QX-ERC20-

QX ERC20 Science Token /** *Submitted for verification at Etherscan.io on 2020-12-24 */

pragma solidity ^0.6.0;

/**

• @dev Wrappers over Solidity's arithmetic operations with added overflow

• checks.

• Arithmetic operations in Solidity wrap on overflow. This can easily result

• in bugs, because programmers usually assume that an overflow raises an

• error, which is the standard behavior in high level programming languages.

• SafeMath restores this intuition by reverting the transaction when an

• operation overflows.

• Using this library instead of the unchecked operations eliminates an entire

• class of bugs, so it's recommended to use it always. / library SafeMath { /*

  • @dev Returns the addition of two unsigned integers, reverting on

  • overflow.

  • Counterpart to Solidity's + operator.

  • Requirements:

  • • Addition cannot overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; require(c >= a, "SafeMath: addition overflow");

    return c; }

  /**

  • @dev Returns the subtraction of two unsigned integers, reverting on
  • overflow (when the result is negative).
  • Counterpart to Solidity's - operator.
  • Requirements:
  • • Subtraction cannot overflow. */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { return sub(a, b, "SafeMath: subtraction overflow"); }

  /**

  • @dev Returns the subtraction of two unsigned integers, reverting with custom message on

  • overflow (when the result is negative).

  • Counterpart to Solidity's - operator.

  • Requirements:

  • • Subtraction cannot overflow. */ function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b <= a, errorMessage); uint256 c = a - b;

    return c; }

  /**

  • @dev Returns the multiplication of two unsigned integers, reverting on

  • overflow.

  • Counterpart to Solidity's * operator.

  • Requirements:

  • • Multiplication cannot overflow. */ function mul(uint256 a, uint256 b) internal pure returns (uint256) { // Gas optimization: this is cheaper than requiring 'a' not being zero, but the // benefit is lost if 'b' is also tested. // See: OpenZeppelin/openzeppelin-contracts#522 if (a == 0) { return 0; }

    uint256 c = a * b; require(c / a == b, "SafeMath: multiplication overflow");

    return c; }

  /**

  • @dev Returns the integer division of two unsigned integers. Reverts on
  • division by zero. The result is rounded towards zero.
  • Counterpart to Solidity's / operator. Note: this function uses a
  • revert opcode (which leaves remaining gas untouched) while Solidity
  • uses an invalid opcode to revert (consuming all remaining gas).
  • Requirements:
  • • The divisor cannot be zero. */ function div(uint256 a, uint256 b) internal pure returns (uint256) { return div(a, b, "SafeMath: division by zero"); }

  /**

  • @dev Returns the integer division of two unsigned integers. Reverts with custom message on

  • division by zero. The result is rounded towards zero.

  • Counterpart to Solidity's / operator. Note: this function uses a

  • revert opcode (which leaves remaining gas untouched) while Solidity

  • uses an invalid opcode to revert (consuming all remaining gas).

  • Requirements:

  • • The divisor cannot be zero. */ function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b > 0, errorMessage); uint256 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold

    return c; }

  /**

  • @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
  • Reverts when dividing by zero.
  • Counterpart to Solidity's % operator. This function uses a revert
  • opcode (which leaves remaining gas untouched) while Solidity uses an
  • invalid opcode to revert (consuming all remaining gas).
  • Requirements:
  • • The divisor cannot be zero. */ function mod(uint256 a, uint256 b) internal pure returns (uint256) { return mod(a, b, "SafeMath: modulo by zero"); }

  /**

  • @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
  • Reverts with custom message when dividing by zero.
  • Counterpart to Solidity's % operator. This function uses a revert
  • opcode (which leaves remaining gas untouched) while Solidity uses an
  • invalid opcode to revert (consuming all remaining gas).
  • Requirements:
  • • The divisor cannot be zero. */ function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b != 0, errorMessage); return a % b; } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev Standard math utilities missing in the Solidity language. / library Math { /*

  • @dev Returns the largest of two numbers. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a >= b ? a : b; }

  /**

  • @dev Returns the smallest of two numbers. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; }

  /**

  • @dev Returns the average of two numbers. The result is rounded towards
  • zero. */ function average(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b) / 2 can overflow, so we distribute return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2); } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev Collection of functions related to array types. / library Arrays { /*

  • @dev Searches a sorted array and returns the first index that contains

  • a value greater or equal to element. If no such index exists (i.e. all

  • values in the array are strictly less than element), the array length is

  • returned. Time complexity O(log n).

  • array is expected to be sorted in ascending order, and to contain no

  • repeated elements. */ function findUpperBound(uint256[] storage array, uint256 element) internal view returns (uint256) { if (array.length == 0) { return 0; }

    uint256 low = 0; uint256 high = array.length;

    while (low < high) { uint256 mid = Math.average(low, high);

     // Note that mid will always be strictly less than high (i.e. it will be a valid array index)
     // because Math.average rounds down (it does integer division with truncation).
     if (array[mid] > element) {
         high = mid;
     } else {
         low = mid + 1;
     }
    

    }

    // At this point low is the exclusive upper bound. We will return the inclusive upper bound. if (low > 0 && array[low - 1] == element) { return low - 1; } else { return low; } } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @title Counters

• @author Matt Condon (@shrugs)

• @dev Provides counters that can only be incremented or decremented by one. This can be used e.g. to track the number

• of elements in a mapping, issuing ERC721 ids, or counting request ids.

• Include with using Counters for Counters.Counter;

• Since it is not possible to overflow a 256 bit integer with increments of one, increment can skip the {SafeMath}

• overflow check, thereby saving gas. This does assume however correct usage, in that the underlying _value is never

• directly accessed. */ library Counters { using SafeMath for uint256;

  struct Counter { // This variable should never be directly accessed by users of the library: interactions must be restricted to // the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add // this feature: see ethereum/solidity#4637 uint256 _value; // default: 0 }

  function current(Counter storage counter) internal view returns (uint256) { return counter._value; }

  function increment(Counter storage counter) internal { // The {SafeMath} overflow check can be skipped here, see the comment at the top counter._value += 1; }

  function decrement(Counter storage counter) internal { counter._value = counter._value.sub(1); } }

// Partial License: MIT

pragma solidity ^0.6.0;

/*

• @dev Provides information about the current execution context, including the

• sender of the transaction and its data. While these are generally available

• via msg.sender and msg.data, they should not be accessed in such a direct

• manner, since when dealing with GSN meta-transactions the account sending and

• paying for execution may not be the actual sender (as far as an application

• is concerned).

• This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address payable) { return msg.sender; }

  function _msgData() internal view virtual returns (bytes memory) { this; // silence state mutability warning without generating bytecode - see ethereum/solidity#2691 return msg.data; } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev Interface of the ERC20 standard as defined in the EIP. / interface IERC20 { /*

  • @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256);

  /**

  • @dev Returns the amount of tokens owned by account. */ function balanceOf(address account) external view returns (uint256);

  /**

  • @dev Moves amount tokens from the caller's account to recipient.
  • Returns a boolean value indicating whether the operation succeeded.
  • Emits a {Transfer} event. */ function transfer(address recipient, uint256 amount) external returns (bool);

  /**

  • @dev Returns the remaining number of tokens that spender will be
  • allowed to spend on behalf of owner through {transferFrom}. This is
  • zero by default.
  • This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256);

  /**

  • @dev Sets amount as the allowance of spender over the caller's tokens.
  • Returns a boolean value indicating whether the operation succeeded.
  • IMPORTANT: Beware that changing an allowance with this method brings the risk
  • that someone may use both the old and the new allowance by unfortunate
  • transaction ordering. One possible solution to mitigate this race
  • condition is to first reduce the spender's allowance to 0 and set the
  • desired value afterwards:
  • ethereum/EIPs#20 (comment)
  • Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool);

  /**

  • @dev Moves amount tokens from sender to recipient using the
  • allowance mechanism. amount is then deducted from the caller's
  • allowance.
  • Returns a boolean value indicating whether the operation succeeded.
  • Emits a {Transfer} event. */ function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);

  /**

  • @dev Emitted when value tokens are moved from one account (from) to
  • another (to).
  • Note that value may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value);

  /**

  • @dev Emitted when the allowance of a spender for an owner is set by
  • a call to {approve}. value is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); }

// Partial License: MIT

pragma solidity ^0.6.2;

/**

• @dev Collection of functions related to the address type / library Address { /*

  • @dev Returns true if account is a contract.

  • [IMPORTANT]

  • ====

  • It is unsafe to assume that an address for which this function returns

  • false is an externally-owned account (EOA) and not a contract.

  • Among others, isContract will return false for the following

  • types of addresses:

  • • an externally-owned account
  • • a contract in construction
  • • an address where a contract will be created
  • • an address where a contract lived, but was destroyed

  • ==== */ function isContract(address account) internal view returns (bool) { // This method relies in extcodesize, which returns 0 for contracts in // construction, since the code is only stored at the end of the // constructor execution.

    uint256 size; // solhint-disable-next-line no-inline-assembly assembly { size := extcodesize(account) } return size > 0; }

  /**

  • @dev Replacement for Solidity's transfer: sends amount wei to

  • recipient, forwarding all available gas and reverting on errors.

  • https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost

  • of certain opcodes, possibly making contracts go over the 2300 gas limit

  • imposed by transfer, making them unable to receive funds via

  • transfer. {sendValue} removes this limitation.

  • https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].

  • IMPORTANT: because control is transferred to recipient, care must be

  • taken to not create reentrancy vulnerabilities. Consider using

  • {ReentrancyGuard} or the

  • https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance");

    // solhint-disable-next-line avoid-low-level-calls, avoid-call-value (bool success, ) = recipient.call{ value: amount }(""); require(success, "Address: unable to send value, recipient may have reverted"); }

  /**

  • @dev Performs a Solidity function call using a low level call. A
  • plaincall is an unsafe replacement for a function call: use this
  • function instead.
  • If target reverts with a revert reason, it is bubbled up by this
  • function (like regular Solidity function calls).
  • Returns the raw returned data. To convert to the expected return value,
  • use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
  • Requirements:
  • • target must be a contract.
  • • calling target with data must not revert.
  • Available since v3.1. */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); }

  /**

  • @dev Same as {xref-Address-functionCall-address-bytes-}[functionCall], but with
  • errorMessage as a fallback revert reason when target reverts.
  • Available since v3.1. */ function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { return _functionCallWithValue(target, data, 0, errorMessage); }

  /**

  • @dev Same as {xref-Address-functionCall-address-bytes-}[functionCall],
  • but also transferring value wei to target.
  • Requirements:
  • • the calling contract must have an ETH balance of at least value.
  • • the called Solidity function must be payable.
  • Available since v3.1. */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); }

  /**

  • @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[functionCallWithValue], but
  • with errorMessage as a fallback revert reason when target reverts.
  • Available since v3.1. */ function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); return _functionCallWithValue(target, data, value, errorMessage); }

  function _functionCallWithValue(address target, bytes memory data, uint256 weiValue, string memory errorMessage) private returns (bytes memory) { require(isContract(target), "Address: call to non-contract");

   // solhint-disable-next-line avoid-low-level-calls
   (bool success, bytes memory returndata) = target.call{ value: weiValue }(data);
   if (success) {
       return returndata;
   } else {
       // Look for revert reason and bubble it up if present
       if (returndata.length > 0) {
           // The easiest way to bubble the revert reason is using memory via assembly
  
           // solhint-disable-next-line no-inline-assembly
           assembly {
               let returndata_size := mload(returndata)
               revert(add(32, returndata), returndata_size)
           }
       } else {
           revert(errorMessage);
       }
   }
  

  } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev Implementation of the {IERC20} interface.

• This implementation is agnostic to the way tokens are created. This means

• that a supply mechanism has to be added in a derived contract using {_mint}.

• For a generic mechanism see {ERC20PresetMinterPauser}.

• TIP: For a detailed writeup see our guide

• https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How

• to implement supply mechanisms].

• We have followed general OpenZeppelin guidelines: functions revert instead

• of returning false on failure. This behavior is nonetheless conventional

• and does not conflict with the expectations of ERC20 applications.

• Additionally, an {Approval} event is emitted on calls to {transferFrom}.

• This allows applications to reconstruct the allowance for all accounts just

• by listening to said events. Other implementations of the EIP may not emit

• these events, as it isn't required by the specification.

• Finally, the non-standard {decreaseAllowance} and {increaseAllowance}

• functions have been added to mitigate the well-known issues around setting

• allowances. See {IERC20-approve}. */ contract ERC20 is Context, IERC20 { using SafeMath for uint256; using Address for address;

  mapping (address => uint256) private _balances;

  mapping (address => mapping (address => uint256)) private _allowances;

  uint256 private _totalSupply;

  string private _name; string private _symbol; uint8 private _decimals;

  /**

  • @dev Sets the values for {name} and {symbol}, initializes {decimals} with
  • a default value of 18.
  • To select a different value for {decimals}, use {_setupDecimals}.
  • All three of these values are immutable: they can only be set once during
  • construction. */ constructor (string memory name, string memory symbol) public { _name = name; _symbol = symbol; _decimals = 18; }

  /**

  • @dev Returns the name of the token. */ function name() public view returns (string memory) { return _name; }

  /**

  • @dev Returns the symbol of the token, usually a shorter version of the
  • name. */ function symbol() public view returns (string memory) { return _symbol; }

  /**

  • @dev Returns the number of decimals used to get its user representation.
  • For example, if decimals equals 2, a balance of 505 tokens should
  • be displayed to a user as 5,05 (505 / 10 ** 2).
  • Tokens usually opt for a value of 18, imitating the relationship between
  • Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is
  • called.
  • NOTE: This information is only used for display purposes: it in
  • no way affects any of the arithmetic of the contract, including
  • {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view returns (uint8) { return _decimals; }

  /**

  • @dev See {IERC20-totalSupply}. */ function totalSupply() public view override returns (uint256) { return _totalSupply; }

  /**

  • @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view override returns (uint256) { return _balances[account]; }

  /**

  • @dev See {IERC20-transfer}.
  • Requirements:
  • • recipient cannot be the zero address.
  • • the caller must have a balance of at least amount. */ function transfer(address recipient, uint256 amount) public virtual override returns (bool) { _transfer(_msgSender(), recipient, amount); return true; }

  /**

  • @dev See {IERC20-allowance}. */ function allowance(address owner, address spender) public view virtual override returns (uint256) { return _allowances[owner][spender]; }

  /**

  • @dev See {IERC20-approve}.
  • Requirements:
  • • spender cannot be the zero address. */ function approve(address spender, uint256 amount) public virtual override returns (bool) { _approve(_msgSender(), spender, amount); return true; }

  /**

  • @dev See {IERC20-transferFrom}.
  • Emits an {Approval} event indicating the updated allowance. This is not
  • required by the EIP. See the note at the beginning of {ERC20};
  • Requirements:
  • • sender and recipient cannot be the zero address.
  • • sender must have a balance of at least amount.
  • • the caller must have allowance for sender's tokens of at least
  • amount. */ function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) { _transfer(sender, recipient, amount); _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "ERC20: transfer amount exceeds allowance")); return true; }

  /**

  • @dev Atomically increases the allowance granted to spender by the caller.
  • This is an alternative to {approve} that can be used as a mitigation for
  • problems described in {IERC20-approve}.
  • Emits an {Approval} event indicating the updated allowance.
  • Requirements:
  • • spender cannot be the zero address. */ function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) { _approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue)); return true; }

  /**

  • @dev Atomically decreases the allowance granted to spender by the caller.
  • This is an alternative to {approve} that can be used as a mitigation for
  • problems described in {IERC20-approve}.
  • Emits an {Approval} event indicating the updated allowance.
  • Requirements:
  • • spender cannot be the zero address.
  • • spender must have allowance for the caller of at least
  • subtractedValue. */ function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) { _approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, "ERC20: decreased allowance below zero")); return true; }

  /**

  • @dev Moves tokens amount from sender to recipient.

  • This is internal function is equivalent to {transfer}, and can be used to

  • e.g. implement automatic token fees, slashing mechanisms, etc.

  • Emits a {Transfer} event.

  • Requirements:

  • • sender cannot be the zero address.
  • • recipient cannot be the zero address.
  • • sender must have a balance of at least amount. */ function _transfer(address sender, address recipient, uint256 amount) internal virtual { require(sender != address(0), "ERC20: transfer from the zero address"); require(recipient != address(0), "ERC20: transfer to the zero address");

    _beforeTokenTransfer(sender, recipient, amount);

    _balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance"); _balances[recipient] = _balances[recipient].add(amount); emit Transfer(sender, recipient, amount); }

  /** @dev Creates amount tokens and assigns them to account, increasing

  • the total supply.

  • Emits a {Transfer} event with from set to the zero address.

  • Requirements

  • • to cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address");

    _beforeTokenTransfer(address(0), account, amount);

    _totalSupply = _totalSupply.add(amount); _balances[account] = _balances[account].add(amount); emit Transfer(address(0), account, amount); }

  /**

  • @dev Destroys amount tokens from account, reducing the

  • total supply.

  • Emits a {Transfer} event with to set to the zero address.

  • Requirements

  • • account cannot be the zero address.
  • • account must have at least amount tokens. */ function _burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address");

    _beforeTokenTransfer(account, address(0), amount);

    _balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance"); _totalSupply = _totalSupply.sub(amount); emit Transfer(account, address(0), amount); }

  /**

  • @dev Sets amount as the allowance of spender over the owner s tokens.

  • This internal function is equivalent to approve, and can be used to

  • e.g. set automatic allowances for certain subsystems, etc.

  • Emits an {Approval} event.

  • Requirements:

  • • owner cannot be the zero address.
  • • spender cannot be the zero address. */ function _approve(address owner, address spender, uint256 amount) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address");

    _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); }

  /**

  • @dev Sets {decimals} to a value other than the default one of 18.
  • WARNING: This function should only be called from the constructor. Most
  • applications that interact with token contracts will not expect
  • {decimals} to ever change, and may work incorrectly if it does. */ function setupDecimals(uint8 decimals) internal { decimals = decimals; }

  /**

  • @dev Hook that is called before any transfer of tokens. This includes
  • minting and burning.
  • Calling conditions:
  • • when from and to are both non-zero, amount of from's tokens
  • will be to transferred to to.
  • • when from is zero, amount tokens will be minted for to.
  • • when to is zero, amount of from's tokens will be burned.
  • • from and to are never both zero.
  • To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual { } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev This contract extends an ERC20 token with a snapshot mechanism. When a snapshot is created, the balances and

• total supply at the time are recorded for later access.

• This can be used to safely create mechanisms based on token balances such as trustless dividends or weighted voting.

• In naive implementations it's possible to perform a "double spend" attack by reusing the same balance from different

• accounts. By using snapshots to calculate dividends or voting power, those attacks no longer apply. It can also be

• used to create an efficient ERC20 forking mechanism.

• Snapshots are created by the internal {_snapshot} function, which will emit the {Snapshot} event and return a

• snapshot id. To get the total supply at the time of a snapshot, call the function {totalSupplyAt} with the snapshot

• id. To get the balance of an account at the time of a snapshot, call the {balanceOfAt} function with the snapshot id

• and the account address.

• ==== Gas Costs

• Snapshots are efficient. Snapshot creation is O(1). Retrieval of balances or total supply from a snapshot is _O(log

• n)_ in the number of snapshots that have been created, although n for a specific account will generally be much

• smaller since identical balances in subsequent snapshots are stored as a single entry.

• There is a constant overhead for normal ERC20 transfers due to the additional snapshot bookkeeping. This overhead is

• only significant for the first transfer that immediately follows a snapshot for a particular account. Subsequent

• transfers will have normal cost until the next snapshot, and so on. */ abstract contract ERC20Snapshot is ERC20 { // Inspired by Jordi Baylina's MiniMeToken to record historical balances: // https://github.com/Giveth/minimd/blob/ea04d950eea153a04c51fa510b068b9dded390cb/contracts/MiniMeToken.sol

  using SafeMath for uint256; using Arrays for uint256[]; using Counters for Counters.Counter;

  // Snapshotted values have arrays of ids and the value corresponding to that id. These could be an array of a // Snapshot struct, but that would impede usage of functions that work on an array. struct Snapshots { uint256[] ids; uint256[] values; }

  mapping (address => Snapshots) private _accountBalanceSnapshots; Snapshots private _totalSupplySnapshots;

  // Snapshot ids increase monotonically, with the first value being 1. An id of 0 is invalid. Counters.Counter private _currentSnapshotId;

  /**

  • @dev Emitted by {_snapshot} when a snapshot identified by id is created. */ event Snapshot(uint256 id);

  /**

  • @dev Creates a new snapshot and returns its snapshot id.

  • Emits a {Snapshot} event that contains the same id.

  • {_snapshot} is internal and you have to decide how to expose it externally. Its usage may be restricted to a

  • set of accounts, for example using {AccessControl}, or it may be open to the public.

  • [WARNING]

  • ====

  • While an open way of calling {_snapshot} is required for certain trust minimization mechanisms such as forking,

  • you must consider that it can potentially be used by attackers in two ways.

  • First, it can be used to increase the cost of retrieval of values from snapshots, although it will grow

  • logarithmically thus rendering this attack ineffective in the long term. Second, it can be used to target

  • specific accounts and increase the cost of ERC20 transfers for them, in the ways specified in the Gas Costs

  • section above.

  • We haven't measured the actual numbers; if this is something you're interested in please reach out to us.

  • ==== */ function _snapshot() internal virtual returns (uint256) { _currentSnapshotId.increment();

    uint256 currentId = _currentSnapshotId.current(); emit Snapshot(currentId); return currentId; }

  /**

  • @dev Retrieves the balance of account at the time snapshotId was created. */ function balanceOfAt(address account, uint256 snapshotId) public view returns (uint256) { (bool snapshotted, uint256 value) = _valueAt(snapshotId, _accountBalanceSnapshots[account]);

    return snapshotted ? value : balanceOf(account); }

  /**

  • @dev Retrieves the total supply at the time snapshotId was created. */ function totalSupplyAt(uint256 snapshotId) public view returns(uint256) { (bool snapshotted, uint256 value) = _valueAt(snapshotId, _totalSupplySnapshots);

    return snapshotted ? value : totalSupply(); }

  // Update balance and/or total supply snapshots before the values are modified. This is implemented // in the _beforeTokenTransfer hook, which is executed for _mint, _burn, and _transfer operations. function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override { super._beforeTokenTransfer(from, to, amount);

  if (from == address(0)) { // mint _updateAccountSnapshot(to); _updateTotalSupplySnapshot(); } else if (to == address(0)) { // burn _updateAccountSnapshot(from); _updateTotalSupplySnapshot(); } else { // transfer _updateAccountSnapshot(from); _updateAccountSnapshot(to); } }

  function _valueAt(uint256 snapshotId, Snapshots storage snapshots) private view returns (bool, uint256) { require(snapshotId > 0, "ERC20Snapshot: id is 0"); // solhint-disable-next-line max-line-length require(snapshotId <= _currentSnapshotId.current(), "ERC20Snapshot: nonexistent id");

   // When a valid snapshot is queried, there are three possibilities:
   //  a) The queried value was not modified after the snapshot was taken. Therefore, a snapshot entry was never
   //  created for this id, and all stored snapshot ids are smaller than the requested one. The value that corresponds
   //  to this id is the current one.
   //  b) The queried value was modified after the snapshot was taken. Therefore, there will be an entry with the
   //  requested id, and its value is the one to return.
   //  c) More snapshots were created after the requested one, and the queried value was later modified. There will be
   //  no entry for the requested id: the value that corresponds to it is that of the smallest snapshot id that is
   //  larger than the requested one.
   //
   // In summary, we need to find an element in an array, returning the index of the smallest value that is larger if
   // it is not found, unless said value doesn't exist (e.g. when all values are smaller). Arrays.findUpperBound does
   // exactly this.
  
   uint256 index = snapshots.ids.findUpperBound(snapshotId);
  
   if (index == snapshots.ids.length) {
       return (false, 0);
   } else {
       return (true, snapshots.values[index]);
   }
  

  }

  function _updateAccountSnapshot(address account) private { _updateSnapshot(_accountBalanceSnapshots[account], balanceOf(account)); }

  function _updateTotalSupplySnapshot() private { _updateSnapshot(_totalSupplySnapshots, totalSupply()); }

  function _updateSnapshot(Snapshots storage snapshots, uint256 currentValue) private { uint256 currentId = _currentSnapshotId.current(); if (_lastSnapshotId(snapshots.ids) < currentId) { snapshots.ids.push(currentId); snapshots.values.push(currentValue); } }

  function _lastSnapshotId(uint256[] storage ids) private view returns (uint256) { if (ids.length == 0) { return 0; } else { return ids[ids.length - 1]; } } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev Library for managing

• https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive

• types.

• Sets have the following properties:

• • Elements are added, removed, and checked for existence in constant time

• (O(1)).

• • Elements are enumerated in O(n). No guarantees are made on the ordering.

• contract Example {

• // Add the library methods
  

• using EnumerableSet for EnumerableSet.AddressSet;
  

• // Declare a set state variable
  

• EnumerableSet.AddressSet private mySet;
  

• }

• As of v3.0.0, only sets of type address (AddressSet) and uint256

• (UintSet) are supported. */ library EnumerableSet { // To implement this library for multiple types with as little code // repetition as possible, we write it in terms of a generic Set type with // bytes32 values. // The Set implementation uses private functions, and user-facing // implementations (such as AddressSet) are just wrappers around the // underlying Set. // This means that we can only create new EnumerableSets for types that fit // in bytes32.

  struct Set { // Storage of set values bytes32[] _values;

   // Position of the value in the `values` array, plus 1 because index 0
   // means a value is not in the set.
   mapping (bytes32 => uint256) _indexes;
  

  }

  /**

  • @dev Add a value to a set. O(1).
  • Returns true if the value was added to the set, that is if it was not
  • already present. */ function _add(Set storage set, bytes32 value) private returns (bool) { if (!_contains(set, value)) { set._values.push(value); // The value is stored at length-1, but we add 1 to all indexes // and use 0 as a sentinel value set._indexes[value] = set._values.length; return true; } else { return false; } }

  /**

  • @dev Removes a value from a set. O(1).

  • Returns true if the value was removed from the set, that is if it was

  • present. */ function _remove(Set storage set, bytes32 value) private returns (bool) { // We read and store the value's index to prevent multiple reads from the same storage slot uint256 valueIndex = set._indexes[value];

    if (valueIndex != 0) { // Equivalent to contains(set, value) // To delete an element from the _values array in O(1), we swap the element to delete with the last one in // the array, and then remove the last element (sometimes called as 'swap and pop'). // This modifies the order of the array, as noted in {at}.

     uint256 toDeleteIndex = valueIndex - 1;
     uint256 lastIndex = set._values.length - 1;
    
     // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs
     // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.
    
     bytes32 lastvalue = set._values[lastIndex];
    
     // Move the last value to the index where the value to delete is
     set._values[toDeleteIndex] = lastvalue;
     // Update the index for the moved value
     set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based
    
     // Delete the slot where the moved value was stored
     set._values.pop();
    
     // Delete the index for the deleted slot
     delete set._indexes[value];
    
     return true;
    

    } else { return false; } }

  /**

  • @dev Returns true if the value is in the set. O(1). */ function _contains(Set storage set, bytes32 value) private view returns (bool) { return set._indexes[value] != 0; }

  /**

  • @dev Returns the number of values on the set. O(1). */ function _length(Set storage set) private view returns (uint256) { return set._values.length; }

  /**

  • @dev Returns the value stored at position index in the set. O(1).
  • Note that there are no guarantees on the ordering of values inside the
  • array, and it may change when more values are added or removed.
  • Requirements:
  • • index must be strictly less than {length}. */ function _at(Set storage set, uint256 index) private view returns (bytes32) { require(set._values.length > index, "EnumerableSet: index out of bounds"); return set._values[index]; }

  // AddressSet

  struct AddressSet { Set _inner; }

  /**

  • @dev Add a value to a set. O(1).
  • Returns true if the value was added to the set, that is if it was not
  • already present. */ function add(AddressSet storage set, address value) internal returns (bool) { return _add(set._inner, bytes32(uint256(value))); }

  /**

  • @dev Removes a value from a set. O(1).
  • Returns true if the value was removed from the set, that is if it was
  • present. */ function remove(AddressSet storage set, address value) internal returns (bool) { return _remove(set._inner, bytes32(uint256(value))); }

  /**

  • @dev Returns true if the value is in the set. O(1). */ function contains(AddressSet storage set, address value) internal view returns (bool) { return _contains(set._inner, bytes32(uint256(value))); }

  /**

  • @dev Returns the number of values in the set. O(1). */ function length(AddressSet storage set) internal view returns (uint256) { return _length(set._inner); }

  /**

  • @dev Returns the value stored at position index in the set. O(1).
  • Note that there are no guarantees on the ordering of values inside the
  • array, and it may change when more values are added or removed.
  • Requirements:
  • • index must be strictly less than {length}. */ function at(AddressSet storage set, uint256 index) internal view returns (address) { return address(uint256(_at(set._inner, index))); }

  // UintSet

  struct UintSet { Set _inner; }

  /**

  • @dev Add a value to a set. O(1).
  • Returns true if the value was added to the set, that is if it was not
  • already present. */ function add(UintSet storage set, uint256 value) internal returns (bool) { return _add(set._inner, bytes32(value)); }

  /**

  • @dev Removes a value from a set. O(1).
  • Returns true if the value was removed from the set, that is if it was
  • present. */ function remove(UintSet storage set, uint256 value) internal returns (bool) { return _remove(set._inner, bytes32(value)); }

  /**

  • @dev Returns true if the value is in the set. O(1). */ function contains(UintSet storage set, uint256 value) internal view returns (bool) { return _contains(set._inner, bytes32(value)); }

  /**

  • @dev Returns the number of values on the set. O(1). */ function length(UintSet storage set) internal view returns (uint256) { return _length(set._inner); }

  /**

  • @dev Returns the value stored at position index in the set. O(1).
  • Note that there are no guarantees on the ordering of values inside the
  • array, and it may change when more values are added or removed.
  • Requirements:
  • • index must be strictly less than {length}. */ function at(UintSet storage set, uint256 index) internal view returns (uint256) { return uint256(_at(set._inner, index)); } }

// Partial License: MIT

pragma solidity ^0.6.0;

/**

• @dev Contract module that allows children to implement role-based access

• control mechanisms.

• Roles are referred to by their bytes32 identifier. These should be exposed

• in the external API and be unique. The best way to achieve this is by

• using public constant hash digests:

• bytes32 public constant MY_ROLE = keccak256("MY_ROLE");

• Roles can be used to represent a set of permissions. To restrict access to a

• function call, use {hasRole}:

• function foo() public {

• require(hasRole(MY_ROLE, msg.sender));
  

• ...
  

• }

• Roles can be granted and revoked dynamically via the {grantRole} and

• {revokeRole} functions. Each role has an associated admin role, and only

• accounts that have a role's admin role can call {grantRole} and {revokeRole}.

• By default, the admin role for all roles is DEFAULT_ADMIN_ROLE, which means

• that only accounts with this role will be able to grant or revoke other

• roles. More complex role relationships can be created by using

• {_setRoleAdmin}.

• WARNING: The DEFAULT_ADMIN_ROLE is also its own admin: it has permission to

• grant and revoke this role. Extra precautions should be taken to secure

• accounts that have been granted it. */ abstract contract AccessControl is Context { using EnumerableSet for EnumerableSet.AddressSet; using Address for address;

  struct RoleData { EnumerableSet.AddressSet members; bytes32 adminRole; }

  mapping (bytes32 => RoleData) private _roles;

  bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;

  /**

  • @dev Emitted when newAdminRole is set as role's admin role, replacing previousAdminRole
  • DEFAULT_ADMIN_ROLE is the starting admin for all roles, despite
  • {RoleAdminChanged} not being emitted signaling this.
  • Available since v3.1. */ event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);

  /**

  • @dev Emitted when account is granted role.
  • sender is the account that originated the contract call, an admin role
  • bearer except when using {_setupRole}. */ event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);

  /**

  • @dev Emitted when account is revoked role.
  • sender is the account that originated the contract call:
  • • if using revokeRole, it is the admin role bearer
  • • if using renounceRole, it is the role bearer (i.e. account) */ event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);

  /**

  • @dev Returns true if account has been granted role. */ function hasRole(bytes32 role, address account) public view returns (bool) { return _roles[role].members.contains(account); }

  /**

  • @dev Returns the number of accounts that have role. Can be used
  • together with {getRoleMember} to enumerate all bearers of a role. */ function getRoleMemberCount(bytes32 role) public view returns (uint256) { return _roles[role].members.length(); }

  /**

  • @dev Returns one of the accounts that have role. index must be a
  • value between 0 and {getRoleMemberCount}, non-inclusive.
  • Role bearers are not sorted in any particular way, and their ordering may
  • change at any point.
  • WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
  • you perform all queries on the same block. See the following
  • https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
  • for more information. */ function getRoleMember(bytes32 role, uint256 index) public view returns (address) { return _roles[role].members.at(index); }

  /**

  • @dev Returns the admin role that controls role. See {grantRole} and
  • {revokeRole}.
  • To change a role's admin, use {_setRoleAdmin}. */ function getRoleAdmin(bytes32 role) public view returns (bytes32) { return _roles[role].adminRole; }

  /**

  • @dev Grants role to account.

  • If account had not been already granted role, emits a {RoleGranted}

  • event.

  • Requirements:

  • • the caller must have role's admin role. */ function grantRole(bytes32 role, address account) public virtual { require(hasRole(_roles[role].adminRole, _msgSender()), "AccessControl: sender must be an admin to grant");

    _grantRole(role, account); }

  /**

  • @dev Revokes role from account.

  • If account had been granted role, emits a {RoleRevoked} event.

  • Requirements:

  • • the caller must have role's admin role. */ function revokeRole(bytes32 role, address account) public virtual { require(hasRole(_roles[role].adminRole, _msgSender()), "AccessControl: sender must be an admin to revoke");

    _revokeRole(role, account); }

  /**

  • @dev Revokes role from the calling account.

  • Roles are often managed via {grantRole} and {revokeRole}: this function's

  • purpose is to provide a mechanism for accounts to lose their privileges

  • if they are compromised (such as when a trusted device is misplaced).

  • If the calling account had been granted role, emits a {RoleRevoked}

  • event.

  • Requirements:

  • • the caller must be account. */ function renounceRole(bytes32 role, address account) public virtual { require(account == _msgSender(), "AccessControl: can only renounce roles for self");

    _revokeRole(role, account); }

  /**

  • @dev Grants role to account.
  • If account had not been already granted role, emits a {RoleGranted}
  • event. Note that unlike {grantRole}, this function doesn't perform any
  • checks on the calling account.
  • [WARNING]
  • ====
  • This function should only be called from the constructor when setting
  • up the initial roles for the system.
  • Using this function in any other way is effectively circumventing the admin
  • system imposed by {AccessControl}.
  • ==== */ function _setupRole(bytes32 role, address account) internal virtual { _grantRole(role, account); }

  /**

  • @dev Sets adminRole as role's admin role.
  • Emits a {RoleAdminChanged} event. */ function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual { emit RoleAdminChanged(role, _roles[role].adminRole, adminRole); _roles[role].adminRole = adminRole; }

  function _grantRole(bytes32 role, address account) private { if (_roles[role].members.add(account)) { emit RoleGranted(role, account, _msgSender()); } }

  function _revokeRole(bytes32 role, address account) private { if (_roles[role].members.remove(account)) { emit RoleRevoked(role, account, _msgSender()); } } }

pragma solidity 0.6.8;

contract QXToken is Context, AccessControl, ERC20Snapshot { bytes32 public constant SNAPSHOT_ROLE = keccak256("SNAPSHOT_ROLE");

constructor(uint256 amount, uint8 decimals) ERC20("QX ERC20", "QX") public {
    _setupDecimals(decimals);
    _mint(msg.sender, amount);

    // set up required roles
    _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
    _setupRole(SNAPSHOT_ROLE, _msgSender());
}

/**
 * @dev Creates a new snapshot and returns its snapshot id.
 * Emits a {Snapshot} event that contains the same id.
*/
function snapshot() public {
    require(hasRole(SNAPSHOT_ROLE, _msgSender()), "Must have snapshot role to create a snapshot");
    _snapshot();
}

}