Fail - Unable to verify #128
Comments
|
Why are you specifying a custom address? What happens when you omit it? |
It gives the same error, I was just trying it by giving custom address(This address is the actual contract address). |
|
Ah I see. Is it an option for you to update the Solidity version to something more recent version (e.g. Also does it work when you install |
|
Still no luck, getting the same error. |
|
Hmm alright. Do you have a repository where I can reproduce the issue? |
|
Thanks for the help man, it worked. I redeployed the contract and it got verified. |
truffle run verify DecentralizedAutonomousTrust@0xfa1B723C90927650b142a2c4a12644321C168d03 --network ropsten --debug
DEBUG logging is turned ON
Running truffle-plugin-verify v0.5.18
Retrieving network's chain ID
Verifying DecentralizedAutonomousTrust@0xfa1B723C90927650b142a2c4a12644321C168d03
Reading artifact file at /Users/vilasmalhotra/Desktop/fairmint-c-org/build/contracts/DecentralizedAutonomousTrust.json
Custom address 0xfa1B723C90927650b142a2c4a12644321C168d03 specified
Retrieving constructor parameters from https://api-ropsten.etherscan.io/api?apiKey=WNDWXXAEHAVW4YC7GFZ3FI66WGWQIIZXZT&module=account&action=txlist&address=0xfa1B723C90927650b142a2c4a12644321C168d03&page=1&sort=asc&offset=1
Constructor parameters retrieved: 0x
Sending verify request with POST arguments:
{
"apikey": "WNDWXXAEHAVW4YC7GFZ3FI66WGWQIIZXZT",
"module": "contract",
"action": "verifysourcecode",
"contractaddress": "0xfa1B723C90927650b142a2c4a12644321C168d03",
"sourceCode": "{"language":"Solidity","sources":{"/contracts/DecentralizedAutonomousTrust.sol":{"content":"pragma solidity 0.5.17;\n\nimport \"./ContinuousOffering.sol\";\n\n/\n * @title Decentralized Autonomous Trust\n * This contract is the reference implementation provided by Fairmint for a\n * Decentralized Autonomous Trust as described in the continuous\n * organization whitepaper (https://github.com/c-org/whitepaper) and\n * specified here: https://github.com/fairmint/c-org/wiki. Use at your own\n * risk. If you have question or if you're looking for a ready-to-use\n * solution using this contract, you might be interested in Fairmint's\n * offering. Do not hesitate to get in touch with us: https://fairmint.co\\n /\ncontract DecentralizedAutonomousTrust is ContinuousOffering {\n event Close(uint _exitFee);\n event Pay(address indexed _from, uint _currencyValue);\n event UpdateConfig(\n address _whitelistAddress,\n address indexed _beneficiary,\n address indexed _control,\n address indexed _feeCollector,\n uint _revenueCommitmentBasisPoints,\n uint _feeBasisPoints,\n uint _minInvestment,\n uint _minDuration\n );\n\n /// @notice The revenue commitment of the organization. Defines the percentage of the value paid through the contract\n /// that is automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n function revenueCommitmentBasisPoints() public view returns (uint) {\n return __revenueCommitmentBasisPoints;\n }\n\n /// @notice The investment reserve of the c-org. Defines the percentage of the value invested that is\n /// automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n function investmentReserveBasisPoints() public view returns (uint) {\n return __investmentReserveBasisPoints;\n }\n\n /// @notice Initialized at
0and updated when the contract switches frominitstate torunstate\n /// with the current timestamp.\n function runStartedOn() public view returns (uint) {\n return __startedOn;\n }\n\n function initialize(\n uint _initReserve,\n address _currencyAddress,\n uint _initGoal,\n uint _buySlopeNum,\n uint _buySlopeDen,\n uint _investmentReserveBasisPoints,\n uint _setupFee,\n address payable _setupFeeRecipient,\n string memory _name,\n string memory _symbol\n ) public\n {\n // _initialize will enforce this is only called once\n super._initialize(\n _initReserve,\n _currencyAddress,\n _initGoal,\n _buySlopeNum,\n _buySlopeDen,\n _setupFee,\n _setupFeeRecipient,\n _name,\n _symbol\n );\n\n // Set initGoal, which in turn defines the initial state\n if(_initGoal == 0)\n {\n emit StateChange(state, STATE_RUN);\n state = STATE_RUN;\n __startedOn = block.timestamp;\n }\n else\n {\n // Math: If this value got too large, the DAT would overflow on sell\n require(_initGoal < MAX_SUPPLY, \"EXCESSIVE_GOAL\");\n initGoal = _initGoal;\n }\n\n // 100% or less\n require(_investmentReserveBasisPoints <= BASIS_POINTS_DEN, \"INVALID_RESERVE\");\n __investmentReserveBasisPoints = _investmentReserveBasisPoints;\n }\n\n /// Close\n\n function estimateExitFee(uint _msgValue) public view returns (uint) {\n uint exitFee;\n\n if (state == STATE_RUN) {\n uint reserve = buybackReserve();\n reserve = reserve.sub(_msgValue);\n\n // Source: t(t+b)*(n/d)-r\n // Implementation: (b n t)/d + (n t^2)/d - r\n\n uint _totalSupply = totalSupply();\n\n // Math worst case:\n // MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE\n exitFee = BigDiv.bigDiv2x1(\n _totalSupply,\n burnedSupply * buySlopeNum,\n buySlopeDen\n );\n // Math worst case:\n // MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE\n exitFee += BigDiv.bigDiv2x1(\n _totalSupply,\n buySlopeNum * _totalSupply,\n buySlopeDen\n );\n // Math: this if condition avoids a potential overflow\n if (exitFee <= reserve) {\n exitFee = 0;\n } else {\n exitFee -= reserve;\n }\n }\n\n return exitFee;\n }\n\n /// @notice Called by the beneficiary account to STATE_CLOSE or STATE_CANCEL the c-org,\n /// preventing any more tokens from being minted.\n /// @dev Requires anexitFeeto be paid. If the currency is ETH, include a little more than\n /// what appears to be required and any remainder will be returned to your account. This is\n /// because another user may have a transaction mined which changes the exitFee required.\n /// For othercurrencytypes, the beneficiary account will be billed the exact amount required.\n function close() public payable {\n uint exitFee = 0;\n\n if (state == STATE_RUN) {\n exitFee = estimateExitFee(msg.value);\n _collectInvestment(msg.sender, exitFee, msg.value, true);\n }\n\n super._close();\n emit Close(exitFee);\n }\n\n /// Pay\n\n /// @dev Pay the organization on-chain.\n /// @param _currencyValue How much currency which was paid.\n function pay(uint _currencyValue) public payable {\n _collectInvestment(msg.sender, _currencyValue, msg.value, false);\n require(state == STATE_RUN, \"INVALID_STATE\");\n require(_currencyValue > 0, \"MISSING_CURRENCY\");\n\n // Send a portion of the funds to the beneficiary, the rest is added to the buybackReserve\n // Math: if _currencyValue is < (2^256 - 1) / 10000 this will not overflow\n uint reserve = _currencyValue.mul(__revenueCommitmentBasisPoints);\n reserve /= BASIS_POINTS_DEN;\n\n // Math: this will never underflow since revenueCommitmentBasisPoints is capped to BASIS_POINTS_DEN\n _transferCurrency(beneficiary, _currencyValue - reserve);\n\n emit Pay(msg.sender, _currencyValue);\n }\n\n /// @notice Pay the organization on-chain without minting any tokens.\n /// @dev This allows you to add funds directly to the buybackReserve.\n function() external payable {\n require(address(currency) == address(0), \"ONLY_FOR_CURRENCY_ETH\");\n }\n\n function updateConfig(\n address _whitelistAddress,\n address payable _beneficiary,\n address _control,\n address payable _feeCollector,\n uint _feeBasisPoints,\n uint _revenueCommitmentBasisPoints,\n uint _minInvestment,\n uint _minDuration\n ) public {\n _updateConfig(\n _whitelistAddress,\n _beneficiary,\n _control,\n _feeCollector,\n _feeBasisPoints,\n _minInvestment,\n _minDuration\n );\n\n require(\n _revenueCommitmentBasisPoints <= BASIS_POINTS_DEN,\n \"INVALID_COMMITMENT\"\n );\n require(\n _revenueCommitmentBasisPoints >= __revenueCommitmentBasisPoints,\n \"COMMITMENT_MAY_NOT_BE_REDUCED\"\n );\n __revenueCommitmentBasisPoints = _revenueCommitmentBasisPoints;\n\n emit UpdateConfig(\n _whitelistAddress,\n _beneficiary,\n _control,\n _feeCollector,\n _revenueCommitmentBasisPoints,\n _feeBasisPoints,\n _minInvestment,\n _minDuration\n );\n }\n\n /// @notice A temporary function to setrunStartedOn, to be used by contracts which were\n /// already deployed before this feature was introduced.\n /// @dev This function will be removed once known users have called the function.\n function initializeRunStartedOn(\n uint _runStartedOn\n ) external\n {\n require(msg.sender == control, \"CONTROL_ONLY\");\n require(state == STATE_RUN, \"ONLY_CALL_IN_RUN\");\n require(__startedOn == 0, \"ONLY_CALL_IF_NOT_AUTO_SET\");\n require(_runStartedOn <= block.timestamp, \"DATE_MUST_BE_IN_PAST\");\n\n __startedOn = _runStartedOn;\n }\n\n /// @dev Distributes _value currency between the buybackReserve, beneficiary, and feeCollector.\n function _distributeInvestment(\n uint _value\n ) internal\n {\n // Rounding favors buybackReserve, then beneficiary, and feeCollector is last priority.\n\n // Math: if investment value is < (2^256 - 1) / 10000 this will never overflow.\n // Except maybe with a huge single investment, but they can try again with multiple smaller investments.\n uint reserve = __investmentReserveBasisPoints.mul(_value);\n reserve /= BASIS_POINTS_DEN;\n reserve = _value.sub(reserve);\n uint fee = reserve.mul(feeBasisPoints);\n fee /= BASIS_POINTS_DEN;\n\n // Math: since feeBasisPoints is <= BASIS_POINTS_DEN, this will never underflow.\n _transferCurrency(beneficiary, reserve - fee);\n _transferCurrency(feeCollector, fee);\n }\n}\n"},"/contracts/math/Sqrt.sol":{"content":"pragma solidity ^0.5.0;\n\n/\n * @title Calculates the square root of a given value.\n * @dev Results may be off by 1.\n /\nlibrary Sqrt {\n /// @notice The max possible value\n uint private constant MAX_UINT = 2256 - 1;\n\n // Source: https://github.com/ethereum/dapp-bin/pull/50\\n function sqrt(uint x) internal pure returns (uint y) {\n if (x == 0) {\n return 0;\n } else if (x <= 3) {\n return 1;\n } else if (x == MAX_UINT) {\n // Without this we fail on x + 1 below\n return 2128 - 1;\n }\n\n uint z = (x + 1) / 2;\n y = x;\n while (z < y) {\n y = z;\n z = (x / z + z) / 2;\n }\n }\n}\n"},"/contracts/math/BigDiv.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol\";\n\n/\n * @title Reduces the size of terms before multiplication, to avoid an overflow, and then\n * restores the proper size after division.\n * @notice This effectively allows us to overflow values in the numerator and/or denominator\n * of a fraction, so long as the end result does not overflow as well.\n * @dev Results may be off by 1 + 0.000001% for 2x1 calls and 2 + 0.00001% for 2x2 calls.\n * Do not use if your contract expects very small result values to be accurate.\n */\nlibrary BigDiv {\n using SafeMath for uint;\n\n /// @notice The max possible value\n uint private constant MAX_UINT = 2256 - 1;\n\n /// @notice When multiplying 2 terms <= this value the result won't overflow\n uint private constant MAX_BEFORE_SQUARE = 2128 - 1;\n\n /// @notice The max error target is off by 1 plus up to 0.000001% error\n /// for bigDiv2x1 and that* 2for bigDiv2x2\n uint private constant MAX_ERROR = 100000000;\n\n /// @notice A larger error threshold to use when multiple rounding errors may apply\n uint private constant MAX_ERROR_BEFORE_DIV = MAX_ERROR * 2;\n\n /\n * @notice Returns the approx result ofa * b / dso long as the result is <= MAX_UINT\n * @param _numA the first numerator term\n * @param _numB the second numerator term\n * @param _den the denominator\n * @return the approx result with up to off by 1 + MAX_ERROR, rounding down if needed\n /\n function bigDiv2x1(\n uint _numA,\n uint _numB,\n uint _den\n ) internal pure returns (uint) {\n if (_numA == 0 || _numB == 0) {\n // would div by 0 or underflow if we don't special case 0\n return 0;\n }\n\n uint value;\n\n if (MAX_UINT / _numA >= _numB) {\n // ab does not overflow, return exact math\n value = _numA * _numB;\n value /= _den;\n return value;\n }\n\n // Sort numerators\n uint numMax = _numB;\n uint numMin = _numA;\n if (_numA > _numB) {\n numMax = _numA;\n numMin = _numB;\n }\n\n value = numMax / _den;\n if (value > MAX_ERROR) {\n // _den is small enough to be MAX_ERROR or better w/o a factor\n value = value.mul(numMin);\n return value;\n }\n\n // formula = ((a / f) * b) / (d / f)\n // factor >= a / sqrt(MAX) * (b / sqrt(MAX))\n uint factor = numMin - 1;\n factor /= MAX_BEFORE_SQUARE;\n factor += 1;\n uint temp = numMax - 1;\n temp /= MAX_BEFORE_SQUARE;\n temp += 1;\n if (MAX_UINT / factor >= temp) {\n factor = temp;\n value = numMax / factor;\n if (value > MAX_ERROR_BEFORE_DIV) {\n value = value.mul(numMin);\n temp = _den - 1;\n temp /= factor;\n temp = temp.add(1);\n value /= temp;\n return value;\n }\n }\n\n // formula: (a / (d / f)) * (b / f)\n // factor: b / sqrt(MAX)\n factor = numMin - 1;\n factor /= MAX_BEFORE_SQUARE;\n factor += 1;\n value = numMin / factor;\n temp = _den - 1;\n temp /= factor;\n temp += 1;\n temp = numMax / temp;\n value = value.mul(temp);\n return value;\n }\n\n /\n * @notice Returns the approx result ofa * b / dso long as the result is <= MAX_UINT\n * @param _numA the first numerator term\n * @param _numB the second numerator term\n * @param _den the denominator\n * @return the approx result with up to off by 1 + MAX_ERROR, rounding down if needed\n * @dev roundUp is implemented by first rounding down and then adding the max error to the result\n */\n function bigDiv2x1RoundUp(\n uint _numA,\n uint _numB,\n uint _den\n ) internal pure returns (uint) {\n // first get the rounded down result\n uint value = bigDiv2x1(_numA, _numB, _den);\n\n if (value == 0) {\n // when the value rounds down to 0, assume up to an off by 1 error\n return 1;\n }\n\n // round down has a max error of MAX_ERROR, add that to the result\n // for a round up error of <= MAX_ERROR\n uint temp = value - 1;\n temp /= MAX_ERROR;\n temp += 1;\n if (MAX_UINT - value < temp) {\n // value + error would overflow, return MAX\n return MAX_UINT;\n }\n\n value += temp;\n\n return value;\n }\n\n /\n * @notice Returns the approx result ofa * b / (c * d)so long as the result is <= MAX_UINT\n * @param _numA the first numerator term\n * @param _numB the second numerator term\n * @param _denA the first denominator term\n * @param _denB the second denominator term\n * @return the approx result with up to off by 2 + MAX_ERROR10 error, rounding down if needed\n * @dev this uses bigDiv2x1 and adds additional rounding error so the max error of this\n * formula is larger\n /\n function bigDiv2x2(\n uint _numA,\n uint _numB,\n uint _denA,\n uint _denB\n ) internal pure returns (uint) {\n if (MAX_UINT / _denA >= _denB) {\n // denAdenB does not overflow, use bigDiv2x1 instead\n return bigDiv2x1(_numA, _numB, _denA * _denB);\n }\n\n if (_numA == 0 || _numB == 0) {\n // would div by 0 or underflow if we don't special case 0\n return 0;\n }\n\n // Sort denominators\n uint denMax = _denB;\n uint denMin = _denA;\n if (_denA > _denB) {\n denMax = _denA;\n denMin = _denB;\n }\n\n uint value;\n\n if (MAX_UINT / _numA >= _numB) {\n // ab does not overflow, usea / d / c\n value = _numA * _numB;\n value /= denMin;\n value /= denMax;\n return value;\n }\n\n //ab / cdwhere bothabandcdwould overflow\n\n // Sort numerators\n uint numMax = _numB;\n uint numMin = _numA;\n if (_numA > _numB) {\n numMax = _numA;\n numMin = _numB;\n }\n\n // formula = (a/d) * b / c\n uint temp = numMax / denMin;\n if (temp > MAX_ERROR_BEFORE_DIV) {\n return bigDiv2x1(temp, numMin, denMax);\n }\n\n // formula: ((a/f) * b) / d then either * f / c or / c * f\n // factor >= a / sqrt(MAX) * (b / sqrt(MAX))\n uint factor = numMin - 1;\n factor /= MAX_BEFORE_SQUARE;\n factor += 1;\n temp = numMax - 1;\n temp /= MAX_BEFORE_SQUARE;\n temp += 1;\n if (MAX_UINT / factor >= temp) {\n factor = temp;\n\n value = numMax / factor;\n if (value > MAX_ERROR_BEFORE_DIV) {\n value = value.mul(numMin);\n value /= denMin;\n if (value > 0 && MAX_UINT / value >= factor) {\n value = factor;\n value /= denMax;\n return value;\n }\n }\n }\n\n // formula: (a/f) * b / ((cd)/f)\n // factor >= c / sqrt(MAX) * (d / sqrt(MAX))\n factor = denMin;\n factor /= MAX_BEFORE_SQUARE;\n temp = denMax;\n // + 1 here prevents overflow of factortemp\n temp /= MAX_BEFORE_SQUARE + 1;\n factor *= temp;\n return bigDiv2x1(numMax / factor, numMin, MAX_UINT);\n }\n}\n"},"/contracts/interfaces/IWhitelist.sol":{"content":"pragma solidity 0.5.17;\n\n/\n * Source: https://raw.githubusercontent.com/simple-restricted-token/reference-implementation/master/contracts/token/ERC1404/ERC1404.sol\\n * With ERC-20 APIs removed (will be implemented as a separate contract).\n * And adding authorizeTransfer.\n */\ninterface IWhitelist {\n /\n * @notice Detects if a transfer will be reverted and if so returns an appropriate reference code\n * @param from Sending address\n * @param to Receiving address\n * @param value Amount of tokens being transferred\n * @return Code by which to reference message for rejection reasoning\n * @dev Overwrite with your custom transfer restriction logic\n */\n function detectTransferRestriction(\n address from,\n address to,\n uint value\n ) external view returns (uint8);\n\n /\n * @notice Returns a human-readable message for a given restriction code\n * @param restrictionCode Identifier for looking up a message\n * @return Text showing the restriction's reasoning\n * @dev Overwrite with your custom message and restrictionCode handling\n */\n function messageForTransferRestriction(uint8 restrictionCode)\n external\n pure\n returns (string memory);\n\n /\n * @notice Called by the DAT contract before a transfer occurs.\n * @dev This call will revert when the transfer is not authorized.\n * This is a mutable call to allow additional data to be recorded,\n * such as when the user aquired their tokens.\n /\n function authorizeTransfer(\n address _from,\n address _to,\n uint _value,\n bool _isSell\n ) external;\n\n function walletActivated(\n address _wallet\n ) external returns(bool);\n}\n"},"/contracts/interfaces/IERC20Detailed.sol":{"content":"pragma solidity 0.5.17;\n\ninterface IERC20Detailed {\n /\n * @dev Returns the number of decimals used to get its user representation.\n * For example, ifdecimalsequals2, a balance of505tokens should\n * be displayed to a user as5,05(505 / 10 ** 2).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * NOTE: This information is only used for display purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * {IERC20-balanceOf} and {IERC20-transfer}.\n */\n function decimals() external view returns (uint8);\n}\n"},"/contracts/ContinuousOffering.sol":{"content":"pragma solidity 0.5.17;\n\nimport \"./interfaces/IWhitelist.sol\";\nimport \"./interfaces/IERC20Detailed.sol\";\nimport \"./math/BigDiv.sol\";\nimport \"./math/Sqrt.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/SafeERC20.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20Detailed.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/utils/Address.sol\";\n\n\n/\n * @title Continuous Offering abstract contract\n * @notice A shared base for various offerings from Fairmint.\n /\ncontract ContinuousOffering\n is ERC20, ERC20Detailed\n{\n using SafeMath for uint;\n using Sqrt for uint;\n using SafeERC20 for IERC20;\n\n /\n * Events\n */\n\n event Buy(\n address indexed _from,\n address indexed _to,\n uint _currencyValue,\n uint _fairValue\n );\n event Sell(\n address indexed _from,\n address indexed _to,\n uint _currencyValue,\n uint _fairValue\n );\n event Burn(\n address indexed _from,\n uint _fairValue\n );\n event StateChange(\n uint _previousState,\n uint _newState\n );\n\n /\n * Constants\n /\n\n /// @notice The default state\n uint internal constant STATE_INIT = 0;\n\n /// @notice The state after initGoal has been reached\n uint internal constant STATE_RUN = 1;\n\n /// @notice The state after closed by thebeneficiaryaccount from STATE_RUN\n uint internal constant STATE_CLOSE = 2;\n\n /// @notice The state after closed by thebeneficiaryaccount from STATE_INIT\n uint internal constant STATE_CANCEL = 3;\n\n /// @notice When multiplying 2 terms, the max value is 2^128-1\n uint internal constant MAX_BEFORE_SQUARE = 2128 - 1;\n\n /// @notice The denominator component for values specified in basis points.\n uint internal constant BASIS_POINTS_DEN = 10000;\n\n /// @notice The maxtotalSupply() + burnedSupply\n /// @dev This limit ensures that the DAT's formulas do not overflow (<MAX_BEFORE_SQUARE/2)\n uint internal constant MAX_SUPPLY = 10 ** 38;\n\n /\n * Data specific to our token business logic\n /\n\n /// @notice The contract for transfer authorizations, if any.\n IWhitelist public whitelist;\n\n /// @notice The total number of burned FAIR tokens, excluding tokens burned from aSellaction in the DAT.\n uint public burnedSupply;\n\n /\n * Data for DAT business logic\n /\n\n /// @dev unused slot which remains to ensure compatible upgrades\n bool private __autoBurn;\n\n /// @notice The address of the beneficiary organization which receives the investments.\n /// Points to the wallet of the organization.\n address payable public beneficiary;\n\n /// @notice The buy slope of the bonding curve.\n /// Does not affect the financial model, only the granularity of FAIR.\n /// @dev This is the numerator component of the fractional value.\n uint public buySlopeNum;\n\n /// @notice The buy slope of the bonding curve.\n /// Does not affect the financial model, only the granularity of FAIR.\n /// @dev This is the denominator component of the fractional value.\n uint public buySlopeDen;\n\n /// @notice The address from which the updatable variables can be updated\n address public control;\n\n /// @notice The address of the token used as reserve in the bonding curve\n /// (e.g. the DAI contract). Use ETH if 0.\n IERC20 public currency;\n\n /// @notice The address where fees are sent.\n address payable public feeCollector;\n\n /// @notice The percent fee collected each time new FAIR are issued expressed in basis points.\n uint public feeBasisPoints;\n\n /// @notice The initial fundraising goal (expressed in FAIR) to start the c-org.\n ///0means that there is no initial fundraising and the c-org immediately moves to run state.\n uint public initGoal;\n\n /// @notice A map with all investors in init state using address as a key and amount as value.\n /// @dev This structure's purpose is to make sure that only investors can withdraw their money if init_goal is not reached.\n mapping(address => uint) public initInvestors;\n\n /// @notice The initial number of FAIR created at initialization for the beneficiary.\n /// Technically however, this variable is not a constant as we must always have\n ///init_reserve>=total_supply+burnt_supplywhich means thatinit_reservewill be automatically\n /// decreased to equaltotal_supply+burnt_supplyin caseinit_reserve>total_supply+burnt_supply\n /// after an investor sells his FAIRs.\n /// @dev Organizations may move these tokens into vesting contract(s)\n uint public initReserve;\n\n /// @notice The investment reserve of the c-org. Defines the percentage of the value invested that is\n /// automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n uint internal __investmentReserveBasisPoints;\n\n /// @dev unused slot which remains to ensure compatible upgrades\n uint private __openUntilAtLeast;\n\n /// @notice The minimum amount ofcurrencyinvestment accepted.\n uint public minInvestment;\n\n /// @dev The revenue commitment of the organization. Defines the percentage of the value paid through the contract\n /// that is automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n uint internal __revenueCommitmentBasisPoints;\n\n /// @notice The current state of the contract.\n /// @dev See the constants above for possible state values.\n uint public state;\n\n /// @dev If this value changes we need to reconstruct the DOMAIN_SEPARATOR\n string public constant version = \"3\";\n // --- EIP712 niceties ---\n // Original source: https://etherscan.io/address/0x6b175474e89094c44da98b954eedeac495271d0f#code\\n mapping (address => uint) public nonces;\n bytes32 public DOMAIN_SEPARATOR;\n // keccak256(\"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)\");\n bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;\n\n // The success fee (expressed in currency) that will be earned by setupFeeRecipient as soon as initGoal\n // is reached. We must have setup_fee <= buy_slopeinit_goal^(2)/2\n uint public setupFee;\n\n // The recipient of the setup_fee once init_goal is reached\n address payable public setupFeeRecipient;\n\n /// @notice The minimum time before which the c-org contract cannot be closed once the contract has\n /// reached therunstate.\n /// @dev When updated, the new value ofminimum_durationcannot be earlier than the previous value.\n uint public minDuration;\n\n /// @dev Initialized at0and updated when the contract switches frominitstate torunstate\n /// or when the initial trial period ends.\n uint public __startedOn;\n\n /// @notice The max possible value\n uint internal constant MAX_UINT = 2256 - 1;\n\n // keccak256(\"PermitBuy(address from,address to,uint256 currencyValue,uint256 minTokensBought,uint256 nonce,uint256 deadline)\");\n bytes32 public constant PERMIT_BUY_TYPEHASH = 0xaf42a244b3020d6a2253d9f291b4d3e82240da42b22129a8113a58aa7a3ddb6a;\n\n // keccak256(\"PermitSell(address from,address to,uint256 quantityToSell,uint256 minCurrencyReturned,uint256 nonce,uint256 deadline)\");\n bytes32 public constant PERMIT_SELL_TYPEHASH = 0x5dfdc7fb4c68a4c249de5e08597626b84fbbe7bfef4ed3500f58003e722cc548;\n\n modifier authorizeTransfer(\n address _from,\n address _to,\n uint _value,\n bool _isSell\n )\n {\n if(address(whitelist) != address(0))\n {\n // This is not set for the minting of initialReserve\n whitelist.authorizeTransfer(_from, _to, _value, _isSell);\n }\n _;\n }\n\n /\n * Buyback reserve\n */\n\n /// @notice The total amount of currency value currently locked in the contract and available to sellers.\n function buybackReserve() public view returns (uint)\n {\n uint reserve = address(this).balance;\n if(address(currency) != address(0))\n {\n reserve = currency.balanceOf(address(this));\n }\n\n if(reserve > MAX_BEFORE_SQUARE)\n {\n /// Math: If the reserve becomes excessive, cap the value to prevent overflowing in other formulas\n return MAX_BEFORE_SQUARE;\n }\n\n return reserve;\n }\n\n /\n * Functions required by the ERC-20 token standard\n /\n\n /// @dev Moves tokens from one account to another if authorized.\n function _transfer(\n address _from,\n address _to,\n uint _amount\n ) internal\n authorizeTransfer(_from, _to, _amount, false)\n {\n require(state != STATE_INIT || _from == beneficiary, \"ONLY_BENEFICIARY_DURING_INIT\");\n super._transfer(_from, _to, _amount);\n }\n\n /// @dev Removes tokens from the circulating supply.\n function _burn(\n address _from,\n uint _amount,\n bool _isSell\n ) internal\n authorizeTransfer(_from, address(0), _amount, _isSell)\n {\n super._burn(_from, _amount);\n\n if(!_isSell)\n {\n // This is a burn\n require(state == STATE_RUN, \"INVALID_STATE\");\n // SafeMath not required as we cap how high this value may get during mint\n burnedSupply += _amount;\n emit Burn(_from, _amount);\n }\n }\n\n /// @notice Called to mint tokens onbuy.\n function _mint(\n address _to,\n \n uint _quantity\n ) internal\n authorizeTransfer(address(0), _to, _quantity, false)\n {\n super._mint(_to, _quantity);\n\n // Math: If this value got too large, the DAT may overflow on sell\n require(totalSupply().add(burnedSupply) <= MAX_SUPPLY, \"EXCESSIVE_SUPPLY\");\n }\n\n /\n * Transaction Helpers\n */\n\n /// @notice Confirms the transfer of_quantityToInvestcurrency to the contract.\n function _collectInvestment(\n address payable _from,\n uint _quantityToInvest,\n uint _msgValue,\n bool _refundRemainder\n ) internal\n {\n if(address(currency) == address(0))\n {\n // currency is ETH\n if(_refundRemainder)\n {\n // Math: if _msgValue was not sufficient then revert\n uint refund = _msgValue.sub(_quantityToInvest);\n if(refund > 0)\n {\n Address.sendValue(msg.sender, refund);\n }\n }\n else\n {\n require(_quantityToInvest == _msgValue, \"INCORRECT_MSG_VALUE\");\n }\n }\n else\n {\n // currency is ERC20\n require(_msgValue == 0, \"DO_NOT_SEND_ETH\");\n\n currency.safeTransferFrom(_from, address(this), _quantityToInvest);\n }\n }\n\n /// @dev Send_amountcurrency from the contract to the_toaccount.\n function _transferCurrency(\n address payable _to,\n uint _amount\n ) internal\n {\n if(_amount > 0)\n {\n if(address(currency) == address(0))\n {\n Address.sendValue(_to, _amount);\n }\n else\n {\n currency.safeTransfer(_to, _amount);\n }\n }\n }\n\n /\n * Config / Control\n /\n\n /// @notice Called once after deploy to set the initial configuration.\n /// None of the values provided here may change once initially set.\n /// @dev using the init pattern in order to support zos upgrades\n function _initialize(\n uint _initReserve,\n address _currencyAddress,\n uint _initGoal,\n uint _buySlopeNum,\n uint _buySlopeDen,\n uint _setupFee,\n address payable _setupFeeRecipient,\n string memory _name,\n string memory _symbol\n ) internal\n {\n // The ERC-20 implementation will confirm initialize is only run once\n ERC20Detailed.initialize(_name, _symbol, 18);\n\n require(_buySlopeNum > 0, \"INVALID_SLOPE_NUM\");\n require(_buySlopeDen > 0, \"INVALID_SLOPE_DEN\");\n require(_buySlopeNum < MAX_BEFORE_SQUARE, \"EXCESSIVE_SLOPE_NUM\");\n require(_buySlopeDen < MAX_BEFORE_SQUARE, \"EXCESSIVE_SLOPE_DEN\");\n buySlopeNum = _buySlopeNum;\n buySlopeDen = _buySlopeDen;\n\n // Setup Fee\n require(_setupFee == 0 || _setupFeeRecipient != address(0), \"MISSING_SETUP_FEE_RECIPIENT\");\n require(_setupFeeRecipient == address(0) || _setupFee != 0, \"MISSING_SETUP_FEE\");\n // setup_fee <= (n/d)(g^2)/2\n uint initGoalInCurrency = _initGoal * _initGoal;\n initGoalInCurrency = initGoalInCurrency.mul(_buySlopeNum);\n initGoalInCurrency /= 2 * _buySlopeDen;\n require(_setupFee <= initGoalInCurrency, \"EXCESSIVE_SETUP_FEE\");\n setupFee = _setupFee;\n setupFeeRecipient = _setupFeeRecipient;\n\n // Set default values (which may be updated usingupdateConfig)\n uint decimals = 18;\n if(_currencyAddress != address(0))\n {\n decimals = IERC20Detailed(_currencyAddress).decimals();\n }\n minInvestment = 100 * (10 ** decimals);\n beneficiary = msg.sender;\n control = msg.sender;\n feeCollector = msg.sender;\n\n // Save currency\n currency = IERC20(_currencyAddress);\n\n // Mint the initial reserve\n if(_initReserve > 0)\n {\n initReserve = _initReserve;\n _mint(beneficiary, initReserve);\n }\n\n initializeDomainSeparator();\n }\n\n /// @notice Used to initialize the domain separator used in meta-transactions\n /// @dev This is separate frominitializeto allow upgraded contracts to update the version\n /// There is no harm in calling this multiple times / no permissions required\n function initializeDomainSeparator() public\n {\n uint id;\n // solium-disable-next-line\n assembly\n {\n id := chainid()\n }\n DOMAIN_SEPARATOR = keccak256(\n abi.encode(\n keccak256(\"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\"),\n keccak256(bytes(name())),\n keccak256(bytes(version)),\n id,\n address(this)\n )\n );\n }\n\n function _updateConfig(\n address _whitelistAddress,\n address payable _beneficiary,\n address _control,\n address payable _feeCollector,\n uint _feeBasisPoints,\n uint _minInvestment,\n uint _minDuration\n ) internal\n {\n // This require(also confirms that initialize has been called.\n require(msg.sender == control, \"CONTROL_ONLY\");\n\n // address(0) is okay\n whitelist = IWhitelist(_whitelistAddress);\n\n require(_control != address(0), \"INVALID_ADDRESS\");\n control = _control;\n\n require(_feeCollector != address(0), \"INVALID_ADDRESS\");\n feeCollector = _feeCollector;\n\n require(_feeBasisPoints <= BASIS_POINTS_DEN, \"INVALID_FEE\");\n feeBasisPoints = _feeBasisPoints;\n\n require(_minInvestment > 0, \"INVALID_MIN_INVESTMENT\");\n minInvestment = _minInvestment;\n\n require(_minDuration >= minDuration, \"MIN_DURATION_MAY_NOT_BE_REDUCED\");\n minDuration = _minDuration;\n\n if(beneficiary != _beneficiary)\n {\n require(_beneficiary != address(0), \"INVALID_ADDRESS\");\n uint tokens = balanceOf(beneficiary);\n initInvestors[_beneficiary] = initInvestors[_beneficiary].add(initInvestors[beneficiary]);\n initInvestors[beneficiary] = 0;\n if(tokens > 0)\n {\n _transfer(beneficiary, _beneficiary, tokens);\n }\n beneficiary = _beneficiary;\n }\n }\n\n /**\n * Functions for our business logic\n /\n\n /// @notice Burn the amount of tokens from the address msg.sender if authorized.\n /// @dev Note that this is not the same as asellvia the DAT.\n function burn(\n uint _amount\n ) public\n {\n _burn(msg.sender, _amount, false);\n }\n\n /// @notice Burn the amount of tokens from the given address if approved.\n function burnFrom(\n address _from,\n uint _amount\n ) public\n {\n _approve(_from, msg.sender, allowance(_from, msg.sender).sub(_amount, \"ERC20: burn amount exceeds allowance\"));\n _burn(_from, _amount, false);\n }\n\n // Buy\n\n /// @dev Distributes _value currency between the buybackReserve, beneficiary, and feeCollector.\n function _distributeInvestment(uint _value) internal;\n\n /// @notice Calculate how many FAIR tokens you would buy with the given amount of currency ifbuywas called now.\n /// @param _currencyValue How much currency to spend in order to buy FAIR.\n function estimateBuyValue(\n uint _currencyValue\n ) public view\n returns (uint)\n {\n if(_currencyValue < minInvestment)\n {\n return 0;\n }\n\n /// Calculate the tokenValue for this investment\n uint tokenValue;\n if(state == STATE_INIT)\n {\n uint currencyValue = _currencyValue;\n uint _totalSupply = totalSupply();\n // (buy_slopeinit_goal)(init_goal+init_reserve-total_supply)\n // n/d: buy_slope (MAX_BEFORE_SQUARE / MAX_BEFORE_SQUARE)\n // g: init_goal (MAX_BEFORE_SQUARE)\n // t: total_supply (MAX_BEFORE_SQUARE)\n // r: init_reserve (MAX_BEFORE_SQUARE)\n // source: ((n/d)g)(g+r-t)\n // impl: (g n (g + r - t))/(d)\n uint max = BigDiv.bigDiv2x1(\n initGoal * buySlopeNum,\n initGoal + initReserve - _totalSupply,\n buySlopeDen\n );\n if(currencyValue > max)\n {\n currencyValue = max;\n }\n // Math: worst case\n // MAX * MAX_BEFORE_SQUARE\n // / MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE\n tokenValue = BigDiv.bigDiv2x1(\n currencyValue,\n buySlopeDen,\n initGoal * buySlopeNum\n );\n\n if(currencyValue != _currencyValue)\n {\n currencyValue = _currencyValue - max;\n // ((2next_amount/buy_slope)+init_goal^2)^(1/2)-init_goal\n // a: next_amount | currencyValue\n // n/d: buy_slope (MAX_BEFORE_SQUARE / MAX_BEFORE_SQUARE)\n // g: init_goal (MAX_BEFORE_SQUARE/2)\n // r: init_reserve (MAX_BEFORE_SQUARE/2)\n // sqrt(((2a/(n/d))+g^2)-g\n // sqrt((2 d a + n g^2)/n) - g\n\n // currencyValue == 2 d a\n uint temp = 2 * buySlopeDen;\n currencyValue = temp.mul(currencyValue);\n\n // temp == g^2\n temp = initGoal;\n temp = temp;\n\n // temp == n g^2\n temp = temp.mul(buySlopeNum);\n\n // temp == (2 d a) + n g^2\n temp = currencyValue.add(temp);\n\n // temp == (2 d a + n g^2)/n\n temp /= buySlopeNum;\n\n // temp == sqrt((2 d a + n g^2)/n)\n temp = temp.sqrt();\n\n // temp == sqrt((2 d a + n g^2)/n) - g\n temp -= initGoal;\n\n tokenValue = tokenValue.add(temp);\n }\n }\n else if(state == STATE_RUN)\n {\n // initReserve is reduced on sell as necessary to ensure that this line will not overflow\n uint supply = totalSupply() + burnedSupply - initReserve;\n // Math: worst case\n // MAX * 2 * MAX_BEFORE_SQUARE\n // / MAX_BEFORE_SQUARE\n tokenValue = BigDiv.bigDiv2x1(\n _currencyValue,\n 2 * buySlopeDen,\n buySlopeNum\n );\n\n // Math: worst case MAX + (MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE)\n tokenValue = tokenValue.add(supply * supply);\n tokenValue = tokenValue.sqrt();\n\n // Math: small chance of underflow due to possible rounding in sqrt\n tokenValue = tokenValue.sub(supply);\n }\n else\n {\n // invalid state\n return 0;\n }\n\n return tokenValue;\n }\n\n function _buy(\n address payable _from,\n address _to,\n uint _currencyValue,\n uint _minTokensBought\n ) internal\n {\n require(_to != address(0), \"INVALID_ADDRESS\");\n require(_minTokensBought > 0, \"MUST_BUY_AT_LEAST_1\");\n\n // Calculate the tokenValue for this investment\n uint tokenValue = estimateBuyValue(_currencyValue);\n require(tokenValue >= _minTokensBought, \"PRICE_SLIPPAGE\");\n\n emit Buy(_from, _to, _currencyValue, tokenValue);\n\n _collectInvestment(_from, _currencyValue, msg.value, false);\n\n // Update state, initInvestors, and distribute the investment when appropriate\n if(state == STATE_INIT)\n {\n // Math worst case: MAX_BEFORE_SQUARE\n initInvestors[_to] += tokenValue;\n // Math worst case:\n // MAX_BEFORE_SQUARE + MAX_BEFORE_SQUARE\n if(totalSupply() + tokenValue - initReserve >= initGoal)\n {\n emit StateChange(state, STATE_RUN);\n state = STATE_RUN;\n __startedOn = block.timestamp;\n\n // Math worst case:\n // MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE/2\n // / MAX_BEFORE_SQUARE\n uint beneficiaryContribution = BigDiv.bigDiv2x1(\n initInvestors[beneficiary],\n buySlopeNum * initGoal,\n buySlopeDen\n );\n\n if(setupFee > 0)\n {\n _transferCurrency(setupFeeRecipient, setupFee);\n if(beneficiaryContribution > setupFee)\n {\n beneficiaryContribution -= setupFee;\n }\n else\n {\n beneficiaryContribution = 0;\n }\n }\n\n _distributeInvestment(buybackReserve().sub(beneficiaryContribution));\n }\n }\n else // implied: if(state == STATE_RUN)\n {\n if(_to != beneficiary)\n {\n _distributeInvestment(_currencyValue);\n }\n }\n\n _mint(_to, tokenValue);\n }\n\n /// @notice Purchase FAIR tokens with the given amount of currency.\n /// @param _to The account to receive the FAIR tokens from this purchase.\n /// @param _currencyValue How much currency to spend in order to buy FAIR.\n /// @param _minTokensBought Buy at least this many FAIR tokens or the transaction reverts.\n /// @dev _minTokensBought is necessary as the price will change if some elses transaction mines after\n /// yours was submitted.\n function buy(\n address _to,\n uint _currencyValue,\n uint _minTokensBought\n ) public payable\n {\n _buy(msg.sender, _to, _currencyValue, _minTokensBought);\n }\n\n /// @notice Allow users to sign a message authorizing a buy\n function permitBuy(\n address payable _from,\n address _to,\n uint _currencyValue,\n uint _minTokensBought,\n uint _deadline,\n uint8 _v,\n bytes32 _r,\n bytes32 _s\n ) external\n {\n require(_deadline >= block.timestamp, \"EXPIRED\");\n bytes32 digest = keccak256(abi.encode(PERMIT_BUY_TYPEHASH, _from, _to, _currencyValue, _minTokensBought, nonces[_from]++, _deadline));\n digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR,\n digest\n )\n );\n address recoveredAddress = ecrecover(digest, _v, _r, _s);\n require(recoveredAddress != address(0) && recoveredAddress == _from, \"INVALID_SIGNATURE\");\n _buy(_from, _to, _currencyValue, _minTokensBought);\n }\n\n /// Sell\n\n function estimateSellValue(\n uint _quantityToSell\n ) public view\n returns(uint)\n {\n uint reserve = buybackReserve();\n\n // Calculate currencyValue for this sale\n uint currencyValue;\n if(state == STATE_RUN)\n {\n uint supply = totalSupply() + burnedSupply;\n\n // buyback_reserve = r\n // total_supply = t\n // burnt_supply = b\n // amount = a\n // source: (t+b)a(2r)/((t+b)^2)-(((2r)/((t+b)^2)a^2)/2)+((2r)/((t+b)^2)ab^2)/(2(t))\n // imp: (a b^2 r)/(t (b + t)^2) + (2 a r)/(b + t) - (a^2 r)/(b + t)^2\n\n // Math: burnedSupply is capped in FAIR such that the square will never overflow\n // Math worst case:\n // MAX * MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2\n // / MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2\n currencyValue = BigDiv.bigDiv2x2(\n _quantityToSell.mul(reserve),\n burnedSupply * burnedSupply,\n totalSupply(), supply * supply\n );\n // Math: worst case currencyValue is MAX_BEFORE_SQUARE (max reserve, 1 supply)\n\n // Math worst case:\n // MAX * 2 * MAX_BEFORE_SQUARE\n uint temp = _quantityToSell.mul(2 * reserve);\n temp /= supply;\n // Math: worst-case temp is MAX_BEFORE_SQUARE (max reserve, 1 supply)\n\n // Math: considering the worst-case for currencyValue and temp, this can never overflow\n currencyValue += temp;\n\n // Math: worst case\n // MAX * MAX * MAX_BEFORE_SQUARE\n // / MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2\n temp = BigDiv.bigDiv2x1RoundUp(\n _quantityToSell.mul(_quantityToSell),\n reserve,\n supply * supply\n );\n if(currencyValue > temp)\n {\n currencyValue -= temp;\n }\n else\n {\n currencyValue = 0;\n }\n }\n else if(state == STATE_CLOSE)\n {\n // Math worst case\n // MAX * MAX_BEFORE_SQUARE\n currencyValue = _quantityToSell.mul(reserve);\n currencyValue /= totalSupply();\n }\n else\n {\n // STATE_INIT or STATE_CANCEL\n // Math worst case:\n // MAX * MAX_BEFORE_SQUARE\n currencyValue = _quantityToSell.mul(reserve);\n // Math: FAIR blocks initReserve from being burned unless we reach the RUN state which prevents an underflow\n currencyValue /= totalSupply() - initReserve;\n }\n\n return currencyValue;\n }\n\n function _sell(\n address _from,\n address payable _to,\n uint _quantityToSell,\n uint _minCurrencyReturned\n ) internal\n {\n require(_from != beneficiary || state >= STATE_CLOSE, \"BENEFICIARY_ONLY_SELL_IN_CLOSE_OR_CANCEL\");\n require(_minCurrencyReturned > 0, \"MUST_SELL_AT_LEAST_1\");\n\n uint currencyValue = estimateSellValue(_quantityToSell);\n require(currencyValue >= _minCurrencyReturned, \"PRICE_SLIPPAGE\");\n\n if(state == STATE_INIT || state == STATE_CANCEL)\n {\n initInvestors[_from] = initInvestors[_from].sub(_quantityToSell);\n }\n\n _burn(_from, _quantityToSell, true);\n uint supply = totalSupply() + burnedSupply;\n if(supply < initReserve)\n {\n initReserve = supply;\n }\n\n _transferCurrency(_to, currencyValue);\n emit Sell(_from, _to, currencyValue, _quantityToSell);\n }\n\n /// @notice Sell FAIR tokens for at least the given amount of currency.\n /// @param _to The account to receive the currency from this sale.\n /// @param _quantityToSell How many FAIR tokens to sell for currency value.\n /// @param _minCurrencyReturned Get at least this many currency tokens or the transaction reverts.\n /// @dev _minCurrencyReturned is necessary as the price will change if some elses transaction mines after\n /// yours was submitted.\n function sell(\n address payable _to,\n uint _quantityToSell,\n uint _minCurrencyReturned\n ) public\n {\n _sell(msg.sender, _to, _quantityToSell, _minCurrencyReturned);\n }\n\n /// @notice Allow users to sign a message authorizing a sell\n function permitSell(\n address _from,\n address payable _to,\n uint _quantityToSell,\n uint _minCurrencyReturned,\n uint _deadline,\n uint8 _v,\n bytes32 _r,\n bytes32 _s\n ) external\n {\n require(_deadline >= block.timestamp, \"EXPIRED\");\n bytes32 digest = keccak256(abi.encode(PERMIT_SELL_TYPEHASH, _from, _to, _quantityToSell, _minCurrencyReturned, nonces[_from]++, _deadline));\n digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR,\n digest\n )\n );\n address recoveredAddress = ecrecover(digest, _v, _r, _s);\n require(recoveredAddress != address(0) && recoveredAddress == _from, \"INVALID_SIGNATURE\");\n _sell(_from, _to, _quantityToSell, _minCurrencyReturned);\n }\n\n /// Close\n\n /// @notice Called by the beneficiary account to STATE_CLOSE or STATE_CANCEL the c-org,\n /// preventing any more tokens from being minted.\n /// @dev Requires anexitFeeto be paid. If the currency is ETH, include a little more than\n /// what appears to be required and any remainder will be returned to your account. This is\n /// because another user may have a transaction mined which changes the exitFee required.\n /// For othercurrencytypes, the beneficiary account will be billed the exact amount required.\n function _close() internal\n {\n require(msg.sender == beneficiary, \"BENEFICIARY_ONLY\");\n\n if(state == STATE_INIT)\n {\n // Allow the org to cancel anytime if the initGoal was not reached.\n emit StateChange(state, STATE_CANCEL);\n state = STATE_CANCEL;\n }\n else if(state == STATE_RUN)\n {\n // Collect the exitFee and close the c-org.\n require(MAX_UINT - minDuration > __startedOn, \"MAY_NOT_CLOSE\");\n require(minDuration + __startedOn <= block.timestamp, \"TOO_EARLY\");\n\n emit StateChange(state, STATE_CLOSE);\n state = STATE_CLOSE;\n }\n else\n {\n revert(\"INVALID_STATE\");\n }\n }\n\n // --- Approve by signature ---\n // EIP-2612\n // Original source: https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/UniswapV2ERC20.sol\\n function permit(\n address owner,\n address spender,\n uint value,\n uint deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external\n {\n require(deadline >= block.timestamp, \"EXPIRED\");\n bytes32 digest = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline));\n digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR,\n digest\n )\n );\n address recoveredAddress = ecrecover(digest, v, r, s);\n require(recoveredAddress != address(0) && recoveredAddress == owner, \"INVALID_SIGNATURE\");\n _approve(owner, spender, value);\n }\n\n uint256[50] private __gap;\n}\n"},"@openzeppelin/upgrades/contracts/Initializable.sol":{"content":"pragma solidity >=0.4.24 <0.7.0;\n\n\n/\n * @title Initializable\n *\n * @dev Helper contract to support initializer functions. To use it, replace\n * the constructor with a function that has theinitializermodifier.\n * WARNING: Unlike constructors, initializer functions must be manually\n * invoked. This applies both to deploying an Initializable contract, as well\n * as extending an Initializable contract via inheritance.\n * WARNING: When used with inheritance, manual care must be taken to not invoke\n * a parent initializer twice, or ensure that all initializers are idempotent,\n * because this is not dealt with automatically as with constructors.\n */\ncontract Initializable {\n\n /\n * @dev Indicates that the contract has been initialized.\n */\n bool private initialized;\n\n /\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private initializing;\n\n /\n * @dev Modifier to use in the initializer function of a contract.\n */\n modifier initializer() {\n require(initializing || isConstructor() || !initialized, \"Contract instance has already been initialized\");\n\n bool isTopLevelCall = !initializing;\n if (isTopLevelCall) {\n initializing = true;\n initialized = true;\n }\n\n _;\n\n if (isTopLevelCall) {\n initializing = false;\n }\n }\n\n /// @dev Returns true if and only if the function is running in the constructor\n function isConstructor() private view returns (bool) {\n // extcodesize checks the size of the code stored in an address, and\n // address returns the current address. Since the code is still not\n // deployed when running a constructor, any checks on its code size will\n // yield zero, making it an effective way to detect if a contract is\n // under construction or not.\n address self = address(this);\n uint256 cs;\n assembly { cs := extcodesize(self) }\n return cs == 0;\n }\n\n // Reserved storage space to allow for layout changes in the future.\n uint256[50] private ______gap;\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/utils/Address.sol":{"content":"pragma solidity ^0.5.5;\n\n/\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /\n * @dev Returns true ifaccountis a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others,isContractwill return false for the following \n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // According to EIP-1052, 0x0 is the value returned for not-yet created accounts\n // and 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 is returned\n // for accounts without code, i.e.keccak256('')\n bytes32 codehash;\n bytes32 accountHash = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470;\n // solhint-disable-next-line no-inline-assembly\n assembly { codehash := extcodehash(account) }\n return (codehash != accountHash && codehash != 0x0);\n }\n\n /\n * @dev Converts anaddressintoaddress payable. Note that this is\n * simply a type cast: the actual underlying value is not changed.\n *\n * Available since v2.4.0.\n */\n function toPayable(address account) internal pure returns (address payable) {\n return address(uint160(account));\n }\n\n /\n * @dev Replacement for Solidity'stransfer: sendsamountwei to\n *recipient, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed bytransfer, making them unable to receive funds via\n *transfer. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred torecipient, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n *\n * Available since v2.4.0.\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-call-value\n (bool success, ) = recipient.call.value(amount)(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/SafeERC20.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"./IERC20.sol\";\nimport \"../../math/SafeMath.sol\";\nimport \"../../utils/Address.sol\";\n\n/\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add ausing SafeERC20 for ERC20;statement to your contract,\n * which allows you to call the safe operations astoken.safeTransfer(...), etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves.\n\n // A Solidity high level call has three parts:\n // 1. The target address is checked to verify it contains contract code\n // 2. The call itself is made, and success asserted\n // 3. The return value is decoded, which in turn checks the size of the returned data.\n // solhint-disable-next-line max-line-length\n require(address(token).isContract(), \"SafeERC20: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = address(token).call(data);\n require(success, \"SafeERC20: low-level call failed\");\n\n if (returndata.length > 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/IERC20.sol":{"content":"pragma solidity ^0.5.0;\n\n/\n * @dev Interface of the ERC20 standard as defined in the EIP. Does not include\n * the optional functions; to access them see {ERC20Detailed}.\n */\ninterface IERC20 {\n /\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /\n * @dev Returns the amount of tokens owned byaccount.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /\n * @dev Movesamounttokens from the caller's account torecipient.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /\n * @dev Returns the remaining number of tokens thatspenderwill be\n * allowed to spend on behalf ofownerthrough {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /\n * @dev Setsamountas the allowance ofspenderover the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /\n * @dev Movesamounttokens fromsendertorecipientusing the\n * allowance mechanism.amountis then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /\n * @dev Emitted whenvaluetokens are moved from one account (from) to\n * another (to).\n *\n * Note thatvaluemay be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /\n * @dev Emitted when the allowance of aspenderfor anowneris set by\n * a call to {approve}.valueis the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20Detailed.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/upgrades/contracts/Initializable.sol\";\nimport \"./IERC20.sol\";\n\n/\n * @dev Optional functions from the ERC20 standard.\n */\ncontract ERC20Detailed is Initializable, IERC20 {\n string private _name;\n string private _symbol;\n uint8 private _decimals;\n\n /\n * @dev Sets the values forname,symbol, anddecimals. All three of\n * these values are immutable: they can only be set once during\n * construction.\n */\n function initialize(string memory name, string memory symbol, uint8 decimals) public initializer {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\n\n /\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\n\n /\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n /\n * @dev Returns the number of decimals used to get its user representation.\n * For example, ifdecimalsequals2, a balance of505tokens should\n * be displayed to a user as5,05(505 / 10 ** 2).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * NOTE: This information is only used for display purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * {IERC20-balanceOf} and {IERC20-transfer}.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\n\n uint256[50] private ______gap;\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/upgrades/contracts/Initializable.sol\";\n\nimport \"../../GSN/Context.sol\";\nimport \"./IERC20.sol\";\nimport \"../../math/SafeMath.sol\";\n\n/\n * @dev Implementation of the {IERC20} interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using {_mint}.\n * For a generic mechanism see {ERC20Mintable}.\n *\n * TIP: For a detailed writeup see our guide\n * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How\\n * to implement supply mechanisms].\n *\n * We have followed general OpenZeppelin guidelines: functions revert instead\n * of returningfalseon failure. This behavior is nonetheless conventional\n * and does not conflict with the expectations of ERC20 applications.\n *\n * Additionally, an {Approval} event is emitted on calls to {transferFrom}.\n * This allows applications to reconstruct the allowance for all accounts just\n * by listening to said events. Other implementations of the EIP may not emit\n * these events, as it isn't required by the specification.\n *\n * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}\n * functions have been added to mitigate the well-known issues around setting\n * allowances. See {IERC20-approve}.\n */\ncontract ERC20 is Initializable, Context, IERC20 {\n using SafeMath for uint256;\n\n mapping (address => uint256) private _balances;\n\n mapping (address => mapping (address => uint256)) private _allowances;\n\n uint256 private _totalSupply;\n\n /\n * @dev See {IERC20-totalSupply}.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\n\n /\n * @dev See {IERC20-balanceOf}.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\n\n /\n * @dev See {IERC20-transfer}.\n *\n * Requirements:\n *\n * -recipientcannot be the zero address.\n * - the caller must have a balance of at leastamount.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(_msgSender(), recipient, amount);\n return true;\n }\n\n /\n * @dev See {IERC20-allowance}.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\n\n /\n * @dev See {IERC20-approve}.\n *\n * Requirements:\n *\n * -spendercannot be the zero address.\n */\n function approve(address spender, uint256 amount) public returns (bool) {\n _approve(_msgSender(), spender, amount);\n return true;\n }\n\n /\n * @dev See {IERC20-transferFrom}.\n *\n * Emits an {Approval} event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of {ERC20};\n *\n * Requirements:\n * -senderandrecipientcannot be the zero address.\n * -sendermust have a balance of at leastamount.\n * - the caller must have allowance forsender's tokens of at least\n *amount.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, \"ERC20: transfer amount exceeds allowance\"));\n return true;\n }\n\n /\n * @dev Atomically increases the allowance granted tospenderby the caller.\n *\n * This is an alternative to {approve} that can be used as a mitigation for\n * problems described in {IERC20-approve}.\n *\n * Emits an {Approval} event indicating the updated allowance.\n *\n * Requirements:\n *\n * -spendercannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue));\n return true;\n }\n\n /\n * @dev Atomically decreases the allowance granted tospenderby the caller.\n *\n * This is an alternative to {approve} that can be used as a mitigation for\n * problems described in {IERC20-approve}.\n *\n * Emits an {Approval} event indicating the updated allowance.\n *\n * Requirements:\n *\n * -spendercannot be the zero address.\n * -spendermust have allowance for the caller of at least\n *subtractedValue.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, \"ERC20: decreased allowance below zero\"));\n return true;\n }\n\n /\n * @dev Moves tokensamountfromsendertorecipient.\n *\n * This is internal function is equivalent to {transfer}, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a {Transfer} event.\n *\n * Requirements:\n \n * -sendercannot be the zero address.\n * -recipientcannot be the zero address.\n * -sendermust have a balance of at leastamount.\n /\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount, \"ERC20: transfer amount exceeds balance\");\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\n\n / @dev Createsamounttokens and assigns them toaccount, increasing\n * the total supply.\n *\n * Emits a {Transfer} event withfromset to the zero address.\n *\n * Requirements\n *\n * -tocannot be the zero address.\n */\n function _mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\n\n /\n * @dev Destroysamounttokens fromaccount, reducing the\n * total supply.\n *\n * Emits a {Transfer} event withtoset to the zero address.\n *\n * Requirements\n *\n * -accountcannot be the zero address.\n * -accountmust have at leastamounttokens.\n */\n function _burn(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _balances[account] = _balances[account].sub(amount, \"ERC20: burn amount exceeds balance\");\n _totalSupply = _totalSupply.sub(amount);\n emit Transfer(account, address(0), amount);\n }\n\n /\n * @dev Setsamountas the allowance ofspenderover theowners tokens.\n *\n * This is internal function is equivalent toapprove, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * -ownercannot be the zero address.\n * -spendercannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 amount) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = amount;\n emit Approval(owner, spender, amount);\n }\n\n /\n * @dev Destroysamounttokens fromaccount.amountis then deducted\n * from the caller's allowance.\n *\n * See {_burn} and {_approve}.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, _msgSender(), _allowances[account][_msgSender()].sub(amount, \"ERC20: burn amount exceeds allowance\"));\n }\n\n uint256[50] private ______gap;\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol":{"content":"pragma solidity ^0.5.0;\n\n/\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n *SafeMathrestores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's+operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's-operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n return sub(a, b, \"SafeMath: subtraction overflow\");\n }\n\n /\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's-operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n *\n * Available since v2.4.0.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b <= a, errorMessage);\n uint256 c = a - b;\n\n return c;\n }\n\n /\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's*operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's/operator. Note: this function uses a\n *revertopcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n return div(a, b, \"SafeMath: division by zero\");\n }\n\n /\n * @dev Returns the integer division of two unsigned integers. Reverts with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's/operator. Note: this function uses a\n *revertopcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * Available since v2.4.0.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, errorMessage);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's%operator. This function uses arevert\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n return mod(a, b, \"SafeMath: modulo by zero\");\n }\n\n /\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts with custom message when dividing by zero.\n *\n * Counterpart to Solidity's%operator. This function uses arevert\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * Available since v2.4.0.\n /\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b != 0, errorMessage);\n return a % b;\n }\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/GSN/Context.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/upgrades/contracts/Initializable.sol\";\n\n/\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\ncontract Context is Initializable {\n // Empty internal constructor, to prevent people from mistakenly deploying\n // an instance of this contract, which should be used via inheritance.\n constructor () internal { }\n // solhint-disable-previous-line no-empty-blocks\n\n function _msgSender() internal view returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\\n return msg.data;\n }\n}\n"}},"settings":{"remappings":[],"optimizer":{"enabled":true,"runs":200},"evmVersion":"istanbul","libraries":{}}}","codeformat": "solidity-standard-json-input",
"contractname": "/contracts/DecentralizedAutonomousTrust.sol:DecentralizedAutonomousTrust",
"compilerversion": "v0.5.17+commit.d19bba13",
"constructorArguements": ""
}
Checking status of verification request gzjk3se7lr4rx1pseckikyqzwdcckmqwk8fhv2dcesggwdaaq7
Fail - Unable to verify
Failed to verify 1 contract(s): DecentralizedAutonomousTrust@0xfa1B723C90927650b142a2c4a12644321C168d03
➜ fairmint-c-org git:(master) ✗ truffle migrate --network ropsten
Compiling your contracts...
Network up to date.
➜ fairmint-c-org git:(master) ✗ truffle migrate --network ropsten
Compiling your contracts...
Network up to date.
➜ fairmint-c-org git:(master) ✗ truffle run verify DecentralizedAutonomousTrust@0xfa1B723C90927650b142a2c4a12644321C168d03 --network ropsten --debug
DEBUG logging is turned ON
Running truffle-plugin-verify v0.5.18
Retrieving network's chain ID
Verifying DecentralizedAutonomousTrust@0xfa1B723C90927650b142a2c4a12644321C168d03
Reading artifact file at /Users/vilasmalhotra/Desktop/fairmint-c-org/build/contracts/DecentralizedAutonomousTrust.json
Custom address 0xfa1B723C90927650b142a2c4a12644321C168d03 specified
Retrieving constructor parameters from https://api-ropsten.etherscan.io/api?apiKey=WNDWXXAEHAVW4YC7GFZ3FI66WGWQIIZXZT&module=account&action=txlist&address=0xfa1B723C90927650b142a2c4a12644321C168d03&page=1&sort=asc&offset=1
Constructor parameters retrieved: 0x
Sending verify request with POST arguments:
{
"apikey": "WNDWXXAEHAVW4YC7GFZ3FI66WGWQIIZXZT",
"module": "contract",
"action": "verifysourcecode",
"contractaddress": "0xfa1B723C90927650b142a2c4a12644321C168d03",
"sourceCode": "{"language":"Solidity","sources":{"/contracts/DecentralizedAutonomousTrust.sol":{"content":"pragma solidity 0.5.17;\n\nimport \"./ContinuousOffering.sol\";\n\n/\n * @title Decentralized Autonomous Trust\n * This contract is the reference implementation provided by Fairmint for a\n * Decentralized Autonomous Trust as described in the continuous\n * organization whitepaper (https://github.com/c-org/whitepaper) and\n * specified here: https://github.com/fairmint/c-org/wiki. Use at your own\n * risk. If you have question or if you're looking for a ready-to-use\n * solution using this contract, you might be interested in Fairmint's\n * offering. Do not hesitate to get in touch with us: https://fairmint.co\\n /\ncontract DecentralizedAutonomousTrust is ContinuousOffering {\n event Close(uint _exitFee);\n event Pay(address indexed _from, uint _currencyValue);\n event UpdateConfig(\n address _whitelistAddress,\n address indexed _beneficiary,\n address indexed _control,\n address indexed _feeCollector,\n uint _revenueCommitmentBasisPoints,\n uint _feeBasisPoints,\n uint _minInvestment,\n uint _minDuration\n );\n\n /// @notice The revenue commitment of the organization. Defines the percentage of the value paid through the contract\n /// that is automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n function revenueCommitmentBasisPoints() public view returns (uint) {\n return __revenueCommitmentBasisPoints;\n }\n\n /// @notice The investment reserve of the c-org. Defines the percentage of the value invested that is\n /// automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n function investmentReserveBasisPoints() public view returns (uint) {\n return __investmentReserveBasisPoints;\n }\n\n /// @notice Initialized at
0and updated when the contract switches frominitstate torunstate\n /// with the current timestamp.\n function runStartedOn() public view returns (uint) {\n return __startedOn;\n }\n\n function initialize(\n uint _initReserve,\n address _currencyAddress,\n uint _initGoal,\n uint _buySlopeNum,\n uint _buySlopeDen,\n uint _investmentReserveBasisPoints,\n uint _setupFee,\n address payable _setupFeeRecipient,\n string memory _name,\n string memory _symbol\n ) public\n {\n // _initialize will enforce this is only called once\n super._initialize(\n _initReserve,\n _currencyAddress,\n _initGoal,\n _buySlopeNum,\n _buySlopeDen,\n _setupFee,\n _setupFeeRecipient,\n _name,\n _symbol\n );\n\n // Set initGoal, which in turn defines the initial state\n if(_initGoal == 0)\n {\n emit StateChange(state, STATE_RUN);\n state = STATE_RUN;\n __startedOn = block.timestamp;\n }\n else\n {\n // Math: If this value got too large, the DAT would overflow on sell\n require(_initGoal < MAX_SUPPLY, \"EXCESSIVE_GOAL\");\n initGoal = _initGoal;\n }\n\n // 100% or less\n require(_investmentReserveBasisPoints <= BASIS_POINTS_DEN, \"INVALID_RESERVE\");\n __investmentReserveBasisPoints = _investmentReserveBasisPoints;\n }\n\n /// Close\n\n function estimateExitFee(uint _msgValue) public view returns (uint) {\n uint exitFee;\n\n if (state == STATE_RUN) {\n uint reserve = buybackReserve();\n reserve = reserve.sub(_msgValue);\n\n // Source: t(t+b)*(n/d)-r\n // Implementation: (b n t)/d + (n t^2)/d - r\n\n uint _totalSupply = totalSupply();\n\n // Math worst case:\n // MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE\n exitFee = BigDiv.bigDiv2x1(\n _totalSupply,\n burnedSupply * buySlopeNum,\n buySlopeDen\n );\n // Math worst case:\n // MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE\n exitFee += BigDiv.bigDiv2x1(\n _totalSupply,\n buySlopeNum * _totalSupply,\n buySlopeDen\n );\n // Math: this if condition avoids a potential overflow\n if (exitFee <= reserve) {\n exitFee = 0;\n } else {\n exitFee -= reserve;\n }\n }\n\n return exitFee;\n }\n\n /// @notice Called by the beneficiary account to STATE_CLOSE or STATE_CANCEL the c-org,\n /// preventing any more tokens from being minted.\n /// @dev Requires anexitFeeto be paid. If the currency is ETH, include a little more than\n /// what appears to be required and any remainder will be returned to your account. This is\n /// because another user may have a transaction mined which changes the exitFee required.\n /// For othercurrencytypes, the beneficiary account will be billed the exact amount required.\n function close() public payable {\n uint exitFee = 0;\n\n if (state == STATE_RUN) {\n exitFee = estimateExitFee(msg.value);\n _collectInvestment(msg.sender, exitFee, msg.value, true);\n }\n\n super._close();\n emit Close(exitFee);\n }\n\n /// Pay\n\n /// @dev Pay the organization on-chain.\n /// @param _currencyValue How much currency which was paid.\n function pay(uint _currencyValue) public payable {\n _collectInvestment(msg.sender, _currencyValue, msg.value, false);\n require(state == STATE_RUN, \"INVALID_STATE\");\n require(_currencyValue > 0, \"MISSING_CURRENCY\");\n\n // Send a portion of the funds to the beneficiary, the rest is added to the buybackReserve\n // Math: if _currencyValue is < (2^256 - 1) / 10000 this will not overflow\n uint reserve = _currencyValue.mul(__revenueCommitmentBasisPoints);\n reserve /= BASIS_POINTS_DEN;\n\n // Math: this will never underflow since revenueCommitmentBasisPoints is capped to BASIS_POINTS_DEN\n _transferCurrency(beneficiary, _currencyValue - reserve);\n\n emit Pay(msg.sender, _currencyValue);\n }\n\n /// @notice Pay the organization on-chain without minting any tokens.\n /// @dev This allows you to add funds directly to the buybackReserve.\n function() external payable {\n require(address(currency) == address(0), \"ONLY_FOR_CURRENCY_ETH\");\n }\n\n function updateConfig(\n address _whitelistAddress,\n address payable _beneficiary,\n address _control,\n address payable _feeCollector,\n uint _feeBasisPoints,\n uint _revenueCommitmentBasisPoints,\n uint _minInvestment,\n uint _minDuration\n ) public {\n _updateConfig(\n _whitelistAddress,\n _beneficiary,\n _control,\n _feeCollector,\n _feeBasisPoints,\n _minInvestment,\n _minDuration\n );\n\n require(\n _revenueCommitmentBasisPoints <= BASIS_POINTS_DEN,\n \"INVALID_COMMITMENT\"\n );\n require(\n _revenueCommitmentBasisPoints >= __revenueCommitmentBasisPoints,\n \"COMMITMENT_MAY_NOT_BE_REDUCED\"\n );\n __revenueCommitmentBasisPoints = _revenueCommitmentBasisPoints;\n\n emit UpdateConfig(\n _whitelistAddress,\n _beneficiary,\n _control,\n _feeCollector,\n _revenueCommitmentBasisPoints,\n _feeBasisPoints,\n _minInvestment,\n _minDuration\n );\n }\n\n /// @notice A temporary function to setrunStartedOn, to be used by contracts which were\n /// already deployed before this feature was introduced.\n /// @dev This function will be removed once known users have called the function.\n function initializeRunStartedOn(\n uint _runStartedOn\n ) external\n {\n require(msg.sender == control, \"CONTROL_ONLY\");\n require(state == STATE_RUN, \"ONLY_CALL_IN_RUN\");\n require(__startedOn == 0, \"ONLY_CALL_IF_NOT_AUTO_SET\");\n require(_runStartedOn <= block.timestamp, \"DATE_MUST_BE_IN_PAST\");\n\n __startedOn = _runStartedOn;\n }\n\n /// @dev Distributes _value currency between the buybackReserve, beneficiary, and feeCollector.\n function _distributeInvestment(\n uint _value\n ) internal\n {\n // Rounding favors buybackReserve, then beneficiary, and feeCollector is last priority.\n\n // Math: if investment value is < (2^256 - 1) / 10000 this will never overflow.\n // Except maybe with a huge single investment, but they can try again with multiple smaller investments.\n uint reserve = __investmentReserveBasisPoints.mul(_value);\n reserve /= BASIS_POINTS_DEN;\n reserve = _value.sub(reserve);\n uint fee = reserve.mul(feeBasisPoints);\n fee /= BASIS_POINTS_DEN;\n\n // Math: since feeBasisPoints is <= BASIS_POINTS_DEN, this will never underflow.\n _transferCurrency(beneficiary, reserve - fee);\n _transferCurrency(feeCollector, fee);\n }\n}\n"},"/contracts/math/Sqrt.sol":{"content":"pragma solidity ^0.5.0;\n\n/\n * @title Calculates the square root of a given value.\n * @dev Results may be off by 1.\n /\nlibrary Sqrt {\n /// @notice The max possible value\n uint private constant MAX_UINT = 2256 - 1;\n\n // Source: https://github.com/ethereum/dapp-bin/pull/50\\n function sqrt(uint x) internal pure returns (uint y) {\n if (x == 0) {\n return 0;\n } else if (x <= 3) {\n return 1;\n } else if (x == MAX_UINT) {\n // Without this we fail on x + 1 below\n return 2128 - 1;\n }\n\n uint z = (x + 1) / 2;\n y = x;\n while (z < y) {\n y = z;\n z = (x / z + z) / 2;\n }\n }\n}\n"},"/contracts/math/BigDiv.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol\";\n\n/\n * @title Reduces the size of terms before multiplication, to avoid an overflow, and then\n * restores the proper size after division.\n * @notice This effectively allows us to overflow values in the numerator and/or denominator\n * of a fraction, so long as the end result does not overflow as well.\n * @dev Results may be off by 1 + 0.000001% for 2x1 calls and 2 + 0.00001% for 2x2 calls.\n * Do not use if your contract expects very small result values to be accurate.\n */\nlibrary BigDiv {\n using SafeMath for uint;\n\n /// @notice The max possible value\n uint private constant MAX_UINT = 2256 - 1;\n\n /// @notice When multiplying 2 terms <= this value the result won't overflow\n uint private constant MAX_BEFORE_SQUARE = 2128 - 1;\n\n /// @notice The max error target is off by 1 plus up to 0.000001% error\n /// for bigDiv2x1 and that* 2for bigDiv2x2\n uint private constant MAX_ERROR = 100000000;\n\n /// @notice A larger error threshold to use when multiple rounding errors may apply\n uint private constant MAX_ERROR_BEFORE_DIV = MAX_ERROR * 2;\n\n /\n * @notice Returns the approx result ofa * b / dso long as the result is <= MAX_UINT\n * @param _numA the first numerator term\n * @param _numB the second numerator term\n * @param _den the denominator\n * @return the approx result with up to off by 1 + MAX_ERROR, rounding down if needed\n /\n function bigDiv2x1(\n uint _numA,\n uint _numB,\n uint _den\n ) internal pure returns (uint) {\n if (_numA == 0 || _numB == 0) {\n // would div by 0 or underflow if we don't special case 0\n return 0;\n }\n\n uint value;\n\n if (MAX_UINT / _numA >= _numB) {\n // ab does not overflow, return exact math\n value = _numA * _numB;\n value /= _den;\n return value;\n }\n\n // Sort numerators\n uint numMax = _numB;\n uint numMin = _numA;\n if (_numA > _numB) {\n numMax = _numA;\n numMin = _numB;\n }\n\n value = numMax / _den;\n if (value > MAX_ERROR) {\n // _den is small enough to be MAX_ERROR or better w/o a factor\n value = value.mul(numMin);\n return value;\n }\n\n // formula = ((a / f) * b) / (d / f)\n // factor >= a / sqrt(MAX) * (b / sqrt(MAX))\n uint factor = numMin - 1;\n factor /= MAX_BEFORE_SQUARE;\n factor += 1;\n uint temp = numMax - 1;\n temp /= MAX_BEFORE_SQUARE;\n temp += 1;\n if (MAX_UINT / factor >= temp) {\n factor = temp;\n value = numMax / factor;\n if (value > MAX_ERROR_BEFORE_DIV) {\n value = value.mul(numMin);\n temp = _den - 1;\n temp /= factor;\n temp = temp.add(1);\n value /= temp;\n return value;\n }\n }\n\n // formula: (a / (d / f)) * (b / f)\n // factor: b / sqrt(MAX)\n factor = numMin - 1;\n factor /= MAX_BEFORE_SQUARE;\n factor += 1;\n value = numMin / factor;\n temp = _den - 1;\n temp /= factor;\n temp += 1;\n temp = numMax / temp;\n value = value.mul(temp);\n return value;\n }\n\n /\n * @notice Returns the approx result ofa * b / dso long as the result is <= MAX_UINT\n * @param _numA the first numerator term\n * @param _numB the second numerator term\n * @param _den the denominator\n * @return the approx result with up to off by 1 + MAX_ERROR, rounding down if needed\n * @dev roundUp is implemented by first rounding down and then adding the max error to the result\n */\n function bigDiv2x1RoundUp(\n uint _numA,\n uint _numB,\n uint _den\n ) internal pure returns (uint) {\n // first get the rounded down result\n uint value = bigDiv2x1(_numA, _numB, _den);\n\n if (value == 0) {\n // when the value rounds down to 0, assume up to an off by 1 error\n return 1;\n }\n\n // round down has a max error of MAX_ERROR, add that to the result\n // for a round up error of <= MAX_ERROR\n uint temp = value - 1;\n temp /= MAX_ERROR;\n temp += 1;\n if (MAX_UINT - value < temp) {\n // value + error would overflow, return MAX\n return MAX_UINT;\n }\n\n value += temp;\n\n return value;\n }\n\n /\n * @notice Returns the approx result ofa * b / (c * d)so long as the result is <= MAX_UINT\n * @param _numA the first numerator term\n * @param _numB the second numerator term\n * @param _denA the first denominator term\n * @param _denB the second denominator term\n * @return the approx result with up to off by 2 + MAX_ERROR10 error, rounding down if needed\n * @dev this uses bigDiv2x1 and adds additional rounding error so the max error of this\n * formula is larger\n /\n function bigDiv2x2(\n uint _numA,\n uint _numB,\n uint _denA,\n uint _denB\n ) internal pure returns (uint) {\n if (MAX_UINT / _denA >= _denB) {\n // denAdenB does not overflow, use bigDiv2x1 instead\n return bigDiv2x1(_numA, _numB, _denA * _denB);\n }\n\n if (_numA == 0 || _numB == 0) {\n // would div by 0 or underflow if we don't special case 0\n return 0;\n }\n\n // Sort denominators\n uint denMax = _denB;\n uint denMin = _denA;\n if (_denA > _denB) {\n denMax = _denA;\n denMin = _denB;\n }\n\n uint value;\n\n if (MAX_UINT / _numA >= _numB) {\n // ab does not overflow, usea / d / c\n value = _numA * _numB;\n value /= denMin;\n value /= denMax;\n return value;\n }\n\n //ab / cdwhere bothabandcdwould overflow\n\n // Sort numerators\n uint numMax = _numB;\n uint numMin = _numA;\n if (_numA > _numB) {\n numMax = _numA;\n numMin = _numB;\n }\n\n // formula = (a/d) * b / c\n uint temp = numMax / denMin;\n if (temp > MAX_ERROR_BEFORE_DIV) {\n return bigDiv2x1(temp, numMin, denMax);\n }\n\n // formula: ((a/f) * b) / d then either * f / c or / c * f\n // factor >= a / sqrt(MAX) * (b / sqrt(MAX))\n uint factor = numMin - 1;\n factor /= MAX_BEFORE_SQUARE;\n factor += 1;\n temp = numMax - 1;\n temp /= MAX_BEFORE_SQUARE;\n temp += 1;\n if (MAX_UINT / factor >= temp) {\n factor = temp;\n\n value = numMax / factor;\n if (value > MAX_ERROR_BEFORE_DIV) {\n value = value.mul(numMin);\n value /= denMin;\n if (value > 0 && MAX_UINT / value >= factor) {\n value = factor;\n value /= denMax;\n return value;\n }\n }\n }\n\n // formula: (a/f) * b / ((cd)/f)\n // factor >= c / sqrt(MAX) * (d / sqrt(MAX))\n factor = denMin;\n factor /= MAX_BEFORE_SQUARE;\n temp = denMax;\n // + 1 here prevents overflow of factortemp\n temp /= MAX_BEFORE_SQUARE + 1;\n factor *= temp;\n return bigDiv2x1(numMax / factor, numMin, MAX_UINT);\n }\n}\n"},"/contracts/interfaces/IWhitelist.sol":{"content":"pragma solidity 0.5.17;\n\n/\n * Source: https://raw.githubusercontent.com/simple-restricted-token/reference-implementation/master/contracts/token/ERC1404/ERC1404.sol\\n * With ERC-20 APIs removed (will be implemented as a separate contract).\n * And adding authorizeTransfer.\n */\ninterface IWhitelist {\n /\n * @notice Detects if a transfer will be reverted and if so returns an appropriate reference code\n * @param from Sending address\n * @param to Receiving address\n * @param value Amount of tokens being transferred\n * @return Code by which to reference message for rejection reasoning\n * @dev Overwrite with your custom transfer restriction logic\n */\n function detectTransferRestriction(\n address from,\n address to,\n uint value\n ) external view returns (uint8);\n\n /\n * @notice Returns a human-readable message for a given restriction code\n * @param restrictionCode Identifier for looking up a message\n * @return Text showing the restriction's reasoning\n * @dev Overwrite with your custom message and restrictionCode handling\n */\n function messageForTransferRestriction(uint8 restrictionCode)\n external\n pure\n returns (string memory);\n\n /\n * @notice Called by the DAT contract before a transfer occurs.\n * @dev This call will revert when the transfer is not authorized.\n * This is a mutable call to allow additional data to be recorded,\n * such as when the user aquired their tokens.\n /\n function authorizeTransfer(\n address _from,\n address _to,\n uint _value,\n bool _isSell\n ) external;\n\n function walletActivated(\n address _wallet\n ) external returns(bool);\n}\n"},"/contracts/interfaces/IERC20Detailed.sol":{"content":"pragma solidity 0.5.17;\n\ninterface IERC20Detailed {\n /\n * @dev Returns the number of decimals used to get its user representation.\n * For example, ifdecimalsequals2, a balance of505tokens should\n * be displayed to a user as5,05(505 / 10 ** 2).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * NOTE: This information is only used for display purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * {IERC20-balanceOf} and {IERC20-transfer}.\n */\n function decimals() external view returns (uint8);\n}\n"},"/contracts/ContinuousOffering.sol":{"content":"pragma solidity 0.5.17;\n\nimport \"./interfaces/IWhitelist.sol\";\nimport \"./interfaces/IERC20Detailed.sol\";\nimport \"./math/BigDiv.sol\";\nimport \"./math/Sqrt.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/SafeERC20.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20Detailed.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol\";\nimport \"@openzeppelin/contracts-ethereum-package/contracts/utils/Address.sol\";\n\n\n/\n * @title Continuous Offering abstract contract\n * @notice A shared base for various offerings from Fairmint.\n /\ncontract ContinuousOffering\n is ERC20, ERC20Detailed\n{\n using SafeMath for uint;\n using Sqrt for uint;\n using SafeERC20 for IERC20;\n\n /\n * Events\n */\n\n event Buy(\n address indexed _from,\n address indexed _to,\n uint _currencyValue,\n uint _fairValue\n );\n event Sell(\n address indexed _from,\n address indexed _to,\n uint _currencyValue,\n uint _fairValue\n );\n event Burn(\n address indexed _from,\n uint _fairValue\n );\n event StateChange(\n uint _previousState,\n uint _newState\n );\n\n /\n * Constants\n /\n\n /// @notice The default state\n uint internal constant STATE_INIT = 0;\n\n /// @notice The state after initGoal has been reached\n uint internal constant STATE_RUN = 1;\n\n /// @notice The state after closed by thebeneficiaryaccount from STATE_RUN\n uint internal constant STATE_CLOSE = 2;\n\n /// @notice The state after closed by thebeneficiaryaccount from STATE_INIT\n uint internal constant STATE_CANCEL = 3;\n\n /// @notice When multiplying 2 terms, the max value is 2^128-1\n uint internal constant MAX_BEFORE_SQUARE = 2128 - 1;\n\n /// @notice The denominator component for values specified in basis points.\n uint internal constant BASIS_POINTS_DEN = 10000;\n\n /// @notice The maxtotalSupply() + burnedSupply\n /// @dev This limit ensures that the DAT's formulas do not overflow (<MAX_BEFORE_SQUARE/2)\n uint internal constant MAX_SUPPLY = 10 ** 38;\n\n /\n * Data specific to our token business logic\n /\n\n /// @notice The contract for transfer authorizations, if any.\n IWhitelist public whitelist;\n\n /// @notice The total number of burned FAIR tokens, excluding tokens burned from aSellaction in the DAT.\n uint public burnedSupply;\n\n /\n * Data for DAT business logic\n /\n\n /// @dev unused slot which remains to ensure compatible upgrades\n bool private __autoBurn;\n\n /// @notice The address of the beneficiary organization which receives the investments.\n /// Points to the wallet of the organization.\n address payable public beneficiary;\n\n /// @notice The buy slope of the bonding curve.\n /// Does not affect the financial model, only the granularity of FAIR.\n /// @dev This is the numerator component of the fractional value.\n uint public buySlopeNum;\n\n /// @notice The buy slope of the bonding curve.\n /// Does not affect the financial model, only the granularity of FAIR.\n /// @dev This is the denominator component of the fractional value.\n uint public buySlopeDen;\n\n /// @notice The address from which the updatable variables can be updated\n address public control;\n\n /// @notice The address of the token used as reserve in the bonding curve\n /// (e.g. the DAI contract). Use ETH if 0.\n IERC20 public currency;\n\n /// @notice The address where fees are sent.\n address payable public feeCollector;\n\n /// @notice The percent fee collected each time new FAIR are issued expressed in basis points.\n uint public feeBasisPoints;\n\n /// @notice The initial fundraising goal (expressed in FAIR) to start the c-org.\n ///0means that there is no initial fundraising and the c-org immediately moves to run state.\n uint public initGoal;\n\n /// @notice A map with all investors in init state using address as a key and amount as value.\n /// @dev This structure's purpose is to make sure that only investors can withdraw their money if init_goal is not reached.\n mapping(address => uint) public initInvestors;\n\n /// @notice The initial number of FAIR created at initialization for the beneficiary.\n /// Technically however, this variable is not a constant as we must always have\n ///init_reserve>=total_supply+burnt_supplywhich means thatinit_reservewill be automatically\n /// decreased to equaltotal_supply+burnt_supplyin caseinit_reserve>total_supply+burnt_supply\n /// after an investor sells his FAIRs.\n /// @dev Organizations may move these tokens into vesting contract(s)\n uint public initReserve;\n\n /// @notice The investment reserve of the c-org. Defines the percentage of the value invested that is\n /// automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n uint internal __investmentReserveBasisPoints;\n\n /// @dev unused slot which remains to ensure compatible upgrades\n uint private __openUntilAtLeast;\n\n /// @notice The minimum amount ofcurrencyinvestment accepted.\n uint public minInvestment;\n\n /// @dev The revenue commitment of the organization. Defines the percentage of the value paid through the contract\n /// that is automatically funneled and held into the buyback_reserve expressed in basis points.\n /// Internal since this is n/a to all derivative contracts.\n uint internal __revenueCommitmentBasisPoints;\n\n /// @notice The current state of the contract.\n /// @dev See the constants above for possible state values.\n uint public state;\n\n /// @dev If this value changes we need to reconstruct the DOMAIN_SEPARATOR\n string public constant version = \"3\";\n // --- EIP712 niceties ---\n // Original source: https://etherscan.io/address/0x6b175474e89094c44da98b954eedeac495271d0f#code\\n mapping (address => uint) public nonces;\n bytes32 public DOMAIN_SEPARATOR;\n // keccak256(\"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)\");\n bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;\n\n // The success fee (expressed in currency) that will be earned by setupFeeRecipient as soon as initGoal\n // is reached. We must have setup_fee <= buy_slopeinit_goal^(2)/2\n uint public setupFee;\n\n // The recipient of the setup_fee once init_goal is reached\n address payable public setupFeeRecipient;\n\n /// @notice The minimum time before which the c-org contract cannot be closed once the contract has\n /// reached therunstate.\n /// @dev When updated, the new value ofminimum_durationcannot be earlier than the previous value.\n uint public minDuration;\n\n /// @dev Initialized at0and updated when the contract switches frominitstate torunstate\n /// or when the initial trial period ends.\n uint public __startedOn;\n\n /// @notice The max possible value\n uint internal constant MAX_UINT = 2256 - 1;\n\n // keccak256(\"PermitBuy(address from,address to,uint256 currencyValue,uint256 minTokensBought,uint256 nonce,uint256 deadline)\");\n bytes32 public constant PERMIT_BUY_TYPEHASH = 0xaf42a244b3020d6a2253d9f291b4d3e82240da42b22129a8113a58aa7a3ddb6a;\n\n // keccak256(\"PermitSell(address from,address to,uint256 quantityToSell,uint256 minCurrencyReturned,uint256 nonce,uint256 deadline)\");\n bytes32 public constant PERMIT_SELL_TYPEHASH = 0x5dfdc7fb4c68a4c249de5e08597626b84fbbe7bfef4ed3500f58003e722cc548;\n\n modifier authorizeTransfer(\n address _from,\n address _to,\n uint _value,\n bool _isSell\n )\n {\n if(address(whitelist) != address(0))\n {\n // This is not set for the minting of initialReserve\n whitelist.authorizeTransfer(_from, _to, _value, _isSell);\n }\n _;\n }\n\n /\n * Buyback reserve\n */\n\n /// @notice The total amount of currency value currently locked in the contract and available to sellers.\n function buybackReserve() public view returns (uint)\n {\n uint reserve = address(this).balance;\n if(address(currency) != address(0))\n {\n reserve = currency.balanceOf(address(this));\n }\n\n if(reserve > MAX_BEFORE_SQUARE)\n {\n /// Math: If the reserve becomes excessive, cap the value to prevent overflowing in other formulas\n return MAX_BEFORE_SQUARE;\n }\n\n return reserve;\n }\n\n /\n * Functions required by the ERC-20 token standard\n /\n\n /// @dev Moves tokens from one account to another if authorized.\n function _transfer(\n address _from,\n address _to,\n uint _amount\n ) internal\n authorizeTransfer(_from, _to, _amount, false)\n {\n require(state != STATE_INIT || _from == beneficiary, \"ONLY_BENEFICIARY_DURING_INIT\");\n super._transfer(_from, _to, _amount);\n }\n\n /// @dev Removes tokens from the circulating supply.\n function _burn(\n address _from,\n uint _amount,\n bool _isSell\n ) internal\n authorizeTransfer(_from, address(0), _amount, _isSell)\n {\n super._burn(_from, _amount);\n\n if(!_isSell)\n {\n // This is a burn\n require(state == STATE_RUN, \"INVALID_STATE\");\n // SafeMath not required as we cap how high this value may get during mint\n burnedSupply += _amount;\n emit Burn(_from, _amount);\n }\n }\n\n /// @notice Called to mint tokens onbuy.\n function _mint(\n address _to,\n \n uint _quantity\n ) internal\n authorizeTransfer(address(0), _to, _quantity, false)\n {\n super._mint(_to, _quantity);\n\n // Math: If this value got too large, the DAT may overflow on sell\n require(totalSupply().add(burnedSupply) <= MAX_SUPPLY, \"EXCESSIVE_SUPPLY\");\n }\n\n /\n * Transaction Helpers\n */\n\n /// @notice Confirms the transfer of_quantityToInvestcurrency to the contract.\n function _collectInvestment(\n address payable _from,\n uint _quantityToInvest,\n uint _msgValue,\n bool _refundRemainder\n ) internal\n {\n if(address(currency) == address(0))\n {\n // currency is ETH\n if(_refundRemainder)\n {\n // Math: if _msgValue was not sufficient then revert\n uint refund = _msgValue.sub(_quantityToInvest);\n if(refund > 0)\n {\n Address.sendValue(msg.sender, refund);\n }\n }\n else\n {\n require(_quantityToInvest == _msgValue, \"INCORRECT_MSG_VALUE\");\n }\n }\n else\n {\n // currency is ERC20\n require(_msgValue == 0, \"DO_NOT_SEND_ETH\");\n\n currency.safeTransferFrom(_from, address(this), _quantityToInvest);\n }\n }\n\n /// @dev Send_amountcurrency from the contract to the_toaccount.\n function _transferCurrency(\n address payable _to,\n uint _amount\n ) internal\n {\n if(_amount > 0)\n {\n if(address(currency) == address(0))\n {\n Address.sendValue(_to, _amount);\n }\n else\n {\n currency.safeTransfer(_to, _amount);\n }\n }\n }\n\n /\n * Config / Control\n /\n\n /// @notice Called once after deploy to set the initial configuration.\n /// None of the values provided here may change once initially set.\n /// @dev using the init pattern in order to support zos upgrades\n function _initialize(\n uint _initReserve,\n address _currencyAddress,\n uint _initGoal,\n uint _buySlopeNum,\n uint _buySlopeDen,\n uint _setupFee,\n address payable _setupFeeRecipient,\n string memory _name,\n string memory _symbol\n ) internal\n {\n // The ERC-20 implementation will confirm initialize is only run once\n ERC20Detailed.initialize(_name, _symbol, 18);\n\n require(_buySlopeNum > 0, \"INVALID_SLOPE_NUM\");\n require(_buySlopeDen > 0, \"INVALID_SLOPE_DEN\");\n require(_buySlopeNum < MAX_BEFORE_SQUARE, \"EXCESSIVE_SLOPE_NUM\");\n require(_buySlopeDen < MAX_BEFORE_SQUARE, \"EXCESSIVE_SLOPE_DEN\");\n buySlopeNum = _buySlopeNum;\n buySlopeDen = _buySlopeDen;\n\n // Setup Fee\n require(_setupFee == 0 || _setupFeeRecipient != address(0), \"MISSING_SETUP_FEE_RECIPIENT\");\n require(_setupFeeRecipient == address(0) || _setupFee != 0, \"MISSING_SETUP_FEE\");\n // setup_fee <= (n/d)(g^2)/2\n uint initGoalInCurrency = _initGoal * _initGoal;\n initGoalInCurrency = initGoalInCurrency.mul(_buySlopeNum);\n initGoalInCurrency /= 2 * _buySlopeDen;\n require(_setupFee <= initGoalInCurrency, \"EXCESSIVE_SETUP_FEE\");\n setupFee = _setupFee;\n setupFeeRecipient = _setupFeeRecipient;\n\n // Set default values (which may be updated usingupdateConfig)\n uint decimals = 18;\n if(_currencyAddress != address(0))\n {\n decimals = IERC20Detailed(_currencyAddress).decimals();\n }\n minInvestment = 100 * (10 ** decimals);\n beneficiary = msg.sender;\n control = msg.sender;\n feeCollector = msg.sender;\n\n // Save currency\n currency = IERC20(_currencyAddress);\n\n // Mint the initial reserve\n if(_initReserve > 0)\n {\n initReserve = _initReserve;\n _mint(beneficiary, initReserve);\n }\n\n initializeDomainSeparator();\n }\n\n /// @notice Used to initialize the domain separator used in meta-transactions\n /// @dev This is separate frominitializeto allow upgraded contracts to update the version\n /// There is no harm in calling this multiple times / no permissions required\n function initializeDomainSeparator() public\n {\n uint id;\n // solium-disable-next-line\n assembly\n {\n id := chainid()\n }\n DOMAIN_SEPARATOR = keccak256(\n abi.encode(\n keccak256(\"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\"),\n keccak256(bytes(name())),\n keccak256(bytes(version)),\n id,\n address(this)\n )\n );\n }\n\n function _updateConfig(\n address _whitelistAddress,\n address payable _beneficiary,\n address _control,\n address payable _feeCollector,\n uint _feeBasisPoints,\n uint _minInvestment,\n uint _minDuration\n ) internal\n {\n // This require(also confirms that initialize has been called.\n require(msg.sender == control, \"CONTROL_ONLY\");\n\n // address(0) is okay\n whitelist = IWhitelist(_whitelistAddress);\n\n require(_control != address(0), \"INVALID_ADDRESS\");\n control = _control;\n\n require(_feeCollector != address(0), \"INVALID_ADDRESS\");\n feeCollector = _feeCollector;\n\n require(_feeBasisPoints <= BASIS_POINTS_DEN, \"INVALID_FEE\");\n feeBasisPoints = _feeBasisPoints;\n\n require(_minInvestment > 0, \"INVALID_MIN_INVESTMENT\");\n minInvestment = _minInvestment;\n\n require(_minDuration >= minDuration, \"MIN_DURATION_MAY_NOT_BE_REDUCED\");\n minDuration = _minDuration;\n\n if(beneficiary != _beneficiary)\n {\n require(_beneficiary != address(0), \"INVALID_ADDRESS\");\n uint tokens = balanceOf(beneficiary);\n initInvestors[_beneficiary] = initInvestors[_beneficiary].add(initInvestors[beneficiary]);\n initInvestors[beneficiary] = 0;\n if(tokens > 0)\n {\n _transfer(beneficiary, _beneficiary, tokens);\n }\n beneficiary = _beneficiary;\n }\n }\n\n /**\n * Functions for our business logic\n /\n\n /// @notice Burn the amount of tokens from the address msg.sender if authorized.\n /// @dev Note that this is not the same as asellvia the DAT.\n function burn(\n uint _amount\n ) public\n {\n _burn(msg.sender, _amount, false);\n }\n\n /// @notice Burn the amount of tokens from the given address if approved.\n function burnFrom(\n address _from,\n uint _amount\n ) public\n {\n _approve(_from, msg.sender, allowance(_from, msg.sender).sub(_amount, \"ERC20: burn amount exceeds allowance\"));\n _burn(_from, _amount, false);\n }\n\n // Buy\n\n /// @dev Distributes _value currency between the buybackReserve, beneficiary, and feeCollector.\n function _distributeInvestment(uint _value) internal;\n\n /// @notice Calculate how many FAIR tokens you would buy with the given amount of currency ifbuywas called now.\n /// @param _currencyValue How much currency to spend in order to buy FAIR.\n function estimateBuyValue(\n uint _currencyValue\n ) public view\n returns (uint)\n {\n if(_currencyValue < minInvestment)\n {\n return 0;\n }\n\n /// Calculate the tokenValue for this investment\n uint tokenValue;\n if(state == STATE_INIT)\n {\n uint currencyValue = _currencyValue;\n uint _totalSupply = totalSupply();\n // (buy_slopeinit_goal)(init_goal+init_reserve-total_supply)\n // n/d: buy_slope (MAX_BEFORE_SQUARE / MAX_BEFORE_SQUARE)\n // g: init_goal (MAX_BEFORE_SQUARE)\n // t: total_supply (MAX_BEFORE_SQUARE)\n // r: init_reserve (MAX_BEFORE_SQUARE)\n // source: ((n/d)g)(g+r-t)\n // impl: (g n (g + r - t))/(d)\n uint max = BigDiv.bigDiv2x1(\n initGoal * buySlopeNum,\n initGoal + initReserve - _totalSupply,\n buySlopeDen\n );\n if(currencyValue > max)\n {\n currencyValue = max;\n }\n // Math: worst case\n // MAX * MAX_BEFORE_SQUARE\n // / MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE\n tokenValue = BigDiv.bigDiv2x1(\n currencyValue,\n buySlopeDen,\n initGoal * buySlopeNum\n );\n\n if(currencyValue != _currencyValue)\n {\n currencyValue = _currencyValue - max;\n // ((2next_amount/buy_slope)+init_goal^2)^(1/2)-init_goal\n // a: next_amount | currencyValue\n // n/d: buy_slope (MAX_BEFORE_SQUARE / MAX_BEFORE_SQUARE)\n // g: init_goal (MAX_BEFORE_SQUARE/2)\n // r: init_reserve (MAX_BEFORE_SQUARE/2)\n // sqrt(((2a/(n/d))+g^2)-g\n // sqrt((2 d a + n g^2)/n) - g\n\n // currencyValue == 2 d a\n uint temp = 2 * buySlopeDen;\n currencyValue = temp.mul(currencyValue);\n\n // temp == g^2\n temp = initGoal;\n temp = temp;\n\n // temp == n g^2\n temp = temp.mul(buySlopeNum);\n\n // temp == (2 d a) + n g^2\n temp = currencyValue.add(temp);\n\n // temp == (2 d a + n g^2)/n\n temp /= buySlopeNum;\n\n // temp == sqrt((2 d a + n g^2)/n)\n temp = temp.sqrt();\n\n // temp == sqrt((2 d a + n g^2)/n) - g\n temp -= initGoal;\n\n tokenValue = tokenValue.add(temp);\n }\n }\n else if(state == STATE_RUN)\n {\n // initReserve is reduced on sell as necessary to ensure that this line will not overflow\n uint supply = totalSupply() + burnedSupply - initReserve;\n // Math: worst case\n // MAX * 2 * MAX_BEFORE_SQUARE\n // / MAX_BEFORE_SQUARE\n tokenValue = BigDiv.bigDiv2x1(\n _currencyValue,\n 2 * buySlopeDen,\n buySlopeNum\n );\n\n // Math: worst case MAX + (MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE)\n tokenValue = tokenValue.add(supply * supply);\n tokenValue = tokenValue.sqrt();\n\n // Math: small chance of underflow due to possible rounding in sqrt\n tokenValue = tokenValue.sub(supply);\n }\n else\n {\n // invalid state\n return 0;\n }\n\n return tokenValue;\n }\n\n function _buy(\n address payable _from,\n address _to,\n uint _currencyValue,\n uint _minTokensBought\n ) internal\n {\n require(_to != address(0), \"INVALID_ADDRESS\");\n require(_minTokensBought > 0, \"MUST_BUY_AT_LEAST_1\");\n\n // Calculate the tokenValue for this investment\n uint tokenValue = estimateBuyValue(_currencyValue);\n require(tokenValue >= _minTokensBought, \"PRICE_SLIPPAGE\");\n\n emit Buy(_from, _to, _currencyValue, tokenValue);\n\n _collectInvestment(_from, _currencyValue, msg.value, false);\n\n // Update state, initInvestors, and distribute the investment when appropriate\n if(state == STATE_INIT)\n {\n // Math worst case: MAX_BEFORE_SQUARE\n initInvestors[_to] += tokenValue;\n // Math worst case:\n // MAX_BEFORE_SQUARE + MAX_BEFORE_SQUARE\n if(totalSupply() + tokenValue - initReserve >= initGoal)\n {\n emit StateChange(state, STATE_RUN);\n state = STATE_RUN;\n __startedOn = block.timestamp;\n\n // Math worst case:\n // MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE/2\n // / MAX_BEFORE_SQUARE\n uint beneficiaryContribution = BigDiv.bigDiv2x1(\n initInvestors[beneficiary],\n buySlopeNum * initGoal,\n buySlopeDen\n );\n\n if(setupFee > 0)\n {\n _transferCurrency(setupFeeRecipient, setupFee);\n if(beneficiaryContribution > setupFee)\n {\n beneficiaryContribution -= setupFee;\n }\n else\n {\n beneficiaryContribution = 0;\n }\n }\n\n _distributeInvestment(buybackReserve().sub(beneficiaryContribution));\n }\n }\n else // implied: if(state == STATE_RUN)\n {\n if(_to != beneficiary)\n {\n _distributeInvestment(_currencyValue);\n }\n }\n\n _mint(_to, tokenValue);\n }\n\n /// @notice Purchase FAIR tokens with the given amount of currency.\n /// @param _to The account to receive the FAIR tokens from this purchase.\n /// @param _currencyValue How much currency to spend in order to buy FAIR.\n /// @param _minTokensBought Buy at least this many FAIR tokens or the transaction reverts.\n /// @dev _minTokensBought is necessary as the price will change if some elses transaction mines after\n /// yours was submitted.\n function buy(\n address _to,\n uint _currencyValue,\n uint _minTokensBought\n ) public payable\n {\n _buy(msg.sender, _to, _currencyValue, _minTokensBought);\n }\n\n /// @notice Allow users to sign a message authorizing a buy\n function permitBuy(\n address payable _from,\n address _to,\n uint _currencyValue,\n uint _minTokensBought,\n uint _deadline,\n uint8 _v,\n bytes32 _r,\n bytes32 _s\n ) external\n {\n require(_deadline >= block.timestamp, \"EXPIRED\");\n bytes32 digest = keccak256(abi.encode(PERMIT_BUY_TYPEHASH, _from, _to, _currencyValue, _minTokensBought, nonces[_from]++, _deadline));\n digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR,\n digest\n )\n );\n address recoveredAddress = ecrecover(digest, _v, _r, _s);\n require(recoveredAddress != address(0) && recoveredAddress == _from, \"INVALID_SIGNATURE\");\n _buy(_from, _to, _currencyValue, _minTokensBought);\n }\n\n /// Sell\n\n function estimateSellValue(\n uint _quantityToSell\n ) public view\n returns(uint)\n {\n uint reserve = buybackReserve();\n\n // Calculate currencyValue for this sale\n uint currencyValue;\n if(state == STATE_RUN)\n {\n uint supply = totalSupply() + burnedSupply;\n\n // buyback_reserve = r\n // total_supply = t\n // burnt_supply = b\n // amount = a\n // source: (t+b)a(2r)/((t+b)^2)-(((2r)/((t+b)^2)a^2)/2)+((2r)/((t+b)^2)ab^2)/(2(t))\n // imp: (a b^2 r)/(t (b + t)^2) + (2 a r)/(b + t) - (a^2 r)/(b + t)^2\n\n // Math: burnedSupply is capped in FAIR such that the square will never overflow\n // Math worst case:\n // MAX * MAX_BEFORE_SQUARE * MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2\n // / MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2\n currencyValue = BigDiv.bigDiv2x2(\n _quantityToSell.mul(reserve),\n burnedSupply * burnedSupply,\n totalSupply(), supply * supply\n );\n // Math: worst case currencyValue is MAX_BEFORE_SQUARE (max reserve, 1 supply)\n\n // Math worst case:\n // MAX * 2 * MAX_BEFORE_SQUARE\n uint temp = _quantityToSell.mul(2 * reserve);\n temp /= supply;\n // Math: worst-case temp is MAX_BEFORE_SQUARE (max reserve, 1 supply)\n\n // Math: considering the worst-case for currencyValue and temp, this can never overflow\n currencyValue += temp;\n\n // Math: worst case\n // MAX * MAX * MAX_BEFORE_SQUARE\n // / MAX_BEFORE_SQUARE/2 * MAX_BEFORE_SQUARE/2\n temp = BigDiv.bigDiv2x1RoundUp(\n _quantityToSell.mul(_quantityToSell),\n reserve,\n supply * supply\n );\n if(currencyValue > temp)\n {\n currencyValue -= temp;\n }\n else\n {\n currencyValue = 0;\n }\n }\n else if(state == STATE_CLOSE)\n {\n // Math worst case\n // MAX * MAX_BEFORE_SQUARE\n currencyValue = _quantityToSell.mul(reserve);\n currencyValue /= totalSupply();\n }\n else\n {\n // STATE_INIT or STATE_CANCEL\n // Math worst case:\n // MAX * MAX_BEFORE_SQUARE\n currencyValue = _quantityToSell.mul(reserve);\n // Math: FAIR blocks initReserve from being burned unless we reach the RUN state which prevents an underflow\n currencyValue /= totalSupply() - initReserve;\n }\n\n return currencyValue;\n }\n\n function _sell(\n address _from,\n address payable _to,\n uint _quantityToSell,\n uint _minCurrencyReturned\n ) internal\n {\n require(_from != beneficiary || state >= STATE_CLOSE, \"BENEFICIARY_ONLY_SELL_IN_CLOSE_OR_CANCEL\");\n require(_minCurrencyReturned > 0, \"MUST_SELL_AT_LEAST_1\");\n\n uint currencyValue = estimateSellValue(_quantityToSell);\n require(currencyValue >= _minCurrencyReturned, \"PRICE_SLIPPAGE\");\n\n if(state == STATE_INIT || state == STATE_CANCEL)\n {\n initInvestors[_from] = initInvestors[_from].sub(_quantityToSell);\n }\n\n _burn(_from, _quantityToSell, true);\n uint supply = totalSupply() + burnedSupply;\n if(supply < initReserve)\n {\n initReserve = supply;\n }\n\n _transferCurrency(_to, currencyValue);\n emit Sell(_from, _to, currencyValue, _quantityToSell);\n }\n\n /// @notice Sell FAIR tokens for at least the given amount of currency.\n /// @param _to The account to receive the currency from this sale.\n /// @param _quantityToSell How many FAIR tokens to sell for currency value.\n /// @param _minCurrencyReturned Get at least this many currency tokens or the transaction reverts.\n /// @dev _minCurrencyReturned is necessary as the price will change if some elses transaction mines after\n /// yours was submitted.\n function sell(\n address payable _to,\n uint _quantityToSell,\n uint _minCurrencyReturned\n ) public\n {\n _sell(msg.sender, _to, _quantityToSell, _minCurrencyReturned);\n }\n\n /// @notice Allow users to sign a message authorizing a sell\n function permitSell(\n address _from,\n address payable _to,\n uint _quantityToSell,\n uint _minCurrencyReturned,\n uint _deadline,\n uint8 _v,\n bytes32 _r,\n bytes32 _s\n ) external\n {\n require(_deadline >= block.timestamp, \"EXPIRED\");\n bytes32 digest = keccak256(abi.encode(PERMIT_SELL_TYPEHASH, _from, _to, _quantityToSell, _minCurrencyReturned, nonces[_from]++, _deadline));\n digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR,\n digest\n )\n );\n address recoveredAddress = ecrecover(digest, _v, _r, _s);\n require(recoveredAddress != address(0) && recoveredAddress == _from, \"INVALID_SIGNATURE\");\n _sell(_from, _to, _quantityToSell, _minCurrencyReturned);\n }\n\n /// Close\n\n /// @notice Called by the beneficiary account to STATE_CLOSE or STATE_CANCEL the c-org,\n /// preventing any more tokens from being minted.\n /// @dev Requires anexitFeeto be paid. If the currency is ETH, include a little more than\n /// what appears to be required and any remainder will be returned to your account. This is\n /// because another user may have a transaction mined which changes the exitFee required.\n /// For othercurrencytypes, the beneficiary account will be billed the exact amount required.\n function _close() internal\n {\n require(msg.sender == beneficiary, \"BENEFICIARY_ONLY\");\n\n if(state == STATE_INIT)\n {\n // Allow the org to cancel anytime if the initGoal was not reached.\n emit StateChange(state, STATE_CANCEL);\n state = STATE_CANCEL;\n }\n else if(state == STATE_RUN)\n {\n // Collect the exitFee and close the c-org.\n require(MAX_UINT - minDuration > __startedOn, \"MAY_NOT_CLOSE\");\n require(minDuration + __startedOn <= block.timestamp, \"TOO_EARLY\");\n\n emit StateChange(state, STATE_CLOSE);\n state = STATE_CLOSE;\n }\n else\n {\n revert(\"INVALID_STATE\");\n }\n }\n\n // --- Approve by signature ---\n // EIP-2612\n // Original source: https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/UniswapV2ERC20.sol\\n function permit(\n address owner,\n address spender,\n uint value,\n uint deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external\n {\n require(deadline >= block.timestamp, \"EXPIRED\");\n bytes32 digest = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline));\n digest = keccak256(\n abi.encodePacked(\n \"\\x19\\x01\",\n DOMAIN_SEPARATOR,\n digest\n )\n );\n address recoveredAddress = ecrecover(digest, v, r, s);\n require(recoveredAddress != address(0) && recoveredAddress == owner, \"INVALID_SIGNATURE\");\n _approve(owner, spender, value);\n }\n\n uint256[50] private __gap;\n}\n"},"@openzeppelin/upgrades/contracts/Initializable.sol":{"content":"pragma solidity >=0.4.24 <0.7.0;\n\n\n/\n * @title Initializable\n *\n * @dev Helper contract to support initializer functions. To use it, replace\n * the constructor with a function that has theinitializermodifier.\n * WARNING: Unlike constructors, initializer functions must be manually\n * invoked. This applies both to deploying an Initializable contract, as well\n * as extending an Initializable contract via inheritance.\n * WARNING: When used with inheritance, manual care must be taken to not invoke\n * a parent initializer twice, or ensure that all initializers are idempotent,\n * because this is not dealt with automatically as with constructors.\n */\ncontract Initializable {\n\n /\n * @dev Indicates that the contract has been initialized.\n */\n bool private initialized;\n\n /\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private initializing;\n\n /\n * @dev Modifier to use in the initializer function of a contract.\n */\n modifier initializer() {\n require(initializing || isConstructor() || !initialized, \"Contract instance has already been initialized\");\n\n bool isTopLevelCall = !initializing;\n if (isTopLevelCall) {\n initializing = true;\n initialized = true;\n }\n\n _;\n\n if (isTopLevelCall) {\n initializing = false;\n }\n }\n\n /// @dev Returns true if and only if the function is running in the constructor\n function isConstructor() private view returns (bool) {\n // extcodesize checks the size of the code stored in an address, and\n // address returns the current address. Since the code is still not\n // deployed when running a constructor, any checks on its code size will\n // yield zero, making it an effective way to detect if a contract is\n // under construction or not.\n address self = address(this);\n uint256 cs;\n assembly { cs := extcodesize(self) }\n return cs == 0;\n }\n\n // Reserved storage space to allow for layout changes in the future.\n uint256[50] private ______gap;\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/utils/Address.sol":{"content":"pragma solidity ^0.5.5;\n\n/\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /\n * @dev Returns true ifaccountis a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others,isContractwill return false for the following \n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // According to EIP-1052, 0x0 is the value returned for not-yet created accounts\n // and 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 is returned\n // for accounts without code, i.e.keccak256('')\n bytes32 codehash;\n bytes32 accountHash = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470;\n // solhint-disable-next-line no-inline-assembly\n assembly { codehash := extcodehash(account) }\n return (codehash != accountHash && codehash != 0x0);\n }\n\n /\n * @dev Converts anaddressintoaddress payable. Note that this is\n * simply a type cast: the actual underlying value is not changed.\n *\n * Available since v2.4.0.\n */\n function toPayable(address account) internal pure returns (address payable) {\n return address(uint160(account));\n }\n\n /\n * @dev Replacement for Solidity'stransfer: sendsamountwei to\n *recipient, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed bytransfer, making them unable to receive funds via\n *transfer. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred torecipient, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n *\n * Available since v2.4.0.\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-call-value\n (bool success, ) = recipient.call.value(amount)(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/SafeERC20.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"./IERC20.sol\";\nimport \"../../math/SafeMath.sol\";\nimport \"../../utils/Address.sol\";\n\n/\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add ausing SafeERC20 for ERC20;statement to your contract,\n * which allows you to call the safe operations astoken.safeTransfer(...), etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves.\n\n // A Solidity high level call has three parts:\n // 1. The target address is checked to verify it contains contract code\n // 2. The call itself is made, and success asserted\n // 3. The return value is decoded, which in turn checks the size of the returned data.\n // solhint-disable-next-line max-line-length\n require(address(token).isContract(), \"SafeERC20: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = address(token).call(data);\n require(success, \"SafeERC20: low-level call failed\");\n\n if (returndata.length > 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/IERC20.sol":{"content":"pragma solidity ^0.5.0;\n\n/\n * @dev Interface of the ERC20 standard as defined in the EIP. Does not include\n * the optional functions; to access them see {ERC20Detailed}.\n */\ninterface IERC20 {\n /\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /\n * @dev Returns the amount of tokens owned byaccount.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /\n * @dev Movesamounttokens from the caller's account torecipient.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /\n * @dev Returns the remaining number of tokens thatspenderwill be\n * allowed to spend on behalf ofownerthrough {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /\n * @dev Setsamountas the allowance ofspenderover the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /\n * @dev Movesamounttokens fromsendertorecipientusing the\n * allowance mechanism.amountis then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /\n * @dev Emitted whenvaluetokens are moved from one account (from) to\n * another (to).\n *\n * Note thatvaluemay be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /\n * @dev Emitted when the allowance of aspenderfor anowneris set by\n * a call to {approve}.valueis the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20Detailed.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/upgrades/contracts/Initializable.sol\";\nimport \"./IERC20.sol\";\n\n/\n * @dev Optional functions from the ERC20 standard.\n */\ncontract ERC20Detailed is Initializable, IERC20 {\n string private _name;\n string private _symbol;\n uint8 private _decimals;\n\n /\n * @dev Sets the values forname,symbol, anddecimals. All three of\n * these values are immutable: they can only be set once during\n * construction.\n */\n function initialize(string memory name, string memory symbol, uint8 decimals) public initializer {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\n\n /\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\n\n /\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n /\n * @dev Returns the number of decimals used to get its user representation.\n * For example, ifdecimalsequals2, a balance of505tokens should\n * be displayed to a user as5,05(505 / 10 ** 2).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * NOTE: This information is only used for display purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * {IERC20-balanceOf} and {IERC20-transfer}.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\n\n uint256[50] private ______gap;\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/ERC20.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/upgrades/contracts/Initializable.sol\";\n\nimport \"../../GSN/Context.sol\";\nimport \"./IERC20.sol\";\nimport \"../../math/SafeMath.sol\";\n\n/\n * @dev Implementation of the {IERC20} interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using {_mint}.\n * For a generic mechanism see {ERC20Mintable}.\n *\n * TIP: For a detailed writeup see our guide\n * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How\\n * to implement supply mechanisms].\n *\n * We have followed general OpenZeppelin guidelines: functions revert instead\n * of returningfalseon failure. This behavior is nonetheless conventional\n * and does not conflict with the expectations of ERC20 applications.\n *\n * Additionally, an {Approval} event is emitted on calls to {transferFrom}.\n * This allows applications to reconstruct the allowance for all accounts just\n * by listening to said events. Other implementations of the EIP may not emit\n * these events, as it isn't required by the specification.\n *\n * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}\n * functions have been added to mitigate the well-known issues around setting\n * allowances. See {IERC20-approve}.\n */\ncontract ERC20 is Initializable, Context, IERC20 {\n using SafeMath for uint256;\n\n mapping (address => uint256) private _balances;\n\n mapping (address => mapping (address => uint256)) private _allowances;\n\n uint256 private _totalSupply;\n\n /\n * @dev See {IERC20-totalSupply}.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\n\n /\n * @dev See {IERC20-balanceOf}.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\n\n /\n * @dev See {IERC20-transfer}.\n *\n * Requirements:\n *\n * -recipientcannot be the zero address.\n * - the caller must have a balance of at leastamount.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(_msgSender(), recipient, amount);\n return true;\n }\n\n /\n * @dev See {IERC20-allowance}.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\n\n /\n * @dev See {IERC20-approve}.\n *\n * Requirements:\n *\n * -spendercannot be the zero address.\n */\n function approve(address spender, uint256 amount) public returns (bool) {\n _approve(_msgSender(), spender, amount);\n return true;\n }\n\n /\n * @dev See {IERC20-transferFrom}.\n *\n * Emits an {Approval} event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of {ERC20};\n *\n * Requirements:\n * -senderandrecipientcannot be the zero address.\n * -sendermust have a balance of at leastamount.\n * - the caller must have allowance forsender's tokens of at least\n *amount.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, \"ERC20: transfer amount exceeds allowance\"));\n return true;\n }\n\n /\n * @dev Atomically increases the allowance granted tospenderby the caller.\n *\n * This is an alternative to {approve} that can be used as a mitigation for\n * problems described in {IERC20-approve}.\n *\n * Emits an {Approval} event indicating the updated allowance.\n *\n * Requirements:\n *\n * -spendercannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue));\n return true;\n }\n\n /\n * @dev Atomically decreases the allowance granted tospenderby the caller.\n *\n * This is an alternative to {approve} that can be used as a mitigation for\n * problems described in {IERC20-approve}.\n *\n * Emits an {Approval} event indicating the updated allowance.\n *\n * Requirements:\n *\n * -spendercannot be the zero address.\n * -spendermust have allowance for the caller of at least\n *subtractedValue.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, \"ERC20: decreased allowance below zero\"));\n return true;\n }\n\n /\n * @dev Moves tokensamountfromsendertorecipient.\n *\n * This is internal function is equivalent to {transfer}, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a {Transfer} event.\n *\n * Requirements:\n \n * -sendercannot be the zero address.\n * -recipientcannot be the zero address.\n * -sendermust have a balance of at leastamount.\n /\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount, \"ERC20: transfer amount exceeds balance\");\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\n\n / @dev Createsamounttokens and assigns them toaccount, increasing\n * the total supply.\n *\n * Emits a {Transfer} event withfromset to the zero address.\n *\n * Requirements\n *\n * -tocannot be the zero address.\n */\n function _mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\n\n /\n * @dev Destroysamounttokens fromaccount, reducing the\n * total supply.\n *\n * Emits a {Transfer} event withtoset to the zero address.\n *\n * Requirements\n *\n * -accountcannot be the zero address.\n * -accountmust have at leastamounttokens.\n */\n function _burn(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _balances[account] = _balances[account].sub(amount, \"ERC20: burn amount exceeds balance\");\n _totalSupply = _totalSupply.sub(amount);\n emit Transfer(account, address(0), amount);\n }\n\n /\n * @dev Setsamountas the allowance ofspenderover theowners tokens.\n *\n * This is internal function is equivalent toapprove, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * -ownercannot be the zero address.\n * -spendercannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 amount) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = amount;\n emit Approval(owner, spender, amount);\n }\n\n /\n * @dev Destroysamounttokens fromaccount.amountis then deducted\n * from the caller's allowance.\n *\n * See {_burn} and {_approve}.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, _msgSender(), _allowances[account][_msgSender()].sub(amount, \"ERC20: burn amount exceeds allowance\"));\n }\n\n uint256[50] private ______gap;\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/math/SafeMath.sol":{"content":"pragma solidity ^0.5.0;\n\n/\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n *SafeMathrestores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's+operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's-operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n return sub(a, b, \"SafeMath: subtraction overflow\");\n }\n\n /\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's-operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n *\n * Available since v2.4.0.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b <= a, errorMessage);\n uint256 c = a - b;\n\n return c;\n }\n\n /\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's*operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's/operator. Note: this function uses a\n *revertopcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n return div(a, b, \"SafeMath: division by zero\");\n }\n\n /\n * @dev Returns the integer division of two unsigned integers. Reverts with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's/operator. Note: this function uses a\n *revertopcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * Available since v2.4.0.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, errorMessage);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's%operator. This function uses arevert\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n return mod(a, b, \"SafeMath: modulo by zero\");\n }\n\n /\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts with custom message when dividing by zero.\n *\n * Counterpart to Solidity's%operator. This function uses arevert\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * Available since v2.4.0.\n /\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b != 0, errorMessage);\n return a % b;\n }\n}\n"},"@openzeppelin/contracts-ethereum-package/contracts/GSN/Context.sol":{"content":"pragma solidity ^0.5.0;\n\nimport \"@openzeppelin/upgrades/contracts/Initializable.sol\";\n\n/\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\ncontract Context is Initializable {\n // Empty internal constructor, to prevent people from mistakenly deploying\n // an instance of this contract, which should be used via inheritance.\n constructor () internal { }\n // solhint-disable-previous-line no-empty-blocks\n\n function _msgSender() internal view returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\\n return msg.data;\n }\n}\n"}},"settings":{"remappings":[],"optimizer":{"enabled":true,"runs":200},"evmVersion":"istanbul","libraries":{}}}","codeformat": "solidity-standard-json-input",
"contractname": "/contracts/DecentralizedAutonomousTrust.sol:DecentralizedAutonomousTrust",
"compilerversion": "v0.5.17+commit.d19bba13",
"constructorArguements": ""
}
Checking status of verification request ny2t6szgxxtmydmyam3bbsqgewy1qs62ulsfejg1n4nczuvagn
Fail - Unable to verify
Failed to verify 1 contract(s): DecentralizedAutonomousTrust@0xfa1B723C90927650b142a2c4a12644321C168d03
The text was updated successfully, but these errors were encountered: