The OrderValidator contract is the central security component of the exchange. It checks the validity of the orders being traded:
- makers validity
- expiration dates
- whitelisted tokens
Since anybody can execute a match between 2 orders, it's essential to check that the makers allow this exchange, that can be done in two ways:
- if the sender is the maker, the order is considered safe
- the order has to be signed by the maker and the sender has to provide the signature when matching the orders
Note that the maker always has to be defined and different from address 0.
The contract follows the EIP712 to validate the signatures. Users must sign its orders using the eth_signTypedDataV4 function.
By supporting the ERC1271, the contract allows contracts to sign orders (ie Gnosis).
A user can decide to add an expiration date to its order. That order will be stale after the specified date.
Also a user can decide to add a starting date to its order. That order cannot be executed before the specified date.
The tokens allowed to be traded on the exchange can be whitelisted.
We separate tokens into 2 categories:
- payment tokens (ERC20)
- collections (ERC1155 or ERC721).
ERC20 tokens are controlled by the ERC20_ROLE, this role is always activated, only tokens with said role can be exchange.
For collections two lists are available (Sandbox and Partners), only one is
sufficient for a collection to be allowed. The whitelists for collections can be
enabled or disabled separately or globally (through enableWhitelists and
disableWhitelists). The whitelisting is based on the Open Zeppelin Access
Control component.
The contract is based on Access Control to handle the whitelists with 3 roles:
TSB_ROLEis the role representing the permission for a Sandbox collection to be tradedPARTNER_ROLEis the role representing the permission for a partner collection to be tradedERC20_ROLEis the role representing the permission for a payment token (ERC20) to be traded
The OrderValidator contract is using initializers & gaps to provide upgradability.