Contract Source Code (Solidity Standard Json-Input format)

IDE

• Blockscan IDE
• 🤖 Code ReaderBeta

More Options

• Similar
• Submit Audit
• Compare

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import "@openzeppelin/contracts/utils/math/Math.sol";
import {Ownable2StepUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {IOracle} from "./interfaces/IOracle.sol";
import {Actions} from "../libs/Actions.sol";
import {Assert} from "./libraries/Assert.sol";
import {INotaryConsortium} from "../consortium/INotaryConsortium.sol";

contract StakedLBTCOracle is
    IOracle,
    Ownable2StepUpgradeable,
    ReentrancyGuardUpgradeable
{
    error WrongRatioSwitchTime();
    error RatioInitializedAlready();
    error TooBigRatioChange();

    event Oracle_ConsortiumChanged(
        address indexed prevVal,
        address indexed newVal
    );
    event Oracle_TokenDetailsSet(address indexed token, bytes32 indexed denom);
    event Oracle_MaxAheadIntervalChanged(
        uint256 indexed prevVal,
        uint256 indexed newVal
    );
    event RatioThresholdUpdated(
        uint256 indexed prevVal,
        uint256 indexed newVal
    );

    /// @dev max ratio threshold (100% with 6 significant digits)
    uint32 private constant MAX_RATIO_THRESHOLD = uint32(100_000000);
    uint32 private constant RATIO_DEFAULT_SWITCH_INTERVAL = uint32(86400); // 60*60*24 (1 day)

    struct TokenDetails {
        bytes32 denomHash;
        address token;
    }

    struct StakedLBTCOracleStorage {
        INotaryConsortium consortium;
        TokenDetails tokenDetails;
        uint256 prevRatio;
        uint256 currRatio;
        uint256 switchTime;
        uint256 maxAheadInterval;
        /// @dev diff between current and new ratio in percent, measured to 6 signs (0.000001% ... 100%)
        uint32 ratioThreshold;
    }

    // keccak256(abi.encode(uint256(keccak256("lombardfinance.storage.StakedLBTCOracle")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant STAKED_LBTC_ORACLE_STORAGE_LOCATION =
        0x773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594200;

    constructor() {
        _disableInitializers();
    }
    function initialize(
        address owner_,
        address consortium_,
        address token_,
        bytes32 denomHash_,
        uint256 ratio_,
        uint256 switchTime_,
        uint256 maxAheadInterval_
    ) external initializer {
        __Ownable_init(owner_);
        __Ownable2Step_init();
        __StakedLBTCOracle_init(
            consortium_,
            token_,
            denomHash_,
            ratio_,
            switchTime_,
            maxAheadInterval_
        );
    }

    function __StakedLBTCOracle_init(
        address consortium_,
        address token_,
        bytes32 denomHash_,
        uint256 ratio_,
        uint256 switchTime_,
        uint256 maxAheadInterval_
    ) internal onlyInitializing {
        _changeConsortium(consortium_);
        _setTokenDetails(token_, denomHash_);
        _initRatio(ratio_, switchTime_);
        _changeMaxAheadInterval(maxAheadInterval_);
    }

    function changeConsortium(address newVal) external onlyOwner {
        _changeConsortium(newVal);
    }

    function consortium() external view returns (INotaryConsortium) {
        return _getStakedLBTCOracleStorage().consortium;
    }

    function changeMaxAheadInterval(uint256 newVal) external onlyOwner {
        _changeMaxAheadInterval(newVal);
    }

    function maxAheadInterval() external view returns (uint256) {
        return _getStakedLBTCOracleStorage().maxAheadInterval;
    }

    function token() external view override returns (address) {
        return _getStakedLBTCOracleStorage().tokenDetails.token;
    }

    function denomHash() external view override returns (bytes32) {
        return _getStakedLBTCOracleStorage().tokenDetails.denomHash;
    }

    function updateRatioThreshold(uint32 newThreshold) external onlyOwner {
        require(
            newThreshold < MAX_RATIO_THRESHOLD && newThreshold > 0,
            "new ratio threshold out of range"
        );
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        emit RatioThresholdUpdated($.ratioThreshold, newThreshold);
        $.ratioThreshold = newThreshold;
    }

    function publishNewRatio(
        bytes calldata rawPayload,
        bytes calldata proof
    ) external {
        return _publishNewRatio(rawPayload, proof);
    }

    function ratioThreshold() external view returns (uint256) {
        return _getStakedLBTCOracleStorage().ratioThreshold;
    }

    function ratio() external view override returns (uint256) {
        return _ratio();
    }

    function nextRatio() external view returns (uint256, uint256) {
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        return ($.currRatio, $.switchTime);
    }

    function getRate() external view override returns (uint256) {
        return Math.mulDiv(1 ether, 1 ether, _ratio(), Math.Rounding.Ceil);
    }

    function _publishNewRatio(
        bytes calldata rawPayload,
        bytes calldata proof
    ) internal {
        Assert.selector(rawPayload, Actions.RATIO_UPDATE);
        Actions.RatioUpdate memory action = Actions.ratioUpdate(rawPayload[4:]);
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        _validateRatio($, action.ratio, action.switchTime);
        bytes32 payloadHash = sha256(rawPayload);
        $.consortium.checkProof(payloadHash, proof);
        _setNewRatio(action.ratio, action.switchTime);
    }

    function _initRatio(uint256 ratio_, uint256 switchTime_) internal {
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        $.ratioThreshold = uint32(1_000000); // 1% by default
        if ($.currRatio != 0 || $.prevRatio != 0 || $.switchTime != 0) {
            revert RatioInitializedAlready();
        }
        $.currRatio = 1 ether;
        _setNewRatio(ratio_, switchTime_);
    }

    function _setNewRatio(uint256 ratio_, uint256 switchTime_) internal {
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        if (block.timestamp >= $.switchTime) {
            $.prevRatio = $.currRatio;
        }
        $.currRatio = ratio_;
        $.switchTime = switchTime_;
        emit Oracle_RatioChanged($.prevRatio, $.currRatio, $.switchTime);
    }

    function _validateRatio(
        StakedLBTCOracleStorage storage $,
        uint256 ratio_,
        uint256 switchTime_
    ) internal view {
        if (
            $.switchTime >= switchTime_ ||
            switchTime_ > (block.timestamp + $.maxAheadInterval)
        ) {
            revert WrongRatioSwitchTime();
        }
        uint256 interval = switchTime_ - $.switchTime;
        uint256 threshold = Math.mulDiv(
            $.currRatio,
            interval * $.ratioThreshold,
            RATIO_DEFAULT_SWITCH_INTERVAL * MAX_RATIO_THRESHOLD
        );
        if (
            (($.currRatio > ratio_) && ($.currRatio - ratio_) > threshold) ||
            ((ratio_ > $.currRatio) && (ratio_ - $.currRatio) > threshold)
        ) {
            revert TooBigRatioChange();
        }
    }

    function _ratio() internal view returns (uint256) {
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        if (block.timestamp >= $.switchTime) {
            return $.currRatio;
        }
        return $.prevRatio;
    }

    /// @dev not zero
    function _changeConsortium(address newVal) internal {
        Assert.zeroAddress(newVal);
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        emit Oracle_ConsortiumChanged(address($.consortium), newVal);
        $.consortium = INotaryConsortium(newVal);
    }

    /// @dev not zero
    function _setTokenDetails(address token_, bytes32 denomHash_) internal {
        Assert.zeroAddress(token_);
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        emit Oracle_TokenDetailsSet(token_, denomHash_);
        $.tokenDetails = TokenDetails({token: token_, denomHash: denomHash_});
    }

    function _changeMaxAheadInterval(uint256 newVal) internal {
        StakedLBTCOracleStorage storage $ = _getStakedLBTCOracleStorage();
        emit Oracle_MaxAheadIntervalChanged($.maxAheadInterval, newVal);
        $.maxAheadInterval = newVal;
    }

    function _getStakedLBTCOracleStorage()
        private
        pure
        returns (StakedLBTCOracleStorage storage $)
    {
        assembly {
            $.slot := STAKED_LBTC_ORACLE_STORAGE_LOCATION
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable2Step.sol)

pragma solidity ^0.8.20;

import {OwnableUpgradeable} from "./OwnableUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is specified at deployment time in the constructor for `Ownable`. This
 * can later be changed with {transferOwnership} and {acceptOwnership}.
 *
 * This module is used through inheritance. It will make available all functions
 * from parent (Ownable).
 */
abstract contract Ownable2StepUpgradeable is Initializable, OwnableUpgradeable {
    /// @custom:storage-location erc7201:openzeppelin.storage.Ownable2Step
    struct Ownable2StepStorage {
        address _pendingOwner;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable2Step")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant Ownable2StepStorageLocation = 0x237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c00;

    function _getOwnable2StepStorage() private pure returns (Ownable2StepStorage storage $) {
        assembly {
            $.slot := Ownable2StepStorageLocation
        }
    }

    event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);

    function __Ownable2Step_init() internal onlyInitializing {
    }

    function __Ownable2Step_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev Returns the address of the pending owner.
     */
    function pendingOwner() public view virtual returns (address) {
        Ownable2StepStorage storage $ = _getOwnable2StepStorage();
        return $._pendingOwner;
    }

    /**
     * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual override onlyOwner {
        Ownable2StepStorage storage $ = _getOwnable2StepStorage();
        $._pendingOwner = newOwner;
        emit OwnershipTransferStarted(owner(), newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual override {
        Ownable2StepStorage storage $ = _getOwnable2StepStorage();
        delete $._pendingOwner;
        super._transferOwnership(newOwner);
    }

    /**
     * @dev The new owner accepts the ownership transfer.
     */
    function acceptOwnership() public virtual {
        address sender = _msgSender();
        if (pendingOwner() != sender) {
            revert OwnableUnauthorizedAccount(sender);
        }
        _transferOwnership(sender);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
    /// @custom:storage-location erc7201:openzeppelin.storage.Ownable
    struct OwnableStorage {
        address _owner;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;

    function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
        assembly {
            $.slot := OwnableStorageLocation
        }
    }

    /**
     * @dev The caller account is not authorized to perform an operation.
     */
    error OwnableUnauthorizedAccount(address account);

    /**
     * @dev The owner is not a valid owner account. (eg. `address(0)`)
     */
    error OwnableInvalidOwner(address owner);

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
     */
    function __Ownable_init(address initialOwner) internal onlyInitializing {
        __Ownable_init_unchained(initialOwner);
    }

    function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
        if (initialOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(initialOwner);
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        OwnableStorage storage $ = _getOwnableStorage();
        return $._owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        if (owner() != _msgSender()) {
            revert OwnableUnauthorizedAccount(_msgSender());
        }
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        if (newOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        OwnableStorage storage $ = _getOwnableStorage();
        address oldOwner = $._owner;
        $._owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.20;

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```solidity
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 *
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
    /**
     * @dev Storage of the initializable contract.
     *
     * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
     * when using with upgradeable contracts.
     *
     * @custom:storage-location erc7201:openzeppelin.storage.Initializable
     */
    struct InitializableStorage {
        /**
         * @dev Indicates that the contract has been initialized.
         */
        uint64 _initialized;
        /**
         * @dev Indicates that the contract is in the process of being initialized.
         */
        bool _initializing;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;

    /**
     * @dev The contract is already initialized.
     */
    error InvalidInitialization();

    /**
     * @dev The contract is not initializing.
     */
    error NotInitializing();

    /**
     * @dev Triggered when the contract has been initialized or reinitialized.
     */
    event Initialized(uint64 version);

    /**
     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
     * `onlyInitializing` functions can be used to initialize parent contracts.
     *
     * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
     * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
     * production.
     *
     * Emits an {Initialized} event.
     */
    modifier initializer() {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        // Cache values to avoid duplicated sloads
        bool isTopLevelCall = !$._initializing;
        uint64 initialized = $._initialized;

        // Allowed calls:
        // - initialSetup: the contract is not in the initializing state and no previous version was
        //                 initialized
        // - construction: the contract is initialized at version 1 (no reininitialization) and the
        //                 current contract is just being deployed
        bool initialSetup = initialized == 0 && isTopLevelCall;
        bool construction = initialized == 1 && address(this).code.length == 0;

        if (!initialSetup && !construction) {
            revert InvalidInitialization();
        }
        $._initialized = 1;
        if (isTopLevelCall) {
            $._initializing = true;
        }
        _;
        if (isTopLevelCall) {
            $._initializing = false;
            emit Initialized(1);
        }
    }

    /**
     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
     * used to initialize parent contracts.
     *
     * A reinitializer may be used after the original initialization step. This is essential to configure modules that
     * are added through upgrades and that require initialization.
     *
     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
     * cannot be nested. If one is invoked in the context of another, execution will revert.
     *
     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
     * a contract, executing them in the right order is up to the developer or operator.
     *
     * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
     *
     * Emits an {Initialized} event.
     */
    modifier reinitializer(uint64 version) {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing || $._initialized >= version) {
            revert InvalidInitialization();
        }
        $._initialized = version;
        $._initializing = true;
        _;
        $._initializing = false;
        emit Initialized(version);
    }

    /**
     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
     * {initializer} and {reinitializer} modifiers, directly or indirectly.
     */
    modifier onlyInitializing() {
        _checkInitializing();
        _;
    }

    /**
     * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
     */
    function _checkInitializing() internal view virtual {
        if (!_isInitializing()) {
            revert NotInitializing();
        }
    }

    /**
     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
     * through proxies.
     *
     * Emits an {Initialized} event the first time it is successfully executed.
     */
    function _disableInitializers() internal virtual {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing) {
            revert InvalidInitialization();
        }
        if ($._initialized != type(uint64).max) {
            $._initialized = type(uint64).max;
            emit Initialized(type(uint64).max);
        }
    }

    /**
     * @dev Returns the highest version that has been initialized. See {reinitializer}.
     */
    function _getInitializedVersion() internal view returns (uint64) {
        return _getInitializableStorage()._initialized;
    }

    /**
     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
     */
    function _isInitializing() internal view returns (bool) {
        return _getInitializableStorage()._initializing;
    }

    /**
     * @dev Returns a pointer to the storage namespace.
     */
    // solhint-disable-next-line var-name-mixedcase
    function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
        assembly {
            $.slot := INITIALIZABLE_STORAGE
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuardUpgradeable is Initializable {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant NOT_ENTERED = 1;
    uint256 private constant ENTERED = 2;

    /// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuard
    struct ReentrancyGuardStorage {
        uint256 _status;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant ReentrancyGuardStorageLocation = 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;

    function _getReentrancyGuardStorage() private pure returns (ReentrancyGuardStorage storage $) {
        assembly {
            $.slot := ReentrancyGuardStorageLocation
        }
    }

    /**
     * @dev Unauthorized reentrant call.
     */
    error ReentrancyGuardReentrantCall();

    function __ReentrancyGuard_init() internal onlyInitializing {
        __ReentrancyGuard_init_unchained();
    }

    function __ReentrancyGuard_init_unchained() internal onlyInitializing {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        $._status = NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        // On the first call to nonReentrant, _status will be NOT_ENTERED
        if ($._status == ENTERED) {
            revert ReentrancyGuardReentrantCall();
        }

        // Any calls to nonReentrant after this point will fail
        $._status = ENTERED;
    }

    function _nonReentrantAfter() private {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        $._status = NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        return $._status == ENTERED;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1271.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC1271 standard signature validation method for
 * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].
 */
interface IERC1271 {
    /**
     * @dev Should return whether the signature provided is valid for the provided data
     * @param hash      Hash of the data to be signed
     * @param signature Signature byte array associated with _data
     */
    function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.20;

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS
    }

    /**
     * @dev The signature derives the `address(0)`.
     */
    error ECDSAInvalidSignature();

    /**
     * @dev The signature has an invalid length.
     */
    error ECDSAInvalidSignatureLength(uint256 length);

    /**
     * @dev The signature has an S value that is in the upper half order.
     */
    error ECDSAInvalidSignatureS(bytes32 s);

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
     * return address(0) without also returning an error description. Errors are documented using an enum (error type)
     * and a bytes32 providing additional information about the error.
     *
     * If no error is returned, then the address can be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError, bytes32) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     */
    function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError, bytes32) {
        unchecked {
            bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
            // We do not check for an overflow here since the shift operation results in 0 or 1.
            uint8 v = uint8((uint256(vs) >> 255) + 27);
            return tryRecover(hash, v, r, s);
        }
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function tryRecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address, RecoverError, bytes32) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS, s);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature, bytes32(0));
        }

        return (signer, RecoverError.NoError, bytes32(0));
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
     */
    function _throwError(RecoverError error, bytes32 errorArg) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert ECDSAInvalidSignature();
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert ECDSAInvalidSignatureLength(uint256(errorArg));
        } else if (error == RecoverError.InvalidSignatureS) {
            revert ECDSAInvalidSignatureS(errorArg);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    /**
     * @dev Muldiv operation overflow.
     */
    error MathOverflowedMulDiv();

    enum Rounding {
        Floor, // Toward negative infinity
        Ceil, // Toward positive infinity
        Trunc, // Toward zero
        Expand // Away from zero
    }

    /**
     * @dev Returns the addition of two unsigned integers, with an overflow flag.
     */
    function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            uint256 c = a + b;
            if (c < a) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
     */
    function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b > a) return (false, 0);
            return (true, a - b);
        }
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
     */
    function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
            // benefit is lost if 'b' is also tested.
            // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
            if (a == 0) return (true, 0);
            uint256 c = a * b;
            if (c / a != b) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the division of two unsigned integers, with a division by zero flag.
     */
    function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a / b);
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
     */
    function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a % b);
        }
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds towards infinity instead
     * of rounding towards zero.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        if (b == 0) {
            // Guarantee the same behavior as in a regular Solidity division.
            return a / b;
        }

        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
     * denominator == 0.
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
     * Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0 = x * y; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            if (denominator <= prod1) {
                revert MathOverflowedMulDiv();
            }

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
            // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.

            uint256 twos = denominator & (0 - denominator);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
            // works in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
     * towards zero.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
        }
    }

    /**
     * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
     */
    function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
        return uint8(rounding) % 2 == 1;
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

interface INotaryConsortium {
    /// @dev Error thrown when signature payload is already used
    error PayloadAlreadyUsed();

    /// @dev Error thrown when signatures length is not equal to signers length
    error LengthMismatch();

    /// @dev Error thrown when there are not enough signatures
    error NotEnoughSignatures();

    /// @dev Error thrown when unexpected action is used
    error UnexpectedAction(bytes4 action);

    /// @dev Event emitted when the validator set is updated
    event ValidatorSetUpdated(
        uint256 indexed epoch,
        address[] validators,
        uint256[] weights,
        uint256 threshold
    );

    /// @dev Error thrown when validator set already set
    error ValSetAlreadySet();

    /// @dev Error thrown when no validator set is set
    error NoValidatorSet();

    /// @dev Error thrown when invalid epoch is provided
    error InvalidEpoch();

    function checkProof(
        bytes32 _payloadHash,
        bytes calldata _proof
    ) external view;
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

interface IOracle {
    event Oracle_RatioChanged(
        uint256 prevVal,
        uint256 newVal,
        uint256 switchTime
    );

    function ratio() external view returns (uint256);
    function getRate() external view returns (uint256);
    function token() external view returns (address);
    function denomHash() external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {EIP1271SignatureUtils} from "../../libs/EIP1271SignatureUtils.sol";

/// @dev collection of assertions used in ERC20 contracts
library Assert {
    error InvalidDustFeeRate();
    error NonEqualLength(uint256 a, uint256 b);
    error InvalidAction(bytes4 expected, bytes4 actual);
    error InvalidFeeApprovalSignature();

    error ZeroAddress();

    function zeroAddress(address addr) internal pure {
        if (addr == address(0)) revert ZeroAddress();
    }

    function dustFeeRate(uint256 rate) internal pure {
        if (rate == 0) revert InvalidDustFeeRate();
    }

    function equalLength(uint256 lengthA, uint256 lengthB) internal pure {
        if (lengthA != lengthB) revert NonEqualLength(lengthA, lengthB);
    }

    function selector(
        bytes calldata payload,
        bytes4 expectedAction
    ) internal pure {
        if (bytes4(payload) != expectedAction)
            revert InvalidAction(expectedAction, bytes4(payload));
    }

    function feeApproval(
        bytes32 digest,
        address recipient,
        bytes calldata signature
    ) internal view {
        if (
            !EIP1271SignatureUtils.checkSignature(recipient, digest, signature)
        ) {
            revert InvalidFeeApprovalSignature();
        }
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

library Actions {
    /// @dev toChain, recipient, amount, txid are validated
    struct DepositBtcActionV0 {
        uint256 toChain;
        address recipient;
        uint256 amount;
        bytes32 txid;
        uint32 vout;
    }

    /// @dev toChain, recipient, amount, txid, token are validated
    struct DepositBtcActionV1 {
        uint256 toChain;
        address recipient;
        uint256 amount;
        bytes32 txid;
        uint32 vout;
        address token;
    }

    struct DepositBridgeAction {
        uint256 fromChain;
        bytes32 fromContract;
        uint256 toChain;
        address toContract;
        address recipient;
        uint64 amount;
        uint256 nonce;
    }

    struct ValSetAction {
        uint256 epoch;
        address[] validators;
        uint256[] weights;
        uint256 weightThreshold;
        uint256 height;
    }

    struct FeeApprovalAction {
        uint256 fee;
        uint256 expiry;
    }

    struct RatioUpdate {
        bytes32 denom;
        uint256 ratio;
        uint256 switchTime;
    }

    /// @dev Error thrown when invalid public key is provided
    error InvalidPublicKey(bytes pubKey);

    /// @dev Error thrown when signatures length is not equal to signers length
    error Actions_LengthMismatch();

    /// @dev Error thrown when threshold is invalid
    error InvalidThreshold();

    /// @dev Error thrown when validator set size is invalid
    error InvalidValidatorSetSize();

    /// @dev Error thrown when zero validator is provided
    error ZeroValidator();

    /// @dev Error thrown when wrong chain id is provided
    error WrongChainId();

    /// @dev Error thrown when wrong contract is provided
    error WrongContract();

    /// @dev Error thrown when zero address is provided
    error Actions_ZeroAddress();

    /// @dev Error thrown when zero amount is provided
    error ZeroAmount();

    /// @dev Error thrown when zero weight is provided
    error ZeroWeight();

    /// @dev Error thrown when fee approval is expired
    error UserSignatureExpired(uint256 expiry);

    /// @dev Error thrown when amount is below fee
    error NotEnoughAmountToUseApproval();

    /// @dev Error thrown when zero fee is used
    error ZeroFee();

    /// @dev Error thrown when payload length is too big
    error InvalidPayloadSize(uint256 expected, uint256 actual);

    error ZeroTxId();

    error InvalidDestinationToken(address expected, address actual);

    error Actions_ZeroDenom();

    error Actions_ZeroRatio();

    // bytes4(keccak256("feeApproval(uint256,uint256)"))
    bytes4 internal constant FEE_APPROVAL_ACTION = 0x8175ca94;
    // keccak256("feeApproval(uint256 chainId,uint256 fee,uint256 expiry)")
    bytes32 internal constant FEE_APPROVAL_EIP712_ACTION =
        0x40ac9f6aa27075e64c1ed1ea2e831b20b8c25efdeb6b79fd0cf683c9a9c50725;
    // bytes4(keccak256("payload(bytes32,bytes32,uint64,bytes32,uint32)"))
    bytes4 internal constant DEPOSIT_BTC_ACTION_V0 = 0xf2e73f7c;
    // bytes4(keccak256("payload(bytes32,bytes32,uint64,bytes32,uint32,bytes32)"))
    bytes4 internal constant DEPOSIT_BTC_ACTION_V1 = 0xce25e7c2;
    // bytes4(keccak256("payload(bytes32,bytes32,bytes32,bytes32,bytes32,uint64,uint256)"))
    bytes4 internal constant DEPOSIT_BRIDGE_ACTION = 0x5c70a505;
    // bytes4(keccak256("payload(uint256,bytes[],uint256[],uint256,uint256)"))
    bytes4 internal constant NEW_VALSET = 0x4aab1d6f;
    // bytes4(keccak256("payload(bytes32,uint256,uint256)"))
    bytes4 internal constant RATIO_UPDATE = 0x6c722c2c;

    /// @dev Maximum number of validators allowed in the consortium.
    /// @notice This value is determined by the minimum of CometBFT consensus limitations and gas considerations:
    /// - CometBFT has a hard limit of 10,000 validators (https://docs.cometbft.com/v0.38/spec/core/state)
    /// - Gas-based calculation:
    ///   - Assumes 4281 gas per ECDSA signature verification
    ///   - Uses a conservative 30 million gas block limit
    ///   - Maximum possible signatures: 30,000,000 / 4,281 ≈ 7007
    ///   - Reverse calculated for BFT consensus (2/3 + 1):
    ///     7,007 = (10,509 * 2/3 + 1) rounded down
    /// - The lower value of 10,000 (CometBFT limit) and 10,509 (gas calculation) is chosen
    /// @dev This limit ensures compatibility with CometBFT while also considering gas limitations
    ///      for signature verification within a single block.
    uint256 private constant MAX_VALIDATOR_SET_SIZE = 102;

    /// @dev Minimum number of validators allowed in the system.
    /// @notice While set to 1 to allow for non-distributed scenarios, this configuration
    /// does not provide Byzantine fault tolerance. For a truly distributed and
    /// fault-tolerant system, a minimum of 4 validators would be recommended to tolerate
    /// at least one Byzantine fault.
    uint256 private constant MIN_VALIDATOR_SET_SIZE = 1;

    /// @dev A constant representing the number of bytes for a slot of information in a payload.
    uint256 internal constant ABI_SLOT_SIZE = 32;

    /**
     * @notice Returns decoded deposit btc msg v0
     * @dev Message should not contain the selector
     * @param payload Body of the mint payload
     */
    function depositBtcV0(
        bytes memory payload
    ) internal view returns (DepositBtcActionV0 memory) {
        if (payload.length != ABI_SLOT_SIZE * 5)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 5, payload.length);

        (
            uint256 toChain,
            address recipient,
            uint256 amount,
            bytes32 txid,
            uint32 vout
        ) = abi.decode(payload, (uint256, address, uint256, bytes32, uint32));

        if (toChain != block.chainid) {
            revert WrongChainId();
        }
        if (recipient == address(0)) {
            revert Actions_ZeroAddress();
        }
        if (amount == 0) {
            revert ZeroAmount();
        }
        if (txid == bytes32(0)) {
            revert ZeroTxId();
        }

        return DepositBtcActionV0(toChain, recipient, amount, txid, vout);
    }

    /**
     * @notice Returns decoded deposit btc msg v1
     * @dev Message should not contain the selector
     * @param payload Body of the mint payload
     */
    function depositBtcV1(
        bytes memory payload
    ) internal view returns (DepositBtcActionV1 memory) {
        if (payload.length != ABI_SLOT_SIZE * 6)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 6, payload.length);

        (
            uint256 toChain,
            address recipient,
            uint256 amount,
            bytes32 txid,
            uint32 vout,
            address token
        ) = abi.decode(
                payload,
                (uint256, address, uint256, bytes32, uint32, address)
            );

        if (toChain != block.chainid) {
            revert WrongChainId();
        }
        if (recipient == address(0)) {
            revert Actions_ZeroAddress();
        }
        if (amount == 0) {
            revert ZeroAmount();
        }
        if (txid == bytes32(0)) {
            revert ZeroTxId();
        }
        if (token != address(this)) {
            revert InvalidDestinationToken(address(this), token);
        }

        return
            DepositBtcActionV1(toChain, recipient, amount, txid, vout, token);
    }

    /**
     * @notice Returns decoded bridge payload
     * @dev Payload should not contain the selector
     * @param payload Body of the burn payload
     */
    function depositBridge(
        bytes memory payload
    ) internal view returns (DepositBridgeAction memory) {
        if (payload.length != ABI_SLOT_SIZE * 7)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 7, payload.length);

        (
            uint256 fromChain,
            bytes32 fromContract,
            uint256 toChain,
            address toContract,
            address recipient,
            uint64 amount,
            uint256 nonce
        ) = abi.decode(
                payload,
                (uint256, bytes32, uint256, address, address, uint64, uint256)
            );

        if (toChain != block.chainid) {
            revert WrongChainId();
        }
        if (recipient == address(0)) {
            revert Actions_ZeroAddress();
        }
        if (amount == 0) {
            revert ZeroAmount();
        }

        return
            DepositBridgeAction(
                fromChain,
                fromContract,
                toChain,
                toContract,
                recipient,
                amount,
                nonce
            );
    }

    /**
     * @notice Returns decoded validator set
     * @dev Payload should not contain the selector
     * @param payload Body of the set validators set payload
     */
    function validateValSet(
        bytes memory payload
    ) internal pure returns (ValSetAction memory) {
        (
            uint256 epoch,
            bytes[] memory pubKeys,
            uint256[] memory weights,
            uint256 weightThreshold,
            uint256 height
        ) = abi.decode(
                payload,
                (uint256, bytes[], uint256[], uint256, uint256)
            );

        // Since dynamic arrays can variably insert more slots of data for things such as data length,
        // offset etc., we will just encode the received variables again and check for a length match.
        bytes memory reEncodedPayload = abi.encode(
            epoch,
            pubKeys,
            weights,
            weightThreshold,
            height
        );
        if (reEncodedPayload.length != payload.length)
            revert InvalidPayloadSize(payload.length, reEncodedPayload.length);

        if (
            pubKeys.length < MIN_VALIDATOR_SET_SIZE ||
            pubKeys.length > MAX_VALIDATOR_SET_SIZE
        ) revert InvalidValidatorSetSize();

        if (pubKeys.length != weights.length) revert Actions_LengthMismatch();

        if (weightThreshold == 0) revert InvalidThreshold();

        uint256 sum = 0;
        for (uint256 i; i < weights.length; ) {
            if (weights[i] == 0) {
                revert ZeroWeight();
            }
            sum += weights[i];
            unchecked {
                ++i;
            }
        }
        if (sum < weightThreshold) revert InvalidThreshold();

        address[] memory validators = pubKeysToAddress(pubKeys);

        return
            ValSetAction(epoch, validators, weights, weightThreshold, height);
    }

    function pubKeysToAddress(
        bytes[] memory _pubKeys
    ) internal pure returns (address[] memory) {
        address[] memory addresses = new address[](_pubKeys.length);
        for (uint256 i; i < _pubKeys.length; ) {
            // each pubkey represented as uncompressed

            if (_pubKeys[i].length == 65) {
                bytes memory data = _pubKeys[i];

                // Ensure that first byte of pubkey is 0x04
                if (_pubKeys[i][0] != 0x04)
                    revert InvalidPublicKey(_pubKeys[i]);

                // create a new array with length - 1 (excluding the first 0x04 byte)
                bytes memory result = new bytes(data.length - 1);

                // use inline assembly for memory manipulation
                assembly {
                    // calculate the start of the `result` and `data` in memory
                    let resultData := add(result, 0x20) // points to the first byte of the result
                    let dataStart := add(data, 0x21) // points to the second byte of data (skip 0x04)

                    // copy 64 bytes from input (excluding the first byte) to result
                    mstore(resultData, mload(dataStart)) // copy the first 32 bytes
                    mstore(add(resultData, 0x20), mload(add(dataStart, 0x20))) // copy the next 32 bytes
                }

                addresses[i] = address(uint160(uint256(keccak256(result))));
            } else {
                revert InvalidPublicKey(_pubKeys[i]);
            }

            unchecked {
                ++i;
            }
        }
        return addresses;
    }

    /**
     * @notice Returns decoded fee approval
     * @dev Payload should not contain the selector
     * @param payload Body of the fee approval payload
     */
    function feeApproval(
        bytes memory payload
    ) internal view returns (FeeApprovalAction memory) {
        if (payload.length != ABI_SLOT_SIZE * 2)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 2, payload.length);

        (uint256 fee, uint256 expiry) = abi.decode(payload, (uint256, uint256));

        if (block.timestamp > expiry) {
            revert UserSignatureExpired(expiry);
        }
        if (fee == 0) {
            revert ZeroFee();
        }

        return FeeApprovalAction(fee, expiry);
    }

    /**
     * @notice Returns decoded ratio update message
     * @dev Message should not contain the selector
     * @param payload Body of the ratio update message
     */
    function ratioUpdate(
        bytes memory payload
    ) internal pure returns (RatioUpdate memory) {
        if (payload.length != ABI_SLOT_SIZE * 3)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 3, payload.length);

        (bytes32 denom, uint256 ratio, uint256 timestamp) = abi.decode(
            payload,
            (bytes32, uint256, uint256)
        );

        if (denom == bytes32(0)) {
            revert Actions_ZeroDenom();
        }
        if (ratio == uint256(0)) {
            revert Actions_ZeroRatio();
        }

        return RatioUpdate(denom, ratio, timestamp);
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {IERC1271} from "@openzeppelin/contracts/interfaces/IERC1271.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

/**
 * @title Library of utilities for making EIP1271-compliant signature checks.
 * @author Lombard.Finance
 * @notice The contracts is a part of Lombard.Finace protocol
 */
library EIP1271SignatureUtils {
    // bytes4(keccak256("isValidSignature(bytes32,bytes)")
    bytes4 internal constant EIP1271_MAGICVALUE = 0x1626ba7e;
    bytes4 internal constant EIP1271_WRONGVALUE = 0xffffffff;

    /**
     * @notice Checks @param signature is a valid signature of @param digest from @param signer.
     * If the `signer` contains no code -- i.e. it is not (yet, at least) a contract address, then checks using standard ECDSA logic
     * Otherwise, passes on the signature to the signer to verify the signature and checks that it returns the `EIP1271_MAGICVALUE`.
     */
    function checkSignature(
        address signer,
        bytes32 digest,
        bytes memory signature
    ) internal view returns (bool) {
        if (signer.code.length != 0) {
            if (
                IERC1271(signer).isValidSignature(digest, signature) !=
                EIP1271_MAGICVALUE
            ) {
                return false;
            }
        } else {
            if (ECDSA.recover(digest, signature) != signer) {
                return false;
            }
        }
        return true;
    }
}

{
  "optimizer": {
    "enabled": true,
    "runs": 200
  },
  "evmVersion": "paris",
  "outputSelection": {
    "*": {
      "*": [
        "evm.bytecode",
        "evm.deployedBytecode",
        "devdoc",
        "userdoc",
        "metadata",
        "abi"
      ]
    }
  },
  "metadata": {
    "useLiteralContent": true
  },
  "libraries": {}
}

• No Contract Security Audit Submitted- Submit Audit Here

[{"inputs":[],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"Actions_ZeroDenom","type":"error"},{"inputs":[],"name":"Actions_ZeroRatio","type":"error"},{"inputs":[{"internalType":"bytes4","name":"expected","type":"bytes4"},{"internalType":"bytes4","name":"actual","type":"bytes4"}],"name":"InvalidAction","type":"error"},{"inputs":[],"name":"InvalidInitialization","type":"error"},{"inputs":[{"internalType":"uint256","name":"expected","type":"uint256"},{"internalType":"uint256","name":"actual","type":"uint256"}],"name":"InvalidPayloadSize","type":"error"},{"inputs":[],"name":"MathOverflowedMulDiv","type":"error"},{"inputs":[],"name":"NotInitializing","type":"error"},{"inputs":[{"internalType":"address","name":"owner","type":"address"}],"name":"OwnableInvalidOwner","type":"error"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"OwnableUnauthorizedAccount","type":"error"},{"inputs":[],"name":"RatioInitializedAlready","type":"error"},{"inputs":[],"name":"ReentrancyGuardReentrantCall","type":"error"},{"inputs":[],"name":"TooBigRatioChange","type":"error"},{"inputs":[],"name":"WrongRatioSwitchTime","type":"error"},{"inputs":[],"name":"ZeroAddress","type":"error"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint64","name":"version","type":"uint64"}],"name":"Initialized","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"prevVal","type":"address"},{"indexed":true,"internalType":"address","name":"newVal","type":"address"}],"name":"Oracle_ConsortiumChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"prevVal","type":"uint256"},{"indexed":true,"internalType":"uint256","name":"newVal","type":"uint256"}],"name":"Oracle_MaxAheadIntervalChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"prevVal","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"newVal","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"switchTime","type":"uint256"}],"name":"Oracle_RatioChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"token","type":"address"},{"indexed":true,"internalType":"bytes32","name":"denom","type":"bytes32"}],"name":"Oracle_TokenDetailsSet","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"prevVal","type":"uint256"},{"indexed":true,"internalType":"uint256","name":"newVal","type":"uint256"}],"name":"RatioThresholdUpdated","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newVal","type":"address"}],"name":"changeConsortium","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"newVal","type":"uint256"}],"name":"changeMaxAheadInterval","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"consortium","outputs":[{"internalType":"contract INotaryConsortium","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"denomHash","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getRate","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"owner_","type":"address"},{"internalType":"address","name":"consortium_","type":"address"},{"internalType":"address","name":"token_","type":"address"},{"internalType":"bytes32","name":"denomHash_","type":"bytes32"},{"internalType":"uint256","name":"ratio_","type":"uint256"},{"internalType":"uint256","name":"switchTime_","type":"uint256"},{"internalType":"uint256","name":"maxAheadInterval_","type":"uint256"}],"name":"initialize","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"maxAheadInterval","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"nextRatio","outputs":[{"internalType":"uint256","name":"","type":"uint256"},{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes","name":"rawPayload","type":"bytes"},{"internalType":"bytes","name":"proof","type":"bytes"}],"name":"publishNewRatio","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"ratio","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"ratioThreshold","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"renounceOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"token","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint32","name":"newThreshold","type":"uint32"}],"name":"updateRatioThreshold","outputs":[],"stateMutability":"nonpayable","type":"function"}]

608060405234801561001057600080fd5b5061001961001e565b6100d0565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00805468010000000000000000900460ff161561006e5760405163f92ee8a960e01b815260040160405180910390fd5b80546001600160401b03908116146100cd5780546001600160401b0319166001600160401b0390811782556040519081527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b50565b61141b806100df6000396000f3fe608060405234801561001057600080fd5b50600436106101165760003560e01c80638da5cb5b116100a2578063c7bd3d7b11610071578063c7bd3d7b14610251578063e30c397814610264578063efd3e2111461026c578063f2fde38b146102c5578063fc0c546a146102d857600080fd5b80638da5cb5b146101ed5780638f18ded81461020d5780639ad1876514610220578063a28c76cc1461023e57600080fd5b8063715018a6116100e9578063715018a61461018757806371ca337d1461018f5780637721cf371461019757806379ba5097146101be5780638a74b208146101c657600080fd5b80632ac249b71461011b5780633be19c0314610130578063567121391461016c578063679aefce1461017f575b600080fd5b61012e6101293660046110bf565b610308565b005b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df985942075463ffffffff165b6040519081526020015b60405180910390f35b61012e61017a366004611147565b61031a565b61015961032e565b61012e610351565b610159610365565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df9859420154610159565b61012e61036f565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df9859420654610159565b6101f56103b9565b6040516001600160a01b039091168152602001610163565b61012e61021b366004611162565b6103ee565b6000805160206113c6833981519152546001600160a01b03166101f5565b61012e61024c366004611188565b6104e5565b61012e61025f3660046111f0565b610611565b6101f5610622565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594204547f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df985942055460408051928352602083019190915201610163565b61012e6102d3366004611147565b61064b565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594202546001600160a01b03166101f5565b610314848484846106d0565b50505050565b610322610829565b61032b8161085b565b50565b600061034c670de0b6b3a7640000806103456108cc565b6001610919565b905090565b610359610829565b610363600061096a565b565b600061034c6108cc565b3380610379610622565b6001600160a01b0316146103b05760405163118cdaa760e01b81526001600160a01b03821660048201526024015b60405180910390fd5b61032b8161096a565b6000807f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c1993005b546001600160a01b031692915050565b6103f6610829565b6305f5e10063ffffffff8216108015610415575060008163ffffffff16115b6104615760405162461bcd60e51b815260206004820181905260248201527f6e657720726174696f207468726573686f6c64206f7574206f662072616e676560448201526064016103a7565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594207546040516000805160206113c68339815191529163ffffffff848116929116907fcef4718f6908c7bfae2786c6597d4e15fda100d708d9742c827b08bf37683f9990600090a3600701805463ffffffff191663ffffffff92909216919091179055565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a008054600160401b810460ff16159067ffffffffffffffff1660008115801561052b5750825b905060008267ffffffffffffffff1660011480156105485750303b155b905081158015610556575080155b156105745760405163f92ee8a960e01b815260040160405180910390fd5b845467ffffffffffffffff19166001178555831561059e57845460ff60401b1916600160401b1785555b6105a78c6109a6565b6105af6109b7565b6105bd8b8b8b8b8b8b6109bf565b831561060357845460ff60401b19168555604051600181527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b505050505050505050505050565b610619610829565b61032b816109f5565b6000807f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c006103de565b610653610829565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b0319166001600160a01b03831690811782556106976103b9565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a35050565b6106e28484631b1c8b0b60e21b610a58565b600061072e6106f48560048189611209565b8080601f016020809104026020016040519081016040528093929190818152602001838380828437600092019190915250610ab992505050565b905060006000805160206113c683398151915290506107568183602001518460400151610b92565b60006002878760405161076a929190611233565b602060405180830381855afa158015610787573d6000803e3d6000fd5b5050506040513d601f19601f820116820180604052508101906107aa9190611243565b8254604051631f68c5f560e11b81529192506001600160a01b031690633ed18bea906107de9084908990899060040161125c565b60006040518083038186803b1580156107f657600080fd5b505afa15801561080a573d6000803e3d6000fd5b5050505061082083602001518460400151610c92565b50505050505050565b336108326103b9565b6001600160a01b0316146103635760405163118cdaa760e01b81523360048201526024016103a7565b61086481610d2d565b6000805160206113c683398151915280546040516001600160a01b038481169216907f650cafeae1c4ce8a43a0c306b83871ece0fae36c59cfd1a5eed4c56309de64eb90600090a380546001600160a01b0319166001600160a01b0392909216919091179055565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594205546000906000805160206113c68339815191529042106109105760040154919050565b60030154919050565b600080610927868686610d54565b905061093283610e19565b801561094e57506000848061094957610949611292565b868809115b156109615761095e6001826112be565b90505b95945050505050565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b03191681556109a282610e46565b5050565b6109ae610eb7565b61032b81610f00565b610363610eb7565b6109c7610eb7565b6109d08661085b565b6109da8585610f32565b6109e48383610fbf565b6109ed816109f5565b505050505050565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594206546040516000805160206113c68339815191529183917f57804ab275a052f7a42c6632d358d689d2fbbd7c7975af8d80cbfc64b309e06390600090a360060155565b6001600160e01b03198116610a6d83856112d7565b6001600160e01b03191614610ab45780610a8783856112d7565b604051632e35ad2d60e11b81526001600160e01b03199283166004820152911660248201526044016103a7565b505050565b60408051606081018252600080825260208083018290529282015290610ae0906003611307565b825114610b1757610af360206003611307565b82516040516371cccdf360e11b8152600481019290925260248201526044016103a7565b600080600084806020019051810190610b30919061131e565b9194509250905082610b555760405163c6ca21fd60e01b815260040160405180910390fd5b81610b73576040516333c5d4e760e11b815260040160405180910390fd5b6040805160608101825293845260208401929092529082015292915050565b808360050154101580610bb257506006830154610baf90426112be565b81115b15610bd057604051638b0f996960e01b815260040160405180910390fd5b6000836005015482610be2919061134c565b60048501546007860154919250600091610c239190610c079063ffffffff1685611307565b610c186305f5e1006201518061135f565b63ffffffff16610d54565b9050838560040154118015610c46575080848660040154610c44919061134c565b115b80610c6d5750846004015484118015610c6d575080856004015485610c6b919061134c565b115b15610c8b5760405163918aafd360e01b815260040160405180910390fd5b5050505050565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594205546000805160206113c6833981519152904210610cd557600481015460038201555b60048101839055600581018290556003810154604080519182526020820185905281018390527f7af4a9df3b955bd1403b9c99ab7142e469f27303ce87e7273e7fa2aa2399ceab9060600160405180910390a1505050565b6001600160a01b03811661032b5760405163d92e233d60e01b815260040160405180910390fd5b6000838302816000198587098281108382030391505080600003610d8b57838281610d8157610d81611292565b0492505050610e12565b808411610dab5760405163227bc15360e01b815260040160405180910390fd5b6000848688096000868103871696879004966002600389028118808a02820302808a02820302808a02820302808a02820302808a02820302808a02909103029181900381900460010186841190950394909402919094039290920491909117919091029150505b9392505050565b60006002826003811115610e2f57610e2f61137f565b610e399190611395565b60ff166001149050919050565b7f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c19930080546001600160a01b031981166001600160a01b03848116918217845560405192169182907f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e090600090a3505050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a0054600160401b900460ff1661036357604051631afcd79f60e31b815260040160405180910390fd5b610f08610eb7565b6001600160a01b0381166103b057604051631e4fbdf760e01b8152600060048201526024016103a7565b610f3b82610d2d565b6040516000805160206113c68339815191529082906001600160a01b038516907f9156b9e1c465bc538a398cb0653fc128b1553cce62b1a3ff05d839b39eedcb5690600090a3604080518082019091528281526001600160a01b039093166020909301839052600181019190915560020180546001600160a01b0319169091179055565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594207805463ffffffff1916620f42401790557f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594204546000805160206113c6833981519152901515806110325750600381015415155b806110405750600581015415155b1561105e5760405163b72de3d560e01b815260040160405180910390fd5b670de0b6b3a76400006004820155610ab48383610c92565b60008083601f84011261108857600080fd5b50813567ffffffffffffffff8111156110a057600080fd5b6020830191508360208285010111156110b857600080fd5b9250929050565b600080600080604085870312156110d557600080fd5b843567ffffffffffffffff808211156110ed57600080fd5b6110f988838901611076565b9096509450602087013591508082111561111257600080fd5b5061111f87828801611076565b95989497509550505050565b80356001600160a01b038116811461114257600080fd5b919050565b60006020828403121561115957600080fd5b610e128261112b565b60006020828403121561117457600080fd5b813563ffffffff81168114610e1257600080fd5b600080600080600080600060e0888a0312156111a357600080fd5b6111ac8861112b565b96506111ba6020890161112b565b95506111c86040890161112b565b969995985095966060810135965060808101359560a0820135955060c0909101359350915050565b60006020828403121561120257600080fd5b5035919050565b6000808585111561121957600080fd5b8386111561122657600080fd5b5050820193919092039150565b8183823760009101908152919050565b60006020828403121561125557600080fd5b5051919050565b83815260406020820152816040820152818360608301376000818301606090810191909152601f909201601f1916010192915050565b634e487b7160e01b600052601260045260246000fd5b634e487b7160e01b600052601160045260246000fd5b808201808211156112d1576112d16112a8565b92915050565b6001600160e01b031981358181169160048510156112ff5780818660040360031b1b83161692505b505092915050565b80820281158282048414176112d1576112d16112a8565b60008060006060848603121561133357600080fd5b8351925060208401519150604084015190509250925092565b818103818111156112d1576112d16112a8565b63ffffffff8181168382160280821691908281146112ff576112ff6112a8565b634e487b7160e01b600052602160045260246000fd5b600060ff8316806113b657634e487b7160e01b600052601260045260246000fd5b8060ff8416069150509291505056fe773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594200a2646970667358221220772413572b27203c572c42adaea1cc640997f417811a28c3561d4775126db9c464736f6c63430008180033

0x608060405234801561001057600080fd5b50600436106101165760003560e01c80638da5cb5b116100a2578063c7bd3d7b11610071578063c7bd3d7b14610251578063e30c397814610264578063efd3e2111461026c578063f2fde38b146102c5578063fc0c546a146102d857600080fd5b80638da5cb5b146101ed5780638f18ded81461020d5780639ad1876514610220578063a28c76cc1461023e57600080fd5b8063715018a6116100e9578063715018a61461018757806371ca337d1461018f5780637721cf371461019757806379ba5097146101be5780638a74b208146101c657600080fd5b80632ac249b71461011b5780633be19c0314610130578063567121391461016c578063679aefce1461017f575b600080fd5b61012e6101293660046110bf565b610308565b005b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df985942075463ffffffff165b6040519081526020015b60405180910390f35b61012e61017a366004611147565b61031a565b61015961032e565b61012e610351565b610159610365565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df9859420154610159565b61012e61036f565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df9859420654610159565b6101f56103b9565b6040516001600160a01b039091168152602001610163565b61012e61021b366004611162565b6103ee565b6000805160206113c6833981519152546001600160a01b03166101f5565b61012e61024c366004611188565b6104e5565b61012e61025f3660046111f0565b610611565b6101f5610622565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594204547f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df985942055460408051928352602083019190915201610163565b61012e6102d3366004611147565b61064b565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594202546001600160a01b03166101f5565b610314848484846106d0565b50505050565b610322610829565b61032b8161085b565b50565b600061034c670de0b6b3a7640000806103456108cc565b6001610919565b905090565b610359610829565b610363600061096a565b565b600061034c6108cc565b3380610379610622565b6001600160a01b0316146103b05760405163118cdaa760e01b81526001600160a01b03821660048201526024015b60405180910390fd5b61032b8161096a565b6000807f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c1993005b546001600160a01b031692915050565b6103f6610829565b6305f5e10063ffffffff8216108015610415575060008163ffffffff16115b6104615760405162461bcd60e51b815260206004820181905260248201527f6e657720726174696f207468726573686f6c64206f7574206f662072616e676560448201526064016103a7565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594207546040516000805160206113c68339815191529163ffffffff848116929116907fcef4718f6908c7bfae2786c6597d4e15fda100d708d9742c827b08bf37683f9990600090a3600701805463ffffffff191663ffffffff92909216919091179055565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a008054600160401b810460ff16159067ffffffffffffffff1660008115801561052b5750825b905060008267ffffffffffffffff1660011480156105485750303b155b905081158015610556575080155b156105745760405163f92ee8a960e01b815260040160405180910390fd5b845467ffffffffffffffff19166001178555831561059e57845460ff60401b1916600160401b1785555b6105a78c6109a6565b6105af6109b7565b6105bd8b8b8b8b8b8b6109bf565b831561060357845460ff60401b19168555604051600181527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b505050505050505050505050565b610619610829565b61032b816109f5565b6000807f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c006103de565b610653610829565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b0319166001600160a01b03831690811782556106976103b9565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a35050565b6106e28484631b1c8b0b60e21b610a58565b600061072e6106f48560048189611209565b8080601f016020809104026020016040519081016040528093929190818152602001838380828437600092019190915250610ab992505050565b905060006000805160206113c683398151915290506107568183602001518460400151610b92565b60006002878760405161076a929190611233565b602060405180830381855afa158015610787573d6000803e3d6000fd5b5050506040513d601f19601f820116820180604052508101906107aa9190611243565b8254604051631f68c5f560e11b81529192506001600160a01b031690633ed18bea906107de9084908990899060040161125c565b60006040518083038186803b1580156107f657600080fd5b505afa15801561080a573d6000803e3d6000fd5b5050505061082083602001518460400151610c92565b50505050505050565b336108326103b9565b6001600160a01b0316146103635760405163118cdaa760e01b81523360048201526024016103a7565b61086481610d2d565b6000805160206113c683398151915280546040516001600160a01b038481169216907f650cafeae1c4ce8a43a0c306b83871ece0fae36c59cfd1a5eed4c56309de64eb90600090a380546001600160a01b0319166001600160a01b0392909216919091179055565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594205546000906000805160206113c68339815191529042106109105760040154919050565b60030154919050565b600080610927868686610d54565b905061093283610e19565b801561094e57506000848061094957610949611292565b868809115b156109615761095e6001826112be565b90505b95945050505050565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b03191681556109a282610e46565b5050565b6109ae610eb7565b61032b81610f00565b610363610eb7565b6109c7610eb7565b6109d08661085b565b6109da8585610f32565b6109e48383610fbf565b6109ed816109f5565b505050505050565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594206546040516000805160206113c68339815191529183917f57804ab275a052f7a42c6632d358d689d2fbbd7c7975af8d80cbfc64b309e06390600090a360060155565b6001600160e01b03198116610a6d83856112d7565b6001600160e01b03191614610ab45780610a8783856112d7565b604051632e35ad2d60e11b81526001600160e01b03199283166004820152911660248201526044016103a7565b505050565b60408051606081018252600080825260208083018290529282015290610ae0906003611307565b825114610b1757610af360206003611307565b82516040516371cccdf360e11b8152600481019290925260248201526044016103a7565b600080600084806020019051810190610b30919061131e565b9194509250905082610b555760405163c6ca21fd60e01b815260040160405180910390fd5b81610b73576040516333c5d4e760e11b815260040160405180910390fd5b6040805160608101825293845260208401929092529082015292915050565b808360050154101580610bb257506006830154610baf90426112be565b81115b15610bd057604051638b0f996960e01b815260040160405180910390fd5b6000836005015482610be2919061134c565b60048501546007860154919250600091610c239190610c079063ffffffff1685611307565b610c186305f5e1006201518061135f565b63ffffffff16610d54565b9050838560040154118015610c46575080848660040154610c44919061134c565b115b80610c6d5750846004015484118015610c6d575080856004015485610c6b919061134c565b115b15610c8b5760405163918aafd360e01b815260040160405180910390fd5b5050505050565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594205546000805160206113c6833981519152904210610cd557600481015460038201555b60048101839055600581018290556003810154604080519182526020820185905281018390527f7af4a9df3b955bd1403b9c99ab7142e469f27303ce87e7273e7fa2aa2399ceab9060600160405180910390a1505050565b6001600160a01b03811661032b5760405163d92e233d60e01b815260040160405180910390fd5b6000838302816000198587098281108382030391505080600003610d8b57838281610d8157610d81611292565b0492505050610e12565b808411610dab5760405163227bc15360e01b815260040160405180910390fd5b6000848688096000868103871696879004966002600389028118808a02820302808a02820302808a02820302808a02820302808a02820302808a02909103029181900381900460010186841190950394909402919094039290920491909117919091029150505b9392505050565b60006002826003811115610e2f57610e2f61137f565b610e399190611395565b60ff166001149050919050565b7f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c19930080546001600160a01b031981166001600160a01b03848116918217845560405192169182907f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e090600090a3505050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a0054600160401b900460ff1661036357604051631afcd79f60e31b815260040160405180910390fd5b610f08610eb7565b6001600160a01b0381166103b057604051631e4fbdf760e01b8152600060048201526024016103a7565b610f3b82610d2d565b6040516000805160206113c68339815191529082906001600160a01b038516907f9156b9e1c465bc538a398cb0653fc128b1553cce62b1a3ff05d839b39eedcb5690600090a3604080518082019091528281526001600160a01b039093166020909301839052600181019190915560020180546001600160a01b0319169091179055565b7f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594207805463ffffffff1916620f42401790557f773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594204546000805160206113c6833981519152901515806110325750600381015415155b806110405750600581015415155b1561105e5760405163b72de3d560e01b815260040160405180910390fd5b670de0b6b3a76400006004820155610ab48383610c92565b60008083601f84011261108857600080fd5b50813567ffffffffffffffff8111156110a057600080fd5b6020830191508360208285010111156110b857600080fd5b9250929050565b600080600080604085870312156110d557600080fd5b843567ffffffffffffffff808211156110ed57600080fd5b6110f988838901611076565b9096509450602087013591508082111561111257600080fd5b5061111f87828801611076565b95989497509550505050565b80356001600160a01b038116811461114257600080fd5b919050565b60006020828403121561115957600080fd5b610e128261112b565b60006020828403121561117457600080fd5b813563ffffffff81168114610e1257600080fd5b600080600080600080600060e0888a0312156111a357600080fd5b6111ac8861112b565b96506111ba6020890161112b565b95506111c86040890161112b565b969995985095966060810135965060808101359560a0820135955060c0909101359350915050565b60006020828403121561120257600080fd5b5035919050565b6000808585111561121957600080fd5b8386111561122657600080fd5b5050820193919092039150565b8183823760009101908152919050565b60006020828403121561125557600080fd5b5051919050565b83815260406020820152816040820152818360608301376000818301606090810191909152601f909201601f1916010192915050565b634e487b7160e01b600052601260045260246000fd5b634e487b7160e01b600052601160045260246000fd5b808201808211156112d1576112d16112a8565b92915050565b6001600160e01b031981358181169160048510156112ff5780818660040360031b1b83161692505b505092915050565b80820281158282048414176112d1576112d16112a8565b60008060006060848603121561133357600080fd5b8351925060208401519150604084015190509250925092565b818103818111156112d1576112d16112a8565b63ffffffff8181168382160280821691908281146112ff576112ff6112a8565b634e487b7160e01b600052602160045260246000fd5b600060ff8316806113b657634e487b7160e01b600052601260045260246000fd5b8060ff8416069150509291505056fe773f82ddc38c293e7e76f6867b0d8bb7a6d27067018d4afff38772df98594200a2646970667358221220772413572b27203c572c42adaea1cc640997f417811a28c3561d4775126db9c464736f6c63430008180033