比較文本

尋找兩個文字檔案之間的差異

Real-time diff

Unified diff

Collapse lines

Highlight change

Syntax highlighting

工具

Untitled Diff

Created 2 years agoDiff never expires

483 removals

557 lines

640 additions

704 lines

// SPDX-License-Identifier: MIT

/**

pragma solidity ^0.8.0;

*Submitted for verification at Etherscan.io on 2022-02-01

// OpenZeppelin contracts

pragma solidity 0.4.26;

import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";

import {ReentrancyGuard} from "@openzeppelin/contracts/security/ReentrancyGuard.sol";

import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

// LooksRare interfaces

library SafeMath {

import {ICurrencyManager} from "./interfaces/ICurrencyManager.sol";

import {IExecutionManager} from "./interfaces/IExecutionManager.sol";

import {IExecutionStrategy} from "./interfaces/IExecutionStrategy.sol";

import {IRoyaltyFeeManager} from "./interfaces/IRoyaltyFeeManager.sol";

import {ILooksRareExchange} from "./interfaces/ILooksRareExchange.sol";

import {ITransferManagerNFT} from "./interfaces/ITransferManagerNFT.sol";

import {ITransferSelectorNFT} from "./interfaces/ITransferSelectorNFT.sol";

import {IWETH} from "./interfaces/IWETH.sol";

// LooksRare libraries

/**

import {OrderTypes} from "./libraries/OrderTypes.sol";

* @dev Multiplies two numbers, throws on overflow.

import {SignatureChecker} from "./libraries/SignatureChecker.sol";

contract LooksRareExchange is ILooksRareExchange, ReentrancyGuard, Ownable {

function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {

using SafeERC20 for IERC20;

if (a == 0) {

return 0;

}

c = a * b;

assert(c / a == b);

return c;

}

using OrderTypes for OrderTypes.MakerOrder;

/**

using OrderTypes for OrderTypes.TakerOrder;

* @dev Integer division of two numbers, truncating the quotient.

function div(uint256 a, uint256 b) internal pure returns (uint256) {

// assert(b > 0); // Solidity automatically throws when dividing by 0

// uint256 c = a / b;

// assert(a == b * c + a % b); // There is no case in which this doesn't hold

return a / b;

}

address public immutable WETH;

/**

bytes32 public immutable DOMAIN_SEPARATOR;

* @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).

function sub(uint256 a, uint256 b) internal pure returns (uint256) {

assert(b <= a);

return a - b;

}

address public protocolFeeRecipient;

/**

* @dev Adds two numbers, throws on overflow.

function add(uint256 a, uint256 b) internal pure returns (uint256 c) {

c = a + b;

assert(c >= a);

return c;

}

ICurrencyManager public currencyManager;

contract Ownable {

IExecutionManager public executionManager;

address public owner;

IRoyaltyFeeManager public royaltyFeeManager;

ITransferSelectorNFT public transferSelectorNFT;

mapping(address => uint256) public userMinOrderNonce;

mapping(address => mapping(uint256 => bool)) private _isUserOrderNonceExecutedOrCancelled;

event CancelAllOrders(address indexed user, uint256 newMinNonce);

event OwnershipRenounced(address indexed previousOwner);

event CancelMultipleOrders(address indexed user, uint256[] orderNonces);

event OwnershipTransferred(

event NewCurrencyManager(address indexed currencyManager);

address indexed previousOwner,

event NewExecutionManager(address indexed executionManager);

address indexed newOwner

event NewProtocolFeeRecipient(address indexed protocolFeeRecipient);

);

event NewRoyaltyFeeManager(address indexed royaltyFeeManager);

event NewTransferSelectorNFT(address indexed transferSelectorNFT);

event RoyaltyPayment(

address indexed collection,

uint256 indexed tokenId,

address indexed royaltyRecipient,

address currency,

uint256 amount

);

event TakerAsk(

/**

bytes32 orderHash, // bid hash of the maker order

* @dev The Ownable constructor sets the original `owner` of the contract to the sender

uint256 orderNonce, // user order nonce

* account.

address indexed taker, // sender address for the taker ask order

address indexed maker, // maker address of the initial bid order

constructor() public {

address indexed strategy, // strategy that defines the execution

owner = msg.sender;

address currency, // currency address

}

address collection, // collection address

uint256 tokenId, // tokenId transferred

uint256 amount, // amount of tokens transferred

uint256 price // final transacted price

);

event TakerBid(

/**

bytes32 orderHash, // ask hash of the maker order

* @dev Throws if called by any account other than the owner.

uint256 orderNonce, // user order nonce

address indexed taker, // sender address for the taker bid order

modifier onlyOwner() {

address indexed maker, // maker address of the initial ask order

require(msg.sender == owner);

address indexed strategy, // strategy that defines the execution

address currency, // currency address

}

address collection, // collection address

uint256 tokenId, // tokenId transferred

/**

uint256 amount, // amount of tokens transferred

* @dev Allows the current owner to transfer control of the contract to a newOwner.

uint256 price // final transacted price

* @param newOwner The address to transfer ownership to.

);

function transferOwnership(address newOwner) public onlyOwner {

require(newOwner != address(0));

emit OwnershipTransferred(owner, newOwner);

owner = newOwner;

}

/**

* @dev Allows the current owner to relinquish control of the contract.

function renounceOwnership() public onlyOwner {

emit OwnershipRenounced(owner);

owner = address(0);

}

contract ERC20Basic {

function totalSupply() public view returns (uint256);

function balanceOf(address who) public view returns (uint256);

function transfer(address to, uint256 value) public returns (bool);

event Transfer(address indexed from, address indexed to, uint256 value);

}

contract ERC20 is ERC20Basic {

function allowance(address owner, address spender)

public view returns (uint256);

function transferFrom(address from, address to, uint256 value)

public returns (bool);

function approve(address spender, uint256 value) public returns (bool);

event Approval(

address indexed owner,

address indexed spender,

uint256 value

);

}

library ArrayUtils {

/**

* @notice Constructor

* Replace bytes in an array with bytes in another array, guarded by a bitmask

* @param _currencyManager currency manager address

* Efficiency of this function is a bit unpredictable because of the EVM's word-specific model (arrays under 32 bytes will be slower)

* @param _executionManager execution manager address

* @param _royaltyFeeManager royalty fee manager address

* @dev Mask must be the size of the byte array. A nonzero byte means the byte array can be changed.

* @param _WETH wrapped ether address (for other chains, use wrapped native asset)

* @param array The original array

* @param _protocolFeeRecipient protocol fee recipient

* @param desired The target array

* @param mask The mask specifying which bits can be changed

* @return The updated byte array (the parameter will be modified inplace)

constructor(

function guardedArrayReplace(bytes memory array, bytes memory desired, bytes memory mask)

address _currencyManager,

internal

address _executionManager,

pure

address _royaltyFeeManager,

{

address _WETH,

require(array.length == desired.length);

address _protocolFeeRecipient

require(array.length == mask.length);

) {

// Calculate the domain separator

DOMAIN_SEPARATOR = keccak256(

abi.encode(

0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f, // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")

0xda9101ba92939daf4bb2e18cd5f942363b9297fbc3232c9dd964abb1fb70ed71, // keccak256("LooksRareExchange")

0xc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc6, // keccak256(bytes("1")) for versionId = 1

block.chainid,

address(this)

)

);

currencyManager = ICurrencyManager(_currencyManager);

uint words = array.length / 0x20;

executionManager = IExecutionManager(_executionManager);

uint index = words * 0x20;

royaltyFeeManager = IRoyaltyFeeManager(_royaltyFeeManager);

assert(index / 0x20 == words);

WETH = _WETH;

uint i;

protocolFeeRecipient = _protocolFeeRecipient;

for (i = 0; i < words; i++) {

/* Conceptually: array[i] = (!mask[i] && array[i]) || (mask[i] && desired[i]), bitwise in word chunks. */

assembly {

let commonIndex := mul(0x20, add(1, i))

let maskValue := mload(add(mask, commonIndex))

mstore(add(array, commonIndex), or(and(not(maskValue), mload(add(array, commonIndex))), and(maskValue, mload(add(desired, commonIndex)))))

Text moved from lines 405-407

}

/* Deal with the last section of the byte array. */

if (words > 0) {

/* This overlaps with bytes already set but is still more efficient than iterating through each of the remaining bytes individually. */

i = words;

assembly {

let commonIndex := mul(0x20, add(1, i))

let maskValue := mload(add(mask, commonIndex))

mstore(add(array, commonIndex), or(and(not(maskValue), mload(add(array, commonIndex))), and(maskValue, mload(add(desired, commonIndex)))))

}

} else {

/* If the byte array is shorter than a word, we must unfortunately do the whole thing bytewise.

(bounds checks could still probably be optimized away in assembly, but this is a rare case) */

for (i = index; i < array.length; i++) {

array[i] = ((mask[i] ^ 0xff) & array[i]) | (mask[i] & desired[i]);

}

/**

* @notice Cancel all pending orders for a sender

* Test if two arrays are equal

* @param minNonce minimum user nonce

* @param a First array

* @param b Second array

* @return Whether or not all bytes in the arrays are equal

function cancelAllOrdersForSender(uint256 minNonce) external {

function arrayEq(bytes memory a, bytes memory b)

require(minNonce > userMinOrderNonce[msg.sender], "Cancel: Order nonce lower than current");

internal

require(minNonce < userMinOrderNonce[msg.sender] + 500000, "Cancel: Cannot cancel more orders");

pure

userMinOrderNonce[msg.sender] = minNonce;

returns (bool)

{

emit CancelAllOrders(msg.sender, minNonce);

return keccak256(a) == keccak256(b);

}

/**

* @notice Cancel maker orders

* Unsafe write byte array into a memory location

* @param orderNonces array of order nonces

* @param index Memory location

* @param source Byte array to write

* @return End memory index

function cancelMultipleMakerOrders(uint256[] calldata orderNonces) external {

function unsafeWriteBytes(uint index, bytes source)

require(orderNonces.length > 0, "Cancel: Cannot be empty");

internal

pure

for (uint256 i = 0; i < orderNonces.length; i++) {

returns (uint)

require(orderNonces[i] >= userMinOrderNonce[msg.sender], "Cancel: Order nonce lower than current");

{

_isUserOrderNonceExecutedOrCancelled[msg.sender][orderNonces[i]] = true;

if (source.length > 0) {

assembly {

let length := mload(source)

let end := add(source, add(0x20, length))

let arrIndex := add(source, 0x20)

let tempIndex := index

for { } eq(lt(arrIndex, end), 1) {

arrIndex := add(arrIndex, 0x20)

tempIndex := add(tempIndex, 0x20)

} {

mstore(tempIndex, mload(arrIndex))

}

index := add(index, length)

}

return index;

emit CancelMultipleOrders(msg.sender, orderNonces);

}

/**

* @notice Match ask with a taker bid order using ETH

* Unsafe write address into a memory location

* @param takerBid taker bid order

* @param makerAsk maker ask order

* @param index Memory location

* @param source Address to write

* @return End memory index

function matchAskWithTakerBidUsingETHAndWETH(

function unsafeWriteAddress(uint index, address source)

OrderTypes.TakerOrder calldata takerBid,

internal

OrderTypes.MakerOrder calldata makerAsk

pure

) external payable override nonReentrant {

returns (uint)

require((makerAsk.isOrderAsk) && (!takerBid.isOrderAsk), "Order: Wrong sides");

{

require(makerAsk.currency == WETH, "Order: Currency must be WETH");

uint conv = uint(source) << 0x60;

require(msg.sender == takerBid.taker, "Order: Taker must be the sender");

assembly {

mstore(index, conv)

// If not enough ETH to cover the price, use WETH

index := add(index, 0x14)

if (takerBid.price > msg.value) {

IERC20(WETH).safeTransferFrom(msg.sender, address(this), (takerBid.price - msg.value));

} else {

require(takerBid.price == msg.value, "Order: Msg.value too high");

}

return index;

// Wrap ETH sent to this contract

}

IWETH(WETH).deposit{value: msg.value}();

// Check the maker ask order

bytes32 askHash = makerAsk.hash();

_validateOrder(makerAsk, askHash);

// Retrieve execution parameters

(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerAsk.strategy)

.canExecuteTakerBid(takerBid, makerAsk);

require(isExecutionValid, "Strategy: Execution invalid");

// Update maker ask order status to true (prevents replay)

_isUserOrderNonceExecutedOrCancelled[makerAsk.signer][makerAsk.nonce] = true;

// Execution part 1/2

/**

_transferFeesAndFundsWithWETH(

* Unsafe write address into a memory location using entire word

makerAsk.strategy,

makerAsk.collection,

* @param index Memory location

tokenId,

* @param source uint to write

makerAsk.signer,

* @return End memory index

takerBid.price,

makerAsk.minPercentageToAsk

function unsafeWriteAddressWord(uint index, address source)

);

internal

pure

returns (uint)

{

assembly {

mstore(index, source)

index := add(index, 0x20)

}

return index;

}

// Execution part 2/2

/**

_transferNonFungibleToken(makerAsk.collection, makerAsk.signer, takerBid.taker, tokenId, amount);

* Unsafe write uint into a memory location

* @param index Memory location

* @param source uint to write

* @return End memory index

function unsafeWriteUint(uint index, uint source)

internal

pure

returns (uint)

{

assembly {

mstore(index, source)

index := add(index, 0x20)

}

return index;

}

emit TakerBid(

/**

askHash,

* Unsafe write uint8 into a memory location

makerAsk.nonce,

takerBid.taker,

* @param index Memory location

makerAsk.signer,

* @param source uint8 to write

makerAsk.strategy,

* @return End memory index

makerAsk.currency,

makerAsk.collection,

function unsafeWriteUint8(uint index, uint8 source)

tokenId,

internal

amount,

pure

takerBid.price

returns (uint)

);

{

assembly {

mstore8(index, source)

index := add(index, 0x1)

}

return index;

}

/**

* @notice Match a takerBid with a matchAsk

* Unsafe write uint8 into a memory location using entire word

* @param takerBid taker bid order

* @param makerAsk maker ask order

* @param index Memory location

* @param source uint to write

* @return End memory index

function matchAskWithTakerBid(OrderTypes.TakerOrder calldata takerBid, OrderTypes.MakerOrder calldata makerAsk)

function unsafeWriteUint8Word(uint index, uint8 source)

external

internal

override

pure

nonReentrant

returns (uint)

{

require((makerAsk.isOrderAsk) && (!takerBid.isOrderAsk), "Order: Wrong sides");

assembly {

require(msg.sender == takerBid.taker, "Order: Taker must be the sender");

mstore(index, source)

index := add(index, 0x20)

}

return index;

}

// Check the maker ask order

/**

bytes32 askHash = makerAsk.hash();

* Unsafe write bytes32 into a memory location using entire word

_validateOrder(makerAsk, askHash);

* @param index Memory location

* @param source uint to write

* @return End memory index

function unsafeWriteBytes32(uint index, bytes32 source)

internal

pure

returns (uint)

{

assembly {

mstore(index, source)

index := add(index, 0x20)

}

return index;

}

(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerAsk.strategy)

contract ReentrancyGuarded {

.canExecuteTakerBid(takerBid, makerAsk);

require(isExecutionValid, "Strategy: Execution invalid");

bool reentrancyLock = false;

// Update maker ask order status to true (prevents replay)

/* Prevent a contract function from being reentrant-called. */

_isUserOrderNonceExecutedOrCancelled[makerAsk.signer][makerAsk.nonce] = true;

modifier reentrancyGuard {

if (reentrancyLock) {

revert();

}

reentrancyLock = true;

reentrancyLock = false;

}

// Execution part 1/2

}

_transferFeesAndFunds(

makerAsk.strategy,

makerAsk.collection,

tokenId,

makerAsk.currency,

msg.sender,

makerAsk.signer,

takerBid.price,

makerAsk.minPercentageToAsk

);

// Execution part 2/2

contract TokenRecipient {

_transferNonFungibleToken(makerAsk.collection, makerAsk.signer, takerBid.taker, tokenId, amount);

event ReceivedEther(address indexed sender, uint amount);

event ReceivedTokens(address indexed from, uint256 value, address indexed token, bytes extraData);

emit TakerBid(

/**

askHash,

* @dev Receive tokens and generate a log event

makerAsk.nonce,

* @param from Address from which to transfer tokens

takerBid.taker,

* @param value Amount of tokens to transfer

makerAsk.signer,

* @param token Address of token

makerAsk.strategy,

* @param extraData Additional data to log

makerAsk.currency,

makerAsk.collection,

function receiveApproval(address from, uint256 value, address token, bytes extraData) public {

tokenId,

ERC20 t = ERC20(token);

amount,

require(t.transferFrom(from, this, value));

takerBid.price

emit ReceivedTokens(from, value, token, extraData);

);

}

/**

* @notice Match a takerAsk with a makerBid

* @dev Receive Ether and generate a log event

* @param takerAsk taker ask order

* @param makerBid maker bid order

function matchBidWithTakerAsk(OrderTypes.TakerOrder calldata takerAsk, OrderTypes.MakerOrder calldata makerBid)

function () payable public {

external

emit ReceivedEther(msg.sender, msg.value);

override

}

nonReentrant

}

{

require((!makerBid.isOrderAsk) && (takerAsk.isOrderAsk), "Order: Wrong sides");

require(msg.sender == takerAsk.taker, "Order: Taker must be the sender");

// Check the maker bid order

contract ExchangeCore is ReentrancyGuarded, Ownable {

bytes32 bidHash = makerBid.hash();

string public constant name = "Wyvern Exchange Contract";

_validateOrder(makerBid, bidHash);

string public constant version = "2.3";

(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerBid.strategy)

// NOTE: these hashes are derived and verified in the constructor.

.canExecuteTakerAsk(takerAsk, makerBid);

bytes32 private constant _EIP_712_DOMAIN_TYPEHASH = 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;

bytes32 private constant _NAME_HASH = 0x9a2ed463836165738cfa54208ff6e7847fd08cbaac309aac057086cb0a144d13;

bytes32 private constant _VERSION_HASH = 0xe2fd538c762ee69cab09ccd70e2438075b7004dd87577dc3937e9fcc8174bb64;

bytes32 private constant _ORDER_TYPEHASH = 0xdba08a88a748f356e8faf8578488343eab21b1741728779c9dcfdc782bc800f8;

require(isExecutionValid, "Strategy: Execution invalid");

bytes4 private constant _EIP_1271_MAGIC_VALUE = 0x1626ba7e;

// Update maker bid order status to true (prevents replay)

// // NOTE: chainId opcode is not supported in solidiy 0.4.x; here we hardcode as 1.

_isUserOrderNonceExecutedOrCancelled[makerBid.signer][makerBid.nonce] = true;

// In order to protect against orders that are replayable across forked chains,

// either the solidity version needs to be bumped up or it needs to be retrieved

// from another contract.

uint256 private constant _CHAIN_ID = 1;

// Execution part 1/2

// Note: the domain separator is derived and verified in the constructor. */

_transferNonFungibleToken(makerBid.collection, msg.sender, makerBid.signer, tokenId, amount);

bytes32 public constant DOMAIN_SEPARATOR = 0x72982d92449bfb3d338412ce4738761aff47fb975ceb17a1bc3712ec716a5a68;

// Execution part 2/2

/* The token used to pay exchange fees. */

_transferFeesAndFunds(

ERC20 public exchangeToken;

makerBid.strategy,

makerBid.collection,

tokenId,

makerBid.currency,

makerBid.signer,

takerAsk.taker,

takerAsk.price,

takerAsk.minPercentageToAsk

);

emit TakerAsk(

/* User registry. */

bidHash,

ProxyRegistry public registry;

makerBid.nonce,

takerAsk.taker,

/* Token transfer proxy. */

makerBid.signer,

TokenTransferProxy public tokenTransferProxy;

makerBid.strategy,

makerBid.currency,

/* Cancelled / finalized orders, by hash. */

makerBid.collection,

mapping(bytes32 => bool) public cancelledOrFinalized;

tokenId,

amount,

/* Orders verified by on-chain approval (alternative to ECDSA signatures so that smart contracts can place orders directly). */

takerAsk.price

/* Note that the maker's nonce at the time of approval **plus one** is stored in the mapping. */

mapping(bytes32 => uint256) private _approvedOrdersByNonce;

/* Track per-maker nonces that can be incremented by the maker to cancel orders in bulk. */

// The current nonce for the maker represents the only valid nonce that can be signed by the maker

// If a signature was signed with a nonce that's different from the one stored in nonces, it

// will fail validation.

mapping(address => uint256) public nonces;

/* For split fee orders, minimum required protocol maker fee, in basis points. Paid to owner (who can change it). */

uint public minimumMakerProtocolFee = 0;

/* For split fee orders, minimum required protocol taker fee, in basis points. Paid to owner (who can change it). */

uint public minimumTakerProtocolFee = 0;

/* Recipient of protocol fees. */

address public protocolFeeRecipient;

/* Fee method: protocol fee or split fee. */

enum FeeMethod { ProtocolFee, SplitFee }

/* Inverse basis point. */

uint public constant INVERSE_BASIS_POINT = 10000;

/* An ECDSA signature. */

struct Sig {

/* v parameter */

uint8 v;

/* r parameter */

bytes32 r;

/* s parameter */

bytes32 s;

}

/* An order on the exchange. */

struct Order {

/* Exchange address, intended as a versioning mechanism. */

address exchange;

/* Order maker address. */

address maker;

/* Order taker address, if specified. */

address taker;

/* Maker relayer fee of the order, unused for taker order. */

uint makerRelayerFee;

/* Taker relayer fee of the order, or maximum taker fee for a taker order. */

uint takerRelayerFee;

/* Maker protocol fee of the order, unused for taker order. */

uint makerProtocolFee;

/* Taker protocol fee of the order, or maximum taker fee for a taker order. */

uint takerProtocolFee;

/* Order fee recipient or zero address for taker order. */

address feeRecipient;

/* Fee method (protocol token or split fee). */

FeeMethod feeMethod;

/* Side (buy/sell). */

SaleKindInterface.Side side;

/* Kind of sale. */

SaleKindInterface.SaleKind saleKind;

/* Target. */

address target;

/* HowToCall. */

AuthenticatedProxy.HowToCall howToCall;

/* Calldata. */

bytes calldata;

/* Calldata replacement pattern, or an empty byte array for no replacement. */

bytes replacementPattern;

/* Static call target, zero-address for no static call. */

address staticTarget;

/* Static call extra data. */

bytes staticExtradata;

/* Token used to pay for the order, or the zero-address as a sentinel value for Ether. */

address paymentToken;

/* Base price of the order (in paymentTokens). */

uint basePrice;

/* Auction extra parameter - minimum bid increment for English auctions, starting/ending price difference. */

uint extra;

/* Listing timestamp. */

uint listingTime;

/* Expiration timestamp - 0 for no expiry. */

uint expirationTime;

/* Order salt, used to prevent duplicate hashes. */

uint salt;

/* NOTE: uint nonce is an additional component of the order but is read from storage */

}

event OrderApprovedPartTwo (bytes32 indexed hash, AuthenticatedProxy.HowToCall howToCall, bytes calldata, bytes replacementPattern, address staticTarget, bytes staticExtradata, address paymentToken, uint basePrice, uint extra, uint listingTime, uint expirationTime, uint salt, bool orderbookInclusionDesired);

event OrderCancelled (bytes32 indexed hash);

event OrdersMatched (bytes32 buyHash, bytes32 sellHash, address indexed maker, address indexed taker, uint price, bytes32 indexed metadata);

event NonceIncremented (address indexed maker, uint newNonce);

constructor () public {

require(keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)") == _EIP_712_DOMAIN_TYPEHASH);

require(keccak256(bytes(name)) == _NAME_HASH);

require(keccak256(bytes(version)) == _VERSION_HASH);

require(keccak256("Order(address exchange,address maker,address taker,uint256 makerRelayerFee,uint256 takerRelayerFee,uint256 makerProtocolFee,uint256 takerProtocolFee,address feeRecipient,uint8 feeMethod,uint8 side,uint8 saleKind,address target,uint8 howToCall,bytes calldata,bytes replacementPattern,address staticTarget,bytes staticExtradata,address paymentToken,uint256 basePrice,uint256 extra,uint256 listingTime,uint256 expirationTime,uint256 salt,uint256 nonce)") == _ORDER_TYPEHASH);

require(DOMAIN_SEPARATOR == _deriveDomainSeparator());

}

/**

* @dev Derive the domain separator for EIP-712 signatures.

* @return The domain separator.

function _deriveDomainSeparator() private view returns (bytes32) {

return keccak256(

abi.encode(

_EIP_712_DOMAIN_TYPEHASH, // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")

_NAME_HASH, // keccak256("Wyvern Exchange Contract")

_VERSION_HASH, // keccak256(bytes("2.3"))

_CHAIN_ID, // NOTE: this is fixed, need to use solidity 0.5+ or make external call to support!

address(this)

)

);

}

/**

* @notice Update currency manager

* Increment a particular maker's nonce, thereby invalidating all orders that were not signed

* @param _currencyManager new currency manager address

* with the original nonce.

function updateCurrencyManager(address _currencyManager) external onlyOwner {

function incrementNonce() external {

require(_currencyManager != address(0), "Owner: Cannot be null address");

uint newNonce = ++nonces[msg.sender];

currencyManager = ICurrencyManager(_currencyManager);

emit NonceIncremented(msg.sender, newNonce);

emit NewCurrencyManager(_currencyManager);

}

/**

* @notice Update execution manager

* @dev Change the minimum maker fee paid to the protocol (owner only)

* @param _executionManager new execution manager address

* @param newMinimumMakerProtocolFee New fee to set in basis points

function updateExecutionManager(address _executionManager) external onlyOwner {

function changeMinimumMakerProtocolFee(uint newMinimumMakerProtocolFee)

require(_executionManager != address(0), "Owner: Cannot be null address");

public

executionManager = IExecutionManager(_executionManager);

onlyOwner

emit NewExecutionManager(_executionManager);

{

minimumMakerProtocolFee = newMinimumMakerProtocolFee;

}

/**

* @notice Update protocol fee and recipient

* @dev Change the minimum taker fee paid to the protocol (owner only)

* @param _protocolFeeRecipient new recipient for protocol fees

* @param newMinimumTakerProtocolFee New fee to set in basis points

function updateProtocolFeeRecipient(address _protocolFeeRecipient) external onlyOwner {

function changeMinimumTakerProtocolFee(uint newMinimumTakerProtocolFee)

protocolFeeRecipient = _protocolFeeRecipient;

public

emit NewProtocolFeeRecipient(_protocolFeeRecipient);

onlyOwner

{

minimumTakerProtocolFee = newMinimumTakerProtocolFee;

}

/**

* @notice Update royalty fee manager

* @dev Change the protocol fee recipient (owner only)

* @param _royaltyFeeManager new fee manager address

* @param newProtocolFeeRecipient New protocol fee recipient address

function updateRoyaltyFeeManager(address _royaltyFeeManager) external onlyOwner {

function changeProtocolFeeRecipient(address newProtocolFeeRecipient)

require(_royaltyFeeManager != address(0), "Owner: Cannot be null address");

public

royaltyFeeManager = IRoyaltyFeeManager(_royaltyFeeManager);

onlyOwner

emit NewRoyaltyFeeManager(_royaltyFeeManager);

{

protocolFeeRecipient = newProtocolFeeRecipient;

}

/**

* @notice Update transfer selector NFT

* @dev Transfer tokens

* @param _transferSelectorNFT new transfer selector address

* @param token Token to transfer

* @param from Address to charge fees

* @param to Address to receive fees

* @param amount Amount of protocol tokens to charge

function updateTransferSelectorNFT(address _transferSelectorNFT) external onlyOwner {

function transferTokens(address token, address from, address to, uint amount)

require(_transferSelectorNFT != address(0), "Owner: Cannot be null address");

internal

transferSelectorNFT = ITransferSelectorNFT(_transferSelectorNFT);

{

if (amount > 0) {

emit NewTransferSelectorNFT(_transferSelectorNFT);

require(tokenTransferProxy.transferFrom(token, from, to, amount));

}

/**

* @notice Check whether user order nonce is executed or cancelled

* @dev Charge a fee in protocol tokens

* @param user address of user

* @param from Address to charge fees

* @param orderNonce nonce of the order

* @param to Address to receive fees

* @param amount Amount of protocol tokens to charge

function isUserOrderNonceExecutedOrCancelled(address user, uint256 orderNonce) external view returns (bool) {

function chargeProtocolFee(address from, address to, uint amount)

return _isUserOrderNonceExecutedOrCancelled[user][orderNonce];

internal

{

transferTokens(exchangeToken, from, to, amount);

}

/**

* @notice Transfer fees and funds to royalty recipient, protocol, and seller

* @dev Execute a STATICCALL (introduced with Ethereum Metropolis, non-state-modifying external call)

* @param strategy address of the execution strategy

* @param target Contract to call

* @param collection non fungible token address for the transfer

* @param calldata Calldata (appended to extradata)

* @param tokenId tokenId

* @param extradata Base data for STATICCALL (probably function selector and argument encoding)

* @param currency currency being used for the purchase (e.g., WETH/USDC)

* @return The result of the call (success or failure)

* @param from sender of the funds

* @param to seller's recipient

* @param amount amount being transferred (in currency)

* @param minPercentageToAsk minimum percentage of the gross amount that goes to ask

function _transferFeesAndFunds(

function staticCall(address target, bytes memory calldata, bytes memory extradata)

address strategy,

public

address collection,

view

uint256 tokenId,

returns (bool result)

address currency,

{

address from,

bytes memory combined = new bytes(calldata.length + extradata.length);

address to,

uint index;

uint256 amount,

assembly {

uint256 minPercentageToAsk

index := add(combined, 0x20)

) internal {

// Initialize the final amount that is transferred to seller

uint256 finalSellerAmount = amount;

// 1. Protocol fee

{

uint256 protocolFeeAmount = _calculateProtocolFee(strategy, amount);

// Check if the protocol fee is different than 0 for this strategy

if ((protocolFeeRecipient != address(0)) && (protocolFeeAmount != 0)) {

IERC20(currency).safeTransferFrom(from, protocolFeeRecipient, protocolFeeAmount);

finalSellerAmount -= protocolFeeAmount;

Text moved to lines 147-149

}

// 2. Royalty fee

{

(address royaltyFeeRecipient, uint256 royaltyFeeAmount) = royaltyFeeManager

.calculateRoyaltyFeeAndGetRecipient(collection, tokenId, amount);

// Check if there is a royalty fee and that it is different to 0

if ((royaltyFeeRecipient != address(0)) && (royaltyFeeAmount != 0)) {

IERC20(currency).safeTransferFrom(from, royaltyFeeRecipient, royaltyFeeAmount);

finalSellerAmount -= royaltyFeeAmount;

emit RoyaltyPayment(collection, tokenId, royaltyFeeRecipient, currency, royaltyFeeAmount);

}

index = ArrayUtils.unsafeWriteBytes(index, extradata);

require((finalSellerAmount * 10000) >= (minPercentageToAsk * amount), "Fees: Higher than expected");

ArrayUtils.unsafeWriteBytes(index, calldata);

assembly {

// 3. Transfer final amount (post-fees) to seller

result := staticcall(gas, target, add(combined, 0x20), mload(combined), mload(0x40), 0)

{

IERC20(currency).safeTransferFrom(from, to, finalSellerAmount);

}

return result;

}

/**

* @notice Transfer fees and funds to royalty recipient, protocol, and seller

* @dev Hash an order, returning the canonical EIP-712 order hash without the domain separator

* @param strategy address of the execution strategy

* @param order Order to hash

* @param collection non fungible token address for the transfer

* @param nonce maker nonce to hash

* @param tokenId tokenId

* @return Hash of order

* @param to seller's recipient

* @param amount amount being transferred (in currency)

* @param minPercentageToAsk minimum percentage of the gross amount that goes to ask

function _transferFeesAndFundsWithWETH(

function hashOrder(Order memory order, uint nonce)

address strategy,

internal

address collection,

pure

uint256 tokenId,

returns (bytes32 hash)

address to,

{

uint256 amount,

/* Unfortunately abi.encodePacked doesn't work here, stack size constraints. */

uint256 minPercentageToAsk

uint size = 800;

) internal {

bytes memory array = new bytes(size);

// Initialize the final amount that is transferred to seller

uint index;

uint256 finalSellerAmount = amount;

assembly {

index := add(array, 0x20)

// 1. Protocol fee

{

uint256 protocolFeeAmount = _calculateProtocolFee(strategy, amount);

// Check if the protocol fee is different than 0 for this strategy

if ((protocolFeeRecipient != address(0)) && (protocolFeeAmount != 0)) {

IERC20(WETH).safeTransfer(protocolFeeRecipient, protocolFeeAmount);

finalSellerAmount -= protocolFeeAmount;

}

// 2. Royalty fee

{

(address royaltyFeeRecipient, uint256 royaltyFeeAmount) = royaltyFeeManager

.calculateRoyaltyFeeAndGetRecipient(collection, tokenId, amount);

// Check if there is a royalty fee and that it is different to 0

if ((royaltyFeeRecipient != address(0)) && (royaltyFeeAmount != 0)) {

IERC20(WETH).safeTransfer(royaltyFeeRecipient, royaltyFeeAmount);

finalSellerAmount -= royaltyFeeAmount;

emit RoyaltyPayment(collection, tokenId, royaltyFeeRecipient, address(WETH), royaltyFeeAmount);

}

index = ArrayUtils.unsafeWriteBytes32(index, _ORDER_TYPEHASH);

require((finalSellerAmount * 10000) >= (minPercentageToAsk * amount), "Fees: Higher than expected");

index = ArrayUtils.unsafeWriteAddressWord(index, order.exchange);

index = ArrayUtils.unsafeWriteAddressWord(index, order.maker);

// 3. Transfer final amount (post-fees) to seller

index = ArrayUtils.unsafeWriteAddressWord(index, order.taker);

{

index = ArrayUtils.unsafeWriteUint(index, order.makerRelayerFee);

IERC20(WETH).safeTransfer(to, finalSellerAmount);

index = ArrayUtils.unsafeWriteUint(index, order.takerRelayerFee);

index = ArrayUtils.unsafeWriteUint(index, order.makerProtocolFee);

index = ArrayUtils.unsafeWriteUint(index, order.takerProtocolFee);

index = ArrayUtils.unsafeWriteAddressWord(index, order.feeRecipient);

index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.feeMethod));

index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.side));

index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.saleKind));

index = ArrayUtils.unsafeWriteAddressWord(index, order.target);

index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.howToCall));

index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.calldata));

index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.replacementPattern));

index = ArrayUtils.unsafeWriteAddressWord(index, order.staticTarget);

index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.staticExtradata));

index = ArrayUtils.unsafeWriteAddressWord(index, order.paymentToken);

index = ArrayUtils.unsafeWriteUint(index, order.basePrice);

index = ArrayUtils.unsafeWriteUint(index, order.extra);

index = ArrayUtils.unsafeWriteUint(index, order.listingTime);

index = ArrayUtils.unsafeWriteUint(index, order.expirationTime);

index = ArrayUtils.unsafeWriteUint(index, order.salt);

index = ArrayUtils.unsafeWriteUint(index, nonce);

assembly {

hash := keccak256(add(array, 0x20), size)

}

return hash;

}

/**

* @notice Transfer NFT

* @dev Hash an order, returning the hash that a client must sign via EIP-712 including the message prefix

* @param collection address of the token collection

* @param order Order to hash

* @param from address of the sender

* @param nonce Nonce to hash

* @param to address of the recipient

* @return Hash of message prefix and order hash per Ethereum format

* @param tokenId tokenId

* @param amount amount of tokens (1 for ERC721, 1+ for ERC1155)

* @dev For ERC721, amount is not used

function _transferNonFungibleToken(

function hashToSign(Order memory order, uint nonce)

address collection,

internal

address from,

pure

address to,

returns (bytes32)

uint256 tokenId,

{

uint256 amount

return keccak256(

) internal {

abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR, hashOrder(order, nonce))

// Retrieve the transfer manager address

);

address transferManager = transferSelectorNFT.checkTransferManagerForToken(collection);

// If no transfer manager found, it returns address(0)

require(transferManager != address(0), "Transfer: No NFT transfer manager available");

// If one is found, transfer the token

ITransferManagerNFT(transferManager).transferNonFungibleToken(collection, from, to, tokenId, amount);

}

/**

* @notice Calculate protocol fee for an execution strategy

* @dev Assert an order is valid and return its hash

* @param executionStrategy strategy

* @param order Order to validate

* @param amount amount to transfer

* @param nonce Nonce to validate

* @param sig ECDSA signature

function _calculateProtocolFee(address executionStrategy, uint256 amount) internal view returns (uint256) {

function requireValidOrder(Order memory order, Sig memory sig, uint nonce)

uint256 protocolFee = IExecutionStrategy(executionStrategy).viewProtocolFee();

internal

return (protocolFee * amount) / 10000;

view

returns (bytes32)

{

bytes32 hash = hashToSign(order, nonce);

require(validateOrder(hash, order, sig));

return hash;

}

/**

* @notice Verify the validity of the maker order

* @dev Validate order parameters (does *not* check signature validity)

* @param makerOrder maker order

* @param order Order to validate

* @param orderHash computed hash for the order

function _validateOrder(OrderTypes.MakerOrder calldata makerOrder, bytes32 orderHash) internal view {

function validateOrderParameters(Order memory order)

// Verify whether order nonce has expired

internal

require(

view

(!_isUserOrderNonceExecutedOrCancelled[makerOrder.signer][makerOrder.nonce]) &&

returns (bool)

(makerOrder.nonce >= userMinOrderNonce[makerOrder.signer]),

{

"Order: Matching order expired"

/* Order must be targeted at this protocol version (this Exchange contract). */

);

if (order.exchange != address(this)) {

// Verify the signer is not address(0)

require(makerOrder.signer != address(0), "Order: Invalid signer");

// Verify the amount is not 0

require(makerOrder.amount > 0, "Order: Amount cannot be 0");

// Verify the validity of the signature

require(

SignatureChecker.verify(

orderHash,

makerOrder.signer,

makerOrder.v,

makerOrder.r,

makerOrder.s,

DOMAIN_SEPARATOR

"Signature: Invalid"

);

// Verify whether the currency is whitelisted

require(currencyManager.isCurrencyWhitelisted(makerOrder.currency), "Currency: Not whitelisted");

// Verify whether strategy can be executed

require(executionManager.isStrategyWhitelisted(makerOrder.strategy), "Strategy: Not whitelisted");

}

已保存差異

原始文本

Open file

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

// OpenZeppelin contracts
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
import {ReentrancyGuard} from "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import {IERC20, SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

// LooksRare interfaces
import {ICurrencyManager} from "./interfaces/ICurrencyManager.sol";
import {IExecutionManager} from "./interfaces/IExecutionManager.sol";
import {IExecutionStrategy} from "./interfaces/IExecutionStrategy.sol";
import {IRoyaltyFeeManager} from "./interfaces/IRoyaltyFeeManager.sol";
import {ILooksRareExchange} from "./interfaces/ILooksRareExchange.sol";
import {ITransferManagerNFT} from "./interfaces/ITransferManagerNFT.sol";
import {ITransferSelectorNFT} from "./interfaces/ITransferSelectorNFT.sol";
import {IWETH} from "./interfaces/IWETH.sol";

// LooksRare libraries
import {OrderTypes} from "./libraries/OrderTypes.sol";
import {SignatureChecker} from "./libraries/SignatureChecker.sol";
contract LooksRareExchange is ILooksRareExchange, ReentrancyGuard, Ownable {
    using SafeERC20 for IERC20;

using OrderTypes for OrderTypes.MakerOrder;
    using OrderTypes for OrderTypes.TakerOrder;

address public immutable WETH;
    bytes32 public immutable DOMAIN_SEPARATOR;

address public protocolFeeRecipient;

ICurrencyManager public currencyManager;
    IExecutionManager public executionManager;
    IRoyaltyFeeManager public royaltyFeeManager;
    ITransferSelectorNFT public transferSelectorNFT;

mapping(address => uint256) public userMinOrderNonce;
    mapping(address => mapping(uint256 => bool)) private _isUserOrderNonceExecutedOrCancelled;

event CancelAllOrders(address indexed user, uint256 newMinNonce);
    event CancelMultipleOrders(address indexed user, uint256[] orderNonces);
    event NewCurrencyManager(address indexed currencyManager);
    event NewExecutionManager(address indexed executionManager);
    event NewProtocolFeeRecipient(address indexed protocolFeeRecipient);
    event NewRoyaltyFeeManager(address indexed royaltyFeeManager);
    event NewTransferSelectorNFT(address indexed transferSelectorNFT);

event RoyaltyPayment(
        address indexed collection,
        uint256 indexed tokenId,
        address indexed royaltyRecipient,
        address currency,
        uint256 amount
    );

event TakerAsk(
        bytes32 orderHash, // bid hash of the maker order
        uint256 orderNonce, // user order nonce
        address indexed taker, // sender address for the taker ask order
        address indexed maker, // maker address of the initial bid order
        address indexed strategy, // strategy that defines the execution
        address currency, // currency address
        address collection, // collection address
        uint256 tokenId, // tokenId transferred
        uint256 amount, // amount of tokens transferred
        uint256 price // final transacted price
    );

event TakerBid(
        bytes32 orderHash, // ask hash of the maker order
        uint256 orderNonce, // user order nonce
        address indexed taker, // sender address for the taker bid order
        address indexed maker, // maker address of the initial ask order
        address indexed strategy, // strategy that defines the execution
        address currency, // currency address
        address collection, // collection address
        uint256 tokenId, // tokenId transferred
        uint256 amount, // amount of tokens transferred
        uint256 price // final transacted price
    );

/**
     * @notice Constructor
     * @param _currencyManager currency manager address
     * @param _executionManager execution manager address
     * @param _royaltyFeeManager royalty fee manager address
     * @param _WETH wrapped ether address (for other chains, use wrapped native asset)
     * @param _protocolFeeRecipient protocol fee recipient
     */
    constructor(
        address _currencyManager,
        address _executionManager,
        address _royaltyFeeManager,
        address _WETH,
        address _protocolFeeRecipient
    ) {
        // Calculate the domain separator
        DOMAIN_SEPARATOR = keccak256(
            abi.encode(
                0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f, // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
                0xda9101ba92939daf4bb2e18cd5f942363b9297fbc3232c9dd964abb1fb70ed71, // keccak256("LooksRareExchange")
                0xc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc6, // keccak256(bytes("1")) for versionId = 1
                block.chainid,
                address(this)
            )
        );

currencyManager = ICurrencyManager(_currencyManager);
        executionManager = IExecutionManager(_executionManager);
        royaltyFeeManager = IRoyaltyFeeManager(_royaltyFeeManager);
        WETH = _WETH;
        protocolFeeRecipient = _protocolFeeRecipient;
    }

/**
     * @notice Cancel all pending orders for a sender
     * @param minNonce minimum user nonce
     */
    function cancelAllOrdersForSender(uint256 minNonce) external {
        require(minNonce > userMinOrderNonce[msg.sender], "Cancel: Order nonce lower than current");
        require(minNonce < userMinOrderNonce[msg.sender] + 500000, "Cancel: Cannot cancel more orders");
        userMinOrderNonce[msg.sender] = minNonce;

emit CancelAllOrders(msg.sender, minNonce);
    }

/**
     * @notice Cancel maker orders
     * @param orderNonces array of order nonces
     */
    function cancelMultipleMakerOrders(uint256[] calldata orderNonces) external {
        require(orderNonces.length > 0, "Cancel: Cannot be empty");

for (uint256 i = 0; i < orderNonces.length; i++) {
            require(orderNonces[i] >= userMinOrderNonce[msg.sender], "Cancel: Order nonce lower than current");
            _isUserOrderNonceExecutedOrCancelled[msg.sender][orderNonces[i]] = true;
        }

emit CancelMultipleOrders(msg.sender, orderNonces);
    }

/**
     * @notice Match ask with a taker bid order using ETH
     * @param takerBid taker bid order
     * @param makerAsk maker ask order
     */
    function matchAskWithTakerBidUsingETHAndWETH(
        OrderTypes.TakerOrder calldata takerBid,
        OrderTypes.MakerOrder calldata makerAsk
    ) external payable override nonReentrant {
        require((makerAsk.isOrderAsk) && (!takerBid.isOrderAsk), "Order: Wrong sides");
        require(makerAsk.currency == WETH, "Order: Currency must be WETH");
        require(msg.sender == takerBid.taker, "Order: Taker must be the sender");

// If not enough ETH to cover the price, use WETH
        if (takerBid.price > msg.value) {
            IERC20(WETH).safeTransferFrom(msg.sender, address(this), (takerBid.price - msg.value));
        } else {
            require(takerBid.price == msg.value, "Order: Msg.value too high");
        }

// Wrap ETH sent to this contract
        IWETH(WETH).deposit{value: msg.value}();

// Check the maker ask order
        bytes32 askHash = makerAsk.hash();
        _validateOrder(makerAsk, askHash);

// Retrieve execution parameters
        (bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerAsk.strategy)
            .canExecuteTakerBid(takerBid, makerAsk);

require(isExecutionValid, "Strategy: Execution invalid");

// Update maker ask order status to true (prevents replay)
        _isUserOrderNonceExecutedOrCancelled[makerAsk.signer][makerAsk.nonce] = true;

// Execution part 1/2
        _transferFeesAndFundsWithWETH(
            makerAsk.strategy,
            makerAsk.collection,
            tokenId,
            makerAsk.signer,
            takerBid.price,
            makerAsk.minPercentageToAsk
        );

// Execution part 2/2
        _transferNonFungibleToken(makerAsk.collection, makerAsk.signer, takerBid.taker, tokenId, amount);

emit TakerBid(
            askHash,
            makerAsk.nonce,
            takerBid.taker,
            makerAsk.signer,
            makerAsk.strategy,
            makerAsk.currency,
            makerAsk.collection,
            tokenId,
            amount,
            takerBid.price
        );
    }

/**
     * @notice Match a takerBid with a matchAsk
     * @param takerBid taker bid order
     * @param makerAsk maker ask order
     */
    function matchAskWithTakerBid(OrderTypes.TakerOrder calldata takerBid, OrderTypes.MakerOrder calldata makerAsk)
        external
        override
        nonReentrant
    {
        require((makerAsk.isOrderAsk) && (!takerBid.isOrderAsk), "Order: Wrong sides");
        require(msg.sender == takerBid.taker, "Order: Taker must be the sender");

// Check the maker ask order
        bytes32 askHash = makerAsk.hash();
        _validateOrder(makerAsk, askHash);

(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerAsk.strategy)
            .canExecuteTakerBid(takerBid, makerAsk);

require(isExecutionValid, "Strategy: Execution invalid");

// Update maker ask order status to true (prevents replay)
        _isUserOrderNonceExecutedOrCancelled[makerAsk.signer][makerAsk.nonce] = true;

// Execution part 1/2
        _transferFeesAndFunds(
            makerAsk.strategy,
            makerAsk.collection,
            tokenId,
            makerAsk.currency,
            msg.sender,
            makerAsk.signer,
            takerBid.price,
            makerAsk.minPercentageToAsk
        );

// Execution part 2/2
        _transferNonFungibleToken(makerAsk.collection, makerAsk.signer, takerBid.taker, tokenId, amount);

/**
     * @notice Match a takerAsk with a makerBid
     * @param takerAsk taker ask order
     * @param makerBid maker bid order
     */
    function matchBidWithTakerAsk(OrderTypes.TakerOrder calldata takerAsk, OrderTypes.MakerOrder calldata makerBid)
        external
        override
        nonReentrant
    {
        require((!makerBid.isOrderAsk) && (takerAsk.isOrderAsk), "Order: Wrong sides");
        require(msg.sender == takerAsk.taker, "Order: Taker must be the sender");

// Check the maker bid order
        bytes32 bidHash = makerBid.hash();
        _validateOrder(makerBid, bidHash);

(bool isExecutionValid, uint256 tokenId, uint256 amount) = IExecutionStrategy(makerBid.strategy)
            .canExecuteTakerAsk(takerAsk, makerBid);

require(isExecutionValid, "Strategy: Execution invalid");

// Update maker bid order status to true (prevents replay)
        _isUserOrderNonceExecutedOrCancelled[makerBid.signer][makerBid.nonce] = true;

// Execution part 1/2
        _transferNonFungibleToken(makerBid.collection, msg.sender, makerBid.signer, tokenId, amount);

// Execution part 2/2
        _transferFeesAndFunds(
            makerBid.strategy,
            makerBid.collection,
            tokenId,
            makerBid.currency,
            makerBid.signer,
            takerAsk.taker,
            takerAsk.price,
            takerAsk.minPercentageToAsk
        );

emit TakerAsk(
            bidHash,
            makerBid.nonce,
            takerAsk.taker,
            makerBid.signer,
            makerBid.strategy,
            makerBid.currency,
            makerBid.collection,
            tokenId,
            amount,
            takerAsk.price
        );
    }

/**
     * @notice Update currency manager
     * @param _currencyManager new currency manager address
     */
    function updateCurrencyManager(address _currencyManager) external onlyOwner {
        require(_currencyManager != address(0), "Owner: Cannot be null address");
        currencyManager = ICurrencyManager(_currencyManager);
        emit NewCurrencyManager(_currencyManager);
    }

/**
     * @notice Update execution manager
     * @param _executionManager new execution manager address
     */
    function updateExecutionManager(address _executionManager) external onlyOwner {
        require(_executionManager != address(0), "Owner: Cannot be null address");
        executionManager = IExecutionManager(_executionManager);
        emit NewExecutionManager(_executionManager);
    }

/**
     * @notice Update protocol fee and recipient
     * @param _protocolFeeRecipient new recipient for protocol fees
     */
    function updateProtocolFeeRecipient(address _protocolFeeRecipient) external onlyOwner {
        protocolFeeRecipient = _protocolFeeRecipient;
        emit NewProtocolFeeRecipient(_protocolFeeRecipient);
    }

/**
     * @notice Update royalty fee manager
     * @param _royaltyFeeManager new fee manager address
     */
    function updateRoyaltyFeeManager(address _royaltyFeeManager) external onlyOwner {
        require(_royaltyFeeManager != address(0), "Owner: Cannot be null address");
        royaltyFeeManager = IRoyaltyFeeManager(_royaltyFeeManager);
        emit NewRoyaltyFeeManager(_royaltyFeeManager);
    }

/**
     * @notice Update transfer selector NFT
     * @param _transferSelectorNFT new transfer selector address
     */
    function updateTransferSelectorNFT(address _transferSelectorNFT) external onlyOwner {
        require(_transferSelectorNFT != address(0), "Owner: Cannot be null address");
        transferSelectorNFT = ITransferSelectorNFT(_transferSelectorNFT);

emit NewTransferSelectorNFT(_transferSelectorNFT);
    }

/**
     * @notice Check whether user order nonce is executed or cancelled
     * @param user address of user
     * @param orderNonce nonce of the order
     */
    function isUserOrderNonceExecutedOrCancelled(address user, uint256 orderNonce) external view returns (bool) {
        return _isUserOrderNonceExecutedOrCancelled[user][orderNonce];
    }

/**
     * @notice Transfer fees and funds to royalty recipient, protocol, and seller
     * @param strategy address of the execution strategy
     * @param collection non fungible token address for the transfer
     * @param tokenId tokenId
     * @param currency currency being used for the purchase (e.g., WETH/USDC)
     * @param from sender of the funds
     * @param to seller's recipient
     * @param amount amount being transferred (in currency)
     * @param minPercentageToAsk minimum percentage of the gross amount that goes to ask
     */
    function _transferFeesAndFunds(
        address strategy,
        address collection,
        uint256 tokenId,
        address currency,
        address from,
        address to,
        uint256 amount,
        uint256 minPercentageToAsk
    ) internal {
        // Initialize the final amount that is transferred to seller
        uint256 finalSellerAmount = amount;

// 1. Protocol fee
        {
            uint256 protocolFeeAmount = _calculateProtocolFee(strategy, amount);

// Check if the protocol fee is different than 0 for this strategy
            if ((protocolFeeRecipient != address(0)) && (protocolFeeAmount != 0)) {
                IERC20(currency).safeTransferFrom(from, protocolFeeRecipient, protocolFeeAmount);
                finalSellerAmount -= protocolFeeAmount;
            }
        }

// 2. Royalty fee
        {
            (address royaltyFeeRecipient, uint256 royaltyFeeAmount) = royaltyFeeManager
                .calculateRoyaltyFeeAndGetRecipient(collection, tokenId, amount);

// Check if there is a royalty fee and that it is different to 0
            if ((royaltyFeeRecipient != address(0)) && (royaltyFeeAmount != 0)) {
                IERC20(currency).safeTransferFrom(from, royaltyFeeRecipient, royaltyFeeAmount);
                finalSellerAmount -= royaltyFeeAmount;

emit RoyaltyPayment(collection, tokenId, royaltyFeeRecipient, currency, royaltyFeeAmount);
            }
        }

require((finalSellerAmount * 10000) >= (minPercentageToAsk * amount), "Fees: Higher than expected");

// 3. Transfer final amount (post-fees) to seller
        {
            IERC20(currency).safeTransferFrom(from, to, finalSellerAmount);
        }
    }

/**
     * @notice Transfer fees and funds to royalty recipient, protocol, and seller
     * @param strategy address of the execution strategy
     * @param collection non fungible token address for the transfer
     * @param tokenId tokenId
     * @param to seller's recipient
     * @param amount amount being transferred (in currency)
     * @param minPercentageToAsk minimum percentage of the gross amount that goes to ask
     */
    function _transferFeesAndFundsWithWETH(
        address strategy,
        address collection,
        uint256 tokenId,
        address to,
        uint256 amount,
        uint256 minPercentageToAsk
    ) internal {
        // Initialize the final amount that is transferred to seller
        uint256 finalSellerAmount = amount;

// 1. Protocol fee
        {
            uint256 protocolFeeAmount = _calculateProtocolFee(strategy, amount);

// Check if the protocol fee is different than 0 for this strategy
            if ((protocolFeeRecipient != address(0)) && (protocolFeeAmount != 0)) {
                IERC20(WETH).safeTransfer(protocolFeeRecipient, protocolFeeAmount);
                finalSellerAmount -= protocolFeeAmount;
            }
        }

// 2. Royalty fee
        {
            (address royaltyFeeRecipient, uint256 royaltyFeeAmount) = royaltyFeeManager
                .calculateRoyaltyFeeAndGetRecipient(collection, tokenId, amount);

// Check if there is a royalty fee and that it is different to 0
            if ((royaltyFeeRecipient != address(0)) && (royaltyFeeAmount != 0)) {
                IERC20(WETH).safeTransfer(royaltyFeeRecipient, royaltyFeeAmount);
                finalSellerAmount -= royaltyFeeAmount;

emit RoyaltyPayment(collection, tokenId, royaltyFeeRecipient, address(WETH), royaltyFeeAmount);
            }
        }

require((finalSellerAmount * 10000) >= (minPercentageToAsk * amount), "Fees: Higher than expected");

// 3. Transfer final amount (post-fees) to seller
        {
            IERC20(WETH).safeTransfer(to, finalSellerAmount);
        }
    }

/**
     * @notice Transfer NFT
     * @param collection address of the token collection
     * @param from address of the sender
     * @param to address of the recipient
     * @param tokenId tokenId
     * @param amount amount of tokens (1 for ERC721, 1+ for ERC1155)
     * @dev For ERC721, amount is not used
     */
    function _transferNonFungibleToken(
        address collection,
        address from,
        address to,
        uint256 tokenId,
        uint256 amount
    ) internal {
        // Retrieve the transfer manager address
        address transferManager = transferSelectorNFT.checkTransferManagerForToken(collection);

// If no transfer manager found, it returns address(0)
        require(transferManager != address(0), "Transfer: No NFT transfer manager available");

// If one is found, transfer the token
        ITransferManagerNFT(transferManager).transferNonFungibleToken(collection, from, to, tokenId, amount);
    }

/**
     * @notice Calculate protocol fee for an execution strategy
     * @param executionStrategy strategy
     * @param amount amount to transfer
     */
    function _calculateProtocolFee(address executionStrategy, uint256 amount) internal view returns (uint256) {
        uint256 protocolFee = IExecutionStrategy(executionStrategy).viewProtocolFee();
        return (protocolFee * amount) / 10000;
    }

/**
     * @notice Verify the validity of the maker order
     * @param makerOrder maker order
     * @param orderHash computed hash for the order
     */
    function _validateOrder(OrderTypes.MakerOrder calldata makerOrder, bytes32 orderHash) internal view {
        // Verify whether order nonce has expired
        require(
            (!_isUserOrderNonceExecutedOrCancelled[makerOrder.signer][makerOrder.nonce]) &&
                (makerOrder.nonce >= userMinOrderNonce[makerOrder.signer]),
            "Order: Matching order expired"
        );

// Verify the signer is not address(0)
        require(makerOrder.signer != address(0), "Order: Invalid signer");

// Verify the amount is not 0
        require(makerOrder.amount > 0, "Order: Amount cannot be 0");

// Verify the validity of the signature
        require(
            SignatureChecker.verify(
                orderHash,
                makerOrder.signer,
                makerOrder.v,
                makerOrder.r,
                makerOrder.s,
                DOMAIN_SEPARATOR
            ),
            "Signature: Invalid"
        );

// Verify whether the currency is whitelisted
        require(currencyManager.isCurrencyWhitelisted(makerOrder.currency), "Currency: Not whitelisted");

// Verify whether strategy can be executed
        require(executionManager.isStrategyWhitelisted(makerOrder.strategy), "Strategy: Not whitelisted");
    }
}

更改後文本

Open file

/**
 *Submitted for verification at Etherscan.io on 2022-02-01
*/

pragma solidity 0.4.26;

library SafeMath {

/**
  * @dev Multiplies two numbers, throws on overflow.
  */
  function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
    if (a == 0) {
      return 0;
    }
    c = a * b;
    assert(c / a == b);
    return c;
  }

/**
  * @dev Integer division of two numbers, truncating the quotient.
  */
  function div(uint256 a, uint256 b) internal pure returns (uint256) {
    // assert(b > 0); // Solidity automatically throws when dividing by 0
    // uint256 c = a / b;
    // assert(a == b * c + a % b); // There is no case in which this doesn't hold
    return a / b;
  }

/**
  * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
  */
  function sub(uint256 a, uint256 b) internal pure returns (uint256) {
    assert(b <= a);
    return a - b;
  }

/**
  * @dev Adds two numbers, throws on overflow.
  */
  function add(uint256 a, uint256 b) internal pure returns (uint256 c) {
    c = a + b;
    assert(c >= a);
    return c;
  }
}

contract Ownable {
  address public owner;

event OwnershipRenounced(address indexed previousOwner);
  event OwnershipTransferred(
    address indexed previousOwner,
    address indexed newOwner
  );

/**
   * @dev The Ownable constructor sets the original `owner` of the contract to the sender
   * account.
   */
  constructor() public {
    owner = msg.sender;
  }

/**
   * @dev Throws if called by any account other than the owner.
   */
  modifier onlyOwner() {
    require(msg.sender == owner);
    _;
  }

/**
   * @dev Allows the current owner to transfer control of the contract to a newOwner.
   * @param newOwner The address to transfer ownership to.
   */
  function transferOwnership(address newOwner) public onlyOwner {
    require(newOwner != address(0));
    emit OwnershipTransferred(owner, newOwner);
    owner = newOwner;
  }

/**
   * @dev Allows the current owner to relinquish control of the contract.
   */
  function renounceOwnership() public onlyOwner {
    emit OwnershipRenounced(owner);
    owner = address(0);
  }
}

contract ERC20Basic {
  function totalSupply() public view returns (uint256);
  function balanceOf(address who) public view returns (uint256);
  function transfer(address to, uint256 value) public returns (bool);
  event Transfer(address indexed from, address indexed to, uint256 value);
}

contract ERC20 is ERC20Basic {
  function allowance(address owner, address spender)
    public view returns (uint256);

function transferFrom(address from, address to, uint256 value)
    public returns (bool);

function approve(address spender, uint256 value) public returns (bool);
  event Approval(
    address indexed owner,
    address indexed spender,
    uint256 value
  );
}

library ArrayUtils {

/**
     * Replace bytes in an array with bytes in another array, guarded by a bitmask
     * Efficiency of this function is a bit unpredictable because of the EVM's word-specific model (arrays under 32 bytes will be slower)
     *
     * @dev Mask must be the size of the byte array. A nonzero byte means the byte array can be changed.
     * @param array The original array
     * @param desired The target array
     * @param mask The mask specifying which bits can be changed
     * @return The updated byte array (the parameter will be modified inplace)
     */
    function guardedArrayReplace(bytes memory array, bytes memory desired, bytes memory mask)
        internal
        pure
    {
        require(array.length == desired.length);
        require(array.length == mask.length);

uint words = array.length / 0x20;
        uint index = words * 0x20;
        assert(index / 0x20 == words);
        uint i;

for (i = 0; i < words; i++) {
            /* Conceptually: array[i] = (!mask[i] && array[i]) || (mask[i] && desired[i]), bitwise in word chunks. */
            assembly {
                let commonIndex := mul(0x20, add(1, i))
                let maskValue := mload(add(mask, commonIndex))
                mstore(add(array, commonIndex), or(and(not(maskValue), mload(add(array, commonIndex))), and(maskValue, mload(add(desired, commonIndex)))))
            }
        }

/* Deal with the last section of the byte array. */
        if (words > 0) {
            /* This overlaps with bytes already set but is still more efficient than iterating through each of the remaining bytes individually. */
            i = words;
            assembly {
                let commonIndex := mul(0x20, add(1, i))
                let maskValue := mload(add(mask, commonIndex))
                mstore(add(array, commonIndex), or(and(not(maskValue), mload(add(array, commonIndex))), and(maskValue, mload(add(desired, commonIndex)))))
            }
        } else {
            /* If the byte array is shorter than a word, we must unfortunately do the whole thing bytewise.
               (bounds checks could still probably be optimized away in assembly, but this is a rare case) */
            for (i = index; i < array.length; i++) {
                array[i] = ((mask[i] ^ 0xff) & array[i]) | (mask[i] & desired[i]);
            }
        }
    }

/**
     * Test if two arrays are equal
     * @param a First array
     * @param b Second array
     * @return Whether or not all bytes in the arrays are equal
     */
    function arrayEq(bytes memory a, bytes memory b)
        internal
        pure
        returns (bool)
    {
        return keccak256(a) == keccak256(b);
    }

/**
     * Unsafe write byte array into a memory location
     *
     * @param index Memory location
     * @param source Byte array to write
     * @return End memory index
     */
    function unsafeWriteBytes(uint index, bytes source)
        internal
        pure
        returns (uint)
    {
        if (source.length > 0) {
            assembly {
                let length := mload(source)
                let end := add(source, add(0x20, length))
                let arrIndex := add(source, 0x20)
                let tempIndex := index
                for { } eq(lt(arrIndex, end), 1) {
                    arrIndex := add(arrIndex, 0x20)
                    tempIndex := add(tempIndex, 0x20)
                } {
                    mstore(tempIndex, mload(arrIndex))
                }
                index := add(index, length)
            }
        }
        return index;
    }

/**
     * Unsafe write address into a memory location
     *
     * @param index Memory location
     * @param source Address to write
     * @return End memory index
     */
    function unsafeWriteAddress(uint index, address source)
        internal
        pure
        returns (uint)
    {
        uint conv = uint(source) << 0x60;
        assembly {
            mstore(index, conv)
            index := add(index, 0x14)
        }
        return index;
    }

/**
     * Unsafe write address into a memory location using entire word
     *
     * @param index Memory location
     * @param source uint to write
     * @return End memory index
     */
    function unsafeWriteAddressWord(uint index, address source)
        internal
        pure
        returns (uint)
    {
        assembly {
            mstore(index, source)
            index := add(index, 0x20)
        }
        return index;
    }

/**
     * Unsafe write uint into a memory location
     *
     * @param index Memory location
     * @param source uint to write
     * @return End memory index
     */
    function unsafeWriteUint(uint index, uint source)
        internal
        pure
        returns (uint)
    {
        assembly {
            mstore(index, source)
            index := add(index, 0x20)
        }
        return index;
    }

/**
     * Unsafe write uint8 into a memory location
     *
     * @param index Memory location
     * @param source uint8 to write
     * @return End memory index
     */
    function unsafeWriteUint8(uint index, uint8 source)
        internal
        pure
        returns (uint)
    {
        assembly {
            mstore8(index, source)
            index := add(index, 0x1)
        }
        return index;
    }

/**
     * Unsafe write uint8 into a memory location using entire word
     *
     * @param index Memory location
     * @param source uint to write
     * @return End memory index
     */
    function unsafeWriteUint8Word(uint index, uint8 source)
        internal
        pure
        returns (uint)
    {
        assembly {
            mstore(index, source)
            index := add(index, 0x20)
        }
        return index;
    }

/**
     * Unsafe write bytes32 into a memory location using entire word
     *
     * @param index Memory location
     * @param source uint to write
     * @return End memory index
     */
    function unsafeWriteBytes32(uint index, bytes32 source)
        internal
        pure
        returns (uint)
    {
        assembly {
            mstore(index, source)
            index := add(index, 0x20)
        }
        return index;
    }
}

contract ReentrancyGuarded {

bool reentrancyLock = false;

/* Prevent a contract function from being reentrant-called. */
    modifier reentrancyGuard {
        if (reentrancyLock) {
            revert();
        }
        reentrancyLock = true;
        _;
        reentrancyLock = false;
    }

}

contract TokenRecipient {
    event ReceivedEther(address indexed sender, uint amount);
    event ReceivedTokens(address indexed from, uint256 value, address indexed token, bytes extraData);

/**
     * @dev Receive tokens and generate a log event
     * @param from Address from which to transfer tokens
     * @param value Amount of tokens to transfer
     * @param token Address of token
     * @param extraData Additional data to log
     */
    function receiveApproval(address from, uint256 value, address token, bytes extraData) public {
        ERC20 t = ERC20(token);
        require(t.transferFrom(from, this, value));
        emit ReceivedTokens(from, value, token, extraData);
    }

/**
     * @dev Receive Ether and generate a log event
     */
    function () payable public {
        emit ReceivedEther(msg.sender, msg.value);
    }
}

contract ExchangeCore is ReentrancyGuarded, Ownable {
    string public constant name = "Wyvern Exchange Contract";
    string public constant version = "2.3";

// NOTE: these hashes are derived and verified in the constructor.
    bytes32 private constant _EIP_712_DOMAIN_TYPEHASH = 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
    bytes32 private constant _NAME_HASH = 0x9a2ed463836165738cfa54208ff6e7847fd08cbaac309aac057086cb0a144d13;
    bytes32 private constant _VERSION_HASH = 0xe2fd538c762ee69cab09ccd70e2438075b7004dd87577dc3937e9fcc8174bb64;
    bytes32 private constant _ORDER_TYPEHASH = 0xdba08a88a748f356e8faf8578488343eab21b1741728779c9dcfdc782bc800f8;

bytes4 private constant _EIP_1271_MAGIC_VALUE = 0x1626ba7e;

//    // NOTE: chainId opcode is not supported in solidiy 0.4.x; here we hardcode as 1.
    // In order to protect against orders that are replayable across forked chains,
    // either the solidity version needs to be bumped up or it needs to be retrieved
    // from another contract.
    uint256 private constant _CHAIN_ID = 1;

// Note: the domain separator is derived and verified in the constructor. */
    bytes32 public constant DOMAIN_SEPARATOR = 0x72982d92449bfb3d338412ce4738761aff47fb975ceb17a1bc3712ec716a5a68;

/* The token used to pay exchange fees. */
    ERC20 public exchangeToken;

/* User registry. */
    ProxyRegistry public registry;

/* Token transfer proxy. */
    TokenTransferProxy public tokenTransferProxy;

/* Cancelled / finalized orders, by hash. */
    mapping(bytes32 => bool) public cancelledOrFinalized;

/* Orders verified by on-chain approval (alternative to ECDSA signatures so that smart contracts can place orders directly). */
    /* Note that the maker's nonce at the time of approval **plus one** is stored in the mapping. */
    mapping(bytes32 => uint256) private _approvedOrdersByNonce;

/* Track per-maker nonces that can be incremented by the maker to cancel orders in bulk. */
    // The current nonce for the maker represents the only valid nonce that can be signed by the maker
    // If a signature was signed with a nonce that's different from the one stored in nonces, it
    // will fail validation.
    mapping(address => uint256) public nonces;

/* For split fee orders, minimum required protocol maker fee, in basis points. Paid to owner (who can change it). */
    uint public minimumMakerProtocolFee = 0;

/* For split fee orders, minimum required protocol taker fee, in basis points. Paid to owner (who can change it). */
    uint public minimumTakerProtocolFee = 0;

/* Recipient of protocol fees. */
    address public protocolFeeRecipient;

/* Fee method: protocol fee or split fee. */
    enum FeeMethod { ProtocolFee, SplitFee }

/* Inverse basis point. */
    uint public constant INVERSE_BASIS_POINT = 10000;

/* An ECDSA signature. */
    struct Sig {
        /* v parameter */
        uint8 v;
        /* r parameter */
        bytes32 r;
        /* s parameter */
        bytes32 s;
    }

/* An order on the exchange. */
    struct Order {
        /* Exchange address, intended as a versioning mechanism. */
        address exchange;
        /* Order maker address. */
        address maker;
        /* Order taker address, if specified. */
        address taker;
        /* Maker relayer fee of the order, unused for taker order. */
        uint makerRelayerFee;
        /* Taker relayer fee of the order, or maximum taker fee for a taker order. */
        uint takerRelayerFee;
        /* Maker protocol fee of the order, unused for taker order. */
        uint makerProtocolFee;
        /* Taker protocol fee of the order, or maximum taker fee for a taker order. */
        uint takerProtocolFee;
        /* Order fee recipient or zero address for taker order. */
        address feeRecipient;
        /* Fee method (protocol token or split fee). */
        FeeMethod feeMethod;
        /* Side (buy/sell). */
        SaleKindInterface.Side side;
        /* Kind of sale. */
        SaleKindInterface.SaleKind saleKind;
        /* Target. */
        address target;
        /* HowToCall. */
        AuthenticatedProxy.HowToCall howToCall;
        /* Calldata. */
        bytes calldata;
        /* Calldata replacement pattern, or an empty byte array for no replacement. */
        bytes replacementPattern;
        /* Static call target, zero-address for no static call. */
        address staticTarget;
        /* Static call extra data. */
        bytes staticExtradata;
        /* Token used to pay for the order, or the zero-address as a sentinel value for Ether. */
        address paymentToken;
        /* Base price of the order (in paymentTokens). */
        uint basePrice;
        /* Auction extra parameter - minimum bid increment for English auctions, starting/ending price difference. */
        uint extra;
        /* Listing timestamp. */
        uint listingTime;
        /* Expiration timestamp - 0 for no expiry. */
        uint expirationTime;
        /* Order salt, used to prevent duplicate hashes. */
        uint salt;
        /* NOTE: uint nonce is an additional component of the order but is read from storage */
    }

event OrderApprovedPartOne    (bytes32 indexed hash, address exchange, address indexed maker, address taker, uint makerRelayerFee, uint takerRelayerFee, uint makerProtocolFee, uint takerProtocolFee, address indexed feeRecipient, FeeMethod feeMethod, SaleKindInterface.Side side, SaleKindInterface.SaleKind saleKind, address target);
    event OrderApprovedPartTwo    (bytes32 indexed hash, AuthenticatedProxy.HowToCall howToCall, bytes calldata, bytes replacementPattern, address staticTarget, bytes staticExtradata, address paymentToken, uint basePrice, uint extra, uint listingTime, uint expirationTime, uint salt, bool orderbookInclusionDesired);
    event OrderCancelled          (bytes32 indexed hash);
    event OrdersMatched           (bytes32 buyHash, bytes32 sellHash, address indexed maker, address indexed taker, uint price, bytes32 indexed metadata);
    event NonceIncremented        (address indexed maker, uint newNonce);

constructor () public {
        require(keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)") == _EIP_712_DOMAIN_TYPEHASH);
        require(keccak256(bytes(name)) == _NAME_HASH);
        require(keccak256(bytes(version)) == _VERSION_HASH);
        require(keccak256("Order(address exchange,address maker,address taker,uint256 makerRelayerFee,uint256 takerRelayerFee,uint256 makerProtocolFee,uint256 takerProtocolFee,address feeRecipient,uint8 feeMethod,uint8 side,uint8 saleKind,address target,uint8 howToCall,bytes calldata,bytes replacementPattern,address staticTarget,bytes staticExtradata,address paymentToken,uint256 basePrice,uint256 extra,uint256 listingTime,uint256 expirationTime,uint256 salt,uint256 nonce)") == _ORDER_TYPEHASH);
        require(DOMAIN_SEPARATOR == _deriveDomainSeparator());
    }

/**
     * @dev Derive the domain separator for EIP-712 signatures.
     * @return The domain separator.
     */
    function _deriveDomainSeparator() private view returns (bytes32) {
        return keccak256(
            abi.encode(
                _EIP_712_DOMAIN_TYPEHASH, // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
                _NAME_HASH, // keccak256("Wyvern Exchange Contract")
                _VERSION_HASH, // keccak256(bytes("2.3"))
                _CHAIN_ID, // NOTE: this is fixed, need to use solidity 0.5+ or make external call to support!
                address(this)
            )
        );
    }

/**
     * Increment a particular maker's nonce, thereby invalidating all orders that were not signed
     * with the original nonce.
     */
    function incrementNonce() external {
        uint newNonce = ++nonces[msg.sender];
        emit NonceIncremented(msg.sender, newNonce);
    }

/**
     * @dev Change the minimum maker fee paid to the protocol (owner only)
     * @param newMinimumMakerProtocolFee New fee to set in basis points
     */
    function changeMinimumMakerProtocolFee(uint newMinimumMakerProtocolFee)
        public
        onlyOwner
    {
        minimumMakerProtocolFee = newMinimumMakerProtocolFee;
    }

/**
     * @dev Change the minimum taker fee paid to the protocol (owner only)
     * @param newMinimumTakerProtocolFee New fee to set in basis points
     */
    function changeMinimumTakerProtocolFee(uint newMinimumTakerProtocolFee)
        public
        onlyOwner
    {
        minimumTakerProtocolFee = newMinimumTakerProtocolFee;
    }

/**
     * @dev Change the protocol fee recipient (owner only)
     * @param newProtocolFeeRecipient New protocol fee recipient address
     */
    function changeProtocolFeeRecipient(address newProtocolFeeRecipient)
        public
        onlyOwner
    {
        protocolFeeRecipient = newProtocolFeeRecipient;
    }

/**
     * @dev Transfer tokens
     * @param token Token to transfer
     * @param from Address to charge fees
     * @param to Address to receive fees
     * @param amount Amount of protocol tokens to charge
     */
    function transferTokens(address token, address from, address to, uint amount)
        internal
    {
        if (amount > 0) {
            require(tokenTransferProxy.transferFrom(token, from, to, amount));
        }
    }

/**
     * @dev Charge a fee in protocol tokens
     * @param from Address to charge fees
     * @param to Address to receive fees
     * @param amount Amount of protocol tokens to charge
     */
    function chargeProtocolFee(address from, address to, uint amount)
        internal
    {
        transferTokens(exchangeToken, from, to, amount);
    }

/**
     * @dev Execute a STATICCALL (introduced with Ethereum Metropolis, non-state-modifying external call)
     * @param target Contract to call
     * @param calldata Calldata (appended to extradata)
     * @param extradata Base data for STATICCALL (probably function selector and argument encoding)
     * @return The result of the call (success or failure)
     */
    function staticCall(address target, bytes memory calldata, bytes memory extradata)
        public
        view
        returns (bool result)
    {
        bytes memory combined = new bytes(calldata.length + extradata.length);
        uint index;
        assembly {
            index := add(combined, 0x20)
        }
        index = ArrayUtils.unsafeWriteBytes(index, extradata);
        ArrayUtils.unsafeWriteBytes(index, calldata);
        assembly {
            result := staticcall(gas, target, add(combined, 0x20), mload(combined), mload(0x40), 0)
        }
        return result;
    }

/**
     * @dev Hash an order, returning the canonical EIP-712 order hash without the domain separator
     * @param order Order to hash
     * @param nonce maker nonce to hash
     * @return Hash of order
     */
    function hashOrder(Order memory order, uint nonce)
        internal
        pure
        returns (bytes32 hash)
    {
        /* Unfortunately abi.encodePacked doesn't work here, stack size constraints. */
        uint size = 800;
        bytes memory array = new bytes(size);
        uint index;
        assembly {
            index := add(array, 0x20)
        }
        index = ArrayUtils.unsafeWriteBytes32(index, _ORDER_TYPEHASH);
        index = ArrayUtils.unsafeWriteAddressWord(index, order.exchange);
        index = ArrayUtils.unsafeWriteAddressWord(index, order.maker);
        index = ArrayUtils.unsafeWriteAddressWord(index, order.taker);
        index = ArrayUtils.unsafeWriteUint(index, order.makerRelayerFee);
        index = ArrayUtils.unsafeWriteUint(index, order.takerRelayerFee);
        index = ArrayUtils.unsafeWriteUint(index, order.makerProtocolFee);
        index = ArrayUtils.unsafeWriteUint(index, order.takerProtocolFee);
        index = ArrayUtils.unsafeWriteAddressWord(index, order.feeRecipient);
        index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.feeMethod));
        index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.side));
        index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.saleKind));
        index = ArrayUtils.unsafeWriteAddressWord(index, order.target);
        index = ArrayUtils.unsafeWriteUint8Word(index, uint8(order.howToCall));
        index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.calldata));
        index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.replacementPattern));
        index = ArrayUtils.unsafeWriteAddressWord(index, order.staticTarget);
        index = ArrayUtils.unsafeWriteBytes32(index, keccak256(order.staticExtradata));
        index = ArrayUtils.unsafeWriteAddressWord(index, order.paymentToken);
        index = ArrayUtils.unsafeWriteUint(index, order.basePrice);
        index = ArrayUtils.unsafeWriteUint(index, order.extra);
        index = ArrayUtils.unsafeWriteUint(index, order.listingTime);
        index = ArrayUtils.unsafeWriteUint(index, order.expirationTime);
        index = ArrayUtils.unsafeWriteUint(index, order.salt);
        index = ArrayUtils.unsafeWriteUint(index, nonce);
        assembly {
            hash := keccak256(add(array, 0x20), size)
        }
        return hash;
    }

/**
     * @dev Hash an order, returning the hash that a client must sign via EIP-712 including the message prefix
     * @param order Order to hash
     * @param nonce Nonce to hash
     * @return Hash of message prefix and order hash per Ethereum format
     */
    function hashToSign(Order memory order, uint nonce)
        internal
        pure
        returns (bytes32)
    {
        return keccak256(
            abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR, hashOrder(order, nonce))
        );
    }

/**
     * @dev Assert an order is valid and return its hash
     * @param order Order to validate
     * @param nonce Nonce to validate
     * @param sig ECDSA signature
     */
    function requireValidOrder(Order memory order, Sig memory sig, uint nonce)
        internal
        view
        returns (bytes32)
    {
        bytes32 hash = hashToSign(order, nonce);
        require(validateOrder(hash, order, sig));
        return hash;
    }

/**
     * @dev Validate order parameters (does *not* check signature validity)
     * @param order Order to validate
     */
    function validateOrderParameters(Order memory order)
        internal
        view
        returns (bool)
    {
        /* Order must be targeted at this protocol version (this Exchange contract). */
        if (order.exchange != address(this)) {
            return false;
        }

/* Order must have a maker. */
        if (order.maker == address(0)) {
            return false;
        }

/* Order must possess valid sale kind parameter combination. */
        if (!SaleKindInterface.validateParameters(order.saleKind, order.expirationTime)) {
            return false;
        }

/* If using the split fee method, order must have sufficient protocol fees. */
        if (order.feeMethod == FeeMethod.SplitFee && (order.makerProtocolFee < minimumMakerProtocolFee || order.takerProtocolFee < minimumTakerProtocolFee)) {
            return false;
        }

return true;
    }

/**
     * @dev Validate a provided previously approved / signed order, hash, and signature.
     * @param hash Order hash (already calculated, passed to avoid recalculation)
     * @param order Order to validate
     * @param sig ECDSA signature
     */
    function validateOrder(bytes32 hash, Order memory order, Sig memory sig)
        internal
        view
        returns (bool)
    {
        /* Not done in an if-conditional to prevent unnecessary ecrecover evaluation, which seems to happen even though it should short-circuit. */

/* Order must have valid parameters. */
        if (!validateOrderParameters(order)) {
            return false;
        }

/* Order must have not been canceled or already filled. */
        if (cancelledOrFinalized[hash]) {
            return false;
        }

/* Return true if order has been previously approved with the current nonce */
        uint approvedOrderNoncePlusOne = _approvedOrdersByNonce[hash];
        if (approvedOrderNoncePlusOne != 0) {
            return approvedOrderNoncePlusOne == nonces[order.maker] + 1;
        }

/* Prevent signature malleability and non-standard v values. */
        if (uint256(sig.s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return false;
        }
        if (sig.v != 27 && sig.v != 28) {
            return false;
        }

/* recover via ECDSA, signed by maker (already verified as non-zero). */
        if (ecrecover(hash, sig.v, sig.r, sig.s) == order.maker) {
            return true;
        }

/* fallback — attempt EIP-1271 isValidSignature check. */
        return _tryContractSignature(order.maker, hash, sig);
    }

function _tryContractSignature(address orderMaker, bytes32 hash, Sig memory sig) internal view returns (bool) {
        bytes memory isValidSignatureData = abi.encodeWithSelector(
            _EIP_1271_MAGIC_VALUE,
            hash,
            abi.encodePacked(sig.r, sig.s, sig.v)
        );

bytes4 result;

// NOTE: solidity 0.4.x does not support STATICCALL outside of assembly
        assembly {
            let success := staticcall(           // perform a staticcall
                gas,                             // forward all available gas
                orderMaker,                      // call the order maker
                add(isValidSignatureData, 0x20), // calldata offset comes after length
                mload(isValidSignatureData),     // load calldata length
                0,                               // do not use memory for return data
                0                                // do not use memory for return data
            )

if iszero(success) {                     // if the call fails
                returndatacopy(0, 0, returndatasize) // copy returndata buffer to memory
                revert(0, returndatasize)            // revert + pass through revert data
            }

if eq(returndatasize, 0x20) {  // if returndata == 32 (one word)
                returndatacopy(0, 0, 0x20) // copy return data to memory in scratch space
                result := mload(0)         // load return data from memory to the stack
            }
        }

return result == _EIP_1271_MAGIC_VALUE;
    }

/**
     * @dev Determine if an order has been approved. Note that the order may not still
     * be valid in cases where the maker's nonce has been incremented.
     * @param hash Hash of the order
     * @return whether or not the order was approved.
     */
    function approvedOrders(bytes32 hash) public view returns (bool approved) {
        return _approvedOrdersByNonce[hash] != 0;
    }

/**
     * @dev Approve an order and optionally mark it for orderbook inclusion. Must be called by the maker of the order
     * @param order Order to approve
     * @param orderbookInclusionDesired Whether orderbook providers should include the order in their orderbooks
     */
    function approveOrder(Order memory order, bool orderbookInclusionDesired)
        internal
    {
        /* CHECKS */

/* Assert sender is authorized to approve order. */
        require(msg.sender == order.maker);

/* Calculate order hash. */
        bytes32 hash = hashToSign(order, nonces[order.maker]);

/* Assert order has not already been approved. */
        require(_approvedOrdersByNonce[hash] == 0);

/* EFFECTS */

/* Mark order as approved. */
        _approvedOrdersByNonce[hash] = nonces[order.maker] + 1;

/* Log approval event. Must be split in two due to Solidity stack size limitations. */
        {
            emit OrderApprovedPartOne(hash, order.exchange, order.maker, order.taker, order.makerRelayerFee, order.takerRelayerFee, order.makerProtocolFee, order.takerProtocolFee, order.feeRecipient, order.feeMethod, order.side, order.saleKind, order.target);
        }
        {
            emit OrderApprovedPartTwo(hash, order.howToCall, order.calldata, order.replacementPattern, order.staticTarget, order.staticExtradata, order.paymentToken, order.basePrice, order.extra, order.listingTime, order.expirationTime, order.salt, orderbookInclusionDesired);
        }
    }

/**
     * @dev Cancel an order, preventing it from being matched. Must be called by the maker of the order
     * @param order Order to cancel
     * @param nonce Nonce to cancel
     * @param sig ECDSA signature
     */
    function cancelOrder(Order memory order, Sig memory sig, uint nonce)
        internal
    {
        /* CHECKS */

/* Calculate order hash. */
        bytes32 hash = requireValidOrder(order, sig, nonce);

/* Assert sender is authorized to cancel order. */
        require(msg.sender == order.maker);

/* EFFECTS */

/* Mark order as cancelled, preventing it from being matched. */
        cancelledOrFinalized[hash] = true;

/* Log cancel event. */
        emit OrderCancelled(hash);
    }

/**
     * @dev Calculate the current price of an order (convenience function)
     * @param order Order to calculate the price of
     * @return The current price of the order
     */
    function calculateCurrentPrice (Order memory order)
        internal
        view
        returns (uint)
    {
        return SaleKindInterface.calculateFinalPrice(order.side, order.saleKind, order.basePrice, order.extra, order.listingTime, order.expirationTime);
    }

/**
     * @dev Calculate the price two orders would match at, if in fact they would match (otherwise fail)
     * @param buy Buy-side order
     * @param sell Sell-side order
     * @return Match price
     */
    function calculateMatchPrice(Order memory buy, Order memory sell)
        view
        internal
        returns (uint)
    {
        /* Calculate sell price. */
        uint sellPrice = SaleKindInterface.calculateFinalPrice(sell.side, sell.saleKind, sell.basePrice, sell.extra, sell.listingTime, sell.expirationTime);

/* Calculate buy price. */
        uint buyPrice = SaleKindInterface.calculateFinalPrice(buy.side, buy.saleKind, buy.basePrice, buy.extra, buy.listingTime, buy.expirationTime);

/* Require price cross. */
        require(buyPrice >= sellPrice);

/* Maker/taker priority. */
        return sell.feeRecipient != address(0) ? sellPrice : buyPrice;
    }

/**
     * @dev Execute all ERC20 token / Ether transfers associated with an order match (fees and buyer => seller transfer)
     * @param buy Buy-side order
     * @param sell Sell-side order
     */
    function executeFundsTransfer(Order memory buy, Order memory sell)
        internal
        returns (uint)
    {
        /* Only payable in the special case of unwrapped Ether. */
        if (sell.paymentToken != address(0)) {
            require(msg.value == 0);
        }

/* Calculate match price. */
        uint price = calculateMatchPrice(buy, sell);

/* If paying using a token (not Ether), transfer tokens. This is done prior to fee payments to that a seller will have tokens before being charged fees. */
        if (price > 0 && sell.paymentToken != address(0)) {
            transferTokens(sell.paymentToken, buy.maker, sell.maker, price);
        }

/* Amount that will be received by seller (for Ether). */
        uint receiveAmount = price;

/* Amount that must be sent by buyer (for Ether). */
        uint requiredAmount = price;

/* Determine maker/taker and charge fees accordingly. */
        if (sell.feeRecipient != address(0)) {
            /* Sell-side order is maker. */

/* Assert taker fee is less than or equal to maximum fee specified by buyer. */
            require(sell.takerRelayerFee <= buy.takerRelayerFee);

if (sell.feeMethod == FeeMethod.SplitFee) {
                /* Assert taker fee is less than or equal to maximum fee specified by buyer. */
                require(sell.takerProtocolFee <= buy.takerProtocolFee);

/* Maker fees are deducted from the token amount that the maker receives. Taker fees are extra tokens that must be paid by the taker. */

if (sell.makerRelayerFee > 0) {
                    uint makerRelayerFee = SafeMath.div(SafeMath.mul(sell.makerRelayerFee, price), INVERSE_BASIS_POINT);
                    if (sell.paymentToken == address(0)) {
                        receiveAmount = SafeMath.sub(receiveAmount, makerRelayerFee);
                        sell.feeRecipient.transfer(makerRelayerFee);
                    } else {
                        transferTokens(sell.paymentToken, sell.maker, sell.feeRecipient, makerRelayerFee);
                    }
                }

if (sell.takerRelayerFee > 0) {
                    uint takerRelayerFee = SafeMath.div(SafeMath.mul(sell.takerRelayerFee, price), INVERSE_BASIS_POINT);
                    if (sell.paymentToken == address(0)) {
                        requiredAmount = SafeMath.add(requiredAmount, takerRelayerFee);
                        sell.feeRecipient.transfer(takerRelayerFee);
                    } else {
                        transferTokens(sell.paymentToken, buy.maker, sell.feeRecipient, takerRelayerFee);
                    }
                }

if (sell.makerProtocolFee > 0) {
                    uint makerProtocolFee = SafeMath.div(SafeMath.mul(sell.makerProtocolFee, price), INVERSE_BASIS_POINT);
                    if (sell.paymentToken == address(0)) {
                        receiveAmount = SafeMath.sub(receiveAmount, makerProtocolFee);
                        protocolFeeRecipient.transfer(makerProtocolFee);
                    } else {
                        transferTokens(sell.paymentToken, sell.maker, protocolFeeRecipient, makerProtocolFee);
                    }
                }

if (sell.takerProtocolFee > 0) {
                    uint takerProtocolFee = SafeMath.div(SafeMath.mul(sell.takerProtocolFee, price), INVERSE_BASIS_POINT);
                    if (sell.paymentToken == address(0)) {
                        requiredAmount = SafeMath.add(requiredAmount, takerProtocolFee);
                        protocolFeeRecipient.transfer(takerProtocolFee);
                    } else {
                        transferTokens(sell.paymentToken, buy.maker, protocolFeeRecipient, takerProtocolFee);
                    }
                }

} else {
                /* Charge maker fee to seller. */
                chargeProtocolFee(sell.maker, sell.feeRecipient, sell.makerRelayerFee);

/* Charge taker fee to buyer. */
                chargeProtocolFee(buy.maker, sell.feeRecipient, sell.takerRelayerFee);
            }
        } else {
            /* Buy-side order is maker. */

/* Assert taker fee is less than or equal to maximum fee specified by seller. */
            require(buy.takerRelayerFee <= sell.takerRelayerFee);

if (sell.feeMethod == FeeMethod.SplitFee) {
                /* The Exchange does not escrow Ether, so direct Ether can only be used to with sell-side maker / buy-side taker orders. */
                require(sell.paymentToken != address(0));

/* Assert taker fee is less than or equal to maximum fee specified by seller. */
                require(buy.takerProtocolFee <= sell.takerProtocolFee);

if (buy.makerRelayerFee > 0) {
                    makerRelayerFee = SafeMath.div(SafeMath.mul(buy.makerRelayerFee, price), INVERSE_BASIS_POINT);
                    transferTokens(sell.paymentToken, buy.maker, buy.feeRecipient, makerRelayerFee);
                }

if (buy.takerRelayerFee > 0) {
                    takerRelayerFee = SafeMath.div(SafeMath.mul(buy.takerRelayerFee, price), INVERSE_BASIS_POINT);
                    transferTokens(sell.paymentToken, sell.maker, buy.feeRecipient, takerRelayerFee);
                }

if (buy.makerProtocolFee > 0) {
                    makerProtocolFee = SafeMath.div(SafeMath.mul(buy.makerProtocolFee, price), INVERSE_BASIS_POINT);
                    transferTokens(sell.paymentToken, buy.maker, protocolFeeRecipient, makerProtocolFee);
                }

if (buy.takerProtocolFee > 0) {
                    takerProtocolFee = SafeMath.div(SafeMath.mul(buy.takerProtocolFee, price), INVERSE_BASIS_POINT);
                    transferTokens(sell.paymentToken, sell.maker, protocolFeeRecipient, takerProtocolFee);
                }

} else {
                /* Charge maker fee to buyer. */
                chargeProtocolFee(buy.maker, buy.feeRecipient, buy.makerRelayerFee);

/* Charge taker fee to seller. */
                chargeProtocolFee(sell.maker, buy.feeRecipient, buy.takerRelayerFee);
            }
        }

if (sell.paymentToken == address(0)) {
            /* Special-case Ether, order must be matched by buyer. */
            require(msg.value >= requiredAmount);
            sell.maker.transfer(receiveAmount);
            /* Allow overshoot for variable-price auctions, refund difference. */
            uint diff = SafeMath.sub(msg.value, requiredAmount);
            if (diff > 0) {
                buy.maker.transfer(diff);
            }
        }

/* This contract should never hold Ether, however, we cannot assert this, since it is impossible to prevent anyone from sending Ether e.g. with selfdestruct. */

return price;
    }

/**
     * @dev Return whether or not two orders can be matched with each other by basic parameters (does not check order signatures / calldata or perform static calls)
     * @param buy Buy-side order
     * @param sell Sell-side order
     * @return Whether or not the two orders can be matched
     */
    function ordersCanMatch(Order memory buy, Order memory sell)
        internal
        view
        returns (bool)
    {
        return (
            /* Must be opposite-side. */
            (buy.side == SaleKindInterface.Side.Buy && sell.side == SaleKindInterface.Side.Sell) &&
            /* Must use same fee method. */
            (buy.feeMethod == sell.feeMethod) &&
            /* Must use same payment token. */
            (buy.paymentToken == sell.paymentToken) &&
            /* Must match maker/taker addresses. */
            (sell.taker == address(0) || sell.taker == buy.maker) &&
            (buy.taker == address(0) || buy.taker == sell.maker) &&
            /* One must be maker and the other must be taker (no bool XOR in Solidity). */
            ((sell.feeRecipient == address(0) && buy.feeRecipient != address(0)) || (sell.feeRecipient != address(0) && buy.feeRecipient == address(0))) &&
            /* Must match target. */
            (buy.target == sell.target) &&
            /* Must match howToCall. */
            (buy.howToCall == sell.howToCall) &&
            /* Buy-side order must be settleable. */
            SaleKindInterface.canSettleOrder(buy.listingTime, buy.expirationTime) &&
            /* Sell-side order must be settleable. */
            SaleKindInterface.canSettleOrder(sell.listingTime, sell.expirationTime)
        );
    }

/**
     * @dev Atomically match two orders, ensuring validity of the match, and execute all associated state transitions. Protected against reentrancy by a contract-global lock.
     * @param buy Buy-side order
     * @param buySig Buy-side order signature
     * @param sell Sell-side order
     * @param sellSig Sell-side order signature
     */
    function atomicMatch(Order memory buy, Sig memory buySig, Order memory sell, Sig memory sellSig, bytes32 metadata)
        internal
        reentrancyGuard
    {
        /* CHECKS */

/* Ensure buy order validity and calculate hash if necessary. */
        bytes32 buyHash;
        if (buy.maker == msg.sender) {
            require(validateOrderParameters(buy));
        } else {
            buyHash = _requireValidOrderWithNonce(buy, buySig);
        }

/* Ensure sell order validity and calculate hash if necessary. */
        bytes32 sellHash;
        if (sell.maker == msg.sender) {
            require(validateOrderParameters(sell));
        } else {
            sellHash = _requireValidOrderWithNonce(sell, sellSig);
        }

/* Must be matchable. */
        require(ordersCanMatch(buy, sell));

/* Target must exist (prevent malicious selfdestructs just prior to order settlement). */
        uint size;
        address target = sell.target;
        assembly {
            size := extcodesize(target)
        }
        require(size > 0);

/* Must match calldata after replacement, if specified. */
        if (buy.replacementPattern.length > 0) {
          ArrayUtils.guardedArrayReplace(buy.calldata, sell.calldata, buy.replacementPattern);
        }
        if (sell.replacementPattern.length > 0) {
          ArrayUtils.guardedArrayReplace(sell.calldata, buy.calldata, sell.replacementPattern);
        }
        require(ArrayUtils.arrayEq(buy.calldata, sell.calldata));

/* Retrieve delegateProxy contract. */
        OwnableDelegateProxy delegateProxy = registry.proxies(sell.maker);

/* Proxy must exist. */
        require(delegateProxy != address(0));

/* Access the passthrough AuthenticatedProxy. */
        AuthenticatedProxy proxy = AuthenticatedProxy(delegateProxy);

/* EFFECTS */

/* Mark previously signed or approved orders as finalized. */
        if (msg.sender != buy.maker) {
            cancelledOrFinalized[buyHash] = true;
        }
        if (msg.sender != sell.maker) {
            cancelledOrFinalized[sellHash] = true;
        }

/* INTERACTIONS */

/* Execute funds transfer and pay fees. */
        uint price = executeFundsTransfer(buy, sell);

/* Assert implementation. */
        require(delegateProxy.implementation() == registry.delegateProxyImplementation());

/* Execute specified call through proxy. */
        require(proxy.proxy(sell.target, sell.howToCall, sell.calldata));

/* Static calls are intentionally done after the effectful call so they can check resulting state. */

/* Handle buy-side static call if specified. */
        if (buy.staticTarget != address(0)) {
            require(staticCall(buy.staticTarget, sell.calldata, buy.staticExtradata));
        }

/* Handle sell-side static call if specified. */
        if (sell.staticTarget != address(0)) {
            require(staticCall(sell.staticTarget, sell.calldata, sell.staticExtradata));
        }

/* Log match event. */
        emit OrdersMatched(buyHash, sellHash, sell.feeRecipient != address(0) ? sell.maker : buy.maker, sell.feeRecipient != address(0) ? buy.maker : sell.maker, price, metadata);
    }

function _requireValidOrderWithNonce(Order memory order, Sig memory sig) internal view returns (bytes32) {
        return requireValidOrder(order, sig, nonces[order.maker]);
    }
}

contract Exchange is ExchangeCore {

/**
     * @dev Call guardedArrayReplace - library function exposed for testing.
     */
    function guardedArrayReplace(bytes array, bytes desired, bytes mask)
        public
        pure
        returns (bytes)
    {
        ArrayUtils.guardedArrayReplace(array, desired, mask);
        return array;
    }

/**
     * @dev Call calculateFinalPrice - library function exposed for testing.
     */
    function calculateFinalPrice(SaleKindInterface.Side side, SaleKindInterface.SaleKind saleKind, uint basePrice, uint extra, uint listingTime, uint expirationTime)
        public
        view
        returns (uint)
    {
        return SaleKindInterface.calculateFinalPrice(side, saleKind, basePrice, extra, listingTime, expirationTime);
    }

/**
     * @dev Call hashOrder - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function hashOrder_(
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata)
        public
        view
        returns (bytes32)
    {
        return hashOrder(
          Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]),
          nonces[addrs[1]]
        );
    }

/**
     * @dev Call hashToSign - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function hashToSign_(
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata)
        public
        view
        returns (bytes32)
    {
        return hashToSign(
          Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]),
          nonces[addrs[1]]
        );
    }

/**
     * @dev Call validateOrderParameters - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function validateOrderParameters_ (
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata)
        view
        public
        returns (bool)
    {
        Order memory order = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        return validateOrderParameters(
          order
        );
    }

/**
     * @dev Call validateOrder - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function validateOrder_ (
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata,
        uint8 v,
        bytes32 r,
        bytes32 s)
        view
        public
        returns (bool)
    {
        Order memory order = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        return validateOrder(
          hashToSign(order, nonces[order.maker]),
          order,
          Sig(v, r, s)
        );
    }

/**
     * @dev Call approveOrder - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function approveOrder_ (
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata,
        bool orderbookInclusionDesired)
        public
    {
        Order memory order = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        return approveOrder(order, orderbookInclusionDesired);
    }

/**
     * @dev Call cancelOrder - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function cancelOrder_(
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata,
        uint8 v,
        bytes32 r,
        bytes32 s)
        public
    {
        Order memory order = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        return cancelOrder(
          order,
          Sig(v, r, s),
          nonces[order.maker]
        );
    }

/**
     * @dev Call cancelOrder, supplying a specific nonce — enables cancelling orders
     that were signed with nonces greater than the current nonce.
     */
    function cancelOrderWithNonce_(
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata,
        uint8 v,
        bytes32 r,
        bytes32 s,
        uint nonce)
        public
    {
        Order memory order = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        return cancelOrder(
          order,
          Sig(v, r, s),
          nonce
        );
    }

/**
     * @dev Call calculateCurrentPrice - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function calculateCurrentPrice_(
        address[7] addrs,
        uint[9] uints,
        FeeMethod feeMethod,
        SaleKindInterface.Side side,
        SaleKindInterface.SaleKind saleKind,
        AuthenticatedProxy.HowToCall howToCall,
        bytes calldata,
        bytes replacementPattern,
        bytes staticExtradata)
        public
        view
        returns (uint)
    {
        return calculateCurrentPrice(
          Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], feeMethod, side, saleKind, addrs[4], howToCall, calldata, replacementPattern, addrs[5], staticExtradata, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8])
        );
    }

/**
     * @dev Call ordersCanMatch - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function ordersCanMatch_(
        address[14] addrs,
        uint[18] uints,
        uint8[8] feeMethodsSidesKindsHowToCalls,
        bytes calldataBuy,
        bytes calldataSell,
        bytes replacementPatternBuy,
        bytes replacementPatternSell,
        bytes staticExtradataBuy,
        bytes staticExtradataSell)
        public
        view
        returns (bool)
    {
        Order memory buy = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], FeeMethod(feeMethodsSidesKindsHowToCalls[0]), SaleKindInterface.Side(feeMethodsSidesKindsHowToCalls[1]), SaleKindInterface.SaleKind(feeMethodsSidesKindsHowToCalls[2]), addrs[4], AuthenticatedProxy.HowToCall(feeMethodsSidesKindsHowToCalls[3]), calldataBuy, replacementPatternBuy, addrs[5], staticExtradataBuy, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        Order memory sell = Order(addrs[7], addrs[8], addrs[9], uints[9], uints[10], uints[11], uints[12], addrs[10], FeeMethod(feeMethodsSidesKindsHowToCalls[4]), SaleKindInterface.Side(feeMethodsSidesKindsHowToCalls[5]), SaleKindInterface.SaleKind(feeMethodsSidesKindsHowToCalls[6]), addrs[11], AuthenticatedProxy.HowToCall(feeMethodsSidesKindsHowToCalls[7]), calldataSell, replacementPatternSell, addrs[12], staticExtradataSell, ERC20(addrs[13]), uints[13], uints[14], uints[15], uints[16], uints[17]);
        return ordersCanMatch(
          buy,
          sell
        );
    }

/**
     * @dev Return whether or not two orders' calldata specifications can match
     * @param buyCalldata Buy-side order calldata
     * @param buyReplacementPattern Buy-side order calldata replacement mask
     * @param sellCalldata Sell-side order calldata
     * @param sellReplacementPattern Sell-side order calldata replacement mask
     * @return Whether the orders' calldata can be matched
     */
    function orderCalldataCanMatch(bytes buyCalldata, bytes buyReplacementPattern, bytes sellCalldata, bytes sellReplacementPattern)
        public
        pure
        returns (bool)
    {
        if (buyReplacementPattern.length > 0) {
          ArrayUtils.guardedArrayReplace(buyCalldata, sellCalldata, buyReplacementPattern);
        }
        if (sellReplacementPattern.length > 0) {
          ArrayUtils.guardedArrayReplace(sellCalldata, buyCalldata, sellReplacementPattern);
        }
        return ArrayUtils.arrayEq(buyCalldata, sellCalldata);
    }

/**
     * @dev Call calculateMatchPrice - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function calculateMatchPrice_(
        address[14] addrs,
        uint[18] uints,
        uint8[8] feeMethodsSidesKindsHowToCalls,
        bytes calldataBuy,
        bytes calldataSell,
        bytes replacementPatternBuy,
        bytes replacementPatternSell,
        bytes staticExtradataBuy,
        bytes staticExtradataSell)
        public
        view
        returns (uint)
    {
        Order memory buy = Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], FeeMethod(feeMethodsSidesKindsHowToCalls[0]), SaleKindInterface.Side(feeMethodsSidesKindsHowToCalls[1]), SaleKindInterface.SaleKind(feeMethodsSidesKindsHowToCalls[2]), addrs[4], AuthenticatedProxy.HowToCall(feeMethodsSidesKindsHowToCalls[3]), calldataBuy, replacementPatternBuy, addrs[5], staticExtradataBuy, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]);
        Order memory sell = Order(addrs[7], addrs[8], addrs[9], uints[9], uints[10], uints[11], uints[12], addrs[10], FeeMethod(feeMethodsSidesKindsHowToCalls[4]), SaleKindInterface.Side(feeMethodsSidesKindsHowToCalls[5]), SaleKindInterface.SaleKind(feeMethodsSidesKindsHowToCalls[6]), addrs[11], AuthenticatedProxy.HowToCall(feeMethodsSidesKindsHowToCalls[7]), calldataSell, replacementPatternSell, addrs[12], staticExtradataSell, ERC20(addrs[13]), uints[13], uints[14], uints[15], uints[16], uints[17]);
        return calculateMatchPrice(
          buy,
          sell
        );
    }

/**
     * @dev Call atomicMatch - Solidity ABI encoding limitation workaround, hopefully temporary.
     */
    function atomicMatch_(
        address[14] addrs,
        uint[18] uints,
        uint8[8] feeMethodsSidesKindsHowToCalls,
        bytes calldataBuy,
        bytes calldataSell,
        bytes replacementPatternBuy,
        bytes replacementPatternSell,
        bytes staticExtradataBuy,
        bytes staticExtradataSell,
        uint8[2] vs,
        bytes32[5] rssMetadata)
        public
        payable
    {

return atomicMatch(
          Order(addrs[0], addrs[1], addrs[2], uints[0], uints[1], uints[2], uints[3], addrs[3], FeeMethod(feeMethodsSidesKindsHowToCalls[0]), SaleKindInterface.Side(feeMethodsSidesKindsHowToCalls[1]), SaleKindInterface.SaleKind(feeMethodsSidesKindsHowToCalls[2]), addrs[4], AuthenticatedProxy.HowToCall(feeMethodsSidesKindsHowToCalls[3]), calldataBuy, replacementPatternBuy, addrs[5], staticExtradataBuy, ERC20(addrs[6]), uints[4], uints[5], uints[6], uints[7], uints[8]),
          Sig(vs[0], rssMetadata[0], rssMetadata[1]),
          Order(addrs[7], addrs[8], addrs[9], uints[9], uints[10], uints[11], uints[12], addrs[10], FeeMethod(feeMethodsSidesKindsHowToCalls[4]), SaleKindInterface.Side(feeMethodsSidesKindsHowToCalls[5]), SaleKindInterface.SaleKind(feeMethodsSidesKindsHowToCalls[6]), addrs[11], AuthenticatedProxy.HowToCall(feeMethodsSidesKindsHowToCalls[7]), calldataSell, replacementPatternSell, addrs[12], staticExtradataSell, ERC20(addrs[13]), uints[13], uints[14], uints[15], uints[16], uints[17]),
          Sig(vs[1], rssMetadata[2], rssMetadata[3]),
          rssMetadata[4]
        );
    }

}

contract WyvernExchangeWithBulkCancellations is Exchange {
    string public constant codename = "Bulk Smash";

/**
     * @dev Initialize a WyvernExchange instance
     * @param registryAddress Address of the registry instance which this Exchange instance will use
     * @param tokenAddress Address of the token used for protocol fees
     */
    constructor (ProxyRegistry registryAddress, TokenTransferProxy tokenTransferProxyAddress, ERC20 tokenAddress, address protocolFeeAddress) public {
        registry = registryAddress;
        tokenTransferProxy = tokenTransferProxyAddress;
        exchangeToken = tokenAddress;
        protocolFeeRecipient = protocolFeeAddress;
        owner = msg.sender;
    }
}

library SaleKindInterface {

/**
     * Side: buy or sell.
     */
    enum Side { Buy, Sell }

/**
     * Currently supported kinds of sale: fixed price, Dutch auction.
     * English auctions cannot be supported without stronger escrow guarantees.
     * Future interesting options: Vickrey auction, nonlinear Dutch auctions.
     */
    enum SaleKind { FixedPrice, DutchAuction }

/**
     * @dev Check whether the parameters of a sale are valid
     * @param saleKind Kind of sale
     * @param expirationTime Order expiration time
     * @return Whether the parameters were valid
     */
    function validateParameters(SaleKind saleKind, uint expirationTime)
        pure
        internal
        returns (bool)
    {
        /* Auctions must have a set expiration date. */
        return (saleKind == SaleKind.FixedPrice || expirationTime > 0);
    }

/**
     * @dev Return whether or not an order can be settled
     * @dev Precondition: parameters have passed validateParameters
     * @param listingTime Order listing time
     * @param expirationTime Order expiration time
     */
    function canSettleOrder(uint listingTime, uint expirationTime)
        view
        internal
        returns (bool)
    {
        return (listingTime < now) && (expirationTime == 0 || now < expirationTime);
    }

/**
     * @dev Calculate the settlement price of an order
     * @dev Precondition: parameters have passed validateParameters.
     * @param side Order side
     * @param saleKind Method of sale
     * @param basePrice Order base price
     * @param extra Order extra price data
     * @param listingTime Order listing time
     * @param expirationTime Order expiration time
     */
    function calculateFinalPrice(Side side, SaleKind saleKind, uint basePrice, uint extra, uint listingTime, uint expirationTime)
        view
        internal
        returns (uint finalPrice)
    {
        if (saleKind == SaleKind.FixedPrice) {
            return basePrice;
        } else if (saleKind == SaleKind.DutchAuction) {
            uint diff = SafeMath.div(SafeMath.mul(extra, SafeMath.sub(now, listingTime)), SafeMath.sub(expirationTime, listingTime));
            if (side == Side.Sell) {
                /* Sell-side - start price: basePrice. End price: basePrice - extra. */
                return SafeMath.sub(basePrice, diff);
            } else {
                /* Buy-side - start price: basePrice. End price: basePrice + extra. */
                return SafeMath.add(basePrice, diff);
            }
        }
    }

}

contract ProxyRegistry is Ownable {

/* DelegateProxy implementation contract. Must be initialized. */
    address public delegateProxyImplementation;

/* Authenticated proxies by user. */
    mapping(address => OwnableDelegateProxy) public proxies;

/* Contracts pending access. */
    mapping(address => uint) public pending;

/* Contracts allowed to call those proxies. */
    mapping(address => bool) public contracts;

/* Delay period for adding an authenticated contract.
       This mitigates a particular class of potential attack on the Wyvern DAO (which owns this registry) - if at any point the value of assets held by proxy contracts exceeded the value of half the WYV supply (votes in the DAO),
       a malicious but rational attacker could buy half the Wyvern and grant themselves access to all the proxy contracts. A delay period renders this attack nonthreatening - given two weeks, if that happened, users would have
       plenty of time to notice and transfer their assets.
    */
    uint public DELAY_PERIOD = 2 weeks;

/**
     * Start the process to enable access for specified contract. Subject to delay period.
     *
     * @dev ProxyRegistry owner only
     * @param addr Address to which to grant permissions
     */
    function startGrantAuthentication (address addr)
        public
        onlyOwner
    {
        require(!contracts[addr] && pending[addr] == 0);
        pending[addr] = now;
    }

/**
     * End the process to nable access for specified contract after delay period has passed.
     *
     * @dev ProxyRegistry owner only
     * @param addr Address to which to grant permissions
     */
    function endGrantAuthentication (address addr)
        public
        onlyOwner
    {
        require(!contracts[addr] && pending[addr] != 0 && ((pending[addr] + DELAY_PERIOD) < now));
        pending[addr] = 0;
        contracts[addr] = true;
    }

/**
     * Revoke access for specified contract. Can be done instantly.
     *
     * @dev ProxyRegistry owner only
     * @param addr Address of which to revoke permissions
     */
    function revokeAuthentication (address addr)
        public
        onlyOwner
    {
        contracts[addr] = false;
    }

/**
     * Register a proxy contract with this registry
     *
     * @dev Must be called by the user which the proxy is for, creates a new AuthenticatedProxy
     * @return New AuthenticatedProxy contract
     */
    function registerProxy()
        public
        returns (OwnableDelegateProxy proxy)
    {
        require(proxies[msg.sender] == address(0));
        proxy = new OwnableDelegateProxy(msg.sender, delegateProxyImplementation, abi.encodeWithSignature("initialize(address,address)", msg.sender, address(this)));
        proxies[msg.sender] = proxy;
        return proxy;
    }

}

contract TokenTransferProxy {

/* Authentication registry. */
    ProxyRegistry public registry;

/**
     * Call ERC20 `transferFrom`
     *
     * @dev Authenticated contract only
     * @param token ERC20 token address
     * @param from From address
     * @param to To address
     * @param amount Transfer amount
     */
    function transferFrom(address token, address from, address to, uint amount)
        public
        returns (bool)
    {
        require(registry.contracts(msg.sender));
        return ERC20(token).transferFrom(from, to, amount);
    }

}

contract OwnedUpgradeabilityStorage {

// Current implementation
  address internal _implementation;

// Owner of the contract
  address private _upgradeabilityOwner;

/**
   * @dev Tells the address of the owner
   * @return the address of the owner
   */
  function upgradeabilityOwner() public view returns (address) {
    return _upgradeabilityOwner;
  }

/**
   * @dev Sets the address of the owner
   */
  function setUpgradeabilityOwner(address newUpgradeabilityOwner) internal {
    _upgradeabilityOwner = newUpgradeabilityOwner;
  }

/**
  * @dev Tells the address of the current implementation
  * @return address of the current implementation
  */
  function implementation() public view returns (address) {
    return _implementation;
  }

/**
  * @dev Tells the proxy type (EIP 897)
  * @return Proxy type, 2 for forwarding proxy
  */
  function proxyType() public pure returns (uint256 proxyTypeId) {
    return 2;
  }
}

contract AuthenticatedProxy is TokenRecipient, OwnedUpgradeabilityStorage {

/* Whether initialized. */
    bool initialized = false;

/* Address which owns this proxy. */
    address public user;

/* Associated registry with contract authentication information. */
    ProxyRegistry public registry;

/* Whether access has been revoked. */
    bool public revoked;

/* Delegate call could be used to atomically transfer multiple assets owned by the proxy contract with one order. */
    enum HowToCall { Call, DelegateCall }

/* Event fired when the proxy access is revoked or unrevoked. */
    event Revoked(bool revoked);

/**
     * Initialize an AuthenticatedProxy
     *
     * @param addrUser Address of user on whose behalf this proxy will act
     * @param addrRegistry Address of ProxyRegistry contract which will manage this proxy
     */
    function initialize (address addrUser, ProxyRegistry addrRegistry)
        public
    {
        require(!initialized);
        initialized = true;
        user = addrUser;
        registry = addrRegistry;
    }

/**
     * Set the revoked flag (allows a user to revoke ProxyRegistry access)
     *
     * @dev Can be called by the user only
     * @param revoke Whether or not to revoke access
     */
    function setRevoke(bool revoke)
        public
    {
        require(msg.sender == user);
        revoked = revoke;
        emit Revoked(revoke);
    }

/**
     * Execute a message call from the proxy contract
     *
     * @dev Can be called by the user, or by a contract authorized by the registry as long as the user has not revoked access
     * @param dest Address to which the call will be sent
     * @param howToCall Which kind of call to make
     * @param calldata Calldata to send
     * @return Result of the call (success or failure)
     */
    function proxy(address dest, HowToCall howToCall, bytes calldata)
        public
        returns (bool result)
    {
        require(msg.sender == user || (!revoked && registry.contracts(msg.sender)));
        if (howToCall == HowToCall.Call) {
            result = dest.call(calldata);
        } else if (howToCall == HowToCall.DelegateCall) {
            result = dest.delegatecall(calldata);
        }
        return result;
    }

/**
     * Execute a message call and assert success
     *
     * @dev Same functionality as `proxy`, just asserts the return value
     * @param dest Address to which the call will be sent
     * @param howToCall What kind of call to make
     * @param calldata Calldata to send
     */
    function proxyAssert(address dest, HowToCall howToCall, bytes calldata)
        public
    {
        require(proxy(dest, howToCall, calldata));
    }

}

contract Proxy {

/**
  * @dev Tells the address of the implementation where every call will be delegated.
  * @return address of the implementation to which it will be delegated
  */
  function implementation() public view returns (address);

/**
  * @dev Tells the type of proxy (EIP 897)
  * @return Type of proxy, 2 for upgradeable proxy
  */
  function proxyType() public pure returns (uint256 proxyTypeId);

/**
  * @dev Fallback function allowing to perform a delegatecall to the given implementation.
  * This function will return whatever the implementation call returns
  */
  function () payable public {
    address _impl = implementation();
    require(_impl != address(0));

assembly {
      let ptr := mload(0x40)
      calldatacopy(ptr, 0, calldatasize)
      let result := delegatecall(gas, _impl, ptr, calldatasize, 0, 0)
      let size := returndatasize
      returndatacopy(ptr, 0, size)

switch result
      case 0 { revert(ptr, size) }
      default { return(ptr, size) }
    }
  }
}

contract OwnedUpgradeabilityProxy is Proxy, OwnedUpgradeabilityStorage {
  /**
  * @dev Event to show ownership has been transferred
  * @param previousOwner representing the address of the previous owner
  * @param newOwner representing the address of the new owner
  */
  event ProxyOwnershipTransferred(address previousOwner, address newOwner);

/**
  * @dev This event will be emitted every time the implementation gets upgraded
  * @param implementation representing the address of the upgraded implementation
  */
  event Upgraded(address indexed implementation);

/**
  * @dev Upgrades the implementation address
  * @param implementation representing the address of the new implementation to be set
  */
  function _upgradeTo(address implementation) internal {
    require(_implementation != implementation);
    _implementation = implementation;
    emit Upgraded(implementation);
  }

/**
  * @dev Throws if called by any account other than the owner.
  */
  modifier onlyProxyOwner() {
    require(msg.sender == proxyOwner());
    _;
  }

/**
   * @dev Tells the address of the proxy owner
   * @return the address of the proxy owner
   */
  function proxyOwner() public view returns (address) {
    return upgradeabilityOwner();
  }

/**
   * @dev Allows the current owner to transfer control of the contract to a newOwner.
   * @param newOwner The address to transfer ownership to.
   */
  function transferProxyOwnership(address newOwner) public onlyProxyOwner {
    require(newOwner != address(0));
    emit ProxyOwnershipTransferred(proxyOwner(), newOwner);
    setUpgradeabilityOwner(newOwner);
  }

/**
   * @dev Allows the upgradeability owner to upgrade the current implementation of the proxy.
   * @param implementation representing the address of the new implementation to be set.
   */
  function upgradeTo(address implementation) public onlyProxyOwner {
    _upgradeTo(implementation);
  }

/**
   * @dev Allows the upgradeability owner to upgrade the current implementation of the proxy
   * and delegatecall the new implementation for initialization.
   * @param implementation representing the address of the new implementation to be set.
   * @param data represents the msg.data to bet sent in the low level call. This parameter may include the function
   * signature of the implementation to be called with the needed payload
   */
  function upgradeToAndCall(address implementation, bytes data) payable public onlyProxyOwner {
    upgradeTo(implementation);
    require(address(this).delegatecall(data));
  }
}

contract OwnableDelegateProxy is OwnedUpgradeabilityProxy {

constructor(address owner, address initialImplementation, bytes calldata)
        public
    {
        setUpgradeabilityOwner(owner);
        _upgradeTo(initialImplementation);
        require(initialImplementation.delegatecall(calldata));
    }

}