ETH Price: $4,011.75 (+5.87%)
Stargate

Token

Bridged USDC (Stargate) (USDC.e)

Overview

Max Total Supply

1,278,172.506664 USDC.e

Holders

32,213

Market

Price

$1.01 @ 0.000253 ETH (+1.43%)

Onchain Market Cap

$1,294,788.75

Circulating Supply Market Cap

$0.00

Other Info

Token Contract (WITH 6 Decimals)

Balance
0 USDC.e

Value
$0.00
0xdc0ca142cdb88d0bee3c3712991623ceb638b28e
Loading...
Loading
Loading...
Loading
Loading...
Loading

Click here to update the token information / general information

Contract Source Code Verified (Exact Match)

Contract Name:
FiatTokenProxy

Compiler Version
v0.8.22+commit.4fc1097e

Optimization Enabled:
Yes with 5000 runs

Other Settings:
paris EvmVersion, BSL 1.1 license
File 1 of 159 : FiatTokenProxy.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { AdminUpgradeabilityProxy } from "../upgradeability/AdminUpgradeabilityProxy.sol";

/**
 * @title FiatTokenProxy
 * @dev This contract proxies FiatToken calls and enables FiatToken upgrades
 */
contract FiatTokenProxy is AdminUpgradeabilityProxy {
    constructor(address implementationContract) AdminUpgradeabilityProxy(implementationContract) {}
}

File 2 of 159 : Buffer.sol
// SPDX-License-Identifier: BSD-2-Clause
pragma solidity ^0.8.4;

/**
* @dev A library for working with mutable byte buffers in Solidity.
*
* Byte buffers are mutable and expandable, and provide a variety of primitives
* for appending to them. At any time you can fetch a bytes object containing the
* current contents of the buffer. The bytes object should not be stored between
* operations, as it may change due to resizing of the buffer.
*/
library Buffer {
    /**
    * @dev Represents a mutable buffer. Buffers have a current value (buf) and
    *      a capacity. The capacity may be longer than the current value, in
    *      which case it can be extended without the need to allocate more memory.
    */
    struct buffer {
        bytes buf;
        uint capacity;
    }

    /**
    * @dev Initializes a buffer with an initial capacity.
    * @param buf The buffer to initialize.
    * @param capacity The number of bytes of space to allocate the buffer.
    * @return The buffer, for chaining.
    */
    function init(buffer memory buf, uint capacity) internal pure returns(buffer memory) {
        if (capacity % 32 != 0) {
            capacity += 32 - (capacity % 32);
        }
        // Allocate space for the buffer data
        buf.capacity = capacity;
        assembly {
            let ptr := mload(0x40)
            mstore(buf, ptr)
            mstore(ptr, 0)
            let fpm := add(32, add(ptr, capacity))
            if lt(fpm, ptr) {
                revert(0, 0)
            }
            mstore(0x40, fpm)
        }
        return buf;
    }

    /**
    * @dev Initializes a new buffer from an existing bytes object.
    *      Changes to the buffer may mutate the original value.
    * @param b The bytes object to initialize the buffer with.
    * @return A new buffer.
    */
    function fromBytes(bytes memory b) internal pure returns(buffer memory) {
        buffer memory buf;
        buf.buf = b;
        buf.capacity = b.length;
        return buf;
    }

    function resize(buffer memory buf, uint capacity) private pure {
        bytes memory oldbuf = buf.buf;
        init(buf, capacity);
        append(buf, oldbuf);
    }

    /**
    * @dev Sets buffer length to 0.
    * @param buf The buffer to truncate.
    * @return The original buffer, for chaining..
    */
    function truncate(buffer memory buf) internal pure returns (buffer memory) {
        assembly {
            let bufptr := mload(buf)
            mstore(bufptr, 0)
        }
        return buf;
    }

    /**
    * @dev Appends len bytes of a byte string to a buffer. Resizes if doing so would exceed
    *      the capacity of the buffer.
    * @param buf The buffer to append to.
    * @param data The data to append.
    * @param len The number of bytes to copy.
    * @return The original buffer, for chaining.
    */
    function append(buffer memory buf, bytes memory data, uint len) internal pure returns(buffer memory) {
        require(len <= data.length);

        uint off = buf.buf.length;
        uint newCapacity = off + len;
        if (newCapacity > buf.capacity) {
            resize(buf, newCapacity * 2);
        }

        uint dest;
        uint src;
        assembly {
            // Memory address of the buffer data
            let bufptr := mload(buf)
            // Length of existing buffer data
            let buflen := mload(bufptr)
            // Start address = buffer address + offset + sizeof(buffer length)
            dest := add(add(bufptr, 32), off)
            // Update buffer length if we're extending it
            if gt(newCapacity, buflen) {
                mstore(bufptr, newCapacity)
            }
            src := add(data, 32)
        }

        // Copy word-length chunks while possible
        for (; len >= 32; len -= 32) {
            assembly {
                mstore(dest, mload(src))
            }
            dest += 32;
            src += 32;
        }

        // Copy remaining bytes
        unchecked {
            uint mask = (256 ** (32 - len)) - 1;
            assembly {
                let srcpart := and(mload(src), not(mask))
                let destpart := and(mload(dest), mask)
                mstore(dest, or(destpart, srcpart))
            }
        }

        return buf;
    }

    /**
    * @dev Appends a byte string to a buffer. Resizes if doing so would exceed
    *      the capacity of the buffer.
    * @param buf The buffer to append to.
    * @param data The data to append.
    * @return The original buffer, for chaining.
    */
    function append(buffer memory buf, bytes memory data) internal pure returns (buffer memory) {
        return append(buf, data, data.length);
    }

    /**
    * @dev Appends a byte to the buffer. Resizes if doing so would exceed the
    *      capacity of the buffer.
    * @param buf The buffer to append to.
    * @param data The data to append.
    * @return The original buffer, for chaining.
    */
    function appendUint8(buffer memory buf, uint8 data) internal pure returns(buffer memory) {
        uint off = buf.buf.length;
        uint offPlusOne = off + 1;
        if (off >= buf.capacity) {
            resize(buf, offPlusOne * 2);
        }

        assembly {
            // Memory address of the buffer data
            let bufptr := mload(buf)
            // Address = buffer address + sizeof(buffer length) + off
            let dest := add(add(bufptr, off), 32)
            mstore8(dest, data)
            // Update buffer length if we extended it
            if gt(offPlusOne, mload(bufptr)) {
                mstore(bufptr, offPlusOne)
            }
        }

        return buf;
    }

    /**
    * @dev Appends len bytes of bytes32 to a buffer. Resizes if doing so would
    *      exceed the capacity of the buffer.
    * @param buf The buffer to append to.
    * @param data The data to append.
    * @param len The number of bytes to write (left-aligned).
    * @return The original buffer, for chaining.
    */
    function append(buffer memory buf, bytes32 data, uint len) private pure returns(buffer memory) {
        uint off = buf.buf.length;
        uint newCapacity = len + off;
        if (newCapacity > buf.capacity) {
            resize(buf, newCapacity * 2);
        }

        unchecked {
            uint mask = (256 ** len) - 1;
            // Right-align data
            data = data >> (8 * (32 - len));
            assembly {
                // Memory address of the buffer data
                let bufptr := mload(buf)
                // Address = buffer address + sizeof(buffer length) + newCapacity
                let dest := add(bufptr, newCapacity)
                mstore(dest, or(and(mload(dest), not(mask)), data))
                // Update buffer length if we extended it
                if gt(newCapacity, mload(bufptr)) {
                    mstore(bufptr, newCapacity)
                }
            }
        }
        return buf;
    }

    /**
    * @dev Appends a bytes20 to the buffer. Resizes if doing so would exceed
    *      the capacity of the buffer.
    * @param buf The buffer to append to.
    * @param data The data to append.
    * @return The original buffer, for chhaining.
    */
    function appendBytes20(buffer memory buf, bytes20 data) internal pure returns (buffer memory) {
        return append(buf, bytes32(data), 20);
    }

    /**
    * @dev Appends a bytes32 to the buffer. Resizes if doing so would exceed
    *      the capacity of the buffer.
    * @param buf The buffer to append to.
    * @param data The data to append.
    * @return The original buffer, for chaining.
    */
    function appendBytes32(buffer memory buf, bytes32 data) internal pure returns (buffer memory) {
        return append(buf, data, 32);
    }

    /**
     * @dev Appends a byte to the end of the buffer. Resizes if doing so would
     *      exceed the capacity of the buffer.
     * @param buf The buffer to append to.
     * @param data The data to append.
     * @param len The number of bytes to write (right-aligned).
     * @return The original buffer.
     */
    function appendInt(buffer memory buf, uint data, uint len) internal pure returns(buffer memory) {
        uint off = buf.buf.length;
        uint newCapacity = len + off;
        if (newCapacity > buf.capacity) {
            resize(buf, newCapacity * 2);
        }

        uint mask = (256 ** len) - 1;
        assembly {
            // Memory address of the buffer data
            let bufptr := mload(buf)
            // Address = buffer address + sizeof(buffer length) + newCapacity
            let dest := add(bufptr, newCapacity)
            mstore(dest, or(and(mload(dest), not(mask)), data))
            // Update buffer length if we extended it
            if gt(newCapacity, mload(bufptr)) {
                mstore(bufptr, newCapacity)
            }
        }
        return buf;
    }
}

File 3 of 159 : IOAppCore.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { ILayerZeroEndpointV2 } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";

/**
 * @title IOAppCore
 */
interface IOAppCore {
    // Custom error messages
    error OnlyPeer(uint32 eid, bytes32 sender);
    error NoPeer(uint32 eid);
    error InvalidEndpointCall();
    error InvalidDelegate();

    // Event emitted when a peer (OApp) is set for a corresponding endpoint
    event PeerSet(uint32 eid, bytes32 peer);

    /**
     * @notice Retrieves the OApp version information.
     * @return senderVersion The version of the OAppSender.sol contract.
     * @return receiverVersion The version of the OAppReceiver.sol contract.
     */
    function oAppVersion() external view returns (uint64 senderVersion, uint64 receiverVersion);

    /**
     * @notice Retrieves the LayerZero endpoint associated with the OApp.
     * @return iEndpoint The LayerZero endpoint as an interface.
     */
    function endpoint() external view returns (ILayerZeroEndpointV2 iEndpoint);

    /**
     * @notice Retrieves the peer (OApp) associated with a corresponding endpoint.
     * @param _eid The endpoint ID.
     * @return peer The peer address (OApp instance) associated with the corresponding endpoint.
     */
    function peers(uint32 _eid) external view returns (bytes32 peer);

    /**
     * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
     * @param _eid The endpoint ID.
     * @param _peer The address of the peer to be associated with the corresponding endpoint.
     */
    function setPeer(uint32 _eid, bytes32 _peer) external;

    /**
     * @notice Sets the delegate address for the OApp Core.
     * @param _delegate The address of the delegate to be set.
     */
    function setDelegate(address _delegate) external;
}

File 4 of 159 : IOAppOptionsType3.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

/**
 * @dev Struct representing enforced option parameters.
 */
struct EnforcedOptionParam {
    uint32 eid; // Endpoint ID
    uint16 msgType; // Message Type
    bytes options; // Additional options
}

/**
 * @title IOAppOptionsType3
 * @dev Interface for the OApp with Type 3 Options, allowing the setting and combining of enforced options.
 */
interface IOAppOptionsType3 {
    // Custom error message for invalid options
    error InvalidOptions(bytes options);

    // Event emitted when enforced options are set
    event EnforcedOptionSet(EnforcedOptionParam[] _enforcedOptions);

    /**
     * @notice Sets enforced options for specific endpoint and message type combinations.
     * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
     */
    function setEnforcedOptions(EnforcedOptionParam[] calldata _enforcedOptions) external;

    /**
     * @notice Combines options for a given endpoint and message type.
     * @param _eid The endpoint ID.
     * @param _msgType The OApp message type.
     * @param _extraOptions Additional options passed by the caller.
     * @return options The combination of caller specified options AND enforced options.
     */
    function combineOptions(
        uint32 _eid,
        uint16 _msgType,
        bytes calldata _extraOptions
    ) external view returns (bytes memory options);
}

File 5 of 159 : IOAppReceiver.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import { ILayerZeroReceiver, Origin } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroReceiver.sol";

interface IOAppReceiver is ILayerZeroReceiver {
    /**
     * @notice Indicates whether an address is an approved composeMsg sender to the Endpoint.
     * @param _origin The origin information containing the source endpoint and sender address.
     *  - srcEid: The source chain endpoint ID.
     *  - sender: The sender address on the src chain.
     *  - nonce: The nonce of the message.
     * @param _message The lzReceive payload.
     * @param _sender The sender address.
     * @return isSender Is a valid sender.
     *
     * @dev Applications can optionally choose to implement a separate composeMsg sender that is NOT the bridging layer.
     * @dev The default sender IS the OAppReceiver implementer.
     */
    function isComposeMsgSender(
        Origin calldata _origin,
        bytes calldata _message,
        address _sender
    ) external view returns (bool isSender);
}

File 6 of 159 : OAppOptionsType3.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { IOAppOptionsType3, EnforcedOptionParam } from "../interfaces/IOAppOptionsType3.sol";

/**
 * @title OAppOptionsType3
 * @dev Abstract contract implementing the IOAppOptionsType3 interface with type 3 options.
 */
abstract contract OAppOptionsType3 is IOAppOptionsType3, Ownable {
    uint16 internal constant OPTION_TYPE_3 = 3;

    // @dev The "msgType" should be defined in the child contract.
    mapping(uint32 eid => mapping(uint16 msgType => bytes enforcedOption)) public enforcedOptions;

    /**
     * @dev Sets the enforced options for specific endpoint and message type combinations.
     * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
     *
     * @dev Only the owner/admin of the OApp can call this function.
     * @dev Provides a way for the OApp to enforce things like paying for PreCrime, AND/OR minimum dst lzReceive gas amounts etc.
     * @dev These enforced options can vary as the potential options/execution on the remote may differ as per the msgType.
     * eg. Amount of lzReceive() gas necessary to deliver a lzCompose() message adds overhead you dont want to pay
     * if you are only making a standard LayerZero message ie. lzReceive() WITHOUT sendCompose().
     */
    function setEnforcedOptions(EnforcedOptionParam[] calldata _enforcedOptions) public virtual onlyOwner {
        _setEnforcedOptions(_enforcedOptions);
    }

    /**
     * @dev Sets the enforced options for specific endpoint and message type combinations.
     * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
     *
     * @dev Provides a way for the OApp to enforce things like paying for PreCrime, AND/OR minimum dst lzReceive gas amounts etc.
     * @dev These enforced options can vary as the potential options/execution on the remote may differ as per the msgType.
     * eg. Amount of lzReceive() gas necessary to deliver a lzCompose() message adds overhead you dont want to pay
     * if you are only making a standard LayerZero message ie. lzReceive() WITHOUT sendCompose().
     */
    function _setEnforcedOptions(EnforcedOptionParam[] memory _enforcedOptions) internal virtual {
        for (uint256 i = 0; i < _enforcedOptions.length; i++) {
            // @dev Enforced options are only available for optionType 3, as type 1 and 2 dont support combining.
            _assertOptionsType3(_enforcedOptions[i].options);
            enforcedOptions[_enforcedOptions[i].eid][_enforcedOptions[i].msgType] = _enforcedOptions[i].options;
        }

        emit EnforcedOptionSet(_enforcedOptions);
    }

    /**
     * @notice Combines options for a given endpoint and message type.
     * @param _eid The endpoint ID.
     * @param _msgType The OAPP message type.
     * @param _extraOptions Additional options passed by the caller.
     * @return options The combination of caller specified options AND enforced options.
     *
     * @dev If there is an enforced lzReceive option:
     * - {gasLimit: 200k, msg.value: 1 ether} AND a caller supplies a lzReceive option: {gasLimit: 100k, msg.value: 0.5 ether}
     * - The resulting options will be {gasLimit: 300k, msg.value: 1.5 ether} when the message is executed on the remote lzReceive() function.
     * @dev This presence of duplicated options is handled off-chain in the verifier/executor.
     */
    function combineOptions(
        uint32 _eid,
        uint16 _msgType,
        bytes calldata _extraOptions
    ) public view virtual returns (bytes memory) {
        bytes memory enforced = enforcedOptions[_eid][_msgType];

        // No enforced options, pass whatever the caller supplied, even if it's empty or legacy type 1/2 options.
        if (enforced.length == 0) return _extraOptions;

        // No caller options, return enforced
        if (_extraOptions.length == 0) return enforced;

        // @dev If caller provided _extraOptions, must be type 3 as its the ONLY type that can be combined.
        if (_extraOptions.length >= 2) {
            _assertOptionsType3(_extraOptions);
            // @dev Remove the first 2 bytes containing the type from the _extraOptions and combine with enforced.
            return bytes.concat(enforced, _extraOptions[2:]);
        }

        // No valid set of options was found.
        revert InvalidOptions(_extraOptions);
    }

    /**
     * @dev Internal function to assert that options are of type 3.
     * @param _options The options to be checked.
     */
    function _assertOptionsType3(bytes memory _options) internal pure virtual {
        uint16 optionsType;
        assembly {
            optionsType := mload(add(_options, 2))
        }
        if (optionsType != OPTION_TYPE_3) revert InvalidOptions(_options);
    }
}

File 7 of 159 : OApp.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

// @dev Import the 'MessagingFee' and 'MessagingReceipt' so it's exposed to OApp implementers
// solhint-disable-next-line no-unused-import
import { OAppSender, MessagingFee, MessagingReceipt } from "./OAppSender.sol";
// @dev Import the 'Origin' so it's exposed to OApp implementers
// solhint-disable-next-line no-unused-import
import { OAppReceiver, Origin } from "./OAppReceiver.sol";
import { OAppCore } from "./OAppCore.sol";

/**
 * @title OApp
 * @dev Abstract contract serving as the base for OApp implementation, combining OAppSender and OAppReceiver functionality.
 */
abstract contract OApp is OAppSender, OAppReceiver {
    /**
     * @dev Constructor to initialize the OApp with the provided endpoint and owner.
     * @param _endpoint The address of the LOCAL LayerZero endpoint.
     * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
     */
    constructor(address _endpoint, address _delegate) OAppCore(_endpoint, _delegate) {}

    /**
     * @notice Retrieves the OApp version information.
     * @return senderVersion The version of the OAppSender.sol implementation.
     * @return receiverVersion The version of the OAppReceiver.sol implementation.
     */
    function oAppVersion()
        public
        pure
        virtual
        override(OAppSender, OAppReceiver)
        returns (uint64 senderVersion, uint64 receiverVersion)
    {
        return (SENDER_VERSION, RECEIVER_VERSION);
    }
}

File 8 of 159 : OAppCore.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { IOAppCore, ILayerZeroEndpointV2 } from "./interfaces/IOAppCore.sol";

/**
 * @title OAppCore
 * @dev Abstract contract implementing the IOAppCore interface with basic OApp configurations.
 */
abstract contract OAppCore is IOAppCore, Ownable {
    // The LayerZero endpoint associated with the given OApp
    ILayerZeroEndpointV2 public immutable endpoint;

    // Mapping to store peers associated with corresponding endpoints
    mapping(uint32 eid => bytes32 peer) public peers;

    /**
     * @dev Constructor to initialize the OAppCore with the provided endpoint and delegate.
     * @param _endpoint The address of the LOCAL Layer Zero endpoint.
     * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
     *
     * @dev The delegate typically should be set as the owner of the contract.
     */
    constructor(address _endpoint, address _delegate) {
        endpoint = ILayerZeroEndpointV2(_endpoint);

        if (_delegate == address(0)) revert InvalidDelegate();
        endpoint.setDelegate(_delegate);
    }

    /**
     * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
     * @param _eid The endpoint ID.
     * @param _peer The address of the peer to be associated with the corresponding endpoint.
     *
     * @dev Only the owner/admin of the OApp can call this function.
     * @dev Indicates that the peer is trusted to send LayerZero messages to this OApp.
     * @dev Set this to bytes32(0) to remove the peer address.
     * @dev Peer is a bytes32 to accommodate non-evm chains.
     */
    function setPeer(uint32 _eid, bytes32 _peer) public virtual onlyOwner {
        _setPeer(_eid, _peer);
    }

    /**
     * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
     * @param _eid The endpoint ID.
     * @param _peer The address of the peer to be associated with the corresponding endpoint.
     *
     * @dev Indicates that the peer is trusted to send LayerZero messages to this OApp.
     * @dev Set this to bytes32(0) to remove the peer address.
     * @dev Peer is a bytes32 to accommodate non-evm chains.
     */
    function _setPeer(uint32 _eid, bytes32 _peer) internal virtual {
        peers[_eid] = _peer;
        emit PeerSet(_eid, _peer);
    }

    /**
     * @notice Internal function to get the peer address associated with a specific endpoint; reverts if NOT set.
     * ie. the peer is set to bytes32(0).
     * @param _eid The endpoint ID.
     * @return peer The address of the peer associated with the specified endpoint.
     */
    function _getPeerOrRevert(uint32 _eid) internal view virtual returns (bytes32) {
        bytes32 peer = peers[_eid];
        if (peer == bytes32(0)) revert NoPeer(_eid);
        return peer;
    }

    /**
     * @notice Sets the delegate address for the OApp.
     * @param _delegate The address of the delegate to be set.
     *
     * @dev Only the owner/admin of the OApp can call this function.
     * @dev Provides the ability for a delegate to set configs, on behalf of the OApp, directly on the Endpoint contract.
     */
    function setDelegate(address _delegate) public onlyOwner {
        endpoint.setDelegate(_delegate);
    }
}

File 9 of 159 : OAppReceiver.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { IOAppReceiver, Origin } from "./interfaces/IOAppReceiver.sol";
import { OAppCore } from "./OAppCore.sol";

/**
 * @title OAppReceiver
 * @dev Abstract contract implementing the ILayerZeroReceiver interface and extending OAppCore for OApp receivers.
 */
abstract contract OAppReceiver is IOAppReceiver, OAppCore {
    // Custom error message for when the caller is not the registered endpoint/
    error OnlyEndpoint(address addr);

    // @dev The version of the OAppReceiver implementation.
    // @dev Version is bumped when changes are made to this contract.
    uint64 internal constant RECEIVER_VERSION = 2;

    /**
     * @notice Retrieves the OApp version information.
     * @return senderVersion The version of the OAppSender.sol contract.
     * @return receiverVersion The version of the OAppReceiver.sol contract.
     *
     * @dev Providing 0 as the default for OAppSender version. Indicates that the OAppSender is not implemented.
     * ie. this is a RECEIVE only OApp.
     * @dev If the OApp uses both OAppSender and OAppReceiver, then this needs to be override returning the correct versions.
     */
    function oAppVersion() public view virtual returns (uint64 senderVersion, uint64 receiverVersion) {
        return (0, RECEIVER_VERSION);
    }

    /**
     * @notice Indicates whether an address is an approved composeMsg sender to the Endpoint.
     * @dev _origin The origin information containing the source endpoint and sender address.
     *  - srcEid: The source chain endpoint ID.
     *  - sender: The sender address on the src chain.
     *  - nonce: The nonce of the message.
     * @dev _message The lzReceive payload.
     * @param _sender The sender address.
     * @return isSender Is a valid sender.
     *
     * @dev Applications can optionally choose to implement separate composeMsg senders that are NOT the bridging layer.
     * @dev The default sender IS the OAppReceiver implementer.
     */
    function isComposeMsgSender(
        Origin calldata /*_origin*/,
        bytes calldata /*_message*/,
        address _sender
    ) public view virtual returns (bool) {
        return _sender == address(this);
    }

    /**
     * @notice Checks if the path initialization is allowed based on the provided origin.
     * @param origin The origin information containing the source endpoint and sender address.
     * @return Whether the path has been initialized.
     *
     * @dev This indicates to the endpoint that the OApp has enabled msgs for this particular path to be received.
     * @dev This defaults to assuming if a peer has been set, its initialized.
     * Can be overridden by the OApp if there is other logic to determine this.
     */
    function allowInitializePath(Origin calldata origin) public view virtual returns (bool) {
        return peers[origin.srcEid] == origin.sender;
    }

    /**
     * @notice Retrieves the next nonce for a given source endpoint and sender address.
     * @dev _srcEid The source endpoint ID.
     * @dev _sender The sender address.
     * @return nonce The next nonce.
     *
     * @dev The path nonce starts from 1. If 0 is returned it means that there is NO nonce ordered enforcement.
     * @dev Is required by the off-chain executor to determine the OApp expects msg execution is ordered.
     * @dev This is also enforced by the OApp.
     * @dev By default this is NOT enabled. ie. nextNonce is hardcoded to return 0.
     */
    function nextNonce(uint32 /*_srcEid*/, bytes32 /*_sender*/) public view virtual returns (uint64 nonce) {
        return 0;
    }

    /**
     * @dev Entry point for receiving messages or packets from the endpoint.
     * @param _origin The origin information containing the source endpoint and sender address.
     *  - srcEid: The source chain endpoint ID.
     *  - sender: The sender address on the src chain.
     *  - nonce: The nonce of the message.
     * @param _guid The unique identifier for the received LayerZero message.
     * @param _message The payload of the received message.
     * @param _executor The address of the executor for the received message.
     * @param _extraData Additional arbitrary data provided by the corresponding executor.
     *
     * @dev Entry point for receiving msg/packet from the LayerZero endpoint.
     */
    function lzReceive(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address _executor,
        bytes calldata _extraData
    ) public payable virtual {
        // Ensures that only the endpoint can attempt to lzReceive() messages to this OApp.
        if (address(endpoint) != msg.sender) revert OnlyEndpoint(msg.sender);

        // Ensure that the sender matches the expected peer for the source endpoint.
        if (_getPeerOrRevert(_origin.srcEid) != _origin.sender) revert OnlyPeer(_origin.srcEid, _origin.sender);

        // Call the internal OApp implementation of lzReceive.
        _lzReceive(_origin, _guid, _message, _executor, _extraData);
    }

    /**
     * @dev Internal function to implement lzReceive logic without needing to copy the basic parameter validation.
     */
    function _lzReceive(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address _executor,
        bytes calldata _extraData
    ) internal virtual;
}

File 10 of 159 : OAppSender.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { SafeERC20, IERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import { MessagingParams, MessagingFee, MessagingReceipt } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
import { OAppCore } from "./OAppCore.sol";

/**
 * @title OAppSender
 * @dev Abstract contract implementing the OAppSender functionality for sending messages to a LayerZero endpoint.
 */
abstract contract OAppSender is OAppCore {
    using SafeERC20 for IERC20;

    // Custom error messages
    error NotEnoughNative(uint256 msgValue);
    error LzTokenUnavailable();

    // @dev The version of the OAppSender implementation.
    // @dev Version is bumped when changes are made to this contract.
    uint64 internal constant SENDER_VERSION = 1;

    /**
     * @notice Retrieves the OApp version information.
     * @return senderVersion The version of the OAppSender.sol contract.
     * @return receiverVersion The version of the OAppReceiver.sol contract.
     *
     * @dev Providing 0 as the default for OAppReceiver version. Indicates that the OAppReceiver is not implemented.
     * ie. this is a SEND only OApp.
     * @dev If the OApp uses both OAppSender and OAppReceiver, then this needs to be override returning the correct versions
     */
    function oAppVersion() public view virtual returns (uint64 senderVersion, uint64 receiverVersion) {
        return (SENDER_VERSION, 0);
    }

    /**
     * @dev Internal function to interact with the LayerZero EndpointV2.quote() for fee calculation.
     * @param _dstEid The destination endpoint ID.
     * @param _message The message payload.
     * @param _options Additional options for the message.
     * @param _payInLzToken Flag indicating whether to pay the fee in LZ tokens.
     * @return fee The calculated MessagingFee for the message.
     *      - nativeFee: The native fee for the message.
     *      - lzTokenFee: The LZ token fee for the message.
     */
    function _quote(
        uint32 _dstEid,
        bytes memory _message,
        bytes memory _options,
        bool _payInLzToken
    ) internal view virtual returns (MessagingFee memory fee) {
        return
            endpoint.quote(
                MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _payInLzToken),
                address(this)
            );
    }

    /**
     * @dev Internal function to interact with the LayerZero EndpointV2.send() for sending a message.
     * @param _dstEid The destination endpoint ID.
     * @param _message The message payload.
     * @param _options Additional options for the message.
     * @param _fee The calculated LayerZero fee for the message.
     *      - nativeFee: The native fee.
     *      - lzTokenFee: The lzToken fee.
     * @param _refundAddress The address to receive any excess fee values sent to the endpoint.
     * @return receipt The receipt for the sent message.
     *      - guid: The unique identifier for the sent message.
     *      - nonce: The nonce of the sent message.
     *      - fee: The LayerZero fee incurred for the message.
     */
    function _lzSend(
        uint32 _dstEid,
        bytes memory _message,
        bytes memory _options,
        MessagingFee memory _fee,
        address _refundAddress
    ) internal virtual returns (MessagingReceipt memory receipt) {
        // @dev Push corresponding fees to the endpoint, any excess is sent back to the _refundAddress from the endpoint.
        uint256 messageValue = _payNative(_fee.nativeFee);
        if (_fee.lzTokenFee > 0) _payLzToken(_fee.lzTokenFee);

        return
            // solhint-disable-next-line check-send-result
            endpoint.send{ value: messageValue }(
                MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _fee.lzTokenFee > 0),
                _refundAddress
            );
    }

    /**
     * @dev Internal function to pay the native fee associated with the message.
     * @param _nativeFee The native fee to be paid.
     * @return nativeFee The amount of native currency paid.
     *
     * @dev If the OApp needs to initiate MULTIPLE LayerZero messages in a single transaction,
     * this will need to be overridden because msg.value would contain multiple lzFees.
     * @dev Should be overridden in the event the LayerZero endpoint requires a different native currency.
     * @dev Some EVMs use an ERC20 as a method for paying transactions/gasFees.
     * @dev The endpoint is EITHER/OR, ie. it will NOT support both types of native payment at a time.
     */
    function _payNative(uint256 _nativeFee) internal virtual returns (uint256 nativeFee) {
        if (msg.value != _nativeFee) revert NotEnoughNative(msg.value);
        return _nativeFee;
    }

    /**
     * @dev Internal function to pay the LZ token fee associated with the message.
     * @param _lzTokenFee The LZ token fee to be paid.
     *
     * @dev If the caller is trying to pay in the specified lzToken, then the lzTokenFee is passed to the endpoint.
     * @dev Any excess sent, is passed back to the specified _refundAddress in the _lzSend().
     */
    function _payLzToken(uint256 _lzTokenFee) internal virtual {
        // @dev Cannot cache the token because it is not immutable in the endpoint.
        address lzToken = endpoint.lzToken();
        if (lzToken == address(0)) revert LzTokenUnavailable();

        // Pay LZ token fee by sending tokens to the endpoint.
        IERC20(lzToken).safeTransferFrom(msg.sender, address(endpoint), _lzTokenFee);
    }
}

File 11 of 159 : IOFT.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { MessagingReceipt, MessagingFee } from "../../oapp/OAppSender.sol";

/**
 * @dev Struct representing token parameters for the OFT send() operation.
 */
struct SendParam {
    uint32 dstEid; // Destination endpoint ID.
    bytes32 to; // Recipient address.
    uint256 amountLD; // Amount to send in local decimals.
    uint256 minAmountLD; // Minimum amount to send in local decimals.
    bytes extraOptions; // Additional options supplied by the caller to be used in the LayerZero message.
    bytes composeMsg; // The composed message for the send() operation.
    bytes oftCmd; // The OFT command to be executed, unused in default OFT implementations.
}

/**
 * @dev Struct representing OFT limit information.
 * @dev These amounts can change dynamically and are up the the specific oft implementation.
 */
struct OFTLimit {
    uint256 minAmountLD; // Minimum amount in local decimals that can be sent to the recipient.
    uint256 maxAmountLD; // Maximum amount in local decimals that can be sent to the recipient.
}

/**
 * @dev Struct representing OFT receipt information.
 */
struct OFTReceipt {
    uint256 amountSentLD; // Amount of tokens ACTUALLY debited from the sender in local decimals.
    // @dev In non-default implementations, the amountReceivedLD COULD differ from this value.
    uint256 amountReceivedLD; // Amount of tokens to be received on the remote side.
}

/**
 * @dev Struct representing OFT fee details.
 * @dev Future proof mechanism to provide a standardized way to communicate fees to things like a UI.
 */
struct OFTFeeDetail {
    int256 feeAmountLD; // Amount of the fee in local decimals.
    string description; // Description of the fee.
}

/**
 * @title IOFT
 * @dev Interface for the OftChain (OFT) token.
 * @dev Does not inherit ERC20 to accommodate usage by OFTAdapter as well.
 * @dev This specific interface ID is '0x02e49c2c'.
 */
interface IOFT {
    // Custom error messages
    error InvalidLocalDecimals();
    error SlippageExceeded(uint256 amountLD, uint256 minAmountLD);

    // Events
    event OFTSent(
        bytes32 indexed guid, // GUID of the OFT message.
        uint32 dstEid, // Destination Endpoint ID.
        address indexed fromAddress, // Address of the sender on the src chain.
        uint256 amountSentLD, // Amount of tokens sent in local decimals.
        uint256 amountReceivedLD // Amount of tokens received in local decimals.
    );
    event OFTReceived(
        bytes32 indexed guid, // GUID of the OFT message.
        uint32 srcEid, // Source Endpoint ID.
        address indexed toAddress, // Address of the recipient on the dst chain.
        uint256 amountReceivedLD // Amount of tokens received in local decimals.
    );

    /**
     * @notice Retrieves interfaceID and the version of the OFT.
     * @return interfaceId The interface ID.
     * @return version The version.
     *
     * @dev interfaceId: This specific interface ID is '0x02e49c2c'.
     * @dev version: Indicates a cross-chain compatible msg encoding with other OFTs.
     * @dev If a new feature is added to the OFT cross-chain msg encoding, the version will be incremented.
     * ie. localOFT version(x,1) CAN send messages to remoteOFT version(x,1)
     */
    function oftVersion() external view returns (bytes4 interfaceId, uint64 version);

    /**
     * @notice Retrieves the address of the token associated with the OFT.
     * @return token The address of the ERC20 token implementation.
     */
    function token() external view returns (address);

    /**
     * @notice Indicates whether the OFT contract requires approval of the 'token()' to send.
     * @return requiresApproval Needs approval of the underlying token implementation.
     *
     * @dev Allows things like wallet implementers to determine integration requirements,
     * without understanding the underlying token implementation.
     */
    function approvalRequired() external view returns (bool);

    /**
     * @notice Retrieves the shared decimals of the OFT.
     * @return sharedDecimals The shared decimals of the OFT.
     */
    function sharedDecimals() external view returns (uint8);

    /**
     * @notice Provides a quote for OFT-related operations.
     * @param _sendParam The parameters for the send operation.
     * @return limit The OFT limit information.
     * @return oftFeeDetails The details of OFT fees.
     * @return receipt The OFT receipt information.
     */
    function quoteOFT(
        SendParam calldata _sendParam
    ) external view returns (OFTLimit memory, OFTFeeDetail[] memory oftFeeDetails, OFTReceipt memory);

    /**
     * @notice Provides a quote for the send() operation.
     * @param _sendParam The parameters for the send() operation.
     * @param _payInLzToken Flag indicating whether the caller is paying in the LZ token.
     * @return fee The calculated LayerZero messaging fee from the send() operation.
     *
     * @dev MessagingFee: LayerZero msg fee
     *  - nativeFee: The native fee.
     *  - lzTokenFee: The lzToken fee.
     */
    function quoteSend(SendParam calldata _sendParam, bool _payInLzToken) external view returns (MessagingFee memory);

    /**
     * @notice Executes the send() operation.
     * @param _sendParam The parameters for the send operation.
     * @param _fee The fee information supplied by the caller.
     *      - nativeFee: The native fee.
     *      - lzTokenFee: The lzToken fee.
     * @param _refundAddress The address to receive any excess funds from fees etc. on the src.
     * @return receipt The LayerZero messaging receipt from the send() operation.
     * @return oftReceipt The OFT receipt information.
     *
     * @dev MessagingReceipt: LayerZero msg receipt
     *  - guid: The unique identifier for the sent message.
     *  - nonce: The nonce of the sent message.
     *  - fee: The LayerZero fee incurred for the message.
     */
    function send(
        SendParam calldata _sendParam,
        MessagingFee calldata _fee,
        address _refundAddress
    ) external payable returns (MessagingReceipt memory, OFTReceipt memory);
}

File 12 of 159 : OFTComposeMsgCodec.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

library OFTComposeMsgCodec {
    // Offset constants for decoding composed messages
    uint8 private constant NONCE_OFFSET = 8;
    uint8 private constant SRC_EID_OFFSET = 12;
    uint8 private constant AMOUNT_LD_OFFSET = 44;
    uint8 private constant COMPOSE_FROM_OFFSET = 76;

    /**
     * @dev Encodes a OFT composed message.
     * @param _nonce The nonce value.
     * @param _srcEid The source endpoint ID.
     * @param _amountLD The amount in local decimals.
     * @param _composeMsg The composed message.
     * @return _msg The encoded Composed message.
     */
    function encode(
        uint64 _nonce,
        uint32 _srcEid,
        uint256 _amountLD,
        bytes memory _composeMsg // 0x[composeFrom][composeMsg]
    ) internal pure returns (bytes memory _msg) {
        _msg = abi.encodePacked(_nonce, _srcEid, _amountLD, _composeMsg);
    }

    /**
     * @dev Retrieves the nonce from the composed message.
     * @param _msg The message.
     * @return The nonce value.
     */
    function nonce(bytes calldata _msg) internal pure returns (uint64) {
        return uint64(bytes8(_msg[:NONCE_OFFSET]));
    }

    /**
     * @dev Retrieves the source endpoint ID from the composed message.
     * @param _msg The message.
     * @return The source endpoint ID.
     */
    function srcEid(bytes calldata _msg) internal pure returns (uint32) {
        return uint32(bytes4(_msg[NONCE_OFFSET:SRC_EID_OFFSET]));
    }

    /**
     * @dev Retrieves the amount in local decimals from the composed message.
     * @param _msg The message.
     * @return The amount in local decimals.
     */
    function amountLD(bytes calldata _msg) internal pure returns (uint256) {
        return uint256(bytes32(_msg[SRC_EID_OFFSET:AMOUNT_LD_OFFSET]));
    }

    /**
     * @dev Retrieves the composeFrom value from the composed message.
     * @param _msg The message.
     * @return The composeFrom value.
     */
    function composeFrom(bytes calldata _msg) internal pure returns (bytes32) {
        return bytes32(_msg[AMOUNT_LD_OFFSET:COMPOSE_FROM_OFFSET]);
    }

    /**
     * @dev Retrieves the composed message.
     * @param _msg The message.
     * @return The composed message.
     */
    function composeMsg(bytes calldata _msg) internal pure returns (bytes memory) {
        return _msg[COMPOSE_FROM_OFFSET:];
    }

    /**
     * @dev Converts an address to bytes32.
     * @param _addr The address to convert.
     * @return The bytes32 representation of the address.
     */
    function addressToBytes32(address _addr) internal pure returns (bytes32) {
        return bytes32(uint256(uint160(_addr)));
    }

    /**
     * @dev Converts bytes32 to an address.
     * @param _b The bytes32 value to convert.
     * @return The address representation of bytes32.
     */
    function bytes32ToAddress(bytes32 _b) internal pure returns (address) {
        return address(uint160(uint256(_b)));
    }
}

File 13 of 159 : IOAppPreCrimeSimulator.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

// @dev Import the Origin so it's exposed to OAppPreCrimeSimulator implementers.
// solhint-disable-next-line no-unused-import
import { InboundPacket, Origin } from "../libs/Packet.sol";

/**
 * @title IOAppPreCrimeSimulator Interface
 * @dev Interface for the preCrime simulation functionality in an OApp.
 */
interface IOAppPreCrimeSimulator {
    // @dev simulation result used in PreCrime implementation
    error SimulationResult(bytes result);
    error OnlySelf();

    /**
     * @dev Emitted when the preCrime contract address is set.
     * @param preCrimeAddress The address of the preCrime contract.
     */
    event PreCrimeSet(address preCrimeAddress);

    /**
     * @dev Retrieves the address of the preCrime contract implementation.
     * @return The address of the preCrime contract.
     */
    function preCrime() external view returns (address);

    /**
     * @dev Retrieves the address of the OApp contract.
     * @return The address of the OApp contract.
     */
    function oApp() external view returns (address);

    /**
     * @dev Sets the preCrime contract address.
     * @param _preCrime The address of the preCrime contract.
     */
    function setPreCrime(address _preCrime) external;

    /**
     * @dev Mocks receiving a packet, then reverts with a series of data to infer the state/result.
     * @param _packets An array of LayerZero InboundPacket objects representing received packets.
     */
    function lzReceiveAndRevert(InboundPacket[] calldata _packets) external payable;

    /**
     * @dev checks if the specified peer is considered 'trusted' by the OApp.
     * @param _eid The endpoint Id to check.
     * @param _peer The peer to check.
     * @return Whether the peer passed is considered 'trusted' by the OApp.
     */
    function isPeer(uint32 _eid, bytes32 _peer) external view returns (bool);
}

File 14 of 159 : IPreCrime.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;
struct PreCrimePeer {
    uint32 eid;
    bytes32 preCrime;
    bytes32 oApp;
}

// TODO not done yet
interface IPreCrime {
    error OnlyOffChain();

    // for simulate()
    error PacketOversize(uint256 max, uint256 actual);
    error PacketUnsorted();
    error SimulationFailed(bytes reason);

    // for preCrime()
    error SimulationResultNotFound(uint32 eid);
    error InvalidSimulationResult(uint32 eid, bytes reason);
    error CrimeFound(bytes crime);

    function getConfig(bytes[] calldata _packets, uint256[] calldata _packetMsgValues) external returns (bytes memory);

    function simulate(
        bytes[] calldata _packets,
        uint256[] calldata _packetMsgValues
    ) external payable returns (bytes memory);

    function buildSimulationResult() external view returns (bytes memory);

    function preCrime(
        bytes[] calldata _packets,
        uint256[] calldata _packetMsgValues,
        bytes[] calldata _simulations
    ) external;

    function version() external view returns (uint64 major, uint8 minor);
}

File 15 of 159 : Packet.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { Origin } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
import { PacketV1Codec } from "@layerzerolabs/lz-evm-protocol-v2/contracts/messagelib/libs/PacketV1Codec.sol";

/**
 * @title InboundPacket
 * @dev Structure representing an inbound packet received by the contract.
 */
struct InboundPacket {
    Origin origin; // Origin information of the packet.
    uint32 dstEid; // Destination endpointId of the packet.
    address receiver; // Receiver address for the packet.
    bytes32 guid; // Unique identifier of the packet.
    uint256 value; // msg.value of the packet.
    address executor; // Executor address for the packet.
    bytes message; // Message payload of the packet.
    bytes extraData; // Additional arbitrary data for the packet.
}

/**
 * @title PacketDecoder
 * @dev Library for decoding LayerZero packets.
 */
library PacketDecoder {
    using PacketV1Codec for bytes;

    /**
     * @dev Decode an inbound packet from the given packet data.
     * @param _packet The packet data to decode.
     * @return packet An InboundPacket struct representing the decoded packet.
     */
    function decode(bytes calldata _packet) internal pure returns (InboundPacket memory packet) {
        packet.origin = Origin(_packet.srcEid(), _packet.sender(), _packet.nonce());
        packet.dstEid = _packet.dstEid();
        packet.receiver = _packet.receiverB20();
        packet.guid = _packet.guid();
        packet.message = _packet.message();
    }

    /**
     * @dev Decode multiple inbound packets from the given packet data and associated message values.
     * @param _packets An array of packet data to decode.
     * @param _packetMsgValues An array of associated message values for each packet.
     * @return packets An array of InboundPacket structs representing the decoded packets.
     */
    function decode(
        bytes[] calldata _packets,
        uint256[] memory _packetMsgValues
    ) internal pure returns (InboundPacket[] memory packets) {
        packets = new InboundPacket[](_packets.length);
        for (uint256 i = 0; i < _packets.length; i++) {
            bytes calldata packet = _packets[i];
            packets[i] = PacketDecoder.decode(packet);
            // @dev Allows the verifier to specify the msg.value that gets passed in lzReceive.
            packets[i].value = _packetMsgValues[i];
        }
    }
}

File 16 of 159 : OAppPreCrimeSimulator.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { IPreCrime } from "./interfaces/IPreCrime.sol";
import { IOAppPreCrimeSimulator, InboundPacket, Origin } from "./interfaces/IOAppPreCrimeSimulator.sol";

/**
 * @title OAppPreCrimeSimulator
 * @dev Abstract contract serving as the base for preCrime simulation functionality in an OApp.
 */
abstract contract OAppPreCrimeSimulator is IOAppPreCrimeSimulator, Ownable {
    // The address of the preCrime implementation.
    address public preCrime;

    /**
     * @dev Retrieves the address of the OApp contract.
     * @return The address of the OApp contract.
     *
     * @dev The simulator contract is the base contract for the OApp by default.
     * @dev If the simulator is a separate contract, override this function.
     */
    function oApp() external view virtual returns (address) {
        return address(this);
    }

    /**
     * @dev Sets the preCrime contract address.
     * @param _preCrime The address of the preCrime contract.
     */
    function setPreCrime(address _preCrime) public virtual onlyOwner {
        preCrime = _preCrime;
        emit PreCrimeSet(_preCrime);
    }

    /**
     * @dev Interface for pre-crime simulations. Always reverts at the end with the simulation results.
     * @param _packets An array of InboundPacket objects representing received packets to be delivered.
     *
     * @dev WARNING: MUST revert at the end with the simulation results.
     * @dev Gives the preCrime implementation the ability to mock sending packets to the lzReceive function,
     * WITHOUT actually executing them.
     */
    function lzReceiveAndRevert(InboundPacket[] calldata _packets) public payable virtual {
        for (uint256 i = 0; i < _packets.length; i++) {
            InboundPacket calldata packet = _packets[i];

            // Ignore packets that are not from trusted peers.
            if (!isPeer(packet.origin.srcEid, packet.origin.sender)) continue;

            // @dev Because a verifier is calling this function, it doesnt have access to executor params:
            //  - address _executor
            //  - bytes calldata _extraData
            // preCrime will NOT work for OApps that rely on these two parameters inside of their _lzReceive().
            // They are instead stubbed to default values, address(0) and bytes("")
            // @dev Calling this.lzReceiveSimulate removes ability for assembly return 0 callstack exit,
            // which would cause the revert to be ignored.
            this.lzReceiveSimulate{ value: packet.value }(
                packet.origin,
                packet.guid,
                packet.message,
                packet.executor,
                packet.extraData
            );
        }

        // @dev Revert with the simulation results. msg.sender must implement IPreCrime.buildSimulationResult().
        revert SimulationResult(IPreCrime(msg.sender).buildSimulationResult());
    }

    /**
     * @dev Is effectively an internal function because msg.sender must be address(this).
     * Allows resetting the call stack for 'internal' calls.
     * @param _origin The origin information containing the source endpoint and sender address.
     *  - srcEid: The source chain endpoint ID.
     *  - sender: The sender address on the src chain.
     *  - nonce: The nonce of the message.
     * @param _guid The unique identifier of the packet.
     * @param _message The message payload of the packet.
     * @param _executor The executor address for the packet.
     * @param _extraData Additional data for the packet.
     */
    function lzReceiveSimulate(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address _executor,
        bytes calldata _extraData
    ) external payable virtual {
        // @dev Ensure ONLY can be called 'internally'.
        if (msg.sender != address(this)) revert OnlySelf();
        _lzReceiveSimulate(_origin, _guid, _message, _executor, _extraData);
    }

    /**
     * @dev Internal function to handle the OAppPreCrimeSimulator simulated receive.
     * @param _origin The origin information.
     *  - srcEid: The source chain endpoint ID.
     *  - sender: The sender address from the src chain.
     *  - nonce: The nonce of the LayerZero message.
     * @param _guid The GUID of the LayerZero message.
     * @param _message The LayerZero message.
     * @param _executor The address of the off-chain executor.
     * @param _extraData Arbitrary data passed by the msg executor.
     *
     * @dev Enables the preCrime simulator to mock sending lzReceive() messages,
     * routes the msg down from the OAppPreCrimeSimulator, and back up to the OAppReceiver.
     */
    function _lzReceiveSimulate(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address _executor,
        bytes calldata _extraData
    ) internal virtual;

    /**
     * @dev checks if the specified peer is considered 'trusted' by the OApp.
     * @param _eid The endpoint Id to check.
     * @param _peer The peer to check.
     * @return Whether the peer passed is considered 'trusted' by the OApp.
     */
    function isPeer(uint32 _eid, bytes32 _peer) public view virtual returns (bool);
}

File 17 of 159 : ILayerZeroEndpointV2.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

import { IMessageLibManager } from "./IMessageLibManager.sol";
import { IMessagingComposer } from "./IMessagingComposer.sol";
import { IMessagingChannel } from "./IMessagingChannel.sol";
import { IMessagingContext } from "./IMessagingContext.sol";

struct MessagingParams {
    uint32 dstEid;
    bytes32 receiver;
    bytes message;
    bytes options;
    bool payInLzToken;
}

struct MessagingReceipt {
    bytes32 guid;
    uint64 nonce;
    MessagingFee fee;
}

struct MessagingFee {
    uint256 nativeFee;
    uint256 lzTokenFee;
}

struct Origin {
    uint32 srcEid;
    bytes32 sender;
    uint64 nonce;
}

enum ExecutionState {
    NotExecutable,
    Executable,
    Executed
}

interface ILayerZeroEndpointV2 is IMessageLibManager, IMessagingComposer, IMessagingChannel, IMessagingContext {
    event PacketSent(bytes encodedPayload, bytes options, address sendLibrary);

    event PacketVerified(Origin origin, address receiver, bytes32 payloadHash);

    event PacketDelivered(Origin origin, address receiver);

    event LzReceiveAlert(
        address indexed receiver,
        address indexed executor,
        Origin origin,
        bytes32 guid,
        uint256 gas,
        uint256 value,
        bytes message,
        bytes extraData,
        bytes reason
    );

    event LzTokenSet(address token);

    function quote(MessagingParams calldata _params, address _sender) external view returns (MessagingFee memory);

    function send(
        MessagingParams calldata _params,
        address _refundAddress
    ) external payable returns (MessagingReceipt memory);

    function verify(Origin calldata _origin, address _receiver, bytes32 _payloadHash) external;

    function verifiable(
        Origin calldata _origin,
        address _receiver,
        address _receiveLib,
        bytes32 _payloadHash
    ) external view returns (bool);

    function executable(Origin calldata _origin, address _receiver) external view returns (ExecutionState);

    function lzReceive(
        Origin calldata _origin,
        address _receiver,
        bytes32 _guid,
        bytes calldata _message,
        bytes calldata _extraData
    ) external payable;

    // oapp can burn messages partially by calling this function with its own business logic if messages are verified in order
    function clear(address _oapp, Origin calldata _origin, bytes32 _guid, bytes calldata _message) external;

    function setLzToken(address _lzToken) external;

    function lzToken() external view returns (address);

    function nativeToken() external view returns (address);

    function setDelegate(address _delegate) external;
}

File 18 of 159 : ILayerZeroReceiver.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

import { Origin } from "./ILayerZeroEndpointV2.sol";

interface ILayerZeroReceiver {
    function allowInitializePath(Origin calldata _origin) external view returns (bool);

    // todo: move to OAppReceiver? it is just convention for executor. we may can change it in a new Receiver version
    function nextNonce(uint32 _eid, bytes32 _sender) external view returns (uint64);

    function lzReceive(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address _executor,
        bytes calldata _extraData
    ) external payable;
}

File 19 of 159 : IMessageLib.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol";

import { SetConfigParam } from "./IMessageLibManager.sol";

enum MessageLibType {
    Send,
    Receive,
    SendAndReceive
}

interface IMessageLib is IERC165 {
    function setConfig(address _oapp, SetConfigParam[] calldata _config) external;

    function getConfig(uint32 _eid, address _oapp, uint32 _configType) external view returns (bytes memory config);

    function isSupportedEid(uint32 _eid) external view returns (bool);

    // message libs of same major version are compatible
    function version() external view returns (uint64 major, uint8 minor, uint8 endpointVersion);

    function messageLibType() external view returns (MessageLibType);
}

File 20 of 159 : IMessageLibManager.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

struct SetConfigParam {
    uint32 eid;
    uint32 configType;
    bytes config;
}

interface IMessageLibManager {
    struct Timeout {
        address lib;
        uint256 expiry;
    }

    event LibraryRegistered(address newLib);
    event DefaultSendLibrarySet(uint32 eid, address newLib);
    event DefaultReceiveLibrarySet(uint32 eid, address oldLib, address newLib);
    event DefaultReceiveLibraryTimeoutSet(uint32 eid, address oldLib, uint256 expiry);
    event SendLibrarySet(address sender, uint32 eid, address newLib);
    event ReceiveLibrarySet(address receiver, uint32 eid, address oldLib, address newLib);
    event ReceiveLibraryTimeoutSet(address receiver, uint32 eid, address oldLib, uint256 timeout);

    function registerLibrary(address _lib) external;

    function isRegisteredLibrary(address _lib) external view returns (bool);

    function getRegisteredLibraries() external view returns (address[] memory);

    function setDefaultSendLibrary(uint32 _eid, address _newLib) external;

    function defaultSendLibrary(uint32 _eid) external view returns (address);

    function setDefaultReceiveLibrary(uint32 _eid, address _newLib, uint256 _timeout) external;

    function defaultReceiveLibrary(uint32 _eid) external view returns (address);

    function setDefaultReceiveLibraryTimeout(uint32 _eid, address _lib, uint256 _expiry) external;

    function defaultReceiveLibraryTimeout(uint32 _eid) external view returns (address lib, uint256 expiry);

    function isSupportedEid(uint32 _eid) external view returns (bool);

    /// ------------------- OApp interfaces -------------------
    function setSendLibrary(address _oapp, uint32 _eid, address _newLib) external;

    function getSendLibrary(address _sender, uint32 _eid) external view returns (address lib);

    function isDefaultSendLibrary(address _sender, uint32 _eid) external view returns (bool);

    function setReceiveLibrary(address _oapp, uint32 _eid, address _newLib, uint256 _gracePeriod) external;

    function getReceiveLibrary(address _receiver, uint32 _eid) external view returns (address lib, bool isDefault);

    function setReceiveLibraryTimeout(address _oapp, uint32 _eid, address _lib, uint256 _gracePeriod) external;

    function receiveLibraryTimeout(address _receiver, uint32 _eid) external view returns (address lib, uint256 expiry);

    function setConfig(address _oapp, address _lib, SetConfigParam[] calldata _params) external;

    function getConfig(
        address _oapp,
        address _lib,
        uint32 _eid,
        uint32 _configType
    ) external view returns (bytes memory config);
}

File 21 of 159 : IMessagingChannel.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

interface IMessagingChannel {
    event InboundNonceSkipped(uint32 srcEid, bytes32 sender, address receiver, uint64 nonce);
    event PacketNilified(uint32 srcEid, bytes32 sender, address receiver, uint64 nonce, bytes32 payloadHash);
    event PacketBurnt(uint32 srcEid, bytes32 sender, address receiver, uint64 nonce, bytes32 payloadHash);

    function eid() external view returns (uint32);

    // this is an emergency function if a message cannot be verified for some reasons
    // required to provide _nextNonce to avoid race condition
    function skip(address _oapp, uint32 _srcEid, bytes32 _sender, uint64 _nonce) external;

    function nilify(address _oapp, uint32 _srcEid, bytes32 _sender, uint64 _nonce, bytes32 _payloadHash) external;

    function burn(address _oapp, uint32 _srcEid, bytes32 _sender, uint64 _nonce, bytes32 _payloadHash) external;

    function nextGuid(address _sender, uint32 _dstEid, bytes32 _receiver) external view returns (bytes32);

    function inboundNonce(address _receiver, uint32 _srcEid, bytes32 _sender) external view returns (uint64);

    function outboundNonce(address _sender, uint32 _dstEid, bytes32 _receiver) external view returns (uint64);

    function inboundPayloadHash(
        address _receiver,
        uint32 _srcEid,
        bytes32 _sender,
        uint64 _nonce
    ) external view returns (bytes32);
}

File 22 of 159 : IMessagingComposer.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

interface IMessagingComposer {
    event ComposeSent(address from, address to, bytes32 guid, uint16 index, bytes message);
    event ComposeDelivered(address from, address to, bytes32 guid, uint16 index);
    event LzComposeAlert(
        address indexed from,
        address indexed to,
        address indexed executor,
        bytes32 guid,
        uint16 index,
        uint256 gas,
        uint256 value,
        bytes message,
        bytes extraData,
        bytes reason
    );

    function composeQueue(
        address _from,
        address _to,
        bytes32 _guid,
        uint16 _index
    ) external view returns (bytes32 messageHash);

    function sendCompose(address _to, bytes32 _guid, uint16 _index, bytes calldata _message) external;

    function lzCompose(
        address _from,
        address _to,
        bytes32 _guid,
        uint16 _index,
        bytes calldata _message,
        bytes calldata _extraData
    ) external payable;
}

File 23 of 159 : IMessagingContext.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

interface IMessagingContext {
    function isSendingMessage() external view returns (bool);

    function getSendContext() external view returns (uint32 dstEid, address sender);
}

File 24 of 159 : ISendLib.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

import { MessagingFee } from "./ILayerZeroEndpointV2.sol";
import { IMessageLib } from "./IMessageLib.sol";

struct Packet {
    uint64 nonce;
    uint32 srcEid;
    address sender;
    uint32 dstEid;
    bytes32 receiver;
    bytes32 guid;
    bytes message;
}

interface ISendLib is IMessageLib {
    function send(
        Packet calldata _packet,
        bytes calldata _options,
        bool _payInLzToken
    ) external returns (MessagingFee memory, bytes memory encodedPacket);

    function quote(
        Packet calldata _packet,
        bytes calldata _options,
        bool _payInLzToken
    ) external view returns (MessagingFee memory);

    function setTreasury(address _treasury) external;

    function withdrawFee(address _to, uint256 _amount) external;

    function withdrawLzTokenFee(address _lzToken, address _to, uint256 _amount) external;
}

File 25 of 159 : AddressCast.sol
// SPDX-License-Identifier: LZBL-1.2

pragma solidity ^0.8.22;

import { Errors } from "./Errors.sol";

library AddressCast {
    function toBytes32(bytes calldata _addressBytes) internal pure returns (bytes32 result) {
        if (_addressBytes.length > 32) revert Errors.InvalidAddress();
        result = bytes32(_addressBytes);
        unchecked {
            uint256 offset = 32 - _addressBytes.length;
            result = result >> (offset * 8);
        }
    }

    function toBytes32(address _address) internal pure returns (bytes32 result) {
        result = bytes32(uint256(uint160(_address)));
    }

    function toBytes(bytes32 _addressBytes32, uint256 _size) internal pure returns (bytes memory result) {
        if (_size == 0 || _size > 32) revert Errors.InvalidSizeForAddress();
        result = new bytes(_size);
        unchecked {
            uint256 offset = 256 - _size * 8;
            assembly {
                mstore(add(result, 32), shl(offset, _addressBytes32))
            }
        }
    }

    function toAddress(bytes32 _addressBytes32) internal pure returns (address result) {
        result = address(uint160(uint256(_addressBytes32)));
    }

    function toAddress(bytes calldata _addressBytes) internal pure returns (address result) {
        if (_addressBytes.length != 20) revert Errors.InvalidAddress();
        result = address(bytes20(_addressBytes));
    }
}

File 26 of 159 : Errors.sol
// SPDX-License-Identifier: LZBL-1.2

pragma solidity ^0.8.22;

library Errors {
    error LzTokenUnavailable();
    error OnlyAltToken();
    error InvalidReceiveLibrary();
    error InvalidNonce(uint64 nonce);
    error InvalidArgument();
    error InvalidExpiry();
    error InvalidAmount(uint256 required, uint256 supplied);
    error OnlyRegisteredOrDefaultLib();
    error OnlyRegisteredLib();
    error OnlyNonDefaultLib();
    error Unauthorized();
    error DefaultSendLibUnavailable();
    error DefaultReceiveLibUnavailable();
    error PathNotInitializable();
    error PathNotVerifiable();
    error OnlySendLib();
    error OnlyReceiveLib();
    error UnsupportedEid();
    error UnsupportedInterface();
    error AlreadyRegistered();
    error SameValue();
    error InvalidPayloadHash();
    error PayloadHashNotFound(bytes32 expected, bytes32 actual);
    error ComposeNotFound(bytes32 expected, bytes32 actual);
    error ComposeExists();
    error SendReentrancy();
    error NotImplemented();
    error InvalidAddress();
    error InvalidSizeForAddress();
    error InsufficientFee(
        uint256 requiredNative,
        uint256 suppliedNative,
        uint256 requiredLzToken,
        uint256 suppliedLzToken
    );
    error ZeroLzTokenFee();
}

File 27 of 159 : PacketV1Codec.sol
// SPDX-License-Identifier: LZBL-1.2

pragma solidity ^0.8.22;

import { Packet } from "../../interfaces/ISendLib.sol";
import { AddressCast } from "../../libs/AddressCast.sol";

library PacketV1Codec {
    using AddressCast for address;
    using AddressCast for bytes32;

    uint8 internal constant PACKET_VERSION = 1;

    // header (version + nonce + path)
    // version
    uint256 private constant PACKET_VERSION_OFFSET = 0;
    //    nonce
    uint256 private constant NONCE_OFFSET = 1;
    //    path
    uint256 private constant SRC_EID_OFFSET = 9;
    uint256 private constant SENDER_OFFSET = 13;
    uint256 private constant DST_EID_OFFSET = 45;
    uint256 private constant RECEIVER_OFFSET = 49;
    // payload (guid + message)
    uint256 private constant GUID_OFFSET = 81; // keccak256(nonce + path)
    uint256 private constant MESSAGE_OFFSET = 113;

    function encode(Packet memory _packet) internal pure returns (bytes memory encodedPacket) {
        encodedPacket = abi.encodePacked(
            PACKET_VERSION,
            _packet.nonce,
            _packet.srcEid,
            _packet.sender.toBytes32(),
            _packet.dstEid,
            _packet.receiver,
            _packet.guid,
            _packet.message
        );
    }

    function encodePacketHeader(Packet memory _packet) internal pure returns (bytes memory) {
        return
            abi.encodePacked(
                PACKET_VERSION,
                _packet.nonce,
                _packet.srcEid,
                _packet.sender.toBytes32(),
                _packet.dstEid,
                _packet.receiver
            );
    }

    function encodePayload(Packet memory _packet) internal pure returns (bytes memory) {
        return abi.encodePacked(_packet.guid, _packet.message);
    }

    function header(bytes calldata _packet) internal pure returns (bytes calldata) {
        return _packet[0:GUID_OFFSET];
    }

    function version(bytes calldata _packet) internal pure returns (uint8) {
        return uint8(bytes1(_packet[PACKET_VERSION_OFFSET:NONCE_OFFSET]));
    }

    function nonce(bytes calldata _packet) internal pure returns (uint64) {
        return uint64(bytes8(_packet[NONCE_OFFSET:SRC_EID_OFFSET]));
    }

    function srcEid(bytes calldata _packet) internal pure returns (uint32) {
        return uint32(bytes4(_packet[SRC_EID_OFFSET:SENDER_OFFSET]));
    }

    function sender(bytes calldata _packet) internal pure returns (bytes32) {
        return bytes32(_packet[SENDER_OFFSET:DST_EID_OFFSET]);
    }

    function senderAddressB20(bytes calldata _packet) internal pure returns (address) {
        return sender(_packet).toAddress();
    }

    function dstEid(bytes calldata _packet) internal pure returns (uint32) {
        return uint32(bytes4(_packet[DST_EID_OFFSET:RECEIVER_OFFSET]));
    }

    function receiver(bytes calldata _packet) internal pure returns (bytes32) {
        return bytes32(_packet[RECEIVER_OFFSET:GUID_OFFSET]);
    }

    function receiverB20(bytes calldata _packet) internal pure returns (address) {
        return receiver(_packet).toAddress();
    }

    function guid(bytes calldata _packet) internal pure returns (bytes32) {
        return bytes32(_packet[GUID_OFFSET:MESSAGE_OFFSET]);
    }

    function message(bytes calldata _packet) internal pure returns (bytes calldata) {
        return bytes(_packet[MESSAGE_OFFSET:]);
    }

    function payload(bytes calldata _packet) internal pure returns (bytes calldata) {
        return bytes(_packet[GUID_OFFSET:]);
    }

    function payloadHash(bytes calldata _packet) internal pure returns (bytes32) {
        return keccak256(payload(_packet));
    }
}

File 28 of 159 : IOFT.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.5.0;

import "./IOFTCore.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";

/**
 * @dev Interface of the OFT standard
 */
interface IOFT is IOFTCore, IERC20 {

}

File 29 of 159 : IOFTCore.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.5.0;

import "@openzeppelin/contracts/utils/introspection/IERC165.sol";

/**
 * @dev Interface of the IOFT core standard
 */
interface IOFTCore is IERC165 {
    /**
     * @dev estimate send token `_tokenId` to (`_dstChainId`, `_toAddress`)
     * _dstChainId - L0 defined chain id to send tokens too
     * _toAddress - dynamic bytes array which contains the address to whom you are sending tokens to on the dstChain
     * _amount - amount of the tokens to transfer
     * _useZro - indicates to use zro to pay L0 fees
     * _adapterParam - flexible bytes array to indicate messaging adapter services in L0
     */
    function estimateSendFee(uint16 _dstChainId, bytes calldata _toAddress, uint _amount, bool _useZro, bytes calldata _adapterParams) external view returns (uint nativeFee, uint zroFee);

    /**
     * @dev send `_amount` amount of token to (`_dstChainId`, `_toAddress`) from `_from`
     * `_from` the owner of token
     * `_dstChainId` the destination chain identifier
     * `_toAddress` can be any size depending on the `dstChainId`.
     * `_amount` the quantity of tokens in wei
     * `_refundAddress` the address LayerZero refunds if too much message fee is sent
     * `_zroPaymentAddress` set to address(0x0) if not paying in ZRO (LayerZero Token)
     * `_adapterParams` is a flexible bytes array to indicate messaging adapter services
     */
    function sendFrom(address _from, uint16 _dstChainId, bytes calldata _toAddress, uint _amount, address payable _refundAddress, address _zroPaymentAddress, bytes calldata _adapterParams) external payable;

    /**
     * @dev returns the circulating amount of tokens on current chain
     */
    function circulatingSupply() external view returns (uint);

    /**
     * @dev returns the address of the ERC20 token
     */
    function token() external view returns (address);

    /**
     * @dev Emitted when `_amount` tokens are moved from the `_sender` to (`_dstChainId`, `_toAddress`)
     * `_nonce` is the outbound nonce
     */
    event SendToChain(uint16 indexed _dstChainId, address indexed _from, bytes _toAddress, uint _amount);

    /**
     * @dev Emitted when `_amount` tokens are received from `_srcChainId` into the `_toAddress` on the local chain.
     * `_nonce` is the inbound nonce.
     */
    event ReceiveFromChain(uint16 indexed _srcChainId, address indexed _to, uint _amount);

    event SetUseCustomAdapterParams(bool _useCustomAdapterParams);
}

File 30 of 159 : IOFTWithFee.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.5.0;

import "../interfaces/ICommonOFT.sol";

/**
 * @dev Interface of the IOFT core standard
 */
interface IOFTWithFee is ICommonOFT {

    /**
     * @dev send `_amount` amount of token to (`_dstChainId`, `_toAddress`) from `_from`
     * `_from` the owner of token
     * `_dstChainId` the destination chain identifier
     * `_toAddress` can be any size depending on the `dstChainId`.
     * `_amount` the quantity of tokens in wei
     * `_minAmount` the minimum amount of tokens to receive on dstChain
     * `_refundAddress` the address LayerZero refunds if too much message fee is sent
     * `_zroPaymentAddress` set to address(0x0) if not paying in ZRO (LayerZero Token)
     * `_adapterParams` is a flexible bytes array to indicate messaging adapter services
     */
    function sendFrom(address _from, uint16 _dstChainId, bytes32 _toAddress, uint _amount, uint _minAmount, LzCallParams calldata _callParams) external payable;

    function sendAndCall(address _from, uint16 _dstChainId, bytes32 _toAddress, uint _amount, uint _minAmount, bytes calldata _payload, uint64 _dstGasForCall, LzCallParams calldata _callParams) external payable;
}

File 31 of 159 : ICommonOFT.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.5.0;

import "@openzeppelin/contracts/utils/introspection/IERC165.sol";

/**
 * @dev Interface of the IOFT core standard
 */
interface ICommonOFT is IERC165 {

    struct LzCallParams {
        address payable refundAddress;
        address zroPaymentAddress;
        bytes adapterParams;
    }

    /**
     * @dev estimate send token `_tokenId` to (`_dstChainId`, `_toAddress`)
     * _dstChainId - L0 defined chain id to send tokens too
     * _toAddress - dynamic bytes array which contains the address to whom you are sending tokens to on the dstChain
     * _amount - amount of the tokens to transfer
     * _useZro - indicates to use zro to pay L0 fees
     * _adapterParam - flexible bytes array to indicate messaging adapter services in L0
     */
    function estimateSendFee(uint16 _dstChainId, bytes32 _toAddress, uint _amount, bool _useZro, bytes calldata _adapterParams) external view returns (uint nativeFee, uint zroFee);

    function estimateSendAndCallFee(uint16 _dstChainId, bytes32 _toAddress, uint _amount, bytes calldata _payload, uint64 _dstGasForCall, bool _useZro, bytes calldata _adapterParams) external view returns (uint nativeFee, uint zroFee);

    /**
     * @dev returns the circulating amount of tokens on current chain
     */
    function circulatingSupply() external view returns (uint);

    /**
     * @dev returns the address of the ERC20 token
     */
    function token() external view returns (address);
}

File 32 of 159 : IOFTV2.sol
// SPDX-License-Identifier: MIT

pragma solidity >=0.5.0;

import "./ICommonOFT.sol";

/**
 * @dev Interface of the IOFT core standard
 */
interface IOFTV2 is ICommonOFT {

    /**
     * @dev send `_amount` amount of token to (`_dstChainId`, `_toAddress`) from `_from`
     * `_from` the owner of token
     * `_dstChainId` the destination chain identifier
     * `_toAddress` can be any size depending on the `dstChainId`.
     * `_amount` the quantity of tokens in wei
     * `_refundAddress` the address LayerZero refunds if too much message fee is sent
     * `_zroPaymentAddress` set to address(0x0) if not paying in ZRO (LayerZero Token)
     * `_adapterParams` is a flexible bytes array to indicate messaging adapter services
     */
    function sendFrom(address _from, uint16 _dstChainId, bytes32 _toAddress, uint _amount, LzCallParams calldata _callParams) external payable;

    function sendAndCall(address _from, uint16 _dstChainId, bytes32 _toAddress, uint _amount, bytes calldata _payload, uint64 _dstGasForCall, LzCallParams calldata _callParams) external payable;
}

File 33 of 159 : OwnableUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)

pragma solidity ^0.8.0;

import "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * By default, the owner account will be the one that deploys the contract. This
 * can later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
    address private _owner;

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the deployer as the initial owner.
     */
    function __Ownable_init() internal onlyInitializing {
        __Ownable_init_unchained();
    }

    function __Ownable_init_unchained() internal onlyInitializing {
        _transferOwnership(_msgSender());
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        require(owner() == _msgSender(), "Ownable: caller is not the owner");
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        require(newOwner != address(0), "Ownable: new owner is the zero address");
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[49] private __gap;
}

File 34 of 159 : Initializable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.2;

import "../../utils/AddressUpgradeable.sol";

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```solidity
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 *
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
    /**
     * @dev Indicates that the contract has been initialized.
     * @custom:oz-retyped-from bool
     */
    uint8 private _initialized;

    /**
     * @dev Indicates that the contract is in the process of being initialized.
     */
    bool private _initializing;

    /**
     * @dev Triggered when the contract has been initialized or reinitialized.
     */
    event Initialized(uint8 version);

    /**
     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
     * `onlyInitializing` functions can be used to initialize parent contracts.
     *
     * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
     * constructor.
     *
     * Emits an {Initialized} event.
     */
    modifier initializer() {
        bool isTopLevelCall = !_initializing;
        require(
            (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
            "Initializable: contract is already initialized"
        );
        _initialized = 1;
        if (isTopLevelCall) {
            _initializing = true;
        }
        _;
        if (isTopLevelCall) {
            _initializing = false;
            emit Initialized(1);
        }
    }

    /**
     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
     * used to initialize parent contracts.
     *
     * A reinitializer may be used after the original initialization step. This is essential to configure modules that
     * are added through upgrades and that require initialization.
     *
     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
     * cannot be nested. If one is invoked in the context of another, execution will revert.
     *
     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
     * a contract, executing them in the right order is up to the developer or operator.
     *
     * WARNING: setting the version to 255 will prevent any future reinitialization.
     *
     * Emits an {Initialized} event.
     */
    modifier reinitializer(uint8 version) {
        require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
        _initialized = version;
        _initializing = true;
        _;
        _initializing = false;
        emit Initialized(version);
    }

    /**
     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
     * {initializer} and {reinitializer} modifiers, directly or indirectly.
     */
    modifier onlyInitializing() {
        require(_initializing, "Initializable: contract is not initializing");
        _;
    }

    /**
     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
     * through proxies.
     *
     * Emits an {Initialized} event the first time it is successfully executed.
     */
    function _disableInitializers() internal virtual {
        require(!_initializing, "Initializable: contract is initializing");
        if (_initialized != type(uint8).max) {
            _initialized = type(uint8).max;
            emit Initialized(type(uint8).max);
        }
    }

    /**
     * @dev Returns the highest version that has been initialized. See {reinitializer}.
     */
    function _getInitializedVersion() internal view returns (uint8) {
        return _initialized;
    }

    /**
     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
     */
    function _isInitializing() internal view returns (bool) {
        return _initializing;
    }
}

File 35 of 159 : ERC20Upgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.0;

import "./IERC20Upgradeable.sol";
import "./extensions/IERC20MetadataUpgradeable.sol";
import "../../utils/ContextUpgradeable.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 * For a generic mechanism see {ERC20PresetMinterPauser}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC20
 * applications.
 *
 * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
 * This allows applications to reconstruct the allowance for all accounts just
 * by listening to said events. Other implementations of the EIP may not emit
 * these events, as it isn't required by the specification.
 *
 * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
 * functions have been added to mitigate the well-known issues around setting
 * allowances. See {IERC20-approve}.
 */
contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable {
    mapping(address => uint256) private _balances;

    mapping(address => mapping(address => uint256)) private _allowances;

    uint256 private _totalSupply;

    string private _name;
    string private _symbol;

    /**
     * @dev Sets the values for {name} and {symbol}.
     *
     * All two of these values are immutable: they can only be set once during
     * construction.
     */
    function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
        __ERC20_init_unchained(name_, symbol_);
    }

    function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
        _name = name_;
        _symbol = symbol_;
    }

    /**
     * @dev Returns the name of the token.
     */
    function name() public view virtual override returns (string memory) {
        return _name;
    }

    /**
     * @dev Returns the symbol of the token, usually a shorter version of the
     * name.
     */
    function symbol() public view virtual override returns (string memory) {
        return _symbol;
    }

    /**
     * @dev Returns the number of decimals used to get its user representation.
     * For example, if `decimals` equals `2`, a balance of `505` tokens should
     * be displayed to a user as `5.05` (`505 / 10 ** 2`).
     *
     * Tokens usually opt for a value of 18, imitating the relationship between
     * Ether and Wei. This is the default value returned by this function, unless
     * it's overridden.
     *
     * NOTE: This information is only used for _display_ purposes: it in
     * no way affects any of the arithmetic of the contract, including
     * {IERC20-balanceOf} and {IERC20-transfer}.
     */
    function decimals() public view virtual override returns (uint8) {
        return 18;
    }

    /**
     * @dev See {IERC20-totalSupply}.
     */
    function totalSupply() public view virtual override returns (uint256) {
        return _totalSupply;
    }

    /**
     * @dev See {IERC20-balanceOf}.
     */
    function balanceOf(address account) public view virtual override returns (uint256) {
        return _balances[account];
    }

    /**
     * @dev See {IERC20-transfer}.
     *
     * Requirements:
     *
     * - `to` cannot be the zero address.
     * - the caller must have a balance of at least `amount`.
     */
    function transfer(address to, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _transfer(owner, to, amount);
        return true;
    }

    /**
     * @dev See {IERC20-allowance}.
     */
    function allowance(address owner, address spender) public view virtual override returns (uint256) {
        return _allowances[owner][spender];
    }

    /**
     * @dev See {IERC20-approve}.
     *
     * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
     * `transferFrom`. This is semantically equivalent to an infinite approval.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function approve(address spender, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, amount);
        return true;
    }

    /**
     * @dev See {IERC20-transferFrom}.
     *
     * Emits an {Approval} event indicating the updated allowance. This is not
     * required by the EIP. See the note at the beginning of {ERC20}.
     *
     * NOTE: Does not update the allowance if the current allowance
     * is the maximum `uint256`.
     *
     * Requirements:
     *
     * - `from` and `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     * - the caller must have allowance for ``from``'s tokens of at least
     * `amount`.
     */
    function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
        address spender = _msgSender();
        _spendAllowance(from, spender, amount);
        _transfer(from, to, amount);
        return true;
    }

    /**
     * @dev Atomically increases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, allowance(owner, spender) + addedValue);
        return true;
    }

    /**
     * @dev Atomically decreases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `spender` must have allowance for the caller of at least
     * `subtractedValue`.
     */
    function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
        address owner = _msgSender();
        uint256 currentAllowance = allowance(owner, spender);
        require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
        unchecked {
            _approve(owner, spender, currentAllowance - subtractedValue);
        }

        return true;
    }

    /**
     * @dev Moves `amount` of tokens from `from` to `to`.
     *
     * This internal function is equivalent to {transfer}, and can be used to
     * e.g. implement automatic token fees, slashing mechanisms, etc.
     *
     * Emits a {Transfer} event.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     */
    function _transfer(address from, address to, uint256 amount) internal virtual {
        require(from != address(0), "ERC20: transfer from the zero address");
        require(to != address(0), "ERC20: transfer to the zero address");

        _beforeTokenTransfer(from, to, amount);

        uint256 fromBalance = _balances[from];
        require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
        unchecked {
            _balances[from] = fromBalance - amount;
            // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
            // decrementing then incrementing.
            _balances[to] += amount;
        }

        emit Transfer(from, to, amount);

        _afterTokenTransfer(from, to, amount);
    }

    /** @dev Creates `amount` tokens and assigns them to `account`, increasing
     * the total supply.
     *
     * Emits a {Transfer} event with `from` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     */
    function _mint(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: mint to the zero address");

        _beforeTokenTransfer(address(0), account, amount);

        _totalSupply += amount;
        unchecked {
            // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
            _balances[account] += amount;
        }
        emit Transfer(address(0), account, amount);

        _afterTokenTransfer(address(0), account, amount);
    }

    /**
     * @dev Destroys `amount` tokens from `account`, reducing the
     * total supply.
     *
     * Emits a {Transfer} event with `to` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     * - `account` must have at least `amount` tokens.
     */
    function _burn(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: burn from the zero address");

        _beforeTokenTransfer(account, address(0), amount);

        uint256 accountBalance = _balances[account];
        require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
        unchecked {
            _balances[account] = accountBalance - amount;
            // Overflow not possible: amount <= accountBalance <= totalSupply.
            _totalSupply -= amount;
        }

        emit Transfer(account, address(0), amount);

        _afterTokenTransfer(account, address(0), amount);
    }

    /**
     * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
     *
     * This internal function is equivalent to `approve`, and can be used to
     * e.g. set automatic allowances for certain subsystems, etc.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `owner` cannot be the zero address.
     * - `spender` cannot be the zero address.
     */
    function _approve(address owner, address spender, uint256 amount) internal virtual {
        require(owner != address(0), "ERC20: approve from the zero address");
        require(spender != address(0), "ERC20: approve to the zero address");

        _allowances[owner][spender] = amount;
        emit Approval(owner, spender, amount);
    }

    /**
     * @dev Updates `owner` s allowance for `spender` based on spent `amount`.
     *
     * Does not update the allowance amount in case of infinite allowance.
     * Revert if not enough allowance is available.
     *
     * Might emit an {Approval} event.
     */
    function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
        uint256 currentAllowance = allowance(owner, spender);
        if (currentAllowance != type(uint256).max) {
            require(currentAllowance >= amount, "ERC20: insufficient allowance");
            unchecked {
                _approve(owner, spender, currentAllowance - amount);
            }
        }
    }

    /**
     * @dev Hook that is called before any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * will be transferred to `to`.
     * - when `from` is zero, `amount` tokens will be minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens will be burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}

    /**
     * @dev Hook that is called after any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * has been transferred to `to`.
     * - when `from` is zero, `amount` tokens have been minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens have been burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[45] private __gap;
}

File 36 of 159 : IERC20MetadataUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity ^0.8.0;

import "../IERC20Upgradeable.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC20 standard.
 *
 * _Available since v4.1._
 */
interface IERC20MetadataUpgradeable is IERC20Upgradeable {
    /**
     * @dev Returns the name of the token.
     */
    function name() external view returns (string memory);

    /**
     * @dev Returns the symbol of the token.
     */
    function symbol() external view returns (string memory);

    /**
     * @dev Returns the decimals places of the token.
     */
    function decimals() external view returns (uint8);
}

File 37 of 159 : IERC20Upgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20Upgradeable {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the amount of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the amount of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves `amount` tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 amount) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 amount) external returns (bool);

    /**
     * @dev Moves `amount` tokens from `from` to `to` using the
     * allowance mechanism. `amount` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 amount) external returns (bool);
}

File 38 of 159 : AddressUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library AddressUpgradeable {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     *
     * Furthermore, `isContract` will also return true if the target contract within
     * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
     * which only has an effect at the end of a transaction.
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionDelegateCall(target, data, "Address: low-level delegate call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
     *
     * _Available since v4.8._
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        if (success) {
            if (returndata.length == 0) {
                // only check isContract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                require(isContract(target), "Address: call to non-contract");
            }
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason or using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    function _revert(bytes memory returndata, string memory errorMessage) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert(errorMessage);
        }
    }
}

File 39 of 159 : ContextUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)

pragma solidity ^0.8.0;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[50] private __gap;
}

File 40 of 159 : Ownable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)

pragma solidity ^0.8.0;

import "../utils/Context.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * By default, the owner account will be the one that deploys the contract. This
 * can later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
    address private _owner;

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the deployer as the initial owner.
     */
    constructor() {
        _transferOwnership(_msgSender());
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        require(owner() == _msgSender(), "Ownable: caller is not the owner");
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        require(newOwner != address(0), "Ownable: new owner is the zero address");
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

File 41 of 159 : IERC5267.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)

pragma solidity ^0.8.0;

interface IERC5267 {
    /**
     * @dev MAY be emitted to signal that the domain could have changed.
     */
    event EIP712DomainChanged();

    /**
     * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
     * signature.
     */
    function eip712Domain()
        external
        view
        returns (
            bytes1 fields,
            string memory name,
            string memory version,
            uint256 chainId,
            address verifyingContract,
            bytes32 salt,
            uint256[] memory extensions
        );
}

File 42 of 159 : ReentrancyGuard.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)

pragma solidity ^0.8.0;

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuard {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant _NOT_ENTERED = 1;
    uint256 private constant _ENTERED = 2;

    uint256 private _status;

    constructor() {
        _status = _NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        // On the first call to nonReentrant, _status will be _NOT_ENTERED
        require(_status != _ENTERED, "ReentrancyGuard: reentrant call");

        // Any calls to nonReentrant after this point will fail
        _status = _ENTERED;
    }

    function _nonReentrantAfter() private {
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        _status = _NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        return _status == _ENTERED;
    }
}

File 43 of 159 : ERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.0;

import "./IERC20.sol";
import "./extensions/IERC20Metadata.sol";
import "../../utils/Context.sol";

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 * For a generic mechanism see {ERC20PresetMinterPauser}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC20
 * applications.
 *
 * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
 * This allows applications to reconstruct the allowance for all accounts just
 * by listening to said events. Other implementations of the EIP may not emit
 * these events, as it isn't required by the specification.
 *
 * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
 * functions have been added to mitigate the well-known issues around setting
 * allowances. See {IERC20-approve}.
 */
contract ERC20 is Context, IERC20, IERC20Metadata {
    mapping(address => uint256) private _balances;

    mapping(address => mapping(address => uint256)) private _allowances;

    uint256 private _totalSupply;

    string private _name;
    string private _symbol;

    /**
     * @dev Sets the values for {name} and {symbol}.
     *
     * All two of these values are immutable: they can only be set once during
     * construction.
     */
    constructor(string memory name_, string memory symbol_) {
        _name = name_;
        _symbol = symbol_;
    }

    /**
     * @dev Returns the name of the token.
     */
    function name() public view virtual override returns (string memory) {
        return _name;
    }

    /**
     * @dev Returns the symbol of the token, usually a shorter version of the
     * name.
     */
    function symbol() public view virtual override returns (string memory) {
        return _symbol;
    }

    /**
     * @dev Returns the number of decimals used to get its user representation.
     * For example, if `decimals` equals `2`, a balance of `505` tokens should
     * be displayed to a user as `5.05` (`505 / 10 ** 2`).
     *
     * Tokens usually opt for a value of 18, imitating the relationship between
     * Ether and Wei. This is the default value returned by this function, unless
     * it's overridden.
     *
     * NOTE: This information is only used for _display_ purposes: it in
     * no way affects any of the arithmetic of the contract, including
     * {IERC20-balanceOf} and {IERC20-transfer}.
     */
    function decimals() public view virtual override returns (uint8) {
        return 18;
    }

    /**
     * @dev See {IERC20-totalSupply}.
     */
    function totalSupply() public view virtual override returns (uint256) {
        return _totalSupply;
    }

    /**
     * @dev See {IERC20-balanceOf}.
     */
    function balanceOf(address account) public view virtual override returns (uint256) {
        return _balances[account];
    }

    /**
     * @dev See {IERC20-transfer}.
     *
     * Requirements:
     *
     * - `to` cannot be the zero address.
     * - the caller must have a balance of at least `amount`.
     */
    function transfer(address to, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _transfer(owner, to, amount);
        return true;
    }

    /**
     * @dev See {IERC20-allowance}.
     */
    function allowance(address owner, address spender) public view virtual override returns (uint256) {
        return _allowances[owner][spender];
    }

    /**
     * @dev See {IERC20-approve}.
     *
     * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
     * `transferFrom`. This is semantically equivalent to an infinite approval.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function approve(address spender, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, amount);
        return true;
    }

    /**
     * @dev See {IERC20-transferFrom}.
     *
     * Emits an {Approval} event indicating the updated allowance. This is not
     * required by the EIP. See the note at the beginning of {ERC20}.
     *
     * NOTE: Does not update the allowance if the current allowance
     * is the maximum `uint256`.
     *
     * Requirements:
     *
     * - `from` and `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     * - the caller must have allowance for ``from``'s tokens of at least
     * `amount`.
     */
    function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
        address spender = _msgSender();
        _spendAllowance(from, spender, amount);
        _transfer(from, to, amount);
        return true;
    }

    /**
     * @dev Atomically increases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, allowance(owner, spender) + addedValue);
        return true;
    }

    /**
     * @dev Atomically decreases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `spender` must have allowance for the caller of at least
     * `subtractedValue`.
     */
    function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
        address owner = _msgSender();
        uint256 currentAllowance = allowance(owner, spender);
        require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
        unchecked {
            _approve(owner, spender, currentAllowance - subtractedValue);
        }

        return true;
    }

    /**
     * @dev Moves `amount` of tokens from `from` to `to`.
     *
     * This internal function is equivalent to {transfer}, and can be used to
     * e.g. implement automatic token fees, slashing mechanisms, etc.
     *
     * Emits a {Transfer} event.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     */
    function _transfer(address from, address to, uint256 amount) internal virtual {
        require(from != address(0), "ERC20: transfer from the zero address");
        require(to != address(0), "ERC20: transfer to the zero address");

        _beforeTokenTransfer(from, to, amount);

        uint256 fromBalance = _balances[from];
        require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
        unchecked {
            _balances[from] = fromBalance - amount;
            // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
            // decrementing then incrementing.
            _balances[to] += amount;
        }

        emit Transfer(from, to, amount);

        _afterTokenTransfer(from, to, amount);
    }

    /** @dev Creates `amount` tokens and assigns them to `account`, increasing
     * the total supply.
     *
     * Emits a {Transfer} event with `from` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     */
    function _mint(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: mint to the zero address");

        _beforeTokenTransfer(address(0), account, amount);

        _totalSupply += amount;
        unchecked {
            // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
            _balances[account] += amount;
        }
        emit Transfer(address(0), account, amount);

        _afterTokenTransfer(address(0), account, amount);
    }

    /**
     * @dev Destroys `amount` tokens from `account`, reducing the
     * total supply.
     *
     * Emits a {Transfer} event with `to` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     * - `account` must have at least `amount` tokens.
     */
    function _burn(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: burn from the zero address");

        _beforeTokenTransfer(account, address(0), amount);

        uint256 accountBalance = _balances[account];
        require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
        unchecked {
            _balances[account] = accountBalance - amount;
            // Overflow not possible: amount <= accountBalance <= totalSupply.
            _totalSupply -= amount;
        }

        emit Transfer(account, address(0), amount);

        _afterTokenTransfer(account, address(0), amount);
    }

    /**
     * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
     *
     * This internal function is equivalent to `approve`, and can be used to
     * e.g. set automatic allowances for certain subsystems, etc.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `owner` cannot be the zero address.
     * - `spender` cannot be the zero address.
     */
    function _approve(address owner, address spender, uint256 amount) internal virtual {
        require(owner != address(0), "ERC20: approve from the zero address");
        require(spender != address(0), "ERC20: approve to the zero address");

        _allowances[owner][spender] = amount;
        emit Approval(owner, spender, amount);
    }

    /**
     * @dev Updates `owner` s allowance for `spender` based on spent `amount`.
     *
     * Does not update the allowance amount in case of infinite allowance.
     * Revert if not enough allowance is available.
     *
     * Might emit an {Approval} event.
     */
    function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
        uint256 currentAllowance = allowance(owner, spender);
        if (currentAllowance != type(uint256).max) {
            require(currentAllowance >= amount, "ERC20: insufficient allowance");
            unchecked {
                _approve(owner, spender, currentAllowance - amount);
            }
        }
    }

    /**
     * @dev Hook that is called before any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * will be transferred to `to`.
     * - when `from` is zero, `amount` tokens will be minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens will be burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}

    /**
     * @dev Hook that is called after any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * has been transferred to `to`.
     * - when `from` is zero, `amount` tokens have been minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens have been burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}
}

File 44 of 159 : ERC20Permit.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (token/ERC20/extensions/ERC20Permit.sol)

pragma solidity ^0.8.0;

import "./IERC20Permit.sol";
import "../ERC20.sol";
import "../../../utils/cryptography/ECDSA.sol";
import "../../../utils/cryptography/EIP712.sol";
import "../../../utils/Counters.sol";

/**
 * @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 *
 * _Available since v3.4._
 */
abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712 {
    using Counters for Counters.Counter;

    mapping(address => Counters.Counter) private _nonces;

    // solhint-disable-next-line var-name-mixedcase
    bytes32 private constant _PERMIT_TYPEHASH =
        keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
    /**
     * @dev In previous versions `_PERMIT_TYPEHASH` was declared as `immutable`.
     * However, to ensure consistency with the upgradeable transpiler, we will continue
     * to reserve a slot.
     * @custom:oz-renamed-from _PERMIT_TYPEHASH
     */
    // solhint-disable-next-line var-name-mixedcase
    bytes32 private _PERMIT_TYPEHASH_DEPRECATED_SLOT;

    /**
     * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
     *
     * It's a good idea to use the same `name` that is defined as the ERC20 token name.
     */
    constructor(string memory name) EIP712(name, "1") {}

    /**
     * @inheritdoc IERC20Permit
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) public virtual override {
        require(block.timestamp <= deadline, "ERC20Permit: expired deadline");

        bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));

        bytes32 hash = _hashTypedDataV4(structHash);

        address signer = ECDSA.recover(hash, v, r, s);
        require(signer == owner, "ERC20Permit: invalid signature");

        _approve(owner, spender, value);
    }

    /**
     * @inheritdoc IERC20Permit
     */
    function nonces(address owner) public view virtual override returns (uint256) {
        return _nonces[owner].current();
    }

    /**
     * @inheritdoc IERC20Permit
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view override returns (bytes32) {
        return _domainSeparatorV4();
    }

    /**
     * @dev "Consume a nonce": return the current value and increment.
     *
     * _Available since v4.1._
     */
    function _useNonce(address owner) internal virtual returns (uint256 current) {
        Counters.Counter storage nonce = _nonces[owner];
        current = nonce.current();
        nonce.increment();
    }
}

File 45 of 159 : IERC20Metadata.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity ^0.8.0;

import "../IERC20.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC20 standard.
 *
 * _Available since v4.1._
 */
interface IERC20Metadata is IERC20 {
    /**
     * @dev Returns the name of the token.
     */
    function name() external view returns (string memory);

    /**
     * @dev Returns the symbol of the token.
     */
    function symbol() external view returns (string memory);

    /**
     * @dev Returns the decimals places of the token.
     */
    function decimals() external view returns (uint8);
}

File 46 of 159 : IERC20Permit.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (token/ERC20/extensions/IERC20Permit.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 *
 * ==== Security Considerations
 *
 * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
 * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
 * considered as an intention to spend the allowance in any specific way. The second is that because permits have
 * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
 * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
 * generally recommended is:
 *
 * ```solidity
 * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
 *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
 *     doThing(..., value);
 * }
 *
 * function doThing(..., uint256 value) public {
 *     token.safeTransferFrom(msg.sender, address(this), value);
 *     ...
 * }
 * ```
 *
 * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
 * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
 * {SafeERC20-safeTransferFrom}).
 *
 * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
 * contracts should have entry points that don't rely on permit.
 */
interface IERC20Permit {
    /**
     * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
     * given ``owner``'s signed approval.
     *
     * IMPORTANT: The same issues {IERC20-approve} has related to transaction
     * ordering also apply here.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `deadline` must be a timestamp in the future.
     * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
     * over the EIP712-formatted function arguments.
     * - the signature must use ``owner``'s current nonce (see {nonces}).
     *
     * For more information on the signature format, see the
     * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
     * section].
     *
     * CAUTION: See Security Considerations above.
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /**
     * @dev Returns the current nonce for `owner`. This value must be
     * included whenever a signature is generated for {permit}.
     *
     * Every successful call to {permit} increases ``owner``'s nonce by one. This
     * prevents a signature from being used multiple times.
     */
    function nonces(address owner) external view returns (uint256);

    /**
     * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view returns (bytes32);
}

File 47 of 159 : IERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the amount of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the amount of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves `amount` tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 amount) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 amount) external returns (bool);

    /**
     * @dev Moves `amount` tokens from `from` to `to` using the
     * allowance mechanism. `amount` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 amount) external returns (bool);
}

File 48 of 159 : SafeERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.0;

import "../IERC20.sol";
import "../extensions/IERC20Permit.sol";
import "../../../utils/Address.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    using Address for address;

    /**
     * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeTransfer(IERC20 token, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
    }

    /**
     * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
     * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
     */
    function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
    }

    /**
     * @dev Deprecated. This function has issues similar to the ones found in
     * {IERC20-approve}, and its usage is discouraged.
     *
     * Whenever possible, use {safeIncreaseAllowance} and
     * {safeDecreaseAllowance} instead.
     */
    function safeApprove(IERC20 token, address spender, uint256 value) internal {
        // safeApprove should only be called when setting an initial allowance,
        // or when resetting it to zero. To increase and decrease it, use
        // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
        require(
            (value == 0) || (token.allowance(address(this), spender) == 0),
            "SafeERC20: approve from non-zero to non-zero allowance"
        );
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
    }

    /**
     * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
        uint256 oldAllowance = token.allowance(address(this), spender);
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
    }

    /**
     * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
        unchecked {
            uint256 oldAllowance = token.allowance(address(this), spender);
            require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
            _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
        }
    }

    /**
     * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
     * to be set to zero before setting it to a non-zero value, such as USDT.
     */
    function forceApprove(IERC20 token, address spender, uint256 value) internal {
        bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);

        if (!_callOptionalReturnBool(token, approvalCall)) {
            _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
            _callOptionalReturn(token, approvalCall);
        }
    }

    /**
     * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
     * Revert on invalid signature.
     */
    function safePermit(
        IERC20Permit token,
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        uint256 nonceBefore = token.nonces(owner);
        token.permit(owner, spender, value, deadline, v, r, s);
        uint256 nonceAfter = token.nonces(owner);
        require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
        // the target address contains contract code and also asserts for success in the low-level call.

        bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
        require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
     */
    function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
        // and not revert is the subcall reverts.

        (bool success, bytes memory returndata) = address(token).call(data);
        return
            success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));
    }
}

File 49 of 159 : Address.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     *
     * Furthermore, `isContract` will also return true if the target contract within
     * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
     * which only has an effect at the end of a transaction.
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionDelegateCall(target, data, "Address: low-level delegate call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
     *
     * _Available since v4.8._
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        if (success) {
            if (returndata.length == 0) {
                // only check isContract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                require(isContract(target), "Address: call to non-contract");
            }
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason or using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    function _revert(bytes memory returndata, string memory errorMessage) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert(errorMessage);
        }
    }
}

File 50 of 159 : Context.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)

pragma solidity ^0.8.0;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

File 51 of 159 : Counters.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Counters.sol)

pragma solidity ^0.8.0;

/**
 * @title Counters
 * @author Matt Condon (@shrugs)
 * @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
 * of elements in a mapping, issuing ERC721 ids, or counting request ids.
 *
 * Include with `using Counters for Counters.Counter;`
 */
library Counters {
    struct Counter {
        // This variable should never be directly accessed by users of the library: interactions must be restricted to
        // the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
        // this feature: see https://github.com/ethereum/solidity/issues/4637
        uint256 _value; // default: 0
    }

    function current(Counter storage counter) internal view returns (uint256) {
        return counter._value;
    }

    function increment(Counter storage counter) internal {
        unchecked {
            counter._value += 1;
        }
    }

    function decrement(Counter storage counter) internal {
        uint256 value = counter._value;
        require(value > 0, "Counter: decrement overflow");
        unchecked {
            counter._value = value - 1;
        }
    }

    function reset(Counter storage counter) internal {
        counter._value = 0;
    }
}

File 52 of 159 : ECDSA.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.0;

import "../Strings.sol";

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS,
        InvalidSignatureV // Deprecated in v4.8
    }

    function _throwError(RecoverError error) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert("ECDSA: invalid signature");
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert("ECDSA: invalid signature length");
        } else if (error == RecoverError.InvalidSignatureS) {
            revert("ECDSA: invalid signature 's' value");
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature` or error string. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength);
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, signature);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
        bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
        uint8 v = uint8((uint256(vs) >> 255) + 27);
        return tryRecover(hash, v, r, s);
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     *
     * _Available since v4.2._
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, r, vs);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature);
        }

        return (signer, RecoverError.NoError);
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, v, r, s);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Returns an Ethereum Signed Message, created from a `hash`. This
     * produces hash corresponding to the one signed with the
     * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
     * JSON-RPC method as part of EIP-191.
     *
     * See {recover}.
     */
    function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
        // 32 is the length in bytes of hash,
        // enforced by the type signature above
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x00, "\x19Ethereum Signed Message:\n32")
            mstore(0x1c, hash)
            message := keccak256(0x00, 0x3c)
        }
    }

    /**
     * @dev Returns an Ethereum Signed Message, created from `s`. This
     * produces hash corresponding to the one signed with the
     * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
     * JSON-RPC method as part of EIP-191.
     *
     * See {recover}.
     */
    function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s));
    }

    /**
     * @dev Returns an Ethereum Signed Typed Data, created from a
     * `domainSeparator` and a `structHash`. This produces hash corresponding
     * to the one signed with the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
     * JSON-RPC method as part of EIP-712.
     *
     * See {recover}.
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
        /// @solidity memory-safe-assembly
        assembly {
            let ptr := mload(0x40)
            mstore(ptr, "\x19\x01")
            mstore(add(ptr, 0x02), domainSeparator)
            mstore(add(ptr, 0x22), structHash)
            data := keccak256(ptr, 0x42)
        }
    }

    /**
     * @dev Returns an Ethereum Signed Data with intended validator, created from a
     * `validator` and `data` according to the version 0 of EIP-191.
     *
     * See {recover}.
     */
    function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19\x00", validator, data));
    }
}

File 53 of 159 : EIP712.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)

pragma solidity ^0.8.8;

import "./ECDSA.sol";
import "../ShortStrings.sol";
import "../../interfaces/IERC5267.sol";

/**
 * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
 *
 * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
 * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
 * they need in their contracts using a combination of `abi.encode` and `keccak256`.
 *
 * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
 * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
 * ({_hashTypedDataV4}).
 *
 * The implementation of the domain separator was designed to be as efficient as possible while still properly updating
 * the chain id to protect against replay attacks on an eventual fork of the chain.
 *
 * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
 * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
 *
 * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
 * separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
 * separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
 *
 * _Available since v3.4._
 *
 * @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
 */
abstract contract EIP712 is IERC5267 {
    using ShortStrings for *;

    bytes32 private constant _TYPE_HASH =
        keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");

    // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
    // invalidate the cached domain separator if the chain id changes.
    bytes32 private immutable _cachedDomainSeparator;
    uint256 private immutable _cachedChainId;
    address private immutable _cachedThis;

    bytes32 private immutable _hashedName;
    bytes32 private immutable _hashedVersion;

    ShortString private immutable _name;
    ShortString private immutable _version;
    string private _nameFallback;
    string private _versionFallback;

    /**
     * @dev Initializes the domain separator and parameter caches.
     *
     * The meaning of `name` and `version` is specified in
     * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
     *
     * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
     * - `version`: the current major version of the signing domain.
     *
     * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
     * contract upgrade].
     */
    constructor(string memory name, string memory version) {
        _name = name.toShortStringWithFallback(_nameFallback);
        _version = version.toShortStringWithFallback(_versionFallback);
        _hashedName = keccak256(bytes(name));
        _hashedVersion = keccak256(bytes(version));

        _cachedChainId = block.chainid;
        _cachedDomainSeparator = _buildDomainSeparator();
        _cachedThis = address(this);
    }

    /**
     * @dev Returns the domain separator for the current chain.
     */
    function _domainSeparatorV4() internal view returns (bytes32) {
        if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
            return _cachedDomainSeparator;
        } else {
            return _buildDomainSeparator();
        }
    }

    function _buildDomainSeparator() private view returns (bytes32) {
        return keccak256(abi.encode(_TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
    }

    /**
     * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
     * function returns the hash of the fully encoded EIP712 message for this domain.
     *
     * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
     *
     * ```solidity
     * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
     *     keccak256("Mail(address to,string contents)"),
     *     mailTo,
     *     keccak256(bytes(mailContents))
     * )));
     * address signer = ECDSA.recover(digest, signature);
     * ```
     */
    function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
        return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
    }

    /**
     * @dev See {EIP-5267}.
     *
     * _Available since v4.9._
     */
    function eip712Domain()
        public
        view
        virtual
        override
        returns (
            bytes1 fields,
            string memory name,
            string memory version,
            uint256 chainId,
            address verifyingContract,
            bytes32 salt,
            uint256[] memory extensions
        )
    {
        return (
            hex"0f", // 01111
            _name.toStringWithFallback(_nameFallback),
            _version.toStringWithFallback(_versionFallback),
            block.chainid,
            address(this),
            bytes32(0),
            new uint256[](0)
        );
    }
}

File 54 of 159 : IERC165.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
    /**
     * @dev Returns true if this contract implements the interface defined by
     * `interfaceId`. See the corresponding
     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
     * to learn more about how these ids are created.
     *
     * This function call must use less than 30 000 gas.
     */
    function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

File 55 of 159 : Math.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    enum Rounding {
        Down, // Toward negative infinity
        Up, // Toward infinity
        Zero // Toward zero
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds up instead
     * of rounding down.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
     * with further edits by Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod0 := mul(x, y)
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            require(denominator > prod1, "Math: mulDiv overflow");

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
            // See https://cs.stackexchange.com/q/138556/92363.

            // Does not overflow because the denominator cannot be zero at this stage in the function.
            uint256 twos = denominator & (~denominator + 1);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
            // in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2, rounded down, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10, rounded down, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256, rounded down, of a positive value.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
        }
    }
}

File 56 of 159 : SafeCast.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.

pragma solidity ^0.8.0;

/**
 * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
 * checks.
 *
 * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
 * easily result in undesired exploitation or bugs, since developers usually
 * assume that overflows raise errors. `SafeCast` restores this intuition by
 * reverting the transaction when such an operation overflows.
 *
 * Using this library instead of the unchecked operations eliminates an entire
 * class of bugs, so it's recommended to use it always.
 *
 * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing
 * all math on `uint256` and `int256` and then downcasting.
 */
library SafeCast {
    /**
     * @dev Returns the downcasted uint248 from uint256, reverting on
     * overflow (when the input is greater than largest uint248).
     *
     * Counterpart to Solidity's `uint248` operator.
     *
     * Requirements:
     *
     * - input must fit into 248 bits
     *
     * _Available since v4.7._
     */
    function toUint248(uint256 value) internal pure returns (uint248) {
        require(value <= type(uint248).max, "SafeCast: value doesn't fit in 248 bits");
        return uint248(value);
    }

    /**
     * @dev Returns the downcasted uint240 from uint256, reverting on
     * overflow (when the input is greater than largest uint240).
     *
     * Counterpart to Solidity's `uint240` operator.
     *
     * Requirements:
     *
     * - input must fit into 240 bits
     *
     * _Available since v4.7._
     */
    function toUint240(uint256 value) internal pure returns (uint240) {
        require(value <= type(uint240).max, "SafeCast: value doesn't fit in 240 bits");
        return uint240(value);
    }

    /**
     * @dev Returns the downcasted uint232 from uint256, reverting on
     * overflow (when the input is greater than largest uint232).
     *
     * Counterpart to Solidity's `uint232` operator.
     *
     * Requirements:
     *
     * - input must fit into 232 bits
     *
     * _Available since v4.7._
     */
    function toUint232(uint256 value) internal pure returns (uint232) {
        require(value <= type(uint232).max, "SafeCast: value doesn't fit in 232 bits");
        return uint232(value);
    }

    /**
     * @dev Returns the downcasted uint224 from uint256, reverting on
     * overflow (when the input is greater than largest uint224).
     *
     * Counterpart to Solidity's `uint224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     *
     * _Available since v4.2._
     */
    function toUint224(uint256 value) internal pure returns (uint224) {
        require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits");
        return uint224(value);
    }

    /**
     * @dev Returns the downcasted uint216 from uint256, reverting on
     * overflow (when the input is greater than largest uint216).
     *
     * Counterpart to Solidity's `uint216` operator.
     *
     * Requirements:
     *
     * - input must fit into 216 bits
     *
     * _Available since v4.7._
     */
    function toUint216(uint256 value) internal pure returns (uint216) {
        require(value <= type(uint216).max, "SafeCast: value doesn't fit in 216 bits");
        return uint216(value);
    }

    /**
     * @dev Returns the downcasted uint208 from uint256, reverting on
     * overflow (when the input is greater than largest uint208).
     *
     * Counterpart to Solidity's `uint208` operator.
     *
     * Requirements:
     *
     * - input must fit into 208 bits
     *
     * _Available since v4.7._
     */
    function toUint208(uint256 value) internal pure returns (uint208) {
        require(value <= type(uint208).max, "SafeCast: value doesn't fit in 208 bits");
        return uint208(value);
    }

    /**
     * @dev Returns the downcasted uint200 from uint256, reverting on
     * overflow (when the input is greater than largest uint200).
     *
     * Counterpart to Solidity's `uint200` operator.
     *
     * Requirements:
     *
     * - input must fit into 200 bits
     *
     * _Available since v4.7._
     */
    function toUint200(uint256 value) internal pure returns (uint200) {
        require(value <= type(uint200).max, "SafeCast: value doesn't fit in 200 bits");
        return uint200(value);
    }

    /**
     * @dev Returns the downcasted uint192 from uint256, reverting on
     * overflow (when the input is greater than largest uint192).
     *
     * Counterpart to Solidity's `uint192` operator.
     *
     * Requirements:
     *
     * - input must fit into 192 bits
     *
     * _Available since v4.7._
     */
    function toUint192(uint256 value) internal pure returns (uint192) {
        require(value <= type(uint192).max, "SafeCast: value doesn't fit in 192 bits");
        return uint192(value);
    }

    /**
     * @dev Returns the downcasted uint184 from uint256, reverting on
     * overflow (when the input is greater than largest uint184).
     *
     * Counterpart to Solidity's `uint184` operator.
     *
     * Requirements:
     *
     * - input must fit into 184 bits
     *
     * _Available since v4.7._
     */
    function toUint184(uint256 value) internal pure returns (uint184) {
        require(value <= type(uint184).max, "SafeCast: value doesn't fit in 184 bits");
        return uint184(value);
    }

    /**
     * @dev Returns the downcasted uint176 from uint256, reverting on
     * overflow (when the input is greater than largest uint176).
     *
     * Counterpart to Solidity's `uint176` operator.
     *
     * Requirements:
     *
     * - input must fit into 176 bits
     *
     * _Available since v4.7._
     */
    function toUint176(uint256 value) internal pure returns (uint176) {
        require(value <= type(uint176).max, "SafeCast: value doesn't fit in 176 bits");
        return uint176(value);
    }

    /**
     * @dev Returns the downcasted uint168 from uint256, reverting on
     * overflow (when the input is greater than largest uint168).
     *
     * Counterpart to Solidity's `uint168` operator.
     *
     * Requirements:
     *
     * - input must fit into 168 bits
     *
     * _Available since v4.7._
     */
    function toUint168(uint256 value) internal pure returns (uint168) {
        require(value <= type(uint168).max, "SafeCast: value doesn't fit in 168 bits");
        return uint168(value);
    }

    /**
     * @dev Returns the downcasted uint160 from uint256, reverting on
     * overflow (when the input is greater than largest uint160).
     *
     * Counterpart to Solidity's `uint160` operator.
     *
     * Requirements:
     *
     * - input must fit into 160 bits
     *
     * _Available since v4.7._
     */
    function toUint160(uint256 value) internal pure returns (uint160) {
        require(value <= type(uint160).max, "SafeCast: value doesn't fit in 160 bits");
        return uint160(value);
    }

    /**
     * @dev Returns the downcasted uint152 from uint256, reverting on
     * overflow (when the input is greater than largest uint152).
     *
     * Counterpart to Solidity's `uint152` operator.
     *
     * Requirements:
     *
     * - input must fit into 152 bits
     *
     * _Available since v4.7._
     */
    function toUint152(uint256 value) internal pure returns (uint152) {
        require(value <= type(uint152).max, "SafeCast: value doesn't fit in 152 bits");
        return uint152(value);
    }

    /**
     * @dev Returns the downcasted uint144 from uint256, reverting on
     * overflow (when the input is greater than largest uint144).
     *
     * Counterpart to Solidity's `uint144` operator.
     *
     * Requirements:
     *
     * - input must fit into 144 bits
     *
     * _Available since v4.7._
     */
    function toUint144(uint256 value) internal pure returns (uint144) {
        require(value <= type(uint144).max, "SafeCast: value doesn't fit in 144 bits");
        return uint144(value);
    }

    /**
     * @dev Returns the downcasted uint136 from uint256, reverting on
     * overflow (when the input is greater than largest uint136).
     *
     * Counterpart to Solidity's `uint136` operator.
     *
     * Requirements:
     *
     * - input must fit into 136 bits
     *
     * _Available since v4.7._
     */
    function toUint136(uint256 value) internal pure returns (uint136) {
        require(value <= type(uint136).max, "SafeCast: value doesn't fit in 136 bits");
        return uint136(value);
    }

    /**
     * @dev Returns the downcasted uint128 from uint256, reverting on
     * overflow (when the input is greater than largest uint128).
     *
     * Counterpart to Solidity's `uint128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     *
     * _Available since v2.5._
     */
    function toUint128(uint256 value) internal pure returns (uint128) {
        require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits");
        return uint128(value);
    }

    /**
     * @dev Returns the downcasted uint120 from uint256, reverting on
     * overflow (when the input is greater than largest uint120).
     *
     * Counterpart to Solidity's `uint120` operator.
     *
     * Requirements:
     *
     * - input must fit into 120 bits
     *
     * _Available since v4.7._
     */
    function toUint120(uint256 value) internal pure returns (uint120) {
        require(value <= type(uint120).max, "SafeCast: value doesn't fit in 120 bits");
        return uint120(value);
    }

    /**
     * @dev Returns the downcasted uint112 from uint256, reverting on
     * overflow (when the input is greater than largest uint112).
     *
     * Counterpart to Solidity's `uint112` operator.
     *
     * Requirements:
     *
     * - input must fit into 112 bits
     *
     * _Available since v4.7._
     */
    function toUint112(uint256 value) internal pure returns (uint112) {
        require(value <= type(uint112).max, "SafeCast: value doesn't fit in 112 bits");
        return uint112(value);
    }

    /**
     * @dev Returns the downcasted uint104 from uint256, reverting on
     * overflow (when the input is greater than largest uint104).
     *
     * Counterpart to Solidity's `uint104` operator.
     *
     * Requirements:
     *
     * - input must fit into 104 bits
     *
     * _Available since v4.7._
     */
    function toUint104(uint256 value) internal pure returns (uint104) {
        require(value <= type(uint104).max, "SafeCast: value doesn't fit in 104 bits");
        return uint104(value);
    }

    /**
     * @dev Returns the downcasted uint96 from uint256, reverting on
     * overflow (when the input is greater than largest uint96).
     *
     * Counterpart to Solidity's `uint96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     *
     * _Available since v4.2._
     */
    function toUint96(uint256 value) internal pure returns (uint96) {
        require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits");
        return uint96(value);
    }

    /**
     * @dev Returns the downcasted uint88 from uint256, reverting on
     * overflow (when the input is greater than largest uint88).
     *
     * Counterpart to Solidity's `uint88` operator.
     *
     * Requirements:
     *
     * - input must fit into 88 bits
     *
     * _Available since v4.7._
     */
    function toUint88(uint256 value) internal pure returns (uint88) {
        require(value <= type(uint88).max, "SafeCast: value doesn't fit in 88 bits");
        return uint88(value);
    }

    /**
     * @dev Returns the downcasted uint80 from uint256, reverting on
     * overflow (when the input is greater than largest uint80).
     *
     * Counterpart to Solidity's `uint80` operator.
     *
     * Requirements:
     *
     * - input must fit into 80 bits
     *
     * _Available since v4.7._
     */
    function toUint80(uint256 value) internal pure returns (uint80) {
        require(value <= type(uint80).max, "SafeCast: value doesn't fit in 80 bits");
        return uint80(value);
    }

    /**
     * @dev Returns the downcasted uint72 from uint256, reverting on
     * overflow (when the input is greater than largest uint72).
     *
     * Counterpart to Solidity's `uint72` operator.
     *
     * Requirements:
     *
     * - input must fit into 72 bits
     *
     * _Available since v4.7._
     */
    function toUint72(uint256 value) internal pure returns (uint72) {
        require(value <= type(uint72).max, "SafeCast: value doesn't fit in 72 bits");
        return uint72(value);
    }

    /**
     * @dev Returns the downcasted uint64 from uint256, reverting on
     * overflow (when the input is greater than largest uint64).
     *
     * Counterpart to Solidity's `uint64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     *
     * _Available since v2.5._
     */
    function toUint64(uint256 value) internal pure returns (uint64) {
        require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits");
        return uint64(value);
    }

    /**
     * @dev Returns the downcasted uint56 from uint256, reverting on
     * overflow (when the input is greater than largest uint56).
     *
     * Counterpart to Solidity's `uint56` operator.
     *
     * Requirements:
     *
     * - input must fit into 56 bits
     *
     * _Available since v4.7._
     */
    function toUint56(uint256 value) internal pure returns (uint56) {
        require(value <= type(uint56).max, "SafeCast: value doesn't fit in 56 bits");
        return uint56(value);
    }

    /**
     * @dev Returns the downcasted uint48 from uint256, reverting on
     * overflow (when the input is greater than largest uint48).
     *
     * Counterpart to Solidity's `uint48` operator.
     *
     * Requirements:
     *
     * - input must fit into 48 bits
     *
     * _Available since v4.7._
     */
    function toUint48(uint256 value) internal pure returns (uint48) {
        require(value <= type(uint48).max, "SafeCast: value doesn't fit in 48 bits");
        return uint48(value);
    }

    /**
     * @dev Returns the downcasted uint40 from uint256, reverting on
     * overflow (when the input is greater than largest uint40).
     *
     * Counterpart to Solidity's `uint40` operator.
     *
     * Requirements:
     *
     * - input must fit into 40 bits
     *
     * _Available since v4.7._
     */
    function toUint40(uint256 value) internal pure returns (uint40) {
        require(value <= type(uint40).max, "SafeCast: value doesn't fit in 40 bits");
        return uint40(value);
    }

    /**
     * @dev Returns the downcasted uint32 from uint256, reverting on
     * overflow (when the input is greater than largest uint32).
     *
     * Counterpart to Solidity's `uint32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     *
     * _Available since v2.5._
     */
    function toUint32(uint256 value) internal pure returns (uint32) {
        require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits");
        return uint32(value);
    }

    /**
     * @dev Returns the downcasted uint24 from uint256, reverting on
     * overflow (when the input is greater than largest uint24).
     *
     * Counterpart to Solidity's `uint24` operator.
     *
     * Requirements:
     *
     * - input must fit into 24 bits
     *
     * _Available since v4.7._
     */
    function toUint24(uint256 value) internal pure returns (uint24) {
        require(value <= type(uint24).max, "SafeCast: value doesn't fit in 24 bits");
        return uint24(value);
    }

    /**
     * @dev Returns the downcasted uint16 from uint256, reverting on
     * overflow (when the input is greater than largest uint16).
     *
     * Counterpart to Solidity's `uint16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     *
     * _Available since v2.5._
     */
    function toUint16(uint256 value) internal pure returns (uint16) {
        require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits");
        return uint16(value);
    }

    /**
     * @dev Returns the downcasted uint8 from uint256, reverting on
     * overflow (when the input is greater than largest uint8).
     *
     * Counterpart to Solidity's `uint8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits
     *
     * _Available since v2.5._
     */
    function toUint8(uint256 value) internal pure returns (uint8) {
        require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits");
        return uint8(value);
    }

    /**
     * @dev Converts a signed int256 into an unsigned uint256.
     *
     * Requirements:
     *
     * - input must be greater than or equal to 0.
     *
     * _Available since v3.0._
     */
    function toUint256(int256 value) internal pure returns (uint256) {
        require(value >= 0, "SafeCast: value must be positive");
        return uint256(value);
    }

    /**
     * @dev Returns the downcasted int248 from int256, reverting on
     * overflow (when the input is less than smallest int248 or
     * greater than largest int248).
     *
     * Counterpart to Solidity's `int248` operator.
     *
     * Requirements:
     *
     * - input must fit into 248 bits
     *
     * _Available since v4.7._
     */
    function toInt248(int256 value) internal pure returns (int248 downcasted) {
        downcasted = int248(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 248 bits");
    }

    /**
     * @dev Returns the downcasted int240 from int256, reverting on
     * overflow (when the input is less than smallest int240 or
     * greater than largest int240).
     *
     * Counterpart to Solidity's `int240` operator.
     *
     * Requirements:
     *
     * - input must fit into 240 bits
     *
     * _Available since v4.7._
     */
    function toInt240(int256 value) internal pure returns (int240 downcasted) {
        downcasted = int240(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 240 bits");
    }

    /**
     * @dev Returns the downcasted int232 from int256, reverting on
     * overflow (when the input is less than smallest int232 or
     * greater than largest int232).
     *
     * Counterpart to Solidity's `int232` operator.
     *
     * Requirements:
     *
     * - input must fit into 232 bits
     *
     * _Available since v4.7._
     */
    function toInt232(int256 value) internal pure returns (int232 downcasted) {
        downcasted = int232(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 232 bits");
    }

    /**
     * @dev Returns the downcasted int224 from int256, reverting on
     * overflow (when the input is less than smallest int224 or
     * greater than largest int224).
     *
     * Counterpart to Solidity's `int224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     *
     * _Available since v4.7._
     */
    function toInt224(int256 value) internal pure returns (int224 downcasted) {
        downcasted = int224(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 224 bits");
    }

    /**
     * @dev Returns the downcasted int216 from int256, reverting on
     * overflow (when the input is less than smallest int216 or
     * greater than largest int216).
     *
     * Counterpart to Solidity's `int216` operator.
     *
     * Requirements:
     *
     * - input must fit into 216 bits
     *
     * _Available since v4.7._
     */
    function toInt216(int256 value) internal pure returns (int216 downcasted) {
        downcasted = int216(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 216 bits");
    }

    /**
     * @dev Returns the downcasted int208 from int256, reverting on
     * overflow (when the input is less than smallest int208 or
     * greater than largest int208).
     *
     * Counterpart to Solidity's `int208` operator.
     *
     * Requirements:
     *
     * - input must fit into 208 bits
     *
     * _Available since v4.7._
     */
    function toInt208(int256 value) internal pure returns (int208 downcasted) {
        downcasted = int208(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 208 bits");
    }

    /**
     * @dev Returns the downcasted int200 from int256, reverting on
     * overflow (when the input is less than smallest int200 or
     * greater than largest int200).
     *
     * Counterpart to Solidity's `int200` operator.
     *
     * Requirements:
     *
     * - input must fit into 200 bits
     *
     * _Available since v4.7._
     */
    function toInt200(int256 value) internal pure returns (int200 downcasted) {
        downcasted = int200(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 200 bits");
    }

    /**
     * @dev Returns the downcasted int192 from int256, reverting on
     * overflow (when the input is less than smallest int192 or
     * greater than largest int192).
     *
     * Counterpart to Solidity's `int192` operator.
     *
     * Requirements:
     *
     * - input must fit into 192 bits
     *
     * _Available since v4.7._
     */
    function toInt192(int256 value) internal pure returns (int192 downcasted) {
        downcasted = int192(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 192 bits");
    }

    /**
     * @dev Returns the downcasted int184 from int256, reverting on
     * overflow (when the input is less than smallest int184 or
     * greater than largest int184).
     *
     * Counterpart to Solidity's `int184` operator.
     *
     * Requirements:
     *
     * - input must fit into 184 bits
     *
     * _Available since v4.7._
     */
    function toInt184(int256 value) internal pure returns (int184 downcasted) {
        downcasted = int184(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 184 bits");
    }

    /**
     * @dev Returns the downcasted int176 from int256, reverting on
     * overflow (when the input is less than smallest int176 or
     * greater than largest int176).
     *
     * Counterpart to Solidity's `int176` operator.
     *
     * Requirements:
     *
     * - input must fit into 176 bits
     *
     * _Available since v4.7._
     */
    function toInt176(int256 value) internal pure returns (int176 downcasted) {
        downcasted = int176(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 176 bits");
    }

    /**
     * @dev Returns the downcasted int168 from int256, reverting on
     * overflow (when the input is less than smallest int168 or
     * greater than largest int168).
     *
     * Counterpart to Solidity's `int168` operator.
     *
     * Requirements:
     *
     * - input must fit into 168 bits
     *
     * _Available since v4.7._
     */
    function toInt168(int256 value) internal pure returns (int168 downcasted) {
        downcasted = int168(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 168 bits");
    }

    /**
     * @dev Returns the downcasted int160 from int256, reverting on
     * overflow (when the input is less than smallest int160 or
     * greater than largest int160).
     *
     * Counterpart to Solidity's `int160` operator.
     *
     * Requirements:
     *
     * - input must fit into 160 bits
     *
     * _Available since v4.7._
     */
    function toInt160(int256 value) internal pure returns (int160 downcasted) {
        downcasted = int160(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 160 bits");
    }

    /**
     * @dev Returns the downcasted int152 from int256, reverting on
     * overflow (when the input is less than smallest int152 or
     * greater than largest int152).
     *
     * Counterpart to Solidity's `int152` operator.
     *
     * Requirements:
     *
     * - input must fit into 152 bits
     *
     * _Available since v4.7._
     */
    function toInt152(int256 value) internal pure returns (int152 downcasted) {
        downcasted = int152(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 152 bits");
    }

    /**
     * @dev Returns the downcasted int144 from int256, reverting on
     * overflow (when the input is less than smallest int144 or
     * greater than largest int144).
     *
     * Counterpart to Solidity's `int144` operator.
     *
     * Requirements:
     *
     * - input must fit into 144 bits
     *
     * _Available since v4.7._
     */
    function toInt144(int256 value) internal pure returns (int144 downcasted) {
        downcasted = int144(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 144 bits");
    }

    /**
     * @dev Returns the downcasted int136 from int256, reverting on
     * overflow (when the input is less than smallest int136 or
     * greater than largest int136).
     *
     * Counterpart to Solidity's `int136` operator.
     *
     * Requirements:
     *
     * - input must fit into 136 bits
     *
     * _Available since v4.7._
     */
    function toInt136(int256 value) internal pure returns (int136 downcasted) {
        downcasted = int136(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 136 bits");
    }

    /**
     * @dev Returns the downcasted int128 from int256, reverting on
     * overflow (when the input is less than smallest int128 or
     * greater than largest int128).
     *
     * Counterpart to Solidity's `int128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     *
     * _Available since v3.1._
     */
    function toInt128(int256 value) internal pure returns (int128 downcasted) {
        downcasted = int128(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 128 bits");
    }

    /**
     * @dev Returns the downcasted int120 from int256, reverting on
     * overflow (when the input is less than smallest int120 or
     * greater than largest int120).
     *
     * Counterpart to Solidity's `int120` operator.
     *
     * Requirements:
     *
     * - input must fit into 120 bits
     *
     * _Available since v4.7._
     */
    function toInt120(int256 value) internal pure returns (int120 downcasted) {
        downcasted = int120(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 120 bits");
    }

    /**
     * @dev Returns the downcasted int112 from int256, reverting on
     * overflow (when the input is less than smallest int112 or
     * greater than largest int112).
     *
     * Counterpart to Solidity's `int112` operator.
     *
     * Requirements:
     *
     * - input must fit into 112 bits
     *
     * _Available since v4.7._
     */
    function toInt112(int256 value) internal pure returns (int112 downcasted) {
        downcasted = int112(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 112 bits");
    }

    /**
     * @dev Returns the downcasted int104 from int256, reverting on
     * overflow (when the input is less than smallest int104 or
     * greater than largest int104).
     *
     * Counterpart to Solidity's `int104` operator.
     *
     * Requirements:
     *
     * - input must fit into 104 bits
     *
     * _Available since v4.7._
     */
    function toInt104(int256 value) internal pure returns (int104 downcasted) {
        downcasted = int104(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 104 bits");
    }

    /**
     * @dev Returns the downcasted int96 from int256, reverting on
     * overflow (when the input is less than smallest int96 or
     * greater than largest int96).
     *
     * Counterpart to Solidity's `int96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     *
     * _Available since v4.7._
     */
    function toInt96(int256 value) internal pure returns (int96 downcasted) {
        downcasted = int96(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 96 bits");
    }

    /**
     * @dev Returns the downcasted int88 from int256, reverting on
     * overflow (when the input is less than smallest int88 or
     * greater than largest int88).
     *
     * Counterpart to Solidity's `int88` operator.
     *
     * Requirements:
     *
     * - input must fit into 88 bits
     *
     * _Available since v4.7._
     */
    function toInt88(int256 value) internal pure returns (int88 downcasted) {
        downcasted = int88(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 88 bits");
    }

    /**
     * @dev Returns the downcasted int80 from int256, reverting on
     * overflow (when the input is less than smallest int80 or
     * greater than largest int80).
     *
     * Counterpart to Solidity's `int80` operator.
     *
     * Requirements:
     *
     * - input must fit into 80 bits
     *
     * _Available since v4.7._
     */
    function toInt80(int256 value) internal pure returns (int80 downcasted) {
        downcasted = int80(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 80 bits");
    }

    /**
     * @dev Returns the downcasted int72 from int256, reverting on
     * overflow (when the input is less than smallest int72 or
     * greater than largest int72).
     *
     * Counterpart to Solidity's `int72` operator.
     *
     * Requirements:
     *
     * - input must fit into 72 bits
     *
     * _Available since v4.7._
     */
    function toInt72(int256 value) internal pure returns (int72 downcasted) {
        downcasted = int72(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 72 bits");
    }

    /**
     * @dev Returns the downcasted int64 from int256, reverting on
     * overflow (when the input is less than smallest int64 or
     * greater than largest int64).
     *
     * Counterpart to Solidity's `int64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     *
     * _Available since v3.1._
     */
    function toInt64(int256 value) internal pure returns (int64 downcasted) {
        downcasted = int64(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 64 bits");
    }

    /**
     * @dev Returns the downcasted int56 from int256, reverting on
     * overflow (when the input is less than smallest int56 or
     * greater than largest int56).
     *
     * Counterpart to Solidity's `int56` operator.
     *
     * Requirements:
     *
     * - input must fit into 56 bits
     *
     * _Available since v4.7._
     */
    function toInt56(int256 value) internal pure returns (int56 downcasted) {
        downcasted = int56(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 56 bits");
    }

    /**
     * @dev Returns the downcasted int48 from int256, reverting on
     * overflow (when the input is less than smallest int48 or
     * greater than largest int48).
     *
     * Counterpart to Solidity's `int48` operator.
     *
     * Requirements:
     *
     * - input must fit into 48 bits
     *
     * _Available since v4.7._
     */
    function toInt48(int256 value) internal pure returns (int48 downcasted) {
        downcasted = int48(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 48 bits");
    }

    /**
     * @dev Returns the downcasted int40 from int256, reverting on
     * overflow (when the input is less than smallest int40 or
     * greater than largest int40).
     *
     * Counterpart to Solidity's `int40` operator.
     *
     * Requirements:
     *
     * - input must fit into 40 bits
     *
     * _Available since v4.7._
     */
    function toInt40(int256 value) internal pure returns (int40 downcasted) {
        downcasted = int40(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 40 bits");
    }

    /**
     * @dev Returns the downcasted int32 from int256, reverting on
     * overflow (when the input is less than smallest int32 or
     * greater than largest int32).
     *
     * Counterpart to Solidity's `int32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     *
     * _Available since v3.1._
     */
    function toInt32(int256 value) internal pure returns (int32 downcasted) {
        downcasted = int32(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 32 bits");
    }

    /**
     * @dev Returns the downcasted int24 from int256, reverting on
     * overflow (when the input is less than smallest int24 or
     * greater than largest int24).
     *
     * Counterpart to Solidity's `int24` operator.
     *
     * Requirements:
     *
     * - input must fit into 24 bits
     *
     * _Available since v4.7._
     */
    function toInt24(int256 value) internal pure returns (int24 downcasted) {
        downcasted = int24(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 24 bits");
    }

    /**
     * @dev Returns the downcasted int16 from int256, reverting on
     * overflow (when the input is less than smallest int16 or
     * greater than largest int16).
     *
     * Counterpart to Solidity's `int16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     *
     * _Available since v3.1._
     */
    function toInt16(int256 value) internal pure returns (int16 downcasted) {
        downcasted = int16(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 16 bits");
    }

    /**
     * @dev Returns the downcasted int8 from int256, reverting on
     * overflow (when the input is less than smallest int8 or
     * greater than largest int8).
     *
     * Counterpart to Solidity's `int8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits
     *
     * _Available since v3.1._
     */
    function toInt8(int256 value) internal pure returns (int8 downcasted) {
        downcasted = int8(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 8 bits");
    }

    /**
     * @dev Converts an unsigned uint256 into a signed int256.
     *
     * Requirements:
     *
     * - input must be less than or equal to maxInt256.
     *
     * _Available since v3.0._
     */
    function toInt256(uint256 value) internal pure returns (int256) {
        // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
        require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256");
        return int256(value);
    }
}

File 57 of 159 : SignedMath.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard signed math utilities missing in the Solidity language.
 */
library SignedMath {
    /**
     * @dev Returns the largest of two signed numbers.
     */
    function max(int256 a, int256 b) internal pure returns (int256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two signed numbers.
     */
    function min(int256 a, int256 b) internal pure returns (int256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two signed numbers without overflow.
     * The result is rounded towards zero.
     */
    function average(int256 a, int256 b) internal pure returns (int256) {
        // Formula from the book "Hacker's Delight"
        int256 x = (a & b) + ((a ^ b) >> 1);
        return x + (int256(uint256(x) >> 255) & (a ^ b));
    }

    /**
     * @dev Returns the absolute unsigned value of a signed value.
     */
    function abs(int256 n) internal pure returns (uint256) {
        unchecked {
            // must be unchecked in order to support `n = type(int256).min`
            return uint256(n >= 0 ? n : -n);
        }
    }
}

File 58 of 159 : ShortStrings.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/ShortStrings.sol)

pragma solidity ^0.8.8;

import "./StorageSlot.sol";

// | string  | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   |
// | length  | 0x                                                              BB |
type ShortString is bytes32;

/**
 * @dev This library provides functions to convert short memory strings
 * into a `ShortString` type that can be used as an immutable variable.
 *
 * Strings of arbitrary length can be optimized using this library if
 * they are short enough (up to 31 bytes) by packing them with their
 * length (1 byte) in a single EVM word (32 bytes). Additionally, a
 * fallback mechanism can be used for every other case.
 *
 * Usage example:
 *
 * ```solidity
 * contract Named {
 *     using ShortStrings for *;
 *
 *     ShortString private immutable _name;
 *     string private _nameFallback;
 *
 *     constructor(string memory contractName) {
 *         _name = contractName.toShortStringWithFallback(_nameFallback);
 *     }
 *
 *     function name() external view returns (string memory) {
 *         return _name.toStringWithFallback(_nameFallback);
 *     }
 * }
 * ```
 */
library ShortStrings {
    // Used as an identifier for strings longer than 31 bytes.
    bytes32 private constant _FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;

    error StringTooLong(string str);
    error InvalidShortString();

    /**
     * @dev Encode a string of at most 31 chars into a `ShortString`.
     *
     * This will trigger a `StringTooLong` error is the input string is too long.
     */
    function toShortString(string memory str) internal pure returns (ShortString) {
        bytes memory bstr = bytes(str);
        if (bstr.length > 31) {
            revert StringTooLong(str);
        }
        return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
    }

    /**
     * @dev Decode a `ShortString` back to a "normal" string.
     */
    function toString(ShortString sstr) internal pure returns (string memory) {
        uint256 len = byteLength(sstr);
        // using `new string(len)` would work locally but is not memory safe.
        string memory str = new string(32);
        /// @solidity memory-safe-assembly
        assembly {
            mstore(str, len)
            mstore(add(str, 0x20), sstr)
        }
        return str;
    }

    /**
     * @dev Return the length of a `ShortString`.
     */
    function byteLength(ShortString sstr) internal pure returns (uint256) {
        uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
        if (result > 31) {
            revert InvalidShortString();
        }
        return result;
    }

    /**
     * @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
     */
    function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
        if (bytes(value).length < 32) {
            return toShortString(value);
        } else {
            StorageSlot.getStringSlot(store).value = value;
            return ShortString.wrap(_FALLBACK_SENTINEL);
        }
    }

    /**
     * @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
     */
    function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
        if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
            return toString(value);
        } else {
            return store;
        }
    }

    /**
     * @dev Return the length of a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
     *
     * WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
     * actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
     */
    function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
        if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
            return byteLength(value);
        } else {
            return bytes(store).length;
        }
    }
}

File 59 of 159 : StorageSlot.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.

pragma solidity ^0.8.0;

/**
 * @dev Library for reading and writing primitive types to specific storage slots.
 *
 * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
 * This library helps with reading and writing to such slots without the need for inline assembly.
 *
 * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
 *
 * Example usage to set ERC1967 implementation slot:
 * ```solidity
 * contract ERC1967 {
 *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
 *
 *     function _getImplementation() internal view returns (address) {
 *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
 *     }
 *
 *     function _setImplementation(address newImplementation) internal {
 *         require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
 *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
 *     }
 * }
 * ```
 *
 * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
 * _Available since v4.9 for `string`, `bytes`._
 */
library StorageSlot {
    struct AddressSlot {
        address value;
    }

    struct BooleanSlot {
        bool value;
    }

    struct Bytes32Slot {
        bytes32 value;
    }

    struct Uint256Slot {
        uint256 value;
    }

    struct StringSlot {
        string value;
    }

    struct BytesSlot {
        bytes value;
    }

    /**
     * @dev Returns an `AddressSlot` with member `value` located at `slot`.
     */
    function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `BooleanSlot` with member `value` located at `slot`.
     */
    function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
     */
    function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `Uint256Slot` with member `value` located at `slot`.
     */
    function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `StringSlot` with member `value` located at `slot`.
     */
    function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
     */
    function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := store.slot
        }
    }

    /**
     * @dev Returns an `BytesSlot` with member `value` located at `slot`.
     */
    function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
     */
    function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := store.slot
        }
    }
}

File 60 of 159 : Strings.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)

pragma solidity ^0.8.0;

import "./math/Math.sol";
import "./math/SignedMath.sol";

/**
 * @dev String operations.
 */
library Strings {
    bytes16 private constant _SYMBOLS = "0123456789abcdef";
    uint8 private constant _ADDRESS_LENGTH = 20;

    /**
     * @dev Converts a `uint256` to its ASCII `string` decimal representation.
     */
    function toString(uint256 value) internal pure returns (string memory) {
        unchecked {
            uint256 length = Math.log10(value) + 1;
            string memory buffer = new string(length);
            uint256 ptr;
            /// @solidity memory-safe-assembly
            assembly {
                ptr := add(buffer, add(32, length))
            }
            while (true) {
                ptr--;
                /// @solidity memory-safe-assembly
                assembly {
                    mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
                }
                value /= 10;
                if (value == 0) break;
            }
            return buffer;
        }
    }

    /**
     * @dev Converts a `int256` to its ASCII `string` decimal representation.
     */
    function toString(int256 value) internal pure returns (string memory) {
        return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
     */
    function toHexString(uint256 value) internal pure returns (string memory) {
        unchecked {
            return toHexString(value, Math.log256(value) + 1);
        }
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
     */
    function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
        bytes memory buffer = new bytes(2 * length + 2);
        buffer[0] = "0";
        buffer[1] = "x";
        for (uint256 i = 2 * length + 1; i > 1; --i) {
            buffer[i] = _SYMBOLS[value & 0xf];
            value >>= 4;
        }
        require(value == 0, "Strings: hex length insufficient");
        return string(buffer);
    }

    /**
     * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
     */
    function toHexString(address addr) internal pure returns (string memory) {
        return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
    }

    /**
     * @dev Returns true if the two strings are equal.
     */
    function equal(string memory a, string memory b) internal pure returns (bool) {
        return keccak256(bytes(a)) == keccak256(bytes(b));
    }
}

File 61 of 159 : EnumerableSet.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.

pragma solidity ^0.8.0;

/**
 * @dev Library for managing
 * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
 * types.
 *
 * Sets have the following properties:
 *
 * - Elements are added, removed, and checked for existence in constant time
 * (O(1)).
 * - Elements are enumerated in O(n). No guarantees are made on the ordering.
 *
 * ```solidity
 * contract Example {
 *     // Add the library methods
 *     using EnumerableSet for EnumerableSet.AddressSet;
 *
 *     // Declare a set state variable
 *     EnumerableSet.AddressSet private mySet;
 * }
 * ```
 *
 * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
 * and `uint256` (`UintSet`) are supported.
 *
 * [WARNING]
 * ====
 * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
 * unusable.
 * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
 *
 * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
 * array of EnumerableSet.
 * ====
 */
library EnumerableSet {
    // To implement this library for multiple types with as little code
    // repetition as possible, we write it in terms of a generic Set type with
    // bytes32 values.
    // The Set implementation uses private functions, and user-facing
    // implementations (such as AddressSet) are just wrappers around the
    // underlying Set.
    // This means that we can only create new EnumerableSets for types that fit
    // in bytes32.

    struct Set {
        // Storage of set values
        bytes32[] _values;
        // Position of the value in the `values` array, plus 1 because index 0
        // means a value is not in the set.
        mapping(bytes32 => uint256) _indexes;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function _add(Set storage set, bytes32 value) private returns (bool) {
        if (!_contains(set, value)) {
            set._values.push(value);
            // The value is stored at length-1, but we add 1 to all indexes
            // and use 0 as a sentinel value
            set._indexes[value] = set._values.length;
            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function _remove(Set storage set, bytes32 value) private returns (bool) {
        // We read and store the value's index to prevent multiple reads from the same storage slot
        uint256 valueIndex = set._indexes[value];

        if (valueIndex != 0) {
            // Equivalent to contains(set, value)
            // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
            // the array, and then remove the last element (sometimes called as 'swap and pop').
            // This modifies the order of the array, as noted in {at}.

            uint256 toDeleteIndex = valueIndex - 1;
            uint256 lastIndex = set._values.length - 1;

            if (lastIndex != toDeleteIndex) {
                bytes32 lastValue = set._values[lastIndex];

                // Move the last value to the index where the value to delete is
                set._values[toDeleteIndex] = lastValue;
                // Update the index for the moved value
                set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
            }

            // Delete the slot where the moved value was stored
            set._values.pop();

            // Delete the index for the deleted slot
            delete set._indexes[value];

            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function _contains(Set storage set, bytes32 value) private view returns (bool) {
        return set._indexes[value] != 0;
    }

    /**
     * @dev Returns the number of values on the set. O(1).
     */
    function _length(Set storage set) private view returns (uint256) {
        return set._values.length;
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function _at(Set storage set, uint256 index) private view returns (bytes32) {
        return set._values[index];
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function _values(Set storage set) private view returns (bytes32[] memory) {
        return set._values;
    }

    // Bytes32Set

    struct Bytes32Set {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
        return _add(set._inner, value);
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
        return _remove(set._inner, value);
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
        return _contains(set._inner, value);
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(Bytes32Set storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
        return _at(set._inner, index);
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
        bytes32[] memory store = _values(set._inner);
        bytes32[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }

    // AddressSet

    struct AddressSet {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(AddressSet storage set, address value) internal returns (bool) {
        return _add(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(AddressSet storage set, address value) internal returns (bool) {
        return _remove(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(AddressSet storage set, address value) internal view returns (bool) {
        return _contains(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(AddressSet storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(AddressSet storage set, uint256 index) internal view returns (address) {
        return address(uint160(uint256(_at(set._inner, index))));
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(AddressSet storage set) internal view returns (address[] memory) {
        bytes32[] memory store = _values(set._inner);
        address[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }

    // UintSet

    struct UintSet {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(UintSet storage set, uint256 value) internal returns (bool) {
        return _add(set._inner, bytes32(value));
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(UintSet storage set, uint256 value) internal returns (bool) {
        return _remove(set._inner, bytes32(value));
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(UintSet storage set, uint256 value) internal view returns (bool) {
        return _contains(set._inner, bytes32(value));
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(UintSet storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(UintSet storage set, uint256 index) internal view returns (uint256) {
        return uint256(_at(set._inner, index));
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(UintSet storage set) internal view returns (uint256[] memory) {
        bytes32[] memory store = _values(set._inner);
        uint256[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }
}

File 62 of 159 : FeeLibV1.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";

import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

import { IStargate, StargateType } from "../interfaces/IStargate.sol";
import { IStargateFeeLib, FeeParams } from "../interfaces/IStargateFeeLib.sol";

/// @dev A configuration that defines 3 zones for calculating fees. The zones are separated by upper bounds.
/// @dev Depending on the amount transferred, one of these three different rates is applied.
/// @dev The rate is stored as parts per million and signifies fee, no fee or reward.
/// @dev The amount given to the contract is considered the inflow. The outflow is then calculated; which is
/// @dev how many tokens the sender will receive on the destination chain. If outflow < inflow, then a fee is charged.
/// @dev If outflow == inflow there is no fee. If outflow > inflow, it means there is a reward.
/// @dev This translates to:
/// @dev     rate < FEE_DENOMINATOR -> fee
/// @dev     rate == FEE_DENOMINATOR -> no fee
/// @dev     rate > FEE_DENOMINATOR -> reward
/// @dev A paused flag is included to pause the fee calculation for a destination.
struct FeeConfig {
    bool paused;
    uint64 zone1UpperBound;
    uint64 zone2UpperBound;
    uint24 zone1FeeMillionth; // in millionth (1/1_000_000)
    uint24 zone2FeeMillionth;
    uint24 zone3FeeMillionth;
    uint24 rewardMillionth;
}

/// @title FeeLibV1
/// @notice An implementation of IStargateFeeLib used to calculate fees for Stargate transfers.
contract FeeLibV1 is Ownable, IStargateFeeLib {
    using SafeCast for uint256;

    address public immutable stargate;
    StargateType public immutable stargateType;

    uint256 internal constant FEE_DENOMINATOR = 1_000_000;

    mapping(uint32 eid => FeeConfig config) public feeConfigs;

    error FeeLib_InvalidFeeConfiguration();
    error FeeLib_Paused();
    error FeeLib_Unauthorized();

    event FeeConfigSet(uint32 eid, FeeConfig config);
    event PausedSet(uint32 eid, bool isPaused);

    modifier onlyStargate() {
        if (msg.sender != stargate) revert FeeLib_Unauthorized();
        _;
    }

    constructor(address _stargate) {
        stargate = _stargate;
        stargateType = IStargate(_stargate).stargateType();
    }

    /// @notice Set the new configuration for a destination.
    /// @param _dstEid The destination endpoint ID
    /// @param _zone1UpperBound The upper bound for the first zone
    /// @param _zone2UpperBound The upper bound for the second zone
    /// @param _zone1FeeMillionth The fee for the first zone in millionth
    /// @param _zone2FeeMillionth The fee for the second zone in millionth
    /// @param _zone3FeeMillionth The fee for the third zone in millionth
    /// @param _rewardMillionth The reward in millionth
    function setFeeConfig(
        uint32 _dstEid,
        uint64 _zone1UpperBound,
        uint64 _zone2UpperBound,
        uint24 _zone1FeeMillionth,
        uint24 _zone2FeeMillionth,
        uint24 _zone3FeeMillionth,
        uint24 _rewardMillionth
    ) external onlyOwner {
        if (
            _zone1FeeMillionth > FEE_DENOMINATOR || // fee maxes at 100% (reward could be > %100)
            _zone2FeeMillionth > FEE_DENOMINATOR ||
            _zone3FeeMillionth > FEE_DENOMINATOR ||
            _zone2UpperBound < _zone1UpperBound // zone2UpperBound must be >= than zone1UpperBound
        ) revert FeeLib_InvalidFeeConfiguration();

        /// @dev config.paused persists from the original setting
        FeeConfig storage config = feeConfigs[_dstEid];
        config.zone1UpperBound = _zone1UpperBound;
        config.zone2UpperBound = _zone2UpperBound;
        config.zone1FeeMillionth = _zone1FeeMillionth;
        config.zone2FeeMillionth = _zone2FeeMillionth;
        config.zone3FeeMillionth = _zone3FeeMillionth;
        config.rewardMillionth = _rewardMillionth;

        emit FeeConfigSet(_dstEid, config);
    }

    /// @notice Pause fee calculation for a destination.
    /// @param _dstEid The destination LayerZero endpoint ID
    /// @param _isPaused A flag indicating whether or not the destination is paused.
    function setPaused(uint32 _dstEid, bool _isPaused) external onlyOwner {
        feeConfigs[_dstEid].paused = _isPaused;
        emit PausedSet(_dstEid, _isPaused);
    }

    /// @dev Included to future proof the API to allow for fees to modify state.
    /// @dev In the case of the FeeLibV1 implementation, state is not modified.
    function applyFee(FeeParams calldata _params) public view override onlyStargate returns (uint64 amountOutSD) {
        return applyFeeView(_params);
    }

    /// @notice Apply fee to the request parameters and calculate the expected output amount on the destination chain
    /// @dev Reverts with Paused if the path is paused.
    /// @param _params The transfer information, namely the amount and destination
    /// @return amountOutSD The number of tokens the sender will receive on the destination chain, in shared decimals.
    function applyFeeView(FeeParams calldata _params) public view override returns (uint64 amountOutSD) {
        FeeConfig storage config = feeConfigs[_params.dstEid];
        if (config.paused) revert FeeLib_Paused();

        uint64 amountInSD = _params.amountInSD;
        uint64 deficitSD = _params.deficitSD;
        uint24 rewardMillionth = config.rewardMillionth;
        if (stargateType == StargateType.OFT || deficitSD == 0 || rewardMillionth == 0) {
            // if the stargate is OFT or there is no deficit, apply fee to the whole amount
            amountOutSD = amountInSD - _calculateFee(config, amountInSD);
        } else if (amountInSD <= deficitSD) {
            // if the amount is less than the deficit, apply reward to the whole amount
            amountOutSD = amountInSD + _calculateReward(rewardMillionth, amountInSD);
        } else {
            // if the amount is more than the deficit, apply reward to the deficit and fee to the rest
            amountOutSD =
                amountInSD +
                _calculateReward(rewardMillionth, deficitSD) -
                _calculateFee(config, amountInSD - deficitSD);
        }
    }

    function _calculateFee(FeeConfig storage _config, uint64 _amountSD) internal view returns (uint64 fee) {
        uint256 feeMill = _amountSD <= _config.zone1UpperBound
            ? _config.zone1FeeMillionth
            : _amountSD <= _config.zone2UpperBound
                ? _config.zone2FeeMillionth
                : _config.zone3FeeMillionth;
        // if feeMill is non-zero and _amountSD is non-zero, then levy the fee
        if (feeMill > 0 && _amountSD > 0) {
            // converts intermediate operands to use uint256 containers
            // as after dividing by FEE_DENOMINATOR, the result may fit in a uint64
            //
            // adds one to ensure fee is always rounded up
            fee = SafeCast.toUint64((uint256(_amountSD) * feeMill) / FEE_DENOMINATOR + 1);
        }
    }

    function _calculateReward(uint24 _rewardMillionth, uint64 _amountSD) internal pure returns (uint64 reward) {
        // converts intermediate operands to use uint256 containers
        // as after dividing by FEE_DENOMINATOR, the result may fit in a uint64
        reward = SafeCast.toUint64((uint256(_amountSD) * _rewardMillionth) / FEE_DENOMINATOR);
    }
}

File 63 of 159 : IntentBase.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { SendParam, MessagingFee } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/interfaces/IOFT.sol";

import { IStargate } from "../interfaces/IStargate.sol";
import { IPermit2, ISignatureTransfer } from "../interfaces/permit2/IPermit2.sol";
import { Transfer } from "../libs/Transfer.sol";

abstract contract IntentBase is Transfer {
    string internal constant TOKEN_PERMISSIONS_TYPE = "TokenPermissions(address token,uint256 amount)";
    bytes private constant INTENT_SEND_TYPE =
        abi.encodePacked(
            "IntentSend(",
            "address sender,",
            "uint32 dstEid,",
            "bytes32 to,",
            "uint256 amountLD,",
            "uint256 minAmountLD,",
            "uint256 nonce,",
            "uint256 deadline)"
        );
    bytes32 private constant INTENT_SEND_TYPE_HASH = keccak256(INTENT_SEND_TYPE);
    string private constant INTENT_SEND_PERMIT2_TYPE =
        string(abi.encodePacked("IntentSend witness)", INTENT_SEND_TYPE, TOKEN_PERMISSIONS_TYPE));

    address public immutable stargate;
    address public immutable token;
    IPermit2 public immutable permit2;

    // the witness struct for permit2
    struct IntentSend {
        address sender;
        uint32 dstEid;
        bytes32 to;
        uint256 amountLD;
        uint256 minAmountLD;
        uint256 nonce;
        uint256 deadline;
    }

    event IntentSent(address indexed sender, uint32 indexed dstEid, bytes32 to, uint256 amountLD);

    constructor(address _stargate, address _permit2) {
        stargate = _stargate;
        token = IStargate(_stargate).token();
        permit2 = IPermit2(_permit2);
        _tokenApprove();
    }

    function withdrawFee(address _token, address _to, uint256 _amount) external onlyOwner {
        Transfer.transfer(_token, _to, _amount, false);
    }

    /// @dev get signature w/ the permit2 sdk https://github.com/Uniswap/permit2-sdk/blob/main/src/signatureTransfer.ts
    function send(
        IntentSend calldata _intentSend,
        bytes calldata _oftCmd,
        bytes calldata _signature,
        uint256 _intentFee,
        address _refundAddress
    ) external payable onlyOwner {
        _permitWitnessTransferFrom(_intentSend, _signature);
        _send(_intentSend, _oftCmd, _intentFee, _refundAddress);
        emit IntentSent(_intentSend.sender, _intentSend.dstEid, _intentSend.to, _intentSend.amountLD);
    }

    function _send(
        IntentSend calldata _intentSend,
        bytes calldata _oftCmd,
        uint256 _intentFee,
        address _refundAddress
    ) internal virtual {
        uint256 nativeFee = msg.value;
        uint256 amountIn = _intentSend.amountLD - _intentFee; // after paying intent fee
        uint256 msgValue = _getMsgValue(nativeFee, amountIn);
        IStargate(stargate).send{ value: msgValue }(
            SendParam({
                dstEid: _intentSend.dstEid,
                to: _intentSend.to,
                amountLD: amountIn,
                minAmountLD: _intentSend.minAmountLD,
                extraOptions: "",
                composeMsg: "", // not allowed to compose
                oftCmd: _oftCmd
            }),
            MessagingFee(nativeFee, 0),
            _refundAddress
        );
    }

    function _permitWitnessTransferFrom(IntentSend calldata _intentSend, bytes calldata _signature) internal {
        // check signature and transfer token from sender
        ISignatureTransfer.PermitTransferFrom memory permit = ISignatureTransfer.PermitTransferFrom({
            permitted: ISignatureTransfer.TokenPermissions({ token: _intentSendToken(), amount: _intentSend.amountLD }),
            nonce: _intentSend.nonce,
            deadline: _intentSend.deadline
        });
        ISignatureTransfer.SignatureTransferDetails memory transfer = ISignatureTransfer.SignatureTransferDetails({
            to: address(this),
            requestedAmount: _intentSend.amountLD
        });
        permit2.permitWitnessTransferFrom(
            permit,
            transfer,
            _intentSend.sender,
            _hashIntentSend(_intentSend),
            INTENT_SEND_PERMIT2_TYPE,
            _signature
        );
    }

    function _hashIntentSend(IntentSend calldata _intentSend) internal pure returns (bytes32) {
        return
            keccak256(
                abi.encode(
                    INTENT_SEND_TYPE_HASH,
                    _intentSend.sender,
                    _intentSend.dstEid,
                    _intentSend.to,
                    _intentSend.amountLD,
                    _intentSend.minAmountLD,
                    _intentSend.nonce,
                    _intentSend.deadline
                )
            );
    }

    /// @dev The msgValue is only for the native messaging fee by default
    function _getMsgValue(uint256 _nativeFee, uint256 /*_amountIn*/) internal pure virtual returns (uint256) {
        return _nativeFee;
    }

    /// @dev get the token address for intent send
    function _intentSendToken() internal view virtual returns (address) {
        return token;
    }

    function _tokenApprove() internal virtual {
        Transfer.safeApproveToken(token, address(stargate), type(uint256).max);
    }
}

File 64 of 159 : IntentOFT.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IntentBase } from "./IntentBase.sol";

contract IntentOFT is IntentBase {
    constructor(address _stargate, address _permit2) IntentBase(_stargate, _permit2) {}
}

File 65 of 159 : IntentPool.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { ISignatureTransfer } from "../interfaces/permit2/IPermit2.sol";
import { IStargatePool } from "../interfaces/IStargatePool.sol";
import { Transfer } from "../libs/Transfer.sol";
import { IntentBase } from "./IntentBase.sol";

contract IntentPool is IntentBase {
    bytes private constant INTENT_REDEEM_TYPE =
        abi.encodePacked(
            "IntentRedeem(",
            "address owner,",
            "address receiver,",
            "uint256 amountLD,",
            "uint256 minAmountLD,",
            "uint256 nonce,",
            "uint256 deadline)"
        );
    bytes32 private constant INTENT_REDEEM_TYPE_HASH = keccak256(INTENT_REDEEM_TYPE);
    string private constant INTENT_REDEEM_PERMIT2_TYPE =
        string(abi.encodePacked("IntentRedeem witness)", INTENT_REDEEM_TYPE, TOKEN_PERMISSIONS_TYPE));

    address public immutable lpToken;

    error Intent_RedeemNotFull();
    error Intent_SlippageTooHigh();

    event IntentRedeemed(address indexed owner, address indexed receiver, uint256 amountLD);

    // the witness struct for permit2
    struct IntentRedeem {
        address owner;
        address receiver;
        uint256 amountLD;
        uint256 minAmountLD;
        uint256 nonce;
        uint256 deadline;
    }

    constructor(address _stargate, address _permit2) IntentBase(_stargate, _permit2) {
        lpToken = IStargatePool(_stargate).lpToken();
    }

    function redeem(
        IntentRedeem calldata _intentRedeem,
        bytes calldata _signature,
        uint256 _intentFee
    ) external onlyOwner {
        _permitWitnessTransferFrom(_intentRedeem, _signature);

        uint256 amountLD = IStargatePool(stargate).redeem(_intentRedeem.amountLD, address(this));
        if (amountLD != _intentRedeem.amountLD) revert Intent_RedeemNotFull();

        // pay intent fee
        amountLD -= _intentFee;
        if (amountLD < _intentRedeem.minAmountLD) revert Intent_SlippageTooHigh();

        //        _transfer(token, _intentRedeem.receiver, amountLD);
        Transfer.transferToken(token, _intentRedeem.receiver, amountLD);
        emit IntentRedeemed(_intentRedeem.owner, _intentRedeem.receiver, amountLD);
    }

    function _permitWitnessTransferFrom(IntentRedeem calldata _intentRedeem, bytes calldata _signature) internal {
        // check signature and transfer token from sender
        ISignatureTransfer.PermitTransferFrom memory permit = ISignatureTransfer.PermitTransferFrom({
            permitted: ISignatureTransfer.TokenPermissions({ token: lpToken, amount: _intentRedeem.amountLD }),
            nonce: _intentRedeem.nonce,
            deadline: _intentRedeem.deadline
        });
        ISignatureTransfer.SignatureTransferDetails memory transfer = ISignatureTransfer.SignatureTransferDetails({
            to: address(this),
            requestedAmount: _intentRedeem.amountLD
        });
        permit2.permitWitnessTransferFrom(
            permit,
            transfer,
            _intentRedeem.owner,
            _hashIntentRedeem(_intentRedeem),
            INTENT_REDEEM_PERMIT2_TYPE,
            _signature
        );
    }

    function _hashIntentRedeem(IntentRedeem calldata _intentRedeem) internal pure returns (bytes32) {
        return
            keccak256(
                abi.encode(
                    INTENT_REDEEM_TYPE_HASH,
                    _intentRedeem.owner,
                    _intentRedeem.receiver,
                    _intentRedeem.amountLD,
                    _intentRedeem.minAmountLD,
                    _intentRedeem.nonce,
                    _intentRedeem.deadline
                )
            );
    }
}

File 66 of 159 : IntentPoolNative.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IntentPool } from "./IntentPool.sol";

contract IntentPoolNative is IntentPool {
    IWETH public immutable weth;

    constructor(address _stargate, address _permit2, address _weth) IntentPool(_stargate, _permit2) {
        weth = IWETH(_weth);
    }

    function _send(
        IntentSend calldata _intentSend,
        bytes calldata _oftCmd,
        uint256 _intentFee,
        address _refundAddress
    ) internal override {
        weth.withdraw(_intentSend.amountLD); // unwrap weth before sending
        super._send(_intentSend, _oftCmd, _intentFee, _refundAddress);
    }

    function _getMsgValue(uint256 _nativeFee, uint256 _amountIn) internal pure override returns (uint256) {
        return _nativeFee + _amountIn;
    }

    /// @dev if token is ETH, return WETH
    function _intentSendToken() internal view override returns (address) {
        return address(weth);
    }

    /// @dev do nothing for native coin
    /// Function meant to be overridden
    // solhint-disable-next-line no-empty-blocks
    function _tokenApprove() internal override {}

    /// @dev Receive ETH from unwrapping WETH
    receive() external payable {}
}

interface IWETH {
    function withdraw(uint256 _amount) external;
}

File 67 of 159 : IBridgedUSDCMinter.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

/// @title Interface for Bridge USDC
/// @dev https://github.com/circlefin/stablecoin-evm/blob/master/contracts/v1/FiatTokenV1.sol
interface IBridgedUSDCMinter {
    function mint(address _to, uint256 _amount) external returns (bool);
    function burn(uint256 _amount) external;
}

File 68 of 159 : ICreditMessaging.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { MessagingFee } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/interfaces/IOFT.sol";

/// @notice Stores the information related to a batch of credit transfers.
struct TargetCreditBatch {
    uint16 assetId;
    TargetCredit[] credits;
}

/// @notice Stores the information related to a single credit transfer.
struct TargetCredit {
    uint32 srcEid;
    uint64 amount; // the amount of credits to intended to send
    uint64 minAmount; // the minimum amount of credits to keep on local chain after sending
}

/// @title Credit Messaging API
/// @dev This interface defines the API for quoting and sending credits to other chains.
interface ICreditMessaging {
    /// @notice Sends credits to the destination endpoint.
    /// @param _dstEid The destination LayerZero endpoint ID.
    /// @param _creditBatches The credit batch payloads to send to the destination LayerZero endpoint ID.
    function sendCredits(uint32 _dstEid, TargetCreditBatch[] calldata _creditBatches) external payable;

    /// @notice Quotes the fee for sending credits to the destination endpoint.
    /// @param _dstEid The destination LayerZero endpoint ID.
    /// @param _creditBatches The credit batch payloads to send to the destination LayerZero endpoint ID.
    /// @return fee The fee for sending the credits to the destination endpoint.
    function quoteSendCredits(
        uint32 _dstEid,
        TargetCreditBatch[] calldata _creditBatches
    ) external view returns (MessagingFee memory fee);
}

File 69 of 159 : ICreditMessagingHandler.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { TargetCredit } from "./ICreditMessaging.sol";

struct Credit {
    uint32 srcEid;
    uint64 amount;
}

/// @dev This is an internal interface, defining functions to handle messages/calls from the credit messaging contract.
interface ICreditMessagingHandler {
    function sendCredits(uint32 _dstEid, TargetCredit[] calldata _credits) external returns (Credit[] memory);

    function receiveCredits(uint32 _srcEid, Credit[] calldata _credits) external;
}

File 70 of 159 : IERC20Minter.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

/// @title An interface for minting and burning ERC20s.
/// @dev Implemented by OFT contracts.
interface IERC20Minter {
    /// @notice Mint tokens and transfer them to the given account.
    /// @param _to The account to mint the tokens to
    /// @param _amount How many tokens to mint
    function mint(address _to, uint256 _amount) external;

    /// @notice Burn tokens from a given account.
    /// @param _from The account to burn tokens from
    /// @param _amount How many tokens to burn
    function burnFrom(address _from, uint256 _amount) external;
}

File 71 of 159 : IStargate.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

// Solidity does not support splitting import across multiple lines
// solhint-disable-next-line max-line-length
import { IOFT, SendParam, MessagingFee, MessagingReceipt, OFTReceipt } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/interfaces/IOFT.sol";

/// @notice Stargate implementation type.
enum StargateType {
    Pool,
    OFT
}

/// @notice Ticket data for bus ride.
struct Ticket {
    uint72 ticketId;
    bytes passengerBytes;
}

/// @title Interface for Stargate.
/// @notice Defines an API for sending tokens to destination chains.
interface IStargate is IOFT {
    /// @dev This function is same as `send` in OFT interface but returns the ticket data if in the bus ride mode,
    /// which allows the caller to ride and drive the bus in the same transaction.
    function sendToken(
        SendParam calldata _sendParam,
        MessagingFee calldata _fee,
        address _refundAddress
    ) external payable returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt, Ticket memory ticket);

    /// @notice Returns the Stargate implementation type.
    function stargateType() external pure returns (StargateType);
}

File 72 of 159 : IStargateFeeLib.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

/// @notice Parameters used to assess fees to send tokens to a destination endpoint.
struct FeeParams {
    address sender;
    uint32 dstEid;
    uint64 amountInSD;
    uint64 deficitSD;
    bool toOFT;
    bool isTaxi;
}

/// @title Interface for assessing fees to send tokens to a destination endpoint.
interface IStargateFeeLib {
    /// @notice Apply a fee for a given request, allowing for state modification.
    /// @dev This is included for future proofing potential implementations
    /// @dev where state is modified in the feeLib based on a FeeParams

    function applyFee(FeeParams calldata _params) external returns (uint64 amountOutSD);
    /// @notice Apply a fee for a given request, without modifying state.
    function applyFeeView(FeeParams calldata _params) external view returns (uint64 amountOutSD);
}

File 73 of 159 : IStargatePool.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { IStargate, SendParam, MessagingReceipt, MessagingFee, OFTReceipt } from "./IStargate.sol";

/// @title An interface for Stargate Pools
/// @notice Stargate Pools are a type of IStargate that allows users to pool token liquidity.
interface IStargatePool is IStargate {
    /// @notice Deposit token into the pool
    /// @param _receiver The account to mint the LP tokens to
    /// @param _amountLD The amount of tokens to deposit in LD
    /// @return amountLD The actual amount of tokens deposited in LD
    function deposit(address _receiver, uint256 _amountLD) external payable returns (uint256 amountLD);

    /// @notice Redeem an amount of LP tokens from the senders account, claiming rewards.
    /// @param _amountLD The amount of LP tokens to redeem
    /// @param _receiver The account to transfer the
    function redeem(uint256 _amountLD, address _receiver) external returns (uint256 amountLD);

    /// @notice Get how many LP tokens are redeemable for a given account
    /// @param _owner The address of the account to check
    /// @return amountLD The amount of LP tokens redeemable, in LD
    function redeemable(address _owner) external view returns (uint256 amountLD);

    /// @notice Redeem LP tokens and send the withdrawn tokens to a destination endpoint.
    /// @param _sendParam The SendParam payload describing the redeem and send
    /// @param _fee The MessagingFee to perform redeemSend
    /// @param _refundAddress The address to refund excess LayerZero messaging fees.
    /// @return receipt The MessagingReceipt describing the result of redeemSend
    /// @return oftReceipt The OFTReceipt describing the result of redeemSend
    function redeemSend(
        SendParam calldata _sendParam,
        MessagingFee calldata _fee,
        address _refundAddress
    ) external payable returns (MessagingReceipt memory receipt, OFTReceipt memory oftReceipt);

    /// @notice Quote the messaging fee for a redeemSend operation
    /// @param _sendParam The SendParam payload describing the redeem and send
    /// @param _payInLzToken Whether to pay the fee in LZ token
    /// @return messagingFee The MessagingFee for the redeemSend operation
    function quoteRedeemSend(
        SendParam calldata _sendParam,
        bool _payInLzToken
    ) external view returns (MessagingFee memory messagingFee);

    /// @notice Get the Total Value Locked in the pool.
    /// @return The total value locked
    function tvl() external view returns (uint256);

    /// @notice Get the available balance of the pool
    function poolBalance() external view returns (uint256);

    /// @notice Get the address of the LP token
    /// @return The address of the LP token contract.
    function lpToken() external view returns (address);
}

File 74 of 159 : ITokenMessaging.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { MessagingReceipt, MessagingFee, Ticket } from "./IStargate.sol";

/// @notice Payload for sending a taxi message.
/// @dev A taxi message is sent immediately and is not stored on the bus.
struct TaxiParams {
    address sender;
    uint32 dstEid;
    bytes32 receiver;
    uint64 amountSD;
    bytes composeMsg;
    bytes extraOptions;
}

/// @notice Payload for riding the bus.
/// @dev Riding the bus is a two-step process:
/// @dev - The message is sent to the bus,
/// @dev - The bus is driven to the destination.
struct RideBusParams {
    address sender;
    uint32 dstEid;
    bytes32 receiver;
    uint64 amountSD;
    bool nativeDrop;
}

/// @title Token Messaging API.
/// @notice This interface defines the API for sending a taxi message, riding the bus, and driving the bus, along with
/// corresponding quote functions.
interface ITokenMessaging {
    /// @notice Sends a taxi message
    /// @param _params The taxi message payload
    /// @param _messagingFee The messaging fee for sending a taxi message
    /// @param _refundAddress The address to refund excess LayerZero MessagingFees
    /// @return receipt The MessagingReceipt resulting from sending the taxi
    function taxi(
        TaxiParams calldata _params,
        MessagingFee calldata _messagingFee,
        address _refundAddress
    ) external payable returns (MessagingReceipt memory receipt);

    /// @notice Quotes the messaging fee for sending a taxi message
    /// @param _params The taxi message payload
    /// @param _payInLzToken Whether to pay the fee in LZ token
    /// @return fee The MessagingFee for sending the taxi message
    function quoteTaxi(TaxiParams calldata _params, bool _payInLzToken) external view returns (MessagingFee memory fee);

    /// @notice Sends a message to ride the bus, queuing the passenger in preparation for the drive.
    /// @notice The planner will later driveBus to the destination endpoint.
    /// @param _params The rideBus message payload
    /// @return receipt The MessagingReceipt resulting from sending the rideBus message
    /// @return ticket The Ticket for riding the bus
    function rideBus(
        RideBusParams calldata _params
    ) external returns (MessagingReceipt memory receipt, Ticket memory ticket);

    /// @notice Quotes the messaging fee for riding the bus
    /// @param _dstEid The destination LayerZero endpoint ID.
    /// @param _nativeDrop Whether to pay for a native drop on the destination.
    /// @return fee The MessagingFee for riding the bus
    function quoteRideBus(uint32 _dstEid, bool _nativeDrop) external view returns (MessagingFee memory fee);

    /// @notice Drives the bus to the destination.
    /// @param _dstEid The destination LayerZero endpoint ID.
    /// @param _passengers The passengers to drive to the destination.
    /// @return receipt The MessagingReceipt resulting from driving the bus
    function driveBus(
        uint32 _dstEid,
        bytes calldata _passengers
    ) external payable returns (MessagingReceipt memory receipt);

    /// @notice Quotes the messaging fee for driving the bus to the destination.
    /// @param _dstEid The destination LayerZero endpoint ID.
    /// @param _passengers The passengers to drive to the destination.
    /// @return fee The MessagingFee for driving the bus
    function quoteDriveBus(uint32 _dstEid, bytes calldata _passengers) external view returns (MessagingFee memory fee);
}

File 75 of 159 : ITokenMessagingHandler.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { Origin } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/OApp.sol";

/// @dev This is an internal interface, defining the function to handle token message from the token messaging contract.
interface ITokenMessagingHandler {
    function receiveTokenBus(
        Origin calldata _origin,
        bytes32 _guid,
        uint8 _seatNumber,
        address _receiver,
        uint64 _amountSD
    ) external;

    function receiveTokenTaxi(
        Origin calldata _origin,
        bytes32 _guid,
        address _receiver,
        uint64 _amountSD,
        bytes calldata _composeMsg
    ) external;
}

File 76 of 159 : IAllowanceTransfer.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import { IEIP712 } from "./IEIP712.sol";

/**
 * @title AllowanceTransfer
 * @notice Handles ERC20 token permissions through signature based allowance setting and ERC20 token transfers by
 *         checking allowed amounts
 * @dev Requires user's token approval on the Permit2 contract
 */
interface IAllowanceTransfer is IEIP712 {
    /// @notice Thrown when an allowance on a token has expired.
    /// @param deadline The timestamp at which the allowed amount is no longer valid
    error AllowanceExpired(uint256 deadline);

    /// @notice Thrown when an allowance on a token has been depleted.
    /// @param amount The maximum amount allowed
    error InsufficientAllowance(uint256 amount);

    /// @notice Thrown when too many nonces are invalidated.
    error ExcessiveInvalidation();

    /// @notice Emits an event when the owner successfully invalidates an ordered nonce.
    event NonceInvalidation(
        address indexed owner,
        address indexed token,
        address indexed spender,
        uint48 newNonce,
        uint48 oldNonce
    );

    /// @notice Emits an event when the owner successfully sets permissions on a token for the spender.
    event Approval(
        address indexed owner,
        address indexed token,
        address indexed spender,
        uint160 amount,
        uint48 expiration
    );

    /**
     * @notice Emits an event when the owner successfully sets permissions using a permit signature on a token for
     *         the spender.
     */
    event Permit(
        address indexed owner,
        address indexed token,
        address indexed spender,
        uint160 amount,
        uint48 expiration,
        uint48 nonce
    );

    /// @notice Emits an event when the owner sets the allowance back to 0 with the lockdown function.
    event Lockdown(address indexed owner, address token, address spender);

    /// @notice The permit data for a token
    struct PermitDetails {
        // ERC20 token address
        address token;
        // the maximum amount allowed to spend
        uint160 amount;
        // timestamp at which a spender's token allowances become invalid
        uint48 expiration;
        // an incrementing value indexed per owner,token,and spender for each signature
        uint48 nonce;
    }

    /// @notice The permit message signed for a single token allowance
    struct PermitSingle {
        // the permit data for a single token alownce
        PermitDetails details;
        // address permissioned on the allowed tokens
        address spender;
        // deadline on the permit signature
        uint256 sigDeadline;
    }

    /// @notice The permit message signed for multiple token allowances
    struct PermitBatch {
        // the permit data for multiple token allowances
        PermitDetails[] details;
        // address permissioned on the allowed tokens
        address spender;
        // deadline on the permit signature
        uint256 sigDeadline;
    }

    /// @notice The saved permissions
    /// @dev This info is saved per owner, per token, per spender and all signed over in the permit message
    /// @dev Setting amount to type(uint160).max sets an unlimited approval
    struct PackedAllowance {
        // amount allowed
        uint160 amount;
        // permission expiry
        uint48 expiration;
        // an incrementing value indexed per owner,token,and spender for each signature
        uint48 nonce;
    }

    /// @notice A token spender pair.
    struct TokenSpenderPair {
        // the token the spender is approved
        address token;
        // the spender address
        address spender;
    }

    /// @notice Details for a token transfer.
    struct AllowanceTransferDetails {
        // the owner of the token
        address from;
        // the recipient of the token
        address to;
        // the amount of the token
        uint160 amount;
        // the token to be transferred
        address token;
    }

    /**
     * @notice A mapping from owner address to token address to spender address to PackedAllowance struct,
     *         which contains details and conditions of the approval.
     * @notice The mapping is indexed in the above order see: allowance[ownerAddress][tokenAddress][spenderAddress]
     * @dev The packed slot holds the allowed amount, expiration at which the allowed amount is no longer valid,
     *      and current nonce thats updated on any signature based approvals.
     */
    function allowance(
        address user,
        address token,
        address spender
    ) external view returns (uint160 amount, uint48 expiration, uint48 nonce);

    /// @notice Approves the spender to use up to amount of the specified token up until the expiration
    /// @param token The token to approve
    /// @param spender The spender address to approve
    /// @param amount The approved amount of the token
    /// @param expiration The timestamp at which the approval is no longer valid
    /// @dev The packed allowance also holds a nonce, which will stay unchanged in approve
    /// @dev Setting amount to type(uint160).max sets an unlimited approval
    function approve(address token, address spender, uint160 amount, uint48 expiration) external;

    /// @notice Permit a spender to a given amount of the owners token via the owner's EIP-712 signature
    /// @dev May fail if the owner's nonce was invalidated in-flight by invalidateNonce
    /// @param owner The owner of the tokens being approved
    /// @param permitSingle Data signed over by the owner specifying the terms of approval
    /// @param signature The owner's signature over the permit data
    function permit(address owner, PermitSingle memory permitSingle, bytes calldata signature) external;

    /// @notice Permit a spender to the signed amounts of the owners tokens via the owner's EIP-712 signature
    /// @dev May fail if the owner's nonce was invalidated in-flight by invalidateNonce
    /// @param owner The owner of the tokens being approved
    /// @param permitBatch Data signed over by the owner specifying the terms of approval
    /// @param signature The owner's signature over the permit data
    function permit(address owner, PermitBatch memory permitBatch, bytes calldata signature) external;

    /// @notice Transfer approved tokens from one address to another
    /// @param from The address to transfer from
    /// @param to The address of the recipient
    /// @param amount The amount of the token to transfer
    /// @param token The token address to transfer
    /// @dev Requires the from address to have approved at least the desired amount
    /// of tokens to msg.sender.
    function transferFrom(address from, address to, uint160 amount, address token) external;

    /// @notice Transfer approved tokens in a batch
    /// @param transferDetails Array of owners, recipients, amounts, and tokens for the transfers
    /// @dev Requires the from addresses to have approved at least the desired amount
    /// of tokens to msg.sender.
    function transferFrom(AllowanceTransferDetails[] calldata transferDetails) external;

    /// @notice Enables performing a "lockdown" of the sender's Permit2 identity
    /// by batch revoking approvals
    /// @param approvals Array of approvals to revoke.
    function lockdown(TokenSpenderPair[] calldata approvals) external;

    /// @notice Invalidate nonces for a given (token, spender) pair
    /// @param token The token to invalidate nonces for
    /// @param spender The spender to invalidate nonces for
    /// @param newNonce The new nonce to set. Invalidates all nonces less than it.
    /// @dev Can't invalidate more than 2**16 nonces per transaction.
    function invalidateNonces(address token, address spender, uint48 newNonce) external;
}

File 77 of 159 : IEIP712.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface IEIP712 {
    function DOMAIN_SEPARATOR() external view returns (bytes32);
}

File 78 of 159 : IPermit2.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import { ISignatureTransfer } from "./ISignatureTransfer.sol";
import { IAllowanceTransfer } from "./IAllowanceTransfer.sol";

/**
 * @notice Permit2 handles signature-based transfers in SignatureTransfer and allowance-based transfers in
 *         AllowanceTransfer.
 * @dev Users must approve Permit2 before calling any of the transfer functions.
 */
// solhint-disable-next-line no-empty-blocks
interface IPermit2 is ISignatureTransfer, IAllowanceTransfer {
    // IPermit2 unifies the two interfaces so users have maximal flexibility with their approval.
}

File 79 of 159 : ISignatureTransfer.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import { IEIP712 } from "./IEIP712.sol";

/// @title SignatureTransfer
/// @notice Handles ERC20 token transfers through signature based actions
/// @dev Requires user's token approval on the Permit2 contract
interface ISignatureTransfer is IEIP712 {
    /// @notice Thrown when the requested amount for a transfer is larger than the permissioned amount
    /// @param maxAmount The maximum amount a spender can request to transfer
    error InvalidAmount(uint256 maxAmount);

    /**
     * @notice Thrown when the number of tokens permissioned to a spender does not match the number of tokens being
     *         transferred
     * @dev If the spender does not need to transfer the number of tokens permitted, the spender can request amount 0
     *      to be transferred
     */
    error LengthMismatch();

    /// @notice Emits an event when the owner successfully invalidates an unordered nonce.
    event UnorderedNonceInvalidation(address indexed owner, uint256 word, uint256 mask);

    /// @notice The token and amount details for a transfer signed in the permit transfer signature
    struct TokenPermissions {
        // ERC20 token address
        address token;
        // the maximum amount that can be spent
        uint256 amount;
    }

    /// @notice The signed permit message for a single token transfer
    struct PermitTransferFrom {
        TokenPermissions permitted;
        // a unique value for every token owner's signature to prevent signature replays
        uint256 nonce;
        // deadline on the permit signature
        uint256 deadline;
    }

    /// @notice Specifies the recipient address and amount for batched transfers.
    /// @dev Recipients and amounts correspond to the index of the signed token permissions array.
    /// @dev Reverts if the requested amount is greater than the permitted signed amount.
    struct SignatureTransferDetails {
        // recipient address
        address to;
        // spender requested amount
        uint256 requestedAmount;
    }

    /// @notice Used to reconstruct the signed permit message for multiple token transfers
    /// @dev Do not need to pass in spender address as it is required that it is msg.sender
    /// @dev Note that a user still signs over a spender address
    struct PermitBatchTransferFrom {
        // the tokens and corresponding amounts permitted for a transfer
        TokenPermissions[] permitted;
        // a unique value for every token owner's signature to prevent signature replays
        uint256 nonce;
        // deadline on the permit signature
        uint256 deadline;
    }

    /**
     * @notice A map from token owner address and a caller specified word index to a bitmap. Used to set bits in the
     *         bitmap to prevent against signature replay protection
     * @dev Uses unordered nonces so that permit messages do not need to be spent in a certain order
     * @dev The mapping is indexed first by the token owner, then by an index specified in the nonce
     * @dev It returns a uint256 bitmap
     * @dev The index, or wordPosition is capped at type(uint248).max
     */
    function nonceBitmap(address, uint256) external view returns (uint256);

    /// @notice Transfers a token using a signed permit message
    /// @dev Reverts if the requested amount is greater than the permitted signed amount
    /// @param permit The permit data signed over by the owner
    /// @param owner The owner of the tokens to transfer
    /// @param transferDetails The spender's requested transfer details for the permitted token
    /// @param signature The signature to verify
    function permitTransferFrom(
        PermitTransferFrom memory permit,
        SignatureTransferDetails calldata transferDetails,
        address owner,
        bytes calldata signature
    ) external;

    /**
     * @notice Transfers a token using a signed permit message
     * @notice Includes extra data provided by the caller to verify signature over
     * @dev The witness type string must follow EIP712 ordering of nested structs and must include the TokenPermissions
     *      type definition
     * @dev Reverts if the requested amount is greater than the permitted signed amount
     * @param permit The permit data signed over by the owner
     * @param owner The owner of the tokens to transfer
     * @param transferDetails The spender's requested transfer details for the permitted token
     * @param witness Extra data to include when checking the user signature
     * @param witnessTypeString The EIP-712 type definition for remaining string stub of the typehash
     * @param signature The signature to verify
     */
    function permitWitnessTransferFrom(
        PermitTransferFrom memory permit,
        SignatureTransferDetails calldata transferDetails,
        address owner,
        bytes32 witness,
        string calldata witnessTypeString,
        bytes calldata signature
    ) external;

    /// @notice Transfers multiple tokens using a signed permit message
    /// @param permit The permit data signed over by the owner
    /// @param owner The owner of the tokens to transfer
    /// @param transferDetails Specifies the recipient and requested amount for the token transfer
    /// @param signature The signature to verify
    function permitTransferFrom(
        PermitBatchTransferFrom memory permit,
        SignatureTransferDetails[] calldata transferDetails,
        address owner,
        bytes calldata signature
    ) external;

    /**
     * @notice Transfers multiple tokens using a signed permit message
     * @dev The witness type string must follow EIP712 ordering of nested structs and must include the TokenPermissions
     *      type definition
     * @notice Includes extra data provided by the caller to verify signature over
     * @param permit The permit data signed over by the owner
     * @param owner The owner of the tokens to transfer
     * @param transferDetails Specifies the recipient and requested amount for the token transfer
     * @param witness Extra data to include when checking the user signature
     * @param witnessTypeString The EIP-712 type definition for remaining string stub of the typehash
     * @param signature The signature to verify
     */
    function permitWitnessTransferFrom(
        PermitBatchTransferFrom memory permit,
        SignatureTransferDetails[] calldata transferDetails,
        address owner,
        bytes32 witness,
        string calldata witnessTypeString,
        bytes calldata signature
    ) external;

    /// @notice Invalidates the bits specified in mask for the bitmap at the word position
    /// @dev The wordPos is maxed at type(uint248).max
    /// @param wordPos A number to index the nonceBitmap at
    /// @param mask A bitmap masked against msg.sender's current bitmap at the word position
    function invalidateUnorderedNonces(uint256 wordPos, uint256 mask) external;
}

File 80 of 159 : AddressCast.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

library AddressCast {
    function toBytes32(address _address) internal pure returns (bytes32 result) {
        result = bytes32(uint256(uint160(_address)));
    }

    function toAddress(bytes32 _addressBytes32) internal pure returns (address result) {
        result = address(uint160(uint256(_addressBytes32)));
    }
}

File 81 of 159 : Bus.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { BusPassenger, BusCodec } from "./BusCodec.sol";

/* Bus Parameters
    There is three relevant bus parameters regarding the number of passengers than can queue up for it 
    and later sit on it to be driven:

    queueCapacity
    maxNumPassengers
    plannerPassengers

    In simple terms, up to queueCapacity passengers can queue up at once, up to maxNumPassengers can be driven per bus
    at once, and plannerPassengers passengers will be driven under steady state conditions. 
    
    When and how to set these parameters is explained next:

    queueCapacity
    Queue capacity is an on-chain parameter set at deployment time (it is part of the constructor). It limits the amount
    of passengers that can queue up for the bus at once. It also sets the size of the circular buffer used to represent
    the queue. The capacity impacts the cost of initialization since each capacity slot should be initialized, so it is
    a number that we want to bound. At the same time, the size of the circular buffer defines the bus behaviour under
    re-orgs: Because a re-org will re-order txs, that changes the hashChain, which will cause the `drive` txs to revert
    as they will contain the wrong hashes. Reverting the drives means that in the now-canonical fork there is no
    available room in the queue for all the passengers that queued up in the abandoned fork. This will cause all those
    txs to revert as well, leading to a bad UX. If the circular buffer is made larger, then the passengers txs can
    still be re-arranged despite all the `drive` txs reverting. This parameter should be set by estimating the inflow
    of txs for each chain and multiplying that by the p99 finality window (confirmation time) or another such indicator
    to minimize the chances that passengers `ride` tx revert under re-orgs. Naturally the queue constrains the
    `maxNumPassengers`.

    maxNumPassengers
    The max number of passengers to drive is an on-chain parameter that limits how many passengers can be driven at
    once. It is set through the `setMaxNumPassengers` function at wire/configure time but can be later
    modified. Its purpose is to ensure that all LZ messages are deliverable. Since LZ has a limit on the destination on
    the message size, we need to ensure on the source that we do not go above that limit.

    plannerPassengers
    The number of passengers that the Planner will actually attempt to drive. This is an off-chain parameter that tries
    to balance cost (by driving as many passengers as possible at once) with speed (by driving as often as possible).
    It is dynamically set on the off-chain side and the only significance on the contract side is that it corresponds
    to the typical value the contract will see on calls to `ride`.

    The way each parameter limits the next one means queueCapacity > maxNumPassengers > plannerPassengers.
*/

// Represents the bus state. This includes bus identifiers, current seats and a proof to verify the current passengers.
struct BusQueue {
    uint8 maxNumPassengers; // set by the owner
    uint80 busFare; // set by the planner
    uint80 busAndNativeDropFare; // set by the planner
    uint16 qLength; // the length of the queue, i.e. how many passengers are queued up
    uint72 nextTicketId; // the last ticketId driven + 1, so the next ticketId to be driven
    mapping(uint16 index => bytes32 hash) hashChain; // hash chain of passengers, range of the index is the bus capacity
}

struct Bus {
    uint72 startTicketId;
    uint8 numPassengers;
    uint8 totalNativeDrops;
    bytes passengersBytes;
}

using BusLib for BusQueue global;

/// @title A library containing functionality for riding and driving buses.
/// @dev A bus allows sending multiple Stargate `Send`s on a single LZ message, making it very
/// @dev cheap. This batching incurs in additional latency, as the messages sent using the bus
/// @dev are not immediately sent, but rather stored in the bus until the bus is `drive`n.
/// @dev The messages are not actually stored on-chain, but a hash representing them is stored.
/// @dev This hash serves as proof that the driver provided the original data when calling
/// @dev `drive`. This saves storage.
library BusLib {
    error Bus_InvalidFare(bool nativeDrop);
    error Bus_InvalidPassenger();
    error Bus_QueueFull();
    error Bus_InvalidStartTicket();
    error Bus_InvalidNumPassengers(uint8 numPassengers);

    event BusRode(uint32 dstEid, uint72 ticketId, uint80 fare, bytes passenger);
    event BusDriven(uint32 dstEid, uint72 startTicketId, uint8 numPassengers, bytes32 guid);

    function setMaxNumPassengers(BusQueue storage _queue, uint8 _maxNumPassengers) internal {
        _queue.maxNumPassengers = _maxNumPassengers;
    }

    function setFares(BusQueue storage _queue, uint80 _busFare, uint80 _busAndNativeDropFare) internal {
        _queue.busFare = _busFare;
        _queue.busAndNativeDropFare = _busAndNativeDropFare;
    }

    function safeGetFare(BusQueue storage _queue, bool _nativeDrop) internal view returns (uint80 fare) {
        fare = _nativeDrop ? _queue.busAndNativeDropFare : _queue.busFare;
        if (fare == 0) revert Bus_InvalidFare(_nativeDrop);
    }

    /// @notice Ride the bus, queueing the message for processing.
    /// @dev Updates the bus structure and emits an event with the relevant data.
    /// @dev Reverts with BusFull if the bus is full.
    /// @dev Emits BusRode with the passenger information.
    function ride(
        BusQueue storage _queue,
        uint16 _queueCapacity,
        uint32 _dstEid,
        BusPassenger memory _passenger
    ) internal returns (uint72 ticketId, bytes memory passengerBytes, uint80 fare) {
        // step 1: generate the ticketId
        unchecked {
            // create a new ticket
            ticketId = _queue.nextTicketId + _queue.qLength++;

            // check if the bus is full
            if (_queue.qLength >= _queueCapacity) revert Bus_QueueFull();
        }

        // step 2: generate the passenger bytes
        passengerBytes = BusCodec.encodePassenger(_passenger);

        // step 3: calculate the fare
        fare = _queue.safeGetFare(_passenger.nativeDrop);

        // step 4: update the hash chain
        bytes32 lastHash;
        unchecked {
            lastHash = ticketId == 0 ? bytes32(0) : _queue.hashChain[uint16((ticketId - 1) % _queueCapacity)];
        }
        _queue.hashChain[uint16(ticketId % _queueCapacity)] = keccak256(abi.encodePacked(lastHash, passengerBytes));

        // step 5: emit the event
        emit BusRode(_dstEid, ticketId, fare, passengerBytes);
    }

    /// @notice Drive the bus, validating the payload
    /// @dev This function validates the payload by re-seating all passengers and also resets the bus state.
    /// @param _queue The queue to get passengers from
    /// @param _queueCapacity An immutable value set on TokenMessaging, always larger than the maxNumPassengers
    /// @param _passengersBytes The concatenated data of all passengers in the bus
    function checkTicketsAndDrive(
        BusQueue storage _queue,
        uint16 _queueCapacity,
        bytes calldata _passengersBytes
    ) internal returns (Bus memory bus) {
        bus = checkTickets(_queue, _queueCapacity, _passengersBytes);
        // This effectively 'drives' the bus
        unchecked {
            _queue.nextTicketId += bus.numPassengers;
            _queue.qLength -= bus.numPassengers;
        }
    }

    /// @notice Validate that the aggregated payload corresponds to the list of bus passengers.
    /// @dev Verification is done by re-seating the passengers and recalculating the hash-chain.
    /// @dev Reverts with InvalidPassenger if the top hashes do not match.
    function checkTickets(
        BusQueue storage _queue,
        uint16 _queueCapacity,
        bytes calldata _passengersBytes
    ) internal view returns (Bus memory bus) {
        // Validate the number of passengers
        uint8 numPassengers = BusCodec.getNumPassengers(_passengersBytes);
        if (numPassengers == 0 || numPassengers > _queue.maxNumPassengers || numPassengers > _queue.qLength) {
            revert Bus_InvalidNumPassengers(numPassengers);
        }

        // Generate the last hash
        uint72 startTicketId = _queue.nextTicketId;
        bytes32 previousHash = startTicketId == 0
            ? bytes32(0)
            : _queue.hashChain[uint16((startTicketId - 1) % _queueCapacity)];
        (uint8 totalNativeDrops, bytes32 lastHash) = BusCodec.parsePassengers(_passengersBytes, previousHash);

        // Validate the last hash
        uint72 lastTicketIdToDrive = startTicketId + numPassengers - 1;
        if (lastHash != _queue.hashChain[uint16(lastTicketIdToDrive % _queueCapacity)]) revert Bus_InvalidPassenger();

        // Set the bus params
        bus.startTicketId = startTicketId;
        bus.numPassengers = numPassengers;
        bus.passengersBytes = _passengersBytes;
        bus.totalNativeDrops = totalNativeDrops;
    }
}

File 82 of 159 : BusCodec.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";

struct BusPassenger {
    uint16 assetId;
    bytes32 receiver;
    uint64 amountSD;
    bool nativeDrop;
}

/// @title A library for encoding and decoding Bus messages.
/// @dev Each bus contains one more more passengers.
/// @dev A passenger contains the payload for one transfer.
library BusCodec {
    uint8 internal constant MSG_TYPE_BUS = 2;

    // Bytes offsets for the passenger payload
    uint256 internal constant ASSET_ID_OFFSET = 2;
    uint256 internal constant RECEIVER_OFFSET = 34;
    uint256 internal constant AMOUNT_SD_OFFSET = 42;
    uint256 internal constant NATIVE_DROP_OFFSET = 43;
    uint256 internal constant PASSENGER_BYTES_LENGTH = NATIVE_DROP_OFFSET;

    // Bytes offsets for the header payload
    uint256 internal constant MSG_TYPE_BYTES_OFFSET = 1;
    uint256 internal constant NATIVE_DROP_AMOUNT_TOTAL_OFFSET = 17;
    uint256 internal constant NATIVE_DROP_AMOUNT_OFFSET = 33;
    uint256 internal constant HEADER_BYTES_LENGTH = NATIVE_DROP_AMOUNT_OFFSET;

    error BusCodec_InvalidBusBytesLength();
    error BusCodec_InvalidMessage();
    error BusCodec_InvalidPassenger();
    error BusCodec_InvalidPassengersBytesLength();

    // ---------------------------------- Passenger Functions ------------------------------------------

    function encodePassenger(BusPassenger memory _passenger) internal pure returns (bytes memory passengerBytes) {
        passengerBytes = abi.encodePacked(
            _passenger.assetId,
            _passenger.receiver,
            _passenger.amountSD,
            _passenger.nativeDrop
        );
    }

    function decodePassenger(bytes calldata _passengerBytes) internal pure returns (BusPassenger memory) {
        uint16 assetId = uint16(bytes2(_passengerBytes[:ASSET_ID_OFFSET]));
        bytes32 receiver = bytes32(_passengerBytes[ASSET_ID_OFFSET:RECEIVER_OFFSET]);
        uint64 amountSD = uint64(bytes8(_passengerBytes[RECEIVER_OFFSET:AMOUNT_SD_OFFSET]));
        bool nativeDrop = uint8(bytes1(_passengerBytes[AMOUNT_SD_OFFSET:NATIVE_DROP_OFFSET])) == 1;

        return BusPassenger({ assetId: assetId, receiver: receiver, amountSD: amountSD, nativeDrop: nativeDrop });
    }

    // ---------------------------------- Bus Functions ------------------------------------------

    /// @notice Checks if the message is a bus message.
    function isBus(bytes calldata _message) internal pure returns (bool) {
        if (_message.length < HEADER_BYTES_LENGTH) revert BusCodec_InvalidMessage();
        return uint8(_message[0]) == MSG_TYPE_BUS;
    }

    /// @notice Extracts the number of passengers on the bus.
    function getNumPassengers(bytes calldata _passengersBytes) internal pure returns (uint8) {
        uint256 passengersBytesLength = _passengersBytes.length;
        if (passengersBytesLength % PASSENGER_BYTES_LENGTH != 0) revert BusCodec_InvalidPassengersBytesLength();

        return SafeCast.toUint8((passengersBytesLength) / PASSENGER_BYTES_LENGTH);
    }

    /// @notice Encodes a Bus message.
    /// @param _numNativeDrops The total number of native drops requested by passengers on the bus.
    /// @dev Since each passenger can only request whether or not to drop native gas (and not the native drop amount),
    /// @dev _numNativeDrops <= the number of passengers on the Bus.
    /// @param _nativeDropAmount The amount destination gas included in the delivery.
    /// @param _nativeDropAmount is the same for each participating passenger.
    /// @param _passengersBytes The passengers payload, which contains one or more passengers.
    /// @return busBytes The encoded Bus message.
    function encodeBus(
        uint128 _numNativeDrops, // the number of passengers whom have requested a native drop on the destination
        uint128 _nativeDropAmount, // amount per drop
        bytes memory _passengersBytes
    ) internal pure returns (bytes memory busBytes) {
        busBytes = abi.encodePacked(MSG_TYPE_BUS, _numNativeDrops, _nativeDropAmount, _passengersBytes);
    }

    function decodeBus(
        bytes calldata _busBytes
    ) internal pure returns (uint128 totalNativeDrops, uint128 nativeDropAmount, BusPassenger[] memory busPassengers) {
        // gas savings by loading to memory
        uint256 busBytesLength = _busBytes.length;

        // Step 0: check payload length
        if (busBytesLength < HEADER_BYTES_LENGTH) revert BusCodec_InvalidBusBytesLength();

        // Step 1: decode nativeDrop details
        totalNativeDrops = uint128(bytes16(_busBytes[MSG_TYPE_BYTES_OFFSET:NATIVE_DROP_AMOUNT_TOTAL_OFFSET]));
        nativeDropAmount = uint128(bytes16(_busBytes[NATIVE_DROP_AMOUNT_TOTAL_OFFSET:NATIVE_DROP_AMOUNT_OFFSET]));

        // Step 2: determine the number of passengers in the bus.
        uint256 numPassengers = (busBytesLength - HEADER_BYTES_LENGTH) / PASSENGER_BYTES_LENGTH;

        // Step 3: Initialize the list of passenger details
        busPassengers = new BusPassenger[](numPassengers);

        // Step 4: Set the cursor to the start of the 'busPassengers'
        uint256 cursor = HEADER_BYTES_LENGTH;

        // Step 5: Iterate the 'busPassengers' and decode each passenger
        for (uint8 i = 0; i < numPassengers; i++) {
            busPassengers[i] = decodePassenger(_busBytes[cursor:cursor + PASSENGER_BYTES_LENGTH]);
            cursor += PASSENGER_BYTES_LENGTH;
        }
    }

    function parsePassengers(
        bytes calldata _passengersBytes,
        bytes32 _previousHash
    ) internal pure returns (uint8 totalNativeDrops, bytes32 lastHash) {
        lastHash = _previousHash;
        // iterate passengers
        for (uint256 i = 0; i < _passengersBytes.length; i += PASSENGER_BYTES_LENGTH) {
            // get the current passenger
            bytes calldata passengerBytes = _passengersBytes[i:i + PASSENGER_BYTES_LENGTH];

            // update the lastHash
            lastHash = keccak256(abi.encodePacked(lastHash, passengerBytes));

            // update total native drops
            bool hasNativeDrop = uint8(passengerBytes[NATIVE_DROP_OFFSET - 1]) == 1;
            if (hasNativeDrop) totalNativeDrops++;
        }
    }
}

File 83 of 159 : CreditMsgCodec.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";
import { Buffer } from "@ensdomains/buffer/contracts/Buffer.sol";

import { Credit } from "../interfaces/ICreditMessagingHandler.sol";

struct CreditBatch {
    uint16 assetId;
    Credit[] credits;
}

library CreditMsgCodec {
    using Buffer for Buffer.buffer;
    using SafeCast for uint256;

    /// @dev The byte width of the amount field in the credit message.
    uint8 internal constant AMOUNT_BYTE_WIDTH = 8;

    /// @dev The byte width of the assetId field in the credit message.
    uint8 internal constant ASSET_ID_BYTE_WIDTH = 2;

    /// @dev The byte width of the srcEid field in the credit message.
    uint8 internal constant EID_BYTE_WIDTH = 4;

    /// @dev The byte width of the numBatches field in the credit message.
    uint8 internal constant NUM_BATCHES_BYTE_WIDTH = 1;

    /// @dev The byte width of the numCredits field in the credit batch.
    uint8 internal constant NUM_CREDITS_BYTE_WIDTH = 1;

    error CreditMsgCodec_InvalidMessage();

    function encode(
        CreditBatch[] memory _creditBatches,
        uint256 _totalCreditNum
    ) internal pure returns (bytes memory message) {
        uint256 numBatches = _creditBatches.length;
        // batchNum(1) + batchNum * (assetId(2) + batchSize(1)) + creditNum * (srcEid(4) + amount(8))
        uint256 bufferSize = NUM_BATCHES_BYTE_WIDTH +
            numBatches *
            (NUM_CREDITS_BYTE_WIDTH + ASSET_ID_BYTE_WIDTH) +
            _totalCreditNum *
            (EID_BYTE_WIDTH + AMOUNT_BYTE_WIDTH);
        Buffer.buffer memory buf;
        buf.init(bufferSize);
        buf.appendUint8(numBatches.toUint8());
        for (uint256 i = 0; i < numBatches; i++) {
            CreditBatch memory batch = _creditBatches[i];
            buf.appendInt(batch.assetId, ASSET_ID_BYTE_WIDTH);
            uint256 batchSize = batch.credits.length;
            buf.appendUint8(batchSize.toUint8());
            for (uint256 j = 0; j < batchSize; j++) {
                Credit memory credit = batch.credits[j];
                buf.appendInt(credit.srcEid, EID_BYTE_WIDTH);
                buf.appendInt(credit.amount, AMOUNT_BYTE_WIDTH);
            }
        }
        message = buf.buf;
    }

    function decode(bytes calldata _message) internal pure returns (CreditBatch[] memory creditBatches) {
        uint8 batchNum = uint8(_message[0]);
        creditBatches = new CreditBatch[](batchNum);
        uint256 cursor = 1; // skip batchNum(1)
        for (uint256 i = 0; i < batchNum; i++) {
            uint16 assetId = uint16(bytes2(_message[cursor:cursor += ASSET_ID_BYTE_WIDTH]));
            uint8 batchSize = uint8(_message[cursor]);
            cursor += NUM_BATCHES_BYTE_WIDTH;
            Credit[] memory credits = new Credit[](batchSize);
            for (uint256 j = 0; j < batchSize; j++) {
                uint32 srcEid = uint32(bytes4(_message[cursor:cursor += EID_BYTE_WIDTH]));
                uint64 amount = uint64(bytes8(_message[cursor:cursor += AMOUNT_BYTE_WIDTH]));
                credits[j] = Credit(srcEid, amount);
            }
            creditBatches[i] = CreditBatch(assetId, credits);
        }
        if (cursor != _message.length) revert CreditMsgCodec_InvalidMessage();
    }
}

File 84 of 159 : Path.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

/// @dev The Path struct contains the bus base fare multiplier bps and the credit in the same slot for gas saving.
struct Path {
    uint64 credit; // available credit for the path, in SD
}

using PathLib for Path global;

/**
 * @title A library to operate on Paths.
 * @dev A Path is a route through which value can be sent. It entails the local chain and a destination chain, and has
 *      a given amount of credit associated with it. Every time the value is sent from A to B, the credit on A is
 *      decreased and credit on B is increased. If credit hits 0 then the path can no longer be used.
 */
library PathLib {
    uint64 internal constant UNLIMITED_CREDIT = type(uint64).max;

    // solhint-disable-next-line event-name-camelcase
    event Path_CreditBurned(uint64 amountSD);

    error Path_InsufficientCredit();
    error Path_AlreadyHasCredit();
    error Path_UnlimitedCredit();

    /// @notice Increase credit for a given Path.
    /// @dev Reverts with Path_UnlimitedCredit if the increase would hit the maximum amount of credit (reserved value)
    /// @param _path The Path for which to increase credit
    /// @param _amountSD The amount by which to increase credit
    function increaseCredit(Path storage _path, uint64 _amountSD) internal {
        uint64 credit = _path.credit;
        if (credit == UNLIMITED_CREDIT) return;
        credit += _amountSD;
        if (credit == UNLIMITED_CREDIT) revert Path_UnlimitedCredit();
        _path.credit = credit;
    }

    /// @notice Decrease credit for a given Path.
    /// @dev Reverts with InsufficientCredit if there is not enough credit
    /// @param _path The Path for which to decrease credit
    /// @param _amountSD The amount by which to decrease credit
    function decreaseCredit(Path storage _path, uint64 _amountSD) internal {
        uint64 currentCredit = _path.credit;
        if (currentCredit == UNLIMITED_CREDIT) return;
        if (currentCredit < _amountSD) revert Path_InsufficientCredit();
        unchecked {
            _path.credit = currentCredit - _amountSD;
        }
    }

    /// @notice Decrease credit for a given path, even if only a partial amount is possible.
    /// @param _path The Path for which to decrease credit
    /// @param _amountSD The amount by which try to decrease credit
    /// @param _minKept The minimum amount of credit to keep after the decrease
    /// @return decreased The actual amount of credit decreased
    function tryDecreaseCredit(
        Path storage _path,
        uint64 _amountSD,
        uint64 _minKept
    ) internal returns (uint64 decreased) {
        uint64 currentCredit = _path.credit;
        // not allowed to try to decrease unlimited credit
        if (currentCredit == UNLIMITED_CREDIT) revert Path_UnlimitedCredit();
        if (_minKept < currentCredit) {
            unchecked {
                uint64 maxDecreased = currentCredit - _minKept;
                decreased = _amountSD > maxDecreased ? maxDecreased : _amountSD;
                _path.credit = currentCredit - decreased;
            }
        }
    }

    /// @notice Set a given path as OFT or reset an OFT path to 0 credit.
    /// @dev A Path for which the asset is using an OFT on destination gets unlimited credit because value transfers
    /// @dev do not spend value.
    /// @dev Such a path is expected to not have credit before.
    /// @dev Reverts with AlreadyHasCredit if the Path already had credit assigned to it
    /// @param _path The Path to set
    /// @param _oft Whether to set it as OFT or reset it from OFT
    function setOFTPath(Path storage _path, bool _oft) internal {
        uint64 currentCredit = _path.credit;
        if (_oft) {
            // only allow un-limiting from 0
            if (currentCredit != 0) revert Path_AlreadyHasCredit();
            _path.credit = UNLIMITED_CREDIT;
        } else {
            // only allow resetting from unlimited
            if (currentCredit != UNLIMITED_CREDIT) revert Path_AlreadyHasCredit();
            _path.credit = 0;
        }
    }

    /// @notice Check whether a given Path is set as OFT.
    /// @param _path The path to examine
    /// @return whether the Path is set as OFT
    function isOFTPath(Path storage _path) internal view returns (bool) {
        return _path.credit == UNLIMITED_CREDIT;
    }

    /// @notice Burn credit for a given Path during bridged token migration.
    function burnCredit(Path storage _path, uint64 _amountSD) internal {
        decreaseCredit(_path, _amountSD);
        emit Path_CreditBurned(_amountSD);
    }
}

File 85 of 159 : TaxiCodec.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { AddressCast } from "./AddressCast.sol";

library TaxiCodec {
    error TaxiCodec_InvalidMessage();

    uint8 internal constant MSG_TYPE_TAXI = 1;

    uint256 internal constant MSG_TYPE_OFFSET = 1;
    uint256 internal constant ASSET_ID_OFFSET = 3;
    uint256 internal constant RECEIVER_OFFSET = 35;
    uint256 internal constant AMOUNT_SD_OFFSET = 43;

    function isTaxi(bytes calldata _message) internal pure returns (bool) {
        if (_message.length < AMOUNT_SD_OFFSET) revert TaxiCodec_InvalidMessage();
        return uint8(_message[0]) == MSG_TYPE_TAXI;
    }

    function encodeTaxi(
        address _sender,
        uint16 _assetId,
        bytes32 _receiver,
        uint64 _amountSD,
        bytes calldata _composeMsg
    ) internal pure returns (bytes memory _taxiBytes) {
        _taxiBytes = abi.encodePacked(
            MSG_TYPE_TAXI,
            _assetId,
            _receiver,
            _amountSD,
            // @dev Remote chains will want to know the composed function caller ie. msg.sender on the src.
            _composeMsg.length > 0 ? abi.encodePacked(AddressCast.toBytes32(_sender), _composeMsg) : _composeMsg
        );
    }

    function decodeTaxi(
        bytes calldata _taxiBytes
    ) internal pure returns (uint16 assetId, bytes32 receiver, uint64 amountSD, bytes memory composeMsg) {
        assetId = uint16(bytes2(_taxiBytes[MSG_TYPE_OFFSET:ASSET_ID_OFFSET]));
        receiver = bytes32(_taxiBytes[ASSET_ID_OFFSET:RECEIVER_OFFSET]);
        amountSD = uint64(bytes8(_taxiBytes[RECEIVER_OFFSET:AMOUNT_SD_OFFSET]));
        composeMsg = _taxiBytes[AMOUNT_SD_OFFSET:]; // This has had the msg.sender encoded into the original composeMsg
    }
}

File 86 of 159 : Transfer.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

/// @dev WARNING: Transferring tokens, when the token address is wrong, will fail silently.
contract Transfer is Ownable {
    error Transfer_TransferFailed();
    error Transfer_ApproveFailed();

    // @dev default this to 2300, but it is modifiable
    // @dev this is intended to provide just enough gas to receive native tokens.
    // @dev ie. empty fallbacks or EOA addresses
    uint256 internal transferGasLimit = 2300;

    function getTransferGasLimit() external view returns (uint256) {
        return transferGasLimit;
    }

    function setTransferGasLimit(uint256 _gasLimit) external onlyOwner {
        transferGasLimit = _gasLimit;
    }

    /// @notice Transfer native coin to an account
    /// @dev If gas is unlimited, we pass 63/64 of the gasleft()
    /// @dev This call may revert due to out of gas instead of returning false.
    /// @param _to The account to transfer native coin to
    /// @param _value The amount of native coin to transfer
    /// @param _gasLimited Whether to limit gas available for the 'fall-back'
    /// @return success Whether the transfer was successful
    function transferNative(address _to, uint256 _value, bool _gasLimited) internal returns (bool success) {
        uint256 gasForCall = _gasLimited ? transferGasLimit : gasleft();

        // @dev We dont care about the data returned here, only success or not.
        assembly {
            success := call(gasForCall, _to, _value, 0, 0, 0, 0)
        }
    }

    /// @notice Transfer an ERC20 token from the sender to an account
    /// @param _token The address of the ERC20 token to send
    /// @param _to The receiving account
    /// @param _value The amount of tokens to transfer
    /// @return success Whether the transfer was successful or not
    function transferToken(address _token, address _to, uint256 _value) internal returns (bool success) {
        success = _call(_token, abi.encodeWithSelector(IERC20(_token).transfer.selector, _to, _value));
    }

    /// @notice Transfer an ERC20 token from one account to another
    /// @param _token The address of the ERC20 token to send
    /// @param _from The source account
    /// @param _to The destination account
    /// @param _value The amount of tokens to transfer
    /// @return success Whether the transfer was successful or not
    function transferTokenFrom(
        address _token,
        address _from,
        address _to,
        uint256 _value
    ) internal returns (bool success) {
        success = _call(_token, abi.encodeWithSelector(IERC20(_token).transferFrom.selector, _from, _to, _value));
    }

    /// @notice Transfer either native coin or ERC20 token from the sender to an account
    /// @param _token The ERC20 address or 0x0 if native is desired
    /// @param _to The destination account
    /// @param _value the amount to transfer
    /// @param _gasLimited Whether to limit the amount of gas when doing a native transfer
    /// @return success Whether the transfer was successful or not
    function transfer(address _token, address _to, uint256 _value, bool _gasLimited) internal returns (bool success) {
        if (_token == address(0)) {
            success = transferNative(_to, _value, _gasLimited);
        } else {
            success = transferToken(_token, _to, _value);
        }
    }

    /// @notice Approve a given amount of token for an account
    /// @param _token The OFT contract to use for approval
    /// @param _spender The account to approve
    /// @param _value The amount of tokens to approve
    /// @return success Whether the approval succeeded
    function approveToken(address _token, address _spender, uint256 _value) internal returns (bool success) {
        success = _call(_token, abi.encodeWithSelector(IERC20(_token).approve.selector, _spender, _value));
    }

    /// @notice Transfer native coin to an account or revert
    /// @dev Reverts with TransferFailed if the transfer failed
    /// @param _to The account to transfer native coin to
    /// @param _value The amount of native coin to transfer
    /// @param _gasLimited Whether to limit the amount of gas to 2300
    function safeTransferNative(address _to, uint256 _value, bool _gasLimited) internal {
        if (!transferNative(_to, _value, _gasLimited)) revert Transfer_TransferFailed();
    }

    /// @notice Transfer an ERC20 token from one account to another or revert
    /// @dev Reverts with TransferFailed when the transfer fails
    /// @param _token The address of the ERC20 token to send
    /// @param _to The destination account
    /// @param _value The amount of tokens to transfer
    function safeTransferToken(address _token, address _to, uint256 _value) internal {
        if (!transferToken(_token, _to, _value)) revert Transfer_TransferFailed();
    }

    /// @notice Transfer an ERC20 token from one account to another
    /// @dev Reverts with TransferFailed when the transfer fails
    /// @param _token The address of the ERC20 token to send
    /// @param _from The source account
    /// @param _to The destination account
    /// @param _value The amount of tokens to transfer
    function safeTransferTokenFrom(address _token, address _from, address _to, uint256 _value) internal {
        if (!transferTokenFrom(_token, _from, _to, _value)) revert Transfer_TransferFailed();
    }

    /// @notice Transfer either native coin or ERC20 token from the sender to an account
    /// @dev Reverts with TransferFailed when the transfer fails
    /// @param _token The ERC20 address or 0x0 if native is desired
    /// @param _to The destination account
    /// @param _value the amount to transfer
    /// @param _gasLimited Whether to limit the amount of gas when doing a native transfer
    function safeTransfer(address _token, address _to, uint256 _value, bool _gasLimited) internal {
        if (!transfer(_token, _to, _value, _gasLimited)) revert Transfer_TransferFailed();
    }

    /// @notice Approve a given amount of token for an account or revert
    /// @dev Reverts with ApproveFailed if the approval failed
    /// @dev Consider using forceApproveToken(...) to ensure the approval is set correctly.
    /// @param _token The OFT contract to use for approval
    /// @param _spender The account to approve
    /// @param _value The amount of tokens to approve
    function safeApproveToken(address _token, address _spender, uint256 _value) internal {
        if (!approveToken(_token, _spender, _value)) revert Transfer_ApproveFailed();
    }

    /// @notice Force approve a given amount of token for an account by first resetting the approval
    /// @dev Some tokens that require the approval to be set to zero before setting it to a non-zero value, e.g. USDT.
    /// @param _token The OFT contract to use for approval
    /// @param _spender The account to approve
    /// @param _value The amount of tokens to approve
    function forceApproveToken(address _token, address _spender, uint256 _value) internal {
        if (!approveToken(_token, _spender, _value)) {
            safeApproveToken(_token, _spender, 0);
            safeApproveToken(_token, _spender, _value);
        }
    }

    function _call(address _token, bytes memory _data) private returns (bool success) {
        // solhint-disable-next-line avoid-low-level-calls
        (bool s, bytes memory returndata) = _token.call(_data);
        success = s ? returndata.length == 0 || abi.decode(returndata, (bool)) : false;
    }
}

File 87 of 159 : CreditMessaging.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { MessagingFee } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/interfaces/IOFT.sol";

import { ICreditMessaging, TargetCreditBatch, TargetCredit } from "../interfaces/ICreditMessaging.sol";
import { ICreditMessagingHandler, Credit } from "../interfaces/ICreditMessagingHandler.sol";
import { CreditMsgCodec, CreditBatch } from "../libs/CreditMsgCodec.sol";
import { CreditMessagingOptions } from "./CreditMessagingOptions.sol";
import { MessagingBase, Origin } from "./MessagingBase.sol";

contract CreditMessaging is MessagingBase, CreditMessagingOptions, ICreditMessaging {
    constructor(address _endpoint, address _owner) MessagingBase(_endpoint, _owner) {}

    // ---------------------------------- Only Planner ------------------------------------------

    function sendCredits(uint32 _dstEid, TargetCreditBatch[] calldata _creditBatches) external payable onlyPlanner {
        CreditBatch[] memory batches = new CreditBatch[](_creditBatches.length);
        uint256 index = 0;
        uint128 totalCreditNum = 0; // total number of credits in all batches

        for (uint256 i = 0; i < _creditBatches.length; i++) {
            TargetCreditBatch calldata targetBatch = _creditBatches[i];
            Credit[] memory actualCredits = ICreditMessagingHandler(_safeGetStargateImpl(targetBatch.assetId))
                .sendCredits(_dstEid, targetBatch.credits);
            if (actualCredits.length > 0) {
                batches[index++] = CreditBatch(targetBatch.assetId, actualCredits);
                totalCreditNum += uint128(actualCredits.length); // safe cast
            }
        }

        if (index != 0) {
            // resize the array to the actual number of batches
            assembly {
                mstore(batches, index)
            }
            bytes memory message = CreditMsgCodec.encode(batches, totalCreditNum);
            bytes memory options = _buildOptions(_dstEid, totalCreditNum);
            _lzSend(_dstEid, message, options, MessagingFee(msg.value, 0), msg.sender);
        }
    }

    function quoteSendCredits(
        uint32 _dstEid,
        TargetCreditBatch[] calldata _creditBatches
    ) external view returns (MessagingFee memory fee) {
        CreditBatch[] memory creditBatches = new CreditBatch[](_creditBatches.length);
        uint128 creditNum = 0; // used for message encoding
        for (uint256 i = 0; i < _creditBatches.length; i++) {
            TargetCredit[] calldata targetCredits = _creditBatches[i].credits;
            Credit[] memory credits = new Credit[](targetCredits.length);
            creditNum += uint128(targetCredits.length); // safe cast
            for (uint256 j = 0; j < targetCredits.length; j++) {
                credits[j] = Credit(targetCredits[j].srcEid, targetCredits[j].amount);
            }
            creditBatches[i] = CreditBatch(_creditBatches[i].assetId, credits);
        }
        bytes memory message = CreditMsgCodec.encode(creditBatches, creditNum);
        bytes memory options = _buildOptions(_dstEid, creditNum);
        fee = _quote(_dstEid, message, options, false);
    }

    // ---------------------------------- OApp Functions ------------------------------------------

    function _lzReceive(
        Origin calldata _origin,
        bytes32 /*_guid*/,
        bytes calldata _message,
        address /*_executor*/,
        bytes calldata /*_extraData*/
    ) internal override {
        CreditBatch[] memory creditBatches = CreditMsgCodec.decode(_message);
        uint256 batchNum = creditBatches.length;
        for (uint256 i = 0; i < batchNum; i++) {
            CreditBatch memory creditBatch = creditBatches[i];
            ICreditMessagingHandler(_safeGetStargateImpl(creditBatch.assetId)).receiveCredits(
                _origin.srcEid,
                creditBatch.credits
            );
        }
    }
}

File 88 of 159 : CreditMessagingOptions.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { OAppOptionsType3 } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/libs/OAppOptionsType3.sol";
import { Buffer } from "@ensdomains/buffer/contracts/Buffer.sol";

/// @title Credit Messaging implementation of OAppOptionsType3
/// @notice This contract is used to build options for the CreditMessaging OApp.
abstract contract CreditMessagingOptions is OAppOptionsType3 {
    using Buffer for Buffer.buffer;

    /// @dev CreditMessaging only has one type of message.
    uint8 internal constant MSG_TYPE_CREDIT_MESSAGING = 3; // only one message type for credit messaging

    uint8 internal constant EXECUTOR_WORKER_ID = 1;
    uint8 internal constant OPTION_TYPE_LZRECEIVE = 1;
    uint16 internal constant OPTION_LZRECEIVE_PARAMS_SIZE = 17; // type(1) + gas(16)

    /// @dev The base gas limit for each endpoint.
    mapping(uint32 eid => uint128 gasLimit) public gasLimits;

    /// @notice Event emitted when the gas limit is set for a given endpoint.
    /// @param eid The LayerZero endpoint ID.
    /// @param gasLimit The base gas limit for the destination endpoint.
    event GasLimitSet(uint32 eid, uint128 gasLimit);

    /// @notice Error message for when the gas limit is not set for a given endpoint.
    /// @dev Zero gas limit is considered not set.
    error MessagingOptions_ZeroGasLimit();

    /// @notice Sets the base gas limit for a specific endpoint.  Sending a LayerZero message takes some constant amount
    /// of base gas regardless of the number of credits being sent in a particular message.  This function allows the
    /// CreditMessaging OApp to set the base gas limit.
    /// @param _eid The LayerZero endpoint ID.
    /// @param _gasLimit The base gas limit for the destination endpoint.
    function setGasLimit(uint32 _eid, uint128 _gasLimit) external onlyOwner {
        gasLimits[_eid] = _gasLimit;
        emit GasLimitSet(_eid, _gasLimit);
    }

    /// @notice Build the options for a credit messaging transaction.
    /// @param _eid The LayerZero endpoint ID.
    /// @param _totalCreditNum The total number of credits being sent in the message.
    /// @return options The options for the message.
    /// @dev The options are built by appending the lzReceive option to the enforced options for the given endpoint.
    function _buildOptions(uint32 _eid, uint128 _totalCreditNum) internal view returns (bytes memory options) {
        uint128 gasLimit = _safeGetGasLimit(_eid) * _totalCreditNum;
        options = enforcedOptions[_eid][MSG_TYPE_CREDIT_MESSAGING];

        // append lzReceive option
        options = options.length == 0
            ? abi.encodePacked(
                OPTION_TYPE_3,
                EXECUTOR_WORKER_ID,
                OPTION_LZRECEIVE_PARAMS_SIZE,
                OPTION_TYPE_LZRECEIVE,
                gasLimit
            )
            : abi.encodePacked(
                options,
                EXECUTOR_WORKER_ID,
                OPTION_LZRECEIVE_PARAMS_SIZE,
                OPTION_TYPE_LZRECEIVE,
                gasLimit
            );
    }

    /// @notice Safely retrieves the base gas limit for a given endpoint.  The base gas limit is the constant amount of
    /// gas required to send a message to the endpoint, regardless of the number of credits being sent.
    /// @param _eid The LayerZero endpoint ID.
    /// @return gasLimit The gas limit for the destination endpoint.
    /// @dev If the gas limit is not set, this function will revert.
    function _safeGetGasLimit(uint32 _eid) private view returns (uint128 gasLimit) {
        gasLimit = gasLimits[_eid];
        if (gasLimit == 0) revert MessagingOptions_ZeroGasLimit();
    }
}

File 89 of 159 : MessagingBase.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { OApp, Origin } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/OApp.sol";
import { OAppPreCrimeSimulator } from "@layerzerolabs/lz-evm-oapp-v2/contracts/precrime/OAppPreCrimeSimulator.sol";

abstract contract MessagingBase is OApp, OAppPreCrimeSimulator {
    // max asset id, for the off-chain to get the range of asset id and get the list of stargate impls
    uint16 public maxAssetId;
    mapping(address stargateImpl => uint16 assetId) public assetIds;
    mapping(uint16 assetId => address stargateImpl) public stargateImpls;

    address public planner;

    event AssetIdSet(address stargateImpl, uint16 assetId);
    event MaxAssetIdSet(uint16 maxAssetId);
    event PlannerSet(address planner);

    error Messaging_Unauthorized();
    error Messaging_Unavailable();
    error Messaging_InvalidAssetId();

    modifier onlyPlanner() {
        if (msg.sender != planner) revert Messaging_Unauthorized();
        _;
    }

    constructor(address _endpoint, address _owner) OApp(_endpoint, _owner) {}

    // ---------------------------------- Only Owner ------------------------------------------

    function setAssetId(address _stargateImpl, uint16 _assetId) external onlyOwner {
        if (_assetId == 0) revert Messaging_InvalidAssetId();
        if (_assetId > maxAssetId) {
            maxAssetId = _assetId;
            emit MaxAssetIdSet(_assetId);
        }

        // clean up the old stargate
        uint16 oldAssetId = assetIds[_stargateImpl];
        address oldStargateImpl = stargateImpls[_assetId];
        if (oldAssetId != 0) delete stargateImpls[oldAssetId];
        if (oldStargateImpl != address(0)) delete assetIds[oldStargateImpl];

        // if stargateImpl is address(0) then delete stargateImpls[_assetId]
        if (_stargateImpl == address(0)) {
            delete stargateImpls[_assetId];
        } else {
            // set the new stargate
            assetIds[_stargateImpl] = _assetId;
            stargateImpls[_assetId] = _stargateImpl;
        }
        emit AssetIdSet(_stargateImpl, _assetId);
    }

    /// @dev Update the max asset id manually if it is not set correctly
    function setMaxAssetId(uint16 _maxAssetId) external onlyOwner {
        maxAssetId = _maxAssetId;
        emit MaxAssetIdSet(_maxAssetId);
    }

    function setPlanner(address _planner) external onlyOwner {
        planner = _planner;
        emit PlannerSet(_planner);
    }

    // ---------------------------------- Internal Functions ------------------------------------------

    function _safeGetStargateImpl(uint16 _assetId) internal view returns (address stargate) {
        stargate = stargateImpls[_assetId];
        if (stargate == address(0)) revert Messaging_Unavailable();
    }

    function _safeGetAssetId(address _stargateImpl) internal view returns (uint16 assetId) {
        assetId = assetIds[_stargateImpl];
        if (assetId == 0) revert Messaging_Unavailable();
    }

    /// @dev Lz token is payed in the stargate contract and do nothing here.
    /// Function meant to be overridden
    // solhint-disable-next-line no-empty-blocks
    function _payLzToken(uint256 /*_lzTokenFee*/) internal pure override {}

    // ---------------------------------- PreCrime Functions ------------------------------------------
    function _lzReceiveSimulate(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address _executor,
        bytes calldata _extraData
    ) internal override {
        _lzReceive(_origin, _guid, _message, _executor, _extraData);
    }

    function isPeer(uint32 _eid, bytes32 _peer) public view override returns (bool) {
        return _peer == peers[_eid];
    }
}

File 90 of 159 : TokenMessaging.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { MessagingReceipt, MessagingFee } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/interfaces/IOFT.sol";

import { ITokenMessaging, TaxiParams, RideBusParams, Ticket } from "../interfaces/ITokenMessaging.sol";
import { ITokenMessagingHandler } from "../interfaces/ITokenMessagingHandler.sol";
import { BusQueue, BusLib, Bus, BusPassenger, BusCodec } from "../libs/Bus.sol";
import { Transfer } from "../libs/Transfer.sol";
import { TokenMessagingOptions } from "./TokenMessagingOptions.sol";
import { MessagingBase, Origin } from "./MessagingBase.sol";
import { TaxiCodec } from "../libs/TaxiCodec.sol";
import { AddressCast } from "../libs/AddressCast.sol";

contract TokenMessaging is Transfer, MessagingBase, TokenMessagingOptions, ITokenMessaging {
    /// @dev The maximum number of passengers is queueCapacity - 1 to avoid overwriting the hash root.
    /// @dev queueCapacity *must* be a divisor of 2e16.
    uint16 public immutable queueCapacity;
    uint32 internal immutable localEid;

    mapping(uint32 dstEid => BusQueue queue) public busQueues;
    mapping(uint32 dstEid => uint128 nativeDropAmount) public nativeDropAmounts;

    event FaresSet(uint32 dstEid, uint80 busFare, uint80 busAndNativeDropFare);
    event NativeDropAmountSet(uint32 dstEid, uint128 nativeDropAmount);
    event MaxNumPassengersSet(uint32 dstEid, uint8 maxNumPassengers);
    event NativeDropApplied(address receiver, uint128 amount);
    event NativeDropFailed(address receiver, uint128 amount);
    event BusQueueStorageInitialized(uint32 dstEid, uint16 startSlot, uint16 endSlot);

    error Messaging_InvalidEid();
    error Messaging_InvalidQueueCapacity();
    error Messaging_InvalidMsgValue();
    error Messaging_MaxNumPassengersExceedsQueueCapacity();
    error Messaging_NotEnoughPassengers();

    /// @param _queueCapacity The maximum number of passengers that can be accommodated in the bus queue.  Must be a divisor of 2e16.
    constructor(address _endpoint, address _owner, uint16 _queueCapacity) MessagingBase(_endpoint, _owner) {
        if (_queueCapacity < 2) revert Messaging_InvalidQueueCapacity(); // queue capacity must be at least 2
        queueCapacity = _queueCapacity;
        localEid = endpoint.eid();
    }

    // ---------------------------------- Only Owner ------------------------------------------

    function setMaxNumPassengers(uint32 _dstEid, uint8 _maxNumPassengers) external onlyOwner {
        if (_maxNumPassengers >= queueCapacity) revert Messaging_MaxNumPassengersExceedsQueueCapacity();
        busQueues[_dstEid].setMaxNumPassengers(_maxNumPassengers);
        emit MaxNumPassengersSet(_dstEid, _maxNumPassengers);
    }

    function setNativeDropAmount(uint32 _dstEid, uint128 _nativeDropAmount) external onlyOwner {
        nativeDropAmounts[_dstEid] = _nativeDropAmount;
        emit NativeDropAmountSet(_dstEid, _nativeDropAmount);
    }

    /// @notice Initialize the queue storage to pay the storage costs upfront
    /// @dev Emits BusQueueStorageInitialized per queue initialized
    /// @param _dstEids The endpoint IDs of the busQueues to initialize
    /// @param _startSlot The first slot to initialize (inclusive)
    /// @param _endSlot The last slot to initialize (inclusive)
    function initializeBusQueueStorage(
        uint32[] calldata _dstEids,
        uint16 _startSlot,
        uint16 _endSlot
    ) external onlyOwner {
        for (uint256 i = 0; i < _dstEids.length; i++) {
            BusQueue storage queue = busQueues[_dstEids[i]];

            if (queue.nextTicketId + queue.qLength > queueCapacity) continue; // whole buffer already used
            uint16 lastTicketId = uint16(queue.nextTicketId + queue.qLength);

            // only initialize unused slots
            uint16 startSlot = _startSlot >= lastTicketId ? _startSlot : lastTicketId;
            // storage slots go from 0 to queueCapacity - 1
            uint16 endSlot = _endSlot >= queueCapacity - 1 ? queueCapacity - 1 : _endSlot;

            // use a non-zero value to initialize storage between [startSlot, endSlot], both inclusive
            for (uint16 slot = startSlot; slot <= endSlot; slot++) {
                queue.hashChain[slot] = bytes32("F");
            }
            emit BusQueueStorageInitialized(_dstEids[i], startSlot, endSlot);
        }
    }

    // ---------------------------------- Planner ------------------------------------------

    function quoteFares(
        uint32 _dstEid,
        uint8 _numPassengers
    ) external view returns (uint256 busFare, uint256 busAndNativeDropFare) {
        if (_numPassengers == 0) revert Messaging_NotEnoughPassengers();
        bytes memory mockPassengersBytes = new bytes(uint256(_numPassengers) * PASSENGER_SIZE);
        bytes memory message = BusCodec.encodeBus(0, 0, mockPassengersBytes);

        // Retrieve the LZ quote based on the busFare and NO native drop
        bytes memory optionsBusFare = _buildOptionsForDriveBus(_dstEid, _numPassengers, 0, 0);
        busFare = _quote(_dstEid, message, optionsBusFare, false).nativeFee / _numPassengers;

        // Retrieve the LZ quote based on the busFare and nativeDrop option
        bytes memory optionsBusAndNativeDropFare = _buildOptionsForDriveBus(
            _dstEid,
            _numPassengers,
            _numPassengers, // Assume every rider in this case is using nativeDrop
            nativeDropAmounts[_dstEid]
        );
        busAndNativeDropFare = _quote(_dstEid, message, optionsBusAndNativeDropFare, false).nativeFee / _numPassengers;
    }

    // The '_busAndNativeDropFare' is the cost for riding the bus AND the native drop
    function setFares(uint32 _dstEid, uint80 _busFare, uint80 _busAndNativeDropFare) external onlyPlanner {
        // If the planner sets the bus fare with the localEid, users can ride the bus to the local endpoint,
        // but the bus will never be driven.
        if (_dstEid == localEid) revert Messaging_InvalidEid();
        busQueues[_dstEid].setFares(_busFare, _busAndNativeDropFare);
        emit FaresSet(_dstEid, _busFare, _busAndNativeDropFare);
    }

    // ---------------------------------- Taxi ------------------------------------------

    function quoteTaxi(
        TaxiParams calldata _params,
        bool _payInLzToken
    ) external view returns (MessagingFee memory fee) {
        (bytes memory message, bytes memory options) = _encodeMessageAndOptionsForTaxi(_params);
        fee = _quote(_params.dstEid, message, options, _payInLzToken);
    }

    function taxi(
        TaxiParams calldata _params,
        MessagingFee calldata _messagingFee,
        address _refundAddress
    ) external payable returns (MessagingReceipt memory receipt) {
        (bytes memory message, bytes memory options) = _encodeMessageAndOptionsForTaxi(_params);
        receipt = _lzSend(_params.dstEid, message, options, _messagingFee, _refundAddress);
    }

    function _encodeMessageAndOptionsForTaxi(
        TaxiParams calldata _params
    ) internal view returns (bytes memory message, bytes memory options) {
        uint16 assetId = _safeGetAssetId(msg.sender);
        message = TaxiCodec.encodeTaxi(_params.sender, assetId, _params.receiver, _params.amountSD, _params.composeMsg);
        options = _buildOptionsForTaxi(_params.dstEid, _params.extraOptions);
    }

    // ---------------------------------- RideBus ------------------------------------------

    function quoteRideBus(uint32 _dstEid, bool _airdrop) external view returns (MessagingFee memory fee) {
        fee.nativeFee = busQueues[_dstEid].safeGetFare(_airdrop);
    }

    function rideBus(
        RideBusParams calldata _params
    ) external returns (MessagingReceipt memory receipt, Ticket memory ticket) {
        // step 1: check the msg.sender is the stargate by getting the assetId.  This acts as a form of access control,
        // as the function will revert if the msg.sender is not a stargate.
        uint16 assetId = _safeGetAssetId(msg.sender);

        // step 2: ride the bus and get the encoded passenger bytes etc.
        uint32 dstEid = _params.dstEid;
        (uint72 ticketId, bytes memory passengerBytes, uint256 fare) = busQueues[dstEid].ride(
            queueCapacity,
            dstEid,
            BusPassenger({
                assetId: assetId,
                receiver: _params.receiver,
                amountSD: _params.amountSD,
                nativeDrop: _params.nativeDrop
            })
        );

        // step 3: create the 'Ticket' which acts like a 'receipt' for the passenger
        ticket = Ticket(ticketId, passengerBytes);

        // step 4: refund any excess fare passed
        receipt.fee.nativeFee = fare;
    }

    function getPassengerHash(uint32 _dstEid, uint16 _index) external view returns (bytes32 hash) {
        hash = busQueues[_dstEid].hashChain[_index];
    }

    // ---------------------------------- Bus ------------------------------------------

    function quoteDriveBus(uint32 _dstEid, bytes calldata _passengers) external view returns (MessagingFee memory fee) {
        // Step 1: check the tickets
        Bus memory bus = busQueues[_dstEid].checkTickets(queueCapacity, _passengers);

        // Step 2: generate the lzMsg and lzOptions
        (bytes memory message, bytes memory options) = _encodeMessageAndOptionsForDriveBus(_dstEid, bus);

        // Step 3: quote the fee
        fee = _quote(_dstEid, message, options, false);
    }

    /// @dev Anyone can drive the bus with all or partial of the passengers
    function driveBus(
        uint32 _dstEid,
        bytes calldata _passengers
    ) external payable returns (MessagingReceipt memory receipt) {
        // Step 1: check the tickets and drive
        Bus memory bus = busQueues[_dstEid].checkTicketsAndDrive(queueCapacity, _passengers);

        // Step 2: generate the lzMsg and lzOptions
        (bytes memory message, bytes memory options) = _encodeMessageAndOptionsForDriveBus(_dstEid, bus);

        // Step 3: send the message through LZ
        receipt = _lzSend(_dstEid, message, options, MessagingFee(msg.value, 0), msg.sender);

        // Step 4: emit the bus driven event with the guid
        emit BusLib.BusDriven(_dstEid, bus.startTicketId, bus.numPassengers, receipt.guid);
    }

    function _encodeMessageAndOptionsForDriveBus(
        uint32 _dstEid,
        Bus memory _bus
    ) internal view returns (bytes memory message, bytes memory options) {
        // In the event that nativeDropAmount is zero, the transfer is skipped in _lzReceiveBus(...) on destination.
        uint128 nativeDropAmount = nativeDropAmounts[_dstEid];
        message = BusCodec.encodeBus(_bus.totalNativeDrops, nativeDropAmount, _bus.passengersBytes);
        options = _buildOptionsForDriveBus(_dstEid, _bus.numPassengers, _bus.totalNativeDrops, nativeDropAmount);
    }

    // ---------------------------------- OApp Functions ------------------------------------------

    function _lzReceive(
        Origin calldata _origin,
        bytes32 _guid,
        bytes calldata _message,
        address /*_executor*/,
        bytes calldata /*_extraData*/
    ) internal override {
        if (BusCodec.isBus(_message)) {
            _lzReceiveBus(_origin, _guid, _message);
        } else {
            _lzReceiveTaxi(_origin, _guid, _message);
        }
    }

    function _lzReceiveBus(Origin calldata _origin, bytes32 _guid, bytes calldata _busBytes) internal {
        (uint128 totalNativeDrops, uint128 nativeDropAmount, BusPassenger[] memory passengers) = BusCodec.decodeBus(
            _busBytes
        );
        if (totalNativeDrops > 0 && msg.value != (totalNativeDrops * nativeDropAmount))
            revert Messaging_InvalidMsgValue();

        uint256 nativeDropAmountLeft = msg.value;

        for (uint8 seatNumber = 0; seatNumber < passengers.length; seatNumber++) {
            BusPassenger memory passenger = passengers[seatNumber];
            address stargate = _safeGetStargateImpl(passenger.assetId);
            address receiver = AddressCast.toAddress(passenger.receiver);

            if (nativeDropAmount > 0 && passenger.nativeDrop) {
                // limit the native token transfer.
                // if it fails, the token drop will be considered failed and the receiver will not receive the token
                // if the receiver is a contract with custom receive function, this might OOG
                if (Transfer.transferNative(receiver, nativeDropAmount, true)) {
                    unchecked {
                        nativeDropAmountLeft -= nativeDropAmount;
                    }
                    emit NativeDropApplied(receiver, nativeDropAmount);
                } else {
                    emit NativeDropFailed(receiver, nativeDropAmount);
                }
            }

            ITokenMessagingHandler(stargate).receiveTokenBus(_origin, _guid, seatNumber, receiver, passenger.amountSD);
        }

        // refund the remaining native token to the planner without a gas limit
        if (nativeDropAmountLeft > 0) Transfer.safeTransferNative(planner, nativeDropAmountLeft, false);
    }

    function _lzReceiveTaxi(Origin calldata _origin, bytes32 _guid, bytes calldata _taxiBytes) internal {
        (uint16 assetId, bytes32 receiverBytes32, uint64 amountSD, bytes memory composeMsg) = TaxiCodec.decodeTaxi(
            _taxiBytes
        );
        address receiver = AddressCast.toAddress(receiverBytes32);

        address stargate = _safeGetStargateImpl(assetId);

        ITokenMessagingHandler(stargate).receiveTokenTaxi(_origin, _guid, receiver, amountSD, composeMsg);
    }

    /// @dev The native coin is already checked in the stargate contract and transferred to this contract
    function _payNative(uint256 _nativeFee) internal pure override returns (uint256 nativeFee) {
        nativeFee = _nativeFee;
    }

    function isComposeMsgSender(
        Origin calldata /*_origin*/,
        bytes calldata _message,
        address _sender
    ) public view override returns (bool) {
        // only compose msgs can come from taxi, so if its not a taxi its false
        if (TaxiCodec.isTaxi(_message)) {
            (uint16 assetId, , , ) = TaxiCodec.decodeTaxi(_message);
            if (stargateImpls[assetId] == _sender) return true;
        }
        return false;
    }
}

File 91 of 159 : TokenMessagingOptions.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";

import { OAppOptionsType3 } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/libs/OAppOptionsType3.sol";

struct GasLimit {
    uint128 gasLimit;
    uint128 nativeDropGasLimit;
}

contract TokenMessagingOptions is OAppOptionsType3 {
    uint8 public constant MSG_TYPE_TAXI = 1;
    uint8 public constant MSG_TYPE_BUS = 2;

    uint8 internal constant EXECUTOR_WORKER_ID = 1;
    uint8 internal constant OPTION_TYPE_LZRECEIVE = 1;
    uint16 internal constant OPTION_LZRECEIVE_BASE_PARAMS_SIZE = 17; // type(1) + gas(16)
    uint16 internal constant OPTION_LZRECEIVE_PARAMS_SIZE = 33; // type(1) + gas(16) + value(16)

    uint256 internal constant PASSENGER_SIZE = 43;

    mapping(uint32 eid => GasLimit gasLimit) public gasLimits;

    event GasLimitSet(uint32 eid, uint128 gasLimit, uint128 nativeDropGasLimit);

    error MessagingOptions_ZeroGasLimit();

    function setGasLimit(uint32 _eid, uint128 _gasLimit, uint128 _nativeDropGasLimit) external onlyOwner {
        gasLimits[_eid] = GasLimit(_gasLimit, _nativeDropGasLimit);
        emit GasLimitSet(_eid, _gasLimit, _nativeDropGasLimit);
    }

    function _buildOptionsForTaxi(
        uint32 _eid,
        bytes calldata _extraOptions
    ) internal view returns (bytes memory options) {
        options = combineOptions(_eid, MSG_TYPE_TAXI, _extraOptions);
    }

    function _buildOptionsForDriveBus(
        uint32 _eid,
        uint8 _numPassengers,
        uint256 _totalNativeDrops,
        uint128 _nativeDropAmount
    ) internal view returns (bytes memory options) {
        // determine the gasLimit for delivering N passengers
        (uint128 gasLimit, uint128 nativeDropGasLimit) = _safeGetGasLimit(_eid);
        uint128 totalGas = SafeCast.toUint128(uint256(gasLimit) * _numPassengers);

        // calculate the total amount of native to drop
        uint128 totalNativeDropAmount = SafeCast.toUint128(_totalNativeDrops * _nativeDropAmount);

        // append the extraGas that is needed to distribute the _nativeDropAmount amongst the passengers with a drop
        if (totalNativeDropAmount > 0) totalGas += SafeCast.toUint128(nativeDropGasLimit * _totalNativeDrops);

        // generate the lzReceive options
        bytes memory lzReceiveOptions = totalNativeDropAmount > 0
            ? abi.encodePacked(
                EXECUTOR_WORKER_ID,
                OPTION_LZRECEIVE_PARAMS_SIZE,
                OPTION_TYPE_LZRECEIVE,
                totalGas,
                totalNativeDropAmount
            )
            : abi.encodePacked(EXECUTOR_WORKER_ID, OPTION_LZRECEIVE_BASE_PARAMS_SIZE, OPTION_TYPE_LZRECEIVE, totalGas);

        // if enforced options are present, concat them
        bytes memory enforced = enforcedOptions[_eid][MSG_TYPE_BUS];
        if (enforced.length >= 2) {
            options = abi.encodePacked(enforced, lzReceiveOptions);
        } else {
            options = abi.encodePacked(OPTION_TYPE_3, lzReceiveOptions);
        }
    }

    function _safeGetGasLimit(uint32 _eid) private view returns (uint128 gasLimit, uint128 nativeDropGasLimit) {
        GasLimit memory g = gasLimits[_eid];
        gasLimit = g.gasLimit;
        nativeDropGasLimit = g.nativeDropGasLimit;
        // dont require setting nativeDropGasLimit
        if (gasLimit == 0) revert MessagingOptions_ZeroGasLimit();
    }
}

File 92 of 159 : BlacklistableMock.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.22;

import { Blacklistable } from "../../src/usdc/impl/v1/Blacklistable.sol";

/// @title Blacklistable mock.
/// @dev A mock Blacklistable implementation, used for testing only.
contract BlacklistableMock is Blacklistable {
    constructor() {
        blacklister = msg.sender;
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _blacklist(address _account) internal override {
        _setBlacklistState(_account, true);
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _unBlacklist(address _account) internal override {
        _setBlacklistState(_account, false);
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _isBlacklisted(address _account) internal view virtual override returns (bool) {
        return _deprecatedBlacklisted[_account];
    }

    /**
     * @dev Helper method that sets the blacklist state of an account.
     * @param _account         The address of the account.
     * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted.
     */
    function _setBlacklistState(address _account, bool _shouldBlacklist) internal virtual {
        _deprecatedBlacklisted[_account] = _shouldBlacklist;
    }
}

File 93 of 159 : ERC20Token.sol
// SPDX-License-Identifier: BUSL-1.1

pragma solidity ^0.8.0;

import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";

/// @title ERC20 token mock.
/// @dev A generic ERC20 token mock that can mint and burn tokens, used for testing only.
contract ERC20Token is ERC20 {
    uint8 internal _decimals;

    constructor(string memory name_, string memory symbol_, uint8 decimals_) ERC20(name_, symbol_) {
        _mint(msg.sender, 10000 ether);
        _decimals = decimals_;
    }

    function mint(address to, uint256 amount) public virtual {
        _mint(to, amount);
    }

    function burn(uint256 amount) public virtual {
        _burn(_msgSender(), amount);
    }

    function burnFrom(address account, uint256 amount) public virtual {
        _spendAllowance(account, _msgSender(), amount);
        _burn(account, amount);
    }

    function approve(address spender, uint256 amount) public override returns (bool) {
        if (amount != 0 && allowance(msg.sender, spender) != 0) {
            return false;
        } else {
            return super.approve(spender, amount);
        }
    }

    function decimals() public view override returns (uint8) {
        return _decimals;
    }
}

File 94 of 159 : FeeLibMock.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IStargateFeeLib, FeeParams } from "../../src/interfaces/IStargateFeeLib.sol";

/// @title FeeLibMock mock.
/// @dev Mock IStargateFeeLib implementation, used for testing only.
contract FeeLibMock is IStargateFeeLib {
    function applyFee(FeeParams calldata _params) external pure returns (uint64 amountOutSD) {
        amountOutSD = _params.amountInSD;
    }

    function applyFeeView(FeeParams calldata _params) external pure returns (uint64 amountOutSD) {
        amountOutSD = _params.amountInSD;
    }
}

File 95 of 159 : PoolToken.sol
// SPDX-License-Identifier: BUSL-1.1

pragma solidity ^0.8.0;

import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

/// @title Pool token mock.
/// @dev This is a mock and should not be used in production.
contract PoolToken is ERC20, Ownable {
    error PoolToken_MintCapExceeded();

    uint256 public immutable MINT_CAP_AMOUNT;

    constructor(string memory _name, string memory _symbol) ERC20(_name, _symbol) {
        MINT_CAP_AMOUNT = 1000 * 10 ** decimals();
        _mint(msg.sender, 100_000_000_000 * 10 ** decimals());
    }

    // remember this is a MOCK token - public mint is useful!
    function mint(address _to, uint256 _qty) public {
        if (_qty > MINT_CAP_AMOUNT && msg.sender != owner()) {
            revert PoolToken_MintCapExceeded();
        }
        _mint(_to, _qty);
    }

    // burn tokens from the caller
    function burn(uint256 _amount) public virtual {
        _burn(_msgSender(), _amount);
    }

    // burn tokens from the account (caller must have allowance)
    function burnFrom(address _account, uint256 _amount) public virtual {
        _spendAllowance(_account, _msgSender(), _amount);
        _burn(_account, _amount);
    }
}

File 96 of 159 : USDC.sol
// SPDX-License-Identifier: BUSL-1.1

pragma solidity ^0.8.0;

import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { IBridgedUSDCMinter } from "../interfaces/IBridgedUSDCMinter.sol";

/// @title USDC token mock.
/// @dev This is a mock and should not be used in production.
contract USDC is ERC20, Ownable, IBridgedUSDCMinter {
    // @dev This is a mock and is missing a lot of the actual USDC contract functionality
    constructor(string memory _name, string memory _symbol) ERC20(_name, _symbol) {}

    function mint(address _to, uint256 _qty) public override onlyOwner returns (bool) {
        _mint(_to, _qty);
        return true;
    }

    function burn(uint256 _amount) public override {
        _burn(_msgSender(), _amount);
    }
}

File 97 of 159 : USDT.sol
// SPDX-License-Identifier: UNLICENSED

pragma solidity ^0.8.0;

import { OFTTokenERC20 } from "../utils/OFTTokenERC20.sol";

/// @title USDT token mock.
/// @dev This is a mock and should not be used in production.
contract USDT is OFTTokenERC20 {
    constructor() OFTTokenERC20("USDT", "USDT", 18) {}
}

File 98 of 159 : WETH.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";

/// @title Wrapped Ether token mock.
/// @dev This is a mock and should not be used in production.
contract WETH is ERC20 {
    constructor() ERC20("Wrapped Ether", "WETH") {}

    function deposit() external payable {
        _mint(msg.sender, msg.value);
    }

    function withdraw(uint256 amount) external {
        _burn(msg.sender, amount);
        payable(msg.sender).transfer(amount);
    }

    receive() external payable {}
}

File 99 of 159 : INativeOFT.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

interface INativeOFT {
    function deposit() external payable;
}

File 100 of 159 : IOFTWrapper.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

import { IOFTV2 } from "@layerzerolabs/solidity-examples/contracts/token/oft/v2/interfaces/IOFTV2.sol";

interface IOFTWrapper {
    event DefaultBpsSet(uint256 bps);
    event OFTBpsSet(address indexed token, uint256 bps);
    event WrapperFees(bytes2 indexed partnerId, address token, uint256 wrapperFee, uint256 callerFee);
    event WrapperFeeWithdrawn(address indexed oft, address to, uint256 amount);

    struct FeeObj {
        uint256 callerBps;
        address caller;
        bytes2 partnerId;
    }

    function sendOFT(
        address _oft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint _amount,
        uint256 _minAmount,
        address payable _refundAddress,
        address _zroPaymentAddress,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendProxyOFT(
        address _proxyOft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        address payable _refundAddress,
        address _zroPaymentAddress,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendNativeOFT(
        address _nativeOft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint _amount,
        uint256 _minAmount,
        address payable _refundAddress,
        address _zroPaymentAddress,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendOFTV2(
        address _oft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendOFTFeeV2(
        address _oft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendProxyOFTV2(
        address _proxyOft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendProxyOFTFeeV2(
        address _proxyOft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable;

    function sendNativeOFTFeeV2(
        address _nativeOft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable;

    function getAmountAndFees(
        address _oft,
        uint256 _amount,
        uint256 _callerBps
    ) external view returns (uint256 amount, uint256 wrapperFee, uint256 callerFee);

    function estimateSendFee(
        address _oft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint _amount,
        bool _useZro,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external view returns (uint nativeFee, uint zroFee);

    function estimateSendFeeV2(
        address _oft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint _amount,
        bool _useZro,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external view returns (uint nativeFee, uint zroFee);
}

File 101 of 159 : OFTWrapper.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

import { ReentrancyGuard } from "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import { IOFTV2 } from "@layerzerolabs/solidity-examples/contracts/token/oft/v2/interfaces/IOFTV2.sol";
import { IOFTWithFee } from "@layerzerolabs/solidity-examples/contracts/token/oft/v2/fee/IOFTWithFee.sol";
import { IOFT } from "@layerzerolabs/solidity-examples/contracts/token/oft/v1/interfaces/IOFT.sol";
import { IOFTWrapper } from "./interfaces/IOFTWrapper.sol";
import { INativeOFT } from "./interfaces/INativeOFT.sol";

contract OFTWrapper is IOFTWrapper, Ownable, ReentrancyGuard {
    using SafeERC20 for IOFT;

    uint256 public constant BPS_DENOMINATOR = 10000;
    uint256 public constant MAX_UINT = 2 ** 256 - 1; // indicates a bp fee of 0 that overrides the default bps

    uint256 public defaultBps;
    mapping(address => uint256) public oftBps;

    constructor(uint256 _defaultBps) {
        require(_defaultBps < BPS_DENOMINATOR, "OFTWrapper: defaultBps >= 100%");
        defaultBps = _defaultBps;
    }

    function setDefaultBps(uint256 _defaultBps) external onlyOwner {
        require(_defaultBps < BPS_DENOMINATOR, "OFTWrapper: defaultBps >= 100%");
        defaultBps = _defaultBps;
        emit DefaultBpsSet(_defaultBps);
    }

    function setOFTBps(address _token, uint256 _bps) external onlyOwner {
        require(_bps < BPS_DENOMINATOR || _bps == MAX_UINT, "OFTWrapper: oftBps[_oft] >= 100%");
        oftBps[_token] = _bps;
        emit OFTBpsSet(_token, _bps);
    }

    function withdrawFees(address _oft, address _to, uint256 _amount) external onlyOwner {
        IOFT(_oft).safeTransfer(_to, _amount);
        emit WrapperFeeWithdrawn(_oft, _to, _amount);
    }

    function sendOFT(
        address _oft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        address payable _refundAddress,
        address _zroPaymentAddress,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        uint256 amountToSwap = _getAmountAndPayFee(_oft, _amount, _minAmount, _feeObj);
        IOFT(_oft).sendFrom{ value: msg.value }(
            msg.sender,
            _dstChainId,
            _toAddress,
            amountToSwap,
            _refundAddress,
            _zroPaymentAddress,
            _adapterParams
        );
    }

    function sendProxyOFT(
        address _proxyOft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        address payable _refundAddress,
        address _zroPaymentAddress,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        address token = IOFTV2(_proxyOft).token();
        {
            uint256 amountToSwap = _getAmountAndPayFeeProxy(token, _amount, _minAmount, _feeObj);

            // approve proxy to spend tokens
            IOFT(token).safeApprove(_proxyOft, amountToSwap);
            IOFT(_proxyOft).sendFrom{ value: msg.value }(
                address(this),
                _dstChainId,
                _toAddress,
                amountToSwap,
                _refundAddress,
                _zroPaymentAddress,
                _adapterParams
            );
        }

        // reset allowance if sendFrom() does not consume full amount
        if (IOFT(token).allowance(address(this), _proxyOft) > 0) IOFT(token).safeApprove(_proxyOft, 0);
    }

    function sendNativeOFT(
        address _nativeOft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint _amount,
        uint256 _minAmount,
        address payable _refundAddress,
        address _zroPaymentAddress,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        require(msg.value >= _amount, "OFTWrapper: not enough value sent");

        INativeOFT(_nativeOft).deposit{ value: _amount }();
        uint256 amountToSwap = _getAmountAndPayFeeNative(_nativeOft, _amount, _minAmount, _feeObj);
        IOFT(_nativeOft).sendFrom{ value: msg.value - _amount }(
            address(this),
            _dstChainId,
            _toAddress,
            amountToSwap,
            _refundAddress,
            _zroPaymentAddress,
            _adapterParams
        );
    }

    function sendOFTV2(
        address _oft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        uint256 amountToSwap = _getAmountAndPayFee(_oft, _amount, _minAmount, _feeObj);
        IOFTV2(_oft).sendFrom{ value: msg.value }(msg.sender, _dstChainId, _toAddress, amountToSwap, _callParams);
    }

    function sendOFTFeeV2(
        address _oft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        uint256 amountToSwap = _getAmountAndPayFee(_oft, _amount, _minAmount, _feeObj);
        IOFTWithFee(_oft).sendFrom{ value: msg.value }(
            msg.sender,
            _dstChainId,
            _toAddress,
            amountToSwap,
            _minAmount,
            _callParams
        );
    }

    function sendProxyOFTV2(
        address _proxyOft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        address token = IOFTV2(_proxyOft).token();
        uint256 amountToSwap = _getAmountAndPayFeeProxy(token, _amount, _minAmount, _feeObj);

        // approve proxy to spend tokens
        IOFT(token).safeApprove(_proxyOft, amountToSwap);
        IOFTV2(_proxyOft).sendFrom{ value: msg.value }(
            address(this),
            _dstChainId,
            _toAddress,
            amountToSwap,
            _callParams
        );

        // reset allowance if sendFrom() does not consume full amount
        if (IOFT(token).allowance(address(this), _proxyOft) > 0) IOFT(token).safeApprove(_proxyOft, 0);
    }

    function sendProxyOFTFeeV2(
        address _proxyOft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint256 _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        address token = IOFTV2(_proxyOft).token();
        uint256 amountToSwap = _getAmountAndPayFeeProxy(token, _amount, _minAmount, _feeObj);

        // approve proxy to spend tokens
        IOFT(token).safeApprove(_proxyOft, amountToSwap);
        IOFTWithFee(_proxyOft).sendFrom{ value: msg.value }(
            address(this),
            _dstChainId,
            _toAddress,
            amountToSwap,
            _minAmount,
            _callParams
        );

        // reset allowance if sendFrom() does not consume full amount
        if (IOFT(token).allowance(address(this), _proxyOft) > 0) IOFT(token).safeApprove(_proxyOft, 0);
    }

    function sendNativeOFTFeeV2(
        address _nativeOft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint _amount,
        uint256 _minAmount,
        IOFTV2.LzCallParams calldata _callParams,
        FeeObj calldata _feeObj
    ) external payable nonReentrant {
        require(msg.value >= _amount, "OFTWrapper: not enough value sent");

        INativeOFT(_nativeOft).deposit{ value: _amount }();
        uint256 amountToSwap = _getAmountAndPayFeeNative(_nativeOft, _amount, _minAmount, _feeObj);
        IOFTWithFee(_nativeOft).sendFrom{ value: msg.value - _amount }(
            address(this),
            _dstChainId,
            _toAddress,
            amountToSwap,
            _minAmount,
            _callParams
        );
    }

    function _getAmountAndPayFeeProxy(
        address _token,
        uint256 _amount,
        uint256 _minAmount,
        FeeObj calldata _feeObj
    ) internal returns (uint256) {
        (uint256 amountToSwap, uint256 wrapperFee, uint256 callerFee) = getAmountAndFees(
            _token,
            _amount,
            _feeObj.callerBps
        );
        require(amountToSwap >= _minAmount && amountToSwap > 0, "OFTWrapper: not enough amountToSwap");

        IOFT(_token).safeTransferFrom(msg.sender, address(this), amountToSwap + wrapperFee); // pay wrapper and move proxy tokens to contract
        if (callerFee > 0) IOFT(_token).safeTransferFrom(msg.sender, _feeObj.caller, callerFee); // pay caller

        emit WrapperFees(_feeObj.partnerId, _token, wrapperFee, callerFee);

        return amountToSwap;
    }

    function _getAmountAndPayFee(
        address _token,
        uint256 _amount,
        uint256 _minAmount,
        FeeObj calldata _feeObj
    ) internal returns (uint256) {
        (uint256 amountToSwap, uint256 wrapperFee, uint256 callerFee) = getAmountAndFees(
            _token,
            _amount,
            _feeObj.callerBps
        );
        require(amountToSwap >= _minAmount && amountToSwap > 0, "OFTWrapper: not enough amountToSwap");

        if (wrapperFee > 0) IOFT(_token).safeTransferFrom(msg.sender, address(this), wrapperFee); // pay wrapper
        if (callerFee > 0) IOFT(_token).safeTransferFrom(msg.sender, _feeObj.caller, callerFee); // pay caller

        emit WrapperFees(_feeObj.partnerId, _token, wrapperFee, callerFee);

        return amountToSwap;
    }

    function _getAmountAndPayFeeNative(
        address _nativeOft,
        uint256 _amount,
        uint256 _minAmount,
        FeeObj calldata _feeObj
    ) internal returns (uint256) {
        (uint256 amountToSwap, uint256 wrapperFee, uint256 callerFee) = getAmountAndFees(
            _nativeOft,
            _amount,
            _feeObj.callerBps
        );
        require(amountToSwap >= _minAmount && amountToSwap > 0, "OFTWrapper: not enough amountToSwap");

        // pay fee in NativeOFT token as the caller might not be able to receive ETH
        // wrapper fee is already in the contract after calling NativeOFT.deposit()
        if (callerFee > 0) IOFT(_nativeOft).safeTransfer(_feeObj.caller, callerFee); // pay caller

        emit WrapperFees(_feeObj.partnerId, _nativeOft, wrapperFee, callerFee);

        return amountToSwap;
    }

    function getAmountAndFees(
        address _token, // will be the token on proxies, and the oft on non-proxy
        uint256 _amount,
        uint256 _callerBps
    ) public view override returns (uint256 amount, uint256 wrapperFee, uint256 callerFee) {
        uint256 wrapperBps;

        if (oftBps[_token] == MAX_UINT) {
            wrapperBps = 0;
        } else if (oftBps[_token] > 0) {
            wrapperBps = oftBps[_token];
        } else {
            wrapperBps = defaultBps;
        }

        require(wrapperBps + _callerBps < BPS_DENOMINATOR, "OFTWrapper: Fee bps >= 100%");

        wrapperFee = wrapperBps > 0 ? (_amount * wrapperBps) / BPS_DENOMINATOR : 0;
        callerFee = _callerBps > 0 ? (_amount * _callerBps) / BPS_DENOMINATOR : 0;
        amount = wrapperFee > 0 || callerFee > 0 ? _amount - wrapperFee - callerFee : _amount;
    }

    function estimateSendFee(
        address _oft,
        uint16 _dstChainId,
        bytes calldata _toAddress,
        uint256 _amount,
        bool _useZro,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external view override returns (uint nativeFee, uint zroFee) {
        (uint256 amount, , ) = getAmountAndFees(_oft, _amount, _feeObj.callerBps);

        return IOFT(_oft).estimateSendFee(_dstChainId, _toAddress, amount, _useZro, _adapterParams);
    }

    function estimateSendFeeV2(
        address _oft,
        uint16 _dstChainId,
        bytes32 _toAddress,
        uint256 _amount,
        bool _useZro,
        bytes calldata _adapterParams,
        FeeObj calldata _feeObj
    ) external view override returns (uint nativeFee, uint zroFee) {
        (uint256 amount, , ) = getAmountAndFees(_oft, _amount, _feeObj.callerBps);

        return IOFTV2(_oft).estimateSendFee(_dstChainId, _toAddress, amount, _useZro, _adapterParams);
    }
}

File 102 of 159 : Planner.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { Transfer } from "../libs/Transfer.sol";

/// @title The Planner is responsible for the operational parameters of the bus. This includes adjusting
/// @title capacity, fare and driving the bus, as well as pausing Stargate Contracts.
contract Planner is Transfer {
    struct Call {
        address target; // the contract to call
        bytes data; // the data to call the contract with
        uint256 value; // the value to send with the call
        bool allowFailure; // whether to continue with the remaining calls in case of failure
    }

    struct Result {
        bool success; // whether the call was successful
        bytes returnData; // the data returned to the call
    }

    event Multicalled(Call[] calls, Result[] results);

    error CallFailed(uint256 index, bytes reason);

    /// @notice Make multiple calls using the Planner account.
    /// @dev The Planner role will be associated with this contract; this methods allows making calls as the Planner.
    /// @dev Reverts with CallFailed if a call fails and it has allowFailure = false.
    /// @dev Emits Multicalled with the Calls and Results
    /// @param _calls An array of Calls to execute
    /// @return results An array of Results corresponding to each Call made
    function multicall(Call[] calldata _calls) external payable onlyOwner returns (Result[] memory results) {
        results = new Result[](_calls.length);
        for (uint256 i = 0; i < _calls.length; i++) {
            Call calldata call = _calls[i];
            (bool success, bytes memory data) = call.target.call{ value: call.value }(call.data);
            if (call.allowFailure && !success) revert CallFailed(i, data);
            results[i] = Result(success, data);
        }
        emit Multicalled(_calls, results);
    }

    /// @notice Transfer a token from the Planner account to another account
    /// @param _token Address of the token to transfer
    /// @param _to Account to transfer the token to
    /// @param _amount How many tokens to transfer
    function withdrawFee(address _token, address _to, uint256 _amount) external onlyOwner {
        Transfer.transfer(_token, _to, _amount, false);
    }

    /// @notice Enable receive native on this account.
    receive() external payable {}
}

File 103 of 159 : RebateCampaign.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

/// @dev giving fee rebate prorata based on accumulated scores;
contract RebateCampaign is Ownable {
    uint256 public immutable START_TIME;
    uint256 public immutable END_TIME;
    address public immutable feeLib;
    // todo: add cap and view functions?

    mapping(address payer => uint256 amount) public scores;
    uint256 public sum;

    //
    bool public rewardAdded;
    address public token;
    uint256 public totalRewards;

    error Rebate_Unauthorized();
    error Rebate_RewardAlreadyAdded();
    error Rebate_TooEarly();
    error Rebate_ZeroScore();

    constructor(uint256 _startTime, uint256 _endTime, address _feeLib) {
        START_TIME = _startTime;
        END_TIME = _endTime;
        feeLib = _feeLib;
    }

    // call from fee lib only
    function tryAdd(address _payer, uint256 _amount) external {
        if (msg.sender != feeLib) revert Rebate_Unauthorized();
        if (block.timestamp <= END_TIME && block.timestamp >= START_TIME) {
            scores[_payer] += _amount;
            sum += _amount;
        }
    }

    // owner only
    function addReward(address _token, uint256 _amount) external onlyOwner {
        if (rewardAdded) revert Rebate_RewardAlreadyAdded();
        rewardAdded = true;
        token = _token;
        totalRewards = _amount;
        // transferFrom the caller
        IERC20(_token).transferFrom(msg.sender, address(this), _amount);
    }

    // claimer only
    function claimReward() external {
        if (block.timestamp < END_TIME) revert Rebate_TooEarly();
        uint256 score = scores[msg.sender];
        if (score == 0) revert Rebate_ZeroScore();
        uint256 reward = (score * totalRewards) / sum;
        delete scores[msg.sender];
        IERC20(token).transfer(msg.sender, reward);
    }
}

File 104 of 159 : IMultiRewarder.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IRewarder, IERC20 } from "./IRewarder.sol";

// @dev This is an internal struct, placed here as its shared between multiple libraries.
struct RewardPool {
    uint256 accRewardPerShare;
    address rewardToken;
    uint48 lastRewardTime;
    uint48 allocPoints;
    IERC20 stakingToken;
    bool removed;
    mapping(address => uint256) rewardDebt;
}

/// @notice A rewarder that can distribute multiple reward tokens (ERC20 and native) to `StargateStaking` pools.
/// @dev The native token is encoded as 0x0.
interface IMultiRewarder is IRewarder {
    struct RewardDetails {
        uint256 rewardPerSec;
        uint160 totalAllocPoints;
        uint48 start;
        uint48 end;
        bool exists;
    }

    /// @notice MultiRewarder renounce ownership is disabled.
    error MultiRewarderRenounceOwnershipDisabled();
    /// @notice The token is not connected to the staking contract, connect it first.
    error MultiRewarderDisconnectedStakingToken(address token);
    /// @notice This token is not registered via `setReward` yet, register it first.
    error MultiRewarderUnregisteredToken(address token);
    /**
     *  @notice Due to various functions looping over the staking tokens connected to a reward token,
     *          a maximum number of such links is instated.
     */
    error MultiRewarderMaxPoolsForRewardToken();
    /**
     *  @notice Due to various functions looping over the reward tokens connected to a staking token,
     *          a maximum number of such links is instated.
     */
    error MultiRewarderMaxActiveRewardTokens();
    /// @notice The function can only be called while the pool hasn't ended yet.
    error MultiRewarderPoolFinished(address rewardToken);
    /// @notice The pool emission duration cannot be set to zero, as this would cause the rewards to be voided.
    error MultiRewarderZeroDuration();
    /// @notice The pool start time cannot be set in the past, as this would cause the rewards to be voided.
    error MultiRewarderStartInPast(uint256 start);
    /**
     *  @notice The recipient failed to handle the receipt of the native tokens, do they have a receipt hook?
     *          If not, use `emergencyWithdraw`.
     */
    error MultiRewarderNativeTransferFailed(address to, uint256 amount);
    /**
     *  @notice A wrong `msg.value` was provided while setting a native reward, make sure it matches the function
     *          `amount`.
     */
    error MultiRewarderIncorrectNative(uint256 expected, uint256 actual);
    /**
     *  @notice Due to a zero input or rounding, the reward rate while setting this pool would be zero,
     *          which is not allowed.
     */
    error MultiRewarderZeroRewardRate();

    /// @notice Emitted when additional rewards were added to a pool, extending the reward duration.
    event RewardExtended(address indexed rewardToken, uint256 amountAdded, uint48 newEnd);
    /**
     *  @notice Emitted when a reward token has been registered. Can be emitted again for the same token after it has
     *          been explicitly stopped.
     */
    event RewardRegistered(address indexed rewardToken);
    /// @notice Emitted when the reward pool has been adjusted or intialized, with the new params.
    event RewardSet(
        address indexed rewardToken,
        uint256 amountAdded,
        uint256 amountPeriod,
        uint48 start,
        uint48 duration
    );
    /// @notice Emitted whenever rewards are claimed via the staking pool.
    event RewardsClaimed(address indexed user, address[] rewardTokens, uint256[] amounts);
    /**
     *  @notice Emitted whenever a new staking pool combination was registered via the allocation point adjustment
     *          function.
     */
    event PoolRegistered(address indexed rewardToken, IERC20 indexed stakeToken);
    /// @notice Emitted when the owner adjusts the allocation points for pools.
    event AllocPointsSet(address indexed rewardToken, IERC20[] indexed stakeToken, uint48[] allocPoint);
    /// @notice Emitted when a reward token is stopped.
    event RewardStopped(address indexed rewardToken, address indexed receiver, bool pullTokens);

    /**
     *  @notice Sets the reward for `rewards` of `rewardToken` over `duration` seconds, starting at `start`. The actual
     *          reward over this period will be increased by any rewards on the pool that haven't been distributed yet.
     */
    function setReward(address rewardToken, uint256 rewards, uint48 start, uint48 duration) external payable;
    /**
     *  @notice Extends the reward duration for `rewardToken` by `amount` tokens, extending the duration by the
     *          equivalent time according to the `rewardPerSec` rate of the pool.
     */
    function extendReward(address rewardToken, uint256 amount) external payable;
    /**
     *  @notice Configures allocation points for a reward token over multiple staking tokens, setting the `allocPoints`
     *          for each `stakingTokens` and updating the `totalAllocPoint` for the `rewardToken`. The allocation
     *          points of any non-provided staking tokens will be left as-is, and won't be reset to zero.
     */
    function setAllocPoints(
        address rewardToken,
        IERC20[] calldata stakingTokens,
        uint48[] calldata allocPoints
    ) external;
    /**
     *  @notice Unregisters a reward token fully, immediately preventing users from ever harvesting their pending
     *          accumulated rewards. Optionally `pullTokens` can be set to false which causes the token balance to
     *          not be sent to the owner, this should only be set to false in case the token is bugged and reverts.
     */
    function stopReward(address rewardToken, address receiver, bool pullTokens) external;

    /**
     *  @notice Returns the reward pools linked to the `stakingToken` alongside the pending rewards for `user`
     *          for these pools.
     */
    function getRewards(IERC20 stakingToken, address user) external view returns (address[] memory, uint256[] memory);

    /// @notice Returns the allocation points for the `rewardToken` over all staking tokens linked to it.
    function allocPointsByReward(
        address rewardToken
    ) external view returns (IERC20[] memory stakingTokens, uint48[] memory allocPoints);
    /// @notice Returns the allocation points for the `stakingToken` over all reward tokens linked to it.
    function allocPointsByStake(
        IERC20 stakingToken
    ) external view returns (address[] memory rewardTokens, uint48[] memory allocPoints);

    /// @notice Returns all enabled reward tokens. Stopped reward tokens are not included, while ended rewards are.
    function rewardTokens() external view returns (address[] memory);
    /// @notice Returns the emission details of a `rewardToken`, configured via `setReward`.
    function rewardDetails(address rewardToken) external view returns (RewardDetails memory);
}

File 105 of 159 : IRewarder.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

/**
 *  @notice A rewarder is connected to the staking contract and distributes rewards whenever the staking contract
 *          updates the rewarder.
 */
interface IRewarder {
    /**
     *  @notice This function is only callable by the staking contract.
     */
    error MultiRewarderUnauthorizedCaller(address caller);
    /**
     *  @notice The rewarder cannot be reconnected to the same staking token as it would cause wrongful reward
     *          attribution through reconfiguration.
     */
    error RewarderAlreadyConnected(IERC20 stakingToken);

    /**
     *  @notice Emitted when the rewarder is connected to a staking token.
     */
    event RewarderConnected(IERC20 indexed stakingToken);

    /**
     *  @notice Informs the rewarder of an update in the staking contract, such as a deposit, withdraw or claim.
     *  @dev Emergency withdrawals draw the balance of a user to 0, and DO NOT call `onUpdate`.
     *       The rewarder logic must keep this in mind!
     */
    function onUpdate(IERC20 token, address user, uint256 oldStake, uint256 oldSupply, uint256 newStake) external;

    /**
     *  @notice Called by the staking contract whenever this rewarder is connected to a staking token in the staking
     *          contract. Should only be callable once per staking token to avoid wrongful reward attribution through
     *          reconfiguration.
     */
    function connect(IERC20 stakingToken) external;
}

File 106 of 159 : IStakingReceiver.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

interface IStakingReceiver {
    function onWithdrawReceived(
        IERC20 token,
        address from,
        uint256 value,
        bytes calldata data
    ) external returns (bytes4);
}

File 107 of 159 : IStargateStaking.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

import { IStakingReceiver } from "./IStakingReceiver.sol";
import { IRewarder } from "./IRewarder.sol";

// @notice The interface to the staking contract for Stargate V2 LPs.
interface IStargateStaking {
    /// @notice StargateStaking renounce ownership is disabled.
    error StargateStakingRenounceOwnershipDisabled();

    /**
     * @notice Thrown on `depositTo` if the caller does not have bytecode, used as an anti-phishing measure to prevent
     *         users from calling `depositTo` as it's for zappers.
     */
    error InvalidCaller();

    /**
     * @notice Thrown on `withdrawToAndCall` if the `to` contract does not return the magic bytes.
     */
    error InvalidReceiver(address receiver);

    error NonExistentPool(IERC20 token);

    event Deposit(IERC20 indexed token, address indexed from, address indexed to, uint256 amount);
    event Withdraw(IERC20 indexed token, address indexed from, address indexed to, uint256 amount, bool withUpdate);
    event PoolSet(IERC20 indexed token, IRewarder rewarder, bool exists);

    /**
     * ADMIN *
     */

    /**
     * @notice Configures the rewarder for a pool. This will initialize the pool if it does not exist yet,
     *         whitelisting it for deposits.
     */
    function setPool(IERC20 token, IRewarder rewarder) external;

    /**
     * USER *
     */

    /**
     * @notice Deposits `amount` of `token` into the pool. Informs the rewarder of the deposit, triggering a harvest.
     */
    function deposit(IERC20 token, uint256 amount) external;

    /**
     * @notice Deposits `amount` of `token` into the pool for `to`. Informs the rewarder of the deposit, triggering a
     *         harvest. This function can only be called by a contract, as to prevent phishing by a malicious contract.
     * @dev This function is useful for zappers, as it allows to do multiple steps ending with a deposit,
     *      without the need to do multiple transactions.
     */
    function depositTo(IERC20 token, address to, uint256 amount) external;

    /// @notice Withdraws `amount` of `token` from the pool. Informs the rewarder of the withdrawal, triggers a harvest.
    function withdraw(IERC20 token, uint256 amount) external;

    /**
     * @notice Withdraws `amount` of `token` from the pool for `to`, and subsequently calls the receipt function on the
     *         `to` contract. Informs the rewarder of the withdrawal, triggering a harvest.
     * @dev This function is useful for zappers, as it allows to do multiple steps ending with a deposit,
     *      without the need to do multiple transactions.
     */
    function withdrawToAndCall(IERC20 token, IStakingReceiver to, uint256 amount, bytes calldata data) external;

    /// @notice Withdraws `amount` of `token` from the pool in an always-working fashion. The rewarder is not informed.
    function emergencyWithdraw(IERC20 token) external;

    /// @notice Claims the rewards from the rewarder, and sends them to the caller.
    function claim(IERC20[] calldata lpTokens) external;

    /**
     * VIEW *
     */

    /// @notice Returns the deposited balance of `user` in the pool of `token`.
    function balanceOf(IERC20 token, address user) external view returns (uint256);

    /// @notice Returns the total supply of the pool of `token`.
    function totalSupply(IERC20 token) external view returns (uint256);

    /// @notice Returns whether `token` is a pool.
    function isPool(IERC20 token) external view returns (bool);

    /// @notice Returns the number of pools.
    function tokensLength() external view returns (uint256);

    /// @notice Returns the list of pools, by their staking tokens.
    function tokens() external view returns (IERC20[] memory);

    /// @notice Returns a slice of the list of pools, by their staking tokens.
    function tokens(uint256 start, uint256 end) external view returns (IERC20[] memory);

    // @notice Returns the rewarder of the pool of `token`, responsible for distribution reward tokens.
    function rewarder(IERC20 token) external view returns (IRewarder);
}

File 108 of 159 : RewardLib.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IMultiRewarder, RewardPool } from "../interfaces/IMultiRewarder.sol";

/// @dev Library which handles staking rewards.
library RewardLib {
    uint256 private constant PRECISION = 10 ** 24;

    function indexAndUpdate(
        RewardPool storage pool,
        IMultiRewarder.RewardDetails storage rewardDetails,
        address user,
        uint256 oldStake,
        uint256 totalSupply
    ) internal returns (uint256) {
        uint256 accRewardPerShare = index(pool, rewardDetails, totalSupply);
        return update(pool, user, oldStake, accRewardPerShare);
    }

    function update(
        RewardPool storage pool,
        address user,
        uint256 oldStake,
        uint256 accRewardPerShare
    ) internal returns (uint256) {
        uint256 rewardsForUser = ((accRewardPerShare - pool.rewardDebt[user]) * oldStake) / PRECISION;
        pool.rewardDebt[user] = accRewardPerShare;
        return rewardsForUser;
    }

    function index(
        RewardPool storage pool,
        IMultiRewarder.RewardDetails storage rewardDetails,
        uint256 totalSupply
    ) internal returns (uint256 accRewardPerShare) {
        accRewardPerShare = _index(pool, rewardDetails, totalSupply);
        pool.accRewardPerShare = accRewardPerShare;
        pool.lastRewardTime = uint48(block.timestamp);
    }

    function _index(
        RewardPool storage pool,
        IMultiRewarder.RewardDetails storage rewardDetails,
        uint256 totalSupply
    ) internal view returns (uint256) {
        // max(start, lastRewardTime)
        uint256 start = rewardDetails.start > pool.lastRewardTime ? rewardDetails.start : pool.lastRewardTime;
        // min(end, now)
        uint256 end = rewardDetails.end < block.timestamp ? rewardDetails.end : block.timestamp;
        if (start >= end || totalSupply == 0 || rewardDetails.totalAllocPoints == 0) {
            return pool.accRewardPerShare;
        }

        return
            (rewardDetails.rewardPerSec * (end - start) * pool.allocPoints * PRECISION) /
            rewardDetails.totalAllocPoints /
            totalSupply +
            pool.accRewardPerShare;
    }

    function getRewards(
        RewardPool storage pool,
        IMultiRewarder.RewardDetails storage rewardDetails,
        address user,
        uint256 oldStake,
        uint256 oldSupply
    ) internal view returns (uint256) {
        uint256 accRewardPerShare = _index(pool, rewardDetails, oldSupply);
        return ((accRewardPerShare - pool.rewardDebt[user]) * oldStake) / PRECISION;
    }
}

File 109 of 159 : RewardRegistryLib.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";

import { IMultiRewarder, RewardPool, IERC20 } from "../interfaces/IMultiRewarder.sol";

/// @dev Internal representation for a staking pool.
struct RewardRegistry {
    uint256 rewardIdCount;
    mapping(uint256 => RewardPool) pools;
    mapping(address rewardToken => EnumerableSet.UintSet) byReward;
    mapping(IERC20 stakingToken => EnumerableSet.UintSet) byStake;
    mapping(address rewardToken => mapping(IERC20 stakingToken => uint256)) byRewardAndStake;
    mapping(address rewardToken => IMultiRewarder.RewardDetails) rewardDetails;
    EnumerableSet.AddressSet rewardTokens;
    mapping(IERC20 stakingToken => bool) connected;
}

/// @dev Library for staking pool logic.
library RewardRegistryLib {
    using EnumerableSet for EnumerableSet.UintSet;
    using EnumerableSet for EnumerableSet.AddressSet;

    uint256 private constant MAX_ACTIVE_POOLS_PER_REWARD = 100;
    uint256 private constant MAX_ACTIVE_REWARD_TOKENS = 100;

    //** REGISTRY ADJUSTMENTS **/
    function getOrCreateRewardDetails(
        RewardRegistry storage self,
        address rewardToken
    ) internal returns (IMultiRewarder.RewardDetails storage reward) {
        reward = self.rewardDetails[rewardToken];
        if (!reward.exists) {
            if (self.rewardTokens.length() >= MAX_ACTIVE_REWARD_TOKENS) {
                revert IMultiRewarder.MultiRewarderMaxActiveRewardTokens();
            }
            reward.exists = true;
            self.rewardTokens.add(rewardToken);
            emit IMultiRewarder.RewardRegistered(rewardToken);
        }
    }

    function getOrCreatePoolId(
        RewardRegistry storage self,
        address reward,
        IERC20 stake
    ) internal returns (uint256 poolId) {
        poolId = self.byRewardAndStake[reward][stake];
        if (poolId == 0) {
            if (self.byReward[reward].length() >= MAX_ACTIVE_POOLS_PER_REWARD) {
                revert IMultiRewarder.MultiRewarderMaxPoolsForRewardToken();
            }
            if (!self.connected[stake]) {
                revert IMultiRewarder.MultiRewarderDisconnectedStakingToken(address(stake));
            }
            poolId = ++self.rewardIdCount; // Start at 1
            self.byRewardAndStake[reward][stake] = poolId;
            self.byReward[reward].add(poolId);
            self.byStake[stake].add(poolId);
            self.pools[poolId].rewardToken = reward;
            self.pools[poolId].stakingToken = stake;
            self.pools[poolId].lastRewardTime = uint48(block.timestamp);

            emit IMultiRewarder.PoolRegistered(reward, stake);
        }
    }

    function removeReward(RewardRegistry storage self, address rewardToken) internal {
        if (!self.rewardDetails[rewardToken].exists) revert IMultiRewarder.MultiRewarderUnregisteredToken(rewardToken);
        uint256[] memory ids = self.byReward[rewardToken].values();
        for (uint256 i = 0; i < ids.length; i++) {
            uint256 id = ids[i];
            IERC20 stakingToken = self.pools[id].stakingToken;

            self.byStake[stakingToken].remove(id);
            self.byReward[rewardToken].remove(id);
            self.byRewardAndStake[rewardToken][stakingToken] = 0;
            self.pools[id].removed = true;
        }
        self.rewardTokens.remove(rewardToken);
        delete self.rewardDetails[rewardToken];
    }

    function setAllocPoints(
        RewardRegistry storage self,
        address rewardToken,
        IERC20[] calldata stakingTokens,
        uint48[] calldata allocPoints
    ) internal {
        IMultiRewarder.RewardDetails storage reward = getOrCreateRewardDetails(self, rewardToken);
        uint160 totalSubtract;
        uint160 totalAdd;
        uint256 length = stakingTokens.length;
        for (uint256 i = 0; i < length; i++) {
            uint256 id = getOrCreatePoolId(self, rewardToken, stakingTokens[i]);
            totalSubtract += self.pools[id].allocPoints;
            totalAdd += allocPoints[i];
            self.pools[id].allocPoints = allocPoints[i];
        }

        reward.totalAllocPoints = reward.totalAllocPoints + totalAdd - totalSubtract;
    }

    //** VIEW FUNCTIONS **/

    function allocPointsByReward(
        RewardRegistry storage self,
        address rewardToken
    ) internal view returns (IERC20[] memory stakingTokens, uint48[] memory allocPoints) {
        uint256[] memory ids = self.byReward[rewardToken].values();
        stakingTokens = new IERC20[](ids.length);
        allocPoints = new uint48[](ids.length);
        for (uint256 i = 0; i < ids.length; i++) {
            stakingTokens[i] = self.pools[ids[i]].stakingToken;
            allocPoints[i] = self.pools[ids[i]].allocPoints;
        }
    }

    function allocPointsByStake(
        RewardRegistry storage self,
        IERC20 stakingToken
    ) internal view returns (address[] memory rewardTokens, uint48[] memory allocPoints) {
        uint256[] memory ids = self.byStake[stakingToken].values();
        rewardTokens = new address[](ids.length);
        allocPoints = new uint48[](ids.length);
        for (uint256 i = 0; i < ids.length; i++) {
            rewardTokens[i] = self.pools[ids[i]].rewardToken;
            allocPoints[i] = self.pools[ids[i]].allocPoints;
        }
    }
}

File 110 of 159 : StakingLib.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IStargateStaking, IERC20, IRewarder } from "../interfaces/IStargateStaking.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

/// @dev Internal representation for a staking pool.
struct StakingPool {
    uint256 totalSupply;
    bool exists;
    IRewarder rewarder;
    mapping(address => uint256) balanceOf;
}

/// @dev Library for staking pool logic.
library StakingLib {
    using SafeERC20 for IERC20;

    /// @dev Emitted when `user` attempts to withdraw an amount which exceeds their balance.
    error WithdrawalAmountExceedsBalance();

    /**
     * @dev Deposit `amount` of `token` from `from` to `to`, increments the `to` balance and totalSupply while
     *      transferring in `token` from `from`, into the contract. Calls the `rewarder` to update the reward state.
     */
    function deposit(StakingPool storage self, IERC20 token, address from, address to, uint256 amount) internal {
        uint256 oldBal = self.balanceOf[to];
        uint256 oldSupply = self.totalSupply;

        uint256 newBal = oldBal + amount;

        self.balanceOf[to] = newBal;
        self.totalSupply = oldSupply + amount;

        emit IStargateStaking.Deposit(token, from, to, amount);

        self.rewarder.onUpdate(token, to, oldBal, oldSupply, newBal);
        token.safeTransferFrom(from, address(this), amount);
    }

    /**
     * @dev Withdraw `amount` of `token` from `from` to `to`, decrements the `from` balance and totalSupply while
     *      transferring out `token` to `to`. Calls the `rewarder` to update the reward state.
     */
    function withdraw(
        StakingPool storage self,
        IERC20 token,
        address from,
        address to,
        uint256 amount,
        bool withUpdate
    ) internal {
        uint256 oldBal = self.balanceOf[from];
        uint256 oldSupply = self.totalSupply;

        if (oldBal < amount) revert WithdrawalAmountExceedsBalance();

        uint256 newBal = oldBal - amount;

        self.balanceOf[from] = newBal;
        self.totalSupply = oldSupply - amount;

        emit IStargateStaking.Withdraw(token, from, to, amount, withUpdate);

        if (withUpdate) {
            self.rewarder.onUpdate(token, from, oldBal, oldSupply, newBal);
        }
        token.safeTransfer(to, amount);
    }

    /**
     *  @dev Claims the `user` rewards from the `rewarder`, and sends them to the `user`. This is done automatically on
     *       deposits and withdrawals as well.
     */
    function claim(StakingPool storage self, IERC20 token, address user) internal {
        self.rewarder.onUpdate(token, user, self.balanceOf[user], self.totalSupply, 0);
    }
}

File 111 of 159 : StargateMultiRewarder.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

import { IStargateStaking } from "./interfaces/IStargateStaking.sol";
import { IMultiRewarder, IERC20 } from "./interfaces/IMultiRewarder.sol";
import { RewardLib, RewardPool } from "./lib/RewardLib.sol";
import { RewardRegistryLib, RewardRegistry } from "./lib/RewardRegistryLib.sol";

/// @notice See `IMultiRewarder` and `IRewarder` for documentation.
contract StargateMultiRewarder is Ownable, IMultiRewarder {
    using RewardLib for RewardPool;
    using EnumerableSet for EnumerableSet.UintSet;
    using EnumerableSet for EnumerableSet.AddressSet;
    using RewardRegistryLib for RewardRegistry;
    using SafeCast for uint256;
    using SafeERC20 for IERC20;

    address private constant ETH = address(0);

    RewardRegistry private registry;
    IStargateStaking public immutable staking;

    modifier onlyStaking() {
        if (msg.sender != address(staking)) revert MultiRewarderUnauthorizedCaller(msg.sender);
        _;
    }

    constructor(IStargateStaking _staking) {
        staking = _staking;
    }

    //** STAKING FUNCTIONS **/

    function onUpdate(
        IERC20 stakingToken,
        address user,
        uint256 oldStake,
        uint256 oldSupply,
        uint256 /*newStake*/
    ) external onlyStaking {
        uint256[] memory ids = registry.byStake[stakingToken].values();
        address[] memory tokens = new address[](ids.length);
        uint256[] memory amounts = new uint256[](ids.length);

        for (uint256 i = 0; i < ids.length; i++) {
            RewardPool storage pool = registry.pools[ids[i]];
            address rewardToken = pool.rewardToken;
            tokens[i] = rewardToken;
            amounts[i] = pool.indexAndUpdate(registry.rewardDetails[rewardToken], user, oldStake, oldSupply);
        }

        emit RewardsClaimed(user, tokens, amounts);

        for (uint256 i = 0; i < ids.length; i++) {
            if (amounts[i] > 0) {
                _transferToken(user, tokens[i], amounts[i]);
            }
        }
    }

    function connect(IERC20 stakingToken) external onlyStaking {
        if (registry.connected[stakingToken]) revert RewarderAlreadyConnected(stakingToken);
        registry.connected[stakingToken] = true;
        emit RewarderConnected(stakingToken);
    }

    function _indexRewardTokenPools(address rewardToken) internal {
        uint256 numPools = registry.byReward[rewardToken].length();
        for (uint256 i = 0; i < numPools; i++) {
            RewardPool storage pool = registry.pools[registry.byReward[rewardToken].at(i)];
            pool.index(registry.rewardDetails[rewardToken], staking.totalSupply(pool.stakingToken));
        }
    }

    /**
     * ADMIN FUNCTIONS *
     */
    function extendReward(address rewardToken, uint256 amount) external payable onlyOwner {
        RewardDetails storage reward = registry.rewardDetails[rewardToken];
        if (!reward.exists) revert MultiRewarderUnregisteredToken(rewardToken);
        if (reward.end < block.timestamp) revert MultiRewarderPoolFinished(rewardToken);

        reward.end += (amount / reward.rewardPerSec).toUint48();

        emit RewardExtended(rewardToken, amount, reward.end);

        _transferInToken(rewardToken, amount);
    }

    function setReward(address rewardToken, uint256 amount, uint48 start, uint48 duration) external payable onlyOwner {
        if (start < block.timestamp) revert MultiRewarderStartInPast(start);
        if (duration == 0) revert MultiRewarderZeroDuration();
        RewardDetails storage reward = registry.getOrCreateRewardDetails(rewardToken);
        _indexRewardTokenPools(rewardToken);

        uint256 rewardsToAdd = amount;
        if (block.timestamp < reward.end) {
            uint256 previousStart = reward.start > block.timestamp ? reward.start : block.timestamp;
            rewardsToAdd += reward.rewardPerSec * (reward.end - previousStart);
        }

        uint256 rewardPerSec = rewardsToAdd / duration;
        if (rewardPerSec == 0) revert MultiRewarderZeroRewardRate();

        reward.start = start;
        reward.end = start + duration;
        reward.rewardPerSec = rewardPerSec;

        emit RewardSet(rewardToken, amount, rewardsToAdd, start, duration);

        _transferInToken(rewardToken, amount);
    }

    function setAllocPoints(
        address rewardToken,
        IERC20[] calldata stakingTokens,
        uint48[] calldata allocPoints
    ) external onlyOwner {
        _indexRewardTokenPools(rewardToken);
        registry.setAllocPoints(rewardToken, stakingTokens, allocPoints);
        emit AllocPointsSet(rewardToken, stakingTokens, allocPoints);
    }

    function stopReward(address rewardToken, address receiver, bool pullTokens) external onlyOwner {
        registry.removeReward(rewardToken);
        /**
         * @dev we provide pullTokens as we especially need to be able to retire rewards even if the token transfers
         *      revert for some reason.
         */
        if (pullTokens) {
            uint256 amount = rewardToken == ETH ? address(this).balance : IERC20(rewardToken).balanceOf(address(this));
            _transferToken(receiver, rewardToken, amount);
        }
        emit RewardStopped(rewardToken, receiver, pullTokens);
    }

    function renounceOwnership() public view override onlyOwner {
        revert MultiRewarderRenounceOwnershipDisabled();
    }

    /**
     * UTILITIES *
     */
    function _transferToken(address to, address token, uint256 amount) internal {
        if (token == ETH) {
            (bool success, ) = to.call{ value: amount }("");
            if (!success) revert MultiRewarderNativeTransferFailed(token, amount);
        } else {
            IERC20(token).safeTransfer(to, amount);
        }
    }

    function _transferInToken(address token, uint256 amount) internal {
        if (token == ETH) {
            if (msg.value != amount) revert MultiRewarderIncorrectNative(amount, msg.value);
        } else {
            IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
        }
    }

    /**
     * VIEW FUNCTIONS *
     */
    function getRewards(IERC20 stakingToken, address user) external view returns (address[] memory, uint256[] memory) {
        uint256[] memory ids = registry.byStake[stakingToken].values();
        address[] memory tokens = new address[](ids.length);
        uint256[] memory amounts = new uint256[](ids.length);

        for (uint256 i = 0; i < ids.length; i++) {
            RewardPool storage pool = registry.pools[ids[i]];
            RewardDetails storage reward = registry.rewardDetails[pool.rewardToken];
            tokens[i] = pool.rewardToken;
            amounts[i] = pool.getRewards(
                reward,
                user,
                staking.balanceOf(pool.stakingToken, user),
                staking.totalSupply(pool.stakingToken)
            );
        }
        return (tokens, amounts);
    }

    function allocPointsByReward(address rewardToken) external view returns (IERC20[] memory, uint48[] memory) {
        return registry.allocPointsByReward(rewardToken);
    }

    function allocPointsByStake(IERC20 stakingToken) external view returns (address[] memory, uint48[] memory) {
        return registry.allocPointsByStake(stakingToken);
    }

    function rewardDetails(address rewardToken) external view returns (RewardDetails memory) {
        return registry.rewardDetails[rewardToken];
    }

    function rewardTokens() external view override returns (address[] memory) {
        return registry.rewardTokens.values();
    }
}

File 112 of 159 : StargateStaking.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { ReentrancyGuard } from "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import { Address } from "@openzeppelin/contracts/utils/Address.sol";
import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

import { StakingLib, StakingPool } from "./lib/StakingLib.sol";
import { IStargateStaking, IRewarder, IStakingReceiver, IERC20 } from "./interfaces/IStargateStaking.sol";

/// @notice See `IStargateStaking` for documentation.
contract StargateStaking is Ownable, ReentrancyGuard, IStargateStaking {
    using EnumerableSet for EnumerableSet.AddressSet;
    using StakingLib for StakingPool;

    EnumerableSet.AddressSet private _tokens;
    mapping(IERC20 lpToken => StakingPool) private _pools;

    modifier validPool(IERC20 token) {
        _validatePool(token);
        _;
    }

    function _validatePool(IERC20 token) internal view {
        if (!_pools[token].exists) revert NonExistentPool(token);
    }

    //** ADMIN FUNCTIONS **/

    function setPool(IERC20 token, IRewarder newRewarder) external override onlyOwner {
        bool exists = _pools[token].exists;
        if (!exists) {
            _pools[token].exists = true;
            _tokens.add(address(token));
        }
        // Prevents re-adding of an old rewarder to a pool, which could lead to excessive reward distribution.
        newRewarder.connect(token);
        _pools[token].rewarder = newRewarder;

        emit PoolSet(token, newRewarder, exists);
    }

    function renounceOwnership() public view override onlyOwner {
        revert StargateStakingRenounceOwnershipDisabled();
    }

    //** USER FUNCTIONS **/

    function deposit(IERC20 token, uint256 amount) external override nonReentrant validPool(token) {
        _pools[token].deposit(token, msg.sender, msg.sender, amount);
    }

    function depositTo(IERC20 token, address to, uint256 amount) external override nonReentrant validPool(token) {
        if (!Address.isContract(msg.sender)) revert InvalidCaller();
        _pools[token].deposit(token, msg.sender, to, amount);
    }

    function withdraw(IERC20 token, uint256 amount) external override nonReentrant validPool(token) {
        _pools[token].withdraw(token, msg.sender, msg.sender, amount, true);
    }

    function withdrawToAndCall(
        IERC20 token,
        IStakingReceiver to,
        uint256 amount,
        bytes calldata data
    ) external override nonReentrant validPool(token) {
        if (!Address.isContract(address(to))) {
            revert InvalidReceiver(address(to));
        }
        _pools[token].withdraw(token, msg.sender, address(to), amount, true);
        /**
         * @dev This line reverts ambiguously if the `to` does not return a response, but is a contract. This could be
         *      solved similar to [OpenZeppelin's approach](https://github.com/OpenZeppelin/openzeppelin-contracts/blob
         *      /141c947921cc5d23ee1d247c691a8b85cabbbd5d/contracts/token/ERC1155/utils/ERC1155Utils.sol#L22), but we've
         *      opted against this for now as to avoid all inline assembly within this project.
         */
        if (to.onWithdrawReceived(token, msg.sender, amount, data) != IStakingReceiver.onWithdrawReceived.selector) {
            revert InvalidReceiver(address(to));
        }
    }

    function emergencyWithdraw(IERC20 token) external override nonReentrant validPool(token) {
        uint256 amount = _pools[token].balanceOf[msg.sender];
        _pools[token].withdraw(token, msg.sender, msg.sender, amount, false);
    }

    function claim(IERC20[] calldata lpTokens) external override nonReentrant {
        for (uint256 i = 0; i < lpTokens.length; i++) {
            IERC20 token = lpTokens[i];
            _validatePool(token);
            _pools[token].claim(token, msg.sender);
        }
    }

    //** VIEW FUNCTIONS **//

    function isPool(IERC20 token) external view override returns (bool) {
        return _pools[token].exists;
    }

    function tokensLength() external view override returns (uint256) {
        return _tokens.length();
    }

    function tokens() external view override returns (IERC20[] memory) {
        return tokens(0, _tokens.length());
    }

    function tokens(uint256 start, uint256 end) public view override returns (IERC20[] memory) {
        IERC20[] memory result = new IERC20[](end - start);
        for (uint256 i = start; i < end; i++) {
            result[i - start] = IERC20(_tokens.at(i));
        }
        return result;
    }

    function balanceOf(IERC20 token, address user) external view override returns (uint256) {
        return _pools[token].balanceOf[user];
    }

    function totalSupply(IERC20 token) external view override returns (uint256) {
        return _pools[token].totalSupply;
    }

    function rewarder(IERC20 token) external view override returns (IRewarder) {
        return _pools[token].rewarder;
    }
}

File 113 of 159 : Treasurer.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { Transfer } from "../libs/Transfer.sol";
import { StargateBase } from "../StargateBase.sol";

/**
 * @title The treasurer is a role that administers the Stargate treasuries. Treasuries refer to the value that
 *        contracts hold and accrue as they collect fees from transactions and pay rewards.
 * @dev Only the Treasurer admin can add or withdraw from the Stargate treasuries. Only the Treasurer owner can
 *      withdraw from the Treasurer account. The main use-case for this role is to provide an initial treasury to
 *      pay rewards and to claim the unallocated rewards.
 */
contract Treasurer is Transfer {
    /// @dev admin only has the power to withdraw treasury fee to address(this) or recycle the balance into the treasury
    address public admin;
    mapping(address => bool) public stargates;

    error Unauthorized();

    modifier onlyAdmin() {
        if (msg.sender != admin) revert Unauthorized();
        _;
    }

    modifier onlyStargate(address _stargate) {
        if (!stargates[_stargate]) revert Unauthorized();
        _;
    }

    /// @notice Create a new Treasurer
    /// @dev Ownership of the Treasurer is transferred to the Owner of the Stargate contract.
    constructor(address _owner, address _admin) {
        _transferOwnership(_owner);
        admin = _admin;
    }

    /// @notice Set the Admin role to an account.
    /// @dev Emits SetAdmin with the new Admin role
    /// @param _admin The address of the new Admin role
    function setAdmin(address _admin) external onlyOwner {
        admin = _admin;
    }

    /// @notice Set the Stargate contract to be managed by the Treasurer.
    function setStargate(address _stargate, bool _value) external onlyOwner {
        stargates[_stargate] = _value;
    }

    /// @notice Transfer tokens from the Treasurer account to another account
    /// @param _token The token to transfer
    /// @param _to The destination account
    /// @param _amount How many tokens to transfer
    function transfer(address _token, address _to, uint256 _amount) external onlyOwner {
        Transfer.safeTransfer(_token, _to, _amount, false); // no gas limit
    }

    /// @notice Transfer treasury fee from a Stargate contract into the Treasurer (this) contract.
    /// @param _amountSD The amount to withdraw, in SD
    function withdrawTreasuryFee(address _stargate, uint64 _amountSD) external onlyAdmin onlyStargate(_stargate) {
        StargateBase(_stargate).withdrawTreasuryFee(address(this), _amountSD);
    }

    /// @notice Return value to the Stargate contract.
    /// @dev can only withdraw from the balance of this contract
    /// @dev if the balance is not enough, just deposit directly to address(this)
    /// @param _amountLD How much value to add to the Stargate contract
    function addTreasuryFee(address _stargate, uint256 _amountLD) external onlyAdmin onlyStargate(_stargate) {
        StargateBase stargate = StargateBase(_stargate);
        address token = stargate.token();
        uint256 value;
        if (token != address(0)) {
            Transfer.forceApproveToken(token, _stargate, _amountLD);
        } else {
            value = _amountLD;
        }
        stargate.addTreasuryFee{ value: value }(_amountLD);
    }

    function recoverToken(
        address _stargate,
        address _token,
        uint256 _amount
    ) external onlyAdmin onlyStargate(_stargate) {
        StargateBase(_stargate).recoverToken(_token, address(this), _amount);
    }

    /// @notice Enable receiving native into the Treasurer
    receive() external payable {}
}

File 114 of 159 : IStargateEthVault.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

interface IStargateEthVault {
    function deposit() external payable;
    function transfer(address to, uint256 value) external returns (bool);
    function withdraw(uint256) external;
    function approve(address guy, uint256 wad) external returns (bool);
    function transferFrom(address src, address dst, uint256 wad) external returns (bool);
}

File 115 of 159 : IStargateV1Factory.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IStargateV1Pool } from "./IStargateV1Pool.sol";

interface IStargateV1Factory {
    function getPool(uint256 poolId) external view returns (IStargateV1Pool);
}

File 116 of 159 : IStargateV1Pool.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

interface IStargateV1Pool is IERC20 {
    function token() external view returns (IERC20);
    function poolId() external view returns (uint256);
}

File 117 of 159 : IStargateV1Router.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IStargateV1Factory } from "./IStargateV1Factory.sol";

interface IStargateV1Router {
    // legacy import from stgv1
    // solhint-disable-next-line contract-name-camelcase
    struct lzTxObj {
        uint256 dstGasForCall;
        uint256 dstNativeAmount;
        bytes dstNativeAddr;
    }

    function factory() external view returns (IStargateV1Factory);

    function addLiquidity(uint256 _poolId, uint256 _amountLD, address _to) external;

    function swap(
        uint16 _dstChainId,
        uint256 _srcPoolId,
        uint256 _dstPoolId,
        address payable _refundAddress,
        uint256 _amountLD,
        uint256 _minAmountLD,
        lzTxObj memory _lzTxParams,
        bytes calldata _to,
        bytes calldata _payload
    ) external payable;

    function redeemRemote(
        uint16 _dstChainId,
        uint256 _srcPoolId,
        uint256 _dstPoolId,
        address payable _refundAddress,
        uint256 _amountLP,
        uint256 _minAmountLD,
        bytes calldata _to,
        lzTxObj memory _lzTxParams
    ) external payable;

    function instantRedeemLocal(uint16 _srcPoolId, uint256 _amountLP, address _to) external returns (uint256);

    function redeemLocal(
        uint16 _dstChainId,
        uint256 _srcPoolId,
        uint256 _dstPoolId,
        address payable _refundAddress,
        uint256 _amountLP,
        bytes calldata _to,
        lzTxObj memory _lzTxParams
    ) external payable;

    function sendCredits(
        uint16 _dstChainId,
        uint256 _srcPoolId,
        uint256 _dstPoolId,
        address payable _refundAddress
    ) external payable;

    function quoteLayerZeroFee(
        uint16 _dstChainId,
        uint8 _functionType,
        bytes calldata _toAddress,
        bytes calldata _transferAndCallPayload,
        lzTxObj memory _lzTxParams
    ) external view returns (uint256, uint256);
}

File 118 of 159 : IStargateZapperV1.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { IStakingReceiver } from "../../rewarder/interfaces/IStakingReceiver.sol";
import { IStargatePool } from "../../../interfaces/IStargatePool.sol";

interface IStargateZapperV1 is IStakingReceiver {
    error StargateZapperV1__NativeTransferFailed();
    error StargateZapperV1__InsufficientOutputAmount(uint256 actual, uint256 expect);
    error StargateZapperV1__InvalidPoolId(uint16 poolId);
    error StargateZapperV1__UnknownLpToken(IERC20 lpToken);
    error StargateZapperV1__OnlyCallableByStaking();
    error StargateZapperV1__ZeroAmount();
    error StargateZapperV1__IncorrectNative(uint256 actual, uint256 expect);

    event LpConfigured(IERC20 indexed lpToken, IStargatePool indexed pool, IERC20 asset);
    event V1PoolConfigured(uint16 indexed poolId, IERC20 indexed v1LpToken, IERC20 indexed v2LpToken);
    event TokenSwept(address indexed token, address indexed receiver, uint256 amount);

    /**
     * @notice Deposits an asset into a stargate pool and stakes the resulting LP token into the Stargate V2 Staking
     *         contract, all in a single transaction. Requires approval of the underlying asset of the LP pool.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev The `StargatePool` might round down the input amount slightly due to the local decimal to shared decimal
     *      conversion. The frontend must take care of providing properly rounded input amounts as for gas efficiency
     *      this rounding is not refunded. Users are still in control of not receiving less than expected by setting
     *      the minimum received param. If these tokens ever add up to anything, the `owner` can take them out as fees
     *      via `sweep`.
     * @dev Compliant with StargatePoolNative, but requires input to be properly rounded with the shared to local
     *      decimal adjustment, eg. no dust.
     * @param lpToken The V2 LP token to zap into and stake, the underlying asset (such as USDC) of this LP token is
     *        transferred from the transaction sender.
     * @param assetInAmount The amount of the underlying asset (such as USDC) to zap in.
     * @param minStakeAmount The minimum amount of the LP token to stake into the Stargate V2 Staking contract, as
     *        an extra check against rounding slippage and fees.
     */
    function depositAndStake(IERC20 lpToken, uint256 assetInAmount, uint256 minStakeAmount) external payable;

    /**
     * @notice Deposits an asset into a stargate pool and stakes the resulting LP token into the Stargate V2 Staking
     *         contract, all in a single transaction. Does not require approval of the underlying asset of the LP pool,
     *         instead the permit signature of `msg.sender` needs to be provided for the amount.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev The `StargatePool` might round down the input amount slightly due to the local decimal to shared decimal
     *      conversion. The frontend must take care of providing properly rounded input amounts as for gas efficiency
     *      this rounding is not refunded. Users are still in control of not receiving less than expected by setting
     *      the minimum received param. If these tokens ever add up to anything, the `owner` can take them out as fees
     *      via `sweep`.
     * @dev This function only works with tokens that support ERC-2612.
     * @dev Not compliant with StargatePoolNative.
     * @param lpToken The V2 LP token to zap into and stake, the underlying asset (such as USDC) of this LP token is
     *        transferred from the transaction sender.
     * @param assetInAmount The amount of the underlying asset (such as USDC) to zap in.
     * @param minStakeAmount The minimum amount of the LP token to stake into the Stargate V2 Staking contract, as
     *        an extra check against rounding slippage and fees.
     * @param deadline The deadline used within the permit data signature (see ERC-2612 for the permit data structure)
     * @param v The v-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param r The r-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param s The s-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     */
    function depositAndStakeWithPermit(
        IERC20 lpToken,
        uint256 assetInAmount,
        uint256 minStakeAmount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /**
     * @notice Migrates a V1 LP token to V2 and stakes the resulting LP token into the Stargate V2 Staking contract,
     *         all in a single transaction. Requires approval of the V1 LP token.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev Compliant with StargatePoolNative.
     * @param poolId The V1 pool ID to migrate from.
     * @param amount The amount of the V1 LP token to migrate.
     * @param minStakeAmount The minimum amount of the V2 LP token to stake into the Stargate V2 Staking contract,
     *        as an extra check against slippage and fees.
     */
    function migrateV1LpToV2Stake(uint16 poolId, uint256 amount, uint256 minStakeAmount) external payable;

    /**
     * @notice Migrates a V1 LP token to V2 and stakes the resulting LP token into the Stargate V2 Staking contract,
     *         all in a single transaction. Does not require approval of the V1 LP token, instead the permit signature
     *         of `msg.sender` needs to be provided for the amount.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev Not compliant with StargatePoolNative.
     * @param poolId The V1 pool ID to migrate from.
     * @param amount The amount of the V1 LP token to migrate.
     * @param minStakeAmount The minimum amount of the V2 LP token to stake into the Stargate V2 Staking contract,
     *        as an extra check against slippage and fees.
     * @param deadline The deadline used within the permit data signature (see ERC-2612 for the permit data structure)
     * @param v The v-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param r The r-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param s The s-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     */
    function migrateV1LpToV2StakeWithPermit(
        uint16 poolId,
        uint256 amount,
        uint256 minStakeAmount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;
}

File 119 of 159 : StargateZapperV1.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import { IERC20Metadata } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import { IERC20Permit } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol";

import { IStargateV1Pool } from "./interfaces/IStargateV1Pool.sol";
import { IStargateV1Router } from "./interfaces/IStargateV1Router.sol";
import { IStargateV1Factory } from "./interfaces/IStargateV1Factory.sol";
import { IStargateEthVault } from "./interfaces/IStargateEthVault.sol";

import { LPToken } from "../../utils/LPToken.sol";
import { IStargateStaking } from "../rewarder/interfaces/IStargateStaking.sol";
import { IStargatePool } from "../../interfaces/IStargatePool.sol";

import { IStargateZapperV1, IERC20 } from "./interfaces/IStargateZapperV1.sol";

/**
 * @title Stargate Zapper - V1
 * @notice The Stargate Zapper V1 contract allows users to zap into and out of Stargate V2 LP tokens,
 *         as well as migrate from V1 LP tokens to V2 LP tokens.
 */
contract StargateZapperV1 is Ownable, IStargateZapperV1 {
    using SafeERC20 for IERC20;

    address private constant ETH = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;

    /// @dev The Stargate V2 StargateStaking contract, which the V2 LP tokens are staked into.
    IStargateStaking public immutable staking;
    /// @dev The Stargate V1 Router contract, for migrating from V1 LPs to V2 stakes.
    IStargateV1Router public immutable routerV1;
    /// @dev The Stargate V1 Factory contract, for migrating from V1 LPs to V2 stakes.
    IStargateV1Factory public immutable factoryV1;
    /// @dev The stargate V1 eth vault, used as the underlying V1 ETH LP token.
    IStargateEthVault public immutable ethVault;

    /// @dev Mapping of V2 LP tokens to their corresponding V2 StargatePool.
    mapping(IERC20 lpToken => IStargatePool pool) public lpToPool;
    /// @dev Mapping of V2 LP tokens to their pool's underlying asset (eg. USDC).
    mapping(IERC20 lpToken => IERC20 asset) public lpToAsset;
    /// @dev Mapping of V1 pool IDs to their corresponding V2 LP tokens, used for migration.
    mapping(uint16 v1PoolId => IERC20 lpToken) public v1PidToV2Lp;
    /// @dev Mapping of V1 pool IDs to their corresponding V1 LP tokens, used for migration.
    mapping(uint16 v1PoolId => IERC20 lpToken) public v1PidToV1Lp;
    /// @dev Mapping of V1 pool IDs to their pool's conversion rate, used for ETH migration exclusively.
    mapping(uint16 v1PoolId => uint256 conversionRate) public v1PidToConversionRate;

    /**
     * @dev Constructor for initializing the zapper.
     * @param _staking The Stargate V2 StargateStaking contract.
     * @param _routerV1 The Stargate V1 Router contract. Used for migration.
     * @param _ethVault The Stargate V1 ETH vault, which is the underlying token for the V1 ETH LP,
     *        can be set to zero if it does not exist. Used for migration.
     */
    constructor(IStargateStaking _staking, IStargateV1Router _routerV1, IStargateEthVault _ethVault) {
        staking = _staking;
        routerV1 = _routerV1;
        factoryV1 = _routerV1.factory();
        ethVault = _ethVault;
    }

    /**
     * ZAPS
     */

    /**
     * @notice Unstakes and redeems a V2 LP token to the underlying asset (such as USDC) in a single transaction.
     *         Called through `StargateStaking.withdrawToAndCall`.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev Compliant with StargatePoolNative.
     * @dev The `data` provided via `withdrawToAndCall` must be `abi.encode(minTokenOut)` with
     *      `minAssetOut` an `uint256`.
     * @param lpToken The V2 LP token to redeem, validated by `StargateStaking`.
     * @param from The address that is withdrawing the LP token, validated by `StargateStaking`.
     * @param value The amount of LP tokens to redeem, validated by `StargateStaking` and already sent into this
     *        contract before the `onWithdrawReceived` call.
     * @param data The data provided by the `from` user to specify the minimum amount of the underlying asset to
     *        receive, this is not validated beforehand in any way.
     */
    function onWithdrawReceived(
        IERC20 lpToken,
        address from,
        uint256 value,
        bytes calldata data
    ) external returns (bytes4) {
        if (msg.sender != address(staking)) revert StargateZapperV1__OnlyCallableByStaking();

        IStargatePool pool = lpToPool[lpToken];
        if (address(pool) == address(0)) revert StargateZapperV1__UnknownLpToken(lpToken);
        if (value == 0) revert StargateZapperV1__ZeroAmount();

        uint256 minAssetOut = abi.decode(data, (uint256));

        uint256 redeemed = pool.redeem(value, from);
        if (redeemed < minAssetOut) {
            revert StargateZapperV1__InsufficientOutputAmount({ actual: redeemed, expect: minAssetOut });
        }

        return this.onWithdrawReceived.selector;
    }

    /**
     * @notice Deposits an asset into a stargate pool and stakes the resulting LP token into the Stargate V2 Staking
     *         contract, all in a single transaction. Requires approval of the underlying asset of the LP pool.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev The `StargatePool` might round down the input amount slightly due to the local decimal to shared decimal
     *      conversion. The frontend must take care of providing properly rounded input amounts as for gas efficiency
     *      this rounding is not refunded. Users are still in control of not receiving less than expected by setting
     *      the minimum received param. If these tokens ever add up to anything, the `owner` can take them out as fees
     *      via `sweep`.
     * @dev Compliant with StargatePoolNative, but requires input to be properly rounded with the shared to local
     *      decimal adjustment, eg. no dust.
     * @param lpToken The V2 LP token to zap into and stake, the underlying asset (such as USDC) of this LP token is
     *        transferred from the transaction sender.
     * @param assetInAmount The amount of the underlying asset (such as USDC) to zap in.
     * @param minStakeAmount The minimum amount of the LP token to stake into the Stargate V2 Staking contract,
     *        as an extra check against rounding slippage and fees.
     */
    function depositAndStake(IERC20 lpToken, uint256 assetInAmount, uint256 minStakeAmount) public payable {
        IERC20 asset = lpToAsset[lpToken];
        if (address(asset) == address(0)) revert StargateZapperV1__UnknownLpToken(lpToken);
        if (assetInAmount == 0) revert StargateZapperV1__ZeroAmount();

        _transferInToken(asset, assetInAmount);
        _zapToAndStake(asset, lpToken, assetInAmount, minStakeAmount);
    }

    /**
     * @notice Deposits an asset into a stargate pool and stakes the resulting LP token into the Stargate V2 Staking
     *         contract, all in a single transaction. Does not require approval of the underlying asset of the LP pool,
     *         instead the permit signature of `msg.sender` needs to be provided for the amount.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev The `StargatePool` might round down the input amount slightly due to the local decimal to shared decimal
     *      conversion. The frontend must take care of providing properly rounded input amounts as for gas efficiency
     *      this rounding is not refunded. Users are still in control of not receiving less than expected by setting
     *      the minimum received param. If these tokens ever add up to anything, the `owner` can take them out as
     *      fees via `sweep`.
     * @dev This function only works with tokens that support ERC-2612.
     * @dev Not compliant with StargatePoolNative.
     * @param lpToken The V2 LP token to zap into and stake, the underlying asset (such as USDC) of this LP token
     *        is transferred from the transaction sender.
     * @param assetInAmount The amount of the underlying asset (such as USDC) to zap in.
     * @param minStakeAmount The minimum amount of the LP token to stake into the Stargate V2 Staking contract,
     *        as an extra check against rounding slippage and fees.
     * @param deadline The deadline used within the permit data signature (see ERC-2612 for the permit data structure)
     * @param v The v-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param r The r-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param s The s-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     */
    function depositAndStakeWithPermit(
        IERC20 lpToken,
        uint256 assetInAmount,
        uint256 minStakeAmount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external {
        IERC20Permit(address(lpToAsset[lpToken])).permit(msg.sender, address(this), assetInAmount, deadline, v, r, s);
        depositAndStake(lpToken, assetInAmount, minStakeAmount);
    }

    /**
     * @notice Migrates a V1 LP token to V2 and stakes the resulting LP token into the Stargate V2 Staking contract,
     *         all in a single transaction. Requires approval of the V1 LP token.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev Compliant with StargatePoolNative.
     * @param poolId The V1 pool ID to migrate from.
     * @param amount The amount of the V1 LP token to migrate.
     * @param minStakeAmount The minimum amount of the V2 LP token to stake into the Stargate V2 Staking contract,
     *        as an extra check against slippage and fees.
     */
    function migrateV1LpToV2Stake(uint16 poolId, uint256 amount, uint256 minStakeAmount) public payable {
        IERC20 v1Lp = v1PidToV1Lp[poolId];
        IERC20 v2Lp = v1PidToV2Lp[poolId];
        IERC20 asset = lpToAsset[v2Lp];
        if (address(v1Lp) == address(0) || address(v2Lp) == address(0) || address(asset) == address(0)) {
            revert StargateZapperV1__InvalidPoolId(poolId);
        }
        if (amount == 0) revert StargateZapperV1__ZeroAmount();

        v1Lp.safeTransferFrom(msg.sender, address(this), amount);
        v1Lp.forceApprove(address(routerV1), amount);
        uint256 amountOut = routerV1.instantRedeemLocal(poolId, amount, address(this));
        if (address(asset) == ETH) {
            // Due to unlp rounding errors, we can't provide `amount` so that this `amountOut` is exactly correct.
            // Hence we need to get rid of the dust ourselves, which can be swept by the admin.
            amountOut -= amountOut % v1PidToConversionRate[poolId];
        }
        _zapToAndStake(asset, v2Lp, amountOut, minStakeAmount);
    }

    /**
     * @notice Migrates a V1 LP token to V2 and stakes the resulting LP token into the Stargate V2 Staking contract,
     *         all in a single transaction. Does not require approval of the V1 LP token, instead the permit signature
     *         of `msg.sender` needs to be provided for the amount.
     * @dev Frontend must use the underlying protocol events to determine the actual amount of the asset received.
     * @dev Not compliant with StargatePoolNative.
     * @param poolId The V1 pool ID to migrate from.
     * @param amount The amount of the V1 LP token to migrate.
     * @param minStakeAmount The minimum amount of the V2 LP token to stake into the Stargate V2 Staking contract,
     *        as an extra check against slippage and fees.
     * @param deadline The deadline used within the permit data signature (see ERC-2612 for the permit data structure)
     * @param v The v-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param r The r-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     * @param s The s-component of a valid secp256k1 signature from owner of the message
     *        (see ERC-2612 for the permit data structure)
     */
    function migrateV1LpToV2StakeWithPermit(
        uint16 poolId,
        uint256 amount,
        uint256 minStakeAmount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external {
        IERC20Permit(address(v1PidToV1Lp[poolId])).permit(msg.sender, address(this), amount, deadline, v, r, s);
        migrateV1LpToV2Stake(poolId, amount, minStakeAmount);
    }

    /**
     * @dev Internal function to zap an asset into a stargate pool and stake the resulting LP token into the
     *      Stargate V2 Staking contract, requires the asset to already be in the zapper.
     */
    function _zapToAndStake(IERC20 asset, IERC20 lpToken, uint256 assetInAmount, uint256 minStakeAmount) internal {
        IStargatePool pool = lpToPool[lpToken];
        if (address(pool) == address(0)) revert StargateZapperV1__UnknownLpToken(lpToken);

        uint256 value = 0;
        if (address(asset) == ETH) {
            value = assetInAmount;
        } else {
            asset.forceApprove(address(pool), assetInAmount);
        }
        uint256 amountOut = pool.deposit{ value: value }(address(this), assetInAmount);

        if (amountOut < minStakeAmount) {
            revert StargateZapperV1__InsufficientOutputAmount({ actual: amountOut, expect: minStakeAmount });
        }

        lpToken.forceApprove(address(staking), amountOut);
        staking.depositTo(lpToken, msg.sender, amountOut);
    }

    function _transferInToken(IERC20 token, uint256 amount) internal {
        if (address(token) == ETH) {
            if (msg.value != amount) revert StargateZapperV1__IncorrectNative(msg.value, amount);
        } else {
            token.safeTransferFrom(msg.sender, address(this), amount);
        }
    }

    /**
     * CONFIG & OWNER FUNCTIONS
     */

    /**
     * @notice Whitelist a V2 stargate LP for zapping, configures storage mappings from the LP to the pool and asset
     *         for gas efficiency. Only callable by `owner`.
     * @param lpToken The LP token to set the pool for.
     * @param enabled Whether the pool should be enabled or not.
     */
    function configureLpToken(IERC20 lpToken, bool enabled) external onlyOwner {
        IStargatePool pool = IStargatePool(enabled ? LPToken(address(lpToken)).stargate() : address(0));
        IERC20 asset = IERC20(enabled ? pool.token() : address(0));
        // @dev StargatePoolNative presently sets the .token() to address(0).
        if (enabled && address(asset) == address(0)) asset = IERC20(ETH);

        lpToPool[lpToken] = pool;
        lpToAsset[lpToken] = asset;

        emit LpConfigured(lpToken, pool, asset);
    }

    /**
     * @notice Whitelist a V1 pool ID to a V2 LP token for migration, configures a storage mapping for gas efficiency.
     *         Must be called after `configureLpToken`. Only callable by `owner`.
     * @param v1PoolId The V1 pool ID, specified in the V1 Stargate factory/router.
     * @param v2LpToken The V2 LP token to map to the V1 pool ID, or address(0) to remove the mapping.
     */
    function configureV1Pool(uint16 v1PoolId, IERC20 v2LpToken) external onlyOwner {
        IStargateV1Pool v1LpToken = address(v2LpToken) != address(0)
            ? factoryV1.getPool(v1PoolId)
            : IStargateV1Pool(address(0));

        IERC20 asset = lpToAsset[v2LpToken];
        IERC20 v1LpAsset = address(v2LpToken) != address(0) ? v1LpToken.token() : IERC20(address(0));
        if (
            address(v1LpToken) != address(0) &&
            v1LpAsset != asset &&
            (address(asset) != ETH || address(v1LpAsset) != address(ethVault))
        ) {
            revert StargateZapperV1__UnknownLpToken(v2LpToken);
        }

        uint256 assetDecimals = address(asset) == ETH || address(asset) == address(0)
            ? 18
            : IERC20Metadata(address(asset)).decimals();

        v1PidToV1Lp[v1PoolId] = v1LpToken;
        v1PidToV2Lp[v1PoolId] = v2LpToken;
        v1PidToConversionRate[v1PoolId] = address(v2LpToken) == address(0)
            ? 0
            : 10 ** (assetDecimals - lpToPool[v2LpToken].sharedDecimals());

        emit V1PoolConfigured(v1PoolId, v1LpToken, v2LpToken);
    }

    /**
     * @notice Callable by the owner to withdraw any tokens accidentally sent or stuck in this contract.
     * @param token address of the token to sweep.
     * @param receiver address to receive the tokens.
     * @param amount amount of tokens to sweep.
     */
    function sweep(address token, address receiver, uint256 amount) external onlyOwner {
        if (token == ETH) {
            (bool success, ) = receiver.call{ value: amount }("");
            if (!success) revert StargateZapperV1__NativeTransferFailed();
        } else {
            IERC20(token).safeTransfer(receiver, amount);
        }
        emit TokenSwept(token, receiver, amount);
    }

    // @notice Used For wrapped ETH unwrapping.
    receive() external payable {}
}

File 120 of 159 : StargateBase.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";

import { ILayerZeroEndpointV2 } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/interfaces/IOAppCore.sol";
import { Origin } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/OApp.sol";
// Solidity does not support splitting import across multiple lines
// solhint-disable-next-line max-line-length
import { OFTLimit, OFTFeeDetail, OFTReceipt, SendParam, MessagingReceipt, MessagingFee, IOFT } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/interfaces/IOFT.sol";
import { OFTComposeMsgCodec } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oft/libs/OFTComposeMsgCodec.sol";

import { IStargate, Ticket } from "./interfaces/IStargate.sol";
import { IStargateFeeLib, FeeParams } from "./interfaces/IStargateFeeLib.sol";
import { ITokenMessaging, RideBusParams, TaxiParams } from "./interfaces/ITokenMessaging.sol";
import { ITokenMessagingHandler } from "./interfaces/ITokenMessagingHandler.sol";
import { ICreditMessagingHandler, Credit, TargetCredit } from "./interfaces/ICreditMessagingHandler.sol";
import { Path } from "./libs/Path.sol";
import { Transfer } from "./libs/Transfer.sol";

/// @title The base contract for StargateOFT, StargatePool, StargatePoolMigratable, and StargatePoolNative.
abstract contract StargateBase is Transfer, IStargate, ITokenMessagingHandler, ICreditMessagingHandler {
    using SafeCast for uint256;

    // Stargate status
    uint8 internal constant NOT_ENTERED = 1;
    uint8 internal constant ENTERED = 2;
    uint8 internal constant PAUSED = 3;

    /// @dev The token for the Pool or OFT.
    /// @dev address(0) indicates native coin, such as ETH.
    address public immutable override token;
    /// @dev The shared decimals (lowest common decimals between chains).
    uint8 public immutable override sharedDecimals;
    /// @dev The rate between local decimals and shared decimals.
    uint256 internal immutable convertRate;

    /// @dev The local LayerZero EndpointV2.
    ILayerZeroEndpointV2 public immutable endpoint;
    /// @dev The local LayerZero endpoint ID
    uint32 public immutable localEid;

    address internal feeLib;
    /// @dev The StargateBase status.  Options include 1. NOT_ENTERED 2. ENTERED and 3. PAUSED.
    uint8 public status = NOT_ENTERED;
    /// @dev The treasury accrued fees, stored in SD.
    uint64 public treasuryFee;

    address internal creditMessaging;
    address internal lzToken;
    address internal planner;
    address internal tokenMessaging;
    address internal treasurer;

    /// @dev Mapping of paths from this chain to other chains identified by their endpoint ID.
    mapping(uint32 eid => Path path) public paths;

    /// @dev A store for tokens that could not be delivered because _outflow() failed.
    /// @dev retryReceiveToken() can be called to retry the receive.
    mapping(bytes32 guid => mapping(uint8 index => bytes32 hash)) public unreceivedTokens;

    modifier onlyCaller(address _caller) {
        if (msg.sender != _caller) revert Stargate_Unauthorized();
        _;
    }

    modifier nonReentrantAndNotPaused() {
        // On the first call to nonReentrant, _status will be _NOT_ENTERED
        if (status != NOT_ENTERED) {
            if (status == ENTERED) revert Stargate_ReentrantCall();
            revert Stargate_Paused();
        }
        // Any calls to nonReentrant after this point will fail
        status = ENTERED;
        _;
        status = NOT_ENTERED;
    }

    error Stargate_ReentrantCall();
    error Stargate_InvalidTokenDecimals();
    error Stargate_Unauthorized();
    error Stargate_SlippageTooHigh();
    error Stargate_UnreceivedTokenNotFound();
    error Stargate_OutflowFailed();
    error Stargate_InvalidAmount();
    error Stargate_InsufficientFare();
    error Stargate_InvalidPath();
    error Stargate_LzTokenUnavailable();
    error Stargate_Paused();
    error Stargate_RecoverTokenUnsupported();

    event AddressConfigSet(AddressConfig config);
    event CreditsSent(uint32 dstEid, Credit[] credits);
    event CreditsReceived(uint32 srcEid, Credit[] credits);
    event UnreceivedTokenCached(
        bytes32 guid,
        uint8 index,
        uint32 srcEid,
        address receiver,
        uint256 amountLD,
        bytes composeMsg
    );
    event OFTPathSet(uint32 dstEid, bool oft);
    event PauseSet(bool paused);
    event PlannerFeeWithdrawn(uint256 amount);
    event TreasuryFeeAdded(uint64 amountSD);
    event TreasuryFeeWithdrawn(address to, uint64 amountSD);

    struct AddressConfig {
        address feeLib;
        address planner;
        address treasurer;
        address tokenMessaging;
        address creditMessaging;
        address lzToken;
    }

    /// @notice Create a new Stargate contract
    /// @dev Reverts with InvalidTokenDecimals if the token decimals are smaller than the shared decimals.
    /// @param _token The token for the pool or oft. If the token is address(0), it is the native coin
    /// @param _tokenDecimals The number of decimals for this tokens implementation on this chain
    /// @param _sharedDecimals The number of decimals shared between all implementations of the OFT
    /// @param _endpoint The LZ endpoint contract
    /// @param _owner The owner of this contract
    constructor(address _token, uint8 _tokenDecimals, uint8 _sharedDecimals, address _endpoint, address _owner) {
        token = _token;
        if (_tokenDecimals < _sharedDecimals) revert Stargate_InvalidTokenDecimals();
        convertRate = 10 ** (_tokenDecimals - _sharedDecimals);
        sharedDecimals = _sharedDecimals;

        endpoint = ILayerZeroEndpointV2(_endpoint);
        localEid = endpoint.eid();
        _transferOwnership(_owner);
    }

    // ---------------------------------- Only Owner ------------------------------------------

    /// @notice Configure the roles for this contract.
    /// @param _config An AddressConfig object containing the addresses for the different roles used by Stargate.
    function setAddressConfig(AddressConfig calldata _config) external onlyOwner {
        feeLib = _config.feeLib;
        planner = _config.planner;
        treasurer = _config.treasurer;
        tokenMessaging = _config.tokenMessaging;
        creditMessaging = _config.creditMessaging;
        lzToken = _config.lzToken;
        emit AddressConfigSet(_config);
    }

    /// @notice Sets a given Path as using OFT or resets it from OFT.
    /// @dev Set the path as OFT if the remote chain is using OFT.
    /// @dev When migrating from OFT to pool on remote chain (e.g. migrate USDC to circles), reset the path to non-OFT.
    /// @dev Reverts with InvalidPath if the destination chain is the same as local.
    /// @param _dstEid The destination chain endpoint ID
    /// @param _oft Whether to set or reset the path
    function setOFTPath(uint32 _dstEid, bool _oft) external onlyOwner {
        if (_dstEid == localEid) revert Stargate_InvalidPath();
        paths[_dstEid].setOFTPath(_oft);
        emit OFTPathSet(_dstEid, _oft);
    }

    // ---------------------------------- Only Treasurer ------------------------------------------

    /// @notice Withdraw from the accrued fees in the treasury.
    /// @param _to The destination account
    /// @param _amountSD The amount to withdraw in SD
    function withdrawTreasuryFee(address _to, uint64 _amountSD) external onlyCaller(treasurer) {
        treasuryFee -= _amountSD;
        _safeOutflow(_to, _sd2ld(_amountSD));
        emit TreasuryFeeWithdrawn(_to, _amountSD);
    }

    /// @notice Add tokens to the treasury, from the senders account.
    /// @dev Only used for increasing the overall budget for transaction rewards
    /// @dev The treasuryFee is essentially the reward pool.
    /// @dev Rewards are capped to the treasury amount, which limits exposure so
    /// @dev Stargate does not pay beyond what it's charged.
    /// @param _amountLD The amount to add in LD
    function addTreasuryFee(uint256 _amountLD) external payable onlyCaller(treasurer) {
        _assertMsgValue(_amountLD);
        uint64 amountSD = _inflow(msg.sender, _amountLD);
        treasuryFee += amountSD;
        emit TreasuryFeeAdded(amountSD);
    }

    /// @dev Recover tokens sent to this contract by mistake.
    /// @dev Only the treasurer can recover the token.
    /// @dev Reverts with Stargate_RecoverTokenUnsupported if the treasurer attempts to withdraw StargateBase.token().
    /// @param _token the token to recover. if 0x0 then it is native token
    /// @param _to the address to send the token to
    /// @param _amount the amount to send
    function recoverToken(
        address _token,
        address _to,
        uint256 _amount
    ) public virtual nonReentrantAndNotPaused onlyCaller(treasurer) returns (uint256) {
        /// @dev Excess native is considered planner accumulated fees.
        if (_token == address(0)) revert Stargate_RecoverTokenUnsupported();
        Transfer.safeTransfer(_token, _to, _amount, false);
        return _amount;
    }

    // ---------------------------------- Only Planner ------------------------------------------

    /// @notice Pause or unpause a Stargate
    /// @dev Be careful with this call, as it unsets the re-entry guard.
    /// @param _paused Whether to pause or unpause the stargate
    function setPause(bool _paused) external onlyCaller(planner) {
        if (status == ENTERED) revert Stargate_ReentrantCall();
        status = _paused ? PAUSED : NOT_ENTERED;
        emit PauseSet(_paused);
    }

    function _plannerFee() internal view virtual returns (uint256) {
        return address(this).balance;
    }

    function plannerFee() external view returns (uint256 available) {
        available = _plannerFee();
    }

    /// @notice Withdraw planner fees accumulated in StargateBase.
    /// @dev The planner fee is accumulated in StargateBase to avoid the cost of passing msg.value to TokenMessaging.
    function withdrawPlannerFee() external virtual onlyCaller(planner) {
        uint256 available = _plannerFee();
        Transfer.safeTransferNative(msg.sender, available, false);
        emit PlannerFeeWithdrawn(available);
    }

    // ------------------------------- Public Functions ---------------------------------------

    /// @notice Send tokens through the Stargate
    /// @dev Emits OFTSent when the send is successful
    /// @param _sendParam The SendParam object detailing the transaction
    /// @param _fee The MessagingFee object describing the fee to pay
    /// @param _refundAddress The address to refund any LZ fees paid in excess
    /// @return msgReceipt The receipt proving the message was sent
    /// @return oftReceipt The receipt proving the OFT swap
    function send(
        SendParam calldata _sendParam,
        MessagingFee calldata _fee,
        address _refundAddress
    ) external payable override returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt) {
        (msgReceipt, oftReceipt, ) = sendToken(_sendParam, _fee, _refundAddress);
    }

    function sendToken(
        SendParam calldata _sendParam,
        MessagingFee calldata _fee,
        address _refundAddress
    )
        public
        payable
        override
        nonReentrantAndNotPaused
        returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt, Ticket memory ticket)
    {
        // step 1: assets inflows and apply the fee to the input amount
        (bool isTaxi, uint64 amountInSD, uint64 amountOutSD) = _inflowAndCharge(_sendParam);

        // step 2: generate the oft receipt
        oftReceipt = OFTReceipt(_sd2ld(amountInSD), _sd2ld(amountOutSD));

        // step 3: assert the messaging fee
        MessagingFee memory messagingFee = _assertMessagingFee(_fee, oftReceipt.amountSentLD);

        // step 4: send the token depending on the mode Taxi or Bus
        if (isTaxi) {
            msgReceipt = _taxi(_sendParam, messagingFee, amountOutSD, _refundAddress);
        } else {
            (msgReceipt, ticket) = _rideBus(_sendParam, messagingFee, amountOutSD, _refundAddress);
        }

        emit OFTSent(
            msgReceipt.guid,
            _sendParam.dstEid,
            msg.sender,
            oftReceipt.amountSentLD,
            oftReceipt.amountReceivedLD
        );
    }

    /// @notice Retry receiving a token that initially failed.
    /// @dev The message has been delivered by the Messaging layer, so it is ok for anyone to retry.
    /// @dev try to receive the token if the previous attempt failed in lzReceive
    /// @dev Reverts with UnreceivedTokenNotFound if the message is not found in the cache
    /// @dev Emits OFTReceived if the receive succeeds
    /// @param _guid The global unique ID for the message that failed
    /// @param _index The index of the message that failed
    /// @param _srcEid The source endpoint ID for the message that failed
    /// @param _receiver The account receiver for the message that failed
    /// @param _amountLD The amount of tokens in LD to transfer to the account
    /// @param _composeMsg The bytes representing the compose message in the message that failed
    function retryReceiveToken(
        bytes32 _guid,
        uint8 _index,
        uint32 _srcEid,
        address _receiver,
        uint256 _amountLD,
        bytes calldata _composeMsg
    ) external nonReentrantAndNotPaused {
        if (unreceivedTokens[_guid][_index] != keccak256(abi.encodePacked(_srcEid, _receiver, _amountLD, _composeMsg)))
            revert Stargate_UnreceivedTokenNotFound();
        delete unreceivedTokens[_guid][_index];

        _safeOutflow(_receiver, _amountLD);
        _postOutflow(_ld2sd(_amountLD));
        if (_composeMsg.length > 0) {
            endpoint.sendCompose(_receiver, _guid, 0, _composeMsg);
        }
        emit OFTReceived(_guid, _srcEid, _receiver, _amountLD);
    }

    // ------------------------------- Only Messaging ---------------------------------------

    /// @notice Entrypoint for receiving tokens
    /// @dev Emits OFTReceived when the OFT token is correctly received
    /// @dev Emits UnreceivedTokenCached when the OFT token is not received
    /// @param _origin The Origin struct describing the origin, useful for composing
    /// @param _guid The global unique ID for this message, useful for composing
    function receiveTokenBus(
        Origin calldata _origin,
        bytes32 _guid,
        uint8 _seatNumber,
        address _receiver,
        uint64 _amountSD
    ) external nonReentrantAndNotPaused onlyCaller(tokenMessaging) {
        uint256 amountLD = _sd2ld(_amountSD);

        bool success = _outflow(_receiver, amountLD);
        if (success) {
            _postOutflow(_amountSD);
            emit OFTReceived(_guid, _origin.srcEid, _receiver, amountLD);
        } else {
            /**
             * @dev The busRide mode does not support composeMsg in any form. Thus we hardcode it to ""
             */
            unreceivedTokens[_guid][_seatNumber] = keccak256(abi.encodePacked(_origin.srcEid, _receiver, amountLD, ""));
            emit UnreceivedTokenCached(_guid, _seatNumber, _origin.srcEid, _receiver, amountLD, "");
        }
    }

    // taxi mode
    function receiveTokenTaxi(
        Origin calldata _origin,
        bytes32 _guid,
        address _receiver,
        uint64 _amountSD,
        bytes calldata _composeMsg
    ) external nonReentrantAndNotPaused onlyCaller(tokenMessaging) {
        uint256 amountLD = _sd2ld(_amountSD);
        bool hasCompose = _composeMsg.length > 0;
        bytes memory composeMsg;
        if (hasCompose) {
            composeMsg = OFTComposeMsgCodec.encode(_origin.nonce, _origin.srcEid, amountLD, _composeMsg);
        }

        bool success = _outflow(_receiver, amountLD);
        if (success) {
            _postOutflow(_amountSD);
            // send the composeMsg to the endpoint
            if (hasCompose) {
                endpoint.sendCompose(_receiver, _guid, 0, composeMsg);
            }
            emit OFTReceived(_guid, _origin.srcEid, _receiver, amountLD);
        } else {
            /**
             * @dev We use the '0' index to represent the seat number. This is because for a type 'taxi' msg,
             *      there is only ever one corresponding receiveTokenTaxi function per GUID.
             */
            unreceivedTokens[_guid][0] = keccak256(abi.encodePacked(_origin.srcEid, _receiver, amountLD, composeMsg));
            emit UnreceivedTokenCached(_guid, 0, _origin.srcEid, _receiver, amountLD, composeMsg);
        }
    }

    function sendCredits(
        uint32 _dstEid,
        TargetCredit[] calldata _credits
    ) external nonReentrantAndNotPaused onlyCaller(creditMessaging) returns (Credit[] memory) {
        Credit[] memory credits = new Credit[](_credits.length);
        uint256 index = 0;
        for (uint256 i = 0; i < _credits.length; i++) {
            TargetCredit calldata c = _credits[i];
            uint64 decreased = paths[c.srcEid].tryDecreaseCredit(c.amount, c.minAmount);
            if (decreased > 0) credits[index++] = Credit(c.srcEid, decreased);
        }
        // resize the array to the actual number of credits
        assembly {
            mstore(credits, index)
        }
        emit CreditsSent(_dstEid, credits);
        return credits;
    }

    /// @notice Entrypoint for receiving credits into paths
    /// @dev Emits CreditsReceived when credits are received
    /// @param _srcEid The endpoint ID of the source of credits
    /// @param _credits An array indicating to which paths and how much credits to add
    function receiveCredits(
        uint32 _srcEid,
        Credit[] calldata _credits
    ) external nonReentrantAndNotPaused onlyCaller(creditMessaging) {
        for (uint256 i = 0; i < _credits.length; i++) {
            Credit calldata c = _credits[i];
            paths[c.srcEid].increaseCredit(c.amount);
        }
        emit CreditsReceived(_srcEid, _credits);
    }

    // ---------------------------------- View Functions ------------------------------------------

    /// @notice Provides a quote for sending OFT to another chain.
    /// @dev Implements the IOFT interface
    /// @param _sendParam The parameters for the send operation
    /// @return limit The information on OFT transfer limits
    /// @return oftFeeDetails The details of OFT transaction cost or reward
    /// @return receipt The OFT receipt information, indicating how many tokens would be sent and received
    function quoteOFT(
        SendParam calldata _sendParam
    ) external view returns (OFTLimit memory limit, OFTFeeDetail[] memory oftFeeDetails, OFTReceipt memory receipt) {
        // cap the transfer to the paths limit
        limit = OFTLimit(_sd2ld(1), _sd2ld(paths[_sendParam.dstEid].credit));

        // get the expected amount in the destination chain from FeeLib
        uint64 amountInSD = _ld2sd(_sendParam.amountLD > limit.maxAmountLD ? limit.maxAmountLD : _sendParam.amountLD);
        FeeParams memory params = _buildFeeParams(_sendParam.dstEid, amountInSD, _isTaxiMode(_sendParam.oftCmd));
        uint64 amountOutSD = IStargateFeeLib(feeLib).applyFeeView(params);

        // fill in the FeeDetails if there is a fee or reward
        if (amountOutSD != amountInSD) {
            oftFeeDetails = new OFTFeeDetail[](1);
            if (amountOutSD < amountInSD) {
                // fee
                oftFeeDetails[0] = OFTFeeDetail(-1 * _sd2ld(amountInSD - amountOutSD).toInt256(), "protocol fee");
            } else if (amountOutSD > amountInSD) {
                // reward
                uint64 reward = amountOutSD - amountInSD;
                (amountOutSD, reward) = _capReward(amountOutSD, reward);
                if (amountOutSD == amountInSD) {
                    // hide the Fee detail if the reward is capped to 0
                    oftFeeDetails = new OFTFeeDetail[](0);
                } else {
                    oftFeeDetails[0] = OFTFeeDetail(_sd2ld(reward).toInt256(), "reward");
                }
            }
        }

        receipt = OFTReceipt(_sd2ld(amountInSD), _sd2ld(amountOutSD));
    }

    /// @notice Provides a quote for the send() operation.
    /// @dev Implements the IOFT interface.
    /// @dev Reverts with InvalidAmount if send mode is drive but value is specified.
    /// @param _sendParam The parameters for the send() operation
    /// @param _payInLzToken Flag indicating whether the caller is paying in the LZ token
    /// @return fee The calculated LayerZero messaging fee from the send() operation
    /// @dev MessagingFee: LayerZero message fee
    ///   - nativeFee: The native fee.
    ///   - lzTokenFee: The LZ token fee.
    function quoteSend(
        SendParam calldata _sendParam,
        bool _payInLzToken
    ) external view returns (MessagingFee memory fee) {
        uint64 amountSD = _ld2sd(_sendParam.amountLD);
        if (amountSD == 0) revert Stargate_InvalidAmount();

        bool isTaxi = _isTaxiMode(_sendParam.oftCmd);
        if (isTaxi) {
            fee = ITokenMessaging(tokenMessaging).quoteTaxi(
                TaxiParams({
                    sender: msg.sender,
                    dstEid: _sendParam.dstEid,
                    receiver: _sendParam.to,
                    amountSD: amountSD,
                    composeMsg: _sendParam.composeMsg,
                    extraOptions: _sendParam.extraOptions
                }),
                _payInLzToken
            );
        } else {
            bool nativeDrop = _sendParam.extraOptions.length > 0;
            fee = ITokenMessaging(tokenMessaging).quoteRideBus(_sendParam.dstEid, nativeDrop);
        }
    }

    /// @notice Returns the current roles configured.
    /// @return An AddressConfig struct containing the current configuration
    function getAddressConfig() external view returns (AddressConfig memory) {
        return
            AddressConfig({
                feeLib: feeLib,
                planner: planner,
                treasurer: treasurer,
                tokenMessaging: tokenMessaging,
                creditMessaging: creditMessaging,
                lzToken: lzToken
            });
    }

    /// @notice Get the OFT version information
    /// @dev Implements the IOFT interface.
    /// @dev 0 version means the message encoding is not compatible with the default OFT.
    /// @return interfaceId The ERC165 interface ID for this contract
    /// @return version The cross-chain compatible message encoding version.
    function oftVersion() external pure override returns (bytes4 interfaceId, uint64 version) {
        return (type(IOFT).interfaceId, 0);
    }

    /// @notice Indicates whether the OFT contract requires approval of the 'token()' to send.
    /// @dev Implements the IOFT interface.
    /// @return Whether approval of the underlying token implementation is required
    function approvalRequired() external pure override returns (bool) {
        return true;
    }

    // ---------------------------------- Internal Functions ------------------------------------------

    /// @notice Ingest value into the contract and charge the Stargate fee.
    /// @dev This is triggered when value is transferred from an account into Stargate to execute a swap.
    /// @param _sendParam A SendParam struct containing the swap information
    function _inflowAndCharge(
        SendParam calldata _sendParam
    ) internal returns (bool isTaxi, uint64 amountInSD, uint64 amountOutSD) {
        isTaxi = _isTaxiMode(_sendParam.oftCmd);
        amountInSD = _inflow(msg.sender, _sendParam.amountLD);

        FeeParams memory feeParams = _buildFeeParams(_sendParam.dstEid, amountInSD, isTaxi);

        amountOutSD = _chargeFee(feeParams, _ld2sd(_sendParam.minAmountLD));

        paths[_sendParam.dstEid].decreaseCredit(amountOutSD); // remove the credit from the path
        _postInflow(amountOutSD); // post inflow actions with the amount deducted by the fee
    }

    /// @notice Consult the FeeLib the fee/reward for sending this token
    /// @dev Reverts with SlippageTooHigh when the slippage amount sent would be below the desired minimum or zero.
    /// @return amountOutSD The actual amount that would be sent after applying fees/rewards
    function _chargeFee(FeeParams memory _feeParams, uint64 _minAmountOutSD) internal returns (uint64 amountOutSD) {
        // get the output amount from the fee library
        amountOutSD = IStargateFeeLib(feeLib).applyFee(_feeParams);

        uint64 amountInSD = _feeParams.amountInSD;
        if (amountOutSD < amountInSD) {
            // fee
            treasuryFee += amountInSD - amountOutSD;
        } else if (amountOutSD > amountInSD) {
            // reward
            uint64 reward = amountOutSD - amountInSD;
            (amountOutSD, reward) = _capReward(amountOutSD, reward);
            if (reward > 0) treasuryFee -= reward;
        }

        if (amountOutSD < _minAmountOutSD || amountOutSD == 0) revert Stargate_SlippageTooHigh(); // 0 not allowed
    }

    function _taxi(
        SendParam calldata _sendParam,
        MessagingFee memory _messagingFee,
        uint64 _amountSD,
        address _refundAddress
    ) internal returns (MessagingReceipt memory receipt) {
        if (_messagingFee.lzTokenFee > 0) _payLzToken(_messagingFee.lzTokenFee); // handle lz token fee

        receipt = ITokenMessaging(tokenMessaging).taxi{ value: _messagingFee.nativeFee }(
            TaxiParams({
                sender: msg.sender,
                dstEid: _sendParam.dstEid,
                receiver: _sendParam.to,
                amountSD: _amountSD,
                composeMsg: _sendParam.composeMsg,
                extraOptions: _sendParam.extraOptions
            }),
            _messagingFee,
            _refundAddress
        );
    }

    function _rideBus(
        SendParam calldata _sendParam,
        MessagingFee memory _messagingFee,
        uint64 _amountSD,
        address _refundAddress
    ) internal virtual returns (MessagingReceipt memory receipt, Ticket memory ticket) {
        if (_messagingFee.lzTokenFee > 0) revert Stargate_LzTokenUnavailable();

        (receipt, ticket) = ITokenMessaging(tokenMessaging).rideBus(
            RideBusParams({
                sender: msg.sender,
                dstEid: _sendParam.dstEid,
                receiver: _sendParam.to,
                amountSD: _amountSD,
                nativeDrop: _sendParam.extraOptions.length > 0
            })
        );

        uint256 busFare = receipt.fee.nativeFee;
        uint256 providedFare = _messagingFee.nativeFee;

        // assert sufficient nativeFee was provided to cover the fare
        if (busFare == providedFare) {
            // return; Do nothing in this case
        } else if (providedFare > busFare) {
            uint256 refund;
            unchecked {
                refund = providedFare - busFare;
            }
            Transfer.transferNative(_refundAddress, refund, false); // no gas limit to refund
        } else {
            revert Stargate_InsufficientFare();
        }
    }

    /// @notice Pay the LZ fee in LZ tokens.
    /// @dev Reverts with LzTokenUnavailable if the LZ token OFT has not been set.
    /// @param _lzTokenFee The fee to pay in LZ tokens
    function _payLzToken(uint256 _lzTokenFee) internal {
        address lzTkn = lzToken;
        if (lzTkn == address(0)) revert Stargate_LzTokenUnavailable();
        Transfer.safeTransferTokenFrom(lzTkn, msg.sender, address(endpoint), _lzTokenFee);
    }

    /// @notice Translate an amount in SD to LD
    /// @dev Since SD <= LD by definition, convertRate >= 1, so there is no rounding errors in this function.
    /// @param _amountSD The amount in SD
    /// @return amountLD The same value expressed in LD
    function _sd2ld(uint64 _amountSD) internal view returns (uint256 amountLD) {
        unchecked {
            amountLD = _amountSD * convertRate;
        }
    }

    /// @notice Translate an value in LD to SD
    /// @dev Since SD <= LD by definition, convertRate >= 1, so there might be rounding during the cast.
    /// @param _amountLD The value in LD
    /// @return amountSD The same value expressed in SD
    function _ld2sd(uint256 _amountLD) internal view returns (uint64 amountSD) {
        unchecked {
            amountSD = SafeCast.toUint64(_amountLD / convertRate);
        }
    }

    /// @dev if _cmd is empty, Taxi mode. Otherwise, Bus mode
    function _isTaxiMode(bytes calldata _oftCmd) internal pure returns (bool) {
        return _oftCmd.length == 0;
    }

    // ---------------------------------- Virtual Functions ------------------------------------------

    /// @notice Limits the reward awarded when withdrawing value.
    /// @param _amountOutSD The amount of expected on the destination chain in SD
    /// @param _reward The initial calculated reward by FeeLib
    /// @return newAmountOutSD The actual amount to be delivered on the destination chain
    /// @return newReward The actual reward after applying any caps
    function _capReward(
        uint64 _amountOutSD,
        uint64 _reward
    ) internal view virtual returns (uint64 newAmountOutSD, uint64 newReward);

    /// @notice Hook called when there is ingress of value into the contract.
    /// @param _from The account from which to obtain the value
    /// @param _amountLD The amount of tokens to get from the account in LD
    /// @return amountSD The actual amount of tokens in SD that got into the Stargate
    function _inflow(address _from, uint256 _amountLD) internal virtual returns (uint64 amountSD);

    /// @notice Hook called when there is egress of value out of the contract.
    /// @return success Whether the outflow was successful
    function _outflow(address _to, uint256 _amountLD) internal virtual returns (bool success);

    /// @notice Hook called when there is egress of value out of the contract.
    /// @dev Reverts with OutflowFailed when the outflow hook fails
    function _safeOutflow(address _to, uint256 _amountLD) internal virtual {
        bool success = _outflow(_to, _amountLD);
        if (!success) revert Stargate_OutflowFailed();
    }

    /// @notice Ensure that the value passed through the message equals the native fee
    /// @dev the native fee should be the same as msg value by default
    /// @dev Reverts with InvalidAmount if the native fee does not match the value passed.
    /// @param _fee The MessagingFee object containing the expected fee
    /// @return The messaging fee object
    function _assertMessagingFee(
        MessagingFee memory _fee,
        uint256 /*_amountInLD*/
    ) internal view virtual returns (MessagingFee memory) {
        if (_fee.nativeFee != msg.value) revert Stargate_InvalidAmount();
        return _fee;
    }

    /// @notice Ensure the msg.value is as expected.
    /// @dev Override this contract to provide a specific validation.
    /// @dev This implementation will revert if value is passed, because we do not expect value except for
    /// @dev the native token when adding to the treasury.
    /// @dev Reverts with InvalidAmount if msg.value > 0
    function _assertMsgValue(uint256 /*_amountLD*/) internal view virtual {
        if (msg.value > 0) revert Stargate_InvalidAmount();
    }

    /// @dev Build the FeeParams object for the FeeLib
    /// @param _dstEid The destination endpoint ID
    /// @param _amountInSD The amount to send in SD
    /// @param _isTaxi Whether this send is riding the bus or taxing
    function _buildFeeParams(
        uint32 _dstEid,
        uint64 _amountInSD,
        bool _isTaxi
    ) internal view virtual returns (FeeParams memory);

    /// @notice Hook called after the inflow of value into the contract by sendToken().
    /// Function meant to be overridden
    // solhint-disable-next-line no-empty-blocks
    function _postInflow(uint64 _amountSD) internal virtual {}

    /// @notice Hook called after the outflow of value out of the contract by receiveToken().
    /// Function meant to be overridden
    // solhint-disable-next-line no-empty-blocks
    function _postOutflow(uint64 _amountSD) internal virtual {}
}

File 121 of 159 : StargateOFT.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20Metadata } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";

import { StargateType } from "./interfaces/IStargate.sol";
import { IERC20Minter } from "./interfaces/IERC20Minter.sol";
import { StargateBase, FeeParams } from "./StargateBase.sol";

/// @title A Stargate contract representing an OFT. This contract will burn OFTs when sending tokens
/// @title to other chains and mint tokens when receiving them from other chains.
contract StargateOFT is StargateBase {
    /// @notice Create a StargateOFT contract administering an OFT.
    /// @param _token The OFT to administer
    /// @param _sharedDecimals The minimum number of decimals used to represent value in this OFT
    /// @param _endpoint The LZ endpoint address
    /// @param _owner The account owning this contract
    constructor(
        address _token,
        uint8 _sharedDecimals,
        address _endpoint,
        address _owner
    ) StargateBase(_token, IERC20Metadata(_token).decimals(), _sharedDecimals, _endpoint, _owner) {}

    /// @notice Burn tokens to represent their removal from the local chain
    /// @param _from The address to burn tokens from
    /// @param _amount How many tokens to burn in LD
    /// @return amountSD The amount burned in SD
    function _inflow(address _from, uint256 _amount) internal virtual override returns (uint64 amountSD) {
        amountSD = _ld2sd(_amount);
        IERC20Minter(token).burnFrom(_from, _sd2ld(amountSD)); // remove dust and burn
    }

    /// @notice Mint tokens to represent their lading into the local chain
    /// @param _to The account to mint tokens for
    /// @param _amount The amount of tokens to mint
    /// @return success Whether the minting was successful
    function _outflow(address _to, uint256 _amount) internal virtual override returns (bool success) {
        try IERC20Minter(token).mint(_to, _amount) {
            success = true;
        } catch {} // solhint-disable-line no-empty-blocks
    }

    /// @notice Limits the reward awarded when withdrawing value.
    /// @dev Concretes the StargateBase contract.
    /// @dev Reward is not allowed for OFT, so 0 is returned.
    /// @dev reward is calculated as amountOut - amountIn, so amountIn = amountOut - reward,
    /// @dev this removes the reward and sets the exchange rate to 1:1 local:remote
    /// @param _amountOutSD The amount of tokens expected on the destination chain in SD
    /// @param _reward The initially calculated reward by FeeLib
    /// @return newAmountOutSD The actual amount to be withdrawn expected on the destination chain
    /// @return newReward The actual reward after applying any caps
    function _capReward(
        uint64 _amountOutSD,
        uint64 _reward
    ) internal pure override returns (uint64 newAmountOutSD, uint64 newReward) {
        unchecked {
            newAmountOutSD = _amountOutSD - _reward;
        }
        newReward = 0;
    }

    /// @notice Returns the type of Stargate contract.
    /// @dev Fulfills the IStargate interface.
    /// @return The type of Stargate contract
    function stargateType() external pure override returns (StargateType) {
        return StargateType.OFT;
    }

    function _buildFeeParams(
        uint32 _dstEid,
        uint64 _amountInSD,
        bool _isTaxi
    ) internal view override returns (FeeParams memory) {
        return FeeParams(msg.sender, _dstEid, _amountInSD, 0, paths[_dstEid].isOFTPath(), _isTaxi);
    }
}

File 122 of 159 : StargatePool.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

import { StargateType, MessagingReceipt, MessagingFee, SendParam, OFTReceipt } from "./interfaces/IStargate.sol";
import { IStargatePool } from "./interfaces/IStargatePool.sol";
import { ITokenMessaging, TaxiParams } from "./interfaces/ITokenMessaging.sol";
import { Transfer } from "./libs/Transfer.sol";
import { StargateBase, FeeParams } from "./StargateBase.sol";
import { LPToken } from "./utils/LPToken.sol";

/// @title A Stargate contract representing a liquidity pool. Users can deposit tokens into the pool and receive
/// @title LP tokens in exchange, which can be later be redeemed to recover their deposit and a reward which is
/// @title a fraction of the fee accrued by the liquidity pool during the staking time.
contract StargatePool is StargateBase, IStargatePool {
    LPToken internal immutable lp;

    uint64 internal tvlSD;
    uint64 internal poolBalanceSD;
    uint64 internal deficitOffsetSD;

    event Deposited(address indexed payer, address indexed receiver, uint256 amountLD);
    event Redeemed(address indexed payer, address indexed receiver, uint256 amountLD);

    error Stargate_OnlyTaxi();

    /// @notice Create a Stargate pool to provide liquidity. This also creates the LP token contract.
    /// @param _lpTokenName The name for the LP token
    /// @param _lpTokenSymbol The symbol for the LP token
    /// @param _token The token for the pool or oft. If the token is address(0), it is the native coin
    /// @param _tokenDecimals The number of decimals for this tokens implementation on this chain
    /// @param _sharedDecimals The number of decimals shared between all implementations of the OFT
    /// @param _endpoint The LZ endpoint contract
    /// @param _owner The owner of this contract
    constructor(
        string memory _lpTokenName,
        string memory _lpTokenSymbol,
        address _token,
        uint8 _tokenDecimals,
        uint8 _sharedDecimals,
        address _endpoint,
        address _owner
    ) StargateBase(_token, _tokenDecimals, _sharedDecimals, _endpoint, _owner) {
        lp = new LPToken(_lpTokenName, _lpTokenSymbol, _tokenDecimals);
    }

    // -------- LP operations --------

    /// @notice Deposit token into the pool
    /// @dev Emits Deposited when the token is deposited
    /// @param _receiver The account to mint the LP tokens to
    /// @param _amountLD The amount of tokens to deposit in LD
    /// @return amountLD The actual amount of tokens deposited in LD
    function deposit(
        address _receiver,
        uint256 _amountLD
    ) external payable nonReentrantAndNotPaused returns (uint256 amountLD) {
        // charge the sender
        _assertMsgValue(_amountLD);
        uint64 amountSD = _inflow(msg.sender, _amountLD);
        _postInflow(amountSD); // increase the local credit and pool balance

        // mint LP token to the receiver
        amountLD = _sd2ld(amountSD);
        lp.mint(_receiver, amountLD);
        tvlSD += amountSD;
        emit Deposited(msg.sender, _receiver, amountLD);
    }

    /// @notice Redeem the LP token of the sender and return the underlying token to receiver
    /// @dev Emits Redeemed when the LP tokens are redeemed successfully.
    /// @dev Reverts if the sender does not hold enough LP tokens or if the pool does not have enough credit.
    /// @param _amountLD The amount of LP token to redeem in LD
    /// @param _receiver The account to which to return the underlying tokens
    /// @return amountLD The amount of LP token burned and the amount of underlying token sent to the receiver
    function redeem(uint256 _amountLD, address _receiver) external nonReentrantAndNotPaused returns (uint256 amountLD) {
        uint64 amountSD = _ld2sd(_amountLD);
        paths[localEid].decreaseCredit(amountSD);

        // de-dust LP token
        amountLD = _sd2ld(amountSD);
        // burn LP token. Will revert if the sender doesn't have enough LP token
        lp.burnFrom(msg.sender, amountLD);
        tvlSD -= amountSD;

        // send the underlying token from the pool to the receiver
        _safeOutflow(_receiver, amountLD);
        _postOutflow(amountSD); // decrease the pool balance

        emit Redeemed(msg.sender, _receiver, amountLD);
    }

    /// @notice Redeem LP tokens and use the withdrawn tokens to execute a send
    /// @dev Emits Redeemed when the LP tokens are redeemed successfully.
    /// @dev Emits OFTSent when the LP tokens are redeemed successfully.
    /// @param _sendParam The RedeemSendParam object describing the redeem and send
    /// @param _fee The MessagingFee describing the fee to pay for the send
    /// @param _refundAddress The address to refund any LZ fees paid in excess
    /// @return msgReceipt The messaging receipt proving the send
    /// @return oftReceipt The OFT receipt proving the send
    function redeemSend(
        SendParam calldata _sendParam,
        MessagingFee calldata _fee,
        address _refundAddress
    )
        external
        payable
        nonReentrantAndNotPaused
        returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt)
    {
        if (!_isTaxiMode(_sendParam.oftCmd)) revert Stargate_OnlyTaxi();

        // remove the dust
        uint64 amountInSD = _ld2sd(_sendParam.amountLD);
        uint256 amountInLD = _sd2ld(amountInSD);

        // burn LP token of 'msg.sender'. it will revert if the sender doesn't have enough LP token
        lp.burnFrom(msg.sender, amountInLD);
        emit Redeemed(msg.sender, address(0), amountInLD);

        // charge fees and handle credit
        FeeParams memory feeParams = _buildFeeParams(_sendParam.dstEid, amountInSD, true);
        uint64 amountOutSD = _chargeFee(feeParams, _ld2sd(_sendParam.minAmountLD));

        // need to update the TVL after charging the fee, otherwise the deficit will be wrong
        tvlSD -= amountInSD;

        // handle credit and pool balance
        // due to the both of them are already increased when deposit, so if
        // 1) the amountOutSD is less than amountInSD, the fee should be removed from both of them
        // 2) the amountOutSD is more than amountInSD, the reward should be added to both of them
        paths[_sendParam.dstEid].decreaseCredit(amountOutSD);
        if (amountInSD > amountOutSD) {
            // fee
            uint64 fee = amountInSD - amountOutSD;
            paths[localEid].decreaseCredit(fee);
            poolBalanceSD -= fee;
        } else if (amountInSD < amountOutSD) {
            // reward
            uint64 reward = amountOutSD - amountInSD;
            paths[localEid].increaseCredit(reward);
            poolBalanceSD += reward;
        }

        // send the token to the receiver
        MessagingFee memory messagingFee = _assertMessagingFee(_fee, 0);
        msgReceipt = _taxi(_sendParam, messagingFee, amountOutSD, _refundAddress);
        oftReceipt = OFTReceipt(amountInLD, _sd2ld(amountOutSD));
        emit OFTSent(msgReceipt.guid, _sendParam.dstEid, msg.sender, amountInLD, oftReceipt.amountReceivedLD);
    }

    /// @notice Get how many LP tokens can be redeemed by a given account.
    /// @dev Use 0x0 to get the total maximum redeemable (since its capped to the local credit)
    /// @param _owner The account to check for
    /// @return amountLD The max amount of LP tokens redeemable by the account
    function redeemable(address _owner) external view returns (uint256 amountLD) {
        uint256 cap = _sd2ld(paths[localEid].credit);
        if (_owner == address(0)) {
            amountLD = cap;
        } else {
            uint256 userLp = lp.balanceOf(_owner);
            amountLD = cap > userLp ? userLp : cap;
        }
    }

    /// @notice Get a quote on the fee associated with a RedeemSend operation
    /// @param _sendParam The RedeemSendParam object describing the RedeemSend
    /// @param _payInLzToken Whether to pay the LZ fee in LZ token
    /// @return fee The MessagingFee object that describes the Fee that would be associated with this RedeemSend
    function quoteRedeemSend(
        SendParam calldata _sendParam,
        bool _payInLzToken
    ) external view returns (MessagingFee memory fee) {
        if (!_isTaxiMode(_sendParam.oftCmd)) revert Stargate_OnlyTaxi();
        uint64 amountInSD = _ld2sd(_sendParam.amountLD);
        fee = ITokenMessaging(tokenMessaging).quoteTaxi(
            TaxiParams({
                sender: msg.sender,
                dstEid: _sendParam.dstEid,
                receiver: _sendParam.to,
                amountSD: amountInSD,
                composeMsg: _sendParam.composeMsg,
                extraOptions: _sendParam.extraOptions
            }),
            _payInLzToken
        );
    }

    /// @notice Get the total value locked in this pool
    /// @dev The TVL of the pool is the total supply of the LP token since they are minted 1:1.
    /// @return The total value locked in LD
    function tvl() external view override returns (uint256) {
        return _sd2ld(tvlSD);
    }

    /// @notice Get the current pool balance
    /// @dev The pool balance is the total amount of tokens in the pool, it reflects liquidity.
    /// @return The pool balance in LD
    function poolBalance() external view override returns (uint256) {
        return _sd2ld(poolBalanceSD);
    }

    /// @notice Get the current deficit offset
    /// @dev The deficit offset allows manipulation of the ideal pool liquidity beyond surplus 0.
    /// @return The deficit offset in LD
    function deficitOffset() external view returns (uint256) {
        return _sd2ld(deficitOffsetSD);
    }

    /// @notice Returns the type of Stargate contract.
    /// @dev Fulfills the IStargate interface.
    /// @return The type of Stargate contract
    function stargateType() external pure override returns (StargateType) {
        return StargateType.Pool;
    }

    /// @notice Returns the LP token contract used to represent pool ownership.
    /// @return The address of the LP token contract.
    function lpToken() external view override returns (address) {
        return address(lp);
    }

    /// @notice Limits the reward awarded when withdrawing value.
    /// @dev Concretes the StargateBase contract.
    /// @dev Liquidity pools cap the reward to the total fees accrued in the treasury.
    /// @param _amountOutSD The amount of tokens expected on the destination chain in SD
    /// @param _reward The initial calculated reward by FeeLib
    /// @return newAmountOutSD The actual amount to be received on the destination chain
    /// @return newReward The actual reward after applying any caps
    function _capReward(uint64 _amountOutSD, uint64 _reward) internal view override returns (uint64, uint64) {
        uint64 rewardCap = treasuryFee;
        if (_reward > rewardCap) {
            // exceeds cap, recalculate with new reward
            unchecked {
                return (_amountOutSD - _reward + rewardCap, rewardCap);
            }
        } else {
            // lower than cap, return the original values
            return (_amountOutSD, _reward);
        }
    }

    /// @notice Increase the local credit and pool balance
    function _postInflow(uint64 _amountSD) internal override {
        paths[localEid].increaseCredit(_amountSD);
        poolBalanceSD += _amountSD;
    }

    /// @notice Decrease the pool balance
    function _postOutflow(uint64 _amountSD) internal override {
        poolBalanceSD -= _amountSD;
    }

    /// @notice Charge an account an amount of pooled tokens.
    /// @dev Reverts if the charge can not be completed.
    /// @param _from The account to charge
    /// @param _amountLD How many tokens to charge in LD
    /// @return amountSD The amount of tokens charged in SD
    function _inflow(address _from, uint256 _amountLD) internal virtual override returns (uint64 amountSD) {
        amountSD = _ld2sd(_amountLD);
        Transfer.safeTransferTokenFrom(token, _from, address(this), _sd2ld(amountSD)); // remove the dust and transfer
    }

    /// @notice Transfer a token from the pool to an account.
    /// @param _to The destination account
    /// @param _amountLD How many tokens to transfer in LD
    /// @return success Whether the transfer succeeded or not
    function _outflow(address _to, uint256 _amountLD) internal virtual override returns (bool success) {
        success = Transfer.transferToken(token, _to, _amountLD);
    }

    function _buildFeeParams(
        uint32 _dstEid,
        uint64 _amountInSD,
        bool _isTaxi
    ) internal view override returns (FeeParams memory) {
        uint64 t = tvlSD + deficitOffsetSD;
        uint64 deficitSD = t > poolBalanceSD ? t - poolBalanceSD : 0;
        return FeeParams(msg.sender, _dstEid, _amountInSD, deficitSD, paths[_dstEid].isOFTPath(), _isTaxi);
    }

    // ---------------------------------- Only Treasurer ------------------------------------------

    function recoverToken(
        address _token,
        address _to,
        uint256 _amount
    ) public virtual override onlyCaller(treasurer) returns (uint256) {
        // only allow to recover the excess of poolBalanceSD + treasuryFee if the token is the pool token
        if (_token == token) {
            uint256 cap = _thisBalance() - _sd2ld(poolBalanceSD + treasuryFee);
            _amount = _amount > cap ? cap : _amount;
        }
        return super.recoverToken(_token, _to, _amount);
    }

    function _thisBalance() internal view virtual returns (uint256) {
        return IERC20(token).balanceOf(address(this));
    }

    // ---------------------------------- Only Planner ------------------------------------------

    function setDeficitOffset(uint256 _deficitOffsetLD) external onlyCaller(planner) {
        deficitOffsetSD = _ld2sd(_deficitOffsetLD);
    }
}

File 123 of 159 : StargatePoolMigratable.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { IERC20Minter } from "./interfaces/IERC20Minter.sol";
import { StargatePool } from "./StargatePool.sol";

/// @title StargatePoolMigratable
/// @notice A StargatePool that allows the owner to burn locked tokens during bridged token migration.
contract StargatePoolMigratable is StargatePool {
    error StargatePoolMigratable_BurnAmountExceedsBalance();

    address public burnAdmin;
    uint64 public burnAllowanceSD;

    constructor(
        string memory _lpTokenName,
        string memory _lpTokenSymbol,
        address _token,
        uint8 _tokenDecimals,
        uint8 _sharedDecimals,
        address _endpoint,
        address _owner
    ) StargatePool(_lpTokenName, _lpTokenSymbol, _token, _tokenDecimals, _sharedDecimals, _endpoint, _owner) {}

    /// @notice Allow a given address to burn up to a given allowance of tokens.
    function allowBurn(address _burnAdmin, uint64 _burnAllowanceSD) external onlyOwner {
        burnAdmin = _burnAdmin;
        burnAllowanceSD = _burnAllowanceSD;
    }

    /// @notice Burn locked tokens during bridged token migration.
    function burnLocked() external onlyCaller(burnAdmin) {
        if (burnAllowanceSD > poolBalanceSD) revert StargatePoolMigratable_BurnAmountExceedsBalance();

        uint64 previousBurnAllowanceSD = burnAllowanceSD;

        poolBalanceSD -= burnAllowanceSD;
        burnAllowanceSD = 0;

        uint256 burnAllowanceLD = _sd2ld(previousBurnAllowanceSD);

        IERC20(token).approve(address(this), burnAllowanceLD);
        IERC20Minter(token).burnFrom(address(this), burnAllowanceLD);
        paths[localEid].burnCredit(previousBurnAllowanceSD);
    }
}

File 124 of 159 : StargatePoolNative.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { MessagingFee, StargatePool, Transfer } from "./StargatePool.sol";

/// @title A StargatePool which administers a pool of native coin.
contract StargatePoolNative is StargatePool {
    /// @notice Create a StargatePoolNative, which holds native coin and emits LP tokens as rewards to stakers.
    /// @dev The LP OFT contract is created as part of the creation of this contract.
    /// @param _lpTokenName The name of the LP token to create
    /// @param _lpTokenSymbol The symbol of the LP token to create
    /// @param _tokenDecimals The number of decimals to use for the LP token
    /// @param _sharedDecimals The minimum amount of decimals used to represent the native coin across chains
    /// @param _endpoint The LayerZero endpoint contract
    /// @param _owner The owner of this Stargate contract
    constructor(
        string memory _lpTokenName,
        string memory _lpTokenSymbol,
        uint8 _tokenDecimals,
        uint8 _sharedDecimals,
        address _endpoint,
        address _owner
    ) StargatePool(_lpTokenName, _lpTokenSymbol, address(0), _tokenDecimals, _sharedDecimals, _endpoint, _owner) {}

    /// @notice Store native coin in this contract.
    /// @param _amountLD The amount to transfer in LD
    /// @return amountSD The amount to transfer in SD
    function _inflow(address /*_from*/, uint256 _amountLD) internal view override returns (uint64 amountSD) {
        amountSD = _ld2sd(_amountLD);
    }

    /// @notice Send native coin to an account.
    /// @dev Attempts to send the native coin to the receiver with 2300 gas.
    /// @param _to The account to transfer the native coin to
    /// @param _amountLD The value to transfer in LD
    /// @return success Whether The transfer was successful
    function _outflow(address _to, uint256 _amountLD) internal override returns (bool success) {
        success = Transfer.transferNative(_to, _amountLD, true);
    }

    /// @notice Send native coin to an account.
    /// @dev Send the native coin to the receiver with unlimited gas
    /// @dev Reverts with OutflowFailed if the transfer fails.
    /// @dev used in redeem() and retryReceiveToken()
    /// @param _to The account to transfer the native coin to
    /// @param _amountLD The value to transfer in LD
    function _safeOutflow(address _to, uint256 _amountLD) internal override {
        bool success = Transfer.transferNative(_to, _amountLD, false);
        if (!success) revert Stargate_OutflowFailed();
    }

    /// @notice Ensure that the value passed through the message equals the native fee plus the sent amount
    /// @dev Reverts with InvalidAmount if the value passed is less than the expected amount.
    /// @param _fee The MessagingFee object containing the expected fee to check
    /// @param _amountInLD The amount of native token to send
    /// @return An adjusted MessagingFee object that should be used to avoid dust in the msg.value
    function _assertMessagingFee(
        MessagingFee memory _fee,
        uint256 _amountInLD
    ) internal view override returns (MessagingFee memory) {
        uint256 expectedMsgValue = _fee.nativeFee + _amountInLD;
        if (msg.value < expectedMsgValue) revert Stargate_InvalidAmount();
        // there may be some dust left in the msg.value if the token is native coin
        if (msg.value > expectedMsgValue) _fee.nativeFee = msg.value - _amountInLD;
        return _fee;
    }

    /// @notice Assert that the msg value passed matches the expected value.
    /// @dev Override the base implementation to accept exactly the determined amount.
    /// @dev Reverts with InvalidAmount if the expected amount does not match, or if it has dust
    /// @param _amountLD The exact amount of value to expect in LD
    function _assertMsgValue(uint256 _amountLD) internal view override {
        // msg.value should be exactly the same as the amountLD and not have dust
        // _sd2ld(_ld2sd(_amountLD))) removes the dust if any
        if (_amountLD != msg.value || _amountLD != _sd2ld(_ld2sd(_amountLD))) revert Stargate_InvalidAmount();
    }

    function _thisBalance() internal view override returns (uint256) {
        return address(this).balance;
    }

    function _plannerFee() internal view virtual override returns (uint256) {
        return _thisBalance() - _sd2ld(poolBalanceSD + treasuryFee);
    }

    fallback() external payable onlyOwner {}
    receive() external payable onlyOwner {}
}

File 125 of 159 : IERC1271.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC1271 standard signature validation method for
 * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].
 */
interface IERC1271 {
    /**
     * @dev Should return whether the signature provided is valid for the provided data
     * @param hash          Hash of the data to be signed
     * @param signature     Signature byte array associated with the provided data hash
     * @return magicValue   bytes4 magic value 0x1626ba7e when function passes
     */
    function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}

File 126 of 159 : AdminUpgradeabilityProxy.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { UpgradeabilityProxy } from "./UpgradeabilityProxy.sol";

/**
 * @notice This contract combines an upgradeability proxy with an authorization
 * mechanism for administrative tasks.
 * @dev Forked from https://github.com/zeppelinos/zos-lib/blob/8a16ef3ad17ec7430e3a9d2b5e3f39b8204f8c8d/contracts/upgradeability/AdminUpgradeabilityProxy.sol
 * Modifications:
 * 1. Reformat, conform to Solidity 0.6 syntax, and add error messages (5/13/20)
 * 2. Remove ifAdmin modifier from admin() and implementation() (5/13/20)
 */
contract AdminUpgradeabilityProxy is UpgradeabilityProxy {
    /**
     * @dev Emitted when the administration has been transferred.
     * @param previousAdmin Address of the previous admin.
     * @param newAdmin Address of the new admin.
     */
    event AdminChanged(address previousAdmin, address newAdmin);

    /**
     * @dev Storage slot with the admin of the contract.
     * This is the keccak-256 hash of "org.zeppelinos.proxy.admin", and is
     * validated in the constructor.
     */
    bytes32 private constant ADMIN_SLOT = 0x10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b;

    /**
     * @dev Modifier to check whether the `msg.sender` is the admin.
     * If it is, it will run the function. Otherwise, it will delegate the call
     * to the implementation.
     */
    modifier ifAdmin() {
        if (msg.sender == _admin()) {
            _;
        } else {
            _fallback();
        }
    }

    /**
     * @dev Contract constructor.
     * It sets the `msg.sender` as the proxy administrator.
     * @param implementationContract address of the initial implementation.
     */
    constructor(address implementationContract) UpgradeabilityProxy(implementationContract) {
        assert(ADMIN_SLOT == keccak256("org.zeppelinos.proxy.admin"));

        _setAdmin(msg.sender);
    }

    /**
     * @return The address of the proxy admin.
     */
    function admin() external view returns (address) {
        return _admin();
    }

    /**
     * @return The address of the implementation.
     */
    function implementation() external view returns (address) {
        return _implementation();
    }

    /**
     * @dev Changes the admin of the proxy.
     * Only the current admin can call this function.
     * @param newAdmin Address to transfer proxy administration to.
     */
    function changeAdmin(address newAdmin) external ifAdmin {
        require(newAdmin != address(0), "Cannot change the admin of a proxy to the zero address");
        emit AdminChanged(_admin(), newAdmin);
        _setAdmin(newAdmin);
    }

    /**
     * @dev Upgrade the backing implementation of the proxy.
     * Only the admin can call this function.
     * @param newImplementation Address of the new implementation.
     */
    function upgradeTo(address newImplementation) external ifAdmin {
        _upgradeTo(newImplementation);
    }

    /**
     * @dev Upgrade the backing implementation of the proxy and call a function
     * on the new implementation.
     * This is useful to initialize the proxied contract.
     * @param newImplementation Address of the new implementation.
     * @param data Data to send as msg.data in the low level call.
     * It should include the signature and the parameters of the function to be
     * called, as described in
     * https://solidity.readthedocs.io/en/develop/abi-spec.html#function-selector-and-argument-encoding.
     */
    function upgradeToAndCall(address newImplementation, bytes calldata data) external payable ifAdmin {
        _upgradeTo(newImplementation);
        // prettier-ignore
        // solhint-disable-next-line avoid-low-level-calls
        (bool success,) = address(this).call{value: msg.value}(data);
        // solhint-disable-next-line reason-string
        require(success);
    }

    /**
     * @return adm The admin slot.
     */
    function _admin() internal view returns (address adm) {
        bytes32 slot = ADMIN_SLOT;

        assembly {
            adm := sload(slot)
        }
    }

    /**
     * @dev Sets the address of the proxy admin.
     * @param newAdmin Address of the new proxy admin.
     */
    function _setAdmin(address newAdmin) internal {
        bytes32 slot = ADMIN_SLOT;

        assembly {
            sstore(slot, newAdmin)
        }
    }

    /**
     * @dev Only fall back when the sender is not the admin.
     */
    function _willFallback() internal override {
        require(msg.sender != _admin(), "Cannot call fallback function from the proxy admin");
        super._willFallback();
    }
}

File 127 of 159 : Proxy.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

/**
 * @notice Implements delegation of calls to other contracts, with proper
 * forwarding of return values and bubbling of failures.
 * It defines a fallback function that delegates all calls to the address
 * returned by the abstract _implementation() internal function.
 * @dev Forked from https://github.com/zeppelinos/zos-lib/blob/8a16ef3ad17ec7430e3a9d2b5e3f39b8204f8c8d/contracts/upgradeability/Proxy.sol
 * Modifications:
 * 1. Reformat and conform to Solidity 0.6 syntax (5/13/20)
 */
abstract contract Proxy {
    /**
     * @dev Fallback function.
     * Implemented entirely in `_fallback`.
     */
    fallback() external payable {
        _fallback();
    }

    /**
     * @return The Address of the implementation.
     */
    function _implementation() internal view virtual returns (address);

    /**
     * @dev Delegates execution to an implementation contract.
     * This is a low level function that doesn't return to its internal call site.
     * It will return to the external caller whatever the implementation returns.
     * @param implementation Address to delegate.
     */
    function _delegate(address implementation) internal {
        assembly {
            // Copy msg.data. We take full control of memory in this inline assembly
            // block because it will not return to Solidity code. We overwrite the
            // Solidity scratch pad at memory position 0.
            calldatacopy(0, 0, calldatasize())

            // Call the implementation.
            // out and outsize are 0 because we don't know the size yet.
            let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)

            // Copy the returned data.
            returndatacopy(0, 0, returndatasize())

            switch result
            // delegatecall returns 0 on error.
            case 0 {
                revert(0, returndatasize())
            }
            default {
                return(0, returndatasize())
            }
        }
    }

    /**
     * @dev Function that is run as the first thing in the fallback function.
     * Can be redefined in derived contracts to add functionality.
     * Redefinitions must call super._willFallback().
     */
    function _willFallback() internal virtual {}

    /**
     * @dev fallback implementation.
     * Extracted to enable manual triggering.
     */
    function _fallback() internal {
        _willFallback();
        _delegate(_implementation());
    }
}

File 128 of 159 : UpgradeabilityProxy.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { Proxy } from "./Proxy.sol";
import { Address } from "@openzeppelin/contracts/utils/Address.sol";

/**
 * @notice This contract implements a proxy that allows to change the
 * implementation address to which it will delegate.
 * Such a change is called an implementation upgrade.
 * @dev Forked from https://github.com/zeppelinos/zos-lib/blob/8a16ef3ad17ec7430e3a9d2b5e3f39b8204f8c8d/contracts/upgradeability/UpgradeabilityProxy.sol
 * Modifications:
 * 1. Reformat, conform to Solidity 0.6 syntax, and add error messages (5/13/20)
 * 2. Use Address utility library from the latest OpenZeppelin (5/13/20)
 */
contract UpgradeabilityProxy is Proxy {
    /**
     * @dev Emitted when the implementation is upgraded.
     * @param implementation Address of the new implementation.
     */
    event Upgraded(address implementation);

    /**
     * @dev Storage slot with the address of the current implementation.
     * This is the keccak-256 hash of "org.zeppelinos.proxy.implementation", and is
     * validated in the constructor.
     */
    bytes32 private constant IMPLEMENTATION_SLOT = 0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3;

    /**
     * @dev Contract constructor.
     * @param implementationContract Address of the initial implementation.
     */
    constructor(address implementationContract) {
        assert(IMPLEMENTATION_SLOT == keccak256("org.zeppelinos.proxy.implementation"));

        _setImplementation(implementationContract);
    }

    /**
     * @dev Returns the current implementation.
     * @return impl Address of the current implementation
     */
    function _implementation() internal view override returns (address impl) {
        bytes32 slot = IMPLEMENTATION_SLOT;
        assembly {
            impl := sload(slot)
        }
    }

    /**
     * @dev Upgrades the proxy to a new implementation.
     * @param newImplementation Address of the new implementation.
     */
    function _upgradeTo(address newImplementation) internal {
        _setImplementation(newImplementation);
        emit Upgraded(newImplementation);
    }

    /**
     * @dev Sets the implementation address of the proxy.
     * @param newImplementation Address of the new implementation.
     */
    function _setImplementation(address newImplementation) private {
        require(Address.isContract(newImplementation), "Cannot set a proxy implementation to a non-contract address");

        bytes32 slot = IMPLEMENTATION_SLOT;

        assembly {
            sstore(slot, newImplementation)
        }
    }
}

File 129 of 159 : ECRecover.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

/**
 * @title ECRecover
 * @notice A library that provides a safe ECDSA recovery function
 */
library ECRecover {
    /**
     * @notice Recover signer's address from a signed message
     * @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/65e4ffde586ec89af3b7e9140bdc9235d1254853/contracts/cryptography/ECDSA.sol
     * Modifications: Accept v, r, and s as separate arguments
     * @param digest    Keccak-256 hash digest of the signed message
     * @param v         v of the signature
     * @param r         r of the signature
     * @param s         s of the signature
     * @return Signer address
     */
    function recover(bytes32 digest, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            revert("ECRecover: invalid signature 's' value");
        }

        if (v != 27 && v != 28) {
            revert("ECRecover: invalid signature 'v' value");
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(digest, v, r, s);
        require(signer != address(0), "ECRecover: invalid signature");

        return signer;
    }

    /**
     * @notice Recover signer's address from a signed message
     * @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0053ee040a7ff1dbc39691c9e67a69f564930a88/contracts/utils/cryptography/ECDSA.sol
     * @param digest    Keccak-256 hash digest of the signed message
     * @param signature Signature byte array associated with hash
     * @return Signer address
     */
    function recover(bytes32 digest, bytes memory signature) internal pure returns (address) {
        require(signature.length == 65, "ECRecover: invalid signature length");

        bytes32 r;
        bytes32 s;
        uint8 v;

        // ecrecover takes the signature parameters, and the only way to get them
        // currently is to use assembly.
        /// @solidity memory-safe-assembly
        assembly {
            r := mload(add(signature, 0x20))
            s := mload(add(signature, 0x40))
            v := byte(0, mload(add(signature, 0x60)))
        }
        return recover(digest, v, r, s);
    }
}

File 130 of 159 : EIP712.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

/**
 * @title EIP712
 * @notice A library that provides EIP712 helper functions
 */
library EIP712 {
    /**
     * @notice Make EIP712 domain separator
     * @param name      Contract name
     * @param version   Contract version
     * @param chainId   Blockchain ID
     * @return Domain separator
     */
    function makeDomainSeparator(
        string memory name,
        string memory version,
        uint256 chainId
    ) internal view returns (bytes32) {
        return
            keccak256(
                abi.encode(
                    // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
                    0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f,
                    keccak256(bytes(name)),
                    keccak256(bytes(version)),
                    chainId,
                    address(this)
                )
            );
    }

    /**
     * @notice Make EIP712 domain separator
     * @param name      Contract name
     * @param version   Contract version
     * @return Domain separator
     */
    function makeDomainSeparator(string memory name, string memory version) internal view returns (bytes32) {
        uint256 chainId;
        assembly {
            chainId := chainid()
        }
        return makeDomainSeparator(name, version, chainId);
    }
}

File 131 of 159 : MessageHashUtils.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

/**
 * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
 *
 * The library provides methods for generating a hash of a message that conforms to the
 * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
 * specifications.
 */
library MessageHashUtils {
    /**
     * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
     * Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/MessageHashUtils.sol
     *
     * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
     * `\x19\x01` and hashing the result. It corresponds to the hash signed by the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
     *
     * @param domainSeparator    Domain separator
     * @param structHash         Hashed EIP-712 data struct
     * @return digest            The keccak256 digest of an EIP-712 typed data
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
        assembly {
            let ptr := mload(0x40)
            mstore(ptr, "\x19\x01")
            mstore(add(ptr, 0x02), domainSeparator)
            mstore(add(ptr, 0x22), structHash)
            digest := keccak256(ptr, 0x42)
        }
    }
}

File 132 of 159 : SignatureChecker.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { ECRecover } from "./ECRecover.sol";
import { IERC1271 } from "../interfaces/IERC1271.sol";

/**
 * @dev Signature verification helper that can be used instead of `ECRecover.recover` to seamlessly support both ECDSA
 * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets.
 *
 * Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/SignatureChecker.sol
 */
library SignatureChecker {
    /**
     * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the
     * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECRecover.recover`.
     * @param signer        Address of the claimed signer
     * @param digest        Keccak-256 hash digest of the signed message
     * @param signature     Signature byte array associated with hash
     */
    function isValidSignatureNow(address signer, bytes32 digest, bytes memory signature) external view returns (bool) {
        if (!isContract(signer)) {
            return ECRecover.recover(digest, signature) == signer;
        }
        return isValidERC1271SignatureNow(signer, digest, signature);
    }

    /**
     * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated
     * against the signer smart contract using ERC1271.
     * @param signer        Address of the claimed signer
     * @param digest        Keccak-256 hash digest of the signed message
     * @param signature     Signature byte array associated with hash
     *
     * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
     * change through time. It could return true at block N and false at block N+1 (or the opposite).
     */
    function isValidERC1271SignatureNow(
        address signer,
        bytes32 digest,
        bytes memory signature
    ) internal view returns (bool) {
        (bool success, bytes memory result) = signer.staticcall(
            abi.encodeWithSelector(IERC1271.isValidSignature.selector, digest, signature)
        );
        return (success &&
            result.length >= 32 &&
            abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));
    }

    /**
     * @dev Checks if the input address is a smart contract.
     */
    function isContract(address addr) internal view returns (bool) {
        uint256 size;
        assembly {
            size := extcodesize(addr)
        }
        return size > 0;
    }
}

File 133 of 159 : FiatTokenV1_1.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV1 } from "../v1/FiatTokenV1.sol";
import { Rescuable } from "./Rescuable.sol";

/**
 * @title FiatTokenV1_1
 * @dev ERC20 Token backed by fiat reserves
 */
contract FiatTokenV1_1 is FiatTokenV1, Rescuable {}

File 134 of 159 : Rescuable.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { Ownable } from "../v1/Ownable.sol";
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

contract Rescuable is Ownable {
    using SafeERC20 for IERC20;

    address private _rescuer;

    event RescuerChanged(address indexed newRescuer);

    /**
     * @notice Returns current rescuer
     * @return Rescuer's address
     */
    function rescuer() external view returns (address) {
        return _rescuer;
    }

    /**
     * @notice Revert if called by any account other than the rescuer.
     */
    modifier onlyRescuer() {
        require(msg.sender == _rescuer, "Rescuable: caller is not the rescuer");
        _;
    }

    /**
     * @notice Rescue ERC20 tokens locked up in this contract.
     * @param tokenContract ERC20 token contract address
     * @param to        Recipient address
     * @param amount    Amount to withdraw
     */
    function rescueERC20(IERC20 tokenContract, address to, uint256 amount) external onlyRescuer {
        tokenContract.safeTransfer(to, amount);
    }

    /**
     * @notice Updates the rescuer address.
     * @param newRescuer The address of the new rescuer.
     */
    function updateRescuer(address newRescuer) external onlyOwner {
        require(newRescuer != address(0), "Rescuable: new rescuer is the zero address");
        _rescuer = newRescuer;
        emit RescuerChanged(newRescuer);
    }
}

File 135 of 159 : AbstractFiatTokenV1.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

abstract contract AbstractFiatTokenV1 is IERC20 {
    function _approve(address owner, address spender, uint256 value) internal virtual;

    function _transfer(address from, address to, uint256 value) internal virtual;
}

File 136 of 159 : Blacklistable.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { Ownable } from "./Ownable.sol";

/**
 * @title Blacklistable Token
 * @dev Allows accounts to be blacklisted by a "blacklister" role
 */
abstract contract Blacklistable is Ownable {
    address public blacklister;
    mapping(address => bool) internal _deprecatedBlacklisted;

    event Blacklisted(address indexed _account);
    event UnBlacklisted(address indexed _account);
    event BlacklisterChanged(address indexed newBlacklister);

    /**
     * @dev Throws if called by any account other than the blacklister.
     */
    modifier onlyBlacklister() {
        require(msg.sender == blacklister, "Blacklistable: caller is not the blacklister");
        _;
    }

    /**
     * @dev Throws if argument account is blacklisted.
     * @param _account The address to check.
     */
    modifier notBlacklisted(address _account) {
        require(!_isBlacklisted(_account), "Blacklistable: account is blacklisted");
        _;
    }

    /**
     * @notice Checks if account is blacklisted.
     * @param _account The address to check.
     * @return True if the account is blacklisted, false if the account is not blacklisted.
     */
    function isBlacklisted(address _account) external view returns (bool) {
        return _isBlacklisted(_account);
    }

    /**
     * @notice Adds account to blacklist.
     * @param _account The address to blacklist.
     */
    function blacklist(address _account) external onlyBlacklister {
        _blacklist(_account);
        emit Blacklisted(_account);
    }

    /**
     * @notice Removes account from blacklist.
     * @param _account The address to remove from the blacklist.
     */
    function unBlacklist(address _account) external onlyBlacklister {
        _unBlacklist(_account);
        emit UnBlacklisted(_account);
    }

    /**
     * @notice Updates the blacklister address.
     * @param _newBlacklister The address of the new blacklister.
     */
    function updateBlacklister(address _newBlacklister) external onlyOwner {
        require(_newBlacklister != address(0), "Blacklistable: new blacklister is the zero address");
        blacklister = _newBlacklister;
        emit BlacklisterChanged(blacklister);
    }

    /**
     * @dev Checks if account is blacklisted.
     * @param _account The address to check.
     * @return true if the account is blacklisted, false otherwise.
     */
    function _isBlacklisted(address _account) internal view virtual returns (bool);

    /**
     * @dev Helper method that blacklists an account.
     * @param _account The address to blacklist.
     */
    function _blacklist(address _account) internal virtual;

    /**
     * @dev Helper method that unblacklists an account.
     * @param _account The address to unblacklist.
     */
    function _unBlacklist(address _account) internal virtual;
}

File 137 of 159 : FiatTokenV1.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { AbstractFiatTokenV1 } from "./AbstractFiatTokenV1.sol";
import { Ownable } from "./Ownable.sol";
import { Pausable } from "./Pausable.sol";
import { Blacklistable } from "./Blacklistable.sol";

/**
 * @title FiatToken
 * @dev ERC20 Token backed by fiat reserves
 */
contract FiatTokenV1 is AbstractFiatTokenV1, Ownable, Pausable, Blacklistable {
    string public name;
    string public symbol;
    uint8 public decimals;
    string public currency;
    address public masterMinter;
    bool internal initialized;

    /// @dev A mapping that stores the balance and blacklist states for a given address.
    /// The first bit defines whether the address is blacklisted (1 if blacklisted, 0 otherwise).
    /// The last 255 bits define the balance for the address.
    mapping(address => uint256) internal balanceAndBlacklistStates;
    mapping(address => mapping(address => uint256)) internal allowed;
    uint256 internal totalSupply_ = 0;
    mapping(address => bool) internal minters;
    mapping(address => uint256) internal minterAllowed;

    event Mint(address indexed minter, address indexed to, uint256 amount);
    event Burn(address indexed burner, uint256 amount);
    event MinterConfigured(address indexed minter, uint256 minterAllowedAmount);
    event MinterRemoved(address indexed oldMinter);
    event MasterMinterChanged(address indexed newMasterMinter);

    /**
     * @notice Initializes the fiat token contract.
     * @param tokenName       The name of the fiat token.
     * @param tokenSymbol     The symbol of the fiat token.
     * @param tokenCurrency   The fiat currency that the token represents.
     * @param tokenDecimals   The number of decimals that the token uses.
     * @param newMasterMinter The masterMinter address for the fiat token.
     * @param newPauser       The pauser address for the fiat token.
     * @param newBlacklister  The blacklister address for the fiat token.
     * @param newOwner        The owner of the fiat token.
     */
    function initialize(
        string memory tokenName,
        string memory tokenSymbol,
        string memory tokenCurrency,
        uint8 tokenDecimals,
        address newMasterMinter,
        address newPauser,
        address newBlacklister,
        address newOwner
    ) public {
        require(!initialized, "FiatToken: contract is already initialized");
        require(newMasterMinter != address(0), "FiatToken: new masterMinter is the zero address");
        require(newPauser != address(0), "FiatToken: new pauser is the zero address");
        require(newBlacklister != address(0), "FiatToken: new blacklister is the zero address");
        require(newOwner != address(0), "FiatToken: new owner is the zero address");

        name = tokenName;
        symbol = tokenSymbol;
        currency = tokenCurrency;
        decimals = tokenDecimals;
        masterMinter = newMasterMinter;
        pauser = newPauser;
        blacklister = newBlacklister;
        setOwner(newOwner);
        initialized = true;
    }

    /**
     * @dev Throws if called by any account other than a minter.
     */
    modifier onlyMinters() {
        require(minters[msg.sender], "FiatToken: caller is not a minter");
        _;
    }

    /**
     * @notice Mints fiat tokens to an address.
     * @param _to The address that will receive the minted tokens.
     * @param _amount The amount of tokens to mint. Must be less than or equal
     * to the minterAllowance of the caller.
     * @return True if the operation was successful.
     */
    function mint(
        address _to,
        uint256 _amount
    ) external whenNotPaused onlyMinters notBlacklisted(msg.sender) notBlacklisted(_to) returns (bool) {
        require(_to != address(0), "FiatToken: mint to the zero address");
        require(_amount > 0, "FiatToken: mint amount not greater than 0");

        uint256 mintingAllowedAmount = minterAllowed[msg.sender];
        require(_amount <= mintingAllowedAmount, "FiatToken: mint amount exceeds minterAllowance");

        totalSupply_ = totalSupply_ + _amount;
        _setBalance(_to, _balanceOf(_to) + _amount);
        minterAllowed[msg.sender] = mintingAllowedAmount - _amount;
        emit Mint(msg.sender, _to, _amount);
        emit Transfer(address(0), _to, _amount);
        return true;
    }

    /**
     * @dev Throws if called by any account other than the masterMinter
     */
    modifier onlyMasterMinter() {
        require(msg.sender == masterMinter, "FiatToken: caller is not the masterMinter");
        _;
    }

    /**
     * @notice Gets the minter allowance for an account.
     * @param minter The address to check.
     * @return The remaining minter allowance for the account.
     */
    function minterAllowance(address minter) external view returns (uint256) {
        return minterAllowed[minter];
    }

    /**
     * @notice Checks if an account is a minter.
     * @param account The address to check.
     * @return True if the account is a minter, false if the account is not a minter.
     */
    function isMinter(address account) external view returns (bool) {
        return minters[account];
    }

    /**
     * @notice Gets the remaining amount of fiat tokens a spender is allowed to transfer on
     * behalf of the token owner.
     * @param owner   The token owner's address.
     * @param spender The spender's address.
     * @return The remaining allowance.
     */
    function allowance(address owner, address spender) external view override returns (uint256) {
        return allowed[owner][spender];
    }

    /**
     * @notice Gets the totalSupply of the fiat token.
     * @return The totalSupply of the fiat token.
     */
    function totalSupply() external view override returns (uint256) {
        return totalSupply_;
    }

    /**
     * @notice Gets the fiat token balance of an account.
     * @param account  The address to check.
     * @return balance The fiat token balance of the account.
     */
    function balanceOf(address account) external view override returns (uint256) {
        return _balanceOf(account);
    }

    /**
     * @notice Sets a fiat token allowance for a spender to spend on behalf of the caller.
     * @param spender The spender's address.
     * @param value   The allowance amount.
     * @return True if the operation was successful.
     */
    function approve(
        address spender,
        uint256 value
    ) external virtual override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) {
        _approve(msg.sender, spender, value);
        return true;
    }

    /**
     * @dev Internal function to set allowance.
     * @param owner     Token owner's address.
     * @param spender   Spender's address.
     * @param value     Allowance amount.
     */
    function _approve(address owner, address spender, uint256 value) internal override {
        require(owner != address(0), "ERC20: approve from the zero address");
        require(spender != address(0), "ERC20: approve to the zero address");
        allowed[owner][spender] = value;
        emit Approval(owner, spender, value);
    }

    /**
     * @notice Transfers tokens from an address to another by spending the caller's allowance.
     * @dev The caller must have some fiat token allowance on the payer's tokens.
     * @param from  Payer's address.
     * @param to    Payee's address.
     * @param value Transfer amount.
     * @return True if the operation was successful.
     */
    function transferFrom(
        address from,
        address to,
        uint256 value
    )
        external
        override
        whenNotPaused
        notBlacklisted(msg.sender)
        notBlacklisted(from)
        notBlacklisted(to)
        returns (bool)
    {
        require(value <= allowed[from][msg.sender], "ERC20: transfer amount exceeds allowance");
        _transfer(from, to, value);
        allowed[from][msg.sender] = allowed[from][msg.sender] - value;
        return true;
    }

    /**
     * @notice Transfers tokens from the caller.
     * @param to    Payee's address.
     * @param value Transfer amount.
     * @return True if the operation was successful.
     */
    function transfer(
        address to,
        uint256 value
    ) external override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(to) returns (bool) {
        _transfer(msg.sender, to, value);
        return true;
    }

    /**
     * @dev Internal function to process transfers.
     * @param from  Payer's address.
     * @param to    Payee's address.
     * @param value Transfer amount.
     */
    function _transfer(address from, address to, uint256 value) internal override {
        require(from != address(0), "ERC20: transfer from the zero address");
        require(to != address(0), "ERC20: transfer to the zero address");
        require(value <= _balanceOf(from), "ERC20: transfer amount exceeds balance");

        _setBalance(from, _balanceOf(from) - value);
        _setBalance(to, _balanceOf(to) + value);
        emit Transfer(from, to, value);
    }

    /**
     * @notice Adds or updates a new minter with a mint allowance.
     * @param minter The address of the minter.
     * @param minterAllowedAmount The minting amount allowed for the minter.
     * @return True if the operation was successful.
     */
    function configureMinter(
        address minter,
        uint256 minterAllowedAmount
    ) external whenNotPaused onlyMasterMinter returns (bool) {
        minters[minter] = true;
        minterAllowed[minter] = minterAllowedAmount;
        emit MinterConfigured(minter, minterAllowedAmount);
        return true;
    }

    /**
     * @notice Removes a minter.
     * @param minter The address of the minter to remove.
     * @return True if the operation was successful.
     */
    function removeMinter(address minter) external onlyMasterMinter returns (bool) {
        minters[minter] = false;
        minterAllowed[minter] = 0;
        emit MinterRemoved(minter);
        return true;
    }

    /**
     * @notice Allows a minter to burn some of its own tokens.
     * @dev The caller must be a minter, must not be blacklisted, and the amount to burn
     * should be less than or equal to the account's balance.
     * @param _amount the amount of tokens to be burned.
     */
    function burn(uint256 _amount) external whenNotPaused onlyMinters notBlacklisted(msg.sender) {
        uint256 balance = _balanceOf(msg.sender);
        require(_amount > 0, "FiatToken: burn amount not greater than 0");
        require(balance >= _amount, "FiatToken: burn amount exceeds balance");

        totalSupply_ = totalSupply_ - _amount;
        _setBalance(msg.sender, balance - _amount);
        emit Burn(msg.sender, _amount);
        emit Transfer(msg.sender, address(0), _amount);
    }

    /**
     * @notice Updates the master minter address.
     * @param _newMasterMinter The address of the new master minter.
     */
    function updateMasterMinter(address _newMasterMinter) external onlyOwner {
        require(_newMasterMinter != address(0), "FiatToken: new masterMinter is the zero address");
        masterMinter = _newMasterMinter;
        emit MasterMinterChanged(masterMinter);
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _blacklist(address _account) internal override {
        _setBlacklistState(_account, true);
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _unBlacklist(address _account) internal override {
        _setBlacklistState(_account, false);
    }

    /**
     * @dev Helper method that sets the blacklist state of an account.
     * @param _account         The address of the account.
     * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted.
     */
    function _setBlacklistState(address _account, bool _shouldBlacklist) internal virtual {
        _deprecatedBlacklisted[_account] = _shouldBlacklist;
    }

    /**
     * @dev Helper method that sets the balance of an account.
     * @param _account The address of the account.
     * @param _balance The new fiat token balance of the account.
     */
    function _setBalance(address _account, uint256 _balance) internal virtual {
        balanceAndBlacklistStates[_account] = _balance;
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _isBlacklisted(address _account) internal view virtual override returns (bool) {
        return _deprecatedBlacklisted[_account];
    }

    /**
     * @dev Helper method to obtain the balance of an account.
     * @param _account  The address of the account.
     * @return          The fiat token balance of the account.
     */
    function _balanceOf(address _account) internal view virtual returns (uint256) {
        return balanceAndBlacklistStates[_account];
    }
}

File 138 of 159 : Ownable.sol
// SPDX-License-Identifier: MIT

/**
 *
 * Copyright (c) 2018 zOS Global Limited.
 * Copyright (c) 2018-2020 CENTRE SECZ
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

pragma solidity ^0.8.0;

/**
 * @notice The Ownable contract has an owner address, and provides basic
 * authorization control functions
 * @dev Forked from https://github.com/OpenZeppelin/openzeppelin-labs/blob/3887ab77b8adafba4a26ace002f3a684c1a3388b/upgradeability_ownership/contracts/ownership/Ownable.sol
 * Modifications:
 * 1. Consolidate OwnableStorage into this contract (7/13/18)
 * 2. Reformat, conform to Solidity 0.6 syntax, and add error messages (5/13/20)
 * 3. Make public functions external (5/27/20)
 */
contract Ownable {
    // Owner of the contract
    address private _owner;

    /**
     * @dev Event to show ownership has been transferred
     * @param previousOwner representing the address of the previous owner
     * @param newOwner representing the address of the new owner
     */
    event OwnershipTransferred(address previousOwner, address newOwner);

    /**
     * @dev The constructor sets the original owner of the contract to the sender account.
     */
    constructor() {
        setOwner(msg.sender);
    }

    /**
     * @dev Tells the address of the owner
     * @return the address of the owner
     */
    function owner() external view returns (address) {
        return _owner;
    }

    /**
     * @dev Sets a new owner address
     */
    function setOwner(address newOwner) internal {
        _owner = newOwner;
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        require(msg.sender == _owner, "Ownable: caller is not the owner");
        _;
    }

    /**
     * @dev Allows the current owner to transfer control of the contract to a newOwner.
     * @param newOwner The address to transfer ownership to.
     */
    function transferOwnership(address newOwner) external onlyOwner {
        require(newOwner != address(0), "Ownable: new owner is the zero address");
        emit OwnershipTransferred(_owner, newOwner);
        setOwner(newOwner);
    }
}

File 139 of 159 : Pausable.sol
// SPDX-License-Identifier: MIT

/**
 *
 * Copyright (c) 2016 Smart Contract Solutions, Inc.
 * Copyright (c) 2018-2020 CENTRE SECZ
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

pragma solidity ^0.8.0;

import { Ownable } from "./Ownable.sol";

/**
 * @notice Base contract which allows children to implement an emergency stop
 * mechanism
 * @dev Forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/feb665136c0dae9912e08397c1a21c4af3651ef3/contracts/lifecycle/Pausable.sol
 * Modifications:
 * 1. Added pauser role, switched pause/unpause to be onlyPauser (6/14/2018)
 * 2. Removed whenNotPause/whenPaused from pause/unpause (6/14/2018)
 * 3. Removed whenPaused (6/14/2018)
 * 4. Switches ownable library to use ZeppelinOS (7/12/18)
 * 5. Remove constructor (7/13/18)
 * 6. Reformat, conform to Solidity 0.6 syntax and add error messages (5/13/20)
 * 7. Make public functions external (5/27/20)
 */
contract Pausable is Ownable {
    event Pause();
    event Unpause();
    event PauserChanged(address indexed newAddress);

    address public pauser;
    bool public paused = false;

    /**
     * @dev Modifier to make a function callable only when the contract is not paused.
     */
    modifier whenNotPaused() {
        require(!paused, "Pausable: paused");
        _;
    }

    /**
     * @dev throws if called by any account other than the pauser
     */
    modifier onlyPauser() {
        require(msg.sender == pauser, "Pausable: caller is not the pauser");
        _;
    }

    /**
     * @dev called by the owner to pause, triggers stopped state
     */
    function pause() external onlyPauser {
        paused = true;
        emit Pause();
    }

    /**
     * @dev called by the owner to unpause, returns to normal state
     */
    function unpause() external onlyPauser {
        paused = false;
        emit Unpause();
    }

    /**
     * @notice Updates the pauser address.
     * @param _newPauser The address of the new pauser.
     */
    function updatePauser(address _newPauser) external onlyOwner {
        require(_newPauser != address(0), "Pausable: new pauser is the zero address");
        pauser = _newPauser;
        emit PauserChanged(pauser);
    }
}

File 140 of 159 : AbstractFiatTokenV2.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { AbstractFiatTokenV1 } from "../v1/AbstractFiatTokenV1.sol";

abstract contract AbstractFiatTokenV2 is AbstractFiatTokenV1 {
    function _increaseAllowance(address owner, address spender, uint256 increment) internal virtual;

    function _decreaseAllowance(address owner, address spender, uint256 decrement) internal virtual;
}

File 141 of 159 : EIP2612.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol";
import { EIP712Domain } from "./EIP712Domain.sol";
import { MessageHashUtils } from "../util/MessageHashUtils.sol";
import { SignatureChecker } from "../util/SignatureChecker.sol";

/**
 * @title EIP-2612
 * @notice Provide internal implementation for gas-abstracted approvals
 */
abstract contract EIP2612 is AbstractFiatTokenV2, EIP712Domain {
    // keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)")
    bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;

    mapping(address => uint256) private _permitNonces;

    /**
     * @notice Nonces for permit
     * @param owner Token owner's address (Authorizer)
     * @return Next nonce
     */
    function nonces(address owner) external view returns (uint256) {
        return _permitNonces[owner];
    }

    /**
     * @notice Verify a signed approval permit and execute if valid
     * @param owner     Token owner's address (Authorizer)
     * @param spender   Spender's address
     * @param value     Amount of allowance
     * @param deadline  The time at which the signature expires (unix time), or max uint256 value to signal no expiration
     * @param v         v of the signature
     * @param r         r of the signature
     * @param s         s of the signature
     */
    function _permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        _permit(owner, spender, value, deadline, abi.encodePacked(r, s, v));
    }

    /**
     * @notice Verify a signed approval permit and execute if valid
     * @dev EOA wallet signatures should be packed in the order of r, s, v.
     * @param owner      Token owner's address (Authorizer)
     * @param spender    Spender's address
     * @param value      Amount of allowance
     * @param deadline   The time at which the signature expires (unix time), or max uint256 value to signal no expiration
     * @param signature  Signature byte array signed by an EOA wallet or a contract wallet
     */
    function _permit(address owner, address spender, uint256 value, uint256 deadline, bytes memory signature) internal {
        require(deadline == type(uint256).max || deadline >= block.timestamp, "FiatTokenV2: permit is expired");

        bytes32 typedDataHash = MessageHashUtils.toTypedDataHash(
            _domainSeparator(),
            keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, _permitNonces[owner]++, deadline))
        );
        require(SignatureChecker.isValidSignatureNow(owner, typedDataHash, signature), "EIP2612: invalid signature");

        _approve(owner, spender, value);
    }
}

File 142 of 159 : EIP3009.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol";
import { EIP712Domain } from "./EIP712Domain.sol";
import { SignatureChecker } from "../util/SignatureChecker.sol";
import { MessageHashUtils } from "../util/MessageHashUtils.sol";

/**
 * @title EIP-3009
 * @notice Provide internal implementation for gas-abstracted transfers
 * @dev Contracts that inherit from this must wrap these with publicly
 * accessible functions, optionally adding modifiers where necessary
 */
abstract contract EIP3009 is AbstractFiatTokenV2, EIP712Domain {
    // keccak256("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
    bytes32 public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH =
        0x7c7c6cdb67a18743f49ec6fa9b35f50d52ed05cbed4cc592e13b44501c1a2267;

    // keccak256("ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
    bytes32 public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH =
        0xd099cc98ef71107a616c4f0f941f04c322d8e254fe26b3c6668db87aae413de8;

    // keccak256("CancelAuthorization(address authorizer,bytes32 nonce)")
    bytes32 public constant CANCEL_AUTHORIZATION_TYPEHASH =
        0x158b0a9edf7a828aad02f63cd515c68ef2f50ba807396f6d12842833a1597429;

    /**
     * @dev authorizer address => nonce => bool (true if nonce is used)
     */
    mapping(address => mapping(bytes32 => bool)) private _authorizationStates;

    event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce);
    event AuthorizationCanceled(address indexed authorizer, bytes32 indexed nonce);

    /**
     * @notice Returns the state of an authorization
     * @dev Nonces are randomly generated 32-byte data unique to the
     * authorizer's address
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     * @return True if the nonce is used
     */
    function authorizationState(address authorizer, bytes32 nonce) external view returns (bool) {
        return _authorizationStates[authorizer][nonce];
    }

    /**
     * @notice Execute a transfer with a signed authorization
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param v             v of the signature
     * @param r             r of the signature
     * @param s             s of the signature
     */
    function _transferWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        _transferWithAuthorization(from, to, value, validAfter, validBefore, nonce, abi.encodePacked(r, s, v));
    }

    /**
     * @notice Execute a transfer with a signed authorization
     * @dev EOA wallet signatures should be packed in the order of r, s, v.
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param signature     Signature byte array produced by an EOA wallet or a contract wallet
     */
    function _transferWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        bytes memory signature
    ) internal {
        _requireValidAuthorization(from, nonce, validAfter, validBefore);
        _requireValidSignature(
            from,
            keccak256(
                abi.encode(TRANSFER_WITH_AUTHORIZATION_TYPEHASH, from, to, value, validAfter, validBefore, nonce)
            ),
            signature
        );

        _markAuthorizationAsUsed(from, nonce);
        _transfer(from, to, value);
    }

    /**
     * @notice Receive a transfer with a signed authorization from the payer
     * @dev This has an additional check to ensure that the payee's address
     * matches the caller of this function to prevent front-running attacks.
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param v             v of the signature
     * @param r             r of the signature
     * @param s             s of the signature
     */
    function _receiveWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        _receiveWithAuthorization(from, to, value, validAfter, validBefore, nonce, abi.encodePacked(r, s, v));
    }

    /**
     * @notice Receive a transfer with a signed authorization from the payer
     * @dev This has an additional check to ensure that the payee's address
     * matches the caller of this function to prevent front-running attacks.
     * EOA wallet signatures should be packed in the order of r, s, v.
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param signature     Signature byte array produced by an EOA wallet or a contract wallet
     */
    function _receiveWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        bytes memory signature
    ) internal {
        require(to == msg.sender, "FiatTokenV2: caller must be the payee");
        _requireValidAuthorization(from, nonce, validAfter, validBefore);
        _requireValidSignature(
            from,
            keccak256(abi.encode(RECEIVE_WITH_AUTHORIZATION_TYPEHASH, from, to, value, validAfter, validBefore, nonce)),
            signature
        );

        _markAuthorizationAsUsed(from, nonce);
        _transfer(from, to, value);
    }

    /**
     * @notice Attempt to cancel an authorization
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     * @param v             v of the signature
     * @param r             r of the signature
     * @param s             s of the signature
     */
    function _cancelAuthorization(address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s) internal {
        _cancelAuthorization(authorizer, nonce, abi.encodePacked(r, s, v));
    }

    /**
     * @notice Attempt to cancel an authorization
     * @dev EOA wallet signatures should be packed in the order of r, s, v.
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     * @param signature     Signature byte array produced by an EOA wallet or a contract wallet
     */
    function _cancelAuthorization(address authorizer, bytes32 nonce, bytes memory signature) internal {
        _requireUnusedAuthorization(authorizer, nonce);
        _requireValidSignature(
            authorizer,
            keccak256(abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer, nonce)),
            signature
        );

        _authorizationStates[authorizer][nonce] = true;
        emit AuthorizationCanceled(authorizer, nonce);
    }

    /**
     * @notice Validates that signature against input data struct
     * @param signer        Signer's address
     * @param dataHash      Hash of encoded data struct
     * @param signature     Signature byte array produced by an EOA wallet or a contract wallet
     */
    function _requireValidSignature(address signer, bytes32 dataHash, bytes memory signature) private view {
        require(
            SignatureChecker.isValidSignatureNow(
                signer,
                MessageHashUtils.toTypedDataHash(_domainSeparator(), dataHash),
                signature
            ),
            "FiatTokenV2: invalid signature"
        );
    }

    /**
     * @notice Check that an authorization is unused
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     */
    function _requireUnusedAuthorization(address authorizer, bytes32 nonce) private view {
        require(!_authorizationStates[authorizer][nonce], "FiatTokenV2: authorization is used or canceled");
    }

    /**
     * @notice Check that authorization is valid
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     */
    function _requireValidAuthorization(
        address authorizer,
        bytes32 nonce,
        uint256 validAfter,
        uint256 validBefore
    ) private view {
        require(block.timestamp > validAfter, "FiatTokenV2: authorization is not yet valid");
        require(block.timestamp < validBefore, "FiatTokenV2: authorization is expired");
        _requireUnusedAuthorization(authorizer, nonce);
    }

    /**
     * @notice Mark an authorization as used
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     */
    function _markAuthorizationAsUsed(address authorizer, bytes32 nonce) private {
        _authorizationStates[authorizer][nonce] = true;
        emit AuthorizationUsed(authorizer, nonce);
    }
}

File 143 of 159 : EIP712Domain.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

// solhint-disable func-name-mixedcase

/**
 * @title EIP712 Domain
 */
contract EIP712Domain {
    // was originally DOMAIN_SEPARATOR
    // but that has been moved to a method so we can override it in V2_2+
    bytes32 internal _DEPRECATED_CACHED_DOMAIN_SEPARATOR;

    /**
     * @notice Get the EIP712 Domain Separator.
     * @return The bytes32 EIP712 domain separator.
     */
    function DOMAIN_SEPARATOR() external view returns (bytes32) {
        return _domainSeparator();
    }

    /**
     * @dev Internal method to get the EIP712 Domain Separator.
     * @return The bytes32 EIP712 domain separator.
     */
    function _domainSeparator() internal view virtual returns (bytes32) {
        return _DEPRECATED_CACHED_DOMAIN_SEPARATOR;
    }
}

File 144 of 159 : FiatTokenUtil.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

contract FiatTokenUtil {
    // (address,address,uint256,uint256,uint256,bytes32) = 20*2 + 32*4 = 168
    uint256 private constant _TRANSFER_PARAM_SIZE = 168;
    // (uint8,bytes32,bytes32) = 1 + 32*2 = 65
    uint256 private constant _SIGNATURE_SIZE = 65;
    // keccak256("transferWithAuthorization(address,address,uint256,uint256,uint256,bytes32,uint8,bytes32,bytes32)")[0:4]
    bytes4 private constant _TRANSFER_WITH_AUTHORIZATION_SELECTOR = 0xe3ee160e;

    address private _fiatToken;

    event TransferFailed(address indexed authorizer, bytes32 indexed nonce);

    /**
     * @notice Constructor
     * @dev If FiatTokenProxy is used to hold state and delegate calls, the
     * proxy's address should be provided, not the implementation address
     * @param fiatToken Address of the FiatToken contract
     */
    constructor(address fiatToken) {
        _fiatToken = fiatToken;
    }

    /**
     * @notice Execute multiple authorized ERC20 Transfers
     * @dev The length of params must be multiples of 168, each representing
     * encode-packed data containing from[20] + to[20] + value[32] +
     * validAfter[32] + validBefore[32] + nonce[32], and the length of
     * signatures must be multiples of 65, each representing encode-packed data
     * containing v[1] + r[32] + s[32].
     * @param params      Concatenated, encode-packed parameters
     * @param signatures  Concatenated, encode-packed signatures
     * @param atomic      If true, revert if any of the transfers fail
     * @return            True if every transfer was successful
     */
    function transferWithMultipleAuthorizations(
        bytes calldata params,
        bytes calldata signatures,
        bool atomic
    ) external returns (bool) {
        uint256 num = params.length / _TRANSFER_PARAM_SIZE;
        require(num > 0, "FiatTokenUtil: no transfer provided");
        require(num * _TRANSFER_PARAM_SIZE == params.length, "FiatTokenUtil: length of params is invalid");
        require(
            signatures.length / _SIGNATURE_SIZE == num && num * _SIGNATURE_SIZE == signatures.length,
            "FiatTokenUtil: length of signatures is invalid"
        );

        uint256 numSuccessful = 0;

        for (uint256 i = 0; i < num; i++) {
            uint256 paramsOffset = i * _TRANSFER_PARAM_SIZE;
            uint256 sigOffset = i * _SIGNATURE_SIZE;

            // extract from and to
            bytes memory fromTo = _unpackAddresses(abi.encodePacked(params[paramsOffset:paramsOffset + 40]));
            // extract value, validAfter, validBefore, and nonce
            bytes memory other4 = abi.encodePacked(params[paramsOffset + 40:paramsOffset + _TRANSFER_PARAM_SIZE]);
            // extract v
            uint8 v = uint8(signatures[sigOffset]);
            // extract r and s
            bytes memory rs = abi.encodePacked(signatures[sigOffset + 1:sigOffset + _SIGNATURE_SIZE]);

            // Call transferWithAuthorization with the extracted parameters
            // solhint-disable-next-line avoid-low-level-calls
            (bool success, bytes memory returnData) = _fiatToken.call(
                abi.encodePacked(_TRANSFER_WITH_AUTHORIZATION_SELECTOR, fromTo, other4, abi.encode(v), rs)
            );

            // Revert if atomic is true, and the call was not successful
            if (atomic && !success) {
                _revertWithReasonFromReturnData(returnData);
            }

            // Increment the number of successful transfers
            if (success) {
                numSuccessful++;
            } else {
                // extract from
                (address from, ) = abi.decode(fromTo, (address, address));
                // extract nonce
                (, , , bytes32 nonce) = abi.decode(other4, (uint256, uint256, uint256, bytes32));
                emit TransferFailed(from, nonce);
            }
        }

        // Return true if all transfers were successful
        return numSuccessful == num;
    }

    /**
     * @dev Converts encodePacked pair of addresses (20bytes + 20 bytes) to
     * regular ABI-encoded pair of addresses (32bytes + 32bytes)
     * @param packed Packed data (40 bytes)
     * @return Unpacked data (64 bytes)
     */
    function _unpackAddresses(bytes memory packed) private pure returns (bytes memory) {
        address addr1;
        address addr2;
        assembly {
            addr1 := mload(add(packed, 20))
            addr2 := mload(add(packed, 40))
        }
        return abi.encode(addr1, addr2);
    }

    /**
     * @dev Revert with reason string extracted from the return data
     * @param returnData    Return data from a call
     */
    function _revertWithReasonFromReturnData(bytes memory returnData) private pure {
        // Return data will be at least 100 bytes if it contains the reason
        // string: Error(string) selector[4] + string offset[32] + string
        // length[32] + string data[32] = 100
        if (returnData.length < 100) {
            revert("FiatTokenUtil: call failed");
        }

        // If the reason string exists, extract it, and bubble it up
        string memory reason;
        assembly {
            // Skip over the bytes length[32] + Error(string) selector[4] +
            // string offset[32] = 68 (0x44)
            reason := add(returnData, 0x44)
        }

        revert(reason);
    }
}

File 145 of 159 : FiatTokenV2_1.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV2 } from "./FiatTokenV2.sol";

// solhint-disable func-name-mixedcase

/**
 * @title FiatToken V2.1
 * @notice ERC20 Token backed by fiat reserves, version 2.1
 */
contract FiatTokenV2_1 is FiatTokenV2 {
    /**
     * @notice Initialize v2.1
     * @param lostAndFound  The address to which the locked funds are sent
     */
    function initializeV2_1(address lostAndFound) external {
        // solhint-disable-next-line reason-string
        require(_initializedVersion == 1);

        uint256 lockedAmount = _balanceOf(address(this));
        if (lockedAmount > 0) {
            _transfer(address(this), lostAndFound, lockedAmount);
        }
        _blacklist(address(this));

        _initializedVersion = 2;
    }

    /**
     * @notice Version string for the EIP712 domain separator
     * @return Version string
     */
    function version() external pure returns (string memory) {
        return "2";
    }
}

File 146 of 159 : FiatTokenV2_2.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { EIP712Domain } from "./EIP712Domain.sol"; // solhint-disable-line no-unused-import
import { Blacklistable } from "../v1/Blacklistable.sol"; // solhint-disable-line no-unused-import
import { FiatTokenV1 } from "../v1/FiatTokenV1.sol"; // solhint-disable-line no-unused-import
import { FiatTokenV2 } from "./FiatTokenV2.sol"; // solhint-disable-line no-unused-import
import { FiatTokenV2_1 } from "./FiatTokenV2_1.sol";
import { EIP712 } from "../util/EIP712.sol";
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

// solhint-disable func-name-mixedcase

/**
 * @title FiatToken V2.2
 * @notice ERC20 Token backed by fiat reserves, version 2.2
 */
contract FiatTokenV2_2 is FiatTokenV2_1 {
    using SafeERC20 for IERC20;
    /**
     * @notice Initialize v2.2
     * @param accountsToBlacklist   A list of accounts to migrate from the old blacklist
     * @param newSymbol             New token symbol
     * data structure to the new blacklist data structure.
     */
    function initializeV2_2(address[] calldata accountsToBlacklist, string calldata newSymbol) external {
        // solhint-disable-next-line reason-string
        require(_initializedVersion == 2);

        // Update fiat token symbol
        symbol = newSymbol;

        // Add previously blacklisted accounts to the new blacklist data structure
        // and remove them from the old blacklist data structure.
        for (uint256 i = 0; i < accountsToBlacklist.length; i++) {
            require(
                _deprecatedBlacklisted[accountsToBlacklist[i]],
                "FiatTokenV2_2: Blacklisting previously unblacklisted account!"
            );
            _blacklist(accountsToBlacklist[i]);
            delete _deprecatedBlacklisted[accountsToBlacklist[i]];
        }
        _blacklist(address(this));
        delete _deprecatedBlacklisted[address(this)];

        _initializedVersion = 3;
    }

    /**
     * @dev Internal function to get the current chain id.
     * @return The current chain id.
     */
    function _chainId() internal view virtual returns (uint256) {
        uint256 chainId;
        assembly {
            chainId := chainid()
        }
        return chainId;
    }

    /**
     * @inheritdoc EIP712Domain
     */
    function _domainSeparator() internal view override returns (bytes32) {
        return EIP712.makeDomainSeparator(name, "2", _chainId());
    }

    /**
     * @notice Update allowance with a signed permit
     * @dev EOA wallet signatures should be packed in the order of r, s, v.
     * @param owner       Token owner's address (Authorizer)
     * @param spender     Spender's address
     * @param value       Amount of allowance
     * @param deadline    The time at which the signature expires (unix time), or max uint256 value to signal no expiration
     * @param signature   Signature bytes signed by an EOA wallet or a contract wallet
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        bytes memory signature
    ) external whenNotPaused {
        _permit(owner, spender, value, deadline, signature);
    }

    /**
     * @notice Execute a transfer with a signed authorization
     * @dev EOA wallet signatures should be packed in the order of r, s, v.
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param signature     Signature bytes signed by an EOA wallet or a contract wallet
     */
    function transferWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        bytes memory signature
    ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
        _transferWithAuthorization(from, to, value, validAfter, validBefore, nonce, signature);
    }

    /**
     * @notice Receive a transfer with a signed authorization from the payer
     * @dev This has an additional check to ensure that the payee's address
     * matches the caller of this function to prevent front-running attacks.
     * EOA wallet signatures should be packed in the order of r, s, v.
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param signature     Signature bytes signed by an EOA wallet or a contract wallet
     */
    function receiveWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        bytes memory signature
    ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
        _receiveWithAuthorization(from, to, value, validAfter, validBefore, nonce, signature);
    }

    /**
     * @notice Attempt to cancel an authorization
     * @dev Works only if the authorization is not yet used.
     * EOA wallet signatures should be packed in the order of r, s, v.
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     * @param signature     Signature bytes signed by an EOA wallet or a contract wallet
     */
    function cancelAuthorization(address authorizer, bytes32 nonce, bytes memory signature) external whenNotPaused {
        _cancelAuthorization(authorizer, nonce, signature);
    }

    /**
     * @dev Helper method that sets the blacklist state of an account on balanceAndBlacklistStates.
     * If _shouldBlacklist is true, we apply a (1 << 255) bitmask with an OR operation on the
     * account's balanceAndBlacklistState. This flips the high bit for the account to 1,
     * indicating that the account is blacklisted.
     *
     * If _shouldBlacklist if false, we reset the account's balanceAndBlacklistStates to their
     * balances. This clears the high bit for the account, indicating that the account is unblacklisted.
     * @param _account         The address of the account.
     * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted.
     */
    function _setBlacklistState(address _account, bool _shouldBlacklist) internal override {
        balanceAndBlacklistStates[_account] = _shouldBlacklist
            ? balanceAndBlacklistStates[_account] | (1 << 255)
            : _balanceOf(_account);
    }

    /**
     * @dev Helper method that sets the balance of an account on balanceAndBlacklistStates.
     * Since balances are stored in the last 255 bits of the balanceAndBlacklistStates value,
     * we need to ensure that the updated balance does not exceed (2^255 - 1).
     * Since blacklisted accounts' balances cannot be updated, the method will also
     * revert if the account is blacklisted
     * @param _account The address of the account.
     * @param _balance The new fiat token balance of the account (max: (2^255 - 1)).
     */
    function _setBalance(address _account, uint256 _balance) internal override {
        require(_balance <= ((1 << 255) - 1), "FiatTokenV2_2: Balance exceeds (2^255 - 1)");
        require(!_isBlacklisted(_account), "FiatTokenV2_2: Account is blacklisted");

        balanceAndBlacklistStates[_account] = _balance;
    }

    /**
     * @inheritdoc Blacklistable
     */
    function _isBlacklisted(address _account) internal view override returns (bool) {
        return balanceAndBlacklistStates[_account] >> 255 == 1;
    }

    /**
     * @dev Helper method to obtain the balance of an account. Since balances
     * are stored in the last 255 bits of the balanceAndBlacklistStates value,
     * we apply a ((1 << 255) - 1) bit bitmask with an AND operation on the
     * balanceAndBlacklistState to obtain the balance.
     * @param _account  The address of the account.
     * @return          The fiat token balance of the account.
     */
    function _balanceOf(address _account) internal view override returns (uint256) {
        return balanceAndBlacklistStates[_account] & ((1 << 255) - 1);
    }

    /**
     * @inheritdoc FiatTokenV1
     */
    function approve(
        address spender,
        uint256 value
    ) external override(FiatTokenV1, IERC20) whenNotPaused returns (bool) {
        _approve(msg.sender, spender, value);
        return true;
    }

    /**
     * @inheritdoc FiatTokenV2
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external override whenNotPaused {
        _permit(owner, spender, value, deadline, v, r, s);
    }

    /**
     * @inheritdoc FiatTokenV2
     */
    function increaseAllowance(address spender, uint256 increment) external override whenNotPaused returns (bool) {
        _increaseAllowance(msg.sender, spender, increment);
        return true;
    }

    /**
     * @inheritdoc FiatTokenV2
     */
    function decreaseAllowance(address spender, uint256 decrement) external override whenNotPaused returns (bool) {
        _decreaseAllowance(msg.sender, spender, decrement);
        return true;
    }
}

File 147 of 159 : FiatTokenV2.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV1_1 } from "../v1.1/FiatTokenV1_1.sol";
import { EIP712 } from "../util/EIP712.sol";
import { EIP3009 } from "./EIP3009.sol";
import { EIP2612 } from "./EIP2612.sol";

/**
 * @title FiatToken V2
 * @notice ERC20 Token backed by fiat reserves, version 2
 */
contract FiatTokenV2 is FiatTokenV1_1, EIP3009, EIP2612 {
    uint8 internal _initializedVersion;

    /**
     * @notice Initialize v2
     * @param newName   New token name
     */
    function initializeV2(string calldata newName) external {
        // solhint-disable-next-line reason-string
        require(initialized && _initializedVersion == 0);
        name = newName;
        _DEPRECATED_CACHED_DOMAIN_SEPARATOR = EIP712.makeDomainSeparator(newName, "2");
        _initializedVersion = 1;
    }

    /**
     * @notice Increase the allowance by a given increment
     * @param spender   Spender's address
     * @param increment Amount of increase in allowance
     * @return True if successful
     */
    function increaseAllowance(
        address spender,
        uint256 increment
    ) external virtual whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) {
        _increaseAllowance(msg.sender, spender, increment);
        return true;
    }

    /**
     * @notice Decrease the allowance by a given decrement
     * @param spender   Spender's address
     * @param decrement Amount of decrease in allowance
     * @return True if successful
     */
    function decreaseAllowance(
        address spender,
        uint256 decrement
    ) external virtual whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) {
        _decreaseAllowance(msg.sender, spender, decrement);
        return true;
    }

    /**
     * @notice Execute a transfer with a signed authorization
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param v             v of the signature
     * @param r             r of the signature
     * @param s             s of the signature
     */
    function transferWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
        _transferWithAuthorization(from, to, value, validAfter, validBefore, nonce, v, r, s);
    }

    /**
     * @notice Receive a transfer with a signed authorization from the payer
     * @dev This has an additional check to ensure that the payee's address
     * matches the caller of this function to prevent front-running attacks.
     * @param from          Payer's address (Authorizer)
     * @param to            Payee's address
     * @param value         Amount to be transferred
     * @param validAfter    The time after which this is valid (unix time)
     * @param validBefore   The time before which this is valid (unix time)
     * @param nonce         Unique nonce
     * @param v             v of the signature
     * @param r             r of the signature
     * @param s             s of the signature
     */
    function receiveWithAuthorization(
        address from,
        address to,
        uint256 value,
        uint256 validAfter,
        uint256 validBefore,
        bytes32 nonce,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
        _receiveWithAuthorization(from, to, value, validAfter, validBefore, nonce, v, r, s);
    }

    /**
     * @notice Attempt to cancel an authorization
     * @dev Works only if the authorization is not yet used.
     * @param authorizer    Authorizer's address
     * @param nonce         Nonce of the authorization
     * @param v             v of the signature
     * @param r             r of the signature
     * @param s             s of the signature
     */
    function cancelAuthorization(
        address authorizer,
        bytes32 nonce,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external whenNotPaused {
        _cancelAuthorization(authorizer, nonce, v, r, s);
    }

    /**
     * @notice Update allowance with a signed permit
     * @param owner       Token owner's address (Authorizer)
     * @param spender     Spender's address
     * @param value       Amount of allowance
     * @param deadline    The time at which the signature expires (unix time), or max uint256 value to signal no expiration
     * @param v           v of the signature
     * @param r           r of the signature
     * @param s           s of the signature
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external virtual whenNotPaused notBlacklisted(owner) notBlacklisted(spender) {
        _permit(owner, spender, value, deadline, v, r, s);
    }

    /**
     * @dev Internal function to increase the allowance by a given increment
     * @param owner     Token owner's address
     * @param spender   Spender's address
     * @param increment Amount of increase
     */
    function _increaseAllowance(address owner, address spender, uint256 increment) internal override {
        _approve(owner, spender, allowed[owner][spender] + increment);
    }

    /**
     * @dev Internal function to decrease the allowance by a given decrement
     * @param owner     Token owner's address
     * @param spender   Spender's address
     * @param decrement Amount of decrease
     */
    function _decreaseAllowance(address owner, address spender, uint256 decrement) internal override {
        uint256 allowance = allowed[owner][spender];
        require(decrement <= allowance, "ERC20: decreased allowance below zero");
        _approve(owner, spender, allowed[owner][spender] - decrement);
    }
}

File 148 of 159 : AbstractV2Upgrader.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { Ownable } from "../../v1/Ownable.sol";
import { FiatTokenProxy } from "../../v1/FiatTokenProxy.sol";
import { AbstractUpgraderHelper } from "./helpers/AbstractUpgraderHelper.sol";

/**
 * @dev An abstract contract to encapsulate any common logic
 * for any V2+ Upgrader contracts.
 */
abstract contract AbstractV2Upgrader is Ownable {
    FiatTokenProxy internal _proxy;
    address internal _implementation;
    address internal _newProxyAdmin;
    AbstractUpgraderHelper internal _helper;

    /**
     * @notice Constructor
     * @param proxy             FiatTokenProxy contract
     * @param implementation    Address of the implementation contract
     * @param newProxyAdmin     Grantee of proxy admin role after upgrade
     */
    constructor(FiatTokenProxy proxy, address implementation, address newProxyAdmin) Ownable() {
        _proxy = proxy;
        _implementation = implementation;
        _newProxyAdmin = newProxyAdmin;
    }

    /**
     * @notice The address of the FiatTokenProxy contract
     * @return Contract address
     */
    function proxy() external view returns (address) {
        return address(_proxy);
    }

    /**
     * @notice The address of the FiatTokenV2 implementation contract
     * @return Contract address
     */
    function implementation() external view returns (address) {
        return _implementation;
    }

    /**
     * @notice The address of the V2UpgraderHelper contract
     * @return Contract address
     */
    function helper() external view returns (address) {
        return address(_helper);
    }

    /**
     * @notice The address to which the proxy admin role will be transferred
     * after the upgrade is completed
     * @return Address
     */
    function newProxyAdmin() external view returns (address) {
        return _newProxyAdmin;
    }

    /**
     * @notice Withdraw any FiatToken in the contract
     */
    function withdrawFiatToken() public onlyOwner {
        IERC20 fiatToken = IERC20(address(_proxy));
        uint256 balance = fiatToken.balanceOf(address(this));
        if (balance > 0) {
            require(fiatToken.transfer(msg.sender, balance), "Failed to withdraw FiatToken");
        }
    }

    /**
     * @notice Transfer proxy admin role to newProxyAdmin, and self-destruct
     */
    function abortUpgrade() external onlyOwner {
        // Transfer proxy admin role
        _proxy.changeAdmin(_newProxyAdmin);

        // Tear down
        tearDown();
    }

    /**
     * @dev Tears down the helper contract followed by this contract.
     */
    function tearDown() internal {
        _helper.tearDown();
        // TODO See if we can delete these contracts
        // @notice selfdestruct is not supported on zkSync
        // selfdestruct(payable(msg.sender));
    }
}

File 149 of 159 : AbstractUpgraderHelper.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
pragma solidity ^0.8.0;

import { Ownable } from "../../../v1/Ownable.sol";

/**
 * @dev An abstract contract to encapsulate any common logic for any V2+ Upgrader Helper contracts.
 * The helper enables the upgrader to read some contract state before it renounces the
 * proxy admin role (Proxy admins cannot call delegated methods).
 */
abstract contract AbstractUpgraderHelper is Ownable {
    address internal _proxy;

    /**
     * @notice Constructor
     * @param fiatTokenProxy    Address of the FiatTokenProxy contract
     */
    constructor(address fiatTokenProxy) Ownable() {
        _proxy = fiatTokenProxy;
    }

    /**
     * @notice The address of the FiatTokenProxy contract
     * @return Contract address
     */
    function proxy() external view returns (address) {
        return _proxy;
    }

    /**
     * @notice Tear down the contract (self-destruct)
     */
    function tearDown() external onlyOwner {
        // TODO See if we can delete these contracts
        // @notice selfdestruct is not supported on zkSync
        // selfdestruct(payable(msg.sender));
    }
}

File 150 of 159 : V2_2UpgraderHelper.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV2_1 } from "../../../v2/FiatTokenV2_1.sol";
import { V2UpgraderHelper } from "./V2UpgraderHelper.sol";

/**
 * @title V2.2 Upgrader Helper
 * @dev Enables V2_2Upgrader to read some contract state before it renounces the
 * proxy admin role. (Proxy admins cannot call delegated methods). It is also
 * used to test approve/transferFrom.
 */
contract V2_2UpgraderHelper is V2UpgraderHelper {
    /**
     * @notice Constructor
     * @param fiatTokenProxy    Address of the FiatTokenProxy contract
     */
    constructor(address fiatTokenProxy) V2UpgraderHelper(fiatTokenProxy) {}

    /**
     * @notice Call version()
     * @return version
     */
    function version() external view returns (string memory) {
        return FiatTokenV2_1(_proxy).version();
    }

    /**
     * @notice Call DOMAIN_SEPARATOR()
     * @return domainSeparator
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view returns (bytes32) {
        return FiatTokenV2_1(_proxy).DOMAIN_SEPARATOR();
    }

    /**
     * @notice Call rescuer()
     * @return rescuer
     */
    function rescuer() external view returns (address) {
        return FiatTokenV2_1(_proxy).rescuer();
    }

    /**
     * @notice Call paused()
     * @return paused
     */
    function paused() external view returns (bool) {
        return FiatTokenV2_1(_proxy).paused();
    }

    /**
     * @notice Call totalSupply()
     * @return totalSupply
     */
    function totalSupply() external view returns (uint256) {
        return FiatTokenV2_1(_proxy).totalSupply();
    }
}

File 151 of 159 : V2UpgraderHelper.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV1 } from "../../../v1/FiatTokenV1.sol";
import { AbstractUpgraderHelper } from "./AbstractUpgraderHelper.sol";

/**
 * @title V2 Upgrader Helper
 * @dev Enables V2Upgrader to read some contract state before it renounces the
 * proxy admin role. (Proxy admins cannot call delegated methods). It is also
 * used to test approve/transferFrom.
 */
contract V2UpgraderHelper is AbstractUpgraderHelper {
    /**
     * @notice Constructor
     * @param fiatTokenProxy    Address of the FiatTokenProxy contract
     */
    constructor(address fiatTokenProxy) AbstractUpgraderHelper(fiatTokenProxy) {}

    /**
     * @notice Call name()
     * @return name
     */
    function name() external view returns (string memory) {
        return FiatTokenV1(_proxy).name();
    }

    /**
     * @notice Call symbol()
     * @return symbol
     */
    function symbol() external view returns (string memory) {
        return FiatTokenV1(_proxy).symbol();
    }

    /**
     * @notice Call decimals()
     * @return decimals
     */
    function decimals() external view returns (uint8) {
        return FiatTokenV1(_proxy).decimals();
    }

    /**
     * @notice Call currency()
     * @return currency
     */
    function currency() external view returns (string memory) {
        return FiatTokenV1(_proxy).currency();
    }

    /**
     * @notice Call masterMinter()
     * @return masterMinter
     */
    function masterMinter() external view returns (address) {
        return FiatTokenV1(_proxy).masterMinter();
    }

    /**
     * @notice Call owner()
     * @dev Renamed to fiatTokenOwner due to the existence of Ownable.owner()
     * @return owner
     */
    function fiatTokenOwner() external view returns (address) {
        return FiatTokenV1(_proxy).owner();
    }

    /**
     * @notice Call pauser()
     * @return pauser
     */
    function pauser() external view returns (address) {
        return FiatTokenV1(_proxy).pauser();
    }

    /**
     * @notice Call blacklister()
     * @return blacklister
     */
    function blacklister() external view returns (address) {
        return FiatTokenV1(_proxy).blacklister();
    }

    /**
     * @notice Call balanceOf(address)
     * @param account   Account
     * @return balance
     */
    function balanceOf(address account) external view returns (uint256) {
        return FiatTokenV1(_proxy).balanceOf(account);
    }

    /**
     * @notice Call transferFrom(address,address,uint256)
     * @param from     Sender
     * @param to       Recipient
     * @param value    Amount
     * @return result
     */
    function transferFrom(address from, address to, uint256 value) external returns (bool) {
        return FiatTokenV1(_proxy).transferFrom(from, to, value);
    }
}

File 152 of 159 : V2_1Upgrader.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV2_1 } from "../FiatTokenV2_1.sol";
import { FiatTokenProxy } from "../../v1/FiatTokenProxy.sol";
import { V2UpgraderHelper } from "./helpers/V2UpgraderHelper.sol";
import { AbstractV2Upgrader } from "./AbstractV2Upgrader.sol";

/**
 * @title V2.1 Upgrader
 * @notice Performs FiatToken v2.1 upgrade, and runs a basic sanity test in a single
 * atomic transaction, rolling back if any issues are found. By performing the
 * upgrade atomically, it ensures that there is no disruption of service if the
 * upgrade is not successful for some unforeseen circumstances.
 * @dev Read doc/v2.1_upgrade.md
 */
contract V2_1Upgrader is AbstractV2Upgrader {
    address private _lostAndFound;

    /**
     * @notice Constructor
     * @param proxy             FiatTokenProxy contract
     * @param implementation    FiatTokenV2_1 implementation contract
     * @param newProxyAdmin     Grantee of proxy admin role after upgrade
     * @param lostAndFound      The address to which the locked funds are sent
     */
    constructor(
        FiatTokenProxy proxy,
        FiatTokenV2_1 implementation,
        address newProxyAdmin,
        address lostAndFound
    ) AbstractV2Upgrader(proxy, address(implementation), newProxyAdmin) {
        _lostAndFound = lostAndFound;
        _helper = new V2UpgraderHelper(address(proxy));
    }

    /**
     * @notice The address to which the locked funds will be sent as part of the
     * initialization process
     * @return Address
     */
    function lostAndFound() external view returns (address) {
        return _lostAndFound;
    }

    /**
     * @notice Upgrade, transfer proxy admin role to a given address, run a
     * sanity test, and tear down the upgrader contract, in a single atomic
     * transaction. It rolls back if there is an error.
     */
    function upgrade() external onlyOwner {
        // The helper needs to be used to read contract state because
        // AdminUpgradeabilityProxy does not allow the proxy admin to make
        // proxy calls.
        V2UpgraderHelper v2_1Helper = V2UpgraderHelper(address(_helper));

        // Check that this contract sufficient funds to run the tests
        uint256 contractBal = v2_1Helper.balanceOf(address(this));
        require(contractBal >= 2e5, "V2_1Upgrader: 0.2 FiatToken needed");

        uint256 callerBal = v2_1Helper.balanceOf(msg.sender);

        // Keep original contract metadata
        string memory name = v2_1Helper.name();
        string memory symbol = v2_1Helper.symbol();
        uint8 decimals = v2_1Helper.decimals();
        string memory currency = v2_1Helper.currency();
        address masterMinter = v2_1Helper.masterMinter();
        address owner = v2_1Helper.fiatTokenOwner();
        address pauser = v2_1Helper.pauser();
        address blacklister = v2_1Helper.blacklister();

        // Change implementation contract address
        _proxy.upgradeTo(_implementation);

        // Transfer proxy admin role
        _proxy.changeAdmin(_newProxyAdmin);

        // Initialize V2 contract
        FiatTokenV2_1 v2_1 = FiatTokenV2_1(address(_proxy));
        v2_1.initializeV2_1(_lostAndFound);

        // Sanity test
        // Check metadata
        require(
            keccak256(bytes(name)) == keccak256(bytes(v2_1.name())) &&
                keccak256(bytes(symbol)) == keccak256(bytes(v2_1.symbol())) &&
                decimals == v2_1.decimals() &&
                keccak256(bytes(currency)) == keccak256(bytes(v2_1.currency())) &&
                masterMinter == v2_1.masterMinter() &&
                owner == v2_1.owner() &&
                pauser == v2_1.pauser() &&
                blacklister == v2_1.blacklister(),
            "V2_1Upgrader: metadata test failed"
        );

        // Test balanceOf
        require(v2_1.balanceOf(address(this)) == contractBal, "V2_1Upgrader: balanceOf test failed");

        // Test transfer
        require(
            v2_1.transfer(msg.sender, 1e5) &&
                v2_1.balanceOf(msg.sender) == callerBal + 1e5 &&
                v2_1.balanceOf(address(this)) == contractBal - 1e5,
            "V2_1Upgrader: transfer test failed"
        );

        // Test approve/transferFrom
        require(
            v2_1.approve(address(v2_1Helper), 1e5) &&
                v2_1.allowance(address(this), address(v2_1Helper)) == 1e5 &&
                v2_1Helper.transferFrom(address(this), msg.sender, 1e5) &&
                v2_1.allowance(address(this), msg.sender) == 0 &&
                v2_1.balanceOf(msg.sender) == callerBal + 2e5 &&
                v2_1.balanceOf(address(this)) == contractBal - 2e5,
            "V2_1Upgrader: approve/transferFrom test failed"
        );

        // Transfer any remaining FiatToken to the caller
        withdrawFiatToken();

        // Tear down
        tearDown();
    }
}

File 153 of 159 : V2_2Upgrader.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV2_2 } from "../FiatTokenV2_2.sol";
import { FiatTokenProxy } from "../../v1/FiatTokenProxy.sol";
import { V2_2UpgraderHelper } from "./helpers/V2_2UpgraderHelper.sol";
import { AbstractV2Upgrader } from "./AbstractV2Upgrader.sol";

/**
 * @title V2.2 Upgrader
 * @notice Performs FiatToken v2.2 upgrade, and runs a basic sanity test in a single
 * atomic transaction, rolling back if any issues are found. By performing the
 * upgrade atomically, it ensures that there is no disruption of service if the
 * upgrade is not successful for some unforeseen circumstances.
 * @dev Read doc/v2.2_upgrade.md
 */
contract V2_2Upgrader is AbstractV2Upgrader {
    struct FiatTokenMetadata {
        string name;
        uint8 decimals;
        string currency;
        string version;
        bytes32 domainSeparator;
        address masterMinter;
        address owner;
        address pauser;
        address blacklister;
        address rescuer;
        bool paused;
        uint256 totalSupply;
    }

    address[] private _accountsToBlacklist;
    string private _newSymbol;

    /**
     * @notice Constructor
     * @param proxy               FiatTokenProxy contract
     * @param implementation      FiatTokenV2_2 implementation contract
     * @param newProxyAdmin       Grantee of proxy admin role after upgrade
     * @param accountsToBlacklist Accounts to add to the new blacklist data structure
     * @param newSymbol           New token symbol
     */
    constructor(
        FiatTokenProxy proxy,
        FiatTokenV2_2 implementation,
        address newProxyAdmin,
        address[] memory accountsToBlacklist,
        string memory newSymbol
    ) AbstractV2Upgrader(proxy, address(implementation), newProxyAdmin) {
        _helper = new V2_2UpgraderHelper(address(proxy));
        _accountsToBlacklist = accountsToBlacklist;
        _newSymbol = newSymbol;
    }

    /**
     * @notice The list of blacklisted accounts to migrate to the blacklist data structure.
     * @return Address[] the list of accounts to blacklist.
     */
    function accountsToBlacklist() external view returns (address[] memory) {
        return _accountsToBlacklist;
    }

    /**
     * @notice Upgrade, transfer proxy admin role to a given address, run a
     * sanity test, and tear down the upgrader contract, in a single atomic
     * transaction. It rolls back if there is an error.
     */
    function upgrade() external onlyOwner {
        // The helper needs to be used to read contract state because
        // AdminUpgradeabilityProxy does not allow the proxy admin to make
        // proxy calls.
        V2_2UpgraderHelper v2_2Helper = V2_2UpgraderHelper(address(_helper));

        // Check that this contract sufficient funds to run the tests
        uint256 contractBal = v2_2Helper.balanceOf(address(this));
        require(contractBal >= 2e5, "V2_2Upgrader: 0.2 FiatToken needed");

        uint256 callerBal = v2_2Helper.balanceOf(msg.sender);

        // Keep original contract metadata
        FiatTokenMetadata memory originalMetadata = FiatTokenMetadata(
            v2_2Helper.name(),
            v2_2Helper.decimals(),
            v2_2Helper.currency(),
            v2_2Helper.version(),
            v2_2Helper.DOMAIN_SEPARATOR(),
            v2_2Helper.masterMinter(),
            v2_2Helper.fiatTokenOwner(),
            v2_2Helper.pauser(),
            v2_2Helper.blacklister(),
            v2_2Helper.rescuer(),
            v2_2Helper.paused(),
            v2_2Helper.totalSupply()
        );

        // Change implementation contract address
        _proxy.upgradeTo(_implementation);

        // Transfer proxy admin role
        _proxy.changeAdmin(_newProxyAdmin);

        // Initialize V2 contract
        FiatTokenV2_2 v2_2 = FiatTokenV2_2(address(_proxy));
        v2_2.initializeV2_2(_accountsToBlacklist, _newSymbol);

        // Sanity test
        // Check metadata
        FiatTokenMetadata memory upgradedMetadata = FiatTokenMetadata(
            v2_2.name(),
            v2_2.decimals(),
            v2_2.currency(),
            v2_2.version(),
            v2_2.DOMAIN_SEPARATOR(),
            v2_2.masterMinter(),
            v2_2.owner(),
            v2_2.pauser(),
            v2_2.blacklister(),
            v2_2.rescuer(),
            v2_2.paused(),
            v2_2.totalSupply()
        );
        require(checkFiatTokenMetadataEqual(originalMetadata, upgradedMetadata), "V2_2Upgrader: metadata test failed");

        // Check symbol is updated
        require(keccak256(bytes(v2_2.symbol())) == keccak256(bytes(_newSymbol)), "V2_2Upgrader: symbol not updated");

        // Test balanceOf
        require(v2_2.balanceOf(address(this)) == contractBal, "V2_2Upgrader: balanceOf test failed");

        // Test transfer
        require(
            v2_2.transfer(msg.sender, 1e5) &&
                v2_2.balanceOf(msg.sender) == callerBal + 1e5 &&
                v2_2.balanceOf(address(this)) == contractBal - 1e5,
            "V2_2Upgrader: transfer test failed"
        );

        // Test approve/transferFrom
        require(
            v2_2.approve(address(v2_2Helper), 1e5) &&
                v2_2.allowance(address(this), address(v2_2Helper)) == 1e5 &&
                v2_2Helper.transferFrom(address(this), msg.sender, 1e5) &&
                v2_2.allowance(address(this), msg.sender) == 0 &&
                v2_2.balanceOf(msg.sender) == callerBal + 2e5 &&
                v2_2.balanceOf(address(this)) == contractBal - 2e5,
            "V2_2Upgrader: approve/transferFrom test failed"
        );

        // Transfer any remaining FiatToken to the caller
        withdrawFiatToken();

        // Tear down
        tearDown();
    }

    /**
     * @dev Checks whether two FiatTokenMetadata are equal.
     * @return true if the two metadata are equal, false otherwise.
     */
    function checkFiatTokenMetadataEqual(
        FiatTokenMetadata memory a,
        FiatTokenMetadata memory b
    ) private pure returns (bool) {
        return
            keccak256(bytes(a.name)) == keccak256(bytes(b.name)) &&
            a.decimals == b.decimals &&
            keccak256(bytes(a.currency)) == keccak256(bytes(b.currency)) &&
            keccak256(bytes(a.version)) == keccak256(bytes(b.version)) &&
            a.domainSeparator == b.domainSeparator &&
            a.masterMinter == b.masterMinter &&
            a.owner == b.owner &&
            a.pauser == b.pauser &&
            a.blacklister == b.blacklister &&
            a.rescuer == b.rescuer &&
            a.paused == b.paused &&
            a.totalSupply == b.totalSupply;
    }
}

File 154 of 159 : V2Upgrader.sol
// SPDX-License-Identifier: Apache-2.0

/**
 * Copyright 2023 Circle Internet Financial, LTD. All rights reserved.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

pragma solidity ^0.8.0;

import { FiatTokenV2 } from "../FiatTokenV2.sol";
import { FiatTokenProxy } from "../../v1/FiatTokenProxy.sol";
import { V2UpgraderHelper } from "./helpers/V2UpgraderHelper.sol";
import { AbstractV2Upgrader } from "./AbstractV2Upgrader.sol";

/**
 * @title V2 Upgrader
 * @notice Performs FiatToken v2 upgrade, and runs a basic sanity test in a single
 * atomic transaction, rolling back if any issues are found. By performing the
 * upgrade atomically, it ensures that there is no disruption of service if the
 * upgrade is not successful for some unforeseen circumstances.
 * @dev Read doc/v2_upgrade.md
 */
contract V2Upgrader is AbstractV2Upgrader {
    string private _newName;

    /**
     * @notice Constructor
     * @param proxy             FiatTokenProxy contract
     * @param implementation    FiatTokenV2 implementation contract
     * @param newProxyAdmin     Grantee of proxy admin role after upgrade
     * @param newName           New ERC20 name (e.g. "USD//C" -> "USD Coin")
     */
    constructor(
        FiatTokenProxy proxy,
        FiatTokenV2 implementation,
        address newProxyAdmin,
        string memory newName
    ) AbstractV2Upgrader(proxy, address(implementation), newProxyAdmin) {
        _newName = newName;
        _helper = new V2UpgraderHelper(address(proxy));
    }

    /**
     * @notice New ERC20 token name
     * @return New Name
     */
    function newName() external view returns (string memory) {
        return _newName;
    }

    /**
     * @notice Upgrade, transfer proxy admin role to a given address, run a
     * sanity test, and tear down the upgrader contract, in a single atomic
     * transaction. It rolls back if there is an error.
     */
    function upgrade() external onlyOwner {
        // The helper needs to be used to read contract state because
        // AdminUpgradeabilityProxy does not allow the proxy admin to make
        // proxy calls.
        V2UpgraderHelper v2Helper = V2UpgraderHelper(address(_helper));

        // Check that this contract sufficient funds to run the tests
        uint256 contractBal = v2Helper.balanceOf(address(this));
        require(contractBal >= 2e5, "V2Upgrader: 0.2 FiatToken needed");

        uint256 callerBal = v2Helper.balanceOf(msg.sender);

        // Keep original contract metadata
        string memory symbol = v2Helper.symbol();
        uint8 decimals = v2Helper.decimals();
        string memory currency = v2Helper.currency();
        address masterMinter = v2Helper.masterMinter();
        address owner = v2Helper.fiatTokenOwner();
        address pauser = v2Helper.pauser();
        address blacklister = v2Helper.blacklister();

        // Change implementation contract address
        _proxy.upgradeTo(_implementation);

        // Transfer proxy admin role
        _proxy.changeAdmin(_newProxyAdmin);

        // Initialize V2 contract
        FiatTokenV2 v2 = FiatTokenV2(address(_proxy));
        v2.initializeV2(_newName);

        // Sanity test
        // Check metadata
        require(
            keccak256(bytes(_newName)) == keccak256(bytes(v2.name())) &&
                keccak256(bytes(symbol)) == keccak256(bytes(v2.symbol())) &&
                decimals == v2.decimals() &&
                keccak256(bytes(currency)) == keccak256(bytes(v2.currency())) &&
                masterMinter == v2.masterMinter() &&
                owner == v2.owner() &&
                pauser == v2.pauser() &&
                blacklister == v2.blacklister(),
            "V2Upgrader: metadata test failed"
        );

        // Test balanceOf
        require(v2.balanceOf(address(this)) == contractBal, "V2Upgrader: balanceOf test failed");

        // Test transfer
        require(
            v2.transfer(msg.sender, 1e5) &&
                v2.balanceOf(msg.sender) == callerBal + 1e5 &&
                v2.balanceOf(address(this)) == contractBal - 1e5,
            "V2Upgrader: transfer test failed"
        );

        // Test approve/transferFrom
        require(
            v2.approve(address(v2Helper), 1e5) &&
                v2.allowance(address(this), address(v2Helper)) == 1e5 &&
                v2Helper.transferFrom(address(this), msg.sender, 1e5) &&
                v2.allowance(address(this), msg.sender) == 0 &&
                v2.balanceOf(msg.sender) == callerBal + 2e5 &&
                v2.balanceOf(address(this)) == contractBal - 2e5,
            "V2Upgrader: approve/transferFrom test failed"
        );

        // Transfer any remaining FiatToken to the caller
        withdrawFiatToken();

        // Tear down
        tearDown();
    }
}

File 155 of 159 : StargateOFTUSDC.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IBridgedUSDCMinter } from "../interfaces/IBridgedUSDCMinter.sol";
import { Transfer } from "../libs/Transfer.sol";
import { StargateOFT } from "../StargateOFT.sol";

/// @dev designed for bridged USDC migration per
/// @dev https://github.com/circlefin/stablecoin-evm/blob/master/doc/bridged_USDC_standard.md
contract StargateOFTUSDC is StargateOFT {
    constructor(
        address _token,
        uint8 _sharedDecimals,
        address _endpoint,
        address _owner
    ) StargateOFT(_token, _sharedDecimals, _endpoint, _owner) {}

    /// @dev Transfer USDC from the sender to this contract and burn it.
    function _inflow(address _from, uint256 _amountLD) internal virtual override returns (uint64 amountSD) {
        amountSD = _ld2sd(_amountLD);
        _amountLD = _sd2ld(amountSD); // remove dust
        Transfer.safeTransferTokenFrom(token, _from, address(this), _amountLD);
        IBridgedUSDCMinter(token).burn(_amountLD);
    }

    function _outflow(address _to, uint256 _amountLD) internal virtual override returns (bool success) {
        try IBridgedUSDCMinter(token).mint(_to, _amountLD) returns (bool s) {
            success = s;
        } catch {} // solhint-disable-line no-empty-blocks
    }
}

File 156 of 159 : StargatePoolUSDC.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { IBridgedUSDCMinter } from "../interfaces/IBridgedUSDCMinter.sol";
import { StargatePool } from "../StargatePool.sol";

/**
 * @title A StargatePool specialized for USDC which includes a function to burn credit to keep the total circulating
 *        amount constant.
 */
contract StargatePoolUSDC is StargatePool {
    error StargatePoolUSDC_BurnAmountExceedsBalance();

    address public burnAdmin;
    uint64 public burnAllowanceSD;

    constructor(
        string memory _lpTokenName,
        string memory _lpTokenSymbol,
        address _token,
        uint8 _tokenDecimals,
        uint8 _sharedDecimals,
        address _endpoint,
        address _owner
    ) StargatePool(_lpTokenName, _lpTokenSymbol, _token, _tokenDecimals, _sharedDecimals, _endpoint, _owner) {}

    /// @notice Allow a given address to burn up to a given amount of USDC.
    function allowBurn(address _burnAdmin, uint64 _burnAllowanceSD) external onlyOwner {
        burnAdmin = _burnAdmin;
        burnAllowanceSD = _burnAllowanceSD;
    }

    /**
     * @notice Burn USDC on the local chain.
     * @dev Used to burn locked USDC by a USDC admin during bridged USDC migration.
     * @dev https://github.com/circlefin/stablecoin-evm/blob/master/doc/bridged_USDC_standard.md
     * @dev The USDC contract owner has the power to blacklist this contract, so it is not adding any new exposure.
     */
    function burnLockedUSDC() external {
        if (msg.sender != burnAdmin) revert Stargate_Unauthorized();
        if (burnAllowanceSD > poolBalanceSD) revert StargatePoolUSDC_BurnAmountExceedsBalance();

        uint64 previousBurnAllowanceSD = burnAllowanceSD;

        poolBalanceSD -= burnAllowanceSD;
        burnAllowanceSD = 0;

        IBridgedUSDCMinter(token).burn(_sd2ld(previousBurnAllowanceSD));
        paths[localEid].burnCredit(previousBurnAllowanceSD);
    }
}

File 157 of 159 : LPToken.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.22;

import { ERC20Permit, ERC20 } from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";

/// @title A contract representing an ERC20Permit used for representing liquidity pool ownership.
contract LPToken is ERC20Permit {
    address public immutable stargate;
    uint8 internal immutable tokenDecimals;

    error LPToken_Unauthorized();

    modifier onlyStargate() {
        if (msg.sender != stargate) revert LPToken_Unauthorized();
        _;
    }

    /**
     * @notice Create a LP token to represent partial pool ownership.
     * @dev The sender of the message is set to the Stargate role. This is because it is expected that each
     *      StargatePool will create its own LPToken.
     * @param _name The name of the ERC20
     * @param _symbol The symbol for the ERC20
     * @param _decimals How many decimals does the ERC20 has
     */
    constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol) ERC20Permit(_name) {
        stargate = msg.sender;
        tokenDecimals = _decimals;
    }

    /// @notice Mint new LP tokens and transfer them to an account.
    /// @param _to The account to send the newly minted tokens to
    /// @param _amount How many tokens to mint
    function mint(address _to, uint256 _amount) external onlyStargate {
        _mint(_to, _amount);
    }

    /// @notice Burn tokens currently owned by an account.
    /// @param _from The account to burn the tokens from
    /// @param _amount How many tokens to burn
    function burnFrom(address _from, uint256 _amount) external onlyStargate {
        _burn(_from, _amount);
    }

    /// @notice How many decimals are used by this token.
    /// @return The amount of decimals
    function decimals() public view override returns (uint8) {
        return tokenDecimals;
    }
}

File 158 of 159 : OFTTokenERC20.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import { IERC20Minter } from "../interfaces/IERC20Minter.sol";
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

/// @title A contract representing an ERC20 that can be minted and burned by a minter.
contract OFTTokenERC20 is Ownable, ERC20, IERC20Minter {
    mapping(address addr => bool canMint) public minters;
    uint8 internal _decimals;

    event MinterAdded(address indexed minter);
    event MinterRemoved(address indexed minter);

    error OnlyMinter(address caller);

    modifier onlyMinter() {
        if (!minters[msg.sender]) revert OnlyMinter(msg.sender);
        _;
    }

    constructor(string memory name_, string memory symbol_, uint8 decimals_) ERC20(name_, symbol_) {
        _decimals = decimals_;
    }

    /**
     * @dev Add a new minter.
     */
    function addMinter(address _minter) public onlyOwner {
        minters[_minter] = true;
        emit MinterAdded(_minter);
    }

    /**
     * @dev Remove a minter.
     */
    function removeMinter(address _minter) public onlyOwner {
        minters[_minter] = false;
        emit MinterRemoved(_minter);
    }

    /**
     * @dev See {ERC20-_mint}.
     *
     * Requirements:
     *
     * - the caller must be the {Minter}.
     */
    function mint(address _account, uint256 _amount) public onlyMinter {
        _mint(_account, _amount);
    }

    /**
     * @dev Destroys a `value` amount of tokens from `account`, deducting from
     * the caller's allowance.
     *
     * See {ERC20-_burn} and {ERC20-allowance}.
     *
     * Requirements:
     *
     * - the caller must have allowance for `_accounts`'s tokens of at least
     * `value`.
     * - the caller must be the {Minter}.
     */
    function burnFrom(address _account, uint256 _value) public onlyMinter {
        _spendAllowance(_account, msg.sender, _value);
        _burn(_account, _value);
    }

    /**
     * @dev See {ERC20-decimals}.
     */
    function decimals() public view override returns (uint8) {
        return _decimals;
    }
}

File 159 of 159 : OFTTokenERC20Upgradeable.sol
// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.0;

import { ERC20Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import { IERC20Minter } from "../interfaces/IERC20Minter.sol";

/// @title A contract representing an ERC20Upgradeable that can be minted and burned by a minter.
contract OFTTokenERC20Upgradeable is OwnableUpgradeable, ERC20Upgradeable, IERC20Minter {
    mapping(address addr => bool canMint) public minters;
    uint8 internal _decimals;

    event MinterAdded(address indexed minter);
    event MinterRemoved(address indexed minter);

    error OnlyMinter(address caller);

    modifier onlyMinter() {
        if (!minters[msg.sender]) revert OnlyMinter(msg.sender);
        _;
    }

    function initialize(string memory name_, string memory symbol_, uint8 decimals_) public initializer {
        __Ownable_init();
        __ERC20_init(name_, symbol_);
        _decimals = decimals_;
    }

    /**
     * @dev Add a new minter.
     */
    function addMinter(address _minter) public onlyOwner {
        minters[_minter] = true;
        emit MinterAdded(_minter);
    }

    /**
     * @dev Remove a minter.
     */
    function removeMinter(address _minter) public onlyOwner {
        minters[_minter] = false;
        emit MinterRemoved(_minter);
    }

    /**
     * @dev See {ERC20-_mint}.
     *
     * Requirements:
     *
     * - the caller must be the {Minter}.
     */
    function mint(address _account, uint256 _amount) public onlyMinter {
        _mint(_account, _amount);
    }

    /**
     * @dev Destroys a `value` amount of tokens from `account`, deducting from
     * the caller's allowance.
     *
     * See {ERC20-_burn} and {ERC20-allowance}.
     *
     * Requirements:
     *
     * - the caller must have allowance for `_accounts`'s tokens of at least
     * `value`.
     * - the caller must be the {Minter}.
     */
    function burnFrom(address _account, uint256 _value) public onlyMinter {
        _spendAllowance(_account, msg.sender, _value);
        _burn(_account, _value);
    }

    /**
     * @dev See {ERC20-decimals}.
     */
    function decimals() public view override returns (uint8) {
        return _decimals;
    }
}

Settings
{
  "optimizer": {
    "enabled": true,
    "runs": 5000
  },
  "evmVersion": "paris",
  "outputSelection": {
    "*": {
      "*": [
        "evm.bytecode",
        "evm.deployedBytecode",
        "abi"
      ]
    }
  },
  "metadata": {
    "useLiteralContent": true
  }
}

Contract Security Audit

Contract ABI

[{"inputs":[{"internalType":"address","name":"implementationContract","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"previousAdmin","type":"address"},{"indexed":false,"internalType":"address","name":"newAdmin","type":"address"}],"name":"AdminChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"implementation","type":"address"}],"name":"Upgraded","type":"event"},{"stateMutability":"payable","type":"fallback"},{"inputs":[],"name":"admin","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newAdmin","type":"address"}],"name":"changeAdmin","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"implementation","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newImplementation","type":"address"}],"name":"upgradeTo","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newImplementation","type":"address"},{"internalType":"bytes","name":"data","type":"bytes"}],"name":"upgradeToAndCall","outputs":[],"stateMutability":"payable","type":"function"}]

608060405234801561001057600080fd5b506040516108b23803806108b283398101604081905261002f9161010f565b808061003a8161006a565b50610063337f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b55565b505061013f565b6001600160a01b0381163b6100eb5760405162461bcd60e51b815260206004820152603b60248201527f43616e6e6f742073657420612070726f787920696d706c656d656e746174696f60448201527f6e20746f2061206e6f6e2d636f6e747261637420616464726573730000000000606482015260840160405180910390fd5b7f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c355565b60006020828403121561012157600080fd5b81516001600160a01b038116811461013857600080fd5b9392505050565b6107648061014e6000396000f3fe60806040526004361061005a5760003560e01c80635c60da1b116100435780635c60da1b146100975780638f283970146100d5578063f851a440146100f55761005a565b80633659cfe6146100645780634f1ef28614610084575b61006261010a565b005b34801561007057600080fd5b5061006261007f366004610679565b610144565b61006261009236600461069b565b610196565b3480156100a357600080fd5b506100ac61026a565b60405173ffffffffffffffffffffffffffffffffffffffff909116815260200160405180910390f35b3480156100e157600080fd5b506100626100f0366004610679565b610299565b34801561010157600080fd5b506100ac61041f565b610112610449565b61014261013d7f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c35490565b61050f565b565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff16330361018e5761018b81610533565b50565b61018b61010a565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff16330361025d576101dd83610533565b60003073ffffffffffffffffffffffffffffffffffffffff1634848460405161020792919061071e565b60006040518083038185875af1925050503d8060008114610244576040519150601f19603f3d011682016040523d82523d6000602084013e610249565b606091505b505090508061025757600080fd5b50505050565b61026561010a565b505050565b60006102947f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c35490565b905090565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff16330361018e5773ffffffffffffffffffffffffffffffffffffffff811661037f576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603660248201527f43616e6e6f74206368616e6765207468652061646d696e206f6620612070726f60448201527f787920746f20746865207a65726f20616464726573730000000000000000000060648201526084015b60405180910390fd5b7f7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f6103c87f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5490565b6040805173ffffffffffffffffffffffffffffffffffffffff928316815291841660208301520160405180910390a161018b817f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b55565b60006102947f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5490565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff163303610142576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603260248201527f43616e6e6f742063616c6c2066616c6c6261636b2066756e6374696f6e20667260448201527f6f6d207468652070726f78792061646d696e00000000000000000000000000006064820152608401610376565b3660008037600080366000845af43d6000803e80801561052e573d6000f35b3d6000fd5b61053c81610588565b60405173ffffffffffffffffffffffffffffffffffffffff821681527fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b9060200160405180910390a150565b73ffffffffffffffffffffffffffffffffffffffff81163b61062c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603b60248201527f43616e6e6f742073657420612070726f787920696d706c656d656e746174696f60448201527f6e20746f2061206e6f6e2d636f6e7472616374206164647265737300000000006064820152608401610376565b7f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c355565b803573ffffffffffffffffffffffffffffffffffffffff8116811461067457600080fd5b919050565b60006020828403121561068b57600080fd5b61069482610650565b9392505050565b6000806000604084860312156106b057600080fd5b6106b984610650565b9250602084013567ffffffffffffffff808211156106d657600080fd5b818601915086601f8301126106ea57600080fd5b8135818111156106f957600080fd5b87602082850101111561070b57600080fd5b6020830194508093505050509250925092565b818382376000910190815291905056fea2646970667358221220c9208272db2b2c6addcebc09de39c66fd16b9752977f1672a2c76536f65a7d2964736f6c63430008160033000000000000000000000000fbda5f676cb37624f28265a144a48b0d6e87d3b6

Deployed Bytecode

0x60806040526004361061005a5760003560e01c80635c60da1b116100435780635c60da1b146100975780638f283970146100d5578063f851a440146100f55761005a565b80633659cfe6146100645780634f1ef28614610084575b61006261010a565b005b34801561007057600080fd5b5061006261007f366004610679565b610144565b61006261009236600461069b565b610196565b3480156100a357600080fd5b506100ac61026a565b60405173ffffffffffffffffffffffffffffffffffffffff909116815260200160405180910390f35b3480156100e157600080fd5b506100626100f0366004610679565b610299565b34801561010157600080fd5b506100ac61041f565b610112610449565b61014261013d7f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c35490565b61050f565b565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff16330361018e5761018b81610533565b50565b61018b61010a565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff16330361025d576101dd83610533565b60003073ffffffffffffffffffffffffffffffffffffffff1634848460405161020792919061071e565b60006040518083038185875af1925050503d8060008114610244576040519150601f19603f3d011682016040523d82523d6000602084013e610249565b606091505b505090508061025757600080fd5b50505050565b61026561010a565b505050565b60006102947f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c35490565b905090565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff16330361018e5773ffffffffffffffffffffffffffffffffffffffff811661037f576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603660248201527f43616e6e6f74206368616e6765207468652061646d696e206f6620612070726f60448201527f787920746f20746865207a65726f20616464726573730000000000000000000060648201526084015b60405180910390fd5b7f7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f6103c87f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5490565b6040805173ffffffffffffffffffffffffffffffffffffffff928316815291841660208301520160405180910390a161018b817f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b55565b60006102947f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5490565b7f10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b5473ffffffffffffffffffffffffffffffffffffffff163303610142576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603260248201527f43616e6e6f742063616c6c2066616c6c6261636b2066756e6374696f6e20667260448201527f6f6d207468652070726f78792061646d696e00000000000000000000000000006064820152608401610376565b3660008037600080366000845af43d6000803e80801561052e573d6000f35b3d6000fd5b61053c81610588565b60405173ffffffffffffffffffffffffffffffffffffffff821681527fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b9060200160405180910390a150565b73ffffffffffffffffffffffffffffffffffffffff81163b61062c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603b60248201527f43616e6e6f742073657420612070726f787920696d706c656d656e746174696f60448201527f6e20746f2061206e6f6e2d636f6e7472616374206164647265737300000000006064820152608401610376565b7f7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c355565b803573ffffffffffffffffffffffffffffffffffffffff8116811461067457600080fd5b919050565b60006020828403121561068b57600080fd5b61069482610650565b9392505050565b6000806000604084860312156106b057600080fd5b6106b984610650565b9250602084013567ffffffffffffffff808211156106d657600080fd5b818601915086601f8301126106ea57600080fd5b8135818111156106f957600080fd5b87602082850101111561070b57600080fd5b6020830194508093505050509250925092565b818382376000910190815291905056fea2646970667358221220c9208272db2b2c6addcebc09de39c66fd16b9752977f1672a2c76536f65a7d2964736f6c63430008160033

Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)

000000000000000000000000fbda5f676cb37624f28265a144a48b0d6e87d3b6

-----Decoded View---------------
Arg [0] : implementationContract (address): 0xFbDa5F676cB37624f28265A144A48B0d6e87d3b6

-----Encoded View---------------
1 Constructor Arguments found :
Arg [0] : 000000000000000000000000fbda5f676cb37624f28265a144a48b0d6e87d3b6


Deployed Bytecode Sourcemap

908:155:137:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;1360:11:127;:9;:11::i;:::-;908:155:137;3504:109:126;;;;;;;;;;-1:-1:-1;3504:109:126;;;;;:::i;:::-;;:::i;4157:378::-;;;;;;:::i;:::-;;:::i;2783:99::-;;;;;;;;;;;;;:::i;:::-;;;1252:42:159;1240:55;;;1222:74;;1210:2;1195:18;2783:99:126;;;;;;;3070:238;;;;;;;;;;-1:-1:-1;3070:238:126;;;;;:::i;:::-;;:::i;2630:81::-;;;;;;;;;;;;;:::i;3074:100:127:-;3114:15;:13;:15::i;:::-;3139:28;3149:17;1806:66:128;2484:11;;2326:185;3149:17:127;3139:9;:28::i;:::-;3074:100::o;3504:109:126:-;1772:66;4722:11;2073:22;;:10;:22;2069:96;;3577:29:::1;3588:17;3577:10;:29::i;:::-;3504:109:::0;:::o;2069:96::-;2143:11;:9;:11::i;4157:378::-;1772:66;4722:11;2073:22;;:10;:22;2069:96;;4266:29:::1;4277:17;4266:10;:29::i;:::-;4392:12;4417:4;4409:18;;4435:9;4446:4;;4409:42;;;;;;;:::i;:::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4391:60;;;4520:7;4512:16;;;::::0;::::1;;4256:279;4157:378:::0;;;:::o;2069:96::-;2143:11;:9;:11::i;:::-;4157:378;;;:::o;2783:99::-;2832:7;2858:17;1806:66:128;2484:11;;2326:185;2858:17:126;2851:24;;2783:99;:::o;3070:238::-;1772:66;4722:11;2073:22;;:10;:22;2069:96;;3144:22:::1;::::0;::::1;3136:89;;;::::0;::::1;::::0;;1785:2:159;3136:89:126::1;::::0;::::1;1767:21:159::0;1824:2;1804:18;;;1797:30;1863:34;1843:18;;;1836:62;1934:24;1914:18;;;1907:52;1976:19;;3136:89:126::1;;;;;;;;;3240:32;3253:8;1772:66:::0;4722:11;;4592:157;3253:8:::1;3240:32;::::0;;2190:42:159;2259:15;;;2241:34;;2311:15;;;2306:2;2291:18;;2284:43;2153:18;3240:32:126::1;;;;;;;3282:19;3292:8;1772:66:::0;4990:22;4875:153;2630:81;2670:7;2696:8;1772:66;4722:11;;4592:157;5111:176;1772:66;4722:11;5172:22;;:10;:22;5164:85;;;;;;;2540:2:159;5164:85:126;;;2522:21:159;2579:2;2559:18;;;2552:30;2618:34;2598:18;;;2591:62;2689:20;2669:18;;;2662:48;2727:19;;5164:85:126;2338:414:159;1817:887:127;2147:14;2144:1;2141;2128:34;2361:1;2358;2342:14;2339:1;2323:14;2316:5;2303:60;2437:16;2434:1;2431;2416:38;2475:6;2542:66;;;;2657:16;2654:1;2647:27;2542:66;2577:16;2574:1;2567:27;2656:152:128;2722:37;2741:17;2722:18;:37::i;:::-;2774:27;;1252:42:159;1240:55;;1222:74;;2774:27:128;;1210:2:159;1195:18;2774:27:128;;;;;;;2656:152;:::o;2955:308::-;1702:19:47;;;;3028:109:128;;;;;;;2959:2:159;3028:109:128;;;2941:21:159;2998:2;2978:18;;;2971:30;3037:34;3017:18;;;3010:62;3108:29;3088:18;;;3081:57;3155:19;;3028:109:128;2757:423:159;3028:109:128;1806:66;3216:31;2955:308::o;14:196:159:-;82:20;;142:42;131:54;;121:65;;111:93;;200:1;197;190:12;111:93;14:196;;;:::o;215:186::-;274:6;327:2;315:9;306:7;302:23;298:32;295:52;;;343:1;340;333:12;295:52;366:29;385:9;366:29;:::i;:::-;356:39;215:186;-1:-1:-1;;;215:186:159:o;406:665::-;485:6;493;501;554:2;542:9;533:7;529:23;525:32;522:52;;;570:1;567;560:12;522:52;593:29;612:9;593:29;:::i;:::-;583:39;;673:2;662:9;658:18;645:32;696:18;737:2;729:6;726:14;723:34;;;753:1;750;743:12;723:34;791:6;780:9;776:22;766:32;;836:7;829:4;825:2;821:13;817:27;807:55;;858:1;855;848:12;807:55;898:2;885:16;924:2;916:6;913:14;910:34;;;940:1;937;930:12;910:34;985:7;980:2;971:6;967:2;963:15;959:24;956:37;953:57;;;1006:1;1003;996:12;953:57;1037:2;1033;1029:11;1019:21;;1059:6;1049:16;;;;;406:665;;;;;:::o;1307:271::-;1490:6;1482;1477:3;1464:33;1446:3;1516:16;;1541:13;;;1516:16;1307:271;-1:-1:-1;1307:271:159:o

Swarm Source

ipfs://c9208272db2b2c6addcebc09de39c66fd16b9752977f1672a2c76536f65a7d29
[ Download: CSV Export  ]
[ Download: CSV Export  ]

A token is a representation of an on-chain or off-chain asset. The token page shows information such as price, total supply, holders, transfers and social links. Learn more about this page in our Knowledge Base.