
                    userBorrowPart[user] = availableBorrowPart.sub(borrowPart);
                }
                uint256 borrowAmount = _totalBorrow.toElastic(borrowPart, false);
                uint256 collateralShare =
                    bentoBoxTotals.toBase(
                        borrowAmount.mul(LIQUIDATION_MULTIPLIER).mul(_exchangeRate) /
                            (LIQUIDATION_MULTIPLIER_PRECISION * EXCHANGE_RATE_PRECISION),
                        false
                    );

userCollateralShare[user] = userCollateralShare[user].sub(collateralShare);
                emit LogRemoveCollateral(user, swapper == ISwapper(0) ? to : address(swapper), collateralShare);
                emit LogRepay(swapper == ISwapper(0) ? msg.sender : address(swapper), user, borrowAmount, borrowPart);

// Keep totals
                allCollateralShare = allCollateralShare.add(collateralShare);
                allBorrowAmount = allBorrowAmount.add(borrowAmount);
                allBorrowPart = allBorrowPart.add(borrowPart);
            }
        }
        require(allBorrowAmount != 0, "KashiPair: all are solvent");
        _totalBorrow.elastic = _totalBorrow.elastic.sub(allBorrowAmount.to128());
        _totalBorrow.base = _totalBorrow.base.sub(allBorrowPart.to128());
        totalBorrow = _totalBorrow;
        totalCollateralShare = totalCollateralShare.sub(allCollateralShare);

uint256 allBorrowShare = bentoBox.toShare(asset, allBorrowAmount, true);

if (!open) {
            // Closed liquidation using a pre-approved swapper for the benefit of the LPs
            require(masterContract.swappers(swapper), "KashiPair: Invalid swapper");

// Swaps the users' collateral for the borrowed asset
            bentoBox.transfer(collateral, address(this), address(swapper), allCollateralShare);
            swapper.swap(collateral, asset, address(this), allBorrowShare, allCollateralShare);

uint256 returnedShare = bentoBox.balanceOf(asset, address(this)).sub(uint256(totalAsset.elastic));
            uint256 extraShare = returnedShare.sub(allBorrowShare);
            uint256 feeShare = extraShare.mul(PROTOCOL_FEE) / PROTOCOL_FEE_DIVISOR; // % of profit goes to fee
            // solhint-disable-next-line reentrancy
            bentoBox.transfer(asset, address(this), masterContract.feeTo(), feeShare);
            totalAsset.elastic = totalAsset.elastic.add(returnedShare.sub(feeShare).to128());
            emit LogAddAsset(address(swapper), address(this), extraShare.sub(feeShare), 0);
        } else {
            // Swap using a swapper freely chosen by the caller
            // Open (flash) liquidation: get proceeds first and provide the borrow after
            bentoBox.transfer(collateral, address(this), swapper == ISwapper(0) ? to : address(swapper), allCollateralShare);
            if (swapper != ISwapper(0)) {
                swapper.swap(collateral, asset, msg.sender, allBorrowShare, allCollateralShare);
            }

bentoBox.transfer(asset, msg.sender, address(this), allBorrowShare);
            totalAsset.elastic = totalAsset.elastic.add(allBorrowShare.to128());
        }
    }

/// @notice Withdraws the fees accumulated.
    function withdrawFees() public {
        accrue();
        address _feeTo = masterContract.feeTo();
        uint256 _feesEarnedFraction = accrueInfo.feesEarnedFraction;
        balanceOf[_feeTo] = balanceOf[_feeTo].add(_feesEarnedFraction);
        emit Transfer(address(0), _feeTo, _feesEarnedFraction);
        accrueInfo.feesEarnedFraction = 0;

emit LogWithdrawFees(_feeTo, _feesEarnedFraction);
    }

/// @notice Used to register and enable or disable swapper contracts used in closed liquidations.
    /// MasterContract Only Admin function.
    /// @param swapper The address of the swapper contract that conforms to `ISwapper`.
    /// @param enable True to enable the swapper. To disable use False.
    function setSwapper(ISwapper swapper, bool enable) public onlyOwner {
        swappers[swapper] = enable;
    }

/// @notice Sets the beneficiary of fees accrued in liquidations.
    /// MasterContract Only Admin function.
    /// @param newFeeTo The address of the receiver.
    function setFeeTo(address newFeeTo) public onlyOwner {
        feeTo = newFeeTo;
        emit LogFeeTo(newFeeTo);
    }
}

変更されたテキスト

ファイルを開く

/**
 *Submitted for verification at Etherscan.io on 2021-07-06
*/

// SPDX-License-Identifier: MIXED

// File @boringcrypto/boring-solidity/contracts/libraries/BoringMath.sol@v1.2.2
// License-Identifier: MIT
pragma solidity 0.6.12;

function sub(uint256 a, uint256 b) internal pure returns (uint256 c) {
        require((c = a - b) <= a, "BoringMath: Underflow");
    }

function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
        require(b == 0 || (c = a * b) / b == a, "BoringMath: Mul Overflow");
    }

function to128(uint256 a) internal pure returns (uint128 c) {
        require(a <= uint128(-1), "BoringMath: uint128 Overflow");
        c = uint128(a);
    }

function to64(uint256 a) internal pure returns (uint64 c) {
        require(a <= uint64(-1), "BoringMath: uint64 Overflow");
        c = uint64(a);
    }

function to32(uint256 a) internal pure returns (uint32 c) {
        require(a <= uint32(-1), "BoringMath: uint32 Overflow");
        c = uint32(a);
    }
}

function sub(uint128 a, uint128 b) internal pure returns (uint128 c) {
        require((c = a - b) <= a, "BoringMath: Underflow");
    }
}

/// @notice A library for performing overflow-/underflow-safe addition and subtraction on uint64.
library BoringMath64 {
    function add(uint64 a, uint64 b) internal pure returns (uint64 c) {
        require((c = a + b) >= b, "BoringMath: Add Overflow");
    }

function sub(uint64 a, uint64 b) internal pure returns (uint64 c) {
        require((c = a - b) <= a, "BoringMath: Underflow");
    }
}

/// @notice A library for performing overflow-/underflow-safe addition and subtraction on uint32.
library BoringMath32 {
    function add(uint32 a, uint32 b) internal pure returns (uint32 c) {
        require((c = a + b) >= b, "BoringMath: Add Overflow");
    }

function sub(uint32 a, uint32 b) internal pure returns (uint32 c) {
        require((c = a - b) <= a, "BoringMath: Underflow");
    }
}

// File @boringcrypto/boring-solidity/contracts/BoringOwnable.sol@v1.2.2
// License-Identifier: MIT
pragma solidity 0.6.12;