Forkchoice Ethereum Mainnet

/**SPDX-License-Identifier: BUSL-1.1

      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐

 */

pragma solidity 0.8.16;

import "contracts/globalMarkets/tokenManager/issuanceHours/IIssuanceHours.sol";
import "contracts/xManager/interfaces/IOndoIDRegistry.sol";
import "contracts/xManager/interfaces/IOndoRateLimiter.sol";
import "contracts/interfaces/IRWALike.sol";
import "contracts/globalMarkets/tokenManager/IGMTokenManagerErrors.sol";
import "contracts/globalMarkets/tokenManager/IGMTokenManagerEvents.sol";
import "contracts/external/openzeppelin/contracts/access/AccessControlEnumerable.sol";
import "contracts/external/openzeppelin/contracts/security/ReentrancyGuard.sol";
import "contracts/external/openzeppelin/contracts/token/SafeERC20.sol";
import "contracts/external/openzeppelin/contracts/utils/cryptography/EIP712.sol";
import "contracts/external/openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "contracts/globalMarkets/tokenManager/IGMTokenManager.sol";
import "contracts/globalMarkets/tokenManager/sanityCheckOracle/IOndoSanityCheckOracle.sol";
import "contracts/globalMarkets/USDonManager/IUSDonManager.sol";

/**
 * @title  GMTokenManager
 * @author Ondo Finance
 * @notice Contract for managing tokenized equity assets
 * @notice The GMTokenManager contract contains the core logic for processing minting
 *         and redemptions of GM tokens.
 *         The responsibilities of this contract are:
 *          - Verifying attestation signatures
 *          - Calculating the amount of GM tokens and USDon to mint and burn
 *            based on the quote attestation that was received
 *          - Performing appropriate sanity checks on the quote attestation
 *          - Enforcing the minimum deposit and redemption amounts and ensuring the
 *            quote price is in line with the rough oracle price
 *          - Ensuring users are registered with the OndoIDRegistry
 *          - Checking user-specific and global rate limits
 */
contract GMTokenManager is
  EIP712,
  IGMTokenManager,
  IGMTokenManagerEvents,
  IGMTokenManagerErrors,
  ReentrancyGuard,
  AccessControlEnumerable
{
  using SafeERC20 for IERC20;

  /// The identifier address used in OndoIDRegistry to validate KYC for all GM token issuance
  address public gmIdentifier =
    address(uint160(uint256(keccak256(abi.encodePacked("global_markets")))));

  /// Role for signing attestations
  bytes32 public constant ATTESTATION_SIGNER_ROLE =
    keccak256("ATTESTATION_SIGNER_ROLE");

  /// Type hash for EIP-712 quote signatures
  bytes32 public constant QUOTE_TYPEHASH =
    keccak256(
      "Quote(uint256 chainId,uint256 attestationId,bytes32 userId,address asset,uint256 price,uint256 quantity,uint256 expiration,uint8 side,bytes32 additionalData)"
    );

  /// Mapping of attestation IDs to whether they have been redeemed
  mapping(uint256 => bool) public executedAttestationIds;

  /// Monotonically increasing ID for each execution of a quote
  uint256 public executionId = 0;

  /// The decimals normalizer for the GM token
  uint256 public constant GM_NORMALIZER = 1e18;

  /// Role to configure the contract
  bytes32 public constant CONFIGURER_ROLE = keccak256("CONFIGURER_ROLE");

  /// Role to pause minting and redemptions
  bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");

  /// Role to unpause functionality
  bytes32 public constant UNPAUSER_ROLE = keccak256("UNPAUSER_ROLE");

  /// Role to manually service a mint of GM tokens
  bytes32 public constant ADMIN_MINT_ROLE = keccak256("ADMIN_MINT_ROLE");

  /// The token that can be used to subscribe to a GM token and can be received when redeeming a GM token
  address public immutable usdon;

  /// The address of the USDon manager used for swapping with other tokens
  IUSDonManager public usdonManager;

  /**
   * @notice Minimum USD amount required to subscribe to a GM token, denoted in USD with 18
   *         decimals.
   */
  uint256 public minimumDepositUSD;

  /**
   * @notice Minimum USD amount required to perform an GM token redemption to be allowed,
   *         denoted in USD with 18 decimals
   */
  uint256 public minimumRedemptionUSD;

  /// Whether mints are paused for this contract
  bool public globalMintingPaused;

  /// Whether redemptions are paused for this contract
  bool public globalRedeemingPaused;

  /// Whether mints are paused for a specific gm asset
  mapping(address => bool) public gmTokenMintingPaused;

  /// Whether redemptions are paused for a specific gm asset
  mapping(address => bool) public gmTokenRedemptionsPaused;

  /// The `OndoIDRegistry` contract address
  IOndoIDRegistry public ondoIDRegistry;

  /// The `OndoRateLimiter` contract address
  IOndoRateLimiter public ondoRateLimiter;

  /// The `IssuanceHours` contract for managing market hours
  IIssuanceHours public issuanceHours;

  /// The `OndoSanityCheckOracle` contract for validating the price of the GM token
  IOndoSanityCheckOracle public sanityCheckOracle;

  /// Map of all GM tokens that are accepted for minting and redemptions
  mapping(address => bool) public gmTokenAccepted;

  /**
   * @param _defaultAdmin         The default admin role for the contract
   * @param _usdon                The address of the USDon token used for minting and redemptions
   * @param _minimumDepositUSD    The minimum subscription amount, denoted in USD with 18 decimals
   * @param _minimumRedemptionUSD The minimum redemption amount, denoted in USD with 18 decimals
   */
  constructor(
    address _defaultAdmin,
    address _usdon,
    uint256 _minimumDepositUSD,
    uint256 _minimumRedemptionUSD
  ) EIP712("OndoGMTokenManager", "1") {
    if (_usdon == address(0)) revert USDonAddressCantBeZero();
    usdon = _usdon;
    minimumDepositUSD = _minimumDepositUSD;
    minimumRedemptionUSD = _minimumRedemptionUSD;
    _grantRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
  }

  /**
   * @notice Called by users to mint GM tokens with a quote attestation using USDon
   * @param  quote              The quote to mint GM tokens with
   * @param  signature          The signature of the quote attestation
   * @param  depositToken       The token the user would like to deposit in return for GM Tokens.
   *                            If not USDon, this will be reliant on the ability to swap for USDon in the USDonManager
   * @param  depositTokenAmount The amount of depositToken the user wishes to spend to purchase USDon atomically in the transaction
   * @return The amount of GM tokens minted to the user
   * @dev    If the deposit token is not USDon and the depositTokenAmount is not enough to swap for USDon
   *         worth quantity * price as specified in the quote, the transaction will fail as the `mintUSDonValue`
   *         is passed in to the minimum RWA received field in `subscribe`.
   */
  function mintWithAttestation(
    Quote calldata quote,
    bytes memory signature,
    address depositToken,
    uint256 depositTokenAmount
  )
    public
    override
    nonReentrant
    whenMintingNotPaused(quote.asset)
    returns (uint256)
  {
    if (depositToken == address(0)) revert TokenAddressCantBeZero();
    if (quote.side != QuoteSide.BUY) revert InvalidQuoteSide();

    bytes32 userId = ondoIDRegistry.getRegisteredID(gmIdentifier, _msgSender());
    if (userId == bytes32(0)) revert UserNotRegistered();

    _verifyQuote(quote, signature, userId);
    executedAttestationIds[quote.attestationId] = true;

    // USD values are normalized to 18 decimals
    uint256 mintUSDonValue = (quote.quantity * quote.price) / GM_NORMALIZER;
    if (mintUSDonValue < minimumDepositUSD) revert DepositAmountTooSmall();

    ondoRateLimiter.checkAndUpdateRateLimit(
      IOndoRateLimiter.TransactionType.SUBSCRIPTION,
      quote.asset,
      userId,
      mintUSDonValue
    );

    // Transfer usdon into the contract
    if (depositToken == address(usdon)) {
      IERC20(usdon).safeTransferFrom(
        _msgSender(),
        address(this),
        mintUSDonValue
      );
    } else {
      if (address(usdonManager) == address(0)) revert USDonManagerNotEnabled();
      IERC20(depositToken).safeTransferFrom(
        _msgSender(),
        address(this),
        depositTokenAmount
      );
      IERC20(depositToken).forceApprove(
        address(usdonManager),
        depositTokenAmount
      );
      uint256 receivedOnUsd = usdonManager.subscribe(
        depositToken,
        depositTokenAmount,
        mintUSDonValue
      );

      // If the deposit token is not USDon, we need to refund the user if they sent more than
      // the required amount of USDon to mint the GM tokens
      uint256 refund = receivedOnUsd - mintUSDonValue;
      if (refund > 0) {
        IERC20(usdon).safeTransfer(_msgSender(), refund);
      }
    }

    IRWALike(usdon).burn(mintUSDonValue);

    // actually mint the token to the user
    IRWALike(quote.asset).mint(_msgSender(), quote.quantity);

    _emitTradeExecuted(quote);

    return quote.quantity;
  }

  /**
   * @notice Called by users to redeem GM tokens for USDon
   * @param  quote                The quote to redeem GM tokens with
   * @param  signature            The signature of the quote attestation
   * @param  receiveToken         The token the user would like to receive. If it is not USDon,
   *                              transaction success will depend on liquidity in USDonManager
   * @param  minimumReceiveAmount The minimum amount of tokens the user would like to receive
   *                              - ONLY applicable if the user requests a non-USDon token
   * @return The amount of USDon minted
   */
  function redeemWithAttestation(
    Quote calldata quote,
    bytes memory signature,
    address receiveToken,
    uint256 minimumReceiveAmount
  )
    public
    override
    nonReentrant
    whenRedeemNotPaused(quote.asset)
    returns (uint256)
  {
    if (receiveToken == address(0)) revert TokenAddressCantBeZero();
    if (quote.side != QuoteSide.SELL) revert InvalidQuoteSide();

    bytes32 userId = ondoIDRegistry.getRegisteredID(gmIdentifier, _msgSender());
    if (userId == bytes32(0)) revert UserNotRegistered();

    _verifyQuote(quote, signature, userId);
    executedAttestationIds[quote.attestationId] = true;

    // burn the GM tokens
    IERC20(quote.asset).safeTransferFrom(
      _msgSender(),
      address(this),
      quote.quantity
    );
    IRWALike(quote.asset).burn(quote.quantity);

    // USD values are normalized to 18 decimals
    uint256 redemptionUSDonValue = (quote.quantity * quote.price) /
      GM_NORMALIZER;

    if (redemptionUSDonValue < minimumRedemptionUSD)
      revert RedemptionAmountTooSmall();

    ondoRateLimiter.checkAndUpdateRateLimit(
      IOndoRateLimiter.TransactionType.REDEMPTION,
      quote.asset,
      userId,
      redemptionUSDonValue
    );

    // Mint USDon to the contract
    IRWALike(usdon).mint(address(this), redemptionUSDonValue);

    if (receiveToken == address(usdon)) {
      IERC20(usdon).safeTransfer(_msgSender(), redemptionUSDonValue);
    } else {
      if (address(usdonManager) == address(0)) revert USDonManagerNotEnabled();
      IERC20(usdon).approve(address(usdonManager), redemptionUSDonValue);
      uint256 receiveAmount = usdonManager.redeem(
        redemptionUSDonValue,
        receiveToken,
        minimumReceiveAmount
      );
      IERC20(receiveToken).safeTransfer(_msgSender(), receiveAmount);
    }

    _emitTradeExecuted(quote);

    return redemptionUSDonValue;
  }

  /**
   * @notice Verifies the signature of the quote
   * @param  quote     The quote to verify
   * @param  signature The signature to verify
   * @param  userId    The user ID of the user executing the quote
   */
  function _verifyQuote(
    Quote calldata quote,
    bytes memory signature,
    bytes32 userId
  ) internal {
    // Ensure the attestation isn't being reused
    if (executedAttestationIds[quote.attestationId])
      revert AttestationAlreadyExecuted();

    if (block.timestamp > quote.expiration) revert AttestationExpired();

    if (userId != quote.userId) revert UserIdMismatch(userId, quote.userId);

    issuanceHours.checkIsValidHours();

    sanityCheckOracle.validatePrice(quote.asset, quote.price);

    if (gmTokenAccepted[quote.asset] == false) revert GMTokenNotRegistered();

    if (quote.chainId != block.chainid) revert InvalidChainId();

    bytes32 digest = _hashTypedDataV4(
      keccak256(
        abi.encode(
          QUOTE_TYPEHASH,
          quote.chainId,
          quote.attestationId,
          quote.userId,
          quote.asset,
          quote.price,
          quote.quantity,
          quote.expiration,
          quote.side,
          quote.additionalData
        )
      )
    );

    address signer = ECDSA.recover(digest, signature);
    if (!hasRole(ATTESTATION_SIGNER_ROLE, signer))
      revert InvalidAttestationSigner();
  }

  /**
   * @notice Emits a `TradeExecuted` event and increments the `executionId`
   * @param  quote The quote to emit the event for
   * @dev    The only purpose of this is to prevent stack too deep errors from unpacking the large struct.
   *         Increments executionId before emitting to provide a unique ID for each trade.
   */
  function _emitTradeExecuted(Quote calldata quote) internal {
    emit TradeExecuted(
      ++executionId,
      quote.attestationId,
      quote.chainId,
      quote.userId,
      quote.side,
      quote.asset,
      quote.price,
      quote.quantity,
      quote.expiration,
      quote.additionalData
    );
  }

  /**
   * @notice Admin function to service a subscription whose corresponding deposit been made outside
   *         of this contracts system.
   * @param  gmToken       The address of the GM token to mint
   * @param  recipient     The address to send the GM tokens to
   * @param  gmTokenAmount The amount of GM tokens to mint and/or transfer
   * @param  metadata      Additional metadata to emit with the subscription
   */
  function adminProcessMint(
    address gmToken,
    address recipient,
    uint256 gmTokenAmount,
    bytes32 metadata
  ) external whenMintingNotPaused(gmToken) onlyRole(ADMIN_MINT_ROLE) {
    if (!gmTokenAccepted[gmToken]) revert GMTokenNotRegistered();

    bytes32 userId = ondoIDRegistry.getRegisteredID(gmIdentifier, recipient);
    if (userId == bytes32(0)) revert UserNotRegistered();

    // Actually mint the token to the user
    IRWALike(gmToken).mint(recipient, gmTokenAmount);

    emit AdminMint(recipient, userId, gmToken, gmTokenAmount, metadata);
  }

  /**
   * @notice Sets the `IssuanceHours` contract
   * @param  _issuanceHours The `IssuanceHours` contract address
   */
  function setIssuanceHours(
    address _issuanceHours
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    if (_issuanceHours == address(0)) revert IssuanceHoursAddressCantBeZero();
    emit IssuanceHoursSet(address(issuanceHours), _issuanceHours);
    issuanceHours = IIssuanceHours(_issuanceHours);
  }

  /**
   * @notice Sets the `OndoSanityCheckOracle` contract
   * @param  _sanityCheckOracle The new `OndoSanityCheckOracle` contract address
   */
  function setSanityCheckOracle(
    address _sanityCheckOracle
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    if (_sanityCheckOracle == address(0))
      revert SanityCheckOracleAddressCantBeZero();
    emit OndoSanityCheckOracleSet(
      address(sanityCheckOracle),
      _sanityCheckOracle
    );
    sanityCheckOracle = IOndoSanityCheckOracle(_sanityCheckOracle);
  }

  /**
   * @notice Sets the `OndoIDRegistry` contract
   * @param  _ondoIDRegistry The `OndoIDRegistry` contract address
   */
  function setOndoIDRegistry(
    address _ondoIDRegistry
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    if (_ondoIDRegistry == address(0)) revert IDRegistryAddressCantBeZero();
    emit OndoIDRegistrySet(address(ondoIDRegistry), _ondoIDRegistry);
    ondoIDRegistry = IOndoIDRegistry(_ondoIDRegistry);
    // Ensure that the `OndoIDRegistry` interface is supported
    ondoIDRegistry.getRegisteredID(gmIdentifier, address(this));
  }

  /**
   * @notice Sets the `OndoRateLimiter` contract
   * @param  _ondoRateLimiter The `OndoRateLimiter` contract address
   */
  function setOndoRateLimiter(
    address _ondoRateLimiter
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    if (_ondoRateLimiter == address(0)) revert RateLimiterAddressCantBeZero();
    emit OndoRateLimiterSet(address(ondoRateLimiter), _ondoRateLimiter);
    ondoRateLimiter = IOndoRateLimiter(_ondoRateLimiter);
  }

  /**
   * @notice Sets the `USDonManager` contract
   * @param  _usdonManager The `USDonManager` contract address
   */
  function setUSDonManager(
    address _usdonManager
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    emit USDonManagerSet(address(usdonManager), _usdonManager);
    usdonManager = IUSDonManager(_usdonManager);
  }

  /**
   * @notice Sets whether a token is accepted for mints and redemptions on this contract
   * @param  token    The address of the token
   * @param  accepted Whether the token is accepted for mints and redemptions
   */
  function setGMTokenRegistrationStatus(
    address token,
    bool accepted
  ) external onlyRole(CONFIGURER_ROLE) {
    if (token == address(0)) revert TokenAddressCantBeZero();
    gmTokenAccepted[token] = accepted;
    emit GMTokenRegistered(token, accepted);
  }

  /**
   * @notice Sets the minimum amount required for a subscription
   * @param  _minimumDepositUSD The minimum amount required to subscribe, denoted in
   *                            USD with 18 decimals
   */
  function setMinimumDepositAmount(
    uint256 _minimumDepositUSD
  ) external onlyRole(CONFIGURER_ROLE) {
    emit MinimumDepositAmountSet(minimumDepositUSD, _minimumDepositUSD);
    minimumDepositUSD = _minimumDepositUSD;
  }

  /**
   * @notice Sets the minimum amount to redeem
   * @param  _minimumRedemptionUSD The minimum amount required to redeem,
   *                               denoted in USD with 18.
   */
  function setMinimumRedemptionAmount(
    uint256 _minimumRedemptionUSD
  ) external onlyRole(CONFIGURER_ROLE) {
    emit MinimumRedemptionAmountSet(
      minimumRedemptionUSD,
      _minimumRedemptionUSD
    );
    minimumRedemptionUSD = _minimumRedemptionUSD;
  }

  /**
   * @notice Rescue and transfer tokens locked in this contract
   * @param  token  The address of the token
   * @param  to     The address of the recipient
   * @param  amount The amount of token to transfer
   */
  function retrieveTokens(
    address token,
    address to,
    uint256 amount
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    IERC20(token).safeTransfer(to, amount);
  }

  /**
   * @notice Returns the domain separator for EIP712
   * @return The domain separator
   */
  function getDomainSeparator() public view returns (bytes32) {
    return _domainSeparatorV4();
  }

  /*//////////////////////////////////////////////////////////////
                          Pause/Unpause
  //////////////////////////////////////////////////////////////*/

  /**
   * @notice Globally pause the minting functionality
   */
  function pauseGlobalMints() external onlyRole(PAUSER_ROLE) {
    globalMintingPaused = true;
    emit GlobalMintingPaused();
  }

  /**
   * @notice Globally unpause the minting functionality
   */
  function unpauseGlobalMints() external onlyRole(UNPAUSER_ROLE) {
    globalMintingPaused = false;
    emit GlobalMintingUnpaused();
  }

  /**
   * @notice Globally pause the redeem functionality
   */
  function pauseGlobalRedeems() external onlyRole(PAUSER_ROLE) {
    globalRedeemingPaused = true;
    emit GlobalRedeemingPaused();
  }

  /**
   * @notice Globally unpause the redeem functionality
   */
  function unpauseGlobalRedeems() external onlyRole(UNPAUSER_ROLE) {
    globalRedeemingPaused = false;
    emit GlobalRedeemingUnpaused();
  }

  /**
   * @notice Pauses minting for a specific GM token
   * @param  gmToken The address of the GM token
   */
  function pauseGMTokenMints(address gmToken) external onlyRole(PAUSER_ROLE) {
    gmTokenMintingPaused[gmToken] = true;
    emit GMTokenMintingPaused(gmToken);
  }

  /**
   * @notice Unpauses minting for a specific GM token
   * @param  gmToken The address of the GM token
   */
  function unpauseGMTokenMints(
    address gmToken
  ) external onlyRole(UNPAUSER_ROLE) {
    gmTokenMintingPaused[gmToken] = false;
    emit GMTokenMintingUnpaused(gmToken);
  }

  /**
   * @notice Pauses redemption for a specific GM token
   * @param  gmToken The address of the GM token
   */
  function pauseGMTokenRedemptions(
    address gmToken
  ) external onlyRole(PAUSER_ROLE) {
    gmTokenRedemptionsPaused[gmToken] = true;
    emit GMTokenRedeemingPaused(gmToken);
  }

  /**
   * @notice Unpauses redemption for a specific GM token
   * @param  gmToken The address of the GM token
   */
  function unpauseGMTokenRedemptions(
    address gmToken
  ) external onlyRole(UNPAUSER_ROLE) {
    gmTokenRedemptionsPaused[gmToken] = false;
    emit GMTokenRedeemingUnpaused(gmToken);
  }

  /**
   * @notice Ensure that the subscribe functionality is not paused
   * @param  gmToken The address of the GM token to check
   * @dev    Reverts if either global minting or token-specific minting is paused
   */
  modifier whenMintingNotPaused(address gmToken) {
    if (globalMintingPaused) revert GlobalMintsPaused();
    if (gmTokenMintingPaused[gmToken]) revert GMTokenMintsPaused();
    _;
  }

  /**
   * @notice Ensure that the redeem functionality is not paused
   * @param  gmToken The address of the GM token to check
   * @dev    Reverts if either global redemptions or token-specific redemptions are paused
   */
  modifier whenRedeemNotPaused(address gmToken) {
    if (globalRedeemingPaused) revert GlobalRedemptionsPaused();
    if (gmTokenRedemptionsPaused[gmToken]) revert GMTokenRedemptionsPaused();
    _;
  }
}

// SPDX-License-Identifier: BUSL-1.1
/*
      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

/**
 * @title  IIssuanceHours
 * @author Ondo Finance
 * @notice Interface for checking if current time is within valid market hours
 */
interface IIssuanceHours {
  function checkIsValidHours() external;
}

// SPDX-License-Identifier: BUSL-1.1
/*
      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

interface IOndoIDRegistry {
  function getRegisteredID(
    address rwaToken,
    address user
  ) external view returns (bytes32 userID);
}

// SPDX-License-Identifier: MIT
/*
      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

interface IOndoRateLimiter {
  enum TransactionType {
    SUBSCRIPTION,
    REDEMPTION
  }

  function checkAndUpdateRateLimit(
    TransactionType transactionType,
    address rwaToken,
    bytes32 userID,
    uint256 usdValue
  ) external;
}

/**SPDX-License-Identifier: BUSL-1.1

      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

// This interface is not inherited directly by RWA, instead, it is a
// subset of functions provided by all RWA tokens that the RWA Hub
// Client uses.
import "contracts/external/openzeppelin/contracts/token/IERC20.sol";

interface IRWALike is IERC20 {
  function mint(address to, uint256 amount) external;

  function burn(uint256 amount) external;

  function burnFrom(address from, uint256 amount) external;
}

// SPDX-License-Identifier: BUSL-1.1
/*
      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

/**
 * @title  IGMTokenManagerErrors
 * @author Ondo Finance
 * @notice Isolated contract for all errors emitted by the GMTokenManager contract
 */
interface IGMTokenManagerErrors {
  /// Error emitted when the token address is zero
  error TokenAddressCantBeZero();

  /// Error emitted when the deposit amount is too small
  error DepositAmountTooSmall();

  /// Error emitted when the user is not registered with the ID registry
  error UserNotRegistered();

  /// Error emitted when the redemption amount is too small
  error RedemptionAmountTooSmall();

  /// Error emitted when attempting to set the `OndoIDRegistry` address to zero
  error IDRegistryAddressCantBeZero();

  /// Error emitted when attempting to set the `OndoRateLimiter` address to zero
  error RateLimiterAddressCantBeZero();

  /// Error emitted when the minting functionality is paused
  error GlobalMintsPaused();

  /// Error emitted when the redemption functionality is paused
  error GlobalRedemptionsPaused();

  /// Error emitted when the minting functionality is paused for a specific token
  error GMTokenMintsPaused();

  /// Error emitted when the redemption functionality is paused for a specific token
  error GMTokenRedemptionsPaused();

  /// Error emitted attempting to set the `OndoSanityCheckOracle` address to zero
  error SanityCheckOracleAddressCantBeZero();

  /// Custom error for expired attestations
  error AttestationExpired();

  /// Custom error for attestion signed by unverifid signer
  error InvalidAttestationSigner();

  /// Custom error for invalid chain ID
  error InvalidChainId();

  /// Custom error for invalid quote direction
  error InvalidQuoteSide();

  /// Custom error for user ID mismatch
  error UserIdMismatch(bytes32 expected, bytes32 actual);

  /// Custom error for already redeemed attestations
  error AttestationAlreadyExecuted();

  /// Error emitted when attempting to set the `IssuanceHours` address to zero
  error IssuanceHoursAddressCantBeZero();

  // Error emitted when attempting to use an USDon manager reliant function when the USDon manager is set to zero
  error USDonManagerNotEnabled();

  /// Error emitted when the GM Token is not registered for minting/redemption
  error GMTokenNotRegistered();

  /// Error emitted when attempting to set the `USDon` address to zero
  error USDonAddressCantBeZero();
}

// SPDX-License-Identifier: BUSL-1.1
/*
      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

/**
 * @title  IGMTokenManagerEvents
 * @author Ondo Finance
 * @notice Isolated contract for all events emitted by the GMTokenManager contract
 */
interface IGMTokenManagerEvents {
  /**
   * @notice Event emitted when an admin completes a mint for a recipient
   * @param  recipient    The address of the recipient that receives the RWA tokens
   * @param  recipientId  The user ID of the recipient
   * @param  rwaToken     The address of the RWA token being minted
   * @param  rwaAmount    The amount of RWA tokens minted in decimals of the RWA token
   * @param  metadata     Additional metadata to associate with the mint
   */
  event AdminMint(
    address indexed recipient,
    bytes32 indexed recipientId,
    address indexed rwaToken,
    uint256 rwaAmount,
    bytes32 metadata
  );

  /**
   * @notice Event emitted when the `OndoIDRegistry` contract is set
   * @param  oldOndoIDRegistry The old `OndoIDRegistry` contract address
   * @param  newOndoIDRegistry The new `OndoIDRegistry` contract address
   */
  event OndoIDRegistrySet(
    address indexed oldOndoIDRegistry,
    address indexed newOndoIDRegistry
  );

  /**
   * @notice Event emitted when the `OndoRateLimiter` contract is set
   * @param  oldOndoRateLimiter The old `OndoRateLimiter` contract address
   * @param  newOndoRateLimiter The new `OndoRateLimiter` contract address
   */
  event OndoRateLimiterSet(
    address indexed oldOndoRateLimiter,
    address indexed newOndoRateLimiter
  );

  /**
   * @notice Event emitted when subscription minimum is set
   * @param  oldMinDepositAmount Old subscription minimum
   * @param  newMinDepositAmount New subscription minimum
   */
  event MinimumDepositAmountSet(
    uint256 indexed oldMinDepositAmount,
    uint256 indexed newMinDepositAmount
  );

  /**
   * @notice Event emitted when redeem minimum is set
   * @param  oldMinRedemptionAmount Old redeem minimum
   * @param  newMinRedemptionAmount New redeem minimum
   */
  event MinimumRedemptionAmountSet(
    uint256 indexed oldMinRedemptionAmount,
    uint256 indexed newMinRedemptionAmount
  );

  /**
   * @notice Event emitted when the `OndoSanityCheckOracle` contract is set
   * @param  oldOndoSanityCheckOracle The old `OndoSanityCheckOracle` contract address
   * @param  newOndoSanityCheckOracle The new `OndoSanityCheckOracle` contract address
   */
  event OndoSanityCheckOracleSet(
    address indexed oldOndoSanityCheckOracle,
    address indexed newOndoSanityCheckOracle
  );

  /**
   * @notice Event emitted when the `IssuanceHours` contract is set
   * @param  oldIssuanceHours The old `IssuanceHours` contract address
   * @param  newIssuanceHours The new `IssuanceHours` contract address
   */
  event IssuanceHoursSet(
    address indexed oldIssuanceHours,
    address indexed newIssuanceHours
  );

  /**
   * @notice Event emitted when the `USDonManager` contract is set
   * @param  oldUSDonManager The old `USDonManager` contract address
   * @param  newUSDonManager The new `USDonManager` contract address
   */
  event USDonManagerSet(
    address indexed oldUSDonManager,
    address indexed newUSDonManager
  );

  /**
   * @notice Event emitted when the accepted GM token is set
   * @param  gmToken    The address of the GM token
   * @param  registered Whether the GM token is registered
   */
  event GMTokenRegistered(address indexed gmToken, bool indexed registered);

  /// Event emitted when minting functionality is paused
  event GlobalMintingPaused();

  /// Event emitted when minting functionality is unpaused
  event GlobalMintingUnpaused();

  /// Event emitted when redeem functionality is paused
  event GlobalRedeemingPaused();

  /// Event emitted when redeem functionality is unpaused
  event GlobalRedeemingUnpaused();

  /**
   * @notice Event emitted when minting is paused for a specific GM token
   * @param gmToken The address of the GM token
   */
  event GMTokenMintingPaused(address indexed gmToken);

  /**
   * @notice Event emitted when minting is unpaused for a specific GM token
   * @param gmToken The address of the GM token
   */
  event GMTokenMintingUnpaused(address indexed gmToken);

  /**
   * @notice Event emitted when redemption is paused for a specific GM token
   * @param gmToken The address of the GM token
   */
  event GMTokenRedeemingPaused(address indexed gmToken);

  /**
   * @notice Event emitted when redemption is unpaused for a specific GM token
   * @param gmToken The address of the GM token
   */
  event GMTokenRedeemingUnpaused(address indexed gmToken);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControlEnumerable.sol)

pragma solidity ^0.8.0;

import "contracts/external/openzeppelin/contracts/access/IAccessControlEnumerable.sol";
import "contracts/external/openzeppelin/contracts/access/AccessControl.sol";
import "contracts/external/openzeppelin/contracts/utils/EnumerableSet.sol";

/**
 * @dev Extension of {AccessControl} that allows enumerating the members of each role.
 */
abstract contract AccessControlEnumerable is
  IAccessControlEnumerable,
  AccessControl
{
  using EnumerableSet for EnumerableSet.AddressSet;

  mapping(bytes32 => EnumerableSet.AddressSet) private _roleMembers;

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId)
    public
    view
    virtual
    override
    returns (bool)
  {
    return
      interfaceId == type(IAccessControlEnumerable).interfaceId ||
      super.supportsInterface(interfaceId);
  }

  /**
   * @dev Returns one of the accounts that have `role`. `index` must be a
   * value between 0 and {getRoleMemberCount}, non-inclusive.
   *
   * Role bearers are not sorted in any particular way, and their ordering may
   * change at any point.
   *
   * WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
   * you perform all queries on the same block. See the following
   * https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
   * for more information.
   */
  function getRoleMember(bytes32 role, uint256 index)
    public
    view
    virtual
    override
    returns (address)
  {
    return _roleMembers[role].at(index);
  }

  /**
   * @dev Returns the number of accounts that have `role`. Can be used
   * together with {getRoleMember} to enumerate all bearers of a role.
   */
  function getRoleMemberCount(bytes32 role)
    public
    view
    virtual
    override
    returns (uint256)
  {
    return _roleMembers[role].length();
  }

  /**
   * @dev Overload {_grantRole} to track enumerable memberships
   */
  function _grantRole(bytes32 role, address account) internal virtual override {
    super._grantRole(role, account);
    _roleMembers[role].add(account);
  }

  /**
   * @dev Overload {_revokeRole} to track enumerable memberships
   */
  function _revokeRole(bytes32 role, address account)
    internal
    virtual
    override
  {
    super._revokeRole(role, account);
    _roleMembers[role].remove(account);
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (security/ReentrancyGuard.sol)

pragma solidity ^0.8.0;

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuard {
  // Booleans are more expensive than uint256 or any type that takes up a full
  // word because each write operation emits an extra SLOAD to first read the
  // slot's contents, replace the bits taken up by the boolean, and then write
  // back. This is the compiler's defense against contract upgrades and
  // pointer aliasing, and it cannot be disabled.

  // The values being non-zero value makes deployment a bit more expensive,
  // but in exchange the refund on every call to nonReentrant will be lower in
  // amount. Since refunds are capped to a percentage of the total
  // transaction's gas, it is best to keep them low in cases like this one, to
  // increase the likelihood of the full refund coming into effect.
  uint256 private constant _NOT_ENTERED = 1;
  uint256 private constant _ENTERED = 2;

  uint256 private _status;

  constructor() {
    _status = _NOT_ENTERED;
  }

  /**
   * @dev Prevents a contract from calling itself, directly or indirectly.
   * Calling a `nonReentrant` function from another `nonReentrant`
   * function is not supported. It is possible to prevent this from happening
   * by making the `nonReentrant` function external, and making it call a
   * `private` function that does the actual work.
   */
  modifier nonReentrant() {
    // On the first call to nonReentrant, _notEntered will be true
    require(_status != _ENTERED, "ReentrancyGuard: reentrant call");

    // Any calls to nonReentrant after this point will fail
    _status = _ENTERED;

    _;

    // By storing the original value once again, a refund is triggered (see
    // https://eips.ethereum.org/EIPS/eip-2200)
    _status = _NOT_ENTERED;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.0;

import "contracts/external/openzeppelin/contracts/token/IERC20.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC-20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    /**
     * @dev An operation with an ERC-20 token failed.
     */
    error SafeERC20FailedOperation(address token);

    /**
     * @dev Indicates a failed `decreaseAllowance` request.
     */
    error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);

    /**
     * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeTransfer(IERC20 token, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
    }

    /**
     * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
     * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
     */
    function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
    }

    /**
     * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     *
     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
     * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
     */
    function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
        uint256 oldAllowance = token.allowance(address(this), spender);
        forceApprove(token, spender, oldAllowance + value);
    }

    /**
     * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
     * value, non-reverting calls are assumed to be successful.
     *
     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
     * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
     */
    function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
        unchecked {
            uint256 currentAllowance = token.allowance(address(this), spender);
            if (currentAllowance < requestedDecrease) {
                revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
            }
            forceApprove(token, spender, currentAllowance - requestedDecrease);
        }
    }

    /**
     * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
     * to be set to zero before setting it to a non-zero value, such as USDT.
     *
     * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
     * only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
     * set here.
     */
    function forceApprove(IERC20 token, address spender, uint256 value) internal {
        bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));

        if (!_callOptionalReturnBool(token, approvalCall)) {
            _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
            _callOptionalReturn(token, approvalCall);
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        uint256 returnSize;
        uint256 returnValue;
        assembly ("memory-safe") {
            let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
            // bubble errors
            if iszero(success) {
                let ptr := mload(0x40)
                returndatacopy(ptr, 0, returndatasize())
                revert(ptr, returndatasize())
            }
            returnSize := returndatasize()
            returnValue := mload(0)
        }

        if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
     */
    function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
        bool success;
        uint256 returnSize;
        uint256 returnValue;
        assembly ("memory-safe") {
            success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
            returnSize := returndatasize()
            returnValue := mload(0)
        }
        return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/EIP712.sol)

pragma solidity ^0.8.0;

import "./ECDSA.sol";

/**
 * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
 *
 * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
 * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
 * they need in their contracts using a combination of `abi.encode` and `keccak256`.
 *
 * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
 * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
 * ({_hashTypedDataV4}).
 *
 * The implementation of the domain separator was designed to be as efficient as possible while still properly updating
 * the chain id to protect against replay attacks on an eventual fork of the chain.
 *
 * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
 * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
 *
 * _Available since v3.4._
 */
abstract contract EIP712 {
    /* solhint-disable var-name-mixedcase */
    // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
    // invalidate the cached domain separator if the chain id changes.
    bytes32 private immutable _CACHED_DOMAIN_SEPARATOR;
    uint256 private immutable _CACHED_CHAIN_ID;
    address private immutable _CACHED_THIS;

    bytes32 private immutable _HASHED_NAME;
    bytes32 private immutable _HASHED_VERSION;
    bytes32 private immutable _TYPE_HASH;

    /* solhint-enable var-name-mixedcase */

    /**
     * @dev Initializes the domain separator and parameter caches.
     *
     * The meaning of `name` and `version` is specified in
     * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
     *
     * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
     * - `version`: the current major version of the signing domain.
     *
     * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
     * contract upgrade].
     */
    constructor(string memory name, string memory version) {
        bytes32 hashedName = keccak256(bytes(name));
        bytes32 hashedVersion = keccak256(bytes(version));
        bytes32 typeHash = keccak256(
            "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
        );
        _HASHED_NAME = hashedName;
        _HASHED_VERSION = hashedVersion;
        _CACHED_CHAIN_ID = block.chainid;
        _CACHED_DOMAIN_SEPARATOR = _buildDomainSeparator(typeHash, hashedName, hashedVersion);
        _CACHED_THIS = address(this);
        _TYPE_HASH = typeHash;
    }

    /**
     * @dev Returns the domain separator for the current chain.
     */
    function _domainSeparatorV4() internal view returns (bytes32) {
        if (address(this) == _CACHED_THIS && block.chainid == _CACHED_CHAIN_ID) {
            return _CACHED_DOMAIN_SEPARATOR;
        } else {
            return _buildDomainSeparator(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION);
        }
    }

    function _buildDomainSeparator(
        bytes32 typeHash,
        bytes32 nameHash,
        bytes32 versionHash
    ) private view returns (bytes32) {
        return keccak256(abi.encode(typeHash, nameHash, versionHash, block.chainid, address(this)));
    }

    /**
     * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
     * function returns the hash of the fully encoded EIP712 message for this domain.
     *
     * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
     *
     * ```solidity
     * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
     *     keccak256("Mail(address to,string contents)"),
     *     mailTo,
     *     keccak256(bytes(mailContents))
     * )));
     * address signer = ECDSA.recover(digest, signature);
     * ```
     */
    function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
        return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.0;

import "../Strings.sol";

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS,
        InvalidSignatureV // Deprecated in v4.8
    }

    function _throwError(RecoverError error) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert("ECDSA: invalid signature");
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert("ECDSA: invalid signature length");
        } else if (error == RecoverError.InvalidSignatureS) {
            revert("ECDSA: invalid signature 's' value");
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature` or error string. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength);
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, signature);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     *
     * _Available since v4.3._
     */
    function tryRecover(
        bytes32 hash,
        bytes32 r,
        bytes32 vs
    ) internal pure returns (address, RecoverError) {
        bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
        uint8 v = uint8((uint256(vs) >> 255) + 27);
        return tryRecover(hash, v, r, s);
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     *
     * _Available since v4.2._
     */
    function recover(
        bytes32 hash,
        bytes32 r,
        bytes32 vs
    ) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, r, vs);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     *
     * _Available since v4.3._
     */
    function tryRecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address, RecoverError) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature);
        }

        return (signer, RecoverError.NoError);
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, v, r, s);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Returns an Ethereum Signed Message, created from a `hash`. This
     * produces hash corresponding to the one signed with the
     * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
     * JSON-RPC method as part of EIP-191.
     *
     * See {recover}.
     */
    function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {
        // 32 is the length in bytes of hash,
        // enforced by the type signature above
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash));
    }

    /**
     * @dev Returns an Ethereum Signed Message, created from `s`. This
     * produces hash corresponding to the one signed with the
     * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
     * JSON-RPC method as part of EIP-191.
     *
     * See {recover}.
     */
    function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s));
    }

    /**
     * @dev Returns an Ethereum Signed Typed Data, created from a
     * `domainSeparator` and a `structHash`. This produces hash corresponding
     * to the one signed with the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
     * JSON-RPC method as part of EIP-712.
     *
     * See {recover}.
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19\x01", domainSeparator, structHash));
    }
}

/**SPDX-License-Identifier: BUSL-1.1

      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐

 */

pragma solidity 0.8.16;

/**
 * @title  IGMTokenManager
 * @author Ondo Finance
 * @notice Interface for interacting with the GMTokenManager contract
 */
interface IGMTokenManager {
  enum QuoteSide {
    /// Indicates that the user is buying GM tokens
    BUY,
    /// Indicates that the user is selling GM tokens
    SELL
  }

  /**
   * @notice Quote struct that is signed by the attestation signer
   * @param  attestationId  The ID of the quote
   * @param  chainId        The chain ID of the quote is intended for
   * @param  userId         The user ID the quote is intended for
   * @param  asset          The address of the GM token being bought or sold
   * @param  price          The price of the GM token in USD with 18 decimals
   * @param  quantity       The quantity of GM tokens being bought or sold
   * @param  expiration     The expiration of the quote in seconds since the epoch
   * @param  side           The direction of the quote (BUY or SELL)
   * @param  additionalData Any additional data that is needed for the quote
   */
  struct Quote {
    uint256 chainId;
    uint256 attestationId;
    bytes32 userId;
    address asset;
    uint256 price;
    uint256 quantity;
    uint256 expiration;
    QuoteSide side;
    bytes32 additionalData;
  }

  /**
   * @notice Event emitted when a trade is executed with an attestation
   * @param  executionId    The monotonically increasing ID of the trade
   * @param  attestationId  The ID of the quote
   * @param  chainId        The chain ID the quote is intended to be used
   * @param  userId         The user ID the quote is intended for
   * @param  side           The direction of the quote (BUY or SELL)
   * @param  asset          The address of the GM token being bought or sold
   * @param  price          The price of the GM token in USD with 18 decimals
   * @param  quantity       The quantity of GM tokens being bought or sold
   * @param  expiration     The expiration of the quote in seconds since the epoch
   * @param  additionalData Any additional data that is needed for the quote
   */
  event TradeExecuted(
    uint256 executionId,
    uint256 attestationId,
    uint256 chainId,
    bytes32 userId,
    QuoteSide side,
    address asset,
    uint256 price,
    uint256 quantity,
    uint256 expiration,
    bytes32 additionalData
  );

  function mintWithAttestation(
    Quote calldata quote,
    bytes memory signature,
    address depositToken,
    uint256 depositAmount
  ) external returns (uint256 receivedGmTokenAmount);

  function redeemWithAttestation(
    Quote calldata quote,
    bytes memory signature,
    address receiveToken,
    uint256 minimumReceiveAmount
  ) external returns (uint256 redemptionUSDonValue);
}

/**SPDX-License-Identifier: BUSL-1.1

      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐

 */

pragma solidity 0.8.16;

/**
 * @title  IOndoSanityCheckOracle
 * @author Ondo Finance
 * @notice Interface for validating prices with the sanity check oracle
 */
interface IOndoSanityCheckOracle {
  function validatePrice(address token, uint256 price) external view;
}

// SPDX-License-Identifier: BUSL-1.1
/*
      ▄▄█████████▄
   ╓██▀└ ,╓▄▄▄, '▀██▄
  ██▀ ▄██▀▀╙╙▀▀██▄ └██µ           ,,       ,,      ,     ,,,            ,,,
 ██ ,██¬ ▄████▄  ▀█▄ ╙█▄      ▄███▀▀███▄   ███▄    ██  ███▀▀▀███▄    ▄███▀▀███,
██  ██ ╒█▀'   ╙█▌ ╙█▌ ██     ▐██      ███  █████,  ██  ██▌    └██▌  ██▌     └██▌
██ ▐█▌ ██      ╟█  █▌ ╟█     ██▌      ▐██  ██ └███ ██  ██▌     ╟██ j██       ╟██
╟█  ██ ╙██    ▄█▀ ▐█▌ ██     ╙██      ██▌  ██   ╙████  ██▌    ▄██▀  ██▌     ,██▀
 ██ "██, ╙▀▀███████████⌐      ╙████████▀   ██     ╙██  ███████▀▀     ╙███████▀`
  ██▄ ╙▀██▄▄▄▄▄,,,                ¬─                                    '─¬
   ╙▀██▄ '╙╙╙▀▀▀▀▀▀▀▀
      ╙▀▀██████R⌐
 */
pragma solidity 0.8.16;

/**
 * @title  IUSDonManager
 * @author Ondo Finance
 * @notice This contract provides an interface for conducting instant USDon swaps.
 */
interface IUSDonManager {
  function subscribe(
    address depositToken,
    uint256 depositAmount,
    uint256 minimumRwaReceived
  ) external returns (uint256 rwaAmountOut);

  function redeem(
    uint256 rwaAmount,
    address receivingToken,
    uint256 minimumTokenReceived
  ) external returns (uint256 receiveTokenAmount);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
  /**
   * @dev Returns the amount of tokens in existence.
   */
  function totalSupply() external view returns (uint256);

  /**
   * @dev Returns the amount of tokens owned by `account`.
   */
  function balanceOf(address account) external view returns (uint256);

  /**
   * @dev Moves `amount` tokens from the caller's account to `to`.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * Emits a {Transfer} event.
   */
  function transfer(address to, uint256 amount) external returns (bool);

  /**
   * @dev Returns the remaining number of tokens that `spender` will be
   * allowed to spend on behalf of `owner` through {transferFrom}. This is
   * zero by default.
   *
   * This value changes when {approve} or {transferFrom} are called.
   */
  function allowance(address owner, address spender)
    external
    view
    returns (uint256);

  /**
   * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * IMPORTANT: Beware that changing an allowance with this method brings the risk
   * that someone may use both the old and the new allowance by unfortunate
   * transaction ordering. One possible solution to mitigate this race
   * condition is to first reduce the spender's allowance to 0 and set the
   * desired value afterwards:
   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
   *
   * Emits an {Approval} event.
   */
  function approve(address spender, uint256 amount) external returns (bool);

  /**
   * @dev Moves `amount` tokens from `from` to `to` using the
   * allowance mechanism. `amount` is then deducted from the caller's
   * allowance.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * Emits a {Transfer} event.
   */
  function transferFrom(
    address from,
    address to,
    uint256 amount
  ) external returns (bool);

  /**
   * @dev Emitted when `value` tokens are moved from one account (`from`) to
   * another (`to`).
   *
   * Note that `value` may be zero.
   */
  event Transfer(address indexed from, address indexed to, uint256 value);

  /**
   * @dev Emitted when the allowance of a `spender` for an `owner` is set by
   * a call to {approve}. `value` is the new allowance.
   */
  event Approval(address indexed owner, address indexed spender, uint256 value);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControlEnumerable.sol)

pragma solidity ^0.8.0;

import "contracts/external/openzeppelin/contracts/access/IAccessControl.sol";

/**
 * @dev External interface of AccessControlEnumerable declared to support ERC165 detection.
 */
interface IAccessControlEnumerable is IAccessControl {
  /**
   * @dev Returns one of the accounts that have `role`. `index` must be a
   * value between 0 and {getRoleMemberCount}, non-inclusive.
   *
   * Role bearers are not sorted in any particular way, and their ordering may
   * change at any point.
   *
   * WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
   * you perform all queries on the same block. See the following
   * https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
   * for more information.
   */
  function getRoleMember(bytes32 role, uint256 index)
    external
    view
    returns (address);

  /**
   * @dev Returns the number of accounts that have `role`. Can be used
   * together with {getRoleMember} to enumerate all bearers of a role.
   */
  function getRoleMemberCount(bytes32 role) external view returns (uint256);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControl.sol)

pragma solidity ^0.8.0;

import "contracts/external/openzeppelin/contracts/access/IAccessControl.sol";
import "contracts/external/openzeppelin/contracts/utils/Context.sol";
import "contracts/external/openzeppelin/contracts/utils/Strings.sol";
import "contracts/external/openzeppelin/contracts/utils/ERC165.sol";

/**
 * @dev Contract module that allows children to implement role-based access
 * control mechanisms. This is a lightweight version that doesn't allow enumerating role
 * members except through off-chain means by accessing the contract event logs. Some
 * applications may benefit from on-chain enumerability, for those cases see
 * {AccessControlEnumerable}.
 *
 * Roles are referred to by their `bytes32` identifier. These should be exposed
 * in the external API and be unique. The best way to achieve this is by
 * using `public constant` hash digests:
 *
 * ```
 * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
 * ```
 *
 * Roles can be used to represent a set of permissions. To restrict access to a
 * function call, use {hasRole}:
 *
 * ```
 * function foo() public {
 *     require(hasRole(MY_ROLE, msg.sender));
 *     ...
 * }
 * ```
 *
 * Roles can be granted and revoked dynamically via the {grantRole} and
 * {revokeRole} functions. Each role has an associated admin role, and only
 * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
 *
 * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
 * that only accounts with this role will be able to grant or revoke other
 * roles. More complex role relationships can be created by using
 * {_setRoleAdmin}.
 *
 * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
 * grant and revoke this role. Extra precautions should be taken to secure
 * accounts that have been granted it.
 */
abstract contract AccessControl is Context, IAccessControl, ERC165 {
  struct RoleData {
    mapping(address => bool) members;
    bytes32 adminRole;
  }

  mapping(bytes32 => RoleData) private _roles;

  bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;

  /**
   * @dev Modifier that checks that an account has a specific role. Reverts
   * with a standardized message including the required role.
   *
   * The format of the revert reason is given by the following regular expression:
   *
   *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
   *
   * _Available since v4.1._
   */
  modifier onlyRole(bytes32 role) {
    _checkRole(role, _msgSender());
    _;
  }

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId)
    public
    view
    virtual
    override
    returns (bool)
  {
    return
      interfaceId == type(IAccessControl).interfaceId ||
      super.supportsInterface(interfaceId);
  }

  /**
   * @dev Returns `true` if `account` has been granted `role`.
   */
  function hasRole(bytes32 role, address account)
    public
    view
    virtual
    override
    returns (bool)
  {
    return _roles[role].members[account];
  }

  /**
   * @dev Revert with a standard message if `account` is missing `role`.
   *
   * The format of the revert reason is given by the following regular expression:
   *
   *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
   */
  function _checkRole(bytes32 role, address account) internal view virtual {
    if (!hasRole(role, account)) {
      revert(
        string(
          abi.encodePacked(
            "AccessControl: account ",
            Strings.toHexString(uint160(account), 20),
            " is missing role ",
            Strings.toHexString(uint256(role), 32)
          )
        )
      );
    }
  }

  /**
   * @dev Returns the admin role that controls `role`. See {grantRole} and
   * {revokeRole}.
   *
   * To change a role's admin, use {_setRoleAdmin}.
   */
  function getRoleAdmin(bytes32 role)
    public
    view
    virtual
    override
    returns (bytes32)
  {
    return _roles[role].adminRole;
  }

  /**
   * @dev Grants `role` to `account`.
   *
   * If `account` had not been already granted `role`, emits a {RoleGranted}
   * event.
   *
   * Requirements:
   *
   * - the caller must have ``role``'s admin role.
   */
  function grantRole(bytes32 role, address account)
    public
    virtual
    override
    onlyRole(getRoleAdmin(role))
  {
    _grantRole(role, account);
  }

  /**
   * @dev Revokes `role` from `account`.
   *
   * If `account` had been granted `role`, emits a {RoleRevoked} event.
   *
   * Requirements:
   *
   * - the caller must have ``role``'s admin role.
   */
  function revokeRole(bytes32 role, address account)
    public
    virtual
    override
    onlyRole(getRoleAdmin(role))
  {
    _revokeRole(role, account);
  }

  /**
   * @dev Revokes `role` from the calling account.
   *
   * Roles are often managed via {grantRole} and {revokeRole}: this function's
   * purpose is to provide a mechanism for accounts to lose their privileges
   * if they are compromised (such as when a trusted device is misplaced).
   *
   * If the calling account had been revoked `role`, emits a {RoleRevoked}
   * event.
   *
   * Requirements:
   *
   * - the caller must be `account`.
   */
  function renounceRole(bytes32 role, address account) public virtual override {
    require(
      account == _msgSender(),
      "AccessControl: can only renounce roles for self"
    );

    _revokeRole(role, account);
  }

  /**
   * @dev Grants `role` to `account`.
   *
   * If `account` had not been already granted `role`, emits a {RoleGranted}
   * event. Note that unlike {grantRole}, this function doesn't perform any
   * checks on the calling account.
   *
   * [WARNING]
   * ====
   * This function should only be called from the constructor when setting
   * up the initial roles for the system.
   *
   * Using this function in any other way is effectively circumventing the admin
   * system imposed by {AccessControl}.
   * ====
   *
   * NOTE: This function is deprecated in favor of {_grantRole}.
   */
  function _setupRole(bytes32 role, address account) internal virtual {
    _grantRole(role, account);
  }

  /**
   * @dev Sets `adminRole` as ``role``'s admin role.
   *
   * Emits a {RoleAdminChanged} event.
   */
  function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
    bytes32 previousAdminRole = getRoleAdmin(role);
    _roles[role].adminRole = adminRole;
    emit RoleAdminChanged(role, previousAdminRole, adminRole);
  }

  /**
   * @dev Grants `role` to `account`.
   *
   * Internal function without access restriction.
   */
  function _grantRole(bytes32 role, address account) internal virtual {
    if (!hasRole(role, account)) {
      _roles[role].members[account] = true;
      emit RoleGranted(role, account, _msgSender());
    }
  }

  /**
   * @dev Revokes `role` from `account`.
   *
   * Internal function without access restriction.
   */
  function _revokeRole(bytes32 role, address account) internal virtual {
    if (hasRole(role, account)) {
      _roles[role].members[account] = false;
      emit RoleRevoked(role, account, _msgSender());
    }
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/structs/EnumerableSet.sol)

pragma solidity ^0.8.0;

/**
 * @dev Library for managing
 * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
 * types.
 *
 * Sets have the following properties:
 *
 * - Elements are added, removed, and checked for existence in constant time
 * (O(1)).
 * - Elements are enumerated in O(n). No guarantees are made on the ordering.
 *
 * ```
 * contract Example {
 *     // Add the library methods
 *     using EnumerableSet for EnumerableSet.AddressSet;
 *
 *     // Declare a set state variable
 *     EnumerableSet.AddressSet private mySet;
 * }
 * ```
 *
 * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
 * and `uint256` (`UintSet`) are supported.
 */
library EnumerableSet {
  // To implement this library for multiple types with as little code
  // repetition as possible, we write it in terms of a generic Set type with
  // bytes32 values.
  // The Set implementation uses private functions, and user-facing
  // implementations (such as AddressSet) are just wrappers around the
  // underlying Set.
  // This means that we can only create new EnumerableSets for types that fit
  // in bytes32.

  struct Set {
    // Storage of set values
    bytes32[] _values;
    // Position of the value in the `values` array, plus 1 because index 0
    // means a value is not in the set.
    mapping(bytes32 => uint256) _indexes;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function _add(Set storage set, bytes32 value) private returns (bool) {
    if (!_contains(set, value)) {
      set._values.push(value);
      // The value is stored at length-1, but we add 1 to all indexes
      // and use 0 as a sentinel value
      set._indexes[value] = set._values.length;
      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function _remove(Set storage set, bytes32 value) private returns (bool) {
    // We read and store the value's index to prevent multiple reads from the same storage slot
    uint256 valueIndex = set._indexes[value];

    if (valueIndex != 0) {
      // Equivalent to contains(set, value)
      // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
      // the array, and then remove the last element (sometimes called as 'swap and pop').
      // This modifies the order of the array, as noted in {at}.

      uint256 toDeleteIndex = valueIndex - 1;
      uint256 lastIndex = set._values.length - 1;

      if (lastIndex != toDeleteIndex) {
        bytes32 lastvalue = set._values[lastIndex];

        // Move the last value to the index where the value to delete is
        set._values[toDeleteIndex] = lastvalue;
        // Update the index for the moved value
        set._indexes[lastvalue] = valueIndex; // Replace lastvalue's index to valueIndex
      }

      // Delete the slot where the moved value was stored
      set._values.pop();

      // Delete the index for the deleted slot
      delete set._indexes[value];

      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function _contains(Set storage set, bytes32 value)
    private
    view
    returns (bool)
  {
    return set._indexes[value] != 0;
  }

  /**
   * @dev Returns the number of values on the set. O(1).
   */
  function _length(Set storage set) private view returns (uint256) {
    return set._values.length;
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function _at(Set storage set, uint256 index) private view returns (bytes32) {
    return set._values[index];
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function _values(Set storage set) private view returns (bytes32[] memory) {
    return set._values;
  }

  // Bytes32Set

  struct Bytes32Set {
    Set _inner;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
    return _add(set._inner, value);
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(Bytes32Set storage set, bytes32 value)
    internal
    returns (bool)
  {
    return _remove(set._inner, value);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(Bytes32Set storage set, bytes32 value)
    internal
    view
    returns (bool)
  {
    return _contains(set._inner, value);
  }

  /**
   * @dev Returns the number of values in the set. O(1).
   */
  function length(Bytes32Set storage set) internal view returns (uint256) {
    return _length(set._inner);
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(Bytes32Set storage set, uint256 index)
    internal
    view
    returns (bytes32)
  {
    return _at(set._inner, index);
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(Bytes32Set storage set)
    internal
    view
    returns (bytes32[] memory)
  {
    return _values(set._inner);
  }

  // AddressSet

  struct AddressSet {
    Set _inner;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(AddressSet storage set, address value) internal returns (bool) {
    return _add(set._inner, bytes32(uint256(uint160(value))));
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(AddressSet storage set, address value)
    internal
    returns (bool)
  {
    return _remove(set._inner, bytes32(uint256(uint160(value))));
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(AddressSet storage set, address value)
    internal
    view
    returns (bool)
  {
    return _contains(set._inner, bytes32(uint256(uint160(value))));
  }

  /**
   * @dev Returns the number of values in the set. O(1).
   */
  function length(AddressSet storage set) internal view returns (uint256) {
    return _length(set._inner);
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(AddressSet storage set, uint256 index)
    internal
    view
    returns (address)
  {
    return address(uint160(uint256(_at(set._inner, index))));
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(AddressSet storage set)
    internal
    view
    returns (address[] memory)
  {
    bytes32[] memory store = _values(set._inner);
    address[] memory result;

    assembly {
      result := store
    }

    return result;
  }

  // UintSet

  struct UintSet {
    Set _inner;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(UintSet storage set, uint256 value) internal returns (bool) {
    return _add(set._inner, bytes32(value));
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(UintSet storage set, uint256 value) internal returns (bool) {
    return _remove(set._inner, bytes32(value));
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(UintSet storage set, uint256 value)
    internal
    view
    returns (bool)
  {
    return _contains(set._inner, bytes32(value));
  }

  /**
   * @dev Returns the number of values on the set. O(1).
   */
  function length(UintSet storage set) internal view returns (uint256) {
    return _length(set._inner);
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(UintSet storage set, uint256 index)
    internal
    view
    returns (uint256)
  {
    return uint256(_at(set._inner, index));
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(UintSet storage set)
    internal
    view
    returns (uint256[] memory)
  {
    bytes32[] memory store = _values(set._inner);
    uint256[] memory result;

    assembly {
      result := store
    }

    return result;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Strings.sol)

pragma solidity ^0.8.0;

/**
 * @dev String operations.
 */
library Strings {
  bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";

  /**
   * @dev Converts a `uint256` to its ASCII `string` decimal representation.
   */
  function toString(uint256 value) internal pure returns (string memory) {
    // Inspired by OraclizeAPI's implementation - MIT licence
    // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol

    if (value == 0) {
      return "0";
    }
    uint256 temp = value;
    uint256 digits;
    while (temp != 0) {
      digits++;
      temp /= 10;
    }
    bytes memory buffer = new bytes(digits);
    while (value != 0) {
      digits -= 1;
      buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
      value /= 10;
    }
    return string(buffer);
  }

  /**
   * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
   */
  function toHexString(uint256 value) internal pure returns (string memory) {
    if (value == 0) {
      return "0x00";
    }
    uint256 temp = value;
    uint256 length = 0;
    while (temp != 0) {
      length++;
      temp >>= 8;
    }
    return toHexString(value, length);
  }

  /**
   * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
   */
  function toHexString(uint256 value, uint256 length)
    internal
    pure
    returns (string memory)
  {
    bytes memory buffer = new bytes(2 * length + 2);
    buffer[0] = "0";
    buffer[1] = "x";
    for (uint256 i = 2 * length + 1; i > 1; --i) {
      buffer[i] = _HEX_SYMBOLS[value & 0xf];
      value >>= 4;
    }
    require(value == 0, "Strings: hex length insufficient");
    return string(buffer);
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)

pragma solidity ^0.8.0;

/**
 * @dev External interface of AccessControl declared to support ERC165 detection.
 */
interface IAccessControl {
  /**
   * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
   *
   * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
   * {RoleAdminChanged} not being emitted signaling this.
   *
   * _Available since v3.1._
   */
  event RoleAdminChanged(
    bytes32 indexed role,
    bytes32 indexed previousAdminRole,
    bytes32 indexed newAdminRole
  );

  /**
   * @dev Emitted when `account` is granted `role`.
   *
   * `sender` is the account that originated the contract call, an admin role
   * bearer except when using {AccessControl-_setupRole}.
   */
  event RoleGranted(
    bytes32 indexed role,
    address indexed account,
    address indexed sender
  );

  /**
   * @dev Emitted when `account` is revoked `role`.
   *
   * `sender` is the account that originated the contract call:
   *   - if using `revokeRole`, it is the admin role bearer
   *   - if using `renounceRole`, it is the role bearer (i.e. `account`)
   */
  event RoleRevoked(
    bytes32 indexed role,
    address indexed account,
    address indexed sender
  );

  /**
   * @dev Returns `true` if `account` has been granted `role`.
   */
  function hasRole(bytes32 role, address account) external view returns (bool);

  /**
   * @dev Returns the admin role that controls `role`. See {grantRole} and
   * {revokeRole}.
   *
   * To change a role's admin, use {AccessControl-_setRoleAdmin}.
   */
  function getRoleAdmin(bytes32 role) external view returns (bytes32);

  /**
   * @dev Grants `role` to `account`.
   *
   * If `account` had not been already granted `role`, emits a {RoleGranted}
   * event.
   *
   * Requirements:
   *
   * - the caller must have ``role``'s admin role.
   */
  function grantRole(bytes32 role, address account) external;

  /**
   * @dev Revokes `role` from `account`.
   *
   * If `account` had been granted `role`, emits a {RoleRevoked} event.
   *
   * Requirements:
   *
   * - the caller must have ``role``'s admin role.
   */
  function revokeRole(bytes32 role, address account) external;

  /**
   * @dev Revokes `role` from the calling account.
   *
   * Roles are often managed via {grantRole} and {revokeRole}: this function's
   * purpose is to provide a mechanism for accounts to lose their privileges
   * if they are compromised (such as when a trusted device is misplaced).
   *
   * If the calling account had been granted `role`, emits a {RoleRevoked}
   * event.
   *
   * Requirements:
   *
   * - the caller must be `account`.
   */
  function renounceRole(bytes32 role, address account) external;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)

pragma solidity ^0.8.0;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
  function _msgSender() internal view virtual returns (address) {
    return msg.sender;
  }

  function _msgData() internal view virtual returns (bytes calldata) {
    return msg.data;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)

pragma solidity ^0.8.0;

import "contracts/external/openzeppelin/contracts/utils/IERC165.sol";

/**
 * @dev Implementation of the {IERC165} interface.
 *
 * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
 * for the additional interface id that will be supported. For example:
 *
 * ```solidity
 * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
 *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
 * }
 * ```
 *
 * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
 */
abstract contract ERC165 is IERC165 {
  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId)
    public
    view
    virtual
    override
    returns (bool)
  {
    return interfaceId == type(IERC165).interfaceId;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
  /**
   * @dev Returns true if this contract implements the interface defined by
   * `interfaceId`. See the corresponding
   * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
   * to learn more about how these ids are created.
   *
   * This function call must use less than 30 000 gas.
   */
  function supportsInterface(bytes4 interfaceId) external view returns (bool);
}