diff --git a/README.md b/README.md index 4ef3b8096..19c9cdbfc 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,152 @@ Interested in contributing to Zeppelin? among others... ## Contracts -TODO + +### Ownable +Base contract with an owner. + +#### Ownable( ) +Sets the address of the creator of the contract as the owner. + +#### modifier onlyOwner( ) +Prevents function from running if it is called by anyone other than the owner. + +#### transfer(address newOwner) onlyOwner +Transfers ownership of the contract to the passed address. + +--- +### Stoppable +Base contract that provides an emergency stop mechanism. + +Inherits from contract Ownable. + +#### emergencyStop( ) external onlyOwner +Triggers the stop mechanism on the contract. After this function is called (by the owner of the contract), any function with modifier stopInEmergency will not run. + +#### modifier stopInEmergency +Prevents function from running if stop mechanism is activated. + +#### modifier onlyInEmergency +Only runs if stop mechanism is activated. + +#### release( ) external onlyOwner onlyInEmergency +Deactivates the stop mechanism. + +--- +### Killable +Base contract that can be killed by owner. + +Inherits from contract Ownable. + +#### kill( ) onlyOwner +Destroys the contract and sends funds back to the owner. +___ +### Claimable +Extension for the Ownable contract, where the ownership needs to be claimed + +#### transfer(address newOwner) onlyOwner +Sets the passed address as the pending owner. + +#### modifier onlyPendingOwner +Function only runs if called by pending owner. + +#### claimOwnership( ) onlyPendingOwner +Completes transfer of ownership by setting pending owner as the new owner. +___ +### Migrations +Base contract that allows for a new instance of itself to be created at a different address. + +Inherits from contract Ownable. + +#### upgrade(address new_address) onlyOwner +Creates a new instance of the contract at the passed address. + +#### setCompleted(uint completed) onlyOwner +Sets the last time that a migration was completed. + +___ +### SafeMath +Provides functions of mathematical operations with safety checks. + +#### assert(bool assertion) internal +Throws an error if the passed result is false. Used in this contract by checking mathematical expressions. + +#### safeMul(uint a, uint b) internal returns (uint) +Multiplies two unisgned integers. Asserts that dividing the product by the non-zero multiplicand results in the multiplier. + +#### safeSub(uint a, unit b) internal returns (uint) +Checks that b is not greater than a before subtracting. + +#### safeAdd(unit a, unit b) internal returns (uint) +Checks that the result is greater than both a and b. + +___ +### LimitBalance + +Base contract that provides mechanism for limiting the amount of funds a contract can hold. + +#### LimitBalance(unit _limit) +Constructor takes an unisgned integer and sets it as the limit of funds this contract can hold. + +#### modifier limitedPayable() +Throws an error if this contract's balance is already above the limit. + +___ +### PullPayment +Base contract supporting async send for pull payments. +Inherit from this contract and use asyncSend instead of send. + +#### asyncSend(address dest, uint amount) internal +Adds sent amount to available balance that payee can pull from this contract, called by payer. + +#### withdrawPayments( ) +Sends designated balance to payee calling the contract. Throws error if designated balance is 0, if contract does not hold enough funds ot pay the payee, or if the send transaction is not successful. + +___ +### StandardToken +Based on code by FirstBlood: [FirstBloodToken.sol] + +Inherits from contract SafeMath. Implementation of abstract contract ERC20 (see [https://github.com/ethereum/EIPs/issues/20]) + +[FirstBloodToken.sol]: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol +[https://github.com/ethereum/EIPs/issues/20]: see https://github.com/ethereum/EIPs/issues/20 + +#### approve(address _spender, uint _value) returns (bool success) +Sets the amount of the sender's token balance that the passed address is approved to use. + +###allowance(address _owner, address _spender) constant returns (uint remaining) +Returns the approved amount of the owner's balance that the spender can use. + +###balanceOf(address _owner) constant returns (uint balance) +Returns the token balance of the passed address. + +###transferFrom(address _from, address _to, uint _value) returns (bool success) +Transfers tokens from an account that the sender is approved to transfer from. Amount must not be greater than the approved amount or the account's balance. + +###function transfer(address _to, uint _value) returns (bool success) +Transfers tokens from sender's account. Amount must not be greater than sender's balance. + +___ +### BasicToken +Simpler version of StandardToken, with no allowances + +#### balanceOf(address _owner) constant returns (uint balance) +Returns the token balance of the passed address. + +###function transfer(address _to, uint _value) returns (bool success) +Transfers tokens from sender's account. Amount must not be greater than sender's balance. + +___ +### CrowdsaleToken +Simple ERC20 Token example, with crowdsale token creation. + +Inherits from contract StandardToken. + +#### createTokens(address recipient) payable +Creates tokens based on message value and credits to the recipient. + +#### getPrice() constant returns (uint result) +Returns the amount of tokens per 1 ether. ## License Code released under the [MIT License](https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/LICENSE). diff --git a/contracts/DayLimit.sol b/contracts/DayLimit.sol new file mode 100644 index 000000000..bd8c3b1cf --- /dev/null +++ b/contracts/DayLimit.sol @@ -0,0 +1,75 @@ +pragma solidity ^0.4.4; + + +import './Shareable.sol'; + + +/* + * DayLimit + * + * inheritable "property" contract that enables methods to be protected by placing a linear limit (specifiable) + * on a particular resource per calendar day. is multiowned to allow the limit to be altered. resource that method + * uses is specified in the modifier. + */ +contract DayLimit is Shareable { + // FIELDS + + uint public dailyLimit; + uint public spentToday; + uint public lastDay; + + + // MODIFIERS + + // simple modifier for daily limit. + modifier limitedDaily(uint _value) { + if (underLimit(_value)) + _; + } + + + // CONSTRUCTOR + // stores initial daily limit and records the present day's index. + function DayLimit(uint _limit) { + dailyLimit = _limit; + lastDay = today(); + } + + + // METHODS + + // (re)sets the daily limit. needs many of the owners to confirm. doesn't alter the amount already spent today. + function setDailyLimit(uint _newLimit) onlymanyowners(sha3(msg.data)) external { + dailyLimit = _newLimit; + } + + // resets the amount already spent today. needs many of the owners to confirm + function resetSpentToday() onlymanyowners(sha3(msg.data)) external { + spentToday = 0; + } + + + // INTERNAL METHODS + + // checks to see if there is at least `_value` left from the daily limit today. if there is, subtracts it and + // returns true. otherwise just returns false. + function underLimit(uint _value) internal onlyowner returns (bool) { + // reset the spend limit if we're on a different day to last time. + if (today() > lastDay) { + spentToday = 0; + lastDay = today(); + } + // check to see if there's enough left - if so, subtract and return true. + // overflow protection // dailyLimit check + if (spentToday + _value >= spentToday && spentToday + _value <= dailyLimit) { + spentToday += _value; + return true; + } + return false; + } + + // determines today's index. + function today() private constant returns (uint) { + return now / 1 days; + } +} diff --git a/contracts/Killable.sol b/contracts/Killable.sol index 485576d76..0b6aff066 100644 --- a/contracts/Killable.sol +++ b/contracts/Killable.sol @@ -6,7 +6,7 @@ import "./Ownable.sol"; * Base contract that can be killed by owner */ contract Killable is Ownable { - function kill() { - if (msg.sender == owner) selfdestruct(owner); + function kill() onlyOwner { + selfdestruct(owner); } } diff --git a/contracts/Migrations.sol b/contracts/Migrations.sol index 5e1a61e11..924d43b16 100644 --- a/contracts/Migrations.sol +++ b/contracts/Migrations.sol @@ -1,22 +1,13 @@ pragma solidity ^0.4.4; -contract Migrations { - address public owner; - uint public last_completed_migration; +contract Migrations is Ownable { + uint public lastCompletedMigration; - modifier restricted() { - if (msg.sender == owner) _; + function setCompleted(uint completed) onlyOwner { + lastCompletedMigration = completed; } - function Migrations() { - owner = msg.sender; - } - - function setCompleted(uint completed) restricted { - last_completed_migration = completed; - } - - function upgrade(address new_address) restricted { - Migrations upgraded = Migrations(new_address); - upgraded.setCompleted(last_completed_migration); + function upgrade(address newAddress) onlyOwner { + Migrations upgraded = Migrations(newAddress); + upgraded.setCompleted(lastCompletedMigration); } } diff --git a/contracts/Multisig.sol b/contracts/Multisig.sol new file mode 100644 index 000000000..66dfa3e91 --- /dev/null +++ b/contracts/Multisig.sol @@ -0,0 +1,29 @@ +pragma solidity ^0.4.4; + + +/* + * Multisig + * interface contract for multisig proxy contracts; see below for docs. + */ +contract Multisig { + // EVENTS + + // logged events: + // Funds has arrived into the wallet (record how much). + event Deposit(address _from, uint value); + // Single transaction going out of the wallet (record who signed for it, how much, and to whom it's going). + event SingleTransact(address owner, uint value, address to, bytes data); + // Multi-sig transaction going out of the wallet (record who signed for it last, the operation hash, how much, and to whom it's going). + event MultiTransact(address owner, bytes32 operation, uint value, address to, bytes data); + // Confirmation still needed for a transaction. + event ConfirmationNeeded(bytes32 operation, address initiator, uint value, address to, bytes data); + + + // FUNCTIONS + + // TODO: document + function changeOwner(address _from, address _to) external; + function execute(address _to, uint _value, bytes _data) external returns (bytes32); + function confirm(bytes32 _h) returns (bool); +} + diff --git a/contracts/MultisigWallet.sol b/contracts/MultisigWallet.sol new file mode 100644 index 000000000..0045727df --- /dev/null +++ b/contracts/MultisigWallet.sol @@ -0,0 +1,107 @@ +pragma solidity ^0.4.4; + + +// interface contract for multisig proxy contracts; see below for docs. +contract multisig { + // EVENTS + + // logged events: + // Funds has arrived into the wallet (record how much). + event Deposit(address _from, uint value); + // Single transaction going out of the wallet (record who signed for it, how much, and to whom it's going). + event SingleTransact(address owner, uint value, address to, bytes data); + // Multi-sig transaction going out of the wallet (record who signed for it last, the operation hash, how much, and to whom it's going). + event MultiTransact(address owner, bytes32 operation, uint value, address to, bytes data); + // Confirmation still needed for a transaction. + event ConfirmationNeeded(bytes32 operation, address initiator, uint value, address to, bytes data); + + + // FUNCTIONS + + // TODO: document + function changeOwner(address _from, address _to) external; + function execute(address _to, uint _value, bytes _data) external returns (bytes32); + function confirm(bytes32 _h) returns (bool); +} + +// usage: +// bytes32 h = Wallet(w).from(oneOwner).execute(to, value, data); +// Wallet(w).from(anotherOwner).confirm(h); +contract Wallet is multisig, Shareable, daylimit { + + // TYPES + + // Transaction structure to remember details of transaction lest it need be saved for a later call. + struct Transaction { + address to; + uint value; + bytes data; + } + + // METHODS + + // constructor - just pass on the owner array to the multiowned and + // the limit to daylimit + function Wallet(address[] _owners, uint _required, uint _daylimit) + multiowned(_owners, _required) daylimit(_daylimit) { + } + + // kills the contract sending everything to `_to`. + function kill(address _to) onlymanyowners(sha3(msg.data)) external { + suicide(_to); + } + + // gets called when no other function matches + function() { + // just being sent some cash? + if (msg.value > 0) + Deposit(msg.sender, msg.value); + } + + // Outside-visible transact entry point. Executes transaction immediately if below daily spend limit. + // If not, goes into multisig process. We provide a hash on return to allow the sender to provide + // shortcuts for the other confirmations (allowing them to avoid replicating the _to, _value + // and _data arguments). They still get the option of using them if they want, anyways. + function execute(address _to, uint _value, bytes _data) external onlyowner returns (bytes32 _r) { + // first, take the opportunity to check that we're under the daily limit. + if (underLimit(_value)) { + SingleTransact(msg.sender, _value, _to, _data); + // yes - just execute the call. + _to.call.value(_value)(_data); + return 0; + } + // determine our operation hash. + _r = sha3(msg.data, block.number); + if (!confirm(_r) && m_txs[_r].to == 0) { + m_txs[_r].to = _to; + m_txs[_r].value = _value; + m_txs[_r].data = _data; + ConfirmationNeeded(_r, msg.sender, _value, _to, _data); + } + } + + // confirm a transaction through just the hash. we use the previous transactions map, m_txs, in order + // to determine the body of the transaction from the hash provided. + function confirm(bytes32 _h) onlymanyowners(_h) returns (bool) { + if (m_txs[_h].to != 0) { + m_txs[_h].to.call.value(m_txs[_h].value)(m_txs[_h].data); + MultiTransact(msg.sender, _h, m_txs[_h].value, m_txs[_h].to, m_txs[_h].data); + delete m_txs[_h]; + return true; + } + } + + // INTERNAL METHODS + + function clearPending() internal { + uint length = m_pendingIndex.length; + for (uint i = 0; i < length; ++i) + delete m_txs[m_pendingIndex[i]]; + super.clearPending(); + } + + // FIELDS + + // pending transactions we have at present. + mapping (bytes32 => Transaction) m_txs; +} diff --git a/contracts/Shareable.sol b/contracts/Shareable.sol new file mode 100644 index 000000000..b73f31eee --- /dev/null +++ b/contracts/Shareable.sol @@ -0,0 +1,165 @@ +pragma solidity ^0.4.4; + + +/* + * Shareable + * + * Based on https://github.com/ethereum/dapp-bin/blob/master/wallet/wallet.sol + * + * inheritable "property" contract that enables methods to be protected by requiring the acquiescence of either a single, or, crucially, each of a number of, designated owners. + * + * usage: + * use modifiers onlyowner (just own owned) or onlymanyowners(hash), whereby the same hash must be provided by some number (specified in constructor) of the set of owners (specified in the constructor) before the interior is executed. + */ +contract Shareable { + // TYPES + + // struct for the status of a pending operation. + struct PendingState { + uint yetNeeded; + uint ownersDone; + uint index; + } + + + // FIELDS + + // the number of owners that must confirm the same operation before it is run. + uint public required; + + // list of owners + uint[256] owners; + uint constant c_maxOwners = 250; + // index on the list of owners to allow reverse lookup + mapping(uint => uint) ownerIndex; + // the ongoing operations. + mapping(bytes32 => PendingState) pendings; + bytes32[] pendingsIndex; + + + // EVENTS + + // this contract only has six types of events: it can accept a confirmation, in which case + // we record owner and operation (hash) alongside it. + event Confirmation(address owner, bytes32 operation); + event Revoke(address owner, bytes32 operation); + + + // MODIFIERS + + // simple single-sig function modifier. + modifier onlyOwner { + if (isOwner(msg.sender)) + _; + } + + // multi-sig function modifier: the operation must have an intrinsic hash in order + // that later attempts can be realised as the same underlying operation and + // thus count as confirmations. + modifier onlymanyowners(bytes32 _operation) { + if (confirmAndCheck(_operation)) + _; + } + + + // CONSTRUCTOR + + // constructor is given number of sigs required to do protected "onlymanyowners" transactions + // as well as the selection of addresses capable of confirming them. + function Shareable(address[] _owners, uint _required) { + owners[1] = uint(msg.sender); + ownerIndex[uint(msg.sender)] = 1; + for (uint i = 0; i < _owners.length; ++i) { + owners[2 + i] = uint(_owners[i]); + ownerIndex[uint(_owners[i])] = 2 + i; + } + required = _required; + } + + + // METHODS + + // Revokes a prior confirmation of the given operation + function revoke(bytes32 _operation) external { + uint index = ownerIndex[uint(msg.sender)]; + // make sure they're an owner + if (index == 0) return; + uint ownerIndexBit = 2**index; + var pending = pendings[_operation]; + if (pending.ownersDone & ownerIndexBit > 0) { + pending.yetNeeded++; + pending.ownersDone -= ownerIndexBit; + Revoke(msg.sender, _operation); + } + } + + // Gets an owner by 0-indexed position (using numOwners as the count) + function getOwner(uint ownerIndex) external constant returns (address) { + return address(owners[ownerIndex + 1]); + } + + function isOwner(address _addr) returns (bool) { + return ownerIndex[uint(_addr)] > 0; + } + + function hasConfirmed(bytes32 _operation, address _owner) constant returns (bool) { + var pending = pendings[_operation]; + uint index = ownerIndex[uint(_owner)]; + + // make sure they're an owner + if (index == 0) return false; + + // determine the bit to set for this owner. + uint ownerIndexBit = 2**index; + return !(pending.ownersDone & ownerIndexBit == 0); + } + + // INTERNAL METHODS + + function confirmAndCheck(bytes32 _operation) internal returns (bool) { + // determine what index the present sender is: + uint index = ownerIndex[uint(msg.sender)]; + // make sure they're an owner + if (index == 0) return; + + var pending = pendings[_operation]; + // if we're not yet working on this operation, switch over and reset the confirmation status. + if (pending.yetNeeded == 0) { + // reset count of confirmations needed. + pending.yetNeeded = required; + // reset which owners have confirmed (none) - set our bitmap to 0. + pending.ownersDone = 0; + pending.index = pendingsIndex.length++; + pendingsIndex[pending.index] = _operation; + } + // determine the bit to set for this owner. + uint ownerIndexBit = 2**index; + // make sure we (the message sender) haven't confirmed this operation previously. + if (pending.ownersDone & ownerIndexBit == 0) { + Confirmation(msg.sender, _operation); + // ok - check if count is enough to go ahead. + if (pending.yetNeeded <= 1) { + // enough confirmations: reset and run interior. + delete pendingsIndex[pendings[_operation].index]; + delete pendings[_operation]; + return true; + } + else + { + // not enough: record that this owner in particular confirmed. + pending.yetNeeded--; + pending.ownersDone |= ownerIndexBit; + } + } + } + + function clearPending() internal { + uint length = pendingsIndex.length; + for (uint i = 0; i < length; ++i) + if (pendingsIndex[i] != 0) + delete pendings[pendingsIndex[i]]; + delete pendingsIndex; + } + +} +