Cryo Explorer Ethereum Mainnet

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";

import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import {SafeERC20, IERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC721} from "@openzeppelin/contracts/token/ERC721/IERC721.sol";

import {IDelegationRegistry} from "./interfaces/IDelegationRegistry.sol";
import {IDelegateRegistry} from "./interfaces/IDelegateRegistry.sol";
import "./interfaces/IWellClaim.sol";

// import "hardhat/console.sol";

/// @title A contract for claiming $WELL over a parameterized vesting schedule
contract WellClaim is
    IWellClaim,
    Initializable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable,
    OwnableUpgradeable
{
    using SafeERC20 for IERC20;

    uint256 private constant _BASIS_POINTS = 10_000;
    uint256 private constant _LOCK_UP_SLOT = 180;
    uint256 private constant _END_CYCLE = 4;
    uint256 private constant _END_CYCLE_CONTRIBUTORS = 6;
    uint256 private constant _MAX_CLAIM_PERIOD = 30 days;
    uint256 private constant _MAX_NFT_REWARDS_CLAIM_PERIOD = 60 days;

    address public upgrader; // to be set
    address public multiClaim; // to be set

    IERC721[] public nftCollections;
    IDelegationRegistry public dc;
    IDelegateRegistry public dcV2;

    uint256 public claimStartDate;

    IERC20 public claimToken;
    bool public claimActive;
    // bool public claimTokenDeposited;
    bool public unclaimedNFTRewardsWithdrawn;
    bool public upgraderRenounced;

    uint64 public currentNFTUnlockedBP;
    uint64 public previousNFTUnlockedBP;
    uint128 public currentNFTUnlockTimestamp;

    mapping(address userAddress => mapping(ClaimType claimType => ClaimData userClaimData))
        public usersClaimData;
    mapping(uint256 collectionId => mapping(uint256 tokenId => NFTClaimData userClaimData))
        public nftUsersClaimData;
    mapping(ClaimType claimType => ClaimSchedule claimSchedule)
        public claimScheduleOf;
    mapping(uint256 collectionId => UnclaimedNFTRewards)
        public unclaimedNftRewards;
    mapping(bytes signature => bool) public usedSignatures;

    address public signer;
    string public signatureActionPrefix;

    // required by the OZ UUPS module
    function _authorizeUpgrade(address) internal override onlyUpgrader {}

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    function initialize(
        address _claimTokenAddress,
        address _kzgAddress,
        address _kubzAddress,
        address _ygpzAddress
    ) external initializer {
        require(_claimTokenAddress != address(0), "_claimTokenAddress should not be 0");
        require(_kzgAddress != address(0), "_kzgAddress should not be 0");
        require(_kubzAddress != address(0), "_kubzAddress should not be 0");
        require(_ygpzAddress != address(0), "_ygpzAddress should not be 0");

        ReentrancyGuardUpgradeable.__ReentrancyGuard_init_unchained();
        OwnableUpgradeable.__Ownable_init_unchained(msg.sender);
        UUPSUpgradeable.__UUPSUpgradeable_init();
        dc = IDelegationRegistry(0x00000000000076A84feF008CDAbe6409d2FE638B);
        dcV2 = IDelegateRegistry(0x00000000000000447e69651d841bD8D104Bed493);
        claimToken = IERC20(_claimTokenAddress);
        nftCollections = [
            IERC721(_kzgAddress),
            IERC721(_kubzAddress),
            IERC721(_ygpzAddress)
        ];
        upgrader = msg.sender;
    }

    /// @notice Claim token by claimTypes according to the vesting schedule after claim starts, user won't be able to claim after the allocated $WELL are fully vested for _MAX_CLAIM_PERIOD
    /// @dev ONLY presaleClaim, ecosystem and contributor contract; Verify claim data and transfer claim token to user if needed, should not be called by NFT holder,
    /// emit { UserClaimed } event for amount claimed
    /// @param _vault Vault address of delegate.xyz; pass address(0) if not using delegate wallet
    /// @param _claimTypes Array of ClaimType to claim
    function claim(
        address _vault,
        ClaimType[] calldata _claimTypes
    ) public nonReentrant onlyValidClaimSetup {
        address requester = _getRequester(_vault);
        uint256 totalClaimable = _claim(requester, _claimTypes);

        claimToken.safeTransfer(requester, totalClaimable);
    }

    /// @notice Claim OPTIONALLY on NFTAirdrop/NFTRewards/WalletRewards token by all eligible NFTs according to the vesting schedule after claim starts, user won't be able to claim after the allocated $WELL are fully vested for _MAX_CLAIM_PERIOD
    /// @dev ONLY nftClaim contract; ONLY related to NFT claimTypes(i.e. NFTRewards & WalletRewards); Verify claim data and transfer claim token to NFT owner if needed, emit { BulkClaimedInNFTs } event for amount claimed
    /// @param _vault Vault address of delegate.xyz; pass address(0) if not using delegate wallet
    /// @param _nftCollectionClaimRequests Array of NFTCollectionClaimRequest that consists collection ID of the NFT, token ID(s) the owner owns, array of booleans to indicate NFTAirdrop/NFTRewards claim for each token ID
    function claimInNFTs(
        address _vault,
        NFTCollectionClaimRequest[] calldata _nftCollectionClaimRequests,
        bool _withWalletRewards
    ) external nonReentrant onlyValidClaimSetup {
        // console.log(block.timestamp);
        address requester = _getRequester(_vault);
        uint256 totalClaimable = _claimInNFTs(
            requester,
            _nftCollectionClaimRequests,
            _withWalletRewards
        );

        claimToken.safeTransfer(requester, totalClaimable);
    }

    // ===================
    // Multicall Functions
    // ===================

    /// @notice Claim token by claimTypes according to the vesting schedule after claim starts
    /// @dev Verify caller is multiClaim, claim data and transfer claim token to _requester if needed, should not be called by NFT holder
    /// emit { UserClaimed } event for amount claimed
    /// @param _requester address of eligible claim wallet
    /// @param _claimTypes Array of ClaimType to claim
    function claimFromMulti(
        address _requester,
        ClaimType[] calldata _claimTypes
    ) external nonReentrant onlyValidClaimSetup onlyMultiClaim {
        uint256 totalClaimable = _claim(_requester, _claimTypes);

        claimToken.safeTransfer(_requester, totalClaimable);
    }

    /// @notice Bulk claim token by claimTypes and eligible NFTs according to the vesting schedule after claim starts
    /// @dev Verify caller is multiClaim, claim data and transfer claim token to NFT owner if needed, emit { BulkClaimedInNFTs } event for amount claimed
    /// @param _requester address of eligible holder wallet
    /// @param _nftCollectionClaimRequests Array of NFTCollectionClaimRequest that consists collection ID of the NFT, token ID(s) the owner owns, array of booleans to indicate NFTAirdrop/NFTRewards claim for each token ID
    function claimInNFTsFromMulti(
        address _requester,
        NFTCollectionClaimRequest[] calldata _nftCollectionClaimRequests,
        bool _withWalletRewards
    ) external nonReentrant onlyValidClaimSetup onlyMultiClaim {
        uint256 totalClaimable = _claimInNFTs(
            _requester,
            _nftCollectionClaimRequests,
            _withWalletRewards
        );

        claimToken.safeTransfer(_requester, totalClaimable);
    }

    /// @notice Support both v1 and v2 delegate wallet during the v1 to v2 migration
    /// @dev Given _vault (cold wallet) address, verify whether _msgSender() is a permitted delegate to operate on behalf of it
    /// @param _vault Address to verify against _msgSender
    function _getRequester(address _vault) private view returns (address) {
        if (_vault == address(0)) return _msgSender();
        bool isDelegateValid = dcV2.checkDelegateForAll(
            _msgSender(),
            _vault,
            ""
        );
        if (isDelegateValid) return _vault;
        isDelegateValid = dc.checkDelegateForAll(_msgSender(), _vault);
        if (!isDelegateValid) revert InvalidDelegate();
        return _vault;
    }

    function _claim(
        address _requester,
        ClaimType[] memory _claimTypes
    ) internal returns (uint128 amountClaimed) {
        amountClaimed = _executeClaim(_requester, _claimTypes);
        if (amountClaimed == 0) revert NoClaimableToken();

        emit UserClaimed(_requester, amountClaimed, block.timestamp);
    }

    function _claimInNFTs(
        address _requester,
        NFTCollectionClaimRequest[] calldata _nftCollectionClaimRequests,
        bool _withWalletRewards
    ) internal returns (uint128 amountClaimed) {
        amountClaimed = _executeClaimInNFTs(
            _requester,
            _nftCollectionClaimRequests
        );

        if (_withWalletRewards) {
            ClaimData storage userClaimData = usersClaimData[_requester][
                ClaimType.WalletRewards
            ];
            uint128 claimable = _calculateClaimable(
                userClaimData,
                ClaimType.WalletRewards
            );
            if (claimable > 0) {
                /// @dev assume no overflow as the max amountClaimed amount won't exceed uint128 throughout the whole life cycle
                unchecked {
                    userClaimData.claimed += claimable;
                    amountClaimed += claimable;
                }
            }
        }
        if (amountClaimed == 0) revert NoClaimableToken();

        emit ClaimedInNFTs(_requester, amountClaimed, block.timestamp);
    }

    /// @dev Update `claimed` in usersClaimData for the given ClaimTypes
    /// @param _requester Address of the claimer
    /// @param _claimTypes Array of ClaimType to claim
    /// @return totalClaimable Amount of total claimable calculated from the given ClaimTypes
    function _executeClaim(
        address _requester,
        ClaimType[] memory _claimTypes
    ) private returns (uint128 totalClaimable) {
        for (uint256 i; i < _claimTypes.length; i++) {
            ClaimData storage userClaimData = usersClaimData[_requester][
                _claimTypes[i]
            ];
            uint128 claimable = _calculateClaimable(
                userClaimData,
                _claimTypes[i]
            );
            if (claimable > 0) {
                /// @dev assume no overflow as the max totalClaimable amount won't exceed uint128 throughout the whole life cycle
                unchecked {
                    userClaimData.claimed += claimable;
                    totalClaimable += claimable;
                }
            }
        }
    }

    /// @dev Update `airdropClaimed` AND/OR `rewardsClaimed` based on the booleans passed in nftUsersClaimData for the given NFT Collection ID and token ID(s)
    /// @param _requester Address of the claimer
    /// @param _nftCollectionClaimRequests Array of NFTCollectionClaimRequest that consists collection ID of the NFT, token ID(s) the owner owns, array of booleans to indicate NFTAirdrop/NFTRewards claim for each token ID
    /// @return totalNFTClaimable Amount of total NFT claimable calculated from the given NFT Collection ID and token ID(s)
    function _executeClaimInNFTs(
        address _requester,
        NFTCollectionClaimRequest[] calldata _nftCollectionClaimRequests
    ) private returns (uint128 totalNFTClaimable) {
        for (uint256 i; i < _nftCollectionClaimRequests.length; ) {
            uint256[] calldata tokenIds = _nftCollectionClaimRequests[i]
                .tokenIds;
            bool[] calldata withNFTAirdropList = _nftCollectionClaimRequests[i]
                .withNFTAirdropList;
            bool[] calldata withNFTRewardsList = _nftCollectionClaimRequests[i]
                .withNFTRewardsList;
            uint256 len = tokenIds.length;
            if (
                len != withNFTAirdropList.length ||
                len != withNFTRewardsList.length
            ) {
                revert MismatchedArrays();
            }
            uint256 collectionId = _nftCollectionClaimRequests[i].collectionId;

            for (uint256 j; j < len; ) {
                uint128 claimable;
                if (withNFTAirdropList[j]) {
                    claimable = _verifyNFTClaim(
                        _requester,
                        collectionId,
                        tokenIds[j]
                    );
                    if (claimable > 0) {
                        /// @dev assume no overflow as the max claimable amount won't exceed uint128
                        unchecked {
                            nftUsersClaimData[collectionId][tokenIds[j]]
                                .airdropClaimed += claimable;
                            totalNFTClaimable += claimable;
                        }
                    }
                }
                if (withNFTRewardsList[j]) {
                    claimable = _verifyNFTRewardClaim(
                        _requester,
                        collectionId,
                        tokenIds[j]
                    );
                    if (claimable > 0) {
                        unchecked {
                            nftUsersClaimData[collectionId][tokenIds[j]]
                                .rewardsClaimed += claimable;
                            totalNFTClaimable += claimable;
                        }
                    }
                }
                unchecked {
                    ++j;
                }
            }
            unchecked {
                ++i;
            }
        }
    }

    /// @dev Verify if the caller owns the NFT, and return the correct amount of claimable token
    /// @param _requester Address of the claimer
    /// @param _collectionId Collection ID of the NFT
    /// @param _tokenId Token ID that the owner owns
    function _verifyNFTClaim(
        address _requester,
        uint256 _collectionId,
        uint256 _tokenId
    ) private view onlyValidCollectionId(_collectionId) returns (uint128) {
        if (nftCollections[_collectionId].ownerOf(_tokenId) != _requester)
            revert Unauthorized();

        return
            _calculateNFTClaimable(nftUsersClaimData[_collectionId][_tokenId]);
    }

    function _verifyNFTRewardClaim(
        address _requester,
        uint256 _collectionId,
        uint256 _tokenId
    ) private view onlyValidCollectionId(_collectionId) returns (uint128) {
        if (nftCollections[_collectionId].ownerOf(_tokenId) != _requester)
            revert Unauthorized();

        return
            _calculateNFTRewardsClaimable(
                nftUsersClaimData[_collectionId][_tokenId]
            );
    }

    function _calculateClaimable(
        ClaimData memory _userClaimdata,
        ClaimType _claimType
    ) private view returns (uint128) {
        uint128 totalClaimable = _userClaimdata.totalClaimable;
        uint128 claimed = _userClaimdata.claimed;
        if (totalClaimable == 0 || claimed >= totalClaimable) return 0;
        // for WalletRewards claim will expire after _MAX_CLAIM_PERIOD has passed since claim starts
        if (_claimType == ClaimType.WalletRewards) {
            if (block.timestamp > claimStartDate + _MAX_CLAIM_PERIOD) {
                return 0;
            }
            return totalClaimable;
        }

        ClaimSchedule memory claimSchedule = claimScheduleOf[_claimType];
        uint256 numOfLockUpBPs = claimSchedule.lockUpBPs.length;
        if (numOfLockUpBPs == 0) revert InvalidClaimSetup();

        // claim will expire after the allocated $WELL are fully vested for _MAX_CLAIM_PERIOD
        if (
            block.timestamp >
            claimStartDate +
                _LOCK_UP_SLOT *
                numOfLockUpBPs *
                1 days +
                _MAX_CLAIM_PERIOD
        ) {
            return 0;
        }

        uint256 daysElapsed = (block.timestamp - claimStartDate) / 1 days;
        // count the cycles passed to distinguish which cycle's 180 days is elapsed
        uint256 cyclesPassed = daysElapsed / _LOCK_UP_SLOT;

        // PrivatePresale first cycle unlocked amount locks up until the start of next cycle and allows instant claim
        if (
            _claimType == ClaimType.SeedPresale &&
            daysElapsed < _LOCK_UP_SLOT
        ) return 0;

        // Contributors has a different number of cycles, other claim types share the same one
        bool isClaimTypeFullyVested = _claimType != ClaimType.Contributors &&
            cyclesPassed >= _END_CYCLE;
        bool isContributorFullyVested = _claimType == ClaimType.Contributors &&
            cyclesPassed >= _END_CYCLE_CONTRIBUTORS;
        if (isClaimTypeFullyVested || isContributorFullyVested) {
            return _calculateRemainClaimable(totalClaimable, claimed);
        }

        // cyclesPassed + 1 because we want to calculate the current cycle's (with < 180 days elapsed) unlocked amount
        return
            _calculateRemainClaimable(
                _calculateUnlockedAmount(
                    claimSchedule,
                    numOfLockUpBPs,
                    totalClaimable,
                    cyclesPassed + 1,
                    daysElapsed
                ),
                claimed
            );
    }

    function _calculateNFTClaimable(
        NFTClaimData memory _nftUserClaimdata
    ) private view returns (uint128) {
        uint256 currentNFTUnlockedBP_ = currentNFTUnlockedBP;
        // console.log("BP");
        // console.log(currentNFTUnlockedBP_);
        if (currentNFTUnlockedBP_ == 0) return 0;

        // claim will expire after the allocated $WELL are fully vested for _MAX_CLAIM_PERIOD
        if (currentNFTUnlockedBP_ == _BASIS_POINTS) {
            if (
                block.timestamp > currentNFTUnlockTimestamp + _MAX_CLAIM_PERIOD
            ) {
                return 0;
            }
        }

        uint128 airdropTotalClaimable = _nftUserClaimdata.airdropTotalClaimable;
        uint128 airdropClaimed = _nftUserClaimdata.airdropClaimed;
        if (
            airdropTotalClaimable == 0 ||
            airdropClaimed >= airdropTotalClaimable
        ) return 0;

        return
            _calculateRemainClaimable(
                _calculateNFTUnlockedAmount(airdropTotalClaimable),
                airdropClaimed
            );
    }

    function _calculateNFTRewardsClaimable(
        NFTClaimData memory _nftUserClaimdata
    ) private view returns (uint128) {
        uint128 rewardsTotalClaimable = _nftUserClaimdata.rewardsTotalClaimable;
        uint128 rewardsClaimed = _nftUserClaimdata.rewardsClaimed;
        if (
            rewardsTotalClaimable == 0 ||
            rewardsClaimed >= rewardsTotalClaimable
        ) return 0;

        if (block.timestamp > claimStartDate + _MAX_NFT_REWARDS_CLAIM_PERIOD) {
            return 0;
        }

        return _calculateRemainClaimable(rewardsTotalClaimable, rewardsClaimed);
    }

    function _calculateRemainClaimable(
        uint128 _totalClaimable,
        uint128 _claimed
    ) private pure returns (uint128) {
        /// @dev assume no underflow because we already return zero when _claimed is >= _totalClaimable
        unchecked {
            return _totalClaimable <= _claimed ? 0 : _totalClaimable - _claimed;
        }
    }

    function _calculateUnlockedAmount(
        ClaimSchedule memory _claimSchedule,
        uint256 _numOfLockUpBPs,
        uint128 _totalClaimable,
        uint256 _currentCycle,
        uint256 _daysElapsed
    ) private pure returns (uint128) {
        if (_currentCycle < _claimSchedule.startCycle) return 0;

        if (_currentCycle > _numOfLockUpBPs) return _totalClaimable;

        // _currentCycle == _numOfLockUpBPs means _currentCycle is the last one
        uint256 currentUnlockedBP = _currentCycle == _numOfLockUpBPs
            ? _BASIS_POINTS
            : _claimSchedule.lockUpBPs[_currentCycle];

        return
            _calculateUnlockedAmountByDaysElapsed(
                _totalClaimable,
                _claimSchedule.lockUpBPs[_currentCycle - 1],
                currentUnlockedBP,
                _daysElapsed % _LOCK_UP_SLOT
            );
    }

    function _calculateUnlockedAmountByDaysElapsed(
        uint128 _totalClaimable,
        uint256 _previousUnlockedBP,
        uint256 _currentUnlockedBP,
        uint256 _daysElapsedForCurrentCycle
    ) private pure returns (uint128) {
        if (_daysElapsedForCurrentCycle == 0) {
            return
                _toUint128(
                    (_totalClaimable * _previousUnlockedBP) / _BASIS_POINTS
                );
        }

        return
            _toUint128(
                (_totalClaimable * _previousUnlockedBP) /
                    _BASIS_POINTS +
                    (_totalClaimable *
                        (_currentUnlockedBP - _previousUnlockedBP) *
                        _daysElapsedForCurrentCycle) /
                    _BASIS_POINTS /
                    _LOCK_UP_SLOT
            );
    }

    function _calculateNFTUnlockedAmount(
        uint128 _totalClaimable
    ) private view returns (uint128) {
        return
            block.timestamp < currentNFTUnlockTimestamp
                ? _toUint128(
                    (_totalClaimable * previousNFTUnlockedBP) / _BASIS_POINTS
                )
                : _toUint128(
                    (_totalClaimable * currentNFTUnlockedBP) / _BASIS_POINTS
                );
    }

    function _toUint128(uint256 value) private pure returns (uint128) {
        if (value >= 1 << 128) revert Uint128Overflow();
        return uint128(value);
    }

    // ====================
    // Validation Modifiers
    // ====================

    modifier onlyUpgrader() {
        if (_msgSender() != upgrader) revert Unauthorized();
        _;
    }

    modifier onlyMultiClaim() {
        if (_msgSender() != multiClaim) revert Unauthorized();
        _;
    }

    modifier onlyClaimNotOpen() {
        if (claimActive) revert ClaimNotClosed();
        _;
    }

    modifier onlyValidClaimSetup() {
        if (
            !claimActive ||
            claimStartDate == 0 ||
            block.timestamp < claimStartDate
        ) revert ClaimNotAvailable();
        if (address(claimToken) == address(0)) revert ClaimTokenZeroAddress();
        _;
    }

    modifier onlyValidCollectionId(uint256 _collectionId) {
        if (_collectionId >= nftCollections.length)
            revert InvalidCollectionId();
        _;
    }

    // ==============
    // Claimable Settings
    // ==============

    // ============ Signer System ============
    function setupSigner(
        address _signer,
        string calldata _signatureActionPrefix
    ) external onlyOwner {
        require(_signer != address(0), "_signer should not be 0");
        signer = _signer;
        signatureActionPrefix = _signatureActionPrefix;
        emit SignerUpdated(_signer, _signatureActionPrefix);
    }

    function checkValidity(
        bytes calldata signature,
        string memory action
    ) public view returns (bool) {
        require(
            ECDSA.recover(
                MessageHashUtils.toEthSignedMessageHash(
                    keccak256(abi.encodePacked(msg.sender, action))
                ),
                signature
            ) == signer,
            "invalid signature"
        );
        require(
            usedSignatures[signature] == false,
            "signature cannot be reused"
        );
        return true;
    }

    function checkValidityWithoutSender(
        bytes calldata signature,
        string memory action
    ) public view returns (bool) {
        require(
            ECDSA.recover(
                MessageHashUtils.toEthSignedMessageHash(
                    keccak256(abi.encodePacked(action))
                ),
                signature
            ) == signer,
            "invalid signature"
        );
        require(
            usedSignatures[signature] == false,
            "signature cannot be reused"
        );
        return true;
    }

    function getChainID() public view returns (uint256) {
        uint256 id;
        assembly {
            id := chainid()
        }
        return id;
    }

    function setClaimableByUser(
        address _vault,
        uint128 _claimable,
        ClaimType _claimType,
        bytes calldata signature
    ) public {
        address requester = _getRequester(_vault);
        require(
            usersClaimData[requester][_claimType].totalClaimable == 0,
            "Claimable already set"
        );
        string memory action = string.concat(
            signatureActionPrefix,
            "-scbu-",
            Strings.toString(_claimable),
            "-",
            Strings.toString(uint256(_claimType)),
            "-",
            Strings.toString(getChainID()),
            "-",
            Strings.toString((uint160(address(this))))
        );
        checkValidity(signature, action);
        usedSignatures[signature] = true;
        usersClaimData[requester][_claimType].totalClaimable = _claimable;
    }

    function setClaimableByUserMultiple(
        address _vault,
        uint128[] calldata _claimables,
        ClaimType[] calldata _claimTypes,
        bytes[] calldata signatures
    ) public {
        require(_claimables.length == _claimTypes.length && _claimables.length == signatures.length, "inconsistant input length");
        for (uint256 i; i < _claimTypes.length; i++) {
            setClaimableByUser(_vault, _claimables[i], _claimTypes[i], signatures[i]);
        }
    }

    function claimAfterSetClaimableByUserMultiple(
        address _vault,
        uint128[] calldata _claimables,
        ClaimType[] calldata _claimTypes,
        bytes[] calldata signatures
    ) external {
        require(_claimables.length == _claimTypes.length && _claimables.length == signatures.length, "inconsistant input length");
        setClaimableByUserMultiple(_vault, _claimables, _claimTypes, signatures);
        claim(_vault, _claimTypes);
    }

    function setNFTClaimablesByUser(
        NFTClaimable[] calldata _nftClaimables,
        bytes[] calldata signatures
    ) external {
        require(_nftClaimables.length == signatures.length, "inconsistant input length");
        for (uint256 i; i < _nftClaimables.length; ) {
            uint256 collectionId = _nftClaimables[i].collectionId;
            uint256 tokenId = _nftClaimables[i].tokenId;
            uint128 airdropAmount = _nftClaimables[i].airdropTotalClaimable;
            uint128 rewardsAmount = _nftClaimables[i].rewardsTotalClaimable;
            bytes calldata signature = signatures[i];
            string memory action = string.concat(
                signatureActionPrefix,
                "-sncbu-",
                Strings.toString(collectionId),
                "-",
                Strings.toString(tokenId),
                "-",
                Strings.toString(airdropAmount),
                "-",
                Strings.toString(rewardsAmount),
                "-",
                Strings.toString(getChainID()),
                "-",
                Strings.toString((uint160(address(this))))
            );

            // console.log(action);
            checkValidityWithoutSender(signature, action);
            usedSignatures[signature] = true;
            unchecked {
                ++i;
            }
        }

        _setNFTClaimables(_nftClaimables);
    }

    // ============ Signer System End ============

    /// @dev Set `totalClaimable` in usersClaimData for claim type(s)
    /// @param _addresses Array of addresses eligible for the claim
    /// @param _claimables Array of amounts of claim token
    /// @param _claimTypes Array of ClaimType
    function setClaimables(
        address[] calldata _addresses,
        uint128[] calldata _claimables,
        ClaimType[] calldata _claimTypes
    ) external onlyOwner {
        uint256 len = _addresses.length;
        if (len != _claimables.length || len != _claimTypes.length)
            revert MismatchedArrays();

        for (uint256 i; i < len; ) {
            usersClaimData[_addresses[i]][_claimTypes[i]]
                .totalClaimable = _claimables[i];
            unchecked {
                ++i;
            }
        }
    }

    /// @dev Set `airdropTotalClaimable` and `rewardsTotalClaimable` in nftUsersClaimData for token ID(s) of respective collection ID
    /// @param _nftClaimables Array of NFTClaimable which consists of collectionId, tokenId and amount of claim token
    function setNFTClaimables(
        NFTClaimable[] calldata _nftClaimables
    ) external onlyOwner {
        _setNFTClaimables(_nftClaimables);
    }

    function _setNFTClaimables(
        NFTClaimable[] calldata _nftClaimables
    ) internal {
        for (uint256 i; i < _nftClaimables.length; ) {
            uint256 collectionId = _nftClaimables[i].collectionId;
            uint256 tokenId = _nftClaimables[i].tokenId;
            uint128 airdropAmount = _nftClaimables[i].airdropTotalClaimable;
            uint128 rewardsAmount = _nftClaimables[i].rewardsTotalClaimable;

            nftUsersClaimData[collectionId][tokenId]
                .airdropTotalClaimable = airdropAmount;
            nftUsersClaimData[collectionId][tokenId]
                .rewardsTotalClaimable = rewardsAmount;
            unchecked {
                ++i;
            }
            emit NFTClaimablesUpdated(collectionId, tokenId);
        }
    }

    /// @dev Add new unlock percentage in Basis Points(BP) for NFT holders to instant claim until _BASIS_POINTS is reached
    /// @param _additionalNFTUnlockedBP Additional unlocked BP, only add up the currentNFTUnlockedBP
    /// @param _newUnlockTimestamp Timestamp for new unlocked BP to take effect
    function addNFTUnlockedBPAndSetUnlockTs(
        uint64 _additionalNFTUnlockedBP,
        uint128 _newUnlockTimestamp
    ) external onlyOwner {
        uint64 currentNFTUnlockedBP_ = currentNFTUnlockedBP;
        uint128 currentNFTUnlockTimestamp_ = currentNFTUnlockTimestamp;
        if (
            _additionalNFTUnlockedBP == 0 ||
            currentNFTUnlockedBP_ + _additionalNFTUnlockedBP > _BASIS_POINTS ||
            _newUnlockTimestamp <= currentNFTUnlockTimestamp_
        ) revert InvalidClaimSetup();
        previousNFTUnlockedBP = currentNFTUnlockedBP_;
        currentNFTUnlockTimestamp = _newUnlockTimestamp;
        currentNFTUnlockedBP += _additionalNFTUnlockedBP;
        emit NFTUnlockedBPAndUnlockTsUpdated(currentNFTUnlockedBP, currentNFTUnlockTimestamp);
    }

    /// @dev Set the unclaimedNFTRewards mapping in order to withdraw unclaimed NFTRewards after they are expired
    /// @param _collectionId Respective collection ID with unclaimed NFTRewards
    /// @param _unclaimTokenIds Array of token IDs with NFTRewards that are left unclaimed
    function setUnclaimedNFTRewards(
        uint256 _collectionId,
        uint128[] calldata _unclaimTokenIds
    ) external onlyValidCollectionId(_collectionId) onlyOwner {
        if (block.timestamp <= claimStartDate + _MAX_NFT_REWARDS_CLAIM_PERIOD)
            revert NFTRewardsNotExpired();

        UnclaimedNFTRewards storage _unclaimedNftRewards = unclaimedNftRewards[
            _collectionId
        ];
        uint256 len = _unclaimTokenIds.length;
        if (len == 0 || _unclaimedNftRewards.lastTokenId > _unclaimTokenIds[0])
            revert InvalidWithdrawalSetup();

        uint128 totalRewardsUnclaimed;
        for (uint256 i; i < len; ) {
            // ensure the next tokenId is bigger than the prev one
            if (i != 0) {
                if (_unclaimTokenIds[i] < _unclaimTokenIds[i - 1])
                    revert InvalidWithdrawalSetup();
            }
            NFTClaimData memory nftUserClaimData = nftUsersClaimData[
                _collectionId
            ][_unclaimTokenIds[i]];
            uint128 rewardsUnclaimed = nftUserClaimData.rewardsTotalClaimable -
                nftUserClaimData.rewardsClaimed;
            if (rewardsUnclaimed > 0) totalRewardsUnclaimed += rewardsUnclaimed;
            unchecked {
                ++i;
            }
        }
        _unclaimedNftRewards.lastTokenId = _unclaimTokenIds[len - 1];
        _unclaimedNftRewards.totalUnclaimed += totalRewardsUnclaimed;
    }

    /// @dev Set `airdropTotalClaimable` in nftUsersClaimData specifically for single token ID of a newly revealed NFT
    /// @param _tokenId Token ID of the newly revealed NFT
    /// @param _additionalAirdropTotalClaimable Additional airdropTotalClaimable, only add up since a base amount will be set for unrevealed NFT
    function setRevealedNFTClaimable(
        uint256 _collectionId,
        uint256 _tokenId,
        uint128 _additionalAirdropTotalClaimable
    ) external onlyOwner {
        nftUsersClaimData[_collectionId][_tokenId]
            .airdropTotalClaimable += _additionalAirdropTotalClaimable;
        emit RevealedNFTClaimableUpdated(_collectionId, _tokenId, nftUsersClaimData[_collectionId][_tokenId].airdropTotalClaimable);
    }

    // ==============
    // Claim Settings
    // ==============

    /// @dev Deposit claim token to contract and start the claim, to be called ONCE only
    /// @param _tokenAmount Amount of claim token to be deposited
    /// @param _claimStartDate Unix timestamp of the claim start date
    function depositClaimTokenAndStartClaim(
        uint256 _tokenAmount,
        uint256 _claimStartDate
    ) external onlyOwner {
        // if (claimTokenDeposited) revert AlreadyDeposited();
        if (address(claimToken) == address(0)) revert ClaimTokenZeroAddress();
        if (_tokenAmount == 0) revert InvalidClaimSetup();
        if (_claimStartDate == 0) revert InvalidClaimSetup();

        claimToken.safeTransferFrom(_msgSender(), address(this), _tokenAmount);
        claimStartDate = _claimStartDate;
        claimActive = true;
        // claimTokenDeposited = true;

        emit ClaimTokenDepositedAndClaimStarted(_tokenAmount, _claimStartDate);
    }

    /// @dev Withdraw claim token from contract only when claim is not open
    /// @param _receiver Address to receive the token
    /// @param _amount Amount of claim token to be withdrawn
    function withdrawClaimToken(
        address _receiver,
        uint256 _amount
    ) external onlyOwner {
        if (address(claimToken) == address(0)) revert ClaimTokenZeroAddress();

        claimToken.safeTransfer(_receiver, _amount);
        emit ClaimTokenWithdrawn(_receiver, _amount);
    }

    /// @dev Withdraw unclaimed NFTRewards after they are expired when _MAX_NFT_REWARDS_CLAIM_PERIOD has passed since claim starts, to be called ONCE only
    /// @param _receiver Address to receive the token
    function withdrawUnclaimedNFTRewards(address _receiver) external onlyOwner {
        if (unclaimedNFTRewardsWithdrawn) revert AlreadyWithdrawn();
        if (block.timestamp <= claimStartDate + _MAX_NFT_REWARDS_CLAIM_PERIOD)
            revert NFTRewardsNotExpired();
        if (_receiver == address(0)) revert InvalidWithdrawalSetup();

        uint256 totalWithdrawn;
        for (uint256 i; i < nftCollections.length; ) {
            UnclaimedNFTRewards
                storage _unclaimedNftRewards = unclaimedNftRewards[i];

            uint128 unclaimed = _unclaimedNftRewards.totalUnclaimed;
            if (unclaimed > 0) {
                claimToken.safeTransfer(_receiver, unclaimed);
                totalWithdrawn += unclaimed;
            }
            unchecked {
                ++i;
            }
        }
        unclaimedNFTRewardsWithdrawn = true;

        emit UnclaimedNFTRewardsWithdrawn(totalWithdrawn, block.timestamp);
    }

    /// @dev Set claim schedule(s) for claim type(s)
    /// @param _claimTypes Array of ClaimType
    /// @param _claimSchedules Array of ClaimSchedule for each claim type
    function setClaimSchedules(
        ClaimType[] calldata _claimTypes,
        ClaimSchedule[] calldata _claimSchedules
    ) external onlyOwner onlyClaimNotOpen {
        uint256 len = _claimSchedules.length;
        if (_claimTypes.length != len) revert MismatchedArrays();
        for (uint256 i; i < len; ) {
            require(_claimSchedules[i].startCycle < _claimSchedules[i].lockUpBPs.length, "Start cycle should be smaller than lockUpBPs.length");
            uint256[] memory lockUpBPs = _claimSchedules[i].lockUpBPs;
            for (uint256 j; j < lockUpBPs.length; ) {
                if (lockUpBPs[j] > _BASIS_POINTS) revert InvalidClaimSetup();
                // ensure the accumulated lockupBP is bigger than the prev one
                if (j != 0) {
                    if (lockUpBPs[j] <= lockUpBPs[j - 1])
                        revert InvalidClaimSetup();
                }
                unchecked {
                    ++j;
                }
            }
            claimScheduleOf[_claimTypes[i]] = _claimSchedules[i];
            unchecked {
                ++i;
            }
        }
        emit ClaimSchedulesUpdated();
    }

    /// @dev Start/stop the claim
    /// @param _claimActive New boolean to indicate active or not
    function setClaimActive(bool _claimActive) external onlyOwner {
        claimActive = _claimActive;

        emit ClaimStatusUpdated(_claimActive);
    }

    /// @dev Set the new claim start date, allow flexibility on setting as past date to unlock claim earlier
    /// @param _claimStartDate New date to start the claim
    function setClaimStartDate(uint256 _claimStartDate) external onlyOwner {
        claimStartDate = _claimStartDate;
        emit ClaimStartDateUpdated(_claimStartDate);
    }

    /// @dev Set the new MultiClaim contract address
    /// @param _multiClaim New MultiClaim contract address
    function setMultiClaimAddress(address _multiClaim) external onlyOwner {
        multiClaim = _multiClaim;
        emit MultiClaimAddressUpdated(_multiClaim);
    }

    /// @dev Set the new UUPS proxy upgrader, allow setting address(0) to disable upgradeability
    /// @param _upgrader New upgrader
    function setUpgrader(address _upgrader) external onlyOwner {
        if (upgraderRenounced) revert UpgraderRenounced();
        upgrader = _upgrader;

        emit UpgraderUpdated(_upgrader);
    }

    // /// @notice Renounce the upgradibility of this contract
    function renounceUpgrader() external onlyOwner {
        if (upgraderRenounced) revert UpgraderRenounced();

        upgraderRenounced = true;
        upgrader = address(0);

        emit UpgraderUpdated(address(0));
    }

    // =======
    // Getters
    // =======

    /// @notice Get claim info of a user after claim starts
    /// @param _user Address of user
    /// @return claimableAmount Amount of claimable tokens for a user
    /// @return claimableExpiry Timestamp of the claim expiry date for the respective _claimType
    function getClaimInfo(
        address _user,
        ClaimType _claimType
    )
        public
        view
        onlyValidClaimSetup
        returns (uint128 claimableAmount, uint256 claimableExpiry)
    {
        uint256 numOfLockUpBPs = claimScheduleOf[_claimType].lockUpBPs.length;

        claimableAmount = _calculateClaimable(
            usersClaimData[_user][_claimType],
            _claimType
        );
        claimableExpiry = _claimType == ClaimType.WalletRewards
            ? claimStartDate + _MAX_CLAIM_PERIOD
            : claimStartDate +
                _LOCK_UP_SLOT *
                numOfLockUpBPs *
                1 days +
                _MAX_CLAIM_PERIOD;
    }

    /// @notice Get claim info of one eligible NFT after claiming starts
    /// @param _collectionId Address of the eligible NFT
    /// @param _tokenId Token ID that the owner owns
    /// @return claimableAmount Amount of claimable tokens for the NFT
    /// @return claimableExpiry Timestamp of the claim expiry date for NFT airdrop
    function getClaimInfoByNFT(
        uint256 _collectionId,
        uint256 _tokenId
    )
        public
        view
        onlyValidClaimSetup
        onlyValidCollectionId(_collectionId)
        returns (uint128 claimableAmount, uint256 claimableExpiry)
    {
        NFTClaimData memory nftUserClaimData = nftUsersClaimData[_collectionId][
            _tokenId
        ];

        claimableAmount = _calculateNFTClaimable(nftUserClaimData);
        claimableExpiry = currentNFTUnlockedBP == _BASIS_POINTS
            ? currentNFTUnlockTimestamp + _MAX_NFT_REWARDS_CLAIM_PERIOD
            : 0;
    }

    /// @notice Get rewards claim info of one eligible NFT after claiming starts
    /// @param _collectionId Address of the eligible NFT
    /// @param _tokenId Token ID that the owner owns
    /// @return claimableAmount Amount of claimable tokens for the NFT
    /// @return claimableExpiry Timestamp of the claim expiry date for NFT rewards
    function getRewardsClaimInfoByNFT(
        uint256 _collectionId,
        uint256 _tokenId
    )
        public
        view
        onlyValidClaimSetup
        onlyValidCollectionId(_collectionId)
        returns (uint128 claimableAmount, uint256 claimableExpiry)
    {
        NFTClaimData memory nftUserClaimData = nftUsersClaimData[_collectionId][
            _tokenId
        ];

        claimableAmount = _calculateNFTRewardsClaimable(nftUserClaimData);
        claimableExpiry = claimStartDate + _MAX_NFT_REWARDS_CLAIM_PERIOD;
    }

    /// @notice Get total amounts of claimable tokens of multiple tokenIds in one eligible collection after claiming starts
    /// @param _collectionId ID of NFT collection
    /// @param _tokenIds Array of all token IDs the owner owns in that collection
    function getTotalClaimableAmountsByNFTs(
        uint256 _collectionId,
        uint256[] calldata _tokenIds
    ) public view returns (uint128 totalClaimable) {
        for (uint256 i; i < _tokenIds.length; i++) {
            (uint128 claimable, ) = getClaimInfoByNFT(
                _collectionId,
                _tokenIds[i]
            );
            if (claimable == 0) continue;

            totalClaimable += claimable;
        }
    }

    /// @notice Get user claim data of multiple tokenIds in multiple eligible collections
    /// @param _nftCollectionsInfo Array of NFTCollectionInfo with collectionId and tokenId(s)
    /// @return collectionClaimInfo Array of CollectionClaimData that includes claim data for each tokenId of respective collection
    function getUserClaimDataByCollections(
        NFTCollectionInfo[] calldata _nftCollectionsInfo
    ) public view returns (CollectionClaimData[] memory collectionClaimInfo) {
        uint256 numOfTokenIds;
        uint256 len = _nftCollectionsInfo.length;
        for (uint256 i = 0; i < len; i++) {
            numOfTokenIds += _nftCollectionsInfo[i].tokenIds.length;
        }
        collectionClaimInfo = new CollectionClaimData[](numOfTokenIds);
        uint256 activeId = 0;
        for (uint256 i; i < len; i++) {
            uint256 collectionId = _nftCollectionsInfo[i].collectionId;
            uint256[] memory tokenIds = _nftCollectionsInfo[i].tokenIds;
            for (uint256 j; j < tokenIds.length; j++) {
                (
                    uint128 airdropClaimable,
                    uint256 airdropClaimableExpiry
                ) = getClaimInfoByNFT(collectionId, tokenIds[j]);
                (
                    uint128 rewardsClaimable,
                    uint256 rewardClaimableExpiry
                ) = getRewardsClaimInfoByNFT(collectionId, tokenIds[j]);
                collectionClaimInfo[activeId++] = CollectionClaimData(
                    collectionId,
                    tokenIds[j],
                    airdropClaimable,
                    airdropClaimableExpiry,
                    nftUsersClaimData[collectionId][tokenIds[j]]
                        .airdropTotalClaimable,
                    nftUsersClaimData[collectionId][tokenIds[j]].airdropClaimed,
                    rewardsClaimable,
                    rewardClaimableExpiry,
                    nftUsersClaimData[collectionId][tokenIds[j]]
                        .rewardsTotalClaimable,
                    nftUsersClaimData[collectionId][tokenIds[j]].rewardsClaimed
                );
            }
        }
    }

    /// @notice Get the claim schedule of a certain claim type
    function getClaimSchedule(
        ClaimType _claimType
    ) public view returns (ClaimSchedule memory) {
        return claimScheduleOf[_claimType];
    }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

error ClaimNotAvailable();
error ClaimNotClosed();
error NFTRewardsNotExpired();
error UpgraderRenounced();
error ClaimTokenZeroAddress();
error AlreadyDeposited();
error AlreadyWithdrawn();
error InvalidClaimSetup();
error InvalidWithdrawalSetup();
error InvalidCollectionId();
error InvalidDelegate();
error NoClaimableToken();
error MismatchedArrays();
error Unauthorized();
error Uint128Overflow();

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

enum ClaimType {
    WalletRewards,
    SeedPresale,
    CommunityPresale,
    PrivatePresale,
    Ecosystem,
    Contributors
}

struct ClaimData {
    uint128 totalClaimable;
    uint128 claimed;
}

struct NFTClaimData {
    uint128 airdropTotalClaimable;
    uint128 rewardsTotalClaimable;
    uint128 airdropClaimed;
    uint128 rewardsClaimed;
}

struct ClaimSchedule {
    uint256 startCycle;
    uint256[] lockUpBPs;
}

struct NFTClaimable {
    uint256 collectionId;
    uint256 tokenId;
    uint128 airdropTotalClaimable;
    uint128 rewardsTotalClaimable;
}

struct NFTCollectionInfo {
    uint256 collectionId;
    uint256[] tokenIds;
}

struct NFTCollectionClaimRequest {
    uint256 collectionId;
    uint256[] tokenIds;
    bool[] withNFTAirdropList;
    bool[] withNFTRewardsList;
}

struct CollectionClaimData {
    uint256 collectionId;
    uint256 tokenId;
    uint128 airdropClaimable;
    uint256 airdropClaimableExpiry;
    uint128 airdropTotalClaimable;
    uint128 airdropClaimed;
    uint128 rewardsClaimable;
    uint256 rewardsClaimableExpiry;
    uint128 rewardsTotalClaimable;
    uint128 rewardsClaimed;
}

struct UnclaimedNFTRewards {
    uint128 lastTokenId;
    uint128 totalUnclaimed;
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "../lib/Errors.sol";
import "../lib/Structs.sol";

interface IWellClaim {
    event UserClaimed(address indexed user, uint128 amount, uint256 claimedAt);
    event ClaimedInNFTs(
        address indexed owner,
        uint128 amount,
        uint256 claimedAt
    );
    event ClaimStatusUpdated(bool claimActive);
    event UpgraderUpdated(address newUpgrader);
    event UnclaimedNFTRewardsWithdrawn(
        uint256 totalWithdrawn,
        uint256 withdrawnAt
    );
    event ClaimTokenDepositedAndClaimStarted(
        uint256 tokenAmount,
        uint256 claimStartDate
    );
    event SignerUpdated(address newSigner, string newsignatureActionPrefix);
    event ClaimSchedulesUpdated();
    event ClaimStartDateUpdated(uint256 claimStartDate);
    event MultiClaimAddressUpdated(address newAddress);
    event RevealedNFTClaimableUpdated(
        uint256 collectionId,
        uint256 tokenId,
        uint128 newAirdropTotalClaimable
    );
    event NFTClaimablesUpdated(
        uint256 collectionId,
        uint256 tokenId
    );
    event NFTUnlockedBPAndUnlockTsUpdated(
        uint64 additionalNFTUnlockedBP,
        uint128 newUnlockTimestamp
    );
    event ClaimTokenWithdrawn(
        address receiver,
        uint256 amount
    );

    function claim(address _vault, ClaimType[] calldata _claimTypes) external;
    function claimInNFTs(
        address _vault,
        NFTCollectionClaimRequest[] calldata _nftCollectionClaimRequests,
        bool _withWalletRewards
    ) external;

    function claimFromMulti(
        address _requester,
        ClaimType[] calldata _claimTypes
    ) external;
    function claimInNFTsFromMulti(
        address _requester,
        NFTCollectionClaimRequest[] calldata _nftCollectionClaimRequests,
        bool _withWalletRewards
    ) external;

    function setClaimables(
        address[] calldata _addresses,
        uint128[] calldata _claimables,
        ClaimType[] calldata _claimTypes
    ) external;
    function setNFTClaimables(NFTClaimable[] calldata _nftClaimables) external;
    function addNFTUnlockedBPAndSetUnlockTs(
        uint64 _additionalNFTUnlockedBP,
        uint128 _newUnlockedBPEffectiveTs
    ) external;
    function setUnclaimedNFTRewards(
        uint256 _collectionId,
        uint128[] calldata _unclaimTokenIds
    ) external;
    function setRevealedNFTClaimable(
        uint256 _collectionId,
        uint256 _tokenId,
        uint128 _additionalAirdropTotalClaimable
    ) external;

    function depositClaimTokenAndStartClaim(
        uint256 _tokenAmount,
        uint256 _claimStartDate
    ) external;
    function withdrawClaimToken(address _receiver, uint256 _amount) external;
    function withdrawUnclaimedNFTRewards(address _receiver) external;

    function setClaimSchedules(
        ClaimType[] calldata _claimTypes,
        ClaimSchedule[] calldata _claimSchedules
    ) external;
    function setClaimActive(bool _claimActive) external;
    function setClaimStartDate(uint256 _claimStartDate) external;

    function setMultiClaimAddress(address _multiClaim) external;

    function getClaimInfo(
        address _user,
        ClaimType _claimType
    ) external returns (uint128 claimableAmount, uint256 claimableExpiry);
    function getClaimInfoByNFT(
        uint256 _collectionId,
        uint256 _tokenId
    ) external returns (uint128 claimableAmount, uint256 claimableExpiry);
    function getRewardsClaimInfoByNFT(
        uint256 _collectionId,
        uint256 _tokenId
    ) external returns (uint128 claimableAmount, uint256 claimableExpiry);
    function getTotalClaimableAmountsByNFTs(
        uint256 _collectionId,
        uint256[] calldata _tokenIds
    ) external returns (uint128 totalClaimable);
    function getUserClaimDataByCollections(
        NFTCollectionInfo[] calldata _nftCollectionInfo
    ) external returns (CollectionClaimData[] memory collectionClaimInfo);
    function getClaimSchedule(
        ClaimType _claimType
    ) external returns (ClaimSchedule memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)

pragma solidity ^0.8.20;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev The ETH balance of the account is not enough to perform the operation.
     */
    error AddressInsufficientBalance(address account);

    /**
     * @dev There's no code at `target` (it is not a contract).
     */
    error AddressEmptyCode(address target);

    /**
     * @dev A call to an address target failed. The target may have reverted.
     */
    error FailedInnerCall();

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        if (address(this).balance < amount) {
            revert AddressInsufficientBalance(address(this));
        }

        (bool success, ) = recipient.call{value: amount}("");
        if (!success) {
            revert FailedInnerCall();
        }
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason or custom error, it is bubbled
     * up by this function (like regular Solidity function calls). However, if
     * the call reverted with no returned reason, this function reverts with a
     * {FailedInnerCall} error.
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        if (address(this).balance < value) {
            revert AddressInsufficientBalance(address(this));
        }
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
     * was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
     * unsuccessful call.
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata
    ) internal view returns (bytes memory) {
        if (!success) {
            _revert(returndata);
        } else {
            // only check if target is a contract if the call was successful and the return data is empty
            // otherwise we already know that it was a contract
            if (returndata.length == 0 && target.code.length == 0) {
                revert AddressEmptyCode(target);
            }
            return returndata;
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
     * revert reason or with a default {FailedInnerCall} error.
     */
    function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
        if (!success) {
            _revert(returndata);
        } else {
            return returndata;
        }
    }

    /**
     * @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
     */
    function _revert(bytes memory returndata) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert FailedInnerCall();
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)

pragma solidity ^0.8.20;

import {Math} from "./math/Math.sol";
import {SignedMath} from "./math/SignedMath.sol";

/**
 * @dev String operations.
 */
library Strings {
    bytes16 private constant HEX_DIGITS = "0123456789abcdef";
    uint8 private constant ADDRESS_LENGTH = 20;

    /**
     * @dev The `value` string doesn't fit in the specified `length`.
     */
    error StringsInsufficientHexLength(uint256 value, uint256 length);

    /**
     * @dev Converts a `uint256` to its ASCII `string` decimal representation.
     */
    function toString(uint256 value) internal pure returns (string memory) {
        unchecked {
            uint256 length = Math.log10(value) + 1;
            string memory buffer = new string(length);
            uint256 ptr;
            /// @solidity memory-safe-assembly
            assembly {
                ptr := add(buffer, add(32, length))
            }
            while (true) {
                ptr--;
                /// @solidity memory-safe-assembly
                assembly {
                    mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
                }
                value /= 10;
                if (value == 0) break;
            }
            return buffer;
        }
    }

    /**
     * @dev Converts a `int256` to its ASCII `string` decimal representation.
     */
    function toStringSigned(int256 value) internal pure returns (string memory) {
        return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
     */
    function toHexString(uint256 value) internal pure returns (string memory) {
        unchecked {
            return toHexString(value, Math.log256(value) + 1);
        }
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
     */
    function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
        uint256 localValue = value;
        bytes memory buffer = new bytes(2 * length + 2);
        buffer[0] = "0";
        buffer[1] = "x";
        for (uint256 i = 2 * length + 1; i > 1; --i) {
            buffer[i] = HEX_DIGITS[localValue & 0xf];
            localValue >>= 4;
        }
        if (localValue != 0) {
            revert StringsInsufficientHexLength(value, length);
        }
        return string(buffer);
    }

    /**
     * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
     * representation.
     */
    function toHexString(address addr) internal pure returns (string memory) {
        return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
    }

    /**
     * @dev Returns true if the two strings are equal.
     */
    function equal(string memory a, string memory b) internal pure returns (bool) {
        return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
    }
}

// SPDX-License-Identifier: CC0-1.0
pragma solidity >=0.8.13;

/**
 * @title IDelegateRegistry
 * @custom:version 2.0
 * @custom:author foobar (0xfoobar)
 * @notice A standalone immutable registry storing delegated permissions from one address to another
 */
interface IDelegateRegistry {
    /// @notice Delegation type, NONE is used when a delegation does not exist or is revoked
    enum DelegationType {
        NONE,
        ALL,
        CONTRACT,
        ERC721,
        ERC20,
        ERC1155
    }

    /// @notice Struct for returning delegations
    struct Delegation {
        DelegationType type_;
        address to;
        address from;
        bytes32 rights;
        address contract_;
        uint256 tokenId;
        uint256 amount;
    }

    /// @notice Emitted when an address delegates or revokes rights for their entire wallet
    event DelegateAll(address indexed from, address indexed to, bytes32 rights, bool enable);

    /// @notice Emitted when an address delegates or revokes rights for a contract address
    event DelegateContract(
        address indexed from, address indexed to, address indexed contract_, bytes32 rights, bool enable
    );

    /// @notice Emitted when an address delegates or revokes rights for an ERC721 tokenId
    event DelegateERC721(
        address indexed from,
        address indexed to,
        address indexed contract_,
        uint256 tokenId,
        bytes32 rights,
        bool enable
    );

    /// @notice Emitted when an address delegates or revokes rights for an amount of ERC20 tokens
    event DelegateERC20(
        address indexed from, address indexed to, address indexed contract_, bytes32 rights, uint256 amount
    );

    /// @notice Emitted when an address delegates or revokes rights for an amount of an ERC1155 tokenId
    event DelegateERC1155(
        address indexed from,
        address indexed to,
        address indexed contract_,
        uint256 tokenId,
        bytes32 rights,
        uint256 amount
    );

    /// @notice Thrown if multicall calldata is malformed
    error MulticallFailed();

    /**
     * -----------  WRITE -----------
     */

    /**
     * @notice Call multiple functions in the current contract and return the data from all of them if they all succeed
     * @param data The encoded function data for each of the calls to make to this contract
     * @return results The results from each of the calls passed in via data
     */
    function multicall(bytes[] calldata data) external payable returns (bytes[] memory results);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for all contracts
     * @param to The address to act as delegate
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param enable Whether to enable or disable this delegation, true delegates and false revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateAll(address to, bytes32 rights, bool enable) external payable returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific contract
     * @param to The address to act as delegate
     * @param contract_ The contract whose rights are being delegated
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param enable Whether to enable or disable this delegation, true delegates and false revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateContract(address to, address contract_, bytes32 rights, bool enable)
        external
        payable
        returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific ERC721 token
     * @param to The address to act as delegate
     * @param contract_ The contract whose rights are being delegated
     * @param tokenId The token id to delegate
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param enable Whether to enable or disable this delegation, true delegates and false revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateERC721(address to, address contract_, uint256 tokenId, bytes32 rights, bool enable)
        external
        payable
        returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific amount of ERC20 tokens
     * @dev The actual amount is not encoded in the hash, just the existence of a amount (since it is an upper bound)
     * @param to The address to act as delegate
     * @param contract_ The address for the fungible token contract
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param amount The amount to delegate, > 0 delegates and 0 revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateERC20(address to, address contract_, bytes32 rights, uint256 amount)
        external
        payable
        returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific amount of ERC1155 tokens
     * @dev The actual amount is not encoded in the hash, just the existence of a amount (since it is an upper bound)
     * @param to The address to act as delegate
     * @param contract_ The address of the contract that holds the token
     * @param tokenId The token id to delegate
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param amount The amount of that token id to delegate, > 0 delegates and 0 revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateERC1155(address to, address contract_, uint256 tokenId, bytes32 rights, uint256 amount)
        external
        payable
        returns (bytes32 delegationHash);

    /**
     * ----------- CHECKS -----------
     */

    /**
     * @notice Check if `to` is a delegate of `from` for the entire wallet
     * @param to The potential delegate address
     * @param from The potential address who delegated rights
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return valid Whether delegate is granted to act on the from's behalf
     */
    function checkDelegateForAll(address to, address from, bytes32 rights) external view returns (bool);

    /**
     * @notice Check if `to` is a delegate of `from` for the specified `contract_` or the entire wallet
     * @param to The delegated address to check
     * @param contract_ The specific contract address being checked
     * @param from The cold wallet who issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return valid Whether delegate is granted to act on from's behalf for entire wallet or that specific contract
     */
    function checkDelegateForContract(address to, address from, address contract_, bytes32 rights)
        external
        view
        returns (bool);

    /**
     * @notice Check if `to` is a delegate of `from` for the specific `contract` and `tokenId`, the entire `contract_`, or the entire wallet
     * @param to The delegated address to check
     * @param contract_ The specific contract address being checked
     * @param tokenId The token id for the token to delegating
     * @param from The wallet that issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return valid Whether delegate is granted to act on from's behalf for entire wallet, that contract, or that specific tokenId
     */
    function checkDelegateForERC721(address to, address from, address contract_, uint256 tokenId, bytes32 rights)
        external
        view
        returns (bool);

    /**
     * @notice Returns the amount of ERC20 tokens the delegate is granted rights to act on the behalf of
     * @param to The delegated address to check
     * @param contract_ The address of the token contract
     * @param from The cold wallet who issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return balance The delegated balance, which will be 0 if the delegation does not exist
     */
    function checkDelegateForERC20(address to, address from, address contract_, bytes32 rights)
        external
        view
        returns (uint256);

    /**
     * @notice Returns the amount of a ERC1155 tokens the delegate is granted rights to act on the behalf of
     * @param to The delegated address to check
     * @param contract_ The address of the token contract
     * @param tokenId The token id to check the delegated amount of
     * @param from The cold wallet who issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return balance The delegated balance, which will be 0 if the delegation does not exist
     */
    function checkDelegateForERC1155(address to, address from, address contract_, uint256 tokenId, bytes32 rights)
        external
        view
        returns (uint256);

    /**
     * ----------- ENUMERATIONS -----------
     */

    /**
     * @notice Returns all enabled delegations a given delegate has received
     * @param to The address to retrieve delegations for
     * @return delegations Array of Delegation structs
     */
    function getIncomingDelegations(address to) external view returns (Delegation[] memory delegations);

    /**
     * @notice Returns all enabled delegations an address has given out
     * @param from The address to retrieve delegations for
     * @return delegations Array of Delegation structs
     */
    function getOutgoingDelegations(address from) external view returns (Delegation[] memory delegations);

    /**
     * @notice Returns all hashes associated with enabled delegations an address has received
     * @param to The address to retrieve incoming delegation hashes for
     * @return delegationHashes Array of delegation hashes
     */
    function getIncomingDelegationHashes(address to) external view returns (bytes32[] memory delegationHashes);

    /**
     * @notice Returns all hashes associated with enabled delegations an address has given out
     * @param from The address to retrieve outgoing delegation hashes for
     * @return delegationHashes Array of delegation hashes
     */
    function getOutgoingDelegationHashes(address from) external view returns (bytes32[] memory delegationHashes);

    /**
     * @notice Returns the delegations for a given array of delegation hashes
     * @param delegationHashes is an array of hashes that correspond to delegations
     * @return delegations Array of Delegation structs, return empty structs for nonexistent or revoked delegations
     */
    function getDelegationsFromHashes(bytes32[] calldata delegationHashes)
        external
        view
        returns (Delegation[] memory delegations);

    /**
     * ----------- STORAGE ACCESS -----------
     */

    /**
     * @notice Allows external contracts to read arbitrary storage slots
     */
    function readSlot(bytes32 location) external view returns (bytes32);

    /**
     * @notice Allows external contracts to read an arbitrary array of storage slots
     */
    function readSlots(bytes32[] calldata locations) external view returns (bytes32[] memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    /**
     * @dev Muldiv operation overflow.
     */
    error MathOverflowedMulDiv();

    enum Rounding {
        Floor, // Toward negative infinity
        Ceil, // Toward positive infinity
        Trunc, // Toward zero
        Expand // Away from zero
    }

    /**
     * @dev Returns the addition of two unsigned integers, with an overflow flag.
     */
    function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            uint256 c = a + b;
            if (c < a) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
     */
    function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b > a) return (false, 0);
            return (true, a - b);
        }
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
     */
    function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
            // benefit is lost if 'b' is also tested.
            // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
            if (a == 0) return (true, 0);
            uint256 c = a * b;
            if (c / a != b) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the division of two unsigned integers, with a division by zero flag.
     */
    function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a / b);
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
     */
    function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a % b);
        }
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds towards infinity instead
     * of rounding towards zero.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        if (b == 0) {
            // Guarantee the same behavior as in a regular Solidity division.
            return a / b;
        }

        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
     * denominator == 0.
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
     * Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0 = x * y; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            if (denominator <= prod1) {
                revert MathOverflowedMulDiv();
            }

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
            // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.

            uint256 twos = denominator & (0 - denominator);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
            // works in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
     * towards zero.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
        }
    }

    /**
     * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
     */
    function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
        return uint8(rounding) % 2 == 1;
    }
}

// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.17;

/**
 * @title An immutable registry contract to be deployed as a standalone primitive
 * @dev See EIP-5639, new project launches can read previous cold wallet -> hot wallet delegations
 * from here and integrate those permissions into their flow
 */
interface IDelegationRegistry {
    /// @notice Delegation type
    enum DelegationType {
        NONE,
        ALL,
        CONTRACT,
        TOKEN
    }

    /// @notice Info about a single delegation, used for onchain enumeration
    struct DelegationInfo {
        DelegationType type_;
        address vault;
        address delegate;
        address contract_;
        uint256 tokenId;
    }

    /// @notice Info about a single contract-level delegation
    struct ContractDelegation {
        address contract_;
        address delegate;
    }

    /// @notice Info about a single token-level delegation
    struct TokenDelegation {
        address contract_;
        uint256 tokenId;
        address delegate;
    }

    /// @notice Emitted when a user delegates their entire wallet
    event DelegateForAll(address vault, address delegate, bool value);

    /// @notice Emitted when a user delegates a specific contract
    event DelegateForContract(address vault, address delegate, address contract_, bool value);

    /// @notice Emitted when a user delegates a specific token
    event DelegateForToken(address vault, address delegate, address contract_, uint256 tokenId, bool value);

    /// @notice Emitted when a user revokes all delegations
    event RevokeAllDelegates(address vault);

    /// @notice Emitted when a user revoes all delegations for a given delegate
    event RevokeDelegate(address vault, address delegate);

    /**
     * -----------  WRITE -----------
     */

    /**
     * @notice Allow the delegate to act on your behalf for all contracts
     * @param delegate The hotwallet to act on your behalf
     * @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
     */
    function delegateForAll(address delegate, bool value) external;

    /**
     * @notice Allow the delegate to act on your behalf for a specific contract
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
     */
    function delegateForContract(address delegate, address contract_, bool value) external;

    /**
     * @notice Allow the delegate to act on your behalf for a specific token
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param tokenId The token id for the token you're delegating
     * @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
     */
    function delegateForToken(address delegate, address contract_, uint256 tokenId, bool value) external;

    /**
     * @notice Revoke all delegates
     */
    function revokeAllDelegates() external;

    /**
     * @notice Revoke a specific delegate for all their permissions
     * @param delegate The hotwallet to revoke
     */
    function revokeDelegate(address delegate) external;

    /**
     * @notice Remove yourself as a delegate for a specific vault
     * @param vault The vault which delegated to the msg.sender, and should be removed
     */
    function revokeSelf(address vault) external;

    /**
     * -----------  READ -----------
     */

    /**
     * @notice Returns all active delegations a given delegate is able to claim on behalf of
     * @param delegate The delegate that you would like to retrieve delegations for
     * @return info Array of DelegationInfo structs
     */
    function getDelegationsByDelegate(address delegate) external view returns (DelegationInfo[] memory);

    /**
     * @notice Returns an array of wallet-level delegates for a given vault
     * @param vault The cold wallet who issued the delegation
     * @return addresses Array of wallet-level delegates for a given vault
     */
    function getDelegatesForAll(address vault) external view returns (address[] memory);

    /**
     * @notice Returns an array of contract-level delegates for a given vault and contract
     * @param vault The cold wallet who issued the delegation
     * @param contract_ The address for the contract you're delegating
     * @return addresses Array of contract-level delegates for a given vault and contract
     */
    function getDelegatesForContract(address vault, address contract_) external view returns (address[] memory);

    /**
     * @notice Returns an array of contract-level delegates for a given vault's token
     * @param vault The cold wallet who issued the delegation
     * @param contract_ The address for the contract holding the token
     * @param tokenId The token id for the token you're delegating
     * @return addresses Array of contract-level delegates for a given vault's token
     */
    function getDelegatesForToken(address vault, address contract_, uint256 tokenId)
        external
        view
        returns (address[] memory);

    /**
     * @notice Returns all contract-level delegations for a given vault
     * @param vault The cold wallet who issued the delegations
     * @return delegations Array of ContractDelegation structs
     */
    function getContractLevelDelegations(address vault)
        external
        view
        returns (ContractDelegation[] memory delegations);

    /**
     * @notice Returns all token-level delegations for a given vault
     * @param vault The cold wallet who issued the delegations
     * @return delegations Array of TokenDelegation structs
     */
    function getTokenLevelDelegations(address vault) external view returns (TokenDelegation[] memory delegations);

    /**
     * @notice Returns true if the address is delegated to act on the entire vault
     * @param delegate The hotwallet to act on your behalf
     * @param vault The cold wallet who issued the delegation
     */
    function checkDelegateForAll(address delegate, address vault) external view returns (bool);

    /**
     * @notice Returns true if the address is delegated to act on your behalf for a token contract or an entire vault
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param vault The cold wallet who issued the delegation
     */
    function checkDelegateForContract(address delegate, address vault, address contract_)
        external
        view
        returns (bool);

    /**
     * @notice Returns true if the address is delegated to act on your behalf for a specific token, the token's contract or an entire vault
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param tokenId The token id for the token you're delegating
     * @param vault The cold wallet who issued the delegation
     */
    function checkDelegateForToken(address delegate, address vault, address contract_, uint256 tokenId)
        external
        view
        returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.

pragma solidity ^0.8.20;

/**
 * @dev Library for reading and writing primitive types to specific storage slots.
 *
 * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
 * This library helps with reading and writing to such slots without the need for inline assembly.
 *
 * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
 *
 * Example usage to set ERC1967 implementation slot:
 * ```solidity
 * contract ERC1967 {
 *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
 *
 *     function _getImplementation() internal view returns (address) {
 *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
 *     }
 *
 *     function _setImplementation(address newImplementation) internal {
 *         require(newImplementation.code.length > 0);
 *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
 *     }
 * }
 * ```
 */
library StorageSlot {
    struct AddressSlot {
        address value;
    }

    struct BooleanSlot {
        bool value;
    }

    struct Bytes32Slot {
        bytes32 value;
    }

    struct Uint256Slot {
        uint256 value;
    }

    struct StringSlot {
        string value;
    }

    struct BytesSlot {
        bytes value;
    }

    /**
     * @dev Returns an `AddressSlot` with member `value` located at `slot`.
     */
    function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `BooleanSlot` with member `value` located at `slot`.
     */
    function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
     */
    function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `Uint256Slot` with member `value` located at `slot`.
     */
    function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `StringSlot` with member `value` located at `slot`.
     */
    function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
     */
    function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := store.slot
        }
    }

    /**
     * @dev Returns an `BytesSlot` with member `value` located at `slot`.
     */
    function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
     */
    function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
        /// @solidity memory-safe-assembly
        assembly {
            r.slot := store.slot
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the value of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the value of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves a `value` amount of tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 value) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
     * caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 value) external returns (bool);

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to` using the
     * allowance mechanism. `value` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 value) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)

pragma solidity ^0.8.20;

/**
 * @dev This is the interface that {BeaconProxy} expects of its beacon.
 */
interface IBeacon {
    /**
     * @dev Must return an address that can be used as a delegate call target.
     *
     * {UpgradeableBeacon} will check that this address is a contract.
     */
    function implementation() external view returns (address);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721.sol)

pragma solidity ^0.8.20;

import {IERC165} from "../../utils/introspection/IERC165.sol";

/**
 * @dev Required interface of an ERC721 compliant contract.
 */
interface IERC721 is IERC165 {
    /**
     * @dev Emitted when `tokenId` token is transferred from `from` to `to`.
     */
    event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);

    /**
     * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
     */
    event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);

    /**
     * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
     */
    event ApprovalForAll(address indexed owner, address indexed operator, bool approved);

    /**
     * @dev Returns the number of tokens in ``owner``'s account.
     */
    function balanceOf(address owner) external view returns (uint256 balance);

    /**
     * @dev Returns the owner of the `tokenId` token.
     *
     * Requirements:
     *
     * - `tokenId` must exist.
     */
    function ownerOf(uint256 tokenId) external view returns (address owner);

    /**
     * @dev Safely transfers `tokenId` token from `from` to `to`.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `tokenId` token must exist and be owned by `from`.
     * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
     * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
     *   a safe transfer.
     *
     * Emits a {Transfer} event.
     */
    function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;

    /**
     * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
     * are aware of the ERC721 protocol to prevent tokens from being forever locked.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `tokenId` token must exist and be owned by `from`.
     * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or
     *   {setApprovalForAll}.
     * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
     *   a safe transfer.
     *
     * Emits a {Transfer} event.
     */
    function safeTransferFrom(address from, address to, uint256 tokenId) external;

    /**
     * @dev Transfers `tokenId` token from `from` to `to`.
     *
     * WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
     * or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
     * understand this adds an external call which potentially creates a reentrancy vulnerability.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `tokenId` token must be owned by `from`.
     * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 tokenId) external;

    /**
     * @dev Gives permission to `to` to transfer `tokenId` token to another account.
     * The approval is cleared when the token is transferred.
     *
     * Only a single account can be approved at a time, so approving the zero address clears previous approvals.
     *
     * Requirements:
     *
     * - The caller must own the token or be an approved operator.
     * - `tokenId` must exist.
     *
     * Emits an {Approval} event.
     */
    function approve(address to, uint256 tokenId) external;

    /**
     * @dev Approve or remove `operator` as an operator for the caller.
     * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
     *
     * Requirements:
     *
     * - The `operator` cannot be the address zero.
     *
     * Emits an {ApprovalForAll} event.
     */
    function setApprovalForAll(address operator, bool approved) external;

    /**
     * @dev Returns the account approved for `tokenId` token.
     *
     * Requirements:
     *
     * - `tokenId` must exist.
     */
    function getApproved(uint256 tokenId) external view returns (address operator);

    /**
     * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
     *
     * See {setApprovalForAll}
     */
    function isApprovedForAll(address owner, address operator) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard signed math utilities missing in the Solidity language.
 */
library SignedMath {
    /**
     * @dev Returns the largest of two signed numbers.
     */
    function max(int256 a, int256 b) internal pure returns (int256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two signed numbers.
     */
    function min(int256 a, int256 b) internal pure returns (int256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two signed numbers without overflow.
     * The result is rounded towards zero.
     */
    function average(int256 a, int256 b) internal pure returns (int256) {
        // Formula from the book "Hacker's Delight"
        int256 x = (a & b) + ((a ^ b) >> 1);
        return x + (int256(uint256(x) >> 255) & (a ^ b));
    }

    /**
     * @dev Returns the absolute unsigned value of a signed value.
     */
    function abs(int256 n) internal pure returns (uint256) {
        unchecked {
            // must be unchecked in order to support `n = type(int256).min`
            return uint256(n >= 0 ? n : -n);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.20;

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS
    }

    /**
     * @dev The signature derives the `address(0)`.
     */
    error ECDSAInvalidSignature();

    /**
     * @dev The signature has an invalid length.
     */
    error ECDSAInvalidSignatureLength(uint256 length);

    /**
     * @dev The signature has an S value that is in the upper half order.
     */
    error ECDSAInvalidSignatureS(bytes32 s);

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
     * return address(0) without also returning an error description. Errors are documented using an enum (error type)
     * and a bytes32 providing additional information about the error.
     *
     * If no error is returned, then the address can be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError, bytes32) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     */
    function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError, bytes32) {
        unchecked {
            bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
            // We do not check for an overflow here since the shift operation results in 0 or 1.
            uint8 v = uint8((uint256(vs) >> 255) + 27);
            return tryRecover(hash, v, r, s);
        }
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function tryRecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address, RecoverError, bytes32) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS, s);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature, bytes32(0));
        }

        return (signer, RecoverError.NoError, bytes32(0));
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
     */
    function _throwError(RecoverError error, bytes32 errorArg) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert ECDSAInvalidSignature();
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert ECDSAInvalidSignatureLength(uint256(errorArg));
        } else if (error == RecoverError.InvalidSignatureS) {
            revert ECDSAInvalidSignatureS(errorArg);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC1822.sol)

pragma solidity ^0.8.20;

/**
 * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
 * proxy whose upgrades are fully controlled by the current implementation.
 */
interface IERC1822Proxiable {
    /**
     * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
     * address.
     *
     * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
     * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
     * function revert if invoked through a proxy.
     */
    function proxiableUUID() external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Utils.sol)

pragma solidity ^0.8.20;

import {IBeacon} from "../beacon/IBeacon.sol";
import {Address} from "../../utils/Address.sol";
import {StorageSlot} from "../../utils/StorageSlot.sol";

/**
 * @dev This abstract contract provides getters and event emitting update functions for
 * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
 */
library ERC1967Utils {
    // We re-declare ERC-1967 events here because they can't be used directly from IERC1967.
    // This will be fixed in Solidity 0.8.21. At that point we should remove these events.
    /**
     * @dev Emitted when the implementation is upgraded.
     */
    event Upgraded(address indexed implementation);

    /**
     * @dev Emitted when the admin account has changed.
     */
    event AdminChanged(address previousAdmin, address newAdmin);

    /**
     * @dev Emitted when the beacon is changed.
     */
    event BeaconUpgraded(address indexed beacon);

    /**
     * @dev Storage slot with the address of the current implementation.
     * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
     */
    // solhint-disable-next-line private-vars-leading-underscore
    bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;

    /**
     * @dev The `implementation` of the proxy is invalid.
     */
    error ERC1967InvalidImplementation(address implementation);

    /**
     * @dev The `admin` of the proxy is invalid.
     */
    error ERC1967InvalidAdmin(address admin);

    /**
     * @dev The `beacon` of the proxy is invalid.
     */
    error ERC1967InvalidBeacon(address beacon);

    /**
     * @dev An upgrade function sees `msg.value > 0` that may be lost.
     */
    error ERC1967NonPayable();

    /**
     * @dev Returns the current implementation address.
     */
    function getImplementation() internal view returns (address) {
        return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
    }

    /**
     * @dev Stores a new address in the EIP1967 implementation slot.
     */
    function _setImplementation(address newImplementation) private {
        if (newImplementation.code.length == 0) {
            revert ERC1967InvalidImplementation(newImplementation);
        }
        StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
    }

    /**
     * @dev Performs implementation upgrade with additional setup call if data is nonempty.
     * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
     * to avoid stuck value in the contract.
     *
     * Emits an {IERC1967-Upgraded} event.
     */
    function upgradeToAndCall(address newImplementation, bytes memory data) internal {
        _setImplementation(newImplementation);
        emit Upgraded(newImplementation);

        if (data.length > 0) {
            Address.functionDelegateCall(newImplementation, data);
        } else {
            _checkNonPayable();
        }
    }

    /**
     * @dev Storage slot with the admin of the contract.
     * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
     */
    // solhint-disable-next-line private-vars-leading-underscore
    bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;

    /**
     * @dev Returns the current admin.
     *
     * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
     * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
     * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
     */
    function getAdmin() internal view returns (address) {
        return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
    }

    /**
     * @dev Stores a new address in the EIP1967 admin slot.
     */
    function _setAdmin(address newAdmin) private {
        if (newAdmin == address(0)) {
            revert ERC1967InvalidAdmin(address(0));
        }
        StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
    }

    /**
     * @dev Changes the admin of the proxy.
     *
     * Emits an {IERC1967-AdminChanged} event.
     */
    function changeAdmin(address newAdmin) internal {
        emit AdminChanged(getAdmin(), newAdmin);
        _setAdmin(newAdmin);
    }

    /**
     * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
     * This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
     */
    // solhint-disable-next-line private-vars-leading-underscore
    bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;

    /**
     * @dev Returns the current beacon.
     */
    function getBeacon() internal view returns (address) {
        return StorageSlot.getAddressSlot(BEACON_SLOT).value;
    }

    /**
     * @dev Stores a new beacon in the EIP1967 beacon slot.
     */
    function _setBeacon(address newBeacon) private {
        if (newBeacon.code.length == 0) {
            revert ERC1967InvalidBeacon(newBeacon);
        }

        StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;

        address beaconImplementation = IBeacon(newBeacon).implementation();
        if (beaconImplementation.code.length == 0) {
            revert ERC1967InvalidImplementation(beaconImplementation);
        }
    }

    /**
     * @dev Change the beacon and trigger a setup call if data is nonempty.
     * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
     * to avoid stuck value in the contract.
     *
     * Emits an {IERC1967-BeaconUpgraded} event.
     *
     * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
     * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
     * efficiency.
     */
    function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
        _setBeacon(newBeacon);
        emit BeaconUpgraded(newBeacon);

        if (data.length > 0) {
            Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
        } else {
            _checkNonPayable();
        }
    }

    /**
     * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
     * if an upgrade doesn't perform an initialization call.
     */
    function _checkNonPayable() private {
        if (msg.value > 0) {
            revert ERC1967NonPayable();
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from "../IERC20.sol";
import {IERC20Permit} from "../extensions/IERC20Permit.sol";
import {Address} from "../../../utils/Address.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    using Address for address;

    /**
     * @dev An operation with an ERC20 token failed.
     */
    error SafeERC20FailedOperation(address token);

    /**
     * @dev Indicates a failed `decreaseAllowance` request.
     */
    error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);

    /**
     * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeTransfer(IERC20 token, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
    }

    /**
     * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
     * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
     */
    function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
    }

    /**
     * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
        uint256 oldAllowance = token.allowance(address(this), spender);
        forceApprove(token, spender, oldAllowance + value);
    }

    /**
     * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
     * value, non-reverting calls are assumed to be successful.
     */
    function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
        unchecked {
            uint256 currentAllowance = token.allowance(address(this), spender);
            if (currentAllowance < requestedDecrease) {
                revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
            }
            forceApprove(token, spender, currentAllowance - requestedDecrease);
        }
    }

    /**
     * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
     * to be set to zero before setting it to a non-zero value, such as USDT.
     */
    function forceApprove(IERC20 token, address spender, uint256 value) internal {
        bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));

        if (!_callOptionalReturnBool(token, approvalCall)) {
            _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
            _callOptionalReturn(token, approvalCall);
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
        // the target address contains contract code and also asserts for success in the low-level call.

        bytes memory returndata = address(token).functionCall(data);
        if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
     */
    function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
        // and not revert is the subcall reverts.

        (bool success, bytes memory returndata) = address(token).call(data);
        return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
    /**
     * @dev Returns true if this contract implements the interface defined by
     * `interfaceId`. See the corresponding
     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
     * to learn more about how these ids are created.
     *
     * This function call must use less than 30 000 gas.
     */
    function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 *
 * ==== Security Considerations
 *
 * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
 * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
 * considered as an intention to spend the allowance in any specific way. The second is that because permits have
 * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
 * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
 * generally recommended is:
 *
 * ```solidity
 * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
 *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
 *     doThing(..., value);
 * }
 *
 * function doThing(..., uint256 value) public {
 *     token.safeTransferFrom(msg.sender, address(this), value);
 *     ...
 * }
 * ```
 *
 * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
 * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
 * {SafeERC20-safeTransferFrom}).
 *
 * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
 * contracts should have entry points that don't rely on permit.
 */
interface IERC20Permit {
    /**
     * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
     * given ``owner``'s signed approval.
     *
     * IMPORTANT: The same issues {IERC20-approve} has related to transaction
     * ordering also apply here.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `deadline` must be a timestamp in the future.
     * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
     * over the EIP712-formatted function arguments.
     * - the signature must use ``owner``'s current nonce (see {nonces}).
     *
     * For more information on the signature format, see the
     * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
     * section].
     *
     * CAUTION: See Security Considerations above.
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /**
     * @dev Returns the current nonce for `owner`. This value must be
     * included whenever a signature is generated for {permit}.
     *
     * Every successful call to {permit} increases ``owner``'s nonce by one. This
     * prevents a signature from being used multiple times.
     */
    function nonces(address owner) external view returns (uint256);

    /**
     * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MessageHashUtils.sol)

pragma solidity ^0.8.20;

import {Strings} from "../Strings.sol";

/**
 * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
 *
 * The library provides methods for generating a hash of a message that conforms to the
 * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
 * specifications.
 */
library MessageHashUtils {
    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x45` (`personal_sign` messages).
     *
     * The digest is calculated by prefixing a bytes32 `messageHash` with
     * `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the
     * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
     *
     * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
     * keccak256, although any bytes32 value can be safely used because the final digest will
     * be re-hashed.
     *
     * See {ECDSA-recover}.
     */
    function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash
            mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
            digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
        }
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x45` (`personal_sign` messages).
     *
     * The digest is calculated by prefixing an arbitrary `message` with
     * `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the
     * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
     *
     * See {ECDSA-recover}.
     */
    function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
        return
            keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message));
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x00` (data with intended validator).
     *
     * The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended
     * `validator` address. Then hashing the result.
     *
     * See {ECDSA-recover}.
     */
    function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked(hex"19_00", validator, data));
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
     *
     * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
     * `\x19\x01` and hashing the result. It corresponds to the hash signed by the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
     *
     * See {ECDSA-recover}.
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
        /// @solidity memory-safe-assembly
        assembly {
            let ptr := mload(0x40)
            mstore(ptr, hex"19_01")
            mstore(add(ptr, 0x02), domainSeparator)
            mstore(add(ptr, 0x22), structHash)
            digest := keccak256(ptr, 0x42)
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
    /// @custom:storage-location erc7201:openzeppelin.storage.Ownable
    struct OwnableStorage {
        address _owner;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;

    function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
        assembly {
            $.slot := OwnableStorageLocation
        }
    }

    /**
     * @dev The caller account is not authorized to perform an operation.
     */
    error OwnableUnauthorizedAccount(address account);

    /**
     * @dev The owner is not a valid owner account. (eg. `address(0)`)
     */
    error OwnableInvalidOwner(address owner);

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
     */
    function __Ownable_init(address initialOwner) internal onlyInitializing {
        __Ownable_init_unchained(initialOwner);
    }

    function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
        if (initialOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(initialOwner);
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        OwnableStorage storage $ = _getOwnableStorage();
        return $._owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        if (owner() != _msgSender()) {
            revert OwnableUnauthorizedAccount(_msgSender());
        }
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        if (newOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        OwnableStorage storage $ = _getOwnableStorage();
        address oldOwner = $._owner;
        $._owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.20;

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```solidity
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 *
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
    /**
     * @dev Storage of the initializable contract.
     *
     * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
     * when using with upgradeable contracts.
     *
     * @custom:storage-location erc7201:openzeppelin.storage.Initializable
     */
    struct InitializableStorage {
        /**
         * @dev Indicates that the contract has been initialized.
         */
        uint64 _initialized;
        /**
         * @dev Indicates that the contract is in the process of being initialized.
         */
        bool _initializing;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;

    /**
     * @dev The contract is already initialized.
     */
    error InvalidInitialization();

    /**
     * @dev The contract is not initializing.
     */
    error NotInitializing();

    /**
     * @dev Triggered when the contract has been initialized or reinitialized.
     */
    event Initialized(uint64 version);

    /**
     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
     * `onlyInitializing` functions can be used to initialize parent contracts.
     *
     * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
     * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
     * production.
     *
     * Emits an {Initialized} event.
     */
    modifier initializer() {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        // Cache values to avoid duplicated sloads
        bool isTopLevelCall = !$._initializing;
        uint64 initialized = $._initialized;

        // Allowed calls:
        // - initialSetup: the contract is not in the initializing state and no previous version was
        //                 initialized
        // - construction: the contract is initialized at version 1 (no reininitialization) and the
        //                 current contract is just being deployed
        bool initialSetup = initialized == 0 && isTopLevelCall;
        bool construction = initialized == 1 && address(this).code.length == 0;

        if (!initialSetup && !construction) {
            revert InvalidInitialization();
        }
        $._initialized = 1;
        if (isTopLevelCall) {
            $._initializing = true;
        }
        _;
        if (isTopLevelCall) {
            $._initializing = false;
            emit Initialized(1);
        }
    }

    /**
     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
     * used to initialize parent contracts.
     *
     * A reinitializer may be used after the original initialization step. This is essential to configure modules that
     * are added through upgrades and that require initialization.
     *
     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
     * cannot be nested. If one is invoked in the context of another, execution will revert.
     *
     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
     * a contract, executing them in the right order is up to the developer or operator.
     *
     * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
     *
     * Emits an {Initialized} event.
     */
    modifier reinitializer(uint64 version) {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing || $._initialized >= version) {
            revert InvalidInitialization();
        }
        $._initialized = version;
        $._initializing = true;
        _;
        $._initializing = false;
        emit Initialized(version);
    }

    /**
     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
     * {initializer} and {reinitializer} modifiers, directly or indirectly.
     */
    modifier onlyInitializing() {
        _checkInitializing();
        _;
    }

    /**
     * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
     */
    function _checkInitializing() internal view virtual {
        if (!_isInitializing()) {
            revert NotInitializing();
        }
    }

    /**
     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
     * through proxies.
     *
     * Emits an {Initialized} event the first time it is successfully executed.
     */
    function _disableInitializers() internal virtual {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing) {
            revert InvalidInitialization();
        }
        if ($._initialized != type(uint64).max) {
            $._initialized = type(uint64).max;
            emit Initialized(type(uint64).max);
        }
    }

    /**
     * @dev Returns the highest version that has been initialized. See {reinitializer}.
     */
    function _getInitializedVersion() internal view returns (uint64) {
        return _getInitializableStorage()._initialized;
    }

    /**
     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
     */
    function _isInitializing() internal view returns (bool) {
        return _getInitializableStorage()._initializing;
    }

    /**
     * @dev Returns a pointer to the storage namespace.
     */
    // solhint-disable-next-line var-name-mixedcase
    function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
        assembly {
            $.slot := INITIALIZABLE_STORAGE
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/UUPSUpgradeable.sol)

pragma solidity ^0.8.20;

import {IERC1822Proxiable} from "@openzeppelin/contracts/interfaces/draft-IERC1822.sol";
import {ERC1967Utils} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol";
import {Initializable} from "./Initializable.sol";

/**
 * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
 * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
 *
 * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
 * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
 * `UUPSUpgradeable` with a custom implementation of upgrades.
 *
 * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
 */
abstract contract UUPSUpgradeable is Initializable, IERC1822Proxiable {
    /// @custom:oz-upgrades-unsafe-allow state-variable-immutable
    address private immutable __self = address(this);

    /**
     * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgradeTo(address)`
     * and `upgradeToAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called,
     * while `upgradeToAndCall` will invoke the `receive` function if the second argument is the empty byte string.
     * If the getter returns `"5.0.0"`, only `upgradeToAndCall(address,bytes)` is present, and the second argument must
     * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
     * during an upgrade.
     */
    string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";

    /**
     * @dev The call is from an unauthorized context.
     */
    error UUPSUnauthorizedCallContext();

    /**
     * @dev The storage `slot` is unsupported as a UUID.
     */
    error UUPSUnsupportedProxiableUUID(bytes32 slot);

    /**
     * @dev Check that the execution is being performed through a delegatecall call and that the execution context is
     * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
     * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
     * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
     * fail.
     */
    modifier onlyProxy() {
        _checkProxy();
        _;
    }

    /**
     * @dev Check that the execution is not being performed through a delegate call. This allows a function to be
     * callable on the implementing contract but not through proxies.
     */
    modifier notDelegated() {
        _checkNotDelegated();
        _;
    }

    function __UUPSUpgradeable_init() internal onlyInitializing {
    }

    function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
     * implementation. It is used to validate the implementation's compatibility when performing an upgrade.
     *
     * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
     * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
     * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
     */
    function proxiableUUID() external view virtual notDelegated returns (bytes32) {
        return ERC1967Utils.IMPLEMENTATION_SLOT;
    }

    /**
     * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
     * encoded in `data`.
     *
     * Calls {_authorizeUpgrade}.
     *
     * Emits an {Upgraded} event.
     *
     * @custom:oz-upgrades-unsafe-allow-reachable delegatecall
     */
    function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
        _authorizeUpgrade(newImplementation);
        _upgradeToAndCallUUPS(newImplementation, data);
    }

    /**
     * @dev Reverts if the execution is not performed via delegatecall or the execution
     * context is not of a proxy with an ERC1967-compliant implementation pointing to self.
     * See {_onlyProxy}.
     */
    function _checkProxy() internal view virtual {
        if (
            address(this) == __self || // Must be called through delegatecall
            ERC1967Utils.getImplementation() != __self // Must be called through an active proxy
        ) {
            revert UUPSUnauthorizedCallContext();
        }
    }

    /**
     * @dev Reverts if the execution is performed via delegatecall.
     * See {notDelegated}.
     */
    function _checkNotDelegated() internal view virtual {
        if (address(this) != __self) {
            // Must not be called through delegatecall
            revert UUPSUnauthorizedCallContext();
        }
    }

    /**
     * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
     * {upgradeToAndCall}.
     *
     * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
     *
     * ```solidity
     * function _authorizeUpgrade(address) internal onlyOwner {}
     * ```
     */
    function _authorizeUpgrade(address newImplementation) internal virtual;

    /**
     * @dev Performs an implementation upgrade with a security check for UUPS proxies, and additional setup call.
     *
     * As a security check, {proxiableUUID} is invoked in the new implementation, and the return value
     * is expected to be the implementation slot in ERC1967.
     *
     * Emits an {IERC1967-Upgraded} event.
     */
    function _upgradeToAndCallUUPS(address newImplementation, bytes memory data) private {
        try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
            if (slot != ERC1967Utils.IMPLEMENTATION_SLOT) {
                revert UUPSUnsupportedProxiableUUID(slot);
            }
            ERC1967Utils.upgradeToAndCall(newImplementation, data);
        } catch {
            // The implementation is not UUPS
            revert ERC1967Utils.ERC1967InvalidImplementation(newImplementation);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuardUpgradeable is Initializable {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant NOT_ENTERED = 1;
    uint256 private constant ENTERED = 2;

    /// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuard
    struct ReentrancyGuardStorage {
        uint256 _status;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant ReentrancyGuardStorageLocation = 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;

    function _getReentrancyGuardStorage() private pure returns (ReentrancyGuardStorage storage $) {
        assembly {
            $.slot := ReentrancyGuardStorageLocation
        }
    }

    /**
     * @dev Unauthorized reentrant call.
     */
    error ReentrancyGuardReentrantCall();

    function __ReentrancyGuard_init() internal onlyInitializing {
        __ReentrancyGuard_init_unchained();
    }

    function __ReentrancyGuard_init_unchained() internal onlyInitializing {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        $._status = NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        // On the first call to nonReentrant, _status will be NOT_ENTERED
        if ($._status == ENTERED) {
            revert ReentrancyGuardReentrantCall();
        }

        // Any calls to nonReentrant after this point will fail
        $._status = ENTERED;
    }

    function _nonReentrantAfter() private {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        $._status = NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        return $._status == ENTERED;
    }
}