Moonbase Alpha Testnet

Contract Diff Checker

Contract Name:
OperationalStaking

Contract Source Code:

//SPDX-License-Identifier: MIT
pragma solidity 0.8.13;
import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";

contract OperationalStaking is OwnableUpgradeable {
    using SafeERC20Upgradeable for IERC20Upgradeable;

    uint256 public constant DIVIDER = 10**18; // 18 decimals used for scaling rates
    uint128 public constant REWARD_REDEEM_THRESHOLD = 10**8; // minimum number of tokens that can be redeemed

    IERC20Upgradeable public CQT;
    uint128 public rewardPool; // how many tokens are allocated for rewards
    uint128 public validatorCoolDown; // how many blocks until validator unstaking is unlocked
    uint128 public delegatorCoolDown; // how many blocks until delegator unstaking is unlocked
    uint128 public maxCapMultiplier; // *see readme
    uint128 public validatorMaxStake; // how many tokens validators can stake at most
    address public stakingManager;
    uint128 public validatorsN; // number of validators, used to get validator ids
    mapping(uint128 => Validator) internal _validators; // id -> validator instance

    struct Staking {
        uint128 shares; // # of validator shares that the delegator owns
        uint128 staked; // # of CQT that a delegator delegated originally through stake() transaction
    }

    struct Unstaking {
        uint128 coolDownEnd; // epoch when unstaking can be redeemed
        uint128 amount; // # of unstaked CQT
    }

    struct Validator {
        uint128 commissionAvailableToRedeem;
        uint128 exchangeRate; // validator exchange rate
        address _address; // wallet address of the operator which is mapped to the validator instance
        uint128 delegated; // track amount of tokens delegated
        uint128 totalShares; // total number of validator shares
        uint128 commissionRate;
        uint256 disabledAtBlock;
        mapping(address => Staking) stakings;
        mapping(address => Unstaking[]) unstakings;
    }

    event Initialized(address cqt, uint128 validatorCoolDown, uint128 delegatorCoolDown, uint128 maxCapMultiplier, uint128 validatorMaxStake);

    event RewardTokensDeposited(uint128 amount);

    event ValidatorAdded(uint128 indexed id, uint128 commissionRate, address indexed validator);

    event Staked(uint128 indexed validatorId, address delegator, uint128 amount);

    event Unstaked(uint128 indexed validatorId, address indexed delegator, uint128 amount, uint128 unstakeId);

    event RecoveredUnstake(uint128 indexed validatorId, address indexed delegator, uint128 amount, uint128 unstakingId);

    event UnstakeRedeemed(uint128 indexed validatorId, address indexed delegator, uint128 indexed unstakeId, uint128 amount);

    event AllocatedTokensTaken(uint128 amount);

    event RewardFailedDueLowPool(uint128 indexed validatorId, uint128 amount);

    event RewardFailedDueZeroStake(uint128 indexed validatorId, uint128 amount);

    event RewardRedeemed(uint128 indexed validatorId, address indexed beneficiary, uint128 amount);

    event CommissionRewardRedeemed(uint128 indexed validatorId, address indexed beneficiary, uint128 amount);

    event StakingManagerAddressChanged(address indexed operationalManager);

    event ValidatorCommissionRateChanged(uint128 indexed validatorId, uint128 amount);

    event ValidatorMaxCapChanged(uint128 amount);

    event ValidatorDisabled(uint128 indexed validatorId, uint256 blockNumber);

    event Redelegated(uint128 indexed oldValidatorId, uint128 indexed newValidatorId, address indexed delegator, uint128 amount, uint128 unstakingId);

    event MaxCapMultiplierChanged(uint128 newMaxCapMultiplier);

    event ValidatorEnabled(uint128 indexed validatorId);

    event ValidatorAddressChanged(uint128 indexed validatorId, address indexed newAddress);

    modifier onlyStakingManager() {
        require(stakingManager == msg.sender, "Caller is not stakingManager");
        _;
    }

    function initialize(
        address cqt,
        uint128 dCoolDown,
        uint128 vCoolDown,
        uint128 maxCapM,
        uint128 vMaxStake
    ) external initializer {
        __Ownable_init();
        validatorCoolDown = vCoolDown; // 180*6857 = ~ 6 months
        delegatorCoolDown = dCoolDown; //  28*6857 = ~ 28 days
        maxCapMultiplier = maxCapM;
        validatorMaxStake = vMaxStake;
        CQT = IERC20Upgradeable(cqt);
        emit Initialized(cqt, vCoolDown, dCoolDown, maxCapM, vMaxStake);
    }

    function setStakingManagerAddress(address newAddress) external onlyOwner {
        require(newAddress != address(0), "Invalid address");
        stakingManager = newAddress;
        emit StakingManagerAddressChanged(newAddress);
    }

    /*
     * Transfer CQT from the owner to the contract for reward allocation
     */
    function depositRewardTokens(uint128 amount) external onlyOwner {
        require(amount > 0, "Amount is 0");
        unchecked {
            rewardPool += amount;
        }
        _transferToContract(msg.sender, amount);
        emit RewardTokensDeposited(amount);
    }

    /*
     * Transfer reward CQT from the contract to the owner
     */
    function takeOutRewardTokens(uint128 amount) external onlyOwner {
        require(amount > 0, "Amount is 0");
        require(amount <= rewardPool, "Reward pool is too small");
        unchecked {
            rewardPool -= amount;
        }
        emit AllocatedTokensTaken(amount);
        _transferFromContract(msg.sender, amount);
    }

    /*
     * Updates validator max cap multiplier that determines how many tokens can be delegated
     */
    function setMaxCapMultiplier(uint128 newMaxCapMultiplier) external onlyOwner {
        require(newMaxCapMultiplier > 0, "Must be greater than 0");
        maxCapMultiplier = newMaxCapMultiplier;
        emit MaxCapMultiplierChanged(newMaxCapMultiplier);
    }

    /*
     * Updates maximum number of tokens that a validator can stake
     */
    function setValidatorMaxStake(uint128 maxStake) external onlyOwner {
        require(maxStake > 0, "Provided max stake is 0");
        validatorMaxStake = maxStake;
        emit ValidatorMaxCapChanged(maxStake);
    }

    /*
     * Adds new validator instance
     */
    function addValidator(address validator, uint128 commissionRate) external onlyStakingManager returns (uint256 id) {
        require(commissionRate < DIVIDER, "Rate must be less than 100%");
        require(validator != address(0), "Validator address is 0");
        Validator storage v = _validators[validatorsN]; // use current number of validators for the id of a new validator instance
        v._address = validator;
        v.exchangeRate = uint128(DIVIDER); // make it 1:1 initially
        v.commissionRate = commissionRate;
        v.disabledAtBlock = 1; // set it to 1 to indicate that the validator is disabled

        emit ValidatorAdded(validatorsN, commissionRate, validator);
        unchecked {
            validatorsN += 1;
        }

        return validatorsN - 1;
    }

    /*
     * Reward emission
     */
    function rewardValidators(uint128[] calldata ids, uint128[] calldata amounts) external onlyStakingManager {
        require(ids.length == amounts.length, "Given ids and amounts arrays must be of the same length");
        uint128 newRewardPool = rewardPool;
        uint128 amount;
        uint128 validatorId;
        uint128 commissionPaid;

        for (uint256 j = 0; j < ids.length; j++) {
            amount = amounts[j];
            validatorId = ids[j];
            // make sure there are enough tokens in the reward pool
            if (newRewardPool < amount) {
                emit RewardFailedDueLowPool(validatorId, amount);
            } else {
                Validator storage v = _validators[validatorId];
                // make sure validator has tokens staked (nothing was unstaked right before the reward emission)
                uint256 totalShares = uint256(v.totalShares);
                if (totalShares == 0) {
                    emit RewardFailedDueZeroStake(validatorId, amount);
                } else {
                    commissionPaid = uint128((uint256(amount) * uint256(v.commissionRate)) / DIVIDER);
                    v.exchangeRate += uint128(((amount - commissionPaid) * DIVIDER) / totalShares); // distribute the tokens by increasing the exchange rate
                    // commission is not compounded
                    // commisison is distributed under the validator instance
                    v.commissionAvailableToRedeem += commissionPaid;

                    newRewardPool -= amount;
                }
            }
        }
        rewardPool = newRewardPool; // can never access these tokens anymore, reserved for validator rewards
    }

    /*
     * Disables validator instance starting from the given block
     */
    function disableValidator(uint128 validatorId, uint256 blockNumber) external onlyStakingManager {
        require(validatorId < validatorsN, "Invalid validator");
        require(blockNumber > 0, "Disable block cannot be 0");
        _validators[validatorId].disabledAtBlock = blockNumber;
        emit ValidatorDisabled(validatorId, blockNumber);
    }

    /*
     * Enables validator instance by setting the disabledAtBlock to 0
     */
    function enableValidator(uint128 validatorId) external onlyStakingManager {
        require(validatorId < validatorsN, "Invalid validator");
        _validators[validatorId].disabledAtBlock = 0;
        emit ValidatorEnabled(validatorId);
    }

    /*
     * Updates validator comission rate
     * Commission rate is a number between 0 and 10^18 (0%-100%)
     */
    function setValidatorCommissionRate(uint128 validatorId, uint128 amount) external onlyOwner {
        require(validatorId < validatorsN, "Invalid validator");
        require(amount < DIVIDER, "Rate must be less than 100%");
        _validators[validatorId].commissionRate = amount;
        emit ValidatorCommissionRateChanged(validatorId, amount);
    }

    /*
     * Used to transfer CQT from delegators, validators, and the owner to the contract
     */
    function _transferToContract(address from, uint128 amount) internal {
        CQT.safeTransferFrom(from, address(this), amount);
    }

    /*
     * Used to transfer CQT from contract, for reward redemption or transferring out unstaked tokens
     */
    function _transferFromContract(address to, uint128 amount) internal {
        CQT.safeTransfer(to, amount);
    }

    /*
     * Used to convert validator shares to CQT
     */
    function _sharesToTokens(uint128 sharesN, uint128 rate) internal pure returns (uint128) {
        return uint128((uint256(sharesN) * uint256(rate)) / DIVIDER);
    }

    /*
     * Used to convert CQT to validator shares
     */
    function _tokensToShares(uint128 amount, uint128 rate) internal pure returns (uint128) {
        return uint128((uint256(amount) * DIVIDER) / uint256(rate));
    }

    /*
     * Delegates tokens under the provided validator
     */
    function stake(uint128 validatorId, uint128 amount) external {
        _stake(validatorId, amount, true);
    }

    /*
     * withTransfer is set to false when delegators recover unstaked or redelegated tokens.
     * These tokens are already in the contract.
     */
    function _stake(
        uint128 validatorId,
        uint128 amount,
        bool withTransfer
    ) internal {
        require(validatorId < validatorsN, "Invalid validator");
        require(amount >= REWARD_REDEEM_THRESHOLD, "Stake amount is too small");
        Validator storage v = _validators[validatorId];
        bool isValidator = msg.sender == v._address;

        // validators should be able to stake if they are disabled.
        if (!isValidator) require(v.disabledAtBlock == 0, "Validator is disabled");

        uint128 sharesAdd = _tokensToShares(amount, v.exchangeRate);
        Staking storage s = v.stakings[msg.sender];

        if (isValidator) {
            // the compounded rewards are not included in max stake check
            // hence we use s.staked instead of s.shares for valueStaked calculation
            uint128 valueStaked = s.staked + amount;
            require(valueStaked <= validatorMaxStake, "Validator max stake exceeded");
        } else {
            // cannot stake more than validator delegation max cap
            uint128 delegationMaxCap = v.stakings[v._address].staked * maxCapMultiplier;
            uint128 newDelegated = v.delegated + amount;
            require(newDelegated <= delegationMaxCap, "Validator max delegation exceeded");
            v.delegated = newDelegated;
        }

        // "buy/mint" shares
        v.totalShares += sharesAdd;
        s.shares += sharesAdd;

        // keep track of staked tokens
        s.staked += amount;
        if (withTransfer) _transferToContract(msg.sender, amount);
        emit Staked(validatorId, msg.sender, amount);
    }

    /*
     * Undelegates tokens from the provided validator
     */
    function unstake(uint128 validatorId, uint128 amount) external {
        require(validatorId < validatorsN, "Invalid validator");
        require(amount >= REWARD_REDEEM_THRESHOLD, "Unstake amount is too small");
        Validator storage v = _validators[validatorId];
        Staking storage s = v.stakings[msg.sender];
        require(s.staked >= amount, "Staked < amount provided");

        bool isValidator = msg.sender == v._address;
        if (isValidator && v.disabledAtBlock == 0) {
            // validators will have to disable themselves if they want to unstake tokens below delegation max cap
            uint128 newValidatorMaxCap = (s.staked - amount) * maxCapMultiplier;
            require(v.delegated <= newValidatorMaxCap, "Cannot unstake beyond max cap");
        }
        if (!isValidator) {
            v.delegated -= amount;
        }

        uint128 sharesRemove = _tokensToShares(amount, v.exchangeRate);
        // "sell/burn" shares
        // sometimes due to conversion inconsistencies shares to remove might end up being bigger than shares stored
        // so we have to reassign it to allow the full unstake
        if (sharesRemove > s.shares) sharesRemove = s.shares;

        unchecked {
            s.shares -= sharesRemove;
        }
        v.totalShares -= sharesRemove;

        // remove staked tokens
        unchecked {
            s.staked -= amount;
        }
        // create unstaking instance
        uint128 coolDownEnd = uint128(v.disabledAtBlock != 0 ? v.disabledAtBlock : block.number);
        unchecked {
            coolDownEnd += (isValidator ? validatorCoolDown : delegatorCoolDown);
        }
        uint128 unstakeId = uint128(v.unstakings[msg.sender].length);
        v.unstakings[msg.sender].push(Unstaking(coolDownEnd, amount));
        emit Unstaked(validatorId, msg.sender, amount, unstakeId);
    }

    /*
     * Restakes unstaked tokens
     */
    function recoverUnstaking(
        uint128 amount,
        uint128 validatorId,
        uint128 unstakingId
    ) external {
        require(validatorId < validatorsN, "Invalid validator");
        require(_validators[validatorId].unstakings[msg.sender].length > unstakingId, "Unstaking does not exist");
        Unstaking storage us = _validators[validatorId].unstakings[msg.sender][unstakingId];
        require(us.amount >= amount, "Unstaking has less tokens");
        unchecked {
            us.amount -= amount;
        }
        // set cool down end to 0 to release gas if new unstaking amount is 0
        if (us.amount == 0) us.coolDownEnd = 0;
        emit RecoveredUnstake(validatorId, msg.sender, amount, unstakingId);
        _stake(validatorId, amount, false);
    }

    /*
     * Transfers out unlocked unstaked tokens back to the delegator
     */
    function transferUnstakedOut(
        uint128 amount,
        uint128 validatorId,
        uint128 unstakingId
    ) external {
        require(validatorId < validatorsN, "Invalid validator");
        require(_validators[validatorId].unstakings[msg.sender].length > unstakingId, "Unstaking does not exist");
        Unstaking storage us = _validators[validatorId].unstakings[msg.sender][unstakingId];
        require(uint128(block.number) > us.coolDownEnd, "Cooldown period has not ended");
        require(us.amount >= amount, "Amount is too high");
        unchecked {
            us.amount -= amount;
        }
        // set cool down end to 0 to release gas if new unstaking amount is 0
        if (us.amount == 0) us.coolDownEnd = 0;
        emit UnstakeRedeemed(validatorId, msg.sender, unstakingId, amount);
        _transferFromContract(msg.sender, amount);
    }

    /*
     * Redeems all available rewards
     */
    function redeemAllRewards(uint128 validatorId, address beneficiary) external {
        _redeemRewards(validatorId, beneficiary, 0); // pass 0 to request full amount
    }

    /*
     * Redeems partial rewards
     */
    function redeemRewards(
        uint128 validatorId,
        address beneficiary,
        uint128 amount
    ) external {
        require(amount > 0, "Amount is 0");
        _redeemRewards(validatorId, beneficiary, amount);
    }

    function _redeemRewards(
        uint128 validatorId,
        address beneficiary,
        uint128 amount
    ) internal {
        require(validatorId < validatorsN, "Invalid validator");
        require(beneficiary != address(0x0), "Invalid beneficiary");
        Validator storage v = _validators[validatorId];
        Staking storage s = v.stakings[msg.sender];

        // how many tokens a delegator/validator has in total on the contract
        // include earned commission if the delegator is the validator
        uint128 totalValue = _sharesToTokens(s.shares, v.exchangeRate);

        bool redeemAll = amount == 0; // amount is 0 when it's requested to redeem all rewards
        if (redeemAll) {
            // can only redeem > redeem threshold
            require(totalValue - s.staked >= REWARD_REDEEM_THRESHOLD, "Nothing to redeem");
        }
        // making sure that amount of rewards exist
        else {
            require(totalValue - s.staked >= amount, "Requested amount is too high");
            require(amount >= REWARD_REDEEM_THRESHOLD, "Requested amount must be higher than redeem threshold");
        }

        uint128 amountToRedeem = redeemAll ? totalValue - s.staked : amount;

        // "sell/burn" the reward shares
        uint128 validatorSharesRemove = _tokensToShares(amountToRedeem, v.exchangeRate);
        if (validatorSharesRemove > s.shares) validatorSharesRemove = s.shares;
        unchecked {
            v.totalShares -= validatorSharesRemove;
        }
        unchecked {
            s.shares -= validatorSharesRemove;
        }

        emit RewardRedeemed(validatorId, beneficiary, amountToRedeem);
        _transferFromContract(beneficiary, amountToRedeem);
    }

    function redeemCommission(
        uint128 validatorId,
        address beneficiary,
        uint128 amount
    ) public {
        require(validatorId < validatorsN, "Invalid validator");
        require(beneficiary != address(0x0), "Invalid beneficiary");
        Validator storage v = _validators[validatorId];
        require(v._address == msg.sender, "The sender is not the validator");

        require(v.commissionAvailableToRedeem > 0, "No commission available to redeem");
        require(amount > 0, "The requested amount is 0");
        require(amount <= v.commissionAvailableToRedeem, "Requested amount is higher than commission available to redeem");
        unchecked {
            v.commissionAvailableToRedeem -= amount;
        }

        _transferFromContract(beneficiary, amount);
        emit CommissionRewardRedeemed(validatorId, beneficiary, amount);
    }

    function redeemAllCommission(uint128 validatorId, address beneficiary) external {
        redeemCommission(validatorId, beneficiary, _validators[validatorId].commissionAvailableToRedeem);
    }

    /*
     * Redelegates tokens to another validator if a validator got disabled.
     * First the tokens need to be unstaked
     */
    function redelegateUnstaked(
        uint128 amount,
        uint128 oldValidatorId,
        uint128 newValidatorId,
        uint128 unstakingId
    ) external {
        require(oldValidatorId < validatorsN, "Invalid validator");
        Validator storage v = _validators[oldValidatorId];
        require(v.disabledAtBlock != 0, "Validator is not disabled");
        require(v._address != msg.sender, "Validator cannot redelegate");
        require(v.unstakings[msg.sender].length > unstakingId, "Unstaking does not exist");
        Unstaking storage us = v.unstakings[msg.sender][unstakingId];
        require(us.amount >= amount, "Unstaking has less tokens");
        // stake tokens back to the contract using new validator, set withTransfer to false since the tokens are already in the contract
        unchecked {
            us.amount -= amount;
        }
        // set cool down end to 0 to release gas if new unstaking amount is 0
        if (us.amount == 0) us.coolDownEnd = 0;
        emit Redelegated(oldValidatorId, newValidatorId, msg.sender, amount, unstakingId);
        _stake(newValidatorId, amount, false);
    }

    /*
     * Changes the validator staking address, this will transfer validator staking data and optionally unstakings
     */
    function setValidatorAddress(uint128 validatorId, address newAddress) external {
        Validator storage v = _validators[validatorId];
        require(msg.sender == v._address, "Sender is not the validator");
        require(v._address != newAddress, "The new address cannot be equal to the current validator address");
        require(newAddress != address(0), "Invalid validator address");

        v.stakings[newAddress].shares += v.stakings[msg.sender].shares;
        v.stakings[newAddress].staked += v.stakings[msg.sender].staked;
        delete v.stakings[msg.sender];

        Unstaking[] storage oldUnstakings = v.unstakings[msg.sender];
        uint256 length = oldUnstakings.length;
        require(length <= 300, "Cannot transfer more than 300 unstakings");
        Unstaking[] storage newUnstakings = v.unstakings[newAddress];
        for (uint128 i = 0; i < length; ++i) {
            newUnstakings.push(oldUnstakings[i]);
        }
        delete v.unstakings[msg.sender];

        v._address = newAddress;
        emit ValidatorAddressChanged(validatorId, newAddress);
    }

    /*
     * Gets metadata
     */
    function getMetadata()
        external
        view
        returns (
            address CQTaddress,
            address _stakingManager,
            uint128 _validatorsN,
            uint128 _rewardPool,
            uint128 _validatorCoolDown,
            uint128 _delegatorCoolDown,
            uint128 _maxCapMultiplier,
            uint128 _validatorMaxStake
        )
    {
        return (address(CQT), stakingManager, validatorsN, rewardPool, validatorCoolDown, delegatorCoolDown, maxCapMultiplier, validatorMaxStake);
    }

    /*
     * Returns validator metadata with how many tokens were staked and delegated excluding compounded rewards
     */
    function getValidatorMetadata(uint128 validatorId)
        public
        view
        returns (
            address _address,
            uint128 staked,
            uint128 delegated,
            uint128 commissionRate,
            uint256 disabledAtBlock
        )
    {
        require(validatorId < validatorsN, "Invalid validator");
        Validator storage v = _validators[validatorId];
        return (v._address, v.stakings[v._address].staked, v.delegated, v.commissionRate, v.disabledAtBlock);
    }

    /*
     * Returns metadata for each validator
     */
    function getAllValidatorsMetadata()
        external
        view
        returns (
            address[] memory addresses,
            uint128[] memory staked,
            uint128[] memory delegated,
            uint128[] memory commissionRates,
            uint256[] memory disabledAtBlocks
        )
    {
        return getValidatorsMetadata(0, validatorsN);
    }

    /*
     * Returns metadata for validators whose ids are between startId and endId exclusively
     */
    function getValidatorsMetadata(uint128 startId, uint128 endId)
        public
        view
        returns (
            address[] memory addresses,
            uint128[] memory staked,
            uint128[] memory delegated,
            uint128[] memory commissionRates,
            uint256[] memory disabledAtBlocks
        )
    {
        require(endId <= validatorsN, "Invalid end id");
        require(startId < endId, "Start id must be less than end id");

        uint128 n = endId - startId;
        addresses = new address[](n);
        staked = new uint128[](n);
        delegated = new uint128[](n);
        commissionRates = new uint128[](n);
        disabledAtBlocks = new uint256[](n);

        uint128 i;
        for (uint128 id = startId; id < endId; ++id) {
            i = id - startId;
            (addresses[i], staked[i], delegated[i], commissionRates[i], disabledAtBlocks[i]) = getValidatorMetadata(id);
        }
        return (addresses, staked, delegated, commissionRates, disabledAtBlocks);
    }

    /*
     * Returns validator staked and delegated token amounts, excluding compounded rewards
     */
    function getValidatorStakingData(uint128 validatorId) external view returns (uint128 staked, uint128 delegated) {
        require(validatorId < validatorsN, "Invalid validator");
        Validator storage v = _validators[validatorId];
        return (v.stakings[v._address].staked, v.delegated);
    }

    /*
     * Returns validator staked and delegated token amounts, including compounded rewards
     */
    function getValidatorCompoundedStakingData(uint128 validatorId) external view returns (uint128 staked, uint128 delegated) {
        Validator storage v = _validators[validatorId];
        // this includes staked + compounded rewards
        staked = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);
        // this includes delegated + compounded rewards
        delegated = _sharesToTokens(v.totalShares, v.exchangeRate) - staked;
        return (staked, delegated);
    }

    /*
     * Returns the amount that's staked, earned by delegator plus unstaking information.
     * CommissionEarned is for validators
     */
    function getDelegatorMetadata(address delegator, uint128 validatorId)
        external
        view
        returns (
            uint128 staked,
            uint128 rewards,
            uint128 commissionEarned,
            uint128[] memory unstakingAmounts,
            uint128[] memory unstakingsEndEpochs
        )
    {
        require(validatorId < validatorsN, "Invalid validator");
        Validator storage v = _validators[validatorId];
        Staking storage s = v.stakings[delegator];
        staked = s.staked;
        uint128 sharesValue = _sharesToTokens(s.shares, v.exchangeRate);
        if (sharesValue <= s.staked) rewards = 0;
        else rewards = sharesValue - s.staked;
        // if requested delegator is the requested validator
        if (v._address == delegator) commissionEarned = v.commissionAvailableToRedeem;
        Unstaking[] memory unstakings = v.unstakings[delegator];
        uint256 unstakingsN = unstakings.length;
        unstakingAmounts = new uint128[](unstakingsN);
        unstakingsEndEpochs = new uint128[](unstakingsN);
        for (uint256 i = 0; i < unstakingsN; i++) {
            unstakingAmounts[i] = unstakings[i].amount;
            unstakingsEndEpochs[i] = unstakings[i].coolDownEnd;
        }
        return (staked, rewards, commissionEarned, unstakingAmounts, unstakingsEndEpochs);
    }

    function renounceOwnership() public virtual override onlyOwner {}
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20Upgradeable {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the amount of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the amount of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves `amount` tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 amount) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 amount) external returns (bool);

    /**
     * @dev Moves `amount` tokens from `from` to `to` using the
     * allowance mechanism. `amount` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(
        address from,
        address to,
        uint256 amount
    ) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)

pragma solidity ^0.8.0;

import "../utils/ContextUpgradeable.sol";
import "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * By default, the owner account will be the one that deploys the contract. This
 * can later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
    address private _owner;

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the deployer as the initial owner.
     */
    function __Ownable_init() internal onlyInitializing {
        __Ownable_init_unchained();
    }

    function __Ownable_init_unchained() internal onlyInitializing {
        _transferOwnership(_msgSender());
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        require(owner() == _msgSender(), "Ownable: caller is not the owner");
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions anymore. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby removing any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        require(newOwner != address(0), "Ownable: new owner is the zero address");
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[49] private __gap;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.0;

import "../IERC20Upgradeable.sol";
import "../extensions/draft-IERC20PermitUpgradeable.sol";
import "../../../utils/AddressUpgradeable.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20Upgradeable {
    using AddressUpgradeable for address;

    function safeTransfer(
        IERC20Upgradeable token,
        address to,
        uint256 value
    ) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
    }

    function safeTransferFrom(
        IERC20Upgradeable token,
        address from,
        address to,
        uint256 value
    ) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
    }

    /**
     * @dev Deprecated. This function has issues similar to the ones found in
     * {IERC20-approve}, and its usage is discouraged.
     *
     * Whenever possible, use {safeIncreaseAllowance} and
     * {safeDecreaseAllowance} instead.
     */
    function safeApprove(
        IERC20Upgradeable token,
        address spender,
        uint256 value
    ) internal {
        // safeApprove should only be called when setting an initial allowance,
        // or when resetting it to zero. To increase and decrease it, use
        // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
        require(
            (value == 0) || (token.allowance(address(this), spender) == 0),
            "SafeERC20: approve from non-zero to non-zero allowance"
        );
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
    }

    function safeIncreaseAllowance(
        IERC20Upgradeable token,
        address spender,
        uint256 value
    ) internal {
        uint256 newAllowance = token.allowance(address(this), spender) + value;
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
    }

    function safeDecreaseAllowance(
        IERC20Upgradeable token,
        address spender,
        uint256 value
    ) internal {
        unchecked {
            uint256 oldAllowance = token.allowance(address(this), spender);
            require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
            uint256 newAllowance = oldAllowance - value;
            _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
        }
    }

    function safePermit(
        IERC20PermitUpgradeable token,
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        uint256 nonceBefore = token.nonces(owner);
        token.permit(owner, spender, value, deadline, v, r, s);
        uint256 nonceAfter = token.nonces(owner);
        require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     */
    function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
        // the target address contains contract code and also asserts for success in the low-level call.

        bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
        if (returndata.length > 0) {
            // Return data is optional
            require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)

pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[50] private __gap;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.2;

import "../../utils/AddressUpgradeable.sol";

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
    /**
     * @dev Indicates that the contract has been initialized.
     * @custom:oz-retyped-from bool
     */
    uint8 private _initialized;

    /**
     * @dev Indicates that the contract is in the process of being initialized.
     */
    bool private _initializing;

    /**
     * @dev Triggered when the contract has been initialized or reinitialized.
     */
    event Initialized(uint8 version);

    /**
     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
     * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
     */
    modifier initializer() {
        bool isTopLevelCall = !_initializing;
        require(
            (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
            "Initializable: contract is already initialized"
        );
        _initialized = 1;
        if (isTopLevelCall) {
            _initializing = true;
        }
        _;
        if (isTopLevelCall) {
            _initializing = false;
            emit Initialized(1);
        }
    }

    /**
     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
     * used to initialize parent contracts.
     *
     * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
     * initialization step. This is essential to configure modules that are added through upgrades and that require
     * initialization.
     *
     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
     * a contract, executing them in the right order is up to the developer or operator.
     */
    modifier reinitializer(uint8 version) {
        require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
        _initialized = version;
        _initializing = true;
        _;
        _initializing = false;
        emit Initialized(version);
    }

    /**
     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
     * {initializer} and {reinitializer} modifiers, directly or indirectly.
     */
    modifier onlyInitializing() {
        require(_initializing, "Initializable: contract is not initializing");
        _;
    }

    /**
     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
     * through proxies.
     */
    function _disableInitializers() internal virtual {
        require(!_initializing, "Initializable: contract is initializing");
        if (_initialized < type(uint8).max) {
            _initialized = type(uint8).max;
            emit Initialized(type(uint8).max);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library AddressUpgradeable {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCall(target, data, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        require(isContract(target), "Address: call to non-contract");

        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResult(success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        require(isContract(target), "Address: static call to non-contract");

        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResult(success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            // Look for revert reason and bubble it up if present
            if (returndata.length > 0) {
                // The easiest way to bubble the revert reason is using memory via assembly
                /// @solidity memory-safe-assembly
                assembly {
                    let returndata_size := mload(returndata)
                    revert(add(32, returndata), returndata_size)
                }
            } else {
                revert(errorMessage);
            }
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 */
interface IERC20PermitUpgradeable {
    /**
     * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
     * given ``owner``'s signed approval.
     *
     * IMPORTANT: The same issues {IERC20-approve} has related to transaction
     * ordering also apply here.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `deadline` must be a timestamp in the future.
     * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
     * over the EIP712-formatted function arguments.
     * - the signature must use ``owner``'s current nonce (see {nonces}).
     *
     * For more information on the signature format, see the
     * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
     * section].
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /**
     * @dev Returns the current nonce for `owner`. This value must be
     * included whenever a signature is generated for {permit}.
     *
     * Every successful call to {permit} increases ``owner``'s nonce by one. This
     * prevents a signature from being used multiple times.
     */
    function nonces(address owner) external view returns (uint256);

    /**
     * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view returns (bytes32);
}

Please enter a contract address above to load the contract details and source code.

Context size (optional):