Cryo Explorer Ethereum Mainnet

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

import {IAny2EVMMessageReceiver} from "../interfaces/IAny2EVMMessageReceiver.sol";

import {Client} from "../libraries/Client.sol";

import {IERC165} from "@openzeppelin/[email protected]/utils/introspection/IERC165.sol";

/// @title CCIPReceiver - Base contract for CCIP applications that can receive messages.
abstract contract CCIPReceiver is IAny2EVMMessageReceiver, IERC165 {
  address internal immutable i_ccipRouter;

  constructor(
    address router
  ) {
    if (router == address(0)) revert InvalidRouter(address(0));
    i_ccipRouter = router;
  }

  /// @notice IERC165 supports an interfaceId.
  /// @param interfaceId The interfaceId to check.
  /// @return true if the interfaceId is supported.
  /// @dev Should indicate whether the contract implements IAny2EVMMessageReceiver.
  /// e.g. return interfaceId == type(IAny2EVMMessageReceiver).interfaceId || interfaceId == type(IERC165).interfaceId
  /// This allows CCIP to check if ccipReceive is available before calling it.
  /// - If this returns false or reverts, only tokens are transferred to the receiver.
  /// - If this returns true, tokens are transferred and ccipReceive is called atomically.
  /// Additionally, if the receiver address does not have code associated with it at the time of
  /// execution (EXTCODESIZE returns 0), only tokens will be transferred.
  function supportsInterface(
    bytes4 interfaceId
  ) public pure virtual override returns (bool) {
    return interfaceId == type(IAny2EVMMessageReceiver).interfaceId || interfaceId == type(IERC165).interfaceId;
  }

  /// @inheritdoc IAny2EVMMessageReceiver
  function ccipReceive(
    Client.Any2EVMMessage calldata message
  ) external virtual override onlyRouter {
    _ccipReceive(message);
  }

  /// @notice Override this function in your implementation.
  /// @param message Any2EVMMessage.
  function _ccipReceive(
    Client.Any2EVMMessage memory message
  ) internal virtual;

  /// @notice Return the current router
  /// @return CCIP router address
  function getRouter() public view virtual returns (address) {
    return address(i_ccipRouter);
  }

  error InvalidRouter(address router);

  /// @dev only calls from the set router are accepted.
  modifier onlyRouter() {
    if (msg.sender != getRouter()) revert InvalidRouter(msg.sender);
    _;
  }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Client} from "../libraries/Client.sol";

/// @notice Application contracts that intend to receive messages from  the router should implement this interface.
interface IAny2EVMMessageReceiver {
  /// @notice Called by the Router to deliver a message. If this reverts, any token transfers also revert.
  /// The message will move to a FAILED state and become available for manual execution.
  /// @param message CCIP Message.
  /// @dev Note ensure you check the msg.sender is the OffRampRouter.
  function ccipReceive(
    Client.Any2EVMMessage calldata message
  ) external;
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Pool} from "../libraries/Pool.sol";

import {IERC165} from "@openzeppelin/[email protected]/utils/introspection/IERC165.sol";

/// @notice Shared public interface for multiple V1 pool types.
/// Each pool type handles a different child token model e.g. lock/unlock, mint/burn.
interface IPoolV1 is IERC165 {
  /// @notice Lock tokens into the pool or burn the tokens.
  /// @param lockOrBurnIn Encoded data fields for the processing of tokens on the source chain.
  /// @return lockOrBurnOut Encoded data fields for the processing of tokens on the destination chain.
  function lockOrBurn(
    Pool.LockOrBurnInV1 calldata lockOrBurnIn
  ) external returns (Pool.LockOrBurnOutV1 memory lockOrBurnOut);

  /// @notice Releases or mints tokens to the receiver address.
  /// @param releaseOrMintIn All data required to release or mint tokens.
  /// @return releaseOrMintOut The amount of tokens released or minted on the local chain, denominated
  /// in the local token's decimals.
  /// @dev The offRamp asserts that the balanceOf of the receiver has been incremented by exactly the number
  /// of tokens that is returned in ReleaseOrMintOutV1.destinationAmount. If the amounts do not match, the tx reverts.
  function releaseOrMint(
    Pool.ReleaseOrMintInV1 calldata releaseOrMintIn
  ) external returns (Pool.ReleaseOrMintOutV1 memory);

  /// @notice Checks whether a remote chain is supported in the token pool.
  /// @param remoteChainSelector The selector of the remote chain.
  /// @return true if the given chain is a permissioned remote chain.
  function isSupportedChain(
    uint64 remoteChainSelector
  ) external view returns (bool);

  /// @notice Returns if the token pool supports the given token.
  /// @param token The address of the token.
  /// @return true if the token is supported by the pool.
  function isSupportedToken(
    address token
  ) external view returns (bool);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

/// @notice This interface contains the only RMN-related functions that might be used on-chain by other CCIP contracts.
interface IRMN {
  /// @notice A Merkle root tagged with the address of the commit store contract it is destined for.
  struct TaggedRoot {
    address commitStore;
    bytes32 root;
  }

  /// @notice Callers MUST NOT cache the return value as a blessed tagged root could become unblessed.
  function isBlessed(
    TaggedRoot calldata taggedRoot
  ) external view returns (bool);

  /// @notice Iff there is an active global or legacy curse, this function returns true.
  function isCursed() external view returns (bool);

  /// @notice Iff there is an active global curse, or an active curse for `subject`, this function returns true.
  /// @param subject To check whether a particular chain is cursed, set to bytes16(uint128(chainSelector)).
  function isCursed(
    bytes16 subject
  ) external view returns (bool);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Client} from "../libraries/Client.sol";

interface IRouter {
  error OnlyOffRamp();

  /// @notice Route the message to its intended receiver contract.
  /// @param message Client.Any2EVMMessage struct.
  /// @param gasForCallExactCheck of params for exec.
  /// @param gasLimit set of params for exec.
  /// @param receiver set of params for exec.
  /// @dev if the receiver is a contracts that signals support for CCIP execution through EIP-165.
  /// the contract is called. If not, only tokens are transferred.
  /// @return success A boolean value indicating whether the ccip message was received without errors.
  /// @return retBytes A bytes array containing return data form CCIP receiver.
  /// @return gasUsed the gas used by the external customer call. Does not include any overhead.
  function routeMessage(
    Client.Any2EVMMessage calldata message,
    uint16 gasForCallExactCheck,
    uint256 gasLimit,
    address receiver
  ) external returns (bool success, bytes memory retBytes, uint256 gasUsed);

  /// @notice Returns the configured onRamp for a specific destination chain.
  /// @param destChainSelector The destination chain Id to get the onRamp for.
  /// @return onRampAddress The address of the onRamp.
  function getOnRamp(
    uint64 destChainSelector
  ) external view returns (address onRampAddress);

  /// @notice Return true if the given offRamp is a configured offRamp for the given source chain.
  /// @param sourceChainSelector The source chain selector to check.
  /// @param offRamp The address of the offRamp to check.
  function isOffRamp(uint64 sourceChainSelector, address offRamp) external view returns (bool isOffRamp);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

import {Client} from "../libraries/Client.sol";

interface IRouterClient {
  error UnsupportedDestinationChain(uint64 destChainSelector);
  error InsufficientFeeTokenAmount();
  error InvalidMsgValue();

  /// @notice Checks if the given chain ID is supported for sending/receiving.
  /// @param destChainSelector The chain to check.
  /// @return supported is true if it is supported, false if not.
  function isChainSupported(
    uint64 destChainSelector
  ) external view returns (bool supported);

  /// @param destinationChainSelector The destination chainSelector.
  /// @param message The cross-chain CCIP message including data and/or tokens.
  /// @return fee returns execution fee for the message.
  /// delivery to destination chain, denominated in the feeToken specified in the message.
  /// @dev Reverts with appropriate reason upon invalid message.
  function getFee(
    uint64 destinationChainSelector,
    Client.EVM2AnyMessage memory message
  ) external view returns (uint256 fee);

  /// @notice Request a message to be sent to the destination chain.
  /// @param destinationChainSelector The destination chain ID.
  /// @param message The cross-chain CCIP message including data and/or tokens.
  /// @return messageId The message ID.
  /// @dev Note if msg.value is larger than the required fee (from getFee) we accept.
  /// the overpayment with no refund.
  /// @dev Reverts with appropriate reason upon invalid message.
  function ccipSend(
    uint64 destinationChainSelector,
    Client.EVM2AnyMessage calldata message
  ) external payable returns (bytes32);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

// End consumer library.
library Client {
  /// @dev RMN depends on this struct, if changing, please notify the RMN maintainers.
  struct EVMTokenAmount {
    address token; // token address on the local chain.
    uint256 amount; // Amount of tokens.
  }

  struct Any2EVMMessage {
    bytes32 messageId; // MessageId corresponding to ccipSend on source.
    uint64 sourceChainSelector; // Source chain selector.
    bytes sender; // abi.decode(sender) if coming from an EVM chain.
    bytes data; // payload sent in original message.
    EVMTokenAmount[] destTokenAmounts; // Tokens and their amounts in their destination chain representation.
  }

  // If extraArgs is empty bytes, the default is 200k gas limit.
  struct EVM2AnyMessage {
    bytes receiver; // abi.encode(receiver address) for dest EVM chains.
    bytes data; // Data payload.
    EVMTokenAmount[] tokenAmounts; // Token transfers.
    address feeToken; // Address of feeToken. address(0) means you will send msg.value.
    bytes extraArgs; // Populate this with _argsToBytes(EVMExtraArgsV2).
  }

  // Tag to indicate only a gas limit. Only usable for EVM as destination chain.
  bytes4 public constant EVM_EXTRA_ARGS_V1_TAG = 0x97a657c9;

  struct EVMExtraArgsV1 {
    uint256 gasLimit;
  }

  function _argsToBytes(
    EVMExtraArgsV1 memory extraArgs
  ) internal pure returns (bytes memory bts) {
    return abi.encodeWithSelector(EVM_EXTRA_ARGS_V1_TAG, extraArgs);
  }

  // Tag to indicate a gas limit (or dest chain equivalent processing units) and Out Of Order Execution. This tag is
  // available for multiple chain families. If there is no chain family specific tag, this is the default available
  // for a chain.
  // Note: not available for Solana VM based chains.
  bytes4 public constant GENERIC_EXTRA_ARGS_V2_TAG = 0x181dcf10;

  /// @param gasLimit: gas limit for the callback on the destination chain.
  /// @param allowOutOfOrderExecution: if true, it indicates that the message can be executed in any order relative to
  /// other messages from the same sender. This value's default varies by chain. On some chains, a particular value is
  /// enforced, meaning if the expected value is not set, the message request will revert.
  /// @dev Fully compatible with the previously existing EVMExtraArgsV2.
  struct GenericExtraArgsV2 {
    uint256 gasLimit;
    bool allowOutOfOrderExecution;
  }

  // Extra args tag for chains that use the Sui VM.
  bytes4 public constant SUI_EXTRA_ARGS_V1_TAG = 0x21ea4ca9;

  // Extra args tag for chains that use the Solana VM.
  bytes4 public constant SVM_EXTRA_ARGS_V1_TAG = 0x1f3b3aba;

  struct SVMExtraArgsV1 {
    uint32 computeUnits;
    uint64 accountIsWritableBitmap;
    bool allowOutOfOrderExecution;
    bytes32 tokenReceiver;
    // Additional accounts needed for execution of CCIP receiver. Must be empty if message.receiver is zero.
    // Token transfer related accounts are specified in the token pool lookup table on SVM.
    bytes32[] accounts;
  }

  /// @dev The maximum number of accounts that can be passed in SVMExtraArgs.
  uint256 public constant SVM_EXTRA_ARGS_MAX_ACCOUNTS = 64;

  /// @dev The expected static payload size of a token transfer when Borsh encoded and submitted to SVM.
  /// TokenPool extra data and offchain data sizes are dynamic, and should be accounted for separately.
  uint256 public constant SVM_TOKEN_TRANSFER_DATA_OVERHEAD = (4 + 32) // source_pool
    + 32 // token_address
    + 4 // gas_amount
    + 4 // extra_data overhead
    + 32 // amount
    + 32 // size of the token lookup table account
    + 32 // token-related accounts in the lookup table, over-estimated to 32, typically between 11 - 13
    + 32 // token account belonging to the token receiver, e.g ATA, not included in the token lookup table
    + 32 // per-chain token pool config, not included in the token lookup table
    + 32 // per-chain token billing config, not always included in the token lookup table
    + 32; // OffRamp pool signer PDA, not included in the token lookup table

  /// @dev Number of overhead accounts needed for message execution on SVM.
  /// @dev These are message.receiver, and the OffRamp Signer PDA specific to the receiver.
  uint256 public constant SVM_MESSAGING_ACCOUNTS_OVERHEAD = 2;

  /// @dev The size of each SVM account address in bytes.
  uint256 public constant SVM_ACCOUNT_BYTE_SIZE = 32;

  struct SuiExtraArgsV1 {
    uint256 gasLimit;
    bool allowOutOfOrderExecution;
    bytes32 tokenReceiver;
    bytes32[] receiverObjectIds;
  }

  /// @dev The expected static payload size of a token transfer when BCS encoded and submitted to SUI.
  /// TokenPool extra data and offchain data sizes are dynamic, and should be accounted for separately.
  uint256 public constant SUI_TOKEN_TRANSFER_DATA_OVERHEAD = (4 + 32) // source_pool, 4 bytes for length, 32 bytes for address
    + 32 // dest_token_address
    + 4 // dest_gas_amount
    + 4 // extra_data length, the contents are calculated separately
    + 32; // amount

  /// @dev Number of overhead accounts needed for message execution on SUI.
  /// @dev This is the message.receiver.
  uint256 public constant SUI_MESSAGING_ACCOUNTS_OVERHEAD = 1;

  /// @dev The maximum number of receiver object ids that can be passed in SuiExtraArgs.
  uint256 public constant SUI_EXTRA_ARGS_MAX_RECEIVER_OBJECT_IDS = 64;

  /// @dev The size of each SUI account address in bytes.
  uint256 public constant SUI_ACCOUNT_BYTE_SIZE = 32;

  function _argsToBytes(
    GenericExtraArgsV2 memory extraArgs
  ) internal pure returns (bytes memory bts) {
    return abi.encodeWithSelector(GENERIC_EXTRA_ARGS_V2_TAG, extraArgs);
  }

  function _svmArgsToBytes(
    SVMExtraArgsV1 memory extraArgs
  ) internal pure returns (bytes memory bts) {
    return abi.encodeWithSelector(SVM_EXTRA_ARGS_V1_TAG, extraArgs);
  }

  function _suiArgsToBytes(
    SuiExtraArgsV1 memory extraArgs
  ) internal pure returns (bytes memory bts) {
    return abi.encodeWithSelector(SUI_EXTRA_ARGS_V1_TAG, extraArgs);
  }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

/// @notice This library contains various token pool functions to aid constructing the return data.
library Pool {
  // The tag used to signal support for the pool v1 standard.
  // bytes4(keccak256("CCIP_POOL_V1"))
  bytes4 public constant CCIP_POOL_V1 = 0xaff2afbf;

  // The tag used to signal support for the pool v1 standard.
  // bytes4(keccak256("CCIP_POOL_V2"))
  bytes4 public constant CCIP_POOL_V2 = 0xf208a58f;

  // The number of bytes in the return data for a pool v1 releaseOrMint call.
  // This should match the size of the ReleaseOrMintOutV1 struct.
  uint16 public constant CCIP_POOL_V1_RET_BYTES = 32;

  // The default max number of bytes in the return data for a pool v1 lockOrBurn call.
  // This data can be used to send information to the destination chain token pool. Can be overwritten
  // in the TokenTransferFeeConfig.destBytesOverhead if more data is required.
  uint32 public constant CCIP_LOCK_OR_BURN_V1_RET_BYTES = 32;

  struct LockOrBurnInV1 {
    bytes receiver; //  The recipient of the tokens on the destination chain, abi encoded.
    uint64 remoteChainSelector; // ─╮ The chain ID of the destination chain.
    address originalSender; // ─────╯ The original sender of the tx on the source chain.
    uint256 amount; //  The amount of tokens to lock or burn, denominated in the source token's decimals.
    address localToken; //  The address on this chain of the token to lock or burn.
  }

  struct LockOrBurnOutV1 {
    // The address of the destination token, abi encoded in the case of EVM chains.
    // This value is UNTRUSTED as any pool owner can return whatever value they want.
    bytes destTokenAddress;
    // Optional pool data to be transferred to the destination chain. Be default this is capped at
    // CCIP_LOCK_OR_BURN_V1_RET_BYTES bytes. If more data is required, the TokenTransferFeeConfig.destBytesOverhead
    // has to be set for the specific token.
    bytes destPoolData;
  }

  struct ReleaseOrMintInV1 {
    bytes originalSender; //            The original sender of the tx on the source chain.
    uint64 remoteChainSelector; // ───╮ The chain ID of the source chain.
    address receiver; // ─────────────╯ The recipient of the tokens on the destination chain.
    uint256 sourceDenominatedAmount; // The amount of tokens to release or mint, denominated in the source token's decimals.
    address localToken; //              The address on this chain of the token to release or mint.
    /// @dev WARNING: sourcePoolAddress should be checked prior to any processing of funds. Make sure it matches the
    /// expected pool address for the given remoteChainSelector.
    bytes sourcePoolAddress; //         The address of the source pool, abi encoded in the case of EVM chains.
    bytes sourcePoolData; //            The data received from the source pool to process the release or mint.
    /// @dev WARNING: offchainTokenData is untrusted data.
    bytes offchainTokenData; //         The offchain data to process the release or mint.
  }

  struct ReleaseOrMintOutV1 {
    // The number of tokens released or minted on the destination chain, denominated in the local token's decimals.
    // This value is expected to be equal to the ReleaseOrMintInV1.amount in the case where the source and destination
    // chain have the same number of decimals.
    uint256 destinationAmount;
  }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.4;

/// @notice Implements Token Bucket rate limiting.
/// @dev uint128 is safe for rate limiter state.
/// - For USD value rate limiting, it can adequately store USD value in 18 decimals.
/// - For ERC20 token amount rate limiting, all tokens that will be listed will have at most a supply of uint128.max
/// tokens, and it will therefore not overflow the bucket. In exceptional scenarios where tokens consumed may be larger
/// than uint128, e.g. compromised issuer, an enabled RateLimiter will check and revert.
library RateLimiter {
  error BucketOverfilled();
  error TokenMaxCapacityExceeded(uint256 capacity, uint256 requested, address tokenAddress);
  error TokenRateLimitReached(uint256 minWaitInSeconds, uint256 available, address tokenAddress);
  error InvalidRateLimitRate(Config rateLimiterConfig);
  error DisabledNonZeroRateLimit(Config config);

  event ConfigChanged(Config config);

  struct TokenBucket {
    uint128 tokens; // ────╮ Current number of tokens that are in the bucket.
    uint32 lastUpdated; // │ Timestamp in seconds of the last token refill, good for 100+ years.
    bool isEnabled; // ────╯ Indication whether the rate limiting is enabled or not.
    uint128 capacity; // ──╮ Maximum number of tokens that can be in the bucket.
    uint128 rate; // ──────╯ Number of tokens per second that the bucket is refilled.
  }

  struct Config {
    bool isEnabled; // Indication whether the rate limiting should be enabled.
    uint128 capacity; // ──╮ Specifies the capacity of the rate limiter.
    uint128 rate; //  ─────╯ Specifies the rate of the rate limiter.
  }

  /// @notice _consume removes the given tokens from the pool, lowering the rate tokens allowed to be
  /// consumed for subsequent calls.
  /// @param requestTokens The total tokens to be consumed from the bucket.
  /// @param tokenAddress The token to consume capacity for, use 0x0 to indicate aggregate value capacity.
  /// @dev Reverts when requestTokens exceeds bucket capacity or available tokens in the bucket.
  /// @dev emits removal of requestTokens if requestTokens is > 0.
  function _consume(TokenBucket storage s_bucket, uint256 requestTokens, address tokenAddress) internal {
    // If there is no value to remove or rate limiting is turned off, skip this step to reduce gas usage.
    if (!s_bucket.isEnabled || requestTokens == 0) {
      return;
    }

    uint256 tokens = s_bucket.tokens;
    uint256 capacity = s_bucket.capacity;
    uint256 timeDiff = block.timestamp - s_bucket.lastUpdated;

    if (timeDiff != 0) {
      if (tokens > capacity) revert BucketOverfilled();

      // Refill tokens when arriving at a new block time.
      tokens = _calculateRefill(capacity, tokens, timeDiff, s_bucket.rate);

      s_bucket.lastUpdated = uint32(block.timestamp);
    }

    if (capacity < requestTokens) {
      revert TokenMaxCapacityExceeded(capacity, requestTokens, tokenAddress);
    }
    if (tokens < requestTokens) {
      uint256 rate = s_bucket.rate;
      // Wait required until the bucket is refilled enough to accept this value, round up to next higher second.
      // Consume is not guaranteed to succeed after wait time passes if there is competing traffic.
      // This acts as a lower bound of wait time.
      uint256 minWaitInSeconds = ((requestTokens - tokens) + (rate - 1)) / rate;

      revert TokenRateLimitReached(minWaitInSeconds, tokens, tokenAddress);
    }
    tokens -= requestTokens;

    // Downcast is safe here, as tokens is not larger than capacity.
    s_bucket.tokens = uint128(tokens);
  }

  /// @notice Gets the token bucket with its values for the block it was requested at.
  /// @return The token bucket.
  function _currentTokenBucketState(
    TokenBucket memory bucket
  ) internal view returns (TokenBucket memory) {
    // We update the bucket to reflect the status at the exact time of the call. This means we might need to refill a
    // part of the bucket based on the time that has passed since the last update.
    bucket.tokens =
      uint128(_calculateRefill(bucket.capacity, bucket.tokens, block.timestamp - bucket.lastUpdated, bucket.rate));
    bucket.lastUpdated = uint32(block.timestamp);
    return bucket;
  }

  /// @notice Sets the rate limited config.
  /// @param s_bucket The token bucket.
  /// @param config The new config.
  function _setTokenBucketConfig(TokenBucket storage s_bucket, Config memory config) internal {
    // First update the bucket to make sure the proper rate is used for all the time up until the config change.
    uint256 timeDiff = block.timestamp - s_bucket.lastUpdated;
    if (timeDiff != 0) {
      s_bucket.tokens = uint128(_calculateRefill(s_bucket.capacity, s_bucket.tokens, timeDiff, s_bucket.rate));

      s_bucket.lastUpdated = uint32(block.timestamp);
    }

    s_bucket.tokens = uint128(_min(config.capacity, s_bucket.tokens));
    s_bucket.isEnabled = config.isEnabled;
    s_bucket.capacity = config.capacity;
    s_bucket.rate = config.rate;

    emit ConfigChanged(config);
  }

  /// @notice Validates the token bucket config.
  function _validateTokenBucketConfig(
    Config memory config
  ) internal pure {
    if (config.isEnabled) {
      if (config.rate > config.capacity) {
        revert InvalidRateLimitRate(config);
      }
    } else {
      if (config.rate != 0 || config.capacity != 0) {
        revert DisabledNonZeroRateLimit(config);
      }
    }
  }

  /// @notice Calculate refilled tokens.
  /// @param capacity bucket capacity.
  /// @param tokens current bucket tokens.
  /// @param timeDiff block time difference since last refill.
  /// @param rate bucket refill rate.
  /// @return the value of tokens after refill.
  function _calculateRefill(
    uint256 capacity,
    uint256 tokens,
    uint256 timeDiff,
    uint256 rate
  ) private pure returns (uint256) {
    return _min(capacity, tokens + timeDiff * rate);
  }

  /// @notice Return the smallest of two integers.
  /// @param a first int.
  /// @param b second int.
  /// @return smallest.
  function _min(uint256 a, uint256 b) internal pure returns (uint256) {
    return a < b ? a : b;
  }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {IBurnMintERC20} from "@chainlink/contracts/src/v0.8/shared/token/ERC20/IBurnMintERC20.sol";

import {TokenPool} from "./TokenPool.sol";

abstract contract BurnMintTokenPoolAbstract is TokenPool {
  /// @notice Contains the specific release or mint token logic for a pool.
  /// @dev overriding this method allows us to create pools with different release/mint signatures
  /// without duplicating the underlying logic.
  function _releaseOrMint(address receiver, uint256 amount) internal virtual override {
    IBurnMintERC20(address(i_token)).mint(receiver, amount);
  }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {IPoolV1} from "../interfaces/IPool.sol";
import {IRMN} from "../interfaces/IRMN.sol";
import {IRouter} from "../interfaces/IRouter.sol";

import {Pool} from "../libraries/Pool.sol";
import {RateLimiter} from "../libraries/RateLimiter.sol";
import {Ownable2StepMsgSender} from "@chainlink/contracts/src/v0.8/shared/access/Ownable2StepMsgSender.sol";

import {IERC20} from "@openzeppelin/[email protected]/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/[email protected]/token/ERC20/extensions/IERC20Metadata.sol";
import {IERC165} from "@openzeppelin/[email protected]/utils/introspection/IERC165.sol";
import {EnumerableSet} from "@openzeppelin/[email protected]/utils/structs/EnumerableSet.sol";

/// @notice Base abstract class with common functions for all token pools.
/// A token pool serves as isolated place for holding tokens and token specific logic
/// that may execute as tokens move across the bridge.
/// @dev This pool supports different decimals on different chains but using this feature could impact the total number
/// of tokens in circulation. Since all of the tokens are locked/burned on the source, and a rounded amount is
/// minted/released on the destination, the number of tokens minted/released could be less than the number of tokens
/// burned/locked. This is because the source chain does not know about the destination token decimals. This is not a
/// problem if the decimals are the same on both chains.
///
/// Example:
/// Assume there is a token with 6 decimals on chain A and 3 decimals on chain B.
/// - 1.234567 tokens are burned on chain A.
/// - 1.234    tokens are minted on chain B.
/// When sending the 1.234 tokens back to chain A, you will receive 1.234000 tokens on chain A, effectively losing
/// 0.000567 tokens.
/// In the case of a burnMint pool on chain A, these funds are burned in the pool on chain A.
/// In the case of a lockRelease pool on chain A, these funds accumulate in the pool on chain A.
abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
  using EnumerableSet for EnumerableSet.Bytes32Set;
  using EnumerableSet for EnumerableSet.AddressSet;
  using EnumerableSet for EnumerableSet.UintSet;
  using RateLimiter for RateLimiter.TokenBucket;

  error CallerIsNotARampOnRouter(address caller);
  error ZeroAddressInvalid();
  error SenderNotAllowed(address sender);
  error AllowListNotEnabled();
  error NonExistentChain(uint64 remoteChainSelector);
  error ChainNotAllowed(uint64 remoteChainSelector);
  error CursedByRMN();
  error ChainAlreadyExists(uint64 chainSelector);
  error InvalidSourcePoolAddress(bytes sourcePoolAddress);
  error InvalidToken(address token);
  error Unauthorized(address caller);
  error PoolAlreadyAdded(uint64 remoteChainSelector, bytes remotePoolAddress);
  error InvalidRemotePoolForChain(uint64 remoteChainSelector, bytes remotePoolAddress);
  error InvalidRemoteChainDecimals(bytes sourcePoolData);
  error MismatchedArrayLengths();
  error OverflowDetected(uint8 remoteDecimals, uint8 localDecimals, uint256 remoteAmount);
  error InvalidDecimalArgs(uint8 expected, uint8 actual);

  event LockedOrBurned(uint64 indexed remoteChainSelector, address token, address sender, uint256 amount);
  event ReleasedOrMinted(
    uint64 indexed remoteChainSelector, address token, address sender, address recipient, uint256 amount
  );
  event ChainAdded(
    uint64 remoteChainSelector,
    bytes remoteToken,
    RateLimiter.Config outboundRateLimiterConfig,
    RateLimiter.Config inboundRateLimiterConfig
  );
  event ChainConfigured(
    uint64 remoteChainSelector,
    RateLimiter.Config outboundRateLimiterConfig,
    RateLimiter.Config inboundRateLimiterConfig
  );
  event ChainRemoved(uint64 remoteChainSelector);
  event RemotePoolAdded(uint64 indexed remoteChainSelector, bytes remotePoolAddress);
  event RemotePoolRemoved(uint64 indexed remoteChainSelector, bytes remotePoolAddress);
  event AllowListAdd(address sender);
  event AllowListRemove(address sender);
  event RouterUpdated(address oldRouter, address newRouter);
  event RateLimitAdminSet(address rateLimitAdmin);
  event OutboundRateLimitConsumed(uint64 indexed remoteChainSelector, address token, uint256 amount);
  event InboundRateLimitConsumed(uint64 indexed remoteChainSelector, address token, uint256 amount);

  struct ChainUpdate {
    uint64 remoteChainSelector; // Remote chain selector
    bytes[] remotePoolAddresses; // Address of the remote pool, ABI encoded in the case of a remote EVM chain.
    bytes remoteTokenAddress; // Address of the remote token, ABI encoded in the case of a remote EVM chain.
    RateLimiter.Config outboundRateLimiterConfig; // Outbound rate limited config, meaning the rate limits for all of the onRamps for the given chain
    RateLimiter.Config inboundRateLimiterConfig; // Inbound rate limited config, meaning the rate limits for all of the offRamps for the given chain
  }

  struct RemoteChainConfig {
    RateLimiter.TokenBucket outboundRateLimiterConfig; // Outbound rate limited config, meaning the rate limits for all of the onRamps for the given chain
    RateLimiter.TokenBucket inboundRateLimiterConfig; // Inbound rate limited config, meaning the rate limits for all of the offRamps for the given chain
    bytes remoteTokenAddress; // Address of the remote token, ABI encoded in the case of a remote EVM chain.
    EnumerableSet.Bytes32Set remotePools; // Set of remote pool hashes, ABI encoded in the case of a remote EVM chain.
  }

  /// @dev The bridgeable token that is managed by this pool. Pools could support multiple tokens at the same time if
  /// required, but this implementation only supports one token.
  IERC20 internal immutable i_token;
  /// @dev The number of decimals of the token managed by this pool.
  uint8 internal immutable i_tokenDecimals;
  /// @dev The address of the RMN proxy
  address internal immutable i_rmnProxy;
  /// @dev The immutable flag that indicates if the pool is access-controlled.
  bool internal immutable i_allowlistEnabled;
  /// @dev A set of addresses allowed to trigger lockOrBurn as original senders.
  /// Only takes effect if i_allowlistEnabled is true.
  /// This can be used to ensure only token-issuer specified addresses can move tokens.
  EnumerableSet.AddressSet internal s_allowlist;
  /// @dev The address of the router
  IRouter internal s_router;
  /// @dev A set of allowed chain selectors. We want the allowlist to be enumerable to
  /// be able to quickly determine (without parsing logs) who can access the pool.
  /// @dev The chain selectors are in uint256 format because of the EnumerableSet implementation.
  EnumerableSet.UintSet internal s_remoteChainSelectors;
  mapping(uint64 remoteChainSelector => RemoteChainConfig) internal s_remoteChainConfigs;
  /// @notice A mapping of hashed pool addresses to their unhashed form. This is used to be able to find the actually
  /// configured pools and not just their hashed versions.
  mapping(bytes32 poolAddressHash => bytes poolAddress) internal s_remotePoolAddresses;
  /// @notice The address of the rate limiter admin.
  /// @dev Can be address(0) if none is configured.
  address internal s_rateLimitAdmin;

  constructor(IERC20 token, uint8 localTokenDecimals, address[] memory allowlist, address rmnProxy, address router) {
    if (address(token) == address(0) || router == address(0) || rmnProxy == address(0)) {
      revert ZeroAddressInvalid();
    }
    i_token = token;
    i_rmnProxy = rmnProxy;

    try IERC20Metadata(address(token)).decimals() returns (uint8 actualTokenDecimals) {
      if (localTokenDecimals != actualTokenDecimals) {
        revert InvalidDecimalArgs(localTokenDecimals, actualTokenDecimals);
      }
    } catch {
      // The decimals function doesn't exist, which is possible since it's optional in the ERC20 spec. We skip the check and
      // assume the supplied token decimals are correct.
    }
    i_tokenDecimals = localTokenDecimals;

    s_router = IRouter(router);

    // Pool can be set as permissioned or permissionless at deployment time only to save hot-path gas.
    i_allowlistEnabled = allowlist.length > 0;
    if (i_allowlistEnabled) {
      _applyAllowListUpdates(new address[](0), allowlist);
    }
  }

  /// @inheritdoc IPoolV1
  function isSupportedToken(
    address token
  ) public view virtual returns (bool) {
    return token == address(i_token);
  }

  /// @notice Gets the IERC20 token that this pool can lock or burn.
  /// @return token The IERC20 token representation.
  function getToken() public view returns (IERC20 token) {
    return i_token;
  }

  /// @notice Get RMN proxy address
  /// @return rmnProxy Address of RMN proxy
  function getRmnProxy() public view returns (address rmnProxy) {
    return i_rmnProxy;
  }

  /// @notice Gets the pool's Router
  /// @return router The pool's Router
  function getRouter() public view virtual returns (address router) {
    return address(s_router);
  }

  /// @notice Sets the pool's Router
  /// @param newRouter The new Router
  function setRouter(
    address newRouter
  ) public onlyOwner {
    if (newRouter == address(0)) revert ZeroAddressInvalid();
    address oldRouter = address(s_router);
    s_router = IRouter(newRouter);

    emit RouterUpdated(oldRouter, newRouter);
  }

  /// @notice Signals which version of the pool interface is supported
  function supportsInterface(
    bytes4 interfaceId
  ) public pure virtual override returns (bool) {
    return interfaceId == Pool.CCIP_POOL_V1 || interfaceId == type(IPoolV1).interfaceId
      || interfaceId == type(IERC165).interfaceId;
  }

  // ================================================================
  // │                        Lock or Burn                          │
  // ================================================================

  /// @notice Burn the token in the pool
  /// @dev The _validateLockOrBurn check is an essential security check
  function lockOrBurn(
    Pool.LockOrBurnInV1 calldata lockOrBurnIn
  ) public virtual override returns (Pool.LockOrBurnOutV1 memory) {
    _validateLockOrBurn(lockOrBurnIn);

    _lockOrBurn(lockOrBurnIn.amount);

    emit LockedOrBurned({
      remoteChainSelector: lockOrBurnIn.remoteChainSelector,
      token: address(i_token),
      sender: msg.sender,
      amount: lockOrBurnIn.amount
    });

    return Pool.LockOrBurnOutV1({
      destTokenAddress: getRemoteToken(lockOrBurnIn.remoteChainSelector),
      destPoolData: _encodeLocalDecimals()
    });
  }

  /// @notice Contains the specific lock or burn token logic for a pool.
  /// @dev overriding this method allows us to create pools with different lock/burn signatures
  /// without duplicating the underlying logic.
  function _lockOrBurn(
    uint256 amount
  ) internal virtual {}

  // ================================================================
  // │                      Release or Mint                         │
  // ================================================================

  /// @notice Mint tokens from the pool to the recipient
  /// @dev The _validateReleaseOrMint check is an essential security check
  function releaseOrMint(
    Pool.ReleaseOrMintInV1 calldata releaseOrMintIn
  ) public virtual override returns (Pool.ReleaseOrMintOutV1 memory) {
    // Calculate the local amount
    uint256 localAmount = _calculateLocalAmount(
      releaseOrMintIn.sourceDenominatedAmount, _parseRemoteDecimals(releaseOrMintIn.sourcePoolData)
    );

    _validateReleaseOrMint(releaseOrMintIn, localAmount);

    // Mint to the receiver
    _releaseOrMint(releaseOrMintIn.receiver, localAmount);

    emit ReleasedOrMinted({
      remoteChainSelector: releaseOrMintIn.remoteChainSelector,
      token: address(i_token),
      sender: msg.sender,
      recipient: releaseOrMintIn.receiver,
      amount: localAmount
    });

    return Pool.ReleaseOrMintOutV1({destinationAmount: localAmount});
  }

  /// @notice Contains the specific release or mint token logic for a pool.
  /// @dev overriding this method allows us to create pools with different release/mint signatures
  /// without duplicating the underlying logic.
  function _releaseOrMint(address receiver, uint256 amount) internal virtual {}

  // ================================================================
  // │                         Validation                           │
  // ================================================================

  /// @notice Validates the lock or burn input for correctness on
  /// - token to be locked or burned
  /// - RMN curse status
  /// - allowlist status
  /// - if the sender is a valid onRamp
  /// - rate limit status
  /// @param lockOrBurnIn The input to validate.
  /// @dev This function should always be called before executing a lock or burn. Not doing so would allow
  /// for various exploits.
  function _validateLockOrBurn(
    Pool.LockOrBurnInV1 calldata lockOrBurnIn
  ) internal {
    if (!isSupportedToken(lockOrBurnIn.localToken)) revert InvalidToken(lockOrBurnIn.localToken);
    if (IRMN(i_rmnProxy).isCursed(bytes16(uint128(lockOrBurnIn.remoteChainSelector)))) revert CursedByRMN();
    _checkAllowList(lockOrBurnIn.originalSender);

    _onlyOnRamp(lockOrBurnIn.remoteChainSelector);
    _consumeOutboundRateLimit(lockOrBurnIn.remoteChainSelector, lockOrBurnIn.amount);
  }

  /// @notice Validates the release or mint input for correctness on
  /// - token to be released or minted
  /// - RMN curse status
  /// - if the sender is a valid offRamp
  /// - if the source pool is valid
  /// - rate limit status
  /// @param releaseOrMintIn The input to validate.
  /// @param localAmount The local amount to be released or minted.
  /// @dev This function should always be called before executing a release or mint. Not doing so would allow
  /// for various exploits.
  function _validateReleaseOrMint(Pool.ReleaseOrMintInV1 calldata releaseOrMintIn, uint256 localAmount) internal {
    if (!isSupportedToken(releaseOrMintIn.localToken)) revert InvalidToken(releaseOrMintIn.localToken);
    if (IRMN(i_rmnProxy).isCursed(bytes16(uint128(releaseOrMintIn.remoteChainSelector)))) revert CursedByRMN();
    _onlyOffRamp(releaseOrMintIn.remoteChainSelector);

    // Validates that the source pool address is configured on this pool.
    if (!isRemotePool(releaseOrMintIn.remoteChainSelector, releaseOrMintIn.sourcePoolAddress)) {
      revert InvalidSourcePoolAddress(releaseOrMintIn.sourcePoolAddress);
    }

    _consumeInboundRateLimit(releaseOrMintIn.remoteChainSelector, localAmount);
  }

  // ================================================================
  // │                      Token decimals                          │
  // ================================================================

  /// @notice Gets the IERC20 token decimals on the local chain.
  function getTokenDecimals() public view virtual returns (uint8 decimals) {
    return i_tokenDecimals;
  }

  function _encodeLocalDecimals() internal view virtual returns (bytes memory) {
    return abi.encode(i_tokenDecimals);
  }

  function _parseRemoteDecimals(
    bytes memory sourcePoolData
  ) internal view virtual returns (uint8) {
    // Fallback to the local token decimals if the source pool data is empty. This allows for backwards compatibility.
    if (sourcePoolData.length == 0) {
      return i_tokenDecimals;
    }
    if (sourcePoolData.length != 32) {
      revert InvalidRemoteChainDecimals(sourcePoolData);
    }
    uint256 remoteDecimals = abi.decode(sourcePoolData, (uint256));
    if (remoteDecimals > type(uint8).max) {
      revert InvalidRemoteChainDecimals(sourcePoolData);
    }
    return uint8(remoteDecimals);
  }

  /// @notice Calculates the local amount based on the remote amount and decimals.
  /// @param remoteAmount The amount on the remote chain.
  /// @param remoteDecimals The decimals of the token on the remote chain.
  /// @return The local amount.
  /// @dev This function protects against overflows. If there is a transaction that hits the overflow check, it is
  /// probably incorrect as that means the amount cannot be represented on this chain. If the local decimals have been
  /// wrongly configured, the token issuer could redeploy the pool with the correct decimals and manually re-execute the
  /// CCIP tx to fix the issue.
  function _calculateLocalAmount(uint256 remoteAmount, uint8 remoteDecimals) internal view virtual returns (uint256) {
    if (remoteDecimals == i_tokenDecimals) {
      return remoteAmount;
    }
    if (remoteDecimals > i_tokenDecimals) {
      uint8 decimalsDiff = remoteDecimals - i_tokenDecimals;
      if (decimalsDiff > 77) {
        // This is a safety check to prevent overflow in the next calculation.
        revert OverflowDetected(remoteDecimals, i_tokenDecimals, remoteAmount);
      }
      // Solidity rounds down so there is no risk of minting more tokens than the remote chain sent.
      return remoteAmount / (10 ** decimalsDiff);
    }

    // This is a safety check to prevent overflow in the next calculation.
    // More than 77 would never fit in a uint256 and would cause an overflow. We also check if the resulting amount
    // would overflow.
    uint8 diffDecimals = i_tokenDecimals - remoteDecimals;
    if (diffDecimals > 77 || remoteAmount > type(uint256).max / (10 ** diffDecimals)) {
      revert OverflowDetected(remoteDecimals, i_tokenDecimals, remoteAmount);
    }

    return remoteAmount * (10 ** diffDecimals);
  }

  // ================================================================
  // │                     Chain permissions                        │
  // ================================================================

  /// @notice Gets the pool address on the remote chain.
  /// @param remoteChainSelector Remote chain selector.
  /// @dev To support non-evm chains, this value is encoded into bytes
  function getRemotePools(
    uint64 remoteChainSelector
  ) public view returns (bytes[] memory) {
    bytes32[] memory remotePoolHashes = s_remoteChainConfigs[remoteChainSelector].remotePools.values();

    bytes[] memory remotePools = new bytes[](remotePoolHashes.length);
    for (uint256 i = 0; i < remotePoolHashes.length; ++i) {
      remotePools[i] = s_remotePoolAddresses[remotePoolHashes[i]];
    }

    return remotePools;
  }

  /// @notice Checks if the pool address is configured on the remote chain.
  /// @param remoteChainSelector Remote chain selector.
  /// @param remotePoolAddress The address of the remote pool.
  function isRemotePool(uint64 remoteChainSelector, bytes memory remotePoolAddress) public view returns (bool) {
    return s_remoteChainConfigs[remoteChainSelector].remotePools.contains(keccak256(remotePoolAddress));
  }

  /// @notice Gets the token address on the remote chain.
  /// @param remoteChainSelector Remote chain selector.
  /// @dev To support non-evm chains, this value is encoded into bytes
  function getRemoteToken(
    uint64 remoteChainSelector
  ) public view returns (bytes memory) {
    return s_remoteChainConfigs[remoteChainSelector].remoteTokenAddress;
  }

  /// @notice Adds a remote pool for a given chain selector. This could be due to a pool being upgraded on the remote
  /// chain. We don't simply want to replace the old pool as there could still be valid inflight messages from the old
  /// pool. This function allows for multiple pools to be added for a single chain selector.
  /// @param remoteChainSelector The remote chain selector for which the remote pool address is being added.
  /// @param remotePoolAddress The address of the new remote pool.
  function addRemotePool(uint64 remoteChainSelector, bytes calldata remotePoolAddress) external onlyOwner {
    if (!isSupportedChain(remoteChainSelector)) revert NonExistentChain(remoteChainSelector);

    _setRemotePool(remoteChainSelector, remotePoolAddress);
  }

  /// @notice Removes the remote pool address for a given chain selector.
  /// @dev All inflight txs from the remote pool will be rejected after it is removed. To ensure no loss of funds, there
  /// should be no inflight txs from the given pool.
  function removeRemotePool(uint64 remoteChainSelector, bytes calldata remotePoolAddress) external onlyOwner {
    if (!isSupportedChain(remoteChainSelector)) revert NonExistentChain(remoteChainSelector);

    if (!s_remoteChainConfigs[remoteChainSelector].remotePools.remove(keccak256(remotePoolAddress))) {
      revert InvalidRemotePoolForChain(remoteChainSelector, remotePoolAddress);
    }

    emit RemotePoolRemoved(remoteChainSelector, remotePoolAddress);
  }

  /// @inheritdoc IPoolV1
  function isSupportedChain(
    uint64 remoteChainSelector
  ) public view returns (bool) {
    return s_remoteChainSelectors.contains(remoteChainSelector);
  }

  /// @notice Get list of allowed chains
  /// @return list of chains.
  function getSupportedChains() public view returns (uint64[] memory) {
    uint256[] memory uint256ChainSelectors = s_remoteChainSelectors.values();
    uint64[] memory chainSelectors = new uint64[](uint256ChainSelectors.length);
    for (uint256 i = 0; i < uint256ChainSelectors.length; ++i) {
      chainSelectors[i] = uint64(uint256ChainSelectors[i]);
    }

    return chainSelectors;
  }

  /// @notice Sets the permissions for a list of chains selectors. Actual senders for these chains
  /// need to be allowed on the Router to interact with this pool.
  /// @param remoteChainSelectorsToRemove A list of chain selectors to remove.
  /// @param chainsToAdd A list of chains and their new permission status & rate limits. Rate limits
  /// are only used when the chain is being added through `allowed` being true.
  /// @dev Only callable by the owner
  function applyChainUpdates(
    uint64[] calldata remoteChainSelectorsToRemove,
    ChainUpdate[] calldata chainsToAdd
  ) external virtual onlyOwner {
    for (uint256 i = 0; i < remoteChainSelectorsToRemove.length; ++i) {
      uint64 remoteChainSelectorToRemove = remoteChainSelectorsToRemove[i];
      // If the chain doesn't exist, revert
      if (!s_remoteChainSelectors.remove(remoteChainSelectorToRemove)) {
        revert NonExistentChain(remoteChainSelectorToRemove);
      }

      // Remove all remote pool hashes for the chain
      bytes32[] memory remotePools = s_remoteChainConfigs[remoteChainSelectorToRemove].remotePools.values();
      for (uint256 j = 0; j < remotePools.length; ++j) {
        s_remoteChainConfigs[remoteChainSelectorToRemove].remotePools.remove(remotePools[j]);
      }

      delete s_remoteChainConfigs[remoteChainSelectorToRemove];

      emit ChainRemoved(remoteChainSelectorToRemove);
    }

    for (uint256 i = 0; i < chainsToAdd.length; ++i) {
      ChainUpdate memory newChain = chainsToAdd[i];
      RateLimiter._validateTokenBucketConfig(newChain.outboundRateLimiterConfig);
      RateLimiter._validateTokenBucketConfig(newChain.inboundRateLimiterConfig);

      if (newChain.remoteTokenAddress.length == 0) {
        revert ZeroAddressInvalid();
      }

      // If the chain already exists, revert
      if (!s_remoteChainSelectors.add(newChain.remoteChainSelector)) {
        revert ChainAlreadyExists(newChain.remoteChainSelector);
      }

      RemoteChainConfig storage remoteChainConfig = s_remoteChainConfigs[newChain.remoteChainSelector];

      remoteChainConfig.outboundRateLimiterConfig = RateLimiter.TokenBucket({
        rate: newChain.outboundRateLimiterConfig.rate,
        capacity: newChain.outboundRateLimiterConfig.capacity,
        tokens: newChain.outboundRateLimiterConfig.capacity,
        lastUpdated: uint32(block.timestamp),
        isEnabled: newChain.outboundRateLimiterConfig.isEnabled
      });
      remoteChainConfig.inboundRateLimiterConfig = RateLimiter.TokenBucket({
        rate: newChain.inboundRateLimiterConfig.rate,
        capacity: newChain.inboundRateLimiterConfig.capacity,
        tokens: newChain.inboundRateLimiterConfig.capacity,
        lastUpdated: uint32(block.timestamp),
        isEnabled: newChain.inboundRateLimiterConfig.isEnabled
      });
      remoteChainConfig.remoteTokenAddress = newChain.remoteTokenAddress;

      for (uint256 j = 0; j < newChain.remotePoolAddresses.length; ++j) {
        _setRemotePool(newChain.remoteChainSelector, newChain.remotePoolAddresses[j]);
      }

      emit ChainAdded(
        newChain.remoteChainSelector,
        newChain.remoteTokenAddress,
        newChain.outboundRateLimiterConfig,
        newChain.inboundRateLimiterConfig
      );
    }
  }

  /// @notice Adds a pool address to the allowed remote token pools for a particular chain.
  /// @param remoteChainSelector The remote chain selector for which the remote pool address is being added.
  /// @param remotePoolAddress The address of the new remote pool.
  function _setRemotePool(uint64 remoteChainSelector, bytes memory remotePoolAddress) internal {
    if (remotePoolAddress.length == 0) {
      revert ZeroAddressInvalid();
    }

    bytes32 poolHash = keccak256(remotePoolAddress);

    // Check if the pool already exists.
    if (!s_remoteChainConfigs[remoteChainSelector].remotePools.add(poolHash)) {
      revert PoolAlreadyAdded(remoteChainSelector, remotePoolAddress);
    }

    // Add the pool to the mapping to be able to un-hash it later.
    s_remotePoolAddresses[poolHash] = remotePoolAddress;

    emit RemotePoolAdded(remoteChainSelector, remotePoolAddress);
  }

  // ================================================================
  // │                        Rate limiting                         │
  // ================================================================

  /// @dev The inbound rate limits should be slightly higher than the outbound rate limits. This is because many chains
  /// finalize blocks in batches. CCIP also commits messages in batches: the commit plugin bundles multiple messages in
  /// a single merkle root.
  /// Imagine the following scenario.
  /// - Chain A has an inbound and outbound rate limit of 100 tokens capacity and 1 token per second refill rate.
  /// - Chain B has an inbound and outbound rate limit of 100 tokens capacity and 1 token per second refill rate.
  ///
  /// At time 0:
  /// - Chain A sends 100 tokens to Chain B.
  /// At time 5:
  /// - Chain A sends 5 tokens to Chain B.
  /// At time 6:
  /// The epoch that contains blocks [0-5] is finalized.
  /// Both transactions will be included in the same merkle root and become executable at the same time. This means
  /// the token pool on chain B requires a capacity of 105 to successfully execute both messages at the same time.
  /// The exact additional capacity required depends on the refill rate and the size of the source chain epochs and the
  /// CCIP round time. For simplicity, a 5-10% buffer should be sufficient in most cases.

  /// @notice Sets the rate limiter admin address.
  /// @dev Only callable by the owner.
  /// @param rateLimitAdmin The new rate limiter admin address.
  function setRateLimitAdmin(
    address rateLimitAdmin
  ) external onlyOwner {
    s_rateLimitAdmin = rateLimitAdmin;
    emit RateLimitAdminSet(rateLimitAdmin);
  }

  /// @notice Gets the rate limiter admin address.
  function getRateLimitAdmin() external view returns (address) {
    return s_rateLimitAdmin;
  }

  /// @notice Consumes outbound rate limiting capacity in this pool
  function _consumeOutboundRateLimit(uint64 remoteChainSelector, uint256 amount) internal {
    s_remoteChainConfigs[remoteChainSelector].outboundRateLimiterConfig._consume(amount, address(i_token));

    emit OutboundRateLimitConsumed({token: address(i_token), remoteChainSelector: remoteChainSelector, amount: amount});
  }

  /// @notice Consumes inbound rate limiting capacity in this pool
  function _consumeInboundRateLimit(uint64 remoteChainSelector, uint256 amount) internal {
    s_remoteChainConfigs[remoteChainSelector].inboundRateLimiterConfig._consume(amount, address(i_token));

    emit InboundRateLimitConsumed({token: address(i_token), remoteChainSelector: remoteChainSelector, amount: amount});
  }

  /// @notice Gets the token bucket with its values for the block it was requested at.
  /// @return The token bucket.
  function getCurrentOutboundRateLimiterState(
    uint64 remoteChainSelector
  ) external view returns (RateLimiter.TokenBucket memory) {
    return s_remoteChainConfigs[remoteChainSelector].outboundRateLimiterConfig._currentTokenBucketState();
  }

  /// @notice Gets the token bucket with its values for the block it was requested at.
  /// @return The token bucket.
  function getCurrentInboundRateLimiterState(
    uint64 remoteChainSelector
  ) external view returns (RateLimiter.TokenBucket memory) {
    return s_remoteChainConfigs[remoteChainSelector].inboundRateLimiterConfig._currentTokenBucketState();
  }

  /// @notice Sets multiple chain rate limiter configs.
  /// @param remoteChainSelectors The remote chain selector for which the rate limits apply.
  /// @param outboundConfigs The new outbound rate limiter config, meaning the onRamp rate limits for the given chain.
  /// @param inboundConfigs The new inbound rate limiter config, meaning the offRamp rate limits for the given chain.
  function setChainRateLimiterConfigs(
    uint64[] calldata remoteChainSelectors,
    RateLimiter.Config[] calldata outboundConfigs,
    RateLimiter.Config[] calldata inboundConfigs
  ) external {
    if (msg.sender != s_rateLimitAdmin && msg.sender != owner()) revert Unauthorized(msg.sender);
    if (remoteChainSelectors.length != outboundConfigs.length || remoteChainSelectors.length != inboundConfigs.length) {
      revert MismatchedArrayLengths();
    }

    for (uint256 i = 0; i < remoteChainSelectors.length; ++i) {
      _setRateLimitConfig(remoteChainSelectors[i], outboundConfigs[i], inboundConfigs[i]);
    }
  }

  /// @notice Sets the chain rate limiter config.
  /// @param remoteChainSelector The remote chain selector for which the rate limits apply.
  /// @param outboundConfig The new outbound rate limiter config, meaning the onRamp rate limits for the given chain.
  /// @param inboundConfig The new inbound rate limiter config, meaning the offRamp rate limits for the given chain.
  function setChainRateLimiterConfig(
    uint64 remoteChainSelector,
    RateLimiter.Config memory outboundConfig,
    RateLimiter.Config memory inboundConfig
  ) external {
    if (msg.sender != s_rateLimitAdmin && msg.sender != owner()) revert Unauthorized(msg.sender);

    _setRateLimitConfig(remoteChainSelector, outboundConfig, inboundConfig);
  }

  function _setRateLimitConfig(
    uint64 remoteChainSelector,
    RateLimiter.Config memory outboundConfig,
    RateLimiter.Config memory inboundConfig
  ) internal {
    if (!isSupportedChain(remoteChainSelector)) revert NonExistentChain(remoteChainSelector);
    RateLimiter._validateTokenBucketConfig(outboundConfig);
    s_remoteChainConfigs[remoteChainSelector].outboundRateLimiterConfig._setTokenBucketConfig(outboundConfig);
    RateLimiter._validateTokenBucketConfig(inboundConfig);
    s_remoteChainConfigs[remoteChainSelector].inboundRateLimiterConfig._setTokenBucketConfig(inboundConfig);
    emit ChainConfigured(remoteChainSelector, outboundConfig, inboundConfig);
  }

  // ================================================================
  // │                           Access                             │
  // ================================================================

  /// @notice Checks whether remote chain selector is configured on this contract, and if the msg.sender
  /// is a permissioned onRamp for the given chain on the Router.
  /// @dev This function is marked virtual as other token pools may inherit from this contract, but do
  /// not receive calls from the ramps directly, instead receiving them from a proxy contract. In that
  /// situation this function must be overridden and the ramp-check removed and replaced with a different
  /// access-control scheme.
  function _onlyOnRamp(
    uint64 remoteChainSelector
  ) internal view virtual {
    if (!isSupportedChain(remoteChainSelector)) revert ChainNotAllowed(remoteChainSelector);
    if (!(msg.sender == s_router.getOnRamp(remoteChainSelector))) revert CallerIsNotARampOnRouter(msg.sender);
  }

  /// @notice Checks whether remote chain selector is configured on this contract, and if the msg.sender
  /// is a permissioned offRamp for the given chain on the Router.
  /// @dev This function is marked virtual as other token pools may inherit from this contract, but do
  /// not receive calls from the ramps directly, instead receiving them from a proxy contract. In that
  /// situation this function must be overridden and the ramp-check removed and replaced with a different
  /// access-control scheme.
  function _onlyOffRamp(
    uint64 remoteChainSelector
  ) internal view virtual {
    if (!isSupportedChain(remoteChainSelector)) revert ChainNotAllowed(remoteChainSelector);
    if (!s_router.isOffRamp(remoteChainSelector, msg.sender)) revert CallerIsNotARampOnRouter(msg.sender);
  }

  // ================================================================
  // │                          Allowlist                           │
  // ================================================================

  function _checkAllowList(
    address sender
  ) internal view {
    if (i_allowlistEnabled) {
      if (!s_allowlist.contains(sender)) {
        revert SenderNotAllowed(sender);
      }
    }
  }

  /// @notice Gets whether the allowlist functionality is enabled.
  /// @return true is enabled, false if not.
  function getAllowListEnabled() external view returns (bool) {
    return i_allowlistEnabled;
  }

  /// @notice Gets the allowed addresses.
  /// @return The allowed addresses.
  function getAllowList() external view returns (address[] memory) {
    return s_allowlist.values();
  }

  /// @notice Apply updates to the allow list.
  /// @param removes The addresses to be removed.
  /// @param adds The addresses to be added.
  function applyAllowListUpdates(address[] calldata removes, address[] calldata adds) external onlyOwner {
    _applyAllowListUpdates(removes, adds);
  }

  /// @notice Internal version of applyAllowListUpdates to allow for reuse in the constructor.
  function _applyAllowListUpdates(address[] memory removes, address[] memory adds) internal {
    if (!i_allowlistEnabled) revert AllowListNotEnabled();

    for (uint256 i = 0; i < removes.length; ++i) {
      address toRemove = removes[i];
      if (s_allowlist.remove(toRemove)) {
        emit AllowListRemove(toRemove);
      }
    }
    for (uint256 i = 0; i < adds.length; ++i) {
      address toAdd = adds[i];
      if (toAdd == address(0)) {
        continue;
      }
      if (s_allowlist.add(toAdd)) {
        emit AllowListAdd(toAdd);
      }
    }
  }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {ConfirmedOwnerWithProposal} from "./ConfirmedOwnerWithProposal.sol";

/// @title The ConfirmedOwner contract
/// @notice A contract with helpers for basic contract ownership.
contract ConfirmedOwner is ConfirmedOwnerWithProposal {
  constructor(
    address newOwner
  ) ConfirmedOwnerWithProposal(newOwner, address(0)) {}
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {IOwnable} from "../interfaces/IOwnable.sol";

/// @title The ConfirmedOwner contract
/// @notice A contract with helpers for basic contract ownership.
contract ConfirmedOwnerWithProposal is IOwnable {
  address private s_owner;
  address private s_pendingOwner;

  event OwnershipTransferRequested(address indexed from, address indexed to);
  event OwnershipTransferred(address indexed from, address indexed to);

  constructor(address newOwner, address pendingOwner) {
    // solhint-disable-next-line gas-custom-errors
    require(newOwner != address(0), "Cannot set owner to zero");

    s_owner = newOwner;
    if (pendingOwner != address(0)) {
      _transferOwnership(pendingOwner);
    }
  }

  /// @notice Allows an owner to begin transferring ownership to a new address.
  function transferOwnership(
    address to
  ) public override onlyOwner {
    _transferOwnership(to);
  }

  /// @notice Allows an ownership transfer to be completed by the recipient.
  function acceptOwnership() external override {
    // solhint-disable-next-line gas-custom-errors
    require(msg.sender == s_pendingOwner, "Must be proposed owner");

    address oldOwner = s_owner;
    s_owner = msg.sender;
    s_pendingOwner = address(0);

    emit OwnershipTransferred(oldOwner, msg.sender);
  }

  /// @notice Get the current owner
  function owner() public view override returns (address) {
    return s_owner;
  }

  /// @notice validate, transfer ownership, and emit relevant events
  function _transferOwnership(
    address to
  ) private {
    // solhint-disable-next-line gas-custom-errors
    require(to != msg.sender, "Cannot transfer to self");

    s_pendingOwner = to;

    emit OwnershipTransferRequested(s_owner, to);
  }

  /// @notice validate access
  function _validateOwnership() internal view {
    // solhint-disable-next-line gas-custom-errors
    require(msg.sender == s_owner, "Only callable by owner");
  }

  /// @notice Reverts if called by anyone other than the contract owner.
  modifier onlyOwner() {
    _validateOwnership();
    _;
  }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

import {IOwnable} from "../interfaces/IOwnable.sol";

/// @notice A minimal contract that implements 2-step ownership transfer and nothing more. It's made to be minimal
/// to reduce the impact of the bytecode size on any contract that inherits from it.
contract Ownable2Step is IOwnable {
  /// @notice The pending owner is the address to which ownership may be transferred.
  address private s_pendingOwner;
  /// @notice The owner is the current owner of the contract.
  /// @dev The owner is the second storage variable so any implementing contract could pack other state with it
  /// instead of the much less used s_pendingOwner.
  address private s_owner;

  error OwnerCannotBeZero();
  error MustBeProposedOwner();
  error CannotTransferToSelf();
  error OnlyCallableByOwner();

  event OwnershipTransferRequested(address indexed from, address indexed to);
  event OwnershipTransferred(address indexed from, address indexed to);

  constructor(address newOwner, address pendingOwner) {
    if (newOwner == address(0)) {
      revert OwnerCannotBeZero();
    }

    s_owner = newOwner;
    if (pendingOwner != address(0)) {
      _transferOwnership(pendingOwner);
    }
  }

  /// @notice Get the current owner
  function owner() public view override returns (address) {
    return s_owner;
  }

  /// @notice Allows an owner to begin transferring ownership to a new address. The new owner needs to call
  /// `acceptOwnership` to accept the transfer before any permissions are changed.
  /// @param to The address to which ownership will be transferred.
  function transferOwnership(
    address to
  ) public override onlyOwner {
    _transferOwnership(to);
  }

  /// @notice validate, transfer ownership, and emit relevant events
  /// @param to The address to which ownership will be transferred.
  function _transferOwnership(
    address to
  ) private {
    if (to == msg.sender) {
      revert CannotTransferToSelf();
    }

    s_pendingOwner = to;

    emit OwnershipTransferRequested(s_owner, to);
  }

  /// @notice Allows an ownership transfer to be completed by the recipient.
  function acceptOwnership() external override {
    if (msg.sender != s_pendingOwner) {
      revert MustBeProposedOwner();
    }

    address oldOwner = s_owner;
    s_owner = msg.sender;
    s_pendingOwner = address(0);

    emit OwnershipTransferred(oldOwner, msg.sender);
  }

  /// @notice validate access
  function _validateOwnership() internal view {
    if (msg.sender != s_owner) {
      revert OnlyCallableByOwner();
    }
  }

  /// @notice Reverts if called by anyone other than the contract owner.
  modifier onlyOwner() {
    _validateOwnership();
    _;
  }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

import {Ownable2Step} from "./Ownable2Step.sol";

/// @notice Sets the msg.sender to be the owner of the contract and does not set a pending owner.
contract Ownable2StepMsgSender is Ownable2Step {
  constructor() Ownable2Step(msg.sender, address(0)) {}
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {ConfirmedOwner} from "./ConfirmedOwner.sol";

/// @title The OwnerIsCreator contract
/// @notice A contract with helpers for basic contract ownership.
contract OwnerIsCreator is ConfirmedOwner {
  constructor() ConfirmedOwner(msg.sender) {}
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface IOwnable {
  function owner() external returns (address);

  function transferOwnership(
    address recipient
  ) external;

  function acceptOwnership() external;
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface ITypeAndVersion {
  function typeAndVersion() external pure returns (string memory);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {IERC20} from "@openzeppelin/[email protected]/token/ERC20/IERC20.sol";

interface IBurnMintERC20 is IERC20 {
  /// @notice Mints new tokens for a given address.
  /// @param account The address to mint the new tokens to.
  /// @param amount The number of tokens to be minted.
  /// @dev this function increases the total supply.
  function mint(address account, uint256 amount) external;

  /// @notice Burns tokens from the sender.
  /// @param amount The number of tokens to be burned.
  /// @dev this function decreases the total supply.
  function burn(
    uint256 amount
  ) external;

  /// @notice Burns tokens from a given address..
  /// @param account The address to burn tokens from.
  /// @param amount The number of tokens to be burned.
  /// @dev this function decreases the total supply.
  function burn(address account, uint256 amount) external;

  /// @notice Burns tokens from a given address..
  /// @param account The address to burn tokens from.
  /// @param amount The number of tokens to be burned.
  /// @dev this function decreases the total supply.
  function burnFrom(address account, uint256 amount) external;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (access/AccessControl.sol)

pragma solidity ^0.8.20;

import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module that allows children to implement role-based access
 * control mechanisms. This is a lightweight version that doesn't allow enumerating role
 * members except through off-chain means by accessing the contract event logs. Some
 * applications may benefit from on-chain enumerability, for those cases see
 * {AccessControlEnumerable}.
 *
 * Roles are referred to by their `bytes32` identifier. These should be exposed
 * in the external API and be unique. The best way to achieve this is by
 * using `public constant` hash digests:
 *
 * ```solidity
 * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
 * ```
 *
 * Roles can be used to represent a set of permissions. To restrict access to a
 * function call, use {hasRole}:
 *
 * ```solidity
 * function foo() public {
 *     require(hasRole(MY_ROLE, msg.sender));
 *     ...
 * }
 * ```
 *
 * Roles can be granted and revoked dynamically via the {grantRole} and
 * {revokeRole} functions. Each role has an associated admin role, and only
 * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
 *
 * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
 * that only accounts with this role will be able to grant or revoke other
 * roles. More complex role relationships can be created by using
 * {_setRoleAdmin}.
 *
 * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
 * grant and revoke this role. Extra precautions should be taken to secure
 * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
 * to enforce additional security measures for this role.
 */
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
    struct RoleData {
        mapping(address account => bool) hasRole;
        bytes32 adminRole;
    }

    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;


    /// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
    struct AccessControlStorage {
        mapping(bytes32 role => RoleData) _roles;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;

    function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
        assembly {
            $.slot := AccessControlStorageLocation
        }
    }

    /**
     * @dev Modifier that checks that an account has a specific role. Reverts
     * with an {AccessControlUnauthorizedAccount} error including the required role.
     */
    modifier onlyRole(bytes32 role) {
        _checkRole(role);
        _;
    }

    function __AccessControl_init() internal onlyInitializing {
    }

    function __AccessControl_init_unchained() internal onlyInitializing {
    }
    /// @inheritdoc IERC165
    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
    }

    /**
     * @dev Returns `true` if `account` has been granted `role`.
     */
    function hasRole(bytes32 role, address account) public view virtual returns (bool) {
        AccessControlStorage storage $ = _getAccessControlStorage();
        return $._roles[role].hasRole[account];
    }

    /**
     * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
     * is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
     */
    function _checkRole(bytes32 role) internal view virtual {
        _checkRole(role, _msgSender());
    }

    /**
     * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
     * is missing `role`.
     */
    function _checkRole(bytes32 role, address account) internal view virtual {
        if (!hasRole(role, account)) {
            revert AccessControlUnauthorizedAccount(account, role);
        }
    }

    /**
     * @dev Returns the admin role that controls `role`. See {grantRole} and
     * {revokeRole}.
     *
     * To change a role's admin, use {_setRoleAdmin}.
     */
    function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
        AccessControlStorage storage $ = _getAccessControlStorage();
        return $._roles[role].adminRole;
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     *
     * May emit a {RoleGranted} event.
     */
    function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
        _grantRole(role, account);
    }

    /**
     * @dev Revokes `role` from `account`.
     *
     * If `account` had been granted `role`, emits a {RoleRevoked} event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     *
     * May emit a {RoleRevoked} event.
     */
    function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
        _revokeRole(role, account);
    }

    /**
     * @dev Revokes `role` from the calling account.
     *
     * Roles are often managed via {grantRole} and {revokeRole}: this function's
     * purpose is to provide a mechanism for accounts to lose their privileges
     * if they are compromised (such as when a trusted device is misplaced).
     *
     * If the calling account had been revoked `role`, emits a {RoleRevoked}
     * event.
     *
     * Requirements:
     *
     * - the caller must be `callerConfirmation`.
     *
     * May emit a {RoleRevoked} event.
     */
    function renounceRole(bytes32 role, address callerConfirmation) public virtual {
        if (callerConfirmation != _msgSender()) {
            revert AccessControlBadConfirmation();
        }

        _revokeRole(role, callerConfirmation);
    }

    /**
     * @dev Sets `adminRole` as ``role``'s admin role.
     *
     * Emits a {RoleAdminChanged} event.
     */
    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
        AccessControlStorage storage $ = _getAccessControlStorage();
        bytes32 previousAdminRole = getRoleAdmin(role);
        $._roles[role].adminRole = adminRole;
        emit RoleAdminChanged(role, previousAdminRole, adminRole);
    }

    /**
     * @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
     *
     * Internal function without access restriction.
     *
     * May emit a {RoleGranted} event.
     */
    function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
        AccessControlStorage storage $ = _getAccessControlStorage();
        if (!hasRole(role, account)) {
            $._roles[role].hasRole[account] = true;
            emit RoleGranted(role, account, _msgSender());
            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Attempts to revoke `role` from `account` and returns a boolean indicating if `role` was revoked.
     *
     * Internal function without access restriction.
     *
     * May emit a {RoleRevoked} event.
     */
    function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
        AccessControlStorage storage $ = _getAccessControlStorage();
        if (hasRole(role, account)) {
            $._roles[role].hasRole[account] = false;
            emit RoleRevoked(role, account, _msgSender());
            return true;
        } else {
            return false;
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.20;

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```solidity
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 *
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
    /**
     * @dev Storage of the initializable contract.
     *
     * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
     * when using with upgradeable contracts.
     *
     * @custom:storage-location erc7201:openzeppelin.storage.Initializable
     */
    struct InitializableStorage {
        /**
         * @dev Indicates that the contract has been initialized.
         */
        uint64 _initialized;
        /**
         * @dev Indicates that the contract is in the process of being initialized.
         */
        bool _initializing;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;

    /**
     * @dev The contract is already initialized.
     */
    error InvalidInitialization();

    /**
     * @dev The contract is not initializing.
     */
    error NotInitializing();

    /**
     * @dev Triggered when the contract has been initialized or reinitialized.
     */
    event Initialized(uint64 version);

    /**
     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
     * `onlyInitializing` functions can be used to initialize parent contracts.
     *
     * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
     * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
     * production.
     *
     * Emits an {Initialized} event.
     */
    modifier initializer() {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        // Cache values to avoid duplicated sloads
        bool isTopLevelCall = !$._initializing;
        uint64 initialized = $._initialized;

        // Allowed calls:
        // - initialSetup: the contract is not in the initializing state and no previous version was
        //                 initialized
        // - construction: the contract is initialized at version 1 (no reinitialization) and the
        //                 current contract is just being deployed
        bool initialSetup = initialized == 0 && isTopLevelCall;
        bool construction = initialized == 1 && address(this).code.length == 0;

        if (!initialSetup && !construction) {
            revert InvalidInitialization();
        }
        $._initialized = 1;
        if (isTopLevelCall) {
            $._initializing = true;
        }
        _;
        if (isTopLevelCall) {
            $._initializing = false;
            emit Initialized(1);
        }
    }

    /**
     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
     * used to initialize parent contracts.
     *
     * A reinitializer may be used after the original initialization step. This is essential to configure modules that
     * are added through upgrades and that require initialization.
     *
     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
     * cannot be nested. If one is invoked in the context of another, execution will revert.
     *
     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
     * a contract, executing them in the right order is up to the developer or operator.
     *
     * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
     *
     * Emits an {Initialized} event.
     */
    modifier reinitializer(uint64 version) {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing || $._initialized >= version) {
            revert InvalidInitialization();
        }
        $._initialized = version;
        $._initializing = true;
        _;
        $._initializing = false;
        emit Initialized(version);
    }

    /**
     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
     * {initializer} and {reinitializer} modifiers, directly or indirectly.
     */
    modifier onlyInitializing() {
        _checkInitializing();
        _;
    }

    /**
     * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
     */
    function _checkInitializing() internal view virtual {
        if (!_isInitializing()) {
            revert NotInitializing();
        }
    }

    /**
     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
     * through proxies.
     *
     * Emits an {Initialized} event the first time it is successfully executed.
     */
    function _disableInitializers() internal virtual {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing) {
            revert InvalidInitialization();
        }
        if ($._initialized != type(uint64).max) {
            $._initialized = type(uint64).max;
            emit Initialized(type(uint64).max);
        }
    }

    /**
     * @dev Returns the highest version that has been initialized. See {reinitializer}.
     */
    function _getInitializedVersion() internal view returns (uint64) {
        return _getInitializableStorage()._initialized;
    }

    /**
     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
     */
    function _isInitializing() internal view returns (bool) {
        return _getInitializableStorage()._initializing;
    }

    /**
     * @dev Pointer to storage slot. Allows integrators to override it with a custom storage location.
     *
     * NOTE: Consider following the ERC-7201 formula to derive storage locations.
     */
    function _initializableStorageSlot() internal pure virtual returns (bytes32) {
        return INITIALIZABLE_STORAGE;
    }

    /**
     * @dev Returns a pointer to the storage namespace.
     */
    // solhint-disable-next-line var-name-mixedcase
    function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
        bytes32 slot = _initializableStorageSlot();
        assembly {
            $.slot := slot
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/UUPSUpgradeable.sol)

pragma solidity ^0.8.22;

import {IERC1822Proxiable} from "@openzeppelin/contracts/interfaces/draft-IERC1822.sol";
import {ERC1967Utils} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol";
import {Initializable} from "./Initializable.sol";

/**
 * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
 * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
 *
 * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
 * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
 * `UUPSUpgradeable` with a custom implementation of upgrades.
 *
 * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
 */
abstract contract UUPSUpgradeable is Initializable, IERC1822Proxiable {
    /// @custom:oz-upgrades-unsafe-allow state-variable-immutable
    address private immutable __self = address(this);

    /**
     * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgradeTo(address)`
     * and `upgradeToAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called,
     * while `upgradeToAndCall` will invoke the `receive` function if the second argument is the empty byte string.
     * If the getter returns `"5.0.0"`, only `upgradeToAndCall(address,bytes)` is present, and the second argument must
     * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
     * during an upgrade.
     */
    string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";

    /**
     * @dev The call is from an unauthorized context.
     */
    error UUPSUnauthorizedCallContext();

    /**
     * @dev The storage `slot` is unsupported as a UUID.
     */
    error UUPSUnsupportedProxiableUUID(bytes32 slot);

    /**
     * @dev Check that the execution is being performed through a delegatecall call and that the execution context is
     * a proxy contract with an implementation (as defined in ERC-1967) pointing to self. This should only be the case
     * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
     * function through ERC-1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
     * fail.
     */
    modifier onlyProxy() {
        _checkProxy();
        _;
    }

    /**
     * @dev Check that the execution is not being performed through a delegate call. This allows a function to be
     * callable on the implementing contract but not through proxies.
     */
    modifier notDelegated() {
        _checkNotDelegated();
        _;
    }

    function __UUPSUpgradeable_init() internal onlyInitializing {
    }

    function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev Implementation of the ERC-1822 {proxiableUUID} function. This returns the storage slot used by the
     * implementation. It is used to validate the implementation's compatibility when performing an upgrade.
     *
     * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
     * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
     * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
     */
    function proxiableUUID() external view virtual notDelegated returns (bytes32) {
        return ERC1967Utils.IMPLEMENTATION_SLOT;
    }

    /**
     * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
     * encoded in `data`.
     *
     * Calls {_authorizeUpgrade}.
     *
     * Emits an {Upgraded} event.
     *
     * @custom:oz-upgrades-unsafe-allow-reachable delegatecall
     */
    function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
        _authorizeUpgrade(newImplementation);
        _upgradeToAndCallUUPS(newImplementation, data);
    }

    /**
     * @dev Reverts if the execution is not performed via delegatecall or the execution
     * context is not of a proxy with an ERC-1967 compliant implementation pointing to self.
     */
    function _checkProxy() internal view virtual {
        if (
            address(this) == __self || // Must be called through delegatecall
            ERC1967Utils.getImplementation() != __self // Must be called through an active proxy
        ) {
            revert UUPSUnauthorizedCallContext();
        }
    }

    /**
     * @dev Reverts if the execution is performed via delegatecall.
     * See {notDelegated}.
     */
    function _checkNotDelegated() internal view virtual {
        if (address(this) != __self) {
            // Must not be called through delegatecall
            revert UUPSUnauthorizedCallContext();
        }
    }

    /**
     * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
     * {upgradeToAndCall}.
     *
     * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
     *
     * ```solidity
     * function _authorizeUpgrade(address) internal onlyOwner {}
     * ```
     */
    function _authorizeUpgrade(address newImplementation) internal virtual;

    /**
     * @dev Performs an implementation upgrade with a security check for UUPS proxies, and additional setup call.
     *
     * As a security check, {proxiableUUID} is invoked in the new implementation, and the return value
     * is expected to be the implementation slot in ERC-1967.
     *
     * Emits an {IERC1967-Upgraded} event.
     */
    function _upgradeToAndCallUUPS(address newImplementation, bytes memory data) private {
        try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
            if (slot != ERC1967Utils.IMPLEMENTATION_SLOT) {
                revert UUPSUnsupportedProxiableUUID(slot);
            }
            ERC1967Utils.upgradeToAndCall(newImplementation, data);
        } catch {
            // The implementation is not UUPS
            revert ERC1967Utils.ERC1967InvalidImplementation(newImplementation);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ContextUpgradeable} from "../../utils/ContextUpgradeable.sol";
import {IERC20Errors} from "@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC-20
 * applications.
 */
abstract contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20, IERC20Metadata, IERC20Errors {
    /// @custom:storage-location erc7201:openzeppelin.storage.ERC20
    struct ERC20Storage {
        mapping(address account => uint256) _balances;

        mapping(address account => mapping(address spender => uint256)) _allowances;

        uint256 _totalSupply;

        string _name;
        string _symbol;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant ERC20StorageLocation = 0x52c63247e1f47db19d5ce0460030c497f067ca4cebf71ba98eeadabe20bace00;

    function _getERC20Storage() private pure returns (ERC20Storage storage $) {
        assembly {
            $.slot := ERC20StorageLocation
        }
    }

    /**
     * @dev Sets the values for {name} and {symbol}.
     *
     * Both values are immutable: they can only be set once during construction.
     */
    function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
        __ERC20_init_unchained(name_, symbol_);
    }

    function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
        ERC20Storage storage $ = _getERC20Storage();
        $._name = name_;
        $._symbol = symbol_;
    }

    /**
     * @dev Returns the name of the token.
     */
    function name() public view virtual returns (string memory) {
        ERC20Storage storage $ = _getERC20Storage();
        return $._name;
    }

    /**
     * @dev Returns the symbol of the token, usually a shorter version of the
     * name.
     */
    function symbol() public view virtual returns (string memory) {
        ERC20Storage storage $ = _getERC20Storage();
        return $._symbol;
    }

    /**
     * @dev Returns the number of decimals used to get its user representation.
     * For example, if `decimals` equals `2`, a balance of `505` tokens should
     * be displayed to a user as `5.05` (`505 / 10 ** 2`).
     *
     * Tokens usually opt for a value of 18, imitating the relationship between
     * Ether and Wei. This is the default value returned by this function, unless
     * it's overridden.
     *
     * NOTE: This information is only used for _display_ purposes: it in
     * no way affects any of the arithmetic of the contract, including
     * {IERC20-balanceOf} and {IERC20-transfer}.
     */
    function decimals() public view virtual returns (uint8) {
        return 18;
    }

    /// @inheritdoc IERC20
    function totalSupply() public view virtual returns (uint256) {
        ERC20Storage storage $ = _getERC20Storage();
        return $._totalSupply;
    }

    /// @inheritdoc IERC20
    function balanceOf(address account) public view virtual returns (uint256) {
        ERC20Storage storage $ = _getERC20Storage();
        return $._balances[account];
    }

    /**
     * @dev See {IERC20-transfer}.
     *
     * Requirements:
     *
     * - `to` cannot be the zero address.
     * - the caller must have a balance of at least `value`.
     */
    function transfer(address to, uint256 value) public virtual returns (bool) {
        address owner = _msgSender();
        _transfer(owner, to, value);
        return true;
    }

    /// @inheritdoc IERC20
    function allowance(address owner, address spender) public view virtual returns (uint256) {
        ERC20Storage storage $ = _getERC20Storage();
        return $._allowances[owner][spender];
    }

    /**
     * @dev See {IERC20-approve}.
     *
     * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
     * `transferFrom`. This is semantically equivalent to an infinite approval.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function approve(address spender, uint256 value) public virtual returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, value);
        return true;
    }

    /**
     * @dev See {IERC20-transferFrom}.
     *
     * Skips emitting an {Approval} event indicating an allowance update. This is not
     * required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].
     *
     * NOTE: Does not update the allowance if the current allowance
     * is the maximum `uint256`.
     *
     * Requirements:
     *
     * - `from` and `to` cannot be the zero address.
     * - `from` must have a balance of at least `value`.
     * - the caller must have allowance for ``from``'s tokens of at least
     * `value`.
     */
    function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
        address spender = _msgSender();
        _spendAllowance(from, spender, value);
        _transfer(from, to, value);
        return true;
    }

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to`.
     *
     * This internal function is equivalent to {transfer}, and can be used to
     * e.g. implement automatic token fees, slashing mechanisms, etc.
     *
     * Emits a {Transfer} event.
     *
     * NOTE: This function is not virtual, {_update} should be overridden instead.
     */
    function _transfer(address from, address to, uint256 value) internal {
        if (from == address(0)) {
            revert ERC20InvalidSender(address(0));
        }
        if (to == address(0)) {
            revert ERC20InvalidReceiver(address(0));
        }
        _update(from, to, value);
    }

    /**
     * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
     * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
     * this function.
     *
     * Emits a {Transfer} event.
     */
    function _update(address from, address to, uint256 value) internal virtual {
        ERC20Storage storage $ = _getERC20Storage();
        if (from == address(0)) {
            // Overflow check required: The rest of the code assumes that totalSupply never overflows
            $._totalSupply += value;
        } else {
            uint256 fromBalance = $._balances[from];
            if (fromBalance < value) {
                revert ERC20InsufficientBalance(from, fromBalance, value);
            }
            unchecked {
                // Overflow not possible: value <= fromBalance <= totalSupply.
                $._balances[from] = fromBalance - value;
            }
        }

        if (to == address(0)) {
            unchecked {
                // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
                $._totalSupply -= value;
            }
        } else {
            unchecked {
                // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
                $._balances[to] += value;
            }
        }

        emit Transfer(from, to, value);
    }

    /**
     * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
     * Relies on the `_update` mechanism
     *
     * Emits a {Transfer} event with `from` set to the zero address.
     *
     * NOTE: This function is not virtual, {_update} should be overridden instead.
     */
    function _mint(address account, uint256 value) internal {
        if (account == address(0)) {
            revert ERC20InvalidReceiver(address(0));
        }
        _update(address(0), account, value);
    }

    /**
     * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
     * Relies on the `_update` mechanism.
     *
     * Emits a {Transfer} event with `to` set to the zero address.
     *
     * NOTE: This function is not virtual, {_update} should be overridden instead
     */
    function _burn(address account, uint256 value) internal {
        if (account == address(0)) {
            revert ERC20InvalidSender(address(0));
        }
        _update(account, address(0), value);
    }

    /**
     * @dev Sets `value` as the allowance of `spender` over the `owner`'s tokens.
     *
     * This internal function is equivalent to `approve`, and can be used to
     * e.g. set automatic allowances for certain subsystems, etc.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `owner` cannot be the zero address.
     * - `spender` cannot be the zero address.
     *
     * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
     */
    function _approve(address owner, address spender, uint256 value) internal {
        _approve(owner, spender, value, true);
    }

    /**
     * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
     *
     * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
     * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
     * `Approval` event during `transferFrom` operations.
     *
     * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
     * true using the following override:
     *
     * ```solidity
     * function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
     *     super._approve(owner, spender, value, true);
     * }
     * ```
     *
     * Requirements are the same as {_approve}.
     */
    function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
        ERC20Storage storage $ = _getERC20Storage();
        if (owner == address(0)) {
            revert ERC20InvalidApprover(address(0));
        }
        if (spender == address(0)) {
            revert ERC20InvalidSpender(address(0));
        }
        $._allowances[owner][spender] = value;
        if (emitEvent) {
            emit Approval(owner, spender, value);
        }
    }

    /**
     * @dev Updates `owner`'s allowance for `spender` based on spent `value`.
     *
     * Does not update the allowance value in case of infinite allowance.
     * Revert if not enough allowance is available.
     *
     * Does not emit an {Approval} event.
     */
    function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
        uint256 currentAllowance = allowance(owner, spender);
        if (currentAllowance < type(uint256).max) {
            if (currentAllowance < value) {
                revert ERC20InsufficientAllowance(spender, currentAllowance, value);
            }
            unchecked {
                _approve(owner, spender, currentAllowance - value, false);
            }
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/extensions/ERC4626.sol)

pragma solidity ^0.8.20;

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ERC20Upgradeable} from "../ERC20Upgradeable.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
import {Initializable} from "../../../proxy/utils/Initializable.sol";

/**
 * @dev Implementation of the ERC-4626 "Tokenized Vault Standard" as defined in
 * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
 *
 * This extension allows the minting and burning of "shares" (represented using the ERC-20 inheritance) in exchange for
 * underlying "assets" through standardized {deposit}, {mint}, {redeem} and {burn} workflows. This contract extends
 * the ERC-20 standard. Any additional extensions included along it would affect the "shares" token represented by this
 * contract and not the "assets" token which is an independent contract.
 *
 * [CAUTION]
 * ====
 * In empty (or nearly empty) ERC-4626 vaults, deposits are at high risk of being stolen through frontrunning
 * with a "donation" to the vault that inflates the price of a share. This is variously known as a donation or inflation
 * attack and is essentially a problem of slippage. Vault deployers can protect against this attack by making an initial
 * deposit of a non-trivial amount of the asset, such that price manipulation becomes infeasible. Withdrawals may
 * similarly be affected by slippage. Users can protect against this attack as well as unexpected slippage in general by
 * verifying the amount received is as expected, using a wrapper that performs these checks such as
 * https://github.com/fei-protocol/ERC4626#erc4626router-and-base[ERC4626Router].
 *
 * Since v4.9, this implementation introduces configurable virtual assets and shares to help developers mitigate that risk.
 * The `_decimalsOffset()` corresponds to an offset in the decimal representation between the underlying asset's decimals
 * and the vault decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which
 * itself determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default
 * offset (0) makes it non-profitable even if an attacker is able to capture value from multiple user deposits, as a result
 * of the value being captured by the virtual shares (out of the attacker's donation) matching the attacker's expected gains.
 * With a larger offset, the attack becomes orders of magnitude more expensive than it is profitable. More details about the
 * underlying math can be found xref:ROOT:erc4626.adoc#inflation-attack[here].
 *
 * The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued
 * to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets
 * will cause the first user to exit to experience reduced losses in detriment to the last users that will experience
 * bigger losses. Developers willing to revert back to the pre-v4.9 behavior just need to override the
 * `_convertToShares` and `_convertToAssets` functions.
 *
 * To learn more, check out our xref:ROOT:erc4626.adoc[ERC-4626 guide].
 * ====
 */
abstract contract ERC4626Upgradeable is Initializable, ERC20Upgradeable, IERC4626 {
    using Math for uint256;

    /// @custom:storage-location erc7201:openzeppelin.storage.ERC4626
    struct ERC4626Storage {
        IERC20 _asset;
        uint8 _underlyingDecimals;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC4626")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant ERC4626StorageLocation = 0x0773e532dfede91f04b12a73d3d2acd361424f41f76b4fb79f090161e36b4e00;

    function _getERC4626Storage() private pure returns (ERC4626Storage storage $) {
        assembly {
            $.slot := ERC4626StorageLocation
        }
    }

    /**
     * @dev Attempted to deposit more assets than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxDeposit(address receiver, uint256 assets, uint256 max);

    /**
     * @dev Attempted to mint more shares than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxMint(address receiver, uint256 shares, uint256 max);

    /**
     * @dev Attempted to withdraw more assets than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxWithdraw(address owner, uint256 assets, uint256 max);

    /**
     * @dev Attempted to redeem more shares than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxRedeem(address owner, uint256 shares, uint256 max);

    /**
     * @dev Set the underlying asset contract. This must be an ERC20-compatible contract (ERC-20 or ERC-777).
     */
    function __ERC4626_init(IERC20 asset_) internal onlyInitializing {
        __ERC4626_init_unchained(asset_);
    }

    function __ERC4626_init_unchained(IERC20 asset_) internal onlyInitializing {
        ERC4626Storage storage $ = _getERC4626Storage();
        (bool success, uint8 assetDecimals) = _tryGetAssetDecimals(asset_);
        $._underlyingDecimals = success ? assetDecimals : 18;
        $._asset = asset_;
    }

    /**
     * @dev Attempts to fetch the asset decimals. A return value of false indicates that the attempt failed in some way.
     */
    function _tryGetAssetDecimals(IERC20 asset_) private view returns (bool ok, uint8 assetDecimals) {
        (bool success, bytes memory encodedDecimals) = address(asset_).staticcall(
            abi.encodeCall(IERC20Metadata.decimals, ())
        );
        if (success && encodedDecimals.length >= 32) {
            uint256 returnedDecimals = abi.decode(encodedDecimals, (uint256));
            if (returnedDecimals <= type(uint8).max) {
                return (true, uint8(returnedDecimals));
            }
        }
        return (false, 0);
    }

    /**
     * @dev Decimals are computed by adding the decimal offset on top of the underlying asset's decimals. This
     * "original" value is cached during construction of the vault contract. If this read operation fails (e.g., the
     * asset has not been created yet), a default of 18 is used to represent the underlying asset's decimals.
     *
     * See {IERC20Metadata-decimals}.
     */
    function decimals() public view virtual override(IERC20Metadata, ERC20Upgradeable) returns (uint8) {
        ERC4626Storage storage $ = _getERC4626Storage();
        return $._underlyingDecimals + _decimalsOffset();
    }

    /// @inheritdoc IERC4626
    function asset() public view virtual returns (address) {
        ERC4626Storage storage $ = _getERC4626Storage();
        return address($._asset);
    }

    /// @inheritdoc IERC4626
    function totalAssets() public view virtual returns (uint256) {
        return IERC20(asset()).balanceOf(address(this));
    }

    /// @inheritdoc IERC4626
    function convertToShares(uint256 assets) public view virtual returns (uint256) {
        return _convertToShares(assets, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function convertToAssets(uint256 shares) public view virtual returns (uint256) {
        return _convertToAssets(shares, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function maxDeposit(address) public view virtual returns (uint256) {
        return type(uint256).max;
    }

    /// @inheritdoc IERC4626
    function maxMint(address) public view virtual returns (uint256) {
        return type(uint256).max;
    }

    /// @inheritdoc IERC4626
    function maxWithdraw(address owner) public view virtual returns (uint256) {
        return _convertToAssets(balanceOf(owner), Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function maxRedeem(address owner) public view virtual returns (uint256) {
        return balanceOf(owner);
    }

    /// @inheritdoc IERC4626
    function previewDeposit(uint256 assets) public view virtual returns (uint256) {
        return _convertToShares(assets, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function previewMint(uint256 shares) public view virtual returns (uint256) {
        return _convertToAssets(shares, Math.Rounding.Ceil);
    }

    /// @inheritdoc IERC4626
    function previewWithdraw(uint256 assets) public view virtual returns (uint256) {
        return _convertToShares(assets, Math.Rounding.Ceil);
    }

    /// @inheritdoc IERC4626
    function previewRedeem(uint256 shares) public view virtual returns (uint256) {
        return _convertToAssets(shares, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function deposit(uint256 assets, address receiver) public virtual returns (uint256) {
        uint256 maxAssets = maxDeposit(receiver);
        if (assets > maxAssets) {
            revert ERC4626ExceededMaxDeposit(receiver, assets, maxAssets);
        }

        uint256 shares = previewDeposit(assets);
        _deposit(_msgSender(), receiver, assets, shares);

        return shares;
    }

    /// @inheritdoc IERC4626
    function mint(uint256 shares, address receiver) public virtual returns (uint256) {
        uint256 maxShares = maxMint(receiver);
        if (shares > maxShares) {
            revert ERC4626ExceededMaxMint(receiver, shares, maxShares);
        }

        uint256 assets = previewMint(shares);
        _deposit(_msgSender(), receiver, assets, shares);

        return assets;
    }

    /// @inheritdoc IERC4626
    function withdraw(uint256 assets, address receiver, address owner) public virtual returns (uint256) {
        uint256 maxAssets = maxWithdraw(owner);
        if (assets > maxAssets) {
            revert ERC4626ExceededMaxWithdraw(owner, assets, maxAssets);
        }

        uint256 shares = previewWithdraw(assets);
        _withdraw(_msgSender(), receiver, owner, assets, shares);

        return shares;
    }

    /// @inheritdoc IERC4626
    function redeem(uint256 shares, address receiver, address owner) public virtual returns (uint256) {
        uint256 maxShares = maxRedeem(owner);
        if (shares > maxShares) {
            revert ERC4626ExceededMaxRedeem(owner, shares, maxShares);
        }

        uint256 assets = previewRedeem(shares);
        _withdraw(_msgSender(), receiver, owner, assets, shares);

        return assets;
    }

    /**
     * @dev Internal conversion function (from assets to shares) with support for rounding direction.
     */
    function _convertToShares(uint256 assets, Math.Rounding rounding) internal view virtual returns (uint256) {
        return assets.mulDiv(totalSupply() + 10 ** _decimalsOffset(), totalAssets() + 1, rounding);
    }

    /**
     * @dev Internal conversion function (from shares to assets) with support for rounding direction.
     */
    function _convertToAssets(uint256 shares, Math.Rounding rounding) internal view virtual returns (uint256) {
        return shares.mulDiv(totalAssets() + 1, totalSupply() + 10 ** _decimalsOffset(), rounding);
    }

    /**
     * @dev Deposit/mint common workflow.
     */
    function _deposit(address caller, address receiver, uint256 assets, uint256 shares) internal virtual {
        // If asset() is ERC-777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the
        // `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer,
        // calls the vault, which is assumed not malicious.
        //
        // Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the
        // assets are transferred and before the shares are minted, which is a valid state.
        // slither-disable-next-line reentrancy-no-eth
        SafeERC20.safeTransferFrom(IERC20(asset()), caller, address(this), assets);
        _mint(receiver, shares);

        emit Deposit(caller, receiver, assets, shares);
    }

    /**
     * @dev Withdraw/redeem common workflow.
     */
    function _withdraw(
        address caller,
        address receiver,
        address owner,
        uint256 assets,
        uint256 shares
    ) internal virtual {
        if (caller != owner) {
            _spendAllowance(owner, caller, shares);
        }

        // If asset() is ERC-777, `transfer` can trigger a reentrancy AFTER the transfer happens through the
        // `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer,
        // calls the vault, which is assumed not malicious.
        //
        // Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the
        // shares are burned and after the assets are transferred, which is a valid state.
        _burn(owner, shares);
        SafeERC20.safeTransfer(IERC20(asset()), receiver, assets);

        emit Withdraw(caller, receiver, owner, assets, shares);
    }

    function _decimalsOffset() internal view virtual returns (uint8) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/introspection/ERC165.sol)

pragma solidity ^0.8.20;

import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";

/**
 * @dev Implementation of the {IERC165} interface.
 *
 * Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
 * for the additional interface id that will be supported. For example:
 *
 * ```solidity
 * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
 *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
 * }
 * ```
 */
abstract contract ERC165Upgradeable is Initializable, IERC165 {
    function __ERC165_init() internal onlyInitializing {
    }

    function __ERC165_init_unchained() internal onlyInitializing {
    }
    /// @inheritdoc IERC165
    function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
        return interfaceId == type(IERC165).interfaceId;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/Pausable.sol)

pragma solidity ^0.8.20;

import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which allows children to implement an emergency stop
 * mechanism that can be triggered by an authorized account.
 *
 * This module is used through inheritance. It will make available the
 * modifiers `whenNotPaused` and `whenPaused`, which can be applied to
 * the functions of your contract. Note that they will not be pausable by
 * simply including this module, only once the modifiers are put in place.
 */
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
    /// @custom:storage-location erc7201:openzeppelin.storage.Pausable
    struct PausableStorage {
        bool _paused;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;

    function _getPausableStorage() private pure returns (PausableStorage storage $) {
        assembly {
            $.slot := PausableStorageLocation
        }
    }

    /**
     * @dev Emitted when the pause is triggered by `account`.
     */
    event Paused(address account);

    /**
     * @dev Emitted when the pause is lifted by `account`.
     */
    event Unpaused(address account);

    /**
     * @dev The operation failed because the contract is paused.
     */
    error EnforcedPause();

    /**
     * @dev The operation failed because the contract is not paused.
     */
    error ExpectedPause();

    /**
     * @dev Modifier to make a function callable only when the contract is not paused.
     *
     * Requirements:
     *
     * - The contract must not be paused.
     */
    modifier whenNotPaused() {
        _requireNotPaused();
        _;
    }

    /**
     * @dev Modifier to make a function callable only when the contract is paused.
     *
     * Requirements:
     *
     * - The contract must be paused.
     */
    modifier whenPaused() {
        _requirePaused();
        _;
    }

    function __Pausable_init() internal onlyInitializing {
    }

    function __Pausable_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev Returns true if the contract is paused, and false otherwise.
     */
    function paused() public view virtual returns (bool) {
        PausableStorage storage $ = _getPausableStorage();
        return $._paused;
    }

    /**
     * @dev Throws if the contract is paused.
     */
    function _requireNotPaused() internal view virtual {
        if (paused()) {
            revert EnforcedPause();
        }
    }

    /**
     * @dev Throws if the contract is not paused.
     */
    function _requirePaused() internal view virtual {
        if (!paused()) {
            revert ExpectedPause();
        }
    }

    /**
     * @dev Triggers stopped state.
     *
     * Requirements:
     *
     * - The contract must not be paused.
     */
    function _pause() internal virtual whenNotPaused {
        PausableStorage storage $ = _getPausableStorage();
        $._paused = true;
        emit Paused(_msgSender());
    }

    /**
     * @dev Returns to normal state.
     *
     * Requirements:
     *
     * - The contract must be paused.
     */
    function _unpause() internal virtual whenPaused {
        PausableStorage storage $ = _getPausableStorage();
        $._paused = false;
        emit Unpaused(_msgSender());
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/ReentrancyGuard.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If EIP-1153 (transient storage) is available on the chain you're deploying at,
 * consider using {ReentrancyGuardTransient} instead.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuardUpgradeable is Initializable {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant NOT_ENTERED = 1;
    uint256 private constant ENTERED = 2;

    /// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuard
    struct ReentrancyGuardStorage {
        uint256 _status;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant ReentrancyGuardStorageLocation = 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;

    function _getReentrancyGuardStorage() private pure returns (ReentrancyGuardStorage storage $) {
        assembly {
            $.slot := ReentrancyGuardStorageLocation
        }
    }

    /**
     * @dev Unauthorized reentrant call.
     */
    error ReentrancyGuardReentrantCall();

    function __ReentrancyGuard_init() internal onlyInitializing {
        __ReentrancyGuard_init_unchained();
    }

    function __ReentrancyGuard_init_unchained() internal onlyInitializing {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        $._status = NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        // On the first call to nonReentrant, _status will be NOT_ENTERED
        if ($._status == ENTERED) {
            revert ReentrancyGuardReentrantCall();
        }

        // Any calls to nonReentrant after this point will fail
        $._status = ENTERED;
    }

    function _nonReentrantAfter() private {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        $._status = NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
        return $._status == ENTERED;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 */
interface IERC20Permit {
    /**
     * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
     * given ``owner``'s signed approval.
     *
     * IMPORTANT: The same issues {IERC20-approve} has related to transaction
     * ordering also apply here.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `deadline` must be a timestamp in the future.
     * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
     * over the EIP712-formatted function arguments.
     * - the signature must use ``owner``'s current nonce (see {nonces}).
     *
     * For more information on the signature format, see the
     * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
     * section].
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /**
     * @dev Returns the current nonce for `owner`. This value must be
     * included whenever a signature is generated for {permit}.
     *
     * Every successful call to {permit} increases ``owner``'s nonce by one. This
     * prevents a signature from being used multiple times.
     */
    function nonces(address owner) external view returns (uint256);

    /**
     * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity ^0.8.0;

import "../IERC20.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC20 standard.
 *
 * _Available since v4.1._
 */
interface IERC20Metadata is IERC20 {
    /**
     * @dev Returns the name of the token.
     */
    function name() external view returns (string memory);

    /**
     * @dev Returns the symbol of the token.
     */
    function symbol() external view returns (string memory);

    /**
     * @dev Returns the decimals places of the token.
     */
    function decimals() external view returns (uint8);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the amount of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the amount of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves `amount` tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 amount) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 amount) external returns (bool);

    /**
     * @dev Moves `amount` tokens from `from` to `to` using the
     * allowance mechanism. `amount` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(
        address from,
        address to,
        uint256 amount
    ) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.0;

import "../IERC20.sol";
import "../extensions/draft-IERC20Permit.sol";
import "../../../utils/Address.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    using Address for address;

    function safeTransfer(
        IERC20 token,
        address to,
        uint256 value
    ) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
    }

    function safeTransferFrom(
        IERC20 token,
        address from,
        address to,
        uint256 value
    ) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
    }

    /**
     * @dev Deprecated. This function has issues similar to the ones found in
     * {IERC20-approve}, and its usage is discouraged.
     *
     * Whenever possible, use {safeIncreaseAllowance} and
     * {safeDecreaseAllowance} instead.
     */
    function safeApprove(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        // safeApprove should only be called when setting an initial allowance,
        // or when resetting it to zero. To increase and decrease it, use
        // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
        require(
            (value == 0) || (token.allowance(address(this), spender) == 0),
            "SafeERC20: approve from non-zero to non-zero allowance"
        );
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
    }

    function safeIncreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        uint256 newAllowance = token.allowance(address(this), spender) + value;
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
    }

    function safeDecreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        unchecked {
            uint256 oldAllowance = token.allowance(address(this), spender);
            require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
            uint256 newAllowance = oldAllowance - value;
            _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
        }
    }

    function safePermit(
        IERC20Permit token,
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        uint256 nonceBefore = token.nonces(owner);
        token.permit(owner, spender, value, deadline, v, r, s);
        uint256 nonceAfter = token.nonces(owner);
        require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
        // the target address contains contract code and also asserts for success in the low-level call.

        bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
        if (returndata.length > 0) {
            // Return data is optional
            require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionDelegateCall(target, data, "Address: low-level delegate call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
     *
     * _Available since v4.8._
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        if (success) {
            if (returndata.length == 0) {
                // only check isContract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                require(isContract(target), "Address: call to non-contract");
            }
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason or using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    function _revert(bytes memory returndata, string memory errorMessage) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert(errorMessage);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
    /**
     * @dev Returns true if this contract implements the interface defined by
     * `interfaceId`. See the corresponding
     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
     * to learn more about how these ids are created.
     *
     * This function call must use less than 30 000 gas.
     */
    function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.

pragma solidity ^0.8.20;

/**
 * @dev Library for managing
 * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
 * types.
 *
 * Sets have the following properties:
 *
 * - Elements are added, removed, and checked for existence in constant time
 * (O(1)).
 * - Elements are enumerated in O(n). No guarantees are made on the ordering.
 *
 * ```solidity
 * contract Example {
 *     // Add the library methods
 *     using EnumerableSet for EnumerableSet.AddressSet;
 *
 *     // Declare a set state variable
 *     EnumerableSet.AddressSet private mySet;
 * }
 * ```
 *
 * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
 * and `uint256` (`UintSet`) are supported.
 *
 * [WARNING]
 * ====
 * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
 * unusable.
 * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
 *
 * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
 * array of EnumerableSet.
 * ====
 */
library EnumerableSet {
    // To implement this library for multiple types with as little code
    // repetition as possible, we write it in terms of a generic Set type with
    // bytes32 values.
    // The Set implementation uses private functions, and user-facing
    // implementations (such as AddressSet) are just wrappers around the
    // underlying Set.
    // This means that we can only create new EnumerableSets for types that fit
    // in bytes32.

    struct Set {
        // Storage of set values
        bytes32[] _values;
        // Position is the index of the value in the `values` array plus 1.
        // Position 0 is used to mean a value is not in the set.
        mapping(bytes32 value => uint256) _positions;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function _add(Set storage set, bytes32 value) private returns (bool) {
        if (!_contains(set, value)) {
            set._values.push(value);
            // The value is stored at length-1, but we add 1 to all indexes
            // and use 0 as a sentinel value
            set._positions[value] = set._values.length;
            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function _remove(Set storage set, bytes32 value) private returns (bool) {
        // We cache the value's position to prevent multiple reads from the same storage slot
        uint256 position = set._positions[value];

        if (position != 0) {
            // Equivalent to contains(set, value)
            // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
            // the array, and then remove the last element (sometimes called as 'swap and pop').
            // This modifies the order of the array, as noted in {at}.

            uint256 valueIndex = position - 1;
            uint256 lastIndex = set._values.length - 1;

            if (valueIndex != lastIndex) {
                bytes32 lastValue = set._values[lastIndex];

                // Move the lastValue to the index where the value to delete is
                set._values[valueIndex] = lastValue;
                // Update the tracked position of the lastValue (that was just moved)
                set._positions[lastValue] = position;
            }

            // Delete the slot where the moved value was stored
            set._values.pop();

            // Delete the tracked position for the deleted slot
            delete set._positions[value];

            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function _contains(Set storage set, bytes32 value) private view returns (bool) {
        return set._positions[value] != 0;
    }

    /**
     * @dev Returns the number of values on the set. O(1).
     */
    function _length(Set storage set) private view returns (uint256) {
        return set._values.length;
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function _at(Set storage set, uint256 index) private view returns (bytes32) {
        return set._values[index];
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function _values(Set storage set) private view returns (bytes32[] memory) {
        return set._values;
    }

    // Bytes32Set

    struct Bytes32Set {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
        return _add(set._inner, value);
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
        return _remove(set._inner, value);
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
        return _contains(set._inner, value);
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(Bytes32Set storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
        return _at(set._inner, index);
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
        bytes32[] memory store = _values(set._inner);
        bytes32[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }

    // AddressSet

    struct AddressSet {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(AddressSet storage set, address value) internal returns (bool) {
        return _add(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(AddressSet storage set, address value) internal returns (bool) {
        return _remove(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(AddressSet storage set, address value) internal view returns (bool) {
        return _contains(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(AddressSet storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(AddressSet storage set, uint256 index) internal view returns (address) {
        return address(uint160(uint256(_at(set._inner, index))));
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(AddressSet storage set) internal view returns (address[] memory) {
        bytes32[] memory store = _values(set._inner);
        address[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }

    // UintSet

    struct UintSet {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(UintSet storage set, uint256 value) internal returns (bool) {
        return _add(set._inner, bytes32(value));
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(UintSet storage set, uint256 value) internal returns (bool) {
        return _remove(set._inner, bytes32(value));
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(UintSet storage set, uint256 value) internal view returns (bool) {
        return _contains(set._inner, bytes32(value));
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(UintSet storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(UintSet storage set, uint256 index) internal view returns (uint256) {
        return uint256(_at(set._inner, index));
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(UintSet storage set) internal view returns (uint256[] memory) {
        bytes32[] memory store = _values(set._inner);
        uint256[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (access/IAccessControl.sol)

pragma solidity >=0.8.4;

/**
 * @dev External interface of AccessControl declared to support ERC-165 detection.
 */
interface IAccessControl {
    /**
     * @dev The `account` is missing a role.
     */
    error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);

    /**
     * @dev The caller of a function is not the expected one.
     *
     * NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.
     */
    error AccessControlBadConfirmation();

    /**
     * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
     *
     * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
     * {RoleAdminChanged} not being emitted to signal this.
     */
    event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);

    /**
     * @dev Emitted when `account` is granted `role`.
     *
     * `sender` is the account that originated the contract call. This account bears the admin role (for the granted role).
     * Expected in cases where the role was granted using the internal {AccessControl-_grantRole}.
     */
    event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);

    /**
     * @dev Emitted when `account` is revoked `role`.
     *
     * `sender` is the account that originated the contract call:
     *   - if using `revokeRole`, it is the admin role bearer
     *   - if using `renounceRole`, it is the role bearer (i.e. `account`)
     */
    event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);

    /**
     * @dev Returns `true` if `account` has been granted `role`.
     */
    function hasRole(bytes32 role, address account) external view returns (bool);

    /**
     * @dev Returns the admin role that controls `role`. See {grantRole} and
     * {revokeRole}.
     *
     * To change a role's admin, use {AccessControl-_setRoleAdmin}.
     */
    function getRoleAdmin(bytes32 role) external view returns (bytes32);

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     */
    function grantRole(bytes32 role, address account) external;

    /**
     * @dev Revokes `role` from `account`.
     *
     * If `account` had been granted `role`, emits a {RoleRevoked} event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     */
    function revokeRole(bytes32 role, address account) external;

    /**
     * @dev Revokes `role` from the calling account.
     *
     * Roles are often managed via {grantRole} and {revokeRole}: this function's
     * purpose is to provide a mechanism for accounts to lose their privileges
     * if they are compromised (such as when a trusted device is misplaced).
     *
     * If the calling account had been granted `role`, emits a {RoleRevoked}
     * event.
     *
     * Requirements:
     *
     * - the caller must be `callerConfirmation`.
     */
    function renounceRole(bytes32 role, address callerConfirmation) external;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {Context} from "../utils/Context.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
    address private _owner;

    /**
     * @dev The caller account is not authorized to perform an operation.
     */
    error OwnableUnauthorizedAccount(address account);

    /**
     * @dev The owner is not a valid owner account. (eg. `address(0)`)
     */
    error OwnableInvalidOwner(address owner);

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
     */
    constructor(address initialOwner) {
        if (initialOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(initialOwner);
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        if (owner() != _msgSender()) {
            revert OwnableUnauthorizedAccount(_msgSender());
        }
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        if (newOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/draft-IERC1822.sol)

pragma solidity >=0.4.16;

/**
 * @dev ERC-1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
 * proxy whose upgrades are fully controlled by the current implementation.
 */
interface IERC1822Proxiable {
    /**
     * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
     * address.
     *
     * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
     * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
     * function revert if invoked through a proxy.
     */
    function proxiableUUID() external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/draft-IERC6093.sol)
pragma solidity >=0.8.4;

/**
 * @dev Standard ERC-20 Errors
 * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-20 tokens.
 */
interface IERC20Errors {
    /**
     * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
     * @param sender Address whose tokens are being transferred.
     * @param balance Current balance for the interacting account.
     * @param needed Minimum amount required to perform a transfer.
     */
    error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);

    /**
     * @dev Indicates a failure with the token `sender`. Used in transfers.
     * @param sender Address whose tokens are being transferred.
     */
    error ERC20InvalidSender(address sender);

    /**
     * @dev Indicates a failure with the token `receiver`. Used in transfers.
     * @param receiver Address to which tokens are being transferred.
     */
    error ERC20InvalidReceiver(address receiver);

    /**
     * @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
     * @param spender Address that may be allowed to operate on tokens without being their owner.
     * @param allowance Amount of tokens a `spender` is allowed to operate with.
     * @param needed Minimum amount required to perform a transfer.
     */
    error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);

    /**
     * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
     * @param approver Address initiating an approval operation.
     */
    error ERC20InvalidApprover(address approver);

    /**
     * @dev Indicates a failure with the `spender` to be approved. Used in approvals.
     * @param spender Address that may be allowed to operate on tokens without being their owner.
     */
    error ERC20InvalidSpender(address spender);
}

/**
 * @dev Standard ERC-721 Errors
 * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-721 tokens.
 */
interface IERC721Errors {
    /**
     * @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in ERC-20.
     * Used in balance queries.
     * @param owner Address of the current owner of a token.
     */
    error ERC721InvalidOwner(address owner);

    /**
     * @dev Indicates a `tokenId` whose `owner` is the zero address.
     * @param tokenId Identifier number of a token.
     */
    error ERC721NonexistentToken(uint256 tokenId);

    /**
     * @dev Indicates an error related to the ownership over a particular token. Used in transfers.
     * @param sender Address whose tokens are being transferred.
     * @param tokenId Identifier number of a token.
     * @param owner Address of the current owner of a token.
     */
    error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);

    /**
     * @dev Indicates a failure with the token `sender`. Used in transfers.
     * @param sender Address whose tokens are being transferred.
     */
    error ERC721InvalidSender(address sender);

    /**
     * @dev Indicates a failure with the token `receiver`. Used in transfers.
     * @param receiver Address to which tokens are being transferred.
     */
    error ERC721InvalidReceiver(address receiver);

    /**
     * @dev Indicates a failure with the `operator`’s approval. Used in transfers.
     * @param operator Address that may be allowed to operate on tokens without being their owner.
     * @param tokenId Identifier number of a token.
     */
    error ERC721InsufficientApproval(address operator, uint256 tokenId);

    /**
     * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
     * @param approver Address initiating an approval operation.
     */
    error ERC721InvalidApprover(address approver);

    /**
     * @dev Indicates a failure with the `operator` to be approved. Used in approvals.
     * @param operator Address that may be allowed to operate on tokens without being their owner.
     */
    error ERC721InvalidOperator(address operator);
}

/**
 * @dev Standard ERC-1155 Errors
 * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-1155 tokens.
 */
interface IERC1155Errors {
    /**
     * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
     * @param sender Address whose tokens are being transferred.
     * @param balance Current balance for the interacting account.
     * @param needed Minimum amount required to perform a transfer.
     * @param tokenId Identifier number of a token.
     */
    error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);

    /**
     * @dev Indicates a failure with the token `sender`. Used in transfers.
     * @param sender Address whose tokens are being transferred.
     */
    error ERC1155InvalidSender(address sender);

    /**
     * @dev Indicates a failure with the token `receiver`. Used in transfers.
     * @param receiver Address to which tokens are being transferred.
     */
    error ERC1155InvalidReceiver(address receiver);

    /**
     * @dev Indicates a failure with the `operator`’s approval. Used in transfers.
     * @param operator Address that may be allowed to operate on tokens without being their owner.
     * @param owner Address of the current owner of a token.
     */
    error ERC1155MissingApprovalForAll(address operator, address owner);

    /**
     * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
     * @param approver Address initiating an approval operation.
     */
    error ERC1155InvalidApprover(address approver);

    /**
     * @dev Indicates a failure with the `operator` to be approved. Used in approvals.
     * @param operator Address that may be allowed to operate on tokens without being their owner.
     */
    error ERC1155InvalidOperator(address operator);

    /**
     * @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
     * Used in batch transfers.
     * @param idsLength Length of the array of token identifiers
     * @param valuesLength Length of the array of token amounts
     */
    error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC1363.sol)

pragma solidity >=0.6.2;

import {IERC20} from "./IERC20.sol";
import {IERC165} from "./IERC165.sol";

/**
 * @title IERC1363
 * @dev Interface of the ERC-1363 standard as defined in the https://eips.ethereum.org/EIPS/eip-1363[ERC-1363].
 *
 * Defines an extension interface for ERC-20 tokens that supports executing code on a recipient contract
 * after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single transaction.
 */
interface IERC1363 is IERC20, IERC165 {
    /*
     * Note: the ERC-165 identifier for this interface is 0xb0202a11.
     * 0xb0202a11 ===
     *   bytes4(keccak256('transferAndCall(address,uint256)')) ^
     *   bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^
     *   bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^
     *   bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^
     *   bytes4(keccak256('approveAndCall(address,uint256)')) ^
     *   bytes4(keccak256('approveAndCall(address,uint256,bytes)'))
     */

    /**
     * @dev Moves a `value` amount of tokens from the caller's account to `to`
     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
     * @param to The address which you want to transfer to.
     * @param value The amount of tokens to be transferred.
     * @return A boolean value indicating whether the operation succeeded unless throwing.
     */
    function transferAndCall(address to, uint256 value) external returns (bool);

    /**
     * @dev Moves a `value` amount of tokens from the caller's account to `to`
     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
     * @param to The address which you want to transfer to.
     * @param value The amount of tokens to be transferred.
     * @param data Additional data with no specified format, sent in call to `to`.
     * @return A boolean value indicating whether the operation succeeded unless throwing.
     */
    function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool);

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
     * @param from The address which you want to send tokens from.
     * @param to The address which you want to transfer to.
     * @param value The amount of tokens to be transferred.
     * @return A boolean value indicating whether the operation succeeded unless throwing.
     */
    function transferFromAndCall(address from, address to, uint256 value) external returns (bool);

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
     * @param from The address which you want to send tokens from.
     * @param to The address which you want to transfer to.
     * @param value The amount of tokens to be transferred.
     * @param data Additional data with no specified format, sent in call to `to`.
     * @return A boolean value indicating whether the operation succeeded unless throwing.
     */
    function transferFromAndCall(address from, address to, uint256 value, bytes calldata data) external returns (bool);

    /**
     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
     * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
     * @param spender The address which will spend the funds.
     * @param value The amount of tokens to be spent.
     * @return A boolean value indicating whether the operation succeeded unless throwing.
     */
    function approveAndCall(address spender, uint256 value) external returns (bool);

    /**
     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
     * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
     * @param spender The address which will spend the funds.
     * @param value The amount of tokens to be spent.
     * @param data Additional data with no specified format, sent in call to `spender`.
     * @return A boolean value indicating whether the operation succeeded unless throwing.
     */
    function approveAndCall(address spender, uint256 value, bytes calldata data) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC165.sol)

pragma solidity >=0.4.16;

import {IERC165} from "../utils/introspection/IERC165.sol";

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC1967.sol)

pragma solidity >=0.4.11;

/**
 * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
 */
interface IERC1967 {
    /**
     * @dev Emitted when the implementation is upgraded.
     */
    event Upgraded(address indexed implementation);

    /**
     * @dev Emitted when the admin account has changed.
     */
    event AdminChanged(address previousAdmin, address newAdmin);

    /**
     * @dev Emitted when the beacon is changed.
     */
    event BeaconUpgraded(address indexed beacon);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC20.sol)

pragma solidity >=0.4.16;

import {IERC20} from "../token/ERC20/IERC20.sol";

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC4626.sol)

pragma solidity >=0.6.2;

import {IERC20} from "../token/ERC20/IERC20.sol";
import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol";

/**
 * @dev Interface of the ERC-4626 "Tokenized Vault Standard", as defined in
 * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
 */
interface IERC4626 is IERC20, IERC20Metadata {
    event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);

    event Withdraw(
        address indexed sender,
        address indexed receiver,
        address indexed owner,
        uint256 assets,
        uint256 shares
    );

    /**
     * @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing.
     *
     * - MUST be an ERC-20 token contract.
     * - MUST NOT revert.
     */
    function asset() external view returns (address assetTokenAddress);

    /**
     * @dev Returns the total amount of the underlying asset that is “managed” by Vault.
     *
     * - SHOULD include any compounding that occurs from yield.
     * - MUST be inclusive of any fees that are charged against assets in the Vault.
     * - MUST NOT revert.
     */
    function totalAssets() external view returns (uint256 totalManagedAssets);

    /**
     * @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal
     * scenario where all the conditions are met.
     *
     * - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
     * - MUST NOT show any variations depending on the caller.
     * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
     * - MUST NOT revert.
     *
     * NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
     * “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
     * from.
     */
    function convertToShares(uint256 assets) external view returns (uint256 shares);

    /**
     * @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal
     * scenario where all the conditions are met.
     *
     * - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
     * - MUST NOT show any variations depending on the caller.
     * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
     * - MUST NOT revert.
     *
     * NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
     * “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
     * from.
     */
    function convertToAssets(uint256 shares) external view returns (uint256 assets);

    /**
     * @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver,
     * through a deposit call.
     *
     * - MUST return a limited value if receiver is subject to some deposit limit.
     * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited.
     * - MUST NOT revert.
     */
    function maxDeposit(address receiver) external view returns (uint256 maxAssets);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given
     * current on-chain conditions.
     *
     * - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit
     *   call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called
     *   in the same transaction.
     * - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the
     *   deposit would be accepted, regardless if the user has enough tokens approved, etc.
     * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by depositing.
     */
    function previewDeposit(uint256 assets) external view returns (uint256 shares);

    /**
     * @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens.
     *
     * - MUST emit the Deposit event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
     *   deposit execution, and are accounted for during deposit.
     * - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not
     *   approving enough underlying tokens to the Vault contract, etc).
     *
     * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
     */
    function deposit(uint256 assets, address receiver) external returns (uint256 shares);

    /**
     * @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call.
     * - MUST return a limited value if receiver is subject to some mint limit.
     * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted.
     * - MUST NOT revert.
     */
    function maxMint(address receiver) external view returns (uint256 maxShares);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given
     * current on-chain conditions.
     *
     * - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call
     *   in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the
     *   same transaction.
     * - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint
     *   would be accepted, regardless if the user has enough tokens approved, etc.
     * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by minting.
     */
    function previewMint(uint256 shares) external view returns (uint256 assets);

    /**
     * @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens.
     *
     * - MUST emit the Deposit event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint
     *   execution, and are accounted for during mint.
     * - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not
     *   approving enough underlying tokens to the Vault contract, etc).
     *
     * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
     */
    function mint(uint256 shares, address receiver) external returns (uint256 assets);

    /**
     * @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the
     * Vault, through a withdraw call.
     *
     * - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
     * - MUST NOT revert.
     */
    function maxWithdraw(address owner) external view returns (uint256 maxAssets);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block,
     * given current on-chain conditions.
     *
     * - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw
     *   call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if
     *   called
     *   in the same transaction.
     * - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though
     *   the withdrawal would be accepted, regardless if the user has enough shares, etc.
     * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by depositing.
     */
    function previewWithdraw(uint256 assets) external view returns (uint256 shares);

    /**
     * @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver.
     *
     * - MUST emit the Withdraw event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
     *   withdraw execution, and are accounted for during withdraw.
     * - MUST revert if all of assets cannot be withdrawn (due to withdrawal limit being reached, slippage, the owner
     *   not having enough shares, etc).
     *
     * Note that some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
     * Those methods should be performed separately.
     */
    function withdraw(uint256 assets, address receiver, address owner) external returns (uint256 shares);

    /**
     * @dev Returns the maximum amount of Vault shares that can be redeemed from the owner balance in the Vault,
     * through a redeem call.
     *
     * - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
     * - MUST return balanceOf(owner) if owner is not subject to any withdrawal limit or timelock.
     * - MUST NOT revert.
     */
    function maxRedeem(address owner) external view returns (uint256 maxShares);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their redemption at the current block,
     * given current on-chain conditions.
     *
     * - MUST return as close to and no more than the exact amount of assets that would be withdrawn in a redeem call
     *   in the same transaction. I.e. redeem should return the same or more assets as previewRedeem if called in the
     *   same transaction.
     * - MUST NOT account for redemption limits like those returned from maxRedeem and should always act as though the
     *   redemption would be accepted, regardless if the user has enough shares, etc.
     * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToAssets and previewRedeem SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by redeeming.
     */
    function previewRedeem(uint256 shares) external view returns (uint256 assets);

    /**
     * @dev Burns exactly shares from owner and sends assets of underlying tokens to receiver.
     *
     * - MUST emit the Withdraw event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
     *   redeem execution, and are accounted for during redeem.
     * - MUST revert if all of shares cannot be redeemed (due to withdrawal limit being reached, slippage, the owner
     *   not having enough shares, etc).
     *
     * NOTE: some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
     * Those methods should be performed separately.
     */
    function redeem(uint256 shares, address receiver, address owner) external returns (uint256 assets);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/beacon/BeaconProxy.sol)

pragma solidity ^0.8.22;

import {IBeacon} from "./IBeacon.sol";
import {Proxy} from "../Proxy.sol";
import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol";

/**
 * @dev This contract implements a proxy that gets the implementation address for each call from an {UpgradeableBeacon}.
 *
 * The beacon address can only be set once during construction, and cannot be changed afterwards. It is stored in an
 * immutable variable to avoid unnecessary storage reads, and also in the beacon storage slot specified by
 * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] so that it can be accessed externally.
 *
 * CAUTION: Since the beacon address can never be changed, you must ensure that you either control the beacon, or trust
 * the beacon to not upgrade the implementation maliciously.
 *
 * IMPORTANT: Do not use the implementation logic to modify the beacon storage slot. Doing so would leave the proxy in
 * an inconsistent state where the beacon storage slot does not match the beacon address.
 */
contract BeaconProxy is Proxy {
    // An immutable address for the beacon to avoid unnecessary SLOADs before each delegate call.
    address private immutable _beacon;

    /**
     * @dev Initializes the proxy with `beacon`.
     *
     * If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. This
     * will typically be an encoded function call, and allows initializing the storage of the proxy like a Solidity
     * constructor.
     *
     * Requirements:
     *
     * - `beacon` must be a contract with the interface {IBeacon}.
     * - If `data` is empty, `msg.value` must be zero.
     */
    constructor(address beacon, bytes memory data) payable {
        ERC1967Utils.upgradeBeaconToAndCall(beacon, data);
        _beacon = beacon;
    }

    /**
     * @dev Returns the current implementation address of the associated beacon.
     */
    function _implementation() internal view virtual override returns (address) {
        return IBeacon(_getBeacon()).implementation();
    }

    /**
     * @dev Returns the beacon.
     */
    function _getBeacon() internal view virtual returns (address) {
        return _beacon;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (proxy/beacon/IBeacon.sol)

pragma solidity >=0.4.16;

/**
 * @dev This is the interface that {BeaconProxy} expects of its beacon.
 */
interface IBeacon {
    /**
     * @dev Must return an address that can be used as a delegate call target.
     *
     * {UpgradeableBeacon} will check that this address is a contract.
     */
    function implementation() external view returns (address);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/UpgradeableBeacon.sol)

pragma solidity ^0.8.20;

import {IBeacon} from "./IBeacon.sol";
import {Ownable} from "../../access/Ownable.sol";

/**
 * @dev This contract is used in conjunction with one or more instances of {BeaconProxy} to determine their
 * implementation contract, which is where they will delegate all function calls.
 *
 * An owner is able to change the implementation the beacon points to, thus upgrading the proxies that use this beacon.
 */
contract UpgradeableBeacon is IBeacon, Ownable {
    address private _implementation;

    /**
     * @dev The `implementation` of the beacon is invalid.
     */
    error BeaconInvalidImplementation(address implementation);

    /**
     * @dev Emitted when the implementation returned by the beacon is changed.
     */
    event Upgraded(address indexed implementation);

    /**
     * @dev Sets the address of the initial implementation, and the initial owner who can upgrade the beacon.
     */
    constructor(address implementation_, address initialOwner) Ownable(initialOwner) {
        _setImplementation(implementation_);
    }

    /**
     * @dev Returns the current implementation address.
     */
    function implementation() public view virtual returns (address) {
        return _implementation;
    }

    /**
     * @dev Upgrades the beacon to a new implementation.
     *
     * Emits an {Upgraded} event.
     *
     * Requirements:
     *
     * - msg.sender must be the owner of the contract.
     * - `newImplementation` must be a contract.
     */
    function upgradeTo(address newImplementation) public virtual onlyOwner {
        _setImplementation(newImplementation);
    }

    /**
     * @dev Sets the implementation contract address for this beacon
     *
     * Requirements:
     *
     * - `newImplementation` must be a contract.
     */
    function _setImplementation(address newImplementation) private {
        if (newImplementation.code.length == 0) {
            revert BeaconInvalidImplementation(newImplementation);
        }
        _implementation = newImplementation;
        emit Upgraded(newImplementation);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (proxy/Clones.sol)

pragma solidity ^0.8.20;

import {Create2} from "../utils/Create2.sol";
import {Errors} from "../utils/Errors.sol";

/**
 * @dev https://eips.ethereum.org/EIPS/eip-1167[ERC-1167] is a standard for
 * deploying minimal proxy contracts, also known as "clones".
 *
 * > To simply and cheaply clone contract functionality in an immutable way, this standard specifies
 * > a minimal bytecode implementation that delegates all calls to a known, fixed address.
 *
 * The library includes functions to deploy a proxy using either `create` (traditional deployment) or `create2`
 * (salted deterministic deployment). It also includes functions to predict the addresses of clones deployed using the
 * deterministic method.
 */
library Clones {
    error CloneArgumentsTooLong();

    /**
     * @dev Deploys and returns the address of a clone that mimics the behavior of `implementation`.
     *
     * This function uses the create opcode, which should never revert.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     */
    function clone(address implementation) internal returns (address instance) {
        return clone(implementation, 0);
    }

    /**
     * @dev Same as {xref-Clones-clone-address-}[clone], but with a `value` parameter to send native currency
     * to the new contract.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     *
     * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory)
     * to always have enough balance for new deployments. Consider exposing this function under a payable method.
     */
    function clone(address implementation, uint256 value) internal returns (address instance) {
        if (address(this).balance < value) {
            revert Errors.InsufficientBalance(address(this).balance, value);
        }
        assembly ("memory-safe") {
            // Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
            // of the `implementation` address with the bytecode before the address.
            mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
            // Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
            mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
            instance := create(value, 0x09, 0x37)
        }
        if (instance == address(0)) {
            revert Errors.FailedDeployment();
        }
    }

    /**
     * @dev Deploys and returns the address of a clone that mimics the behavior of `implementation`.
     *
     * This function uses the create2 opcode and a `salt` to deterministically deploy
     * the clone. Using the same `implementation` and `salt` multiple times will revert, since
     * the clones cannot be deployed twice at the same address.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     */
    function cloneDeterministic(address implementation, bytes32 salt) internal returns (address instance) {
        return cloneDeterministic(implementation, salt, 0);
    }

    /**
     * @dev Same as {xref-Clones-cloneDeterministic-address-bytes32-}[cloneDeterministic], but with
     * a `value` parameter to send native currency to the new contract.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     *
     * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory)
     * to always have enough balance for new deployments. Consider exposing this function under a payable method.
     */
    function cloneDeterministic(
        address implementation,
        bytes32 salt,
        uint256 value
    ) internal returns (address instance) {
        if (address(this).balance < value) {
            revert Errors.InsufficientBalance(address(this).balance, value);
        }
        assembly ("memory-safe") {
            // Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
            // of the `implementation` address with the bytecode before the address.
            mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
            // Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
            mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
            instance := create2(value, 0x09, 0x37, salt)
        }
        if (instance == address(0)) {
            revert Errors.FailedDeployment();
        }
    }

    /**
     * @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
     */
    function predictDeterministicAddress(
        address implementation,
        bytes32 salt,
        address deployer
    ) internal pure returns (address predicted) {
        assembly ("memory-safe") {
            let ptr := mload(0x40)
            mstore(add(ptr, 0x38), deployer)
            mstore(add(ptr, 0x24), 0x5af43d82803e903d91602b57fd5bf3ff)
            mstore(add(ptr, 0x14), implementation)
            mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73)
            mstore(add(ptr, 0x58), salt)
            mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37))
            predicted := and(keccak256(add(ptr, 0x43), 0x55), 0xffffffffffffffffffffffffffffffffffffffff)
        }
    }

    /**
     * @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
     */
    function predictDeterministicAddress(
        address implementation,
        bytes32 salt
    ) internal view returns (address predicted) {
        return predictDeterministicAddress(implementation, salt, address(this));
    }

    /**
     * @dev Deploys and returns the address of a clone that mimics the behavior of `implementation` with custom
     * immutable arguments. These are provided through `args` and cannot be changed after deployment. To
     * access the arguments within the implementation, use {fetchCloneArgs}.
     *
     * This function uses the create opcode, which should never revert.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     */
    function cloneWithImmutableArgs(address implementation, bytes memory args) internal returns (address instance) {
        return cloneWithImmutableArgs(implementation, args, 0);
    }

    /**
     * @dev Same as {xref-Clones-cloneWithImmutableArgs-address-bytes-}[cloneWithImmutableArgs], but with a `value`
     * parameter to send native currency to the new contract.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     *
     * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory)
     * to always have enough balance for new deployments. Consider exposing this function under a payable method.
     */
    function cloneWithImmutableArgs(
        address implementation,
        bytes memory args,
        uint256 value
    ) internal returns (address instance) {
        if (address(this).balance < value) {
            revert Errors.InsufficientBalance(address(this).balance, value);
        }
        bytes memory bytecode = _cloneCodeWithImmutableArgs(implementation, args);
        assembly ("memory-safe") {
            instance := create(value, add(bytecode, 0x20), mload(bytecode))
        }
        if (instance == address(0)) {
            revert Errors.FailedDeployment();
        }
    }

    /**
     * @dev Deploys and returns the address of a clone that mimics the behavior of `implementation` with custom
     * immutable arguments. These are provided through `args` and cannot be changed after deployment. To
     * access the arguments within the implementation, use {fetchCloneArgs}.
     *
     * This function uses the create2 opcode and a `salt` to deterministically deploy the clone. Using the same
     * `implementation`, `args` and `salt` multiple times will revert, since the clones cannot be deployed twice
     * at the same address.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     */
    function cloneDeterministicWithImmutableArgs(
        address implementation,
        bytes memory args,
        bytes32 salt
    ) internal returns (address instance) {
        return cloneDeterministicWithImmutableArgs(implementation, args, salt, 0);
    }

    /**
     * @dev Same as {xref-Clones-cloneDeterministicWithImmutableArgs-address-bytes-bytes32-}[cloneDeterministicWithImmutableArgs],
     * but with a `value` parameter to send native currency to the new contract.
     *
     * WARNING: This function does not check if `implementation` has code. A clone that points to an address
     * without code cannot be initialized. Initialization calls may appear to be successful when, in reality, they
     * have no effect and leave the clone uninitialized, allowing a third party to initialize it later.
     *
     * NOTE: Using a non-zero value at creation will require the contract using this function (e.g. a factory)
     * to always have enough balance for new deployments. Consider exposing this function under a payable method.
     */
    function cloneDeterministicWithImmutableArgs(
        address implementation,
        bytes memory args,
        bytes32 salt,
        uint256 value
    ) internal returns (address instance) {
        bytes memory bytecode = _cloneCodeWithImmutableArgs(implementation, args);
        return Create2.deploy(value, salt, bytecode);
    }

    /**
     * @dev Computes the address of a clone deployed using {Clones-cloneDeterministicWithImmutableArgs}.
     */
    function predictDeterministicAddressWithImmutableArgs(
        address implementation,
        bytes memory args,
        bytes32 salt,
        address deployer
    ) internal pure returns (address predicted) {
        bytes memory bytecode = _cloneCodeWithImmutableArgs(implementation, args);
        return Create2.computeAddress(salt, keccak256(bytecode), deployer);
    }

    /**
     * @dev Computes the address of a clone deployed using {Clones-cloneDeterministicWithImmutableArgs}.
     */
    function predictDeterministicAddressWithImmutableArgs(
        address implementation,
        bytes memory args,
        bytes32 salt
    ) internal view returns (address predicted) {
        return predictDeterministicAddressWithImmutableArgs(implementation, args, salt, address(this));
    }

    /**
     * @dev Get the immutable args attached to a clone.
     *
     * - If `instance` is a clone that was deployed using `clone` or `cloneDeterministic`, this
     *   function will return an empty array.
     * - If `instance` is a clone that was deployed using `cloneWithImmutableArgs` or
     *   `cloneDeterministicWithImmutableArgs`, this function will return the args array used at
     *   creation.
     * - If `instance` is NOT a clone deployed using this library, the behavior is undefined. This
     *   function should only be used to check addresses that are known to be clones.
     */
    function fetchCloneArgs(address instance) internal view returns (bytes memory) {
        bytes memory result = new bytes(instance.code.length - 45); // revert if length is too short
        assembly ("memory-safe") {
            extcodecopy(instance, add(result, 32), 45, mload(result))
        }
        return result;
    }

    /**
     * @dev Helper that prepares the initcode of the proxy with immutable args.
     *
     * An assembly variant of this function requires copying the `args` array, which can be efficiently done using
     * `mcopy`. Unfortunately, that opcode is not available before cancun. A pure solidity implementation using
     * abi.encodePacked is more expensive but also more portable and easier to review.
     *
     * NOTE: https://eips.ethereum.org/EIPS/eip-170[EIP-170] limits the length of the contract code to 24576 bytes.
     * With the proxy code taking 45 bytes, that limits the length of the immutable args to 24531 bytes.
     */
    function _cloneCodeWithImmutableArgs(
        address implementation,
        bytes memory args
    ) private pure returns (bytes memory) {
        if (args.length > 24531) revert CloneArgumentsTooLong();
        return
            abi.encodePacked(
                hex"61",
                uint16(args.length + 45),
                hex"3d81600a3d39f3363d3d373d3d3d363d73",
                implementation,
                hex"5af43d82803e903d91602b57fd5bf3",
                args
            );
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Proxy.sol)

pragma solidity ^0.8.22;

import {Proxy} from "../Proxy.sol";
import {ERC1967Utils} from "./ERC1967Utils.sol";

/**
 * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
 * implementation address that can be changed. This address is stored in storage in the location specified by
 * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967], so that it doesn't conflict with the storage layout of the
 * implementation behind the proxy.
 */
contract ERC1967Proxy is Proxy {
    /**
     * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.
     *
     * If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
     * encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
     *
     * Requirements:
     *
     * - If `data` is empty, `msg.value` must be zero.
     */
    constructor(address implementation, bytes memory _data) payable {
        ERC1967Utils.upgradeToAndCall(implementation, _data);
    }

    /**
     * @dev Returns the current implementation address.
     *
     * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
     * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
     * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
     */
    function _implementation() internal view virtual override returns (address) {
        return ERC1967Utils.getImplementation();
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (proxy/ERC1967/ERC1967Utils.sol)

pragma solidity ^0.8.21;

import {IBeacon} from "../beacon/IBeacon.sol";
import {IERC1967} from "../../interfaces/IERC1967.sol";
import {Address} from "../../utils/Address.sol";
import {StorageSlot} from "../../utils/StorageSlot.sol";

/**
 * @dev This library provides getters and event emitting update functions for
 * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] slots.
 */
library ERC1967Utils {
    /**
     * @dev Storage slot with the address of the current implementation.
     * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
     */
    // solhint-disable-next-line private-vars-leading-underscore
    bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;

    /**
     * @dev The `implementation` of the proxy is invalid.
     */
    error ERC1967InvalidImplementation(address implementation);

    /**
     * @dev The `admin` of the proxy is invalid.
     */
    error ERC1967InvalidAdmin(address admin);

    /**
     * @dev The `beacon` of the proxy is invalid.
     */
    error ERC1967InvalidBeacon(address beacon);

    /**
     * @dev An upgrade function sees `msg.value > 0` that may be lost.
     */
    error ERC1967NonPayable();

    /**
     * @dev Returns the current implementation address.
     */
    function getImplementation() internal view returns (address) {
        return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
    }

    /**
     * @dev Stores a new address in the ERC-1967 implementation slot.
     */
    function _setImplementation(address newImplementation) private {
        if (newImplementation.code.length == 0) {
            revert ERC1967InvalidImplementation(newImplementation);
        }
        StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
    }

    /**
     * @dev Performs implementation upgrade with additional setup call if data is nonempty.
     * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
     * to avoid stuck value in the contract.
     *
     * Emits an {IERC1967-Upgraded} event.
     */
    function upgradeToAndCall(address newImplementation, bytes memory data) internal {
        _setImplementation(newImplementation);
        emit IERC1967.Upgraded(newImplementation);

        if (data.length > 0) {
            Address.functionDelegateCall(newImplementation, data);
        } else {
            _checkNonPayable();
        }
    }

    /**
     * @dev Storage slot with the admin of the contract.
     * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
     */
    // solhint-disable-next-line private-vars-leading-underscore
    bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;

    /**
     * @dev Returns the current admin.
     *
     * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
     * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
     * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
     */
    function getAdmin() internal view returns (address) {
        return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
    }

    /**
     * @dev Stores a new address in the ERC-1967 admin slot.
     */
    function _setAdmin(address newAdmin) private {
        if (newAdmin == address(0)) {
            revert ERC1967InvalidAdmin(address(0));
        }
        StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
    }

    /**
     * @dev Changes the admin of the proxy.
     *
     * Emits an {IERC1967-AdminChanged} event.
     */
    function changeAdmin(address newAdmin) internal {
        emit IERC1967.AdminChanged(getAdmin(), newAdmin);
        _setAdmin(newAdmin);
    }

    /**
     * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
     * This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
     */
    // solhint-disable-next-line private-vars-leading-underscore
    bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;

    /**
     * @dev Returns the current beacon.
     */
    function getBeacon() internal view returns (address) {
        return StorageSlot.getAddressSlot(BEACON_SLOT).value;
    }

    /**
     * @dev Stores a new beacon in the ERC-1967 beacon slot.
     */
    function _setBeacon(address newBeacon) private {
        if (newBeacon.code.length == 0) {
            revert ERC1967InvalidBeacon(newBeacon);
        }

        StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;

        address beaconImplementation = IBeacon(newBeacon).implementation();
        if (beaconImplementation.code.length == 0) {
            revert ERC1967InvalidImplementation(beaconImplementation);
        }
    }

    /**
     * @dev Change the beacon and trigger a setup call if data is nonempty.
     * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
     * to avoid stuck value in the contract.
     *
     * Emits an {IERC1967-BeaconUpgraded} event.
     *
     * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
     * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
     * efficiency.
     */
    function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
        _setBeacon(newBeacon);
        emit IERC1967.BeaconUpgraded(newBeacon);

        if (data.length > 0) {
            Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
        } else {
            _checkNonPayable();
        }
    }

    /**
     * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
     * if an upgrade doesn't perform an initialization call.
     */
    function _checkNonPayable() private {
        if (msg.value > 0) {
            revert ERC1967NonPayable();
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)

pragma solidity ^0.8.20;

/**
 * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
 * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
 * be specified by overriding the virtual {_implementation} function.
 *
 * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
 * different contract through the {_delegate} function.
 *
 * The success and return data of the delegated call will be returned back to the caller of the proxy.
 */
abstract contract Proxy {
    /**
     * @dev Delegates the current call to `implementation`.
     *
     * This function does not return to its internal call site, it will return directly to the external caller.
     */
    function _delegate(address implementation) internal virtual {
        assembly {
            // Copy msg.data. We take full control of memory in this inline assembly
            // block because it will not return to Solidity code. We overwrite the
            // Solidity scratch pad at memory position 0.
            calldatacopy(0, 0, calldatasize())

            // Call the implementation.
            // out and outsize are 0 because we don't know the size yet.
            let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)

            // Copy the returned data.
            returndatacopy(0, 0, returndatasize())

            switch result
            // delegatecall returns 0 on error.
            case 0 {
                revert(0, returndatasize())
            }
            default {
                return(0, returndatasize())
            }
        }
    }

    /**
     * @dev This is a virtual function that should be overridden so it returns the address to which the fallback
     * function and {_fallback} should delegate.
     */
    function _implementation() internal view virtual returns (address);

    /**
     * @dev Delegates the current call to the address returned by `_implementation()`.
     *
     * This function does not return to its internal call site, it will return directly to the external caller.
     */
    function _fallback() internal virtual {
        _delegate(_implementation());
    }

    /**
     * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
     * function in the contract matches the call data.
     */
    fallback() external payable virtual {
        _fallback();
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from "./IERC20.sol";
import {IERC20Metadata} from "./extensions/IERC20Metadata.sol";
import {Context} from "../../utils/Context.sol";
import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol";

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC-20
 * applications.
 */
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
    mapping(address account => uint256) private _balances;

    mapping(address account => mapping(address spender => uint256)) private _allowances;

    uint256 private _totalSupply;

    string private _name;
    string private _symbol;

    /**
     * @dev Sets the values for {name} and {symbol}.
     *
     * Both values are immutable: they can only be set once during construction.
     */
    constructor(string memory name_, string memory symbol_) {
        _name = name_;
        _symbol = symbol_;
    }

    /**
     * @dev Returns the name of the token.
     */
    function name() public view virtual returns (string memory) {
        return _name;
    }

    /**
     * @dev Returns the symbol of the token, usually a shorter version of the
     * name.
     */
    function symbol() public view virtual returns (string memory) {
        return _symbol;
    }

    /**
     * @dev Returns the number of decimals used to get its user representation.
     * For example, if `decimals` equals `2`, a balance of `505` tokens should
     * be displayed to a user as `5.05` (`505 / 10 ** 2`).
     *
     * Tokens usually opt for a value of 18, imitating the relationship between
     * Ether and Wei. This is the default value returned by this function, unless
     * it's overridden.
     *
     * NOTE: This information is only used for _display_ purposes: it in
     * no way affects any of the arithmetic of the contract, including
     * {IERC20-balanceOf} and {IERC20-transfer}.
     */
    function decimals() public view virtual returns (uint8) {
        return 18;
    }

    /// @inheritdoc IERC20
    function totalSupply() public view virtual returns (uint256) {
        return _totalSupply;
    }

    /// @inheritdoc IERC20
    function balanceOf(address account) public view virtual returns (uint256) {
        return _balances[account];
    }

    /**
     * @dev See {IERC20-transfer}.
     *
     * Requirements:
     *
     * - `to` cannot be the zero address.
     * - the caller must have a balance of at least `value`.
     */
    function transfer(address to, uint256 value) public virtual returns (bool) {
        address owner = _msgSender();
        _transfer(owner, to, value);
        return true;
    }

    /// @inheritdoc IERC20
    function allowance(address owner, address spender) public view virtual returns (uint256) {
        return _allowances[owner][spender];
    }

    /**
     * @dev See {IERC20-approve}.
     *
     * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
     * `transferFrom`. This is semantically equivalent to an infinite approval.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function approve(address spender, uint256 value) public virtual returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, value);
        return true;
    }

    /**
     * @dev See {IERC20-transferFrom}.
     *
     * Skips emitting an {Approval} event indicating an allowance update. This is not
     * required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].
     *
     * NOTE: Does not update the allowance if the current allowance
     * is the maximum `uint256`.
     *
     * Requirements:
     *
     * - `from` and `to` cannot be the zero address.
     * - `from` must have a balance of at least `value`.
     * - the caller must have allowance for ``from``'s tokens of at least
     * `value`.
     */
    function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
        address spender = _msgSender();
        _spendAllowance(from, spender, value);
        _transfer(from, to, value);
        return true;
    }

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to`.
     *
     * This internal function is equivalent to {transfer}, and can be used to
     * e.g. implement automatic token fees, slashing mechanisms, etc.
     *
     * Emits a {Transfer} event.
     *
     * NOTE: This function is not virtual, {_update} should be overridden instead.
     */
    function _transfer(address from, address to, uint256 value) internal {
        if (from == address(0)) {
            revert ERC20InvalidSender(address(0));
        }
        if (to == address(0)) {
            revert ERC20InvalidReceiver(address(0));
        }
        _update(from, to, value);
    }

    /**
     * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
     * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
     * this function.
     *
     * Emits a {Transfer} event.
     */
    function _update(address from, address to, uint256 value) internal virtual {
        if (from == address(0)) {
            // Overflow check required: The rest of the code assumes that totalSupply never overflows
            _totalSupply += value;
        } else {
            uint256 fromBalance = _balances[from];
            if (fromBalance < value) {
                revert ERC20InsufficientBalance(from, fromBalance, value);
            }
            unchecked {
                // Overflow not possible: value <= fromBalance <= totalSupply.
                _balances[from] = fromBalance - value;
            }
        }

        if (to == address(0)) {
            unchecked {
                // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
                _totalSupply -= value;
            }
        } else {
            unchecked {
                // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
                _balances[to] += value;
            }
        }

        emit Transfer(from, to, value);
    }

    /**
     * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
     * Relies on the `_update` mechanism
     *
     * Emits a {Transfer} event with `from` set to the zero address.
     *
     * NOTE: This function is not virtual, {_update} should be overridden instead.
     */
    function _mint(address account, uint256 value) internal {
        if (account == address(0)) {
            revert ERC20InvalidReceiver(address(0));
        }
        _update(address(0), account, value);
    }

    /**
     * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
     * Relies on the `_update` mechanism.
     *
     * Emits a {Transfer} event with `to` set to the zero address.
     *
     * NOTE: This function is not virtual, {_update} should be overridden instead
     */
    function _burn(address account, uint256 value) internal {
        if (account == address(0)) {
            revert ERC20InvalidSender(address(0));
        }
        _update(account, address(0), value);
    }

    /**
     * @dev Sets `value` as the allowance of `spender` over the `owner`'s tokens.
     *
     * This internal function is equivalent to `approve`, and can be used to
     * e.g. set automatic allowances for certain subsystems, etc.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `owner` cannot be the zero address.
     * - `spender` cannot be the zero address.
     *
     * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
     */
    function _approve(address owner, address spender, uint256 value) internal {
        _approve(owner, spender, value, true);
    }

    /**
     * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
     *
     * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
     * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
     * `Approval` event during `transferFrom` operations.
     *
     * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
     * true using the following override:
     *
     * ```solidity
     * function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
     *     super._approve(owner, spender, value, true);
     * }
     * ```
     *
     * Requirements are the same as {_approve}.
     */
    function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
        if (owner == address(0)) {
            revert ERC20InvalidApprover(address(0));
        }
        if (spender == address(0)) {
            revert ERC20InvalidSpender(address(0));
        }
        _allowances[owner][spender] = value;
        if (emitEvent) {
            emit Approval(owner, spender, value);
        }
    }

    /**
     * @dev Updates `owner`'s allowance for `spender` based on spent `value`.
     *
     * Does not update the allowance value in case of infinite allowance.
     * Revert if not enough allowance is available.
     *
     * Does not emit an {Approval} event.
     */
    function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
        uint256 currentAllowance = allowance(owner, spender);
        if (currentAllowance < type(uint256).max) {
            if (currentAllowance < value) {
                revert ERC20InsufficientAllowance(spender, currentAllowance, value);
            }
            unchecked {
                _approve(owner, spender, currentAllowance - value, false);
            }
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/extensions/ERC4626.sol)

pragma solidity ^0.8.20;

import {IERC20, IERC20Metadata, ERC20} from "../ERC20.sol";
import {SafeERC20} from "../utils/SafeERC20.sol";
import {IERC4626} from "../../../interfaces/IERC4626.sol";
import {Math} from "../../../utils/math/Math.sol";

/**
 * @dev Implementation of the ERC-4626 "Tokenized Vault Standard" as defined in
 * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
 *
 * This extension allows the minting and burning of "shares" (represented using the ERC-20 inheritance) in exchange for
 * underlying "assets" through standardized {deposit}, {mint}, {redeem} and {burn} workflows. This contract extends
 * the ERC-20 standard. Any additional extensions included along it would affect the "shares" token represented by this
 * contract and not the "assets" token which is an independent contract.
 *
 * [CAUTION]
 * ====
 * In empty (or nearly empty) ERC-4626 vaults, deposits are at high risk of being stolen through frontrunning
 * with a "donation" to the vault that inflates the price of a share. This is variously known as a donation or inflation
 * attack and is essentially a problem of slippage. Vault deployers can protect against this attack by making an initial
 * deposit of a non-trivial amount of the asset, such that price manipulation becomes infeasible. Withdrawals may
 * similarly be affected by slippage. Users can protect against this attack as well as unexpected slippage in general by
 * verifying the amount received is as expected, using a wrapper that performs these checks such as
 * https://github.com/fei-protocol/ERC4626#erc4626router-and-base[ERC4626Router].
 *
 * Since v4.9, this implementation introduces configurable virtual assets and shares to help developers mitigate that risk.
 * The `_decimalsOffset()` corresponds to an offset in the decimal representation between the underlying asset's decimals
 * and the vault decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which
 * itself determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default
 * offset (0) makes it non-profitable even if an attacker is able to capture value from multiple user deposits, as a result
 * of the value being captured by the virtual shares (out of the attacker's donation) matching the attacker's expected gains.
 * With a larger offset, the attack becomes orders of magnitude more expensive than it is profitable. More details about the
 * underlying math can be found xref:ROOT:erc4626.adoc#inflation-attack[here].
 *
 * The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued
 * to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets
 * will cause the first user to exit to experience reduced losses in detriment to the last users that will experience
 * bigger losses. Developers willing to revert back to the pre-v4.9 behavior just need to override the
 * `_convertToShares` and `_convertToAssets` functions.
 *
 * To learn more, check out our xref:ROOT:erc4626.adoc[ERC-4626 guide].
 * ====
 */
abstract contract ERC4626 is ERC20, IERC4626 {
    using Math for uint256;

    IERC20 private immutable _asset;
    uint8 private immutable _underlyingDecimals;

    /**
     * @dev Attempted to deposit more assets than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxDeposit(address receiver, uint256 assets, uint256 max);

    /**
     * @dev Attempted to mint more shares than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxMint(address receiver, uint256 shares, uint256 max);

    /**
     * @dev Attempted to withdraw more assets than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxWithdraw(address owner, uint256 assets, uint256 max);

    /**
     * @dev Attempted to redeem more shares than the max amount for `receiver`.
     */
    error ERC4626ExceededMaxRedeem(address owner, uint256 shares, uint256 max);

    /**
     * @dev Set the underlying asset contract. This must be an ERC20-compatible contract (ERC-20 or ERC-777).
     */
    constructor(IERC20 asset_) {
        (bool success, uint8 assetDecimals) = _tryGetAssetDecimals(asset_);
        _underlyingDecimals = success ? assetDecimals : 18;
        _asset = asset_;
    }

    /**
     * @dev Attempts to fetch the asset decimals. A return value of false indicates that the attempt failed in some way.
     */
    function _tryGetAssetDecimals(IERC20 asset_) private view returns (bool ok, uint8 assetDecimals) {
        (bool success, bytes memory encodedDecimals) = address(asset_).staticcall(
            abi.encodeCall(IERC20Metadata.decimals, ())
        );
        if (success && encodedDecimals.length >= 32) {
            uint256 returnedDecimals = abi.decode(encodedDecimals, (uint256));
            if (returnedDecimals <= type(uint8).max) {
                return (true, uint8(returnedDecimals));
            }
        }
        return (false, 0);
    }

    /**
     * @dev Decimals are computed by adding the decimal offset on top of the underlying asset's decimals. This
     * "original" value is cached during construction of the vault contract. If this read operation fails (e.g., the
     * asset has not been created yet), a default of 18 is used to represent the underlying asset's decimals.
     *
     * See {IERC20Metadata-decimals}.
     */
    function decimals() public view virtual override(IERC20Metadata, ERC20) returns (uint8) {
        return _underlyingDecimals + _decimalsOffset();
    }

    /// @inheritdoc IERC4626
    function asset() public view virtual returns (address) {
        return address(_asset);
    }

    /// @inheritdoc IERC4626
    function totalAssets() public view virtual returns (uint256) {
        return IERC20(asset()).balanceOf(address(this));
    }

    /// @inheritdoc IERC4626
    function convertToShares(uint256 assets) public view virtual returns (uint256) {
        return _convertToShares(assets, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function convertToAssets(uint256 shares) public view virtual returns (uint256) {
        return _convertToAssets(shares, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function maxDeposit(address) public view virtual returns (uint256) {
        return type(uint256).max;
    }

    /// @inheritdoc IERC4626
    function maxMint(address) public view virtual returns (uint256) {
        return type(uint256).max;
    }

    /// @inheritdoc IERC4626
    function maxWithdraw(address owner) public view virtual returns (uint256) {
        return _convertToAssets(balanceOf(owner), Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function maxRedeem(address owner) public view virtual returns (uint256) {
        return balanceOf(owner);
    }

    /// @inheritdoc IERC4626
    function previewDeposit(uint256 assets) public view virtual returns (uint256) {
        return _convertToShares(assets, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function previewMint(uint256 shares) public view virtual returns (uint256) {
        return _convertToAssets(shares, Math.Rounding.Ceil);
    }

    /// @inheritdoc IERC4626
    function previewWithdraw(uint256 assets) public view virtual returns (uint256) {
        return _convertToShares(assets, Math.Rounding.Ceil);
    }

    /// @inheritdoc IERC4626
    function previewRedeem(uint256 shares) public view virtual returns (uint256) {
        return _convertToAssets(shares, Math.Rounding.Floor);
    }

    /// @inheritdoc IERC4626
    function deposit(uint256 assets, address receiver) public virtual returns (uint256) {
        uint256 maxAssets = maxDeposit(receiver);
        if (assets > maxAssets) {
            revert ERC4626ExceededMaxDeposit(receiver, assets, maxAssets);
        }

        uint256 shares = previewDeposit(assets);
        _deposit(_msgSender(), receiver, assets, shares);

        return shares;
    }

    /// @inheritdoc IERC4626
    function mint(uint256 shares, address receiver) public virtual returns (uint256) {
        uint256 maxShares = maxMint(receiver);
        if (shares > maxShares) {
            revert ERC4626ExceededMaxMint(receiver, shares, maxShares);
        }

        uint256 assets = previewMint(shares);
        _deposit(_msgSender(), receiver, assets, shares);

        return assets;
    }

    /// @inheritdoc IERC4626
    function withdraw(uint256 assets, address receiver, address owner) public virtual returns (uint256) {
        uint256 maxAssets = maxWithdraw(owner);
        if (assets > maxAssets) {
            revert ERC4626ExceededMaxWithdraw(owner, assets, maxAssets);
        }

        uint256 shares = previewWithdraw(assets);
        _withdraw(_msgSender(), receiver, owner, assets, shares);

        return shares;
    }

    /// @inheritdoc IERC4626
    function redeem(uint256 shares, address receiver, address owner) public virtual returns (uint256) {
        uint256 maxShares = maxRedeem(owner);
        if (shares > maxShares) {
            revert ERC4626ExceededMaxRedeem(owner, shares, maxShares);
        }

        uint256 assets = previewRedeem(shares);
        _withdraw(_msgSender(), receiver, owner, assets, shares);

        return assets;
    }

    /**
     * @dev Internal conversion function (from assets to shares) with support for rounding direction.
     */
    function _convertToShares(uint256 assets, Math.Rounding rounding) internal view virtual returns (uint256) {
        return assets.mulDiv(totalSupply() + 10 ** _decimalsOffset(), totalAssets() + 1, rounding);
    }

    /**
     * @dev Internal conversion function (from shares to assets) with support for rounding direction.
     */
    function _convertToAssets(uint256 shares, Math.Rounding rounding) internal view virtual returns (uint256) {
        return shares.mulDiv(totalAssets() + 1, totalSupply() + 10 ** _decimalsOffset(), rounding);
    }

    /**
     * @dev Deposit/mint common workflow.
     */
    function _deposit(address caller, address receiver, uint256 assets, uint256 shares) internal virtual {
        // If asset() is ERC-777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the
        // `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer,
        // calls the vault, which is assumed not malicious.
        //
        // Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the
        // assets are transferred and before the shares are minted, which is a valid state.
        // slither-disable-next-line reentrancy-no-eth
        SafeERC20.safeTransferFrom(IERC20(asset()), caller, address(this), assets);
        _mint(receiver, shares);

        emit Deposit(caller, receiver, assets, shares);
    }

    /**
     * @dev Withdraw/redeem common workflow.
     */
    function _withdraw(
        address caller,
        address receiver,
        address owner,
        uint256 assets,
        uint256 shares
    ) internal virtual {
        if (caller != owner) {
            _spendAllowance(owner, caller, shares);
        }

        // If asset() is ERC-777, `transfer` can trigger a reentrancy AFTER the transfer happens through the
        // `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer,
        // calls the vault, which is assumed not malicious.
        //
        // Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the
        // shares are burned and after the assets are transferred, which is a valid state.
        _burn(owner, shares);
        SafeERC20.safeTransfer(IERC20(asset()), receiver, assets);

        emit Withdraw(caller, receiver, owner, assets, shares);
    }

    function _decimalsOffset() internal view virtual returns (uint8) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity >=0.6.2;

import {IERC20} from "../IERC20.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC-20 standard.
 */
interface IERC20Metadata is IERC20 {
    /**
     * @dev Returns the name of the token.
     */
    function name() external view returns (string memory);

    /**
     * @dev Returns the symbol of the token.
     */
    function symbol() external view returns (string memory);

    /**
     * @dev Returns the decimals places of the token.
     */
    function decimals() external view returns (uint8);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/IERC20.sol)

pragma solidity >=0.4.16;

/**
 * @dev Interface of the ERC-20 standard as defined in the ERC.
 */
interface IERC20 {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the value of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the value of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves a `value` amount of tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 value) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
     * caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 value) external returns (bool);

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to` using the
     * allowance mechanism. `value` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 value) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from "../IERC20.sol";
import {IERC1363} from "../../../interfaces/IERC1363.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC-20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    /**
     * @dev An operation with an ERC-20 token failed.
     */
    error SafeERC20FailedOperation(address token);

    /**
     * @dev Indicates a failed `decreaseAllowance` request.
     */
    error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);

    /**
     * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeTransfer(IERC20 token, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
    }

    /**
     * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
     * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
     */
    function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
    }

    /**
     * @dev Variant of {safeTransfer} that returns a bool instead of reverting if the operation is not successful.
     */
    function trySafeTransfer(IERC20 token, address to, uint256 value) internal returns (bool) {
        return _callOptionalReturnBool(token, abi.encodeCall(token.transfer, (to, value)));
    }

    /**
     * @dev Variant of {safeTransferFrom} that returns a bool instead of reverting if the operation is not successful.
     */
    function trySafeTransferFrom(IERC20 token, address from, address to, uint256 value) internal returns (bool) {
        return _callOptionalReturnBool(token, abi.encodeCall(token.transferFrom, (from, to, value)));
    }

    /**
     * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     *
     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
     * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
     */
    function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
        uint256 oldAllowance = token.allowance(address(this), spender);
        forceApprove(token, spender, oldAllowance + value);
    }

    /**
     * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
     * value, non-reverting calls are assumed to be successful.
     *
     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
     * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
     */
    function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
        unchecked {
            uint256 currentAllowance = token.allowance(address(this), spender);
            if (currentAllowance < requestedDecrease) {
                revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
            }
            forceApprove(token, spender, currentAllowance - requestedDecrease);
        }
    }

    /**
     * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
     * to be set to zero before setting it to a non-zero value, such as USDT.
     *
     * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
     * only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
     * set here.
     */
    function forceApprove(IERC20 token, address spender, uint256 value) internal {
        bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));

        if (!_callOptionalReturnBool(token, approvalCall)) {
            _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
            _callOptionalReturn(token, approvalCall);
        }
    }

    /**
     * @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no
     * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
     * targeting contracts.
     *
     * Reverts if the returned value is other than `true`.
     */
    function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
        if (to.code.length == 0) {
            safeTransfer(token, to, value);
        } else if (!token.transferAndCall(to, value, data)) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target
     * has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
     * targeting contracts.
     *
     * Reverts if the returned value is other than `true`.
     */
    function transferFromAndCallRelaxed(
        IERC1363 token,
        address from,
        address to,
        uint256 value,
        bytes memory data
    ) internal {
        if (to.code.length == 0) {
            safeTransferFrom(token, from, to, value);
        } else if (!token.transferFromAndCall(from, to, value, data)) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no
     * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
     * targeting contracts.
     *
     * NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.
     * Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}
     * once without retrying, and relies on the returned value to be true.
     *
     * Reverts if the returned value is other than `true`.
     */
    function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
        if (to.code.length == 0) {
            forceApprove(token, to, value);
        } else if (!token.approveAndCall(to, value, data)) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        uint256 returnSize;
        uint256 returnValue;
        assembly ("memory-safe") {
            let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
            // bubble errors
            if iszero(success) {
                let ptr := mload(0x40)
                returndatacopy(ptr, 0, returndatasize())
                revert(ptr, returndatasize())
            }
            returnSize := returndatasize()
            returnValue := mload(0)
        }

        if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
     */
    function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
        bool success;
        uint256 returnSize;
        uint256 returnValue;
        assembly ("memory-safe") {
            success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
            returnSize := returndatasize()
            returnValue := mload(0)
        }
        return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/Address.sol)

pragma solidity ^0.8.20;

import {Errors} from "./Errors.sol";

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev There's no code at `target` (it is not a contract).
     */
    error AddressEmptyCode(address target);

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        if (address(this).balance < amount) {
            revert Errors.InsufficientBalance(address(this).balance, amount);
        }

        (bool success, bytes memory returndata) = recipient.call{value: amount}("");
        if (!success) {
            _revert(returndata);
        }
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason or custom error, it is bubbled
     * up by this function (like regular Solidity function calls). However, if
     * the call reverted with no returned reason, this function reverts with a
     * {Errors.FailedCall} error.
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        if (address(this).balance < value) {
            revert Errors.InsufficientBalance(address(this).balance, value);
        }
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
     * was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case
     * of an unsuccessful call.
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata
    ) internal view returns (bytes memory) {
        if (!success) {
            _revert(returndata);
        } else {
            // only check if target is a contract if the call was successful and the return data is empty
            // otherwise we already know that it was a contract
            if (returndata.length == 0 && target.code.length == 0) {
                revert AddressEmptyCode(target);
            }
            return returndata;
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
     * revert reason or with a default {Errors.FailedCall} error.
     */
    function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
        if (!success) {
            _revert(returndata);
        } else {
            return returndata;
        }
    }

    /**
     * @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.
     */
    function _revert(bytes memory returndata) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            assembly ("memory-safe") {
                revert(add(returndata, 0x20), mload(returndata))
            }
        } else {
            revert Errors.FailedCall();
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Create2.sol)

pragma solidity ^0.8.20;

import {Errors} from "./Errors.sol";

/**
 * @dev Helper to make usage of the `CREATE2` EVM opcode easier and safer.
 * `CREATE2` can be used to compute in advance the address where a smart
 * contract will be deployed, which allows for interesting new mechanisms known
 * as 'counterfactual interactions'.
 *
 * See the https://eips.ethereum.org/EIPS/eip-1014#motivation[EIP] for more
 * information.
 */
library Create2 {
    /**
     * @dev There's no code to deploy.
     */
    error Create2EmptyBytecode();

    /**
     * @dev Deploys a contract using `CREATE2`. The address where the contract
     * will be deployed can be known in advance via {computeAddress}.
     *
     * The bytecode for a contract can be obtained from Solidity with
     * `type(contractName).creationCode`.
     *
     * Requirements:
     *
     * - `bytecode` must not be empty.
     * - `salt` must have not been used for `bytecode` already.
     * - the factory must have a balance of at least `amount`.
     * - if `amount` is non-zero, `bytecode` must have a `payable` constructor.
     */
    function deploy(uint256 amount, bytes32 salt, bytes memory bytecode) internal returns (address addr) {
        if (address(this).balance < amount) {
            revert Errors.InsufficientBalance(address(this).balance, amount);
        }
        if (bytecode.length == 0) {
            revert Create2EmptyBytecode();
        }
        assembly ("memory-safe") {
            addr := create2(amount, add(bytecode, 0x20), mload(bytecode), salt)
            // if no address was created, and returndata is not empty, bubble revert
            if and(iszero(addr), not(iszero(returndatasize()))) {
                let p := mload(0x40)
                returndatacopy(p, 0, returndatasize())
                revert(p, returndatasize())
            }
        }
        if (addr == address(0)) {
            revert Errors.FailedDeployment();
        }
    }

    /**
     * @dev Returns the address where a contract will be stored if deployed via {deploy}. Any change in the
     * `bytecodeHash` or `salt` will result in a new destination address.
     */
    function computeAddress(bytes32 salt, bytes32 bytecodeHash) internal view returns (address) {
        return computeAddress(salt, bytecodeHash, address(this));
    }

    /**
     * @dev Returns the address where a contract will be stored if deployed via {deploy} from a contract located at
     * `deployer`. If `deployer` is this contract's address, returns the same value as {computeAddress}.
     */
    function computeAddress(bytes32 salt, bytes32 bytecodeHash, address deployer) internal pure returns (address addr) {
        assembly ("memory-safe") {
            let ptr := mload(0x40) // Get free memory pointer

            // |                   | ↓ ptr ...  ↓ ptr + 0x0B (start) ...  ↓ ptr + 0x20 ...  ↓ ptr + 0x40 ...   |
            // |-------------------|---------------------------------------------------------------------------|
            // | bytecodeHash      |                                                        CCCCCCCCCCCCC...CC |
            // | salt              |                                      BBBBBBBBBBBBB...BB                   |
            // | deployer          | 000000...0000AAAAAAAAAAAAAAAAAAA...AA                                     |
            // | 0xFF              |            FF                                                             |
            // |-------------------|---------------------------------------------------------------------------|
            // | memory            | 000000...00FFAAAAAAAAAAAAAAAAAAA...AABBBBBBBBBBBBB...BBCCCCCCCCCCCCC...CC |
            // | keccak(start, 85) |            ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑ |

            mstore(add(ptr, 0x40), bytecodeHash)
            mstore(add(ptr, 0x20), salt)
            mstore(ptr, deployer) // Right-aligned with 12 preceding garbage bytes
            let start := add(ptr, 0x0b) // The hashed data starts at the final garbage byte which we will set to 0xff
            mstore8(start, 0xff)
            addr := and(keccak256(start, 85), 0xffffffffffffffffffffffffffffffffffffffff)
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Errors.sol)

pragma solidity ^0.8.20;

/**
 * @dev Collection of common custom errors used in multiple contracts
 *
 * IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.
 * It is recommended to avoid relying on the error API for critical functionality.
 *
 * _Available since v5.1._
 */
library Errors {
    /**
     * @dev The ETH balance of the account is not enough to perform the operation.
     */
    error InsufficientBalance(uint256 balance, uint256 needed);

    /**
     * @dev A call to an address target failed. The target may have reverted.
     */
    error FailedCall();

    /**
     * @dev The deployment failed.
     */
    error FailedDeployment();

    /**
     * @dev A necessary precompile is missing.
     */
    error MissingPrecompile(address);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/introspection/IERC165.sol)

pragma solidity >=0.4.16;

/**
 * @dev Interface of the ERC-165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[ERC].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
    /**
     * @dev Returns true if this contract implements the interface defined by
     * `interfaceId`. See the corresponding
     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
     * to learn more about how these ids are created.
     *
     * This function call must use less than 30 000 gas.
     */
    function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/math/Math.sol)

pragma solidity ^0.8.20;

import {Panic} from "../Panic.sol";
import {SafeCast} from "./SafeCast.sol";

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    enum Rounding {
        Floor, // Toward negative infinity
        Ceil, // Toward positive infinity
        Trunc, // Toward zero
        Expand // Away from zero
    }

    /**
     * @dev Return the 512-bit addition of two uint256.
     *
     * The result is stored in two 256 variables such that sum = high * 2²⁵⁶ + low.
     */
    function add512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {
        assembly ("memory-safe") {
            low := add(a, b)
            high := lt(low, a)
        }
    }

    /**
     * @dev Return the 512-bit multiplication of two uint256.
     *
     * The result is stored in two 256 variables such that product = high * 2²⁵⁶ + low.
     */
    function mul512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {
        // 512-bit multiply [high low] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use
        // the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
        // variables such that product = high * 2²⁵⁶ + low.
        assembly ("memory-safe") {
            let mm := mulmod(a, b, not(0))
            low := mul(a, b)
            high := sub(sub(mm, low), lt(mm, low))
        }
    }

    /**
     * @dev Returns the addition of two unsigned integers, with a success flag (no overflow).
     */
    function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
        unchecked {
            uint256 c = a + b;
            success = c >= a;
            result = c * SafeCast.toUint(success);
        }
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, with a success flag (no overflow).
     */
    function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
        unchecked {
            uint256 c = a - b;
            success = c <= a;
            result = c * SafeCast.toUint(success);
        }
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, with a success flag (no overflow).
     */
    function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
        unchecked {
            uint256 c = a * b;
            assembly ("memory-safe") {
                // Only true when the multiplication doesn't overflow
                // (c / a == b) || (a == 0)
                success := or(eq(div(c, a), b), iszero(a))
            }
            // equivalent to: success ? c : 0
            result = c * SafeCast.toUint(success);
        }
    }

    /**
     * @dev Returns the division of two unsigned integers, with a success flag (no division by zero).
     */
    function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
        unchecked {
            success = b > 0;
            assembly ("memory-safe") {
                // The `DIV` opcode returns zero when the denominator is 0.
                result := div(a, b)
            }
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).
     */
    function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
        unchecked {
            success = b > 0;
            assembly ("memory-safe") {
                // The `MOD` opcode returns zero when the denominator is 0.
                result := mod(a, b)
            }
        }
    }

    /**
     * @dev Unsigned saturating addition, bounds to `2²⁵⁶ - 1` instead of overflowing.
     */
    function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {
        (bool success, uint256 result) = tryAdd(a, b);
        return ternary(success, result, type(uint256).max);
    }

    /**
     * @dev Unsigned saturating subtraction, bounds to zero instead of overflowing.
     */
    function saturatingSub(uint256 a, uint256 b) internal pure returns (uint256) {
        (, uint256 result) = trySub(a, b);
        return result;
    }

    /**
     * @dev Unsigned saturating multiplication, bounds to `2²⁵⁶ - 1` instead of overflowing.
     */
    function saturatingMul(uint256 a, uint256 b) internal pure returns (uint256) {
        (bool success, uint256 result) = tryMul(a, b);
        return ternary(success, result, type(uint256).max);
    }

    /**
     * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
     *
     * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
     * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
     * one branch when needed, making this function more expensive.
     */
    function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {
        unchecked {
            // branchless ternary works because:
            // b ^ (a ^ b) == a
            // b ^ 0 == b
            return b ^ ((a ^ b) * SafeCast.toUint(condition));
        }
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return ternary(a > b, a, b);
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return ternary(a < b, a, b);
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds towards infinity instead
     * of rounding towards zero.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        if (b == 0) {
            // Guarantee the same behavior as in a regular Solidity division.
            Panic.panic(Panic.DIVISION_BY_ZERO);
        }

        // The following calculation ensures accurate ceiling division without overflow.
        // Since a is non-zero, (a - 1) / b will not overflow.
        // The largest possible result occurs when (a - 1) / b is type(uint256).max,
        // but the largest value we can obtain is type(uint256).max - 1, which happens
        // when a = type(uint256).max and b = 1.
        unchecked {
            return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);
        }
    }

    /**
     * @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
     * denominator == 0.
     *
     * Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
     * Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            (uint256 high, uint256 low) = mul512(x, y);

            // Handle non-overflow cases, 256 by 256 division.
            if (high == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return low / denominator;
            }

            // Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.
            if (denominator <= high) {
                Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));
            }

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [high low].
            uint256 remainder;
            assembly ("memory-safe") {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                high := sub(high, gt(remainder, low))
                low := sub(low, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
            // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.

            uint256 twos = denominator & (0 - denominator);
            assembly ("memory-safe") {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [high low] by twos.
                low := div(low, twos)

                // Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from high into low.
            low |= high * twos;

            // Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such
            // that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv ≡ 1 mod 2⁴.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
            // works in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2⁸
            inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶
            inverse *= 2 - denominator * inverse; // inverse mod 2³²
            inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴
            inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸
            inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is
            // less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and high
            // is no longer required.
            result = low * inverse;
            return result;
        }
    }

    /**
     * @dev Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);
    }

    /**
     * @dev Calculates floor(x * y >> n) with full precision. Throws if result overflows a uint256.
     */
    function mulShr(uint256 x, uint256 y, uint8 n) internal pure returns (uint256 result) {
        unchecked {
            (uint256 high, uint256 low) = mul512(x, y);
            if (high >= 1 << n) {
                Panic.panic(Panic.UNDER_OVERFLOW);
            }
            return (high << (256 - n)) | (low >> n);
        }
    }

    /**
     * @dev Calculates x * y >> n with full precision, following the selected rounding direction.
     */
    function mulShr(uint256 x, uint256 y, uint8 n, Rounding rounding) internal pure returns (uint256) {
        return mulShr(x, y, n) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, 1 << n) > 0);
    }

    /**
     * @dev Calculate the modular multiplicative inverse of a number in Z/nZ.
     *
     * If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.
     * If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.
     *
     * If the input value is not inversible, 0 is returned.
     *
     * NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the
     * inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.
     */
    function invMod(uint256 a, uint256 n) internal pure returns (uint256) {
        unchecked {
            if (n == 0) return 0;

            // The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)
            // Used to compute integers x and y such that: ax + ny = gcd(a, n).
            // When the gcd is 1, then the inverse of a modulo n exists and it's x.
            // ax + ny = 1
            // ax = 1 + (-y)n
            // ax ≡ 1 (mod n) # x is the inverse of a modulo n

            // If the remainder is 0 the gcd is n right away.
            uint256 remainder = a % n;
            uint256 gcd = n;

            // Therefore the initial coefficients are:
            // ax + ny = gcd(a, n) = n
            // 0a + 1n = n
            int256 x = 0;
            int256 y = 1;

            while (remainder != 0) {
                uint256 quotient = gcd / remainder;

                (gcd, remainder) = (
                    // The old remainder is the next gcd to try.
                    remainder,
                    // Compute the next remainder.
                    // Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd
                    // where gcd is at most n (capped to type(uint256).max)
                    gcd - remainder * quotient
                );

                (x, y) = (
                    // Increment the coefficient of a.
                    y,
                    // Decrement the coefficient of n.
                    // Can overflow, but the result is casted to uint256 so that the
                    // next value of y is "wrapped around" to a value between 0 and n - 1.
                    x - y * int256(quotient)
                );
            }

            if (gcd != 1) return 0; // No inverse exists.
            return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.
        }
    }

    /**
     * @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.
     *
     * From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is
     * prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that
     * `a**(p-2)` is the modular multiplicative inverse of a in Fp.
     *
     * NOTE: this function does NOT check that `p` is a prime greater than `2`.
     */
    function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {
        unchecked {
            return Math.modExp(a, p - 2, p);
        }
    }

    /**
     * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)
     *
     * Requirements:
     * - modulus can't be zero
     * - underlying staticcall to precompile must succeed
     *
     * IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make
     * sure the chain you're using it on supports the precompiled contract for modular exponentiation
     * at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,
     * the underlying function will succeed given the lack of a revert, but the result may be incorrectly
     * interpreted as 0.
     */
    function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {
        (bool success, uint256 result) = tryModExp(b, e, m);
        if (!success) {
            Panic.panic(Panic.DIVISION_BY_ZERO);
        }
        return result;
    }

    /**
     * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).
     * It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying
     * to operate modulo 0 or if the underlying precompile reverted.
     *
     * IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain
     * you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in
     * https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack
     * of a revert, but the result may be incorrectly interpreted as 0.
     */
    function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {
        if (m == 0) return (false, 0);
        assembly ("memory-safe") {
            let ptr := mload(0x40)
            // | Offset    | Content    | Content (Hex)                                                      |
            // |-----------|------------|--------------------------------------------------------------------|
            // | 0x00:0x1f | size of b  | 0x0000000000000000000000000000000000000000000000000000000000000020 |
            // | 0x20:0x3f | size of e  | 0x0000000000000000000000000000000000000000000000000000000000000020 |
            // | 0x40:0x5f | size of m  | 0x0000000000000000000000000000000000000000000000000000000000000020 |
            // | 0x60:0x7f | value of b | 0x<.............................................................b> |
            // | 0x80:0x9f | value of e | 0x<.............................................................e> |
            // | 0xa0:0xbf | value of m | 0x<.............................................................m> |
            mstore(ptr, 0x20)
            mstore(add(ptr, 0x20), 0x20)
            mstore(add(ptr, 0x40), 0x20)
            mstore(add(ptr, 0x60), b)
            mstore(add(ptr, 0x80), e)
            mstore(add(ptr, 0xa0), m)

            // Given the result < m, it's guaranteed to fit in 32 bytes,
            // so we can use the memory scratch space located at offset 0.
            success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)
            result := mload(0x00)
        }
    }

    /**
     * @dev Variant of {modExp} that supports inputs of arbitrary length.
     */
    function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {
        (bool success, bytes memory result) = tryModExp(b, e, m);
        if (!success) {
            Panic.panic(Panic.DIVISION_BY_ZERO);
        }
        return result;
    }

    /**
     * @dev Variant of {tryModExp} that supports inputs of arbitrary length.
     */
    function tryModExp(
        bytes memory b,
        bytes memory e,
        bytes memory m
    ) internal view returns (bool success, bytes memory result) {
        if (_zeroBytes(m)) return (false, new bytes(0));

        uint256 mLen = m.length;

        // Encode call args in result and move the free memory pointer
        result = abi.encodePacked(b.length, e.length, mLen, b, e, m);

        assembly ("memory-safe") {
            let dataPtr := add(result, 0x20)
            // Write result on top of args to avoid allocating extra memory.
            success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)
            // Overwrite the length.
            // result.length > returndatasize() is guaranteed because returndatasize() == m.length
            mstore(result, mLen)
            // Set the memory pointer after the returned data.
            mstore(0x40, add(dataPtr, mLen))
        }
    }

    /**
     * @dev Returns whether the provided byte array is zero.
     */
    function _zeroBytes(bytes memory byteArray) private pure returns (bool) {
        for (uint256 i = 0; i < byteArray.length; ++i) {
            if (byteArray[i] != 0) {
                return false;
            }
        }
        return true;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
     * towards zero.
     *
     * This method is based on Newton's method for computing square roots; the algorithm is restricted to only
     * using integer operations.
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        unchecked {
            // Take care of easy edge cases when a == 0 or a == 1
            if (a <= 1) {
                return a;
            }

            // In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a
            // sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between
            // the current value as `ε_n = | x_n - sqrt(a) |`.
            //
            // For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root
            // of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is
            // bigger than any uint256.
            //
            // By noticing that
            // `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`
            // we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar
            // to the msb function.
            uint256 aa = a;
            uint256 xn = 1;

            if (aa >= (1 << 128)) {
                aa >>= 128;
                xn <<= 64;
            }
            if (aa >= (1 << 64)) {
                aa >>= 64;
                xn <<= 32;
            }
            if (aa >= (1 << 32)) {
                aa >>= 32;
                xn <<= 16;
            }
            if (aa >= (1 << 16)) {
                aa >>= 16;
                xn <<= 8;
            }
            if (aa >= (1 << 8)) {
                aa >>= 8;
                xn <<= 4;
            }
            if (aa >= (1 << 4)) {
                aa >>= 4;
                xn <<= 2;
            }
            if (aa >= (1 << 2)) {
                xn <<= 1;
            }

            // We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).
            //
            // We can refine our estimation by noticing that the middle of that interval minimizes the error.
            // If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).
            // This is going to be our x_0 (and ε_0)
            xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)

            // From here, Newton's method give us:
            // x_{n+1} = (x_n + a / x_n) / 2
            //
            // One should note that:
            // x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a
            //              = ((x_n² + a) / (2 * x_n))² - a
            //              = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a
            //              = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)
            //              = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)
            //              = (x_n² - a)² / (2 * x_n)²
            //              = ((x_n² - a) / (2 * x_n))²
            //              ≥ 0
            // Which proves that for all n ≥ 1, sqrt(a) ≤ x_n
            //
            // This gives us the proof of quadratic convergence of the sequence:
            // ε_{n+1} = | x_{n+1} - sqrt(a) |
            //         = | (x_n + a / x_n) / 2 - sqrt(a) |
            //         = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |
            //         = | (x_n - sqrt(a))² / (2 * x_n) |
            //         = | ε_n² / (2 * x_n) |
            //         = ε_n² / | (2 * x_n) |
            //
            // For the first iteration, we have a special case where x_0 is known:
            // ε_1 = ε_0² / | (2 * x_0) |
            //     ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))
            //     ≤ 2**(2*e-4) / (3 * 2**(e-1))
            //     ≤ 2**(e-3) / 3
            //     ≤ 2**(e-3-log2(3))
            //     ≤ 2**(e-4.5)
            //
            // For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:
            // ε_{n+1} = ε_n² / | (2 * x_n) |
            //         ≤ (2**(e-k))² / (2 * 2**(e-1))
            //         ≤ 2**(2*e-2*k) / 2**e
            //         ≤ 2**(e-2*k)
            xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5)  -- special case, see above
            xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9)    -- general case with k = 4.5
            xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18)   -- general case with k = 9
            xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36)   -- general case with k = 18
            xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72)   -- general case with k = 36
            xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144)  -- general case with k = 72

            // Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision
            // ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either
            // sqrt(a) or sqrt(a) + 1.
            return xn - SafeCast.toUint(xn > a / xn);
        }
    }

    /**
     * @dev Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);
        }
    }

    /**
     * @dev Return the log in base 2 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log2(uint256 x) internal pure returns (uint256 r) {
        // If value has upper 128 bits set, log2 result is at least 128
        r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
        // If upper 64 bits of 128-bit half set, add 64 to result
        r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
        // If upper 32 bits of 64-bit half set, add 32 to result
        r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
        // If upper 16 bits of 32-bit half set, add 16 to result
        r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
        // If upper 8 bits of 16-bit half set, add 8 to result
        r |= SafeCast.toUint((x >> r) > 0xff) << 3;
        // If upper 4 bits of 8-bit half set, add 4 to result
        r |= SafeCast.toUint((x >> r) > 0xf) << 2;

        // Shifts value right by the current result and use it as an index into this lookup table:
        //
        // | x (4 bits) |  index  | table[index] = MSB position |
        // |------------|---------|-----------------------------|
        // |    0000    |    0    |        table[0] = 0         |
        // |    0001    |    1    |        table[1] = 0         |
        // |    0010    |    2    |        table[2] = 1         |
        // |    0011    |    3    |        table[3] = 1         |
        // |    0100    |    4    |        table[4] = 2         |
        // |    0101    |    5    |        table[5] = 2         |
        // |    0110    |    6    |        table[6] = 2         |
        // |    0111    |    7    |        table[7] = 2         |
        // |    1000    |    8    |        table[8] = 3         |
        // |    1001    |    9    |        table[9] = 3         |
        // |    1010    |   10    |        table[10] = 3        |
        // |    1011    |   11    |        table[11] = 3        |
        // |    1100    |   12    |        table[12] = 3        |
        // |    1101    |   13    |        table[13] = 3        |
        // |    1110    |   14    |        table[14] = 3        |
        // |    1111    |   15    |        table[15] = 3        |
        //
        // The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the last 16 bytes.
        assembly ("memory-safe") {
            r := or(r, byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000))
        }
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);
        }
    }

    /**
     * @dev Return the log in base 10 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);
        }
    }

    /**
     * @dev Return the log in base 256 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 x) internal pure returns (uint256 r) {
        // If value has upper 128 bits set, log2 result is at least 128
        r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
        // If upper 64 bits of 128-bit half set, add 64 to result
        r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
        // If upper 32 bits of 64-bit half set, add 32 to result
        r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
        // If upper 16 bits of 32-bit half set, add 16 to result
        r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
        // Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8
        return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);
        }
    }

    /**
     * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
     */
    function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
        return uint8(rounding) % 2 == 1;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.

pragma solidity ^0.8.20;

/**
 * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow
 * checks.
 *
 * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
 * easily result in undesired exploitation or bugs, since developers usually
 * assume that overflows raise errors. `SafeCast` restores this intuition by
 * reverting the transaction when such an operation overflows.
 *
 * Using this library instead of the unchecked operations eliminates an entire
 * class of bugs, so it's recommended to use it always.
 */
library SafeCast {
    /**
     * @dev Value doesn't fit in an uint of `bits` size.
     */
    error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);

    /**
     * @dev An int value doesn't fit in an uint of `bits` size.
     */
    error SafeCastOverflowedIntToUint(int256 value);

    /**
     * @dev Value doesn't fit in an int of `bits` size.
     */
    error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);

    /**
     * @dev An uint value doesn't fit in an int of `bits` size.
     */
    error SafeCastOverflowedUintToInt(uint256 value);

    /**
     * @dev Returns the downcasted uint248 from uint256, reverting on
     * overflow (when the input is greater than largest uint248).
     *
     * Counterpart to Solidity's `uint248` operator.
     *
     * Requirements:
     *
     * - input must fit into 248 bits
     */
    function toUint248(uint256 value) internal pure returns (uint248) {
        if (value > type(uint248).max) {
            revert SafeCastOverflowedUintDowncast(248, value);
        }
        return uint248(value);
    }

    /**
     * @dev Returns the downcasted uint240 from uint256, reverting on
     * overflow (when the input is greater than largest uint240).
     *
     * Counterpart to Solidity's `uint240` operator.
     *
     * Requirements:
     *
     * - input must fit into 240 bits
     */
    function toUint240(uint256 value) internal pure returns (uint240) {
        if (value > type(uint240).max) {
            revert SafeCastOverflowedUintDowncast(240, value);
        }
        return uint240(value);
    }

    /**
     * @dev Returns the downcasted uint232 from uint256, reverting on
     * overflow (when the input is greater than largest uint232).
     *
     * Counterpart to Solidity's `uint232` operator.
     *
     * Requirements:
     *
     * - input must fit into 232 bits
     */
    function toUint232(uint256 value) internal pure returns (uint232) {
        if (value > type(uint232).max) {
            revert SafeCastOverflowedUintDowncast(232, value);
        }
        return uint232(value);
    }

    /**
     * @dev Returns the downcasted uint224 from uint256, reverting on
     * overflow (when the input is greater than largest uint224).
     *
     * Counterpart to Solidity's `uint224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     */
    function toUint224(uint256 value) internal pure returns (uint224) {
        if (value > type(uint224).max) {
            revert SafeCastOverflowedUintDowncast(224, value);
        }
        return uint224(value);
    }

    /**
     * @dev Returns the downcasted uint216 from uint256, reverting on
     * overflow (when the input is greater than largest uint216).
     *
     * Counterpart to Solidity's `uint216` operator.
     *
     * Requirements:
     *
     * - input must fit into 216 bits
     */
    function toUint216(uint256 value) internal pure returns (uint216) {
        if (value > type(uint216).max) {
            revert SafeCastOverflowedUintDowncast(216, value);
        }
        return uint216(value);
    }

    /**
     * @dev Returns the downcasted uint208 from uint256, reverting on
     * overflow (when the input is greater than largest uint208).
     *
     * Counterpart to Solidity's `uint208` operator.
     *
     * Requirements:
     *
     * - input must fit into 208 bits
     */
    function toUint208(uint256 value) internal pure returns (uint208) {
        if (value > type(uint208).max) {
            revert SafeCastOverflowedUintDowncast(208, value);
        }
        return uint208(value);
    }

    /**
     * @dev Returns the downcasted uint200 from uint256, reverting on
     * overflow (when the input is greater than largest uint200).
     *
     * Counterpart to Solidity's `uint200` operator.
     *
     * Requirements:
     *
     * - input must fit into 200 bits
     */
    function toUint200(uint256 value) internal pure returns (uint200) {
        if (value > type(uint200).max) {
            revert SafeCastOverflowedUintDowncast(200, value);
        }
        return uint200(value);
    }

    /**
     * @dev Returns the downcasted uint192 from uint256, reverting on
     * overflow (when the input is greater than largest uint192).
     *
     * Counterpart to Solidity's `uint192` operator.
     *
     * Requirements:
     *
     * - input must fit into 192 bits
     */
    function toUint192(uint256 value) internal pure returns (uint192) {
        if (value > type(uint192).max) {
            revert SafeCastOverflowedUintDowncast(192, value);
        }
        return uint192(value);
    }

    /**
     * @dev Returns the downcasted uint184 from uint256, reverting on
     * overflow (when the input is greater than largest uint184).
     *
     * Counterpart to Solidity's `uint184` operator.
     *
     * Requirements:
     *
     * - input must fit into 184 bits
     */
    function toUint184(uint256 value) internal pure returns (uint184) {
        if (value > type(uint184).max) {
            revert SafeCastOverflowedUintDowncast(184, value);
        }
        return uint184(value);
    }

    /**
     * @dev Returns the downcasted uint176 from uint256, reverting on
     * overflow (when the input is greater than largest uint176).
     *
     * Counterpart to Solidity's `uint176` operator.
     *
     * Requirements:
     *
     * - input must fit into 176 bits
     */
    function toUint176(uint256 value) internal pure returns (uint176) {
        if (value > type(uint176).max) {
            revert SafeCastOverflowedUintDowncast(176, value);
        }
        return uint176(value);
    }

    /**
     * @dev Returns the downcasted uint168 from uint256, reverting on
     * overflow (when the input is greater than largest uint168).
     *
     * Counterpart to Solidity's `uint168` operator.
     *
     * Requirements:
     *
     * - input must fit into 168 bits
     */
    function toUint168(uint256 value) internal pure returns (uint168) {
        if (value > type(uint168).max) {
            revert SafeCastOverflowedUintDowncast(168, value);
        }
        return uint168(value);
    }

    /**
     * @dev Returns the downcasted uint160 from uint256, reverting on
     * overflow (when the input is greater than largest uint160).
     *
     * Counterpart to Solidity's `uint160` operator.
     *
     * Requirements:
     *
     * - input must fit into 160 bits
     */
    function toUint160(uint256 value) internal pure returns (uint160) {
        if (value > type(uint160).max) {
            revert SafeCastOverflowedUintDowncast(160, value);
        }
        return uint160(value);
    }

    /**
     * @dev Returns the downcasted uint152 from uint256, reverting on
     * overflow (when the input is greater than largest uint152).
     *
     * Counterpart to Solidity's `uint152` operator.
     *
     * Requirements:
     *
     * - input must fit into 152 bits
     */
    function toUint152(uint256 value) internal pure returns (uint152) {
        if (value > type(uint152).max) {
            revert SafeCastOverflowedUintDowncast(152, value);
        }
        return uint152(value);
    }

    /**
     * @dev Returns the downcasted uint144 from uint256, reverting on
     * overflow (when the input is greater than largest uint144).
     *
     * Counterpart to Solidity's `uint144` operator.
     *
     * Requirements:
     *
     * - input must fit into 144 bits
     */
    function toUint144(uint256 value) internal pure returns (uint144) {
        if (value > type(uint144).max) {
            revert SafeCastOverflowedUintDowncast(144, value);
        }
        return uint144(value);
    }

    /**
     * @dev Returns the downcasted uint136 from uint256, reverting on
     * overflow (when the input is greater than largest uint136).
     *
     * Counterpart to Solidity's `uint136` operator.
     *
     * Requirements:
     *
     * - input must fit into 136 bits
     */
    function toUint136(uint256 value) internal pure returns (uint136) {
        if (value > type(uint136).max) {
            revert SafeCastOverflowedUintDowncast(136, value);
        }
        return uint136(value);
    }

    /**
     * @dev Returns the downcasted uint128 from uint256, reverting on
     * overflow (when the input is greater than largest uint128).
     *
     * Counterpart to Solidity's `uint128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     */
    function toUint128(uint256 value) internal pure returns (uint128) {
        if (value > type(uint128).max) {
            revert SafeCastOverflowedUintDowncast(128, value);
        }
        return uint128(value);
    }

    /**
     * @dev Returns the downcasted uint120 from uint256, reverting on
     * overflow (when the input is greater than largest uint120).
     *
     * Counterpart to Solidity's `uint120` operator.
     *
     * Requirements:
     *
     * - input must fit into 120 bits
     */
    function toUint120(uint256 value) internal pure returns (uint120) {
        if (value > type(uint120).max) {
            revert SafeCastOverflowedUintDowncast(120, value);
        }
        return uint120(value);
    }

    /**
     * @dev Returns the downcasted uint112 from uint256, reverting on
     * overflow (when the input is greater than largest uint112).
     *
     * Counterpart to Solidity's `uint112` operator.
     *
     * Requirements:
     *
     * - input must fit into 112 bits
     */
    function toUint112(uint256 value) internal pure returns (uint112) {
        if (value > type(uint112).max) {
            revert SafeCastOverflowedUintDowncast(112, value);
        }
        return uint112(value);
    }

    /**
     * @dev Returns the downcasted uint104 from uint256, reverting on
     * overflow (when the input is greater than largest uint104).
     *
     * Counterpart to Solidity's `uint104` operator.
     *
     * Requirements:
     *
     * - input must fit into 104 bits
     */
    function toUint104(uint256 value) internal pure returns (uint104) {
        if (value > type(uint104).max) {
            revert SafeCastOverflowedUintDowncast(104, value);
        }
        return uint104(value);
    }

    /**
     * @dev Returns the downcasted uint96 from uint256, reverting on
     * overflow (when the input is greater than largest uint96).
     *
     * Counterpart to Solidity's `uint96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     */
    function toUint96(uint256 value) internal pure returns (uint96) {
        if (value > type(uint96).max) {
            revert SafeCastOverflowedUintDowncast(96, value);
        }
        return uint96(value);
    }

    /**
     * @dev Returns the downcasted uint88 from uint256, reverting on
     * overflow (when the input is greater than largest uint88).
     *
     * Counterpart to Solidity's `uint88` operator.
     *
     * Requirements:
     *
     * - input must fit into 88 bits
     */
    function toUint88(uint256 value) internal pure returns (uint88) {
        if (value > type(uint88).max) {
            revert SafeCastOverflowedUintDowncast(88, value);
        }
        return uint88(value);
    }

    /**
     * @dev Returns the downcasted uint80 from uint256, reverting on
     * overflow (when the input is greater than largest uint80).
     *
     * Counterpart to Solidity's `uint80` operator.
     *
     * Requirements:
     *
     * - input must fit into 80 bits
     */
    function toUint80(uint256 value) internal pure returns (uint80) {
        if (value > type(uint80).max) {
            revert SafeCastOverflowedUintDowncast(80, value);
        }
        return uint80(value);
    }

    /**
     * @dev Returns the downcasted uint72 from uint256, reverting on
     * overflow (when the input is greater than largest uint72).
     *
     * Counterpart to Solidity's `uint72` operator.
     *
     * Requirements:
     *
     * - input must fit into 72 bits
     */
    function toUint72(uint256 value) internal pure returns (uint72) {
        if (value > type(uint72).max) {
            revert SafeCastOverflowedUintDowncast(72, value);
        }
        return uint72(value);
    }

    /**
     * @dev Returns the downcasted uint64 from uint256, reverting on
     * overflow (when the input is greater than largest uint64).
     *
     * Counterpart to Solidity's `uint64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     */
    function toUint64(uint256 value) internal pure returns (uint64) {
        if (value > type(uint64).max) {
            revert SafeCastOverflowedUintDowncast(64, value);
        }
        return uint64(value);
    }

    /**
     * @dev Returns the downcasted uint56 from uint256, reverting on
     * overflow (when the input is greater than largest uint56).
     *
     * Counterpart to Solidity's `uint56` operator.
     *
     * Requirements:
     *
     * - input must fit into 56 bits
     */
    function toUint56(uint256 value) internal pure returns (uint56) {
        if (value > type(uint56).max) {
            revert SafeCastOverflowedUintDowncast(56, value);
        }
        return uint56(value);
    }

    /**
     * @dev Returns the downcasted uint48 from uint256, reverting on
     * overflow (when the input is greater than largest uint48).
     *
     * Counterpart to Solidity's `uint48` operator.
     *
     * Requirements:
     *
     * - input must fit into 48 bits
     */
    function toUint48(uint256 value) internal pure returns (uint48) {
        if (value > type(uint48).max) {
            revert SafeCastOverflowedUintDowncast(48, value);
        }
        return uint48(value);
    }

    /**
     * @dev Returns the downcasted uint40 from uint256, reverting on
     * overflow (when the input is greater than largest uint40).
     *
     * Counterpart to Solidity's `uint40` operator.
     *
     * Requirements:
     *
     * - input must fit into 40 bits
     */
    function toUint40(uint256 value) internal pure returns (uint40) {
        if (value > type(uint40).max) {
            revert SafeCastOverflowedUintDowncast(40, value);
        }
        return uint40(value);
    }

    /**
     * @dev Returns the downcasted uint32 from uint256, reverting on
     * overflow (when the input is greater than largest uint32).
     *
     * Counterpart to Solidity's `uint32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     */
    function toUint32(uint256 value) internal pure returns (uint32) {
        if (value > type(uint32).max) {
            revert SafeCastOverflowedUintDowncast(32, value);
        }
        return uint32(value);
    }

    /**
     * @dev Returns the downcasted uint24 from uint256, reverting on
     * overflow (when the input is greater than largest uint24).
     *
     * Counterpart to Solidity's `uint24` operator.
     *
     * Requirements:
     *
     * - input must fit into 24 bits
     */
    function toUint24(uint256 value) internal pure returns (uint24) {
        if (value > type(uint24).max) {
            revert SafeCastOverflowedUintDowncast(24, value);
        }
        return uint24(value);
    }

    /**
     * @dev Returns the downcasted uint16 from uint256, reverting on
     * overflow (when the input is greater than largest uint16).
     *
     * Counterpart to Solidity's `uint16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     */
    function toUint16(uint256 value) internal pure returns (uint16) {
        if (value > type(uint16).max) {
            revert SafeCastOverflowedUintDowncast(16, value);
        }
        return uint16(value);
    }

    /**
     * @dev Returns the downcasted uint8 from uint256, reverting on
     * overflow (when the input is greater than largest uint8).
     *
     * Counterpart to Solidity's `uint8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits
     */
    function toUint8(uint256 value) internal pure returns (uint8) {
        if (value > type(uint8).max) {
            revert SafeCastOverflowedUintDowncast(8, value);
        }
        return uint8(value);
    }

    /**
     * @dev Converts a signed int256 into an unsigned uint256.
     *
     * Requirements:
     *
     * - input must be greater than or equal to 0.
     */
    function toUint256(int256 value) internal pure returns (uint256) {
        if (value < 0) {
            revert SafeCastOverflowedIntToUint(value);
        }
        return uint256(value);
    }

    /**
     * @dev Returns the downcasted int248 from int256, reverting on
     * overflow (when the input is less than smallest int248 or
     * greater than largest int248).
     *
     * Counterpart to Solidity's `int248` operator.
     *
     * Requirements:
     *
     * - input must fit into 248 bits
     */
    function toInt248(int256 value) internal pure returns (int248 downcasted) {
        downcasted = int248(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(248, value);
        }
    }

    /**
     * @dev Returns the downcasted int240 from int256, reverting on
     * overflow (when the input is less than smallest int240 or
     * greater than largest int240).
     *
     * Counterpart to Solidity's `int240` operator.
     *
     * Requirements:
     *
     * - input must fit into 240 bits
     */
    function toInt240(int256 value) internal pure returns (int240 downcasted) {
        downcasted = int240(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(240, value);
        }
    }

    /**
     * @dev Returns the downcasted int232 from int256, reverting on
     * overflow (when the input is less than smallest int232 or
     * greater than largest int232).
     *
     * Counterpart to Solidity's `int232` operator.
     *
     * Requirements:
     *
     * - input must fit into 232 bits
     */
    function toInt232(int256 value) internal pure returns (int232 downcasted) {
        downcasted = int232(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(232, value);
        }
    }

    /**
     * @dev Returns the downcasted int224 from int256, reverting on
     * overflow (when the input is less than smallest int224 or
     * greater than largest int224).
     *
     * Counterpart to Solidity's `int224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     */
    function toInt224(int256 value) internal pure returns (int224 downcasted) {
        downcasted = int224(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(224, value);
        }
    }

    /**
     * @dev Returns the downcasted int216 from int256, reverting on
     * overflow (when the input is less than smallest int216 or
     * greater than largest int216).
     *
     * Counterpart to Solidity's `int216` operator.
     *
     * Requirements:
     *
     * - input must fit into 216 bits
     */
    function toInt216(int256 value) internal pure returns (int216 downcasted) {
        downcasted = int216(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(216, value);
        }
    }

    /**
     * @dev Returns the downcasted int208 from int256, reverting on
     * overflow (when the input is less than smallest int208 or
     * greater than largest int208).
     *
     * Counterpart to Solidity's `int208` operator.
     *
     * Requirements:
     *
     * - input must fit into 208 bits
     */
    function toInt208(int256 value) internal pure returns (int208 downcasted) {
        downcasted = int208(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(208, value);
        }
    }

    /**
     * @dev Returns the downcasted int200 from int256, reverting on
     * overflow (when the input is less than smallest int200 or
     * greater than largest int200).
     *
     * Counterpart to Solidity's `int200` operator.
     *
     * Requirements:
     *
     * - input must fit into 200 bits
     */
    function toInt200(int256 value) internal pure returns (int200 downcasted) {
        downcasted = int200(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(200, value);
        }
    }

    /**
     * @dev Returns the downcasted int192 from int256, reverting on
     * overflow (when the input is less than smallest int192 or
     * greater than largest int192).
     *
     * Counterpart to Solidity's `int192` operator.
     *
     * Requirements:
     *
     * - input must fit into 192 bits
     */
    function toInt192(int256 value) internal pure returns (int192 downcasted) {
        downcasted = int192(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(192, value);
        }
    }

    /**
     * @dev Returns the downcasted int184 from int256, reverting on
     * overflow (when the input is less than smallest int184 or
     * greater than largest int184).
     *
     * Counterpart to Solidity's `int184` operator.
     *
     * Requirements:
     *
     * - input must fit into 184 bits
     */
    function toInt184(int256 value) internal pure returns (int184 downcasted) {
        downcasted = int184(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(184, value);
        }
    }

    /**
     * @dev Returns the downcasted int176 from int256, reverting on
     * overflow (when the input is less than smallest int176 or
     * greater than largest int176).
     *
     * Counterpart to Solidity's `int176` operator.
     *
     * Requirements:
     *
     * - input must fit into 176 bits
     */
    function toInt176(int256 value) internal pure returns (int176 downcasted) {
        downcasted = int176(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(176, value);
        }
    }

    /**
     * @dev Returns the downcasted int168 from int256, reverting on
     * overflow (when the input is less than smallest int168 or
     * greater than largest int168).
     *
     * Counterpart to Solidity's `int168` operator.
     *
     * Requirements:
     *
     * - input must fit into 168 bits
     */
    function toInt168(int256 value) internal pure returns (int168 downcasted) {
        downcasted = int168(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(168, value);
        }
    }

    /**
     * @dev Returns the downcasted int160 from int256, reverting on
     * overflow (when the input is less than smallest int160 or
     * greater than largest int160).
     *
     * Counterpart to Solidity's `int160` operator.
     *
     * Requirements:
     *
     * - input must fit into 160 bits
     */
    function toInt160(int256 value) internal pure returns (int160 downcasted) {
        downcasted = int160(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(160, value);
        }
    }

    /**
     * @dev Returns the downcasted int152 from int256, reverting on
     * overflow (when the input is less than smallest int152 or
     * greater than largest int152).
     *
     * Counterpart to Solidity's `int152` operator.
     *
     * Requirements:
     *
     * - input must fit into 152 bits
     */
    function toInt152(int256 value) internal pure returns (int152 downcasted) {
        downcasted = int152(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(152, value);
        }
    }

    /**
     * @dev Returns the downcasted int144 from int256, reverting on
     * overflow (when the input is less than smallest int144 or
     * greater than largest int144).
     *
     * Counterpart to Solidity's `int144` operator.
     *
     * Requirements:
     *
     * - input must fit into 144 bits
     */
    function toInt144(int256 value) internal pure returns (int144 downcasted) {
        downcasted = int144(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(144, value);
        }
    }

    /**
     * @dev Returns the downcasted int136 from int256, reverting on
     * overflow (when the input is less than smallest int136 or
     * greater than largest int136).
     *
     * Counterpart to Solidity's `int136` operator.
     *
     * Requirements:
     *
     * - input must fit into 136 bits
     */
    function toInt136(int256 value) internal pure returns (int136 downcasted) {
        downcasted = int136(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(136, value);
        }
    }

    /**
     * @dev Returns the downcasted int128 from int256, reverting on
     * overflow (when the input is less than smallest int128 or
     * greater than largest int128).
     *
     * Counterpart to Solidity's `int128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     */
    function toInt128(int256 value) internal pure returns (int128 downcasted) {
        downcasted = int128(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(128, value);
        }
    }

    /**
     * @dev Returns the downcasted int120 from int256, reverting on
     * overflow (when the input is less than smallest int120 or
     * greater than largest int120).
     *
     * Counterpart to Solidity's `int120` operator.
     *
     * Requirements:
     *
     * - input must fit into 120 bits
     */
    function toInt120(int256 value) internal pure returns (int120 downcasted) {
        downcasted = int120(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(120, value);
        }
    }

    /**
     * @dev Returns the downcasted int112 from int256, reverting on
     * overflow (when the input is less than smallest int112 or
     * greater than largest int112).
     *
     * Counterpart to Solidity's `int112` operator.
     *
     * Requirements:
     *
     * - input must fit into 112 bits
     */
    function toInt112(int256 value) internal pure returns (int112 downcasted) {
        downcasted = int112(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(112, value);
        }
    }

    /**
     * @dev Returns the downcasted int104 from int256, reverting on
     * overflow (when the input is less than smallest int104 or
     * greater than largest int104).
     *
     * Counterpart to Solidity's `int104` operator.
     *
     * Requirements:
     *
     * - input must fit into 104 bits
     */
    function toInt104(int256 value) internal pure returns (int104 downcasted) {
        downcasted = int104(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(104, value);
        }
    }

    /**
     * @dev Returns the downcasted int96 from int256, reverting on
     * overflow (when the input is less than smallest int96 or
     * greater than largest int96).
     *
     * Counterpart to Solidity's `int96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     */
    function toInt96(int256 value) internal pure returns (int96 downcasted) {
        downcasted = int96(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(96, value);
        }
    }

    /**
     * @dev Returns the downcasted int88 from int256, reverting on
     * overflow (when the input is less than smallest int88 or
     * greater than largest int88).
     *
     * Counterpart to Solidity's `int88` operator.
     *
     * Requirements:
     *
     * - input must fit into 88 bits
     */
    function toInt88(int256 value) internal pure returns (int88 downcasted) {
        downcasted = int88(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(88, value);
        }
    }

    /**
     * @dev Returns the downcasted int80 from int256, reverting on
     * overflow (when the input is less than smallest int80 or
     * greater than largest int80).
     *
     * Counterpart to Solidity's `int80` operator.
     *
     * Requirements:
     *
     * - input must fit into 80 bits
     */
    function toInt80(int256 value) internal pure returns (int80 downcasted) {
        downcasted = int80(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(80, value);
        }
    }

    /**
     * @dev Returns the downcasted int72 from int256, reverting on
     * overflow (when the input is less than smallest int72 or
     * greater than largest int72).
     *
     * Counterpart to Solidity's `int72` operator.
     *
     * Requirements:
     *
     * - input must fit into 72 bits
     */
    function toInt72(int256 value) internal pure returns (int72 downcasted) {
        downcasted = int72(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(72, value);
        }
    }

    /**
     * @dev Returns the downcasted int64 from int256, reverting on
     * overflow (when the input is less than smallest int64 or
     * greater than largest int64).
     *
     * Counterpart to Solidity's `int64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     */
    function toInt64(int256 value) internal pure returns (int64 downcasted) {
        downcasted = int64(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(64, value);
        }
    }

    /**
     * @dev Returns the downcasted int56 from int256, reverting on
     * overflow (when the input is less than smallest int56 or
     * greater than largest int56).
     *
     * Counterpart to Solidity's `int56` operator.
     *
     * Requirements:
     *
     * - input must fit into 56 bits
     */
    function toInt56(int256 value) internal pure returns (int56 downcasted) {
        downcasted = int56(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(56, value);
        }
    }

    /**
     * @dev Returns the downcasted int48 from int256, reverting on
     * overflow (when the input is less than smallest int48 or
     * greater than largest int48).
     *
     * Counterpart to Solidity's `int48` operator.
     *
     * Requirements:
     *
     * - input must fit into 48 bits
     */
    function toInt48(int256 value) internal pure returns (int48 downcasted) {
        downcasted = int48(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(48, value);
        }
    }

    /**
     * @dev Returns the downcasted int40 from int256, reverting on
     * overflow (when the input is less than smallest int40 or
     * greater than largest int40).
     *
     * Counterpart to Solidity's `int40` operator.
     *
     * Requirements:
     *
     * - input must fit into 40 bits
     */
    function toInt40(int256 value) internal pure returns (int40 downcasted) {
        downcasted = int40(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(40, value);
        }
    }

    /**
     * @dev Returns the downcasted int32 from int256, reverting on
     * overflow (when the input is less than smallest int32 or
     * greater than largest int32).
     *
     * Counterpart to Solidity's `int32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     */
    function toInt32(int256 value) internal pure returns (int32 downcasted) {
        downcasted = int32(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(32, value);
        }
    }

    /**
     * @dev Returns the downcasted int24 from int256, reverting on
     * overflow (when the input is less than smallest int24 or
     * greater than largest int24).
     *
     * Counterpart to Solidity's `int24` operator.
     *
     * Requirements:
     *
     * - input must fit into 24 bits
     */
    function toInt24(int256 value) internal pure returns (int24 downcasted) {
        downcasted = int24(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(24, value);
        }
    }

    /**
     * @dev Returns the downcasted int16 from int256, reverting on
     * overflow (when the input is less than smallest int16 or
     * greater than largest int16).
     *
     * Counterpart to Solidity's `int16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     */
    function toInt16(int256 value) internal pure returns (int16 downcasted) {
        downcasted = int16(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(16, value);
        }
    }

    /**
     * @dev Returns the downcasted int8 from int256, reverting on
     * overflow (when the input is less than smallest int8 or
     * greater than largest int8).
     *
     * Counterpart to Solidity's `int8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits
     */
    function toInt8(int256 value) internal pure returns (int8 downcasted) {
        downcasted = int8(value);
        if (downcasted != value) {
            revert SafeCastOverflowedIntDowncast(8, value);
        }
    }

    /**
     * @dev Converts an unsigned uint256 into a signed int256.
     *
     * Requirements:
     *
     * - input must be less than or equal to maxInt256.
     */
    function toInt256(uint256 value) internal pure returns (int256) {
        // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
        if (value > uint256(type(int256).max)) {
            revert SafeCastOverflowedUintToInt(value);
        }
        return int256(value);
    }

    /**
     * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.
     */
    function toUint(bool b) internal pure returns (uint256 u) {
        assembly ("memory-safe") {
            u := iszero(iszero(b))
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)

pragma solidity ^0.8.20;

/**
 * @dev Helper library for emitting standardized panic codes.
 *
 * ```solidity
 * contract Example {
 *      using Panic for uint256;
 *
 *      // Use any of the declared internal constants
 *      function foo() { Panic.GENERIC.panic(); }
 *
 *      // Alternatively
 *      function foo() { Panic.panic(Panic.GENERIC); }
 * }
 * ```
 *
 * Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].
 *
 * _Available since v5.1._
 */
// slither-disable-next-line unused-state
library Panic {
    /// @dev generic / unspecified error
    uint256 internal constant GENERIC = 0x00;
    /// @dev used by the assert() builtin
    uint256 internal constant ASSERT = 0x01;
    /// @dev arithmetic underflow or overflow
    uint256 internal constant UNDER_OVERFLOW = 0x11;
    /// @dev division or modulo by zero
    uint256 internal constant DIVISION_BY_ZERO = 0x12;
    /// @dev enum conversion error
    uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;
    /// @dev invalid encoding in storage
    uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;
    /// @dev empty array pop
    uint256 internal constant EMPTY_ARRAY_POP = 0x31;
    /// @dev array out of bounds access
    uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;
    /// @dev resource error (too large allocation or too large array)
    uint256 internal constant RESOURCE_ERROR = 0x41;
    /// @dev calling invalid internal function
    uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;

    /// @dev Reverts with a panic code. Recommended to use with
    /// the internal constants with predefined codes.
    function panic(uint256 code) internal pure {
        assembly ("memory-safe") {
            mstore(0x00, 0x4e487b71)
            mstore(0x20, code)
            revert(0x1c, 0x24)
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.

pragma solidity ^0.8.20;

/**
 * @dev Library for reading and writing primitive types to specific storage slots.
 *
 * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
 * This library helps with reading and writing to such slots without the need for inline assembly.
 *
 * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
 *
 * Example usage to set ERC-1967 implementation slot:
 * ```solidity
 * contract ERC1967 {
 *     // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.
 *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
 *
 *     function _getImplementation() internal view returns (address) {
 *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
 *     }
 *
 *     function _setImplementation(address newImplementation) internal {
 *         require(newImplementation.code.length > 0);
 *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
 *     }
 * }
 * ```
 *
 * TIP: Consider using this library along with {SlotDerivation}.
 */
library StorageSlot {
    struct AddressSlot {
        address value;
    }

    struct BooleanSlot {
        bool value;
    }

    struct Bytes32Slot {
        bytes32 value;
    }

    struct Uint256Slot {
        uint256 value;
    }

    struct Int256Slot {
        int256 value;
    }

    struct StringSlot {
        string value;
    }

    struct BytesSlot {
        bytes value;
    }

    /**
     * @dev Returns an `AddressSlot` with member `value` located at `slot`.
     */
    function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns a `BooleanSlot` with member `value` located at `slot`.
     */
    function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns a `Bytes32Slot` with member `value` located at `slot`.
     */
    function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns a `Uint256Slot` with member `value` located at `slot`.
     */
    function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns a `Int256Slot` with member `value` located at `slot`.
     */
    function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns a `StringSlot` with member `value` located at `slot`.
     */
    function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
     */
    function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
        assembly ("memory-safe") {
            r.slot := store.slot
        }
    }

    /**
     * @dev Returns a `BytesSlot` with member `value` located at `slot`.
     */
    function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
        assembly ("memory-safe") {
            r.slot := slot
        }
    }

    /**
     * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
     */
    function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
        assembly ("memory-safe") {
            r.slot := store.slot
        }
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    ERC20Upgradeable
} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";

/**
 * @title Alpha - ERC20 token implementation for Bridge clones
 * @author VoiAI
 * @notice Non-upgradeable minimal proxy token with mint, burn, and updatable name/symbol
 */
contract Alpha is Initializable, ERC20Upgradeable, AccessControlUpgradeable {
    uint8 private _tokenDecimals;
    string private _customName;
    string private _customSymbol;

    /**
     * @dev The CCIPAdmin can be used to register with the CCIP token admin registry,
     * but has no other special powers, and can only be transferred by the admin.
     */
    address internal _ccipAdmin;

    /// @notice Role allowed to manage subnet creation and minting
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");

    /// @notice Role used to identify valid signers for off-chain authorizations
    bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");

    /// @notice Role for router operations
    bytes32 public constant BURNER_ROLE = keccak256("BURNER_ROLE");

    /// @notice Emitted when the CCIPAdmin address changes
    event CCIPAdminTransferred(
        address indexed previousAdmin,
        address indexed newAdmin
    );

    /**
     * @dev Prevents implementation contract from being initialized
     * @dev This must remain in the implementation contract deployed to the network. Proxy will call initialize().
     * @custom:oz-upgrades-unsafe-allow constructor
     */
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initialize the Alpha token (called once per clone)
     * @dev Sets token metadata, decimals, and access roles.
     * @param name_ Initial token name
     * @param symbol_ Initial token symbol
     * @param decimals_ Token decimals
     * @param owner_ Address that will receive MINTER_ROLE, BURNER_ROLE, and ADMIN_ROLE (typically Bridge contract)
     * @param admin_ Address that will receive the DEFAULT_ADMIN_ROLE (typically admin address)
     */
    function initialize(
        string calldata name_,
        string calldata symbol_,
        uint8 decimals_,
        address owner_,
        address admin_
    ) external initializer {
        require(owner_ != address(0), "Owner cannot be zero address");
        require(admin_ != address(0), "Admin cannot be zero address");

        __ERC20_init(name_, symbol_);
        __AccessControl_init();

        _grantRole(DEFAULT_ADMIN_ROLE, admin_);
        _grantRole(ADMIN_ROLE, owner_);

        // Grant minter and burner roles (typically to Bridge contract)
        _grantRole(MINTER_ROLE, owner_);
        _grantRole(BURNER_ROLE, owner_);

        _tokenDecimals = decimals_;
        _customName = name_;
        _customSymbol = symbol_;
    }

    /**
     * @notice Mint new tokens
     * @dev Only callable by addresses with MINTER_ROLE
     * @param to Recipient address
     * @param amount Amount of tokens to mint
     */
    function mint(address to, uint256 amount) external onlyRole(MINTER_ROLE) {
        _mint(to, amount);
    }

    /**
     * @notice Burn tokens from an address
     * @dev Only callable by addresses with BURNER_ROLE
     * @param from Address whose tokens will be burned
     * @param amount Amount of tokens to burn
     */
    function burn(address from, uint256 amount) external onlyRole(BURNER_ROLE) {
        _burn(from, amount);
    }

    /**
     * @notice Update token name and symbol
     * @dev Only callable by an address with DEFAULT_ADMIN_ROLE
     * @param newName New token name
     * @param newSymbol New token symbol
     */
    function updateNameAndSymbol(
        string calldata newName,
        string calldata newSymbol
    ) external onlyRole(ADMIN_ROLE) {
        _customName = newName;
        _customSymbol = newSymbol;
    }

    /**
     * @notice Returns token decimals
     * @return tokenDecimals The number of decimals used
     */
    function decimals() public view override returns (uint8 tokenDecimals) {
        return _tokenDecimals;
    }

    /**
     * @notice Returns token name
     * @return tokenName The current token name
     */
    function name() public view override returns (string memory tokenName) {
        return _customName;
    }

    /**
     * @notice Returns token symbol
     * @return tokenSymbol The current token symbol
     */
    function symbol() public view override returns (string memory tokenSymbol) {
        return _customSymbol;
    }

    /**
     * @notice Grants both mint and burn roles to `burnAndMinter`.
     * @dev Caller must have DEFAULT_ADMIN_ROLE.
     */
    function grantMintAndBurnRoles(
        address burnAndMinter
    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
        grantRole(MINTER_ROLE, burnAndMinter);
        grantRole(BURNER_ROLE, burnAndMinter);
    }

    /// @notice Returns the current CCIPAdmin
    function getCCIPAdmin() external view virtual returns (address) {
        return _ccipAdmin;
    }

    /**
     * @notice Transfers the CCIPAdmin role to a new address
     * @dev Only the admin (DEFAULT_ADMIN_ROLE) can call this function.
     * Setting the new admin to address(0) is valid and revokes the role.
     * @param newAdmin The address to transfer the CCIPAdmin role to.
     */
    function setCCIPAdmin(
        address newAdmin
    ) external virtual onlyRole(DEFAULT_ADMIN_ROLE) {
        address currentAdmin = _ccipAdmin;
        _ccipAdmin = newAdmin;
        emit CCIPAdminTransferred(currentAdmin, newAdmin);
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    ReentrancyGuardUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {
    UpgradeableBeacon
} from "@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol";
import {
    BeaconProxy
} from "@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol";
import {Alpha} from "./Alpha.sol";

// Custom Errors
error ZeroAddress();
error EmptyString();
error AlphaExists();
error InvalidDecimals();

/// @title AlphaFactory
/// @author VoidAI
/// @notice Factory contract for deploying Alpha tokens on EVM chains
/// @dev UUPS-upgradeable factory using beacon proxy pattern for upgradeable Alpha tokens
contract AlphaFactory is
    Initializable,
    AccessControlUpgradeable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable,
    PausableUpgradeable
{
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
    bytes32 public constant DEPLOYER_ROLE = keccak256("DEPLOYER_ROLE");

    /// @notice Upgradeable beacon for Alpha implementations
    UpgradeableBeacon public alphaBeacon;

    /// @notice Array of all deployed Alpha tokens
    address[] public allAlphas;

    /// @notice Mapping from symbol to Alpha token address
    mapping(string => address) public alphaBySymbol;

    /// @notice Emitted when a new Alpha token is deployed
    event AlphaDeployed(
        address indexed alphaAddress,
        string name,
        string symbol,
        uint8 decimals,
        address indexed owner,
        address indexed admin
    );

    /// @notice Emitted when multiple Alpha tokens are deployed
    event MultipleAlphasDeployed(uint256 count, address indexed deployer);

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initializes the AlphaFactory contract
     * @param adminAddress Admin address
     * @param alphaImplAddress Alpha implementation contract address
     */
    function initialize(
        address adminAddress,
        address alphaImplAddress
    ) external initializer {
        if (adminAddress == address(0)) revert ZeroAddress();
        if (alphaImplAddress == address(0)) revert ZeroAddress();

        __AccessControl_init();
        __UUPSUpgradeable_init();
        __ReentrancyGuard_init();
        __Pausable_init();

        _grantRole(DEFAULT_ADMIN_ROLE, adminAddress);
        _grantRole(ADMIN_ROLE, adminAddress);
        _grantRole(DEPLOYER_ROLE, adminAddress);

        // Deploy the upgradeable beacon with this contract as owner
        alphaBeacon = new UpgradeableBeacon(alphaImplAddress, address(this));
    }

    /**
     * @notice Deploy a single Alpha token
     * @param name_ Token name
     * @param symbol_ Token symbol
     * @param decimals_ Token decimals
     * @param owner_ Address that will receive MINTER_ROLE and BURNER_ROLE
     * @param admin_ Address that will receive DEFAULT_ADMIN_ROLE
     * @return alphaAddress Address of the deployed Alpha token
     */
    function deployAlpha(
        string calldata name_,
        string calldata symbol_,
        uint8 decimals_,
        address owner_,
        address admin_
    )
        external
        nonReentrant
        whenNotPaused
        onlyRole(DEPLOYER_ROLE)
        returns (address alphaAddress)
    {
        if (bytes(name_).length == 0) revert EmptyString();
        if (bytes(symbol_).length == 0) revert EmptyString();
        if (owner_ == address(0)) revert ZeroAddress();
        if (admin_ == address(0)) revert ZeroAddress();
        if (alphaBySymbol[symbol_] != address(0)) revert AlphaExists();
        if (decimals_ == 0) revert InvalidDecimals();

        alphaAddress = _deployAlpha(name_, symbol_, decimals_, owner_, admin_);
    }

    /**
     * @notice Deploy multiple Alpha tokens in a single transaction
     * @param names_ Array of token names
     * @param symbols_ Array of token symbols
     * @param decimals_ Array of token decimals
     * @param owners_ Array of owner addresses
     * @param admins_ Array of admin addresses
     * @return alphaAddresses Array of deployed Alpha token addresses
     */
    function deployMultipleAlphas(
        string[] calldata names_,
        string[] calldata symbols_,
        uint8[] calldata decimals_,
        address[] calldata owners_,
        address[] calldata admins_
    )
        external
        nonReentrant
        whenNotPaused
        onlyRole(DEPLOYER_ROLE)
        returns (address[] memory alphaAddresses)
    {
        uint256 length = names_.length;
        require(
            length == symbols_.length &&
                length == decimals_.length &&
                length == owners_.length &&
                length == admins_.length,
            "Length mismatch"
        );

        alphaAddresses = new address[](length);

        for (uint256 i = 0; i < length; i++) {
            if (bytes(names_[i]).length == 0) revert EmptyString();
            if (bytes(symbols_[i]).length == 0) revert EmptyString();
            if (owners_[i] == address(0)) revert ZeroAddress();
            if (admins_[i] == address(0)) revert ZeroAddress();
            if (alphaBySymbol[symbols_[i]] != address(0)) revert AlphaExists();
            if (decimals_[i] == 0) revert InvalidDecimals();

            alphaAddresses[i] = _deployAlpha(
                names_[i],
                symbols_[i],
                decimals_[i],
                owners_[i],
                admins_[i]
            );
        }

        emit MultipleAlphasDeployed(length, msg.sender);
    }

    /**
     * @notice Get Alpha token address by symbol
     * @param symbol_ Token symbol to query
     * @return Alpha token address (address(0) if not found)
     */
    function getAlphaBySymbol(
        string memory symbol_
    ) external view returns (address) {
        return alphaBySymbol[symbol_];
    }

    /**
     * @notice Get all deployed Alpha token addresses
     * @return Array of all deployed Alpha addresses
     */
    function getAllAlphas() external view returns (address[] memory) {
        return allAlphas;
    }

    /**
     * @notice Get total number of deployed Alpha tokens
     * @return Total count of deployed Alphas
     */
    function getAlphaCount() external view returns (uint256) {
        return allAlphas.length;
    }

    /**
     * @notice Upgrade the Alpha implementation for all deployed Alpha tokens
     * @param newImplementation New Alpha implementation address
     */
    function upgradeAlphaImplementation(
        address newImplementation
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        if (newImplementation == address(0)) revert ZeroAddress();
        alphaBeacon.upgradeTo(newImplementation);
    }

    /**
     * @notice Get the current Alpha implementation address
     * @return Current implementation address from the beacon
     */
    function getAlphaImplementation() external view returns (address) {
        return alphaBeacon.implementation();
    }

    /**
     * @notice Get the Alpha beacon address
     * @return Address of the upgradeable beacon
     */
    function getAlphaBeacon() external view returns (address) {
        return address(alphaBeacon);
    }

    /**
     * @notice Pause contract operations
     */
    function pause() external onlyRole(ADMIN_ROLE) {
        _pause();
    }

    /**
     * @notice Unpause contract operations
     */
    function unpause() external onlyRole(ADMIN_ROLE) {
        _unpause();
    }

    /**
     * @notice Internal function to deploy Alpha token
     * @param name_ Token name
     * @param symbol_ Token symbol
     * @param decimals_ Token decimals
     * @param owner_ Minter address
     * @param admin_ Admin address
     * @return alphaAddress Address of deployed Alpha
     */
    function _deployAlpha(
        string calldata name_,
        string calldata symbol_,
        uint8 decimals_,
        address owner_,
        address admin_
    ) internal returns (address alphaAddress) {
        bytes memory initData = abi.encodeWithSelector(
            Alpha.initialize.selector,
            name_,
            symbol_,
            decimals_,
            owner_,
            admin_
        );

        BeaconProxy proxy = new BeaconProxy(address(alphaBeacon), initData);
        alphaAddress = address(proxy);

        allAlphas.push(alphaAddress);
        alphaBySymbol[symbol_] = alphaAddress;

        emit AlphaDeployed(
            alphaAddress,
            name_,
            symbol_,
            decimals_,
            owner_,
            admin_
        );
    }

    /**
     * @notice Authorizes contract upgrades
     * @dev Required by UUPSUpgradeable
     * @param newImplementation Address of new implementation
     */
    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(ADMIN_ROLE) {}
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";

import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";

// Alpha Token implementation
import {Alpha} from "./Alpha.sol";
// Signature verificaton library
import {ECDSALib} from "./ECDSALib.sol";
// Interface of Bridge contract
import {IBridge} from "./interface/IBridge.sol";

// Custom Errors
error NonceAlreadyUsed();
error SignatureExpired();
error InvalidSigner();
error ZeroAddress();
error InvalidAmount();
error InvalidSubnet();
error DisabledSubnet();
error InvalidRequestId();
error EmptyString();
error InvalidChain();
error InvalidOwner();
error InvalidAdmin();

/// @title Bridge
/// @author VoidAI
/// @notice Deploys & manages subnet tokens ("Alpha" clones)
/// @dev Upgradeable via UUPS, uses minimal proxy pattern for child tokens
contract Bridge is
    Initializable,
    AccessControlUpgradeable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable,
    PausableUpgradeable,
    IBridge
{
    using Clones for address;

    /// @notice Adds ECDSA functions to bytes32 for signature verification.
    using ECDSALib for bytes32;

    /// @notice Role allowed to manage subnet creation and minting
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");

    /// @notice Role used to identify valid signers for off-chain authorizations
    bytes32 public constant SIGNER_ROLE = keccak256("SIGNER_ROLE");

    /// @notice Role for router operations
    bytes32 public constant ROUTER_ROLE = keccak256("ROUTER_ROLE");

    /// @notice Fixed decimals used for all Alpha tokens
    uint8 public constant DECIMAL = 9;

    /// @notice Base implementation of Alpha (used for cloning)
    address public alphaImplementation;

    /// @notice Internal counters for mint request ID
    uint256 public mintRequestIdCounter;

    /// @notice Internal counters for Burn request ID
    uint256 public burnRequestIdCounter;

    /// @notice Internal counters for Refund request ID
    uint256 public refundRequestIdCounter;

    /// @notice Internal counters for Router Mint request ID
    uint256 public routerMintedCounter;

    /// @notice Internal counters for Router Burn request ID
    uint256 public routerBurnedCounter;

    /// @notice Per-subnet supply tracking: subnetId => total supply
    mapping(uint16 => uint256) public subnetSupply;

    /// @notice Per-subnet router minted tracking: subnetId => total minted by router
    mapping(uint16 => uint256) public subnetRouterMinted;

    /// @notice Per-subnet router burned tracking: subnetId => total burned by router
    mapping(uint16 => uint256) public subnetRouterBurned;

    /// @notice Mapping to store subnet token details
    mapping(uint16 => SubnetDetails) public subnetDetails;

    /// @notice Store MintRequest details by nonce
    mapping(uint256 => MintRequest) public mintDetails;

    /// @notice Store BurnRequest details by requestId
    mapping(uint256 => BurnRequest) public burnDetails;

    /// @notice Store RefundRequest details by requestId
    mapping(uint256 => RefundRequest) public refundDetails;

    /// @notice Store RouterMintRequest details by requestId
    mapping(uint256 => RouterMintRequest) public routerMintDetails;

    /// @notice Store RouterBurnRequest details by requestId
    mapping(uint256 => RouterBurnRequest) public routerBurnDetails;

    /// @notice Mapping to store used nonces
    mapping(uint256 => bool) public usedNonces;

    /**
     * @notice Disables initializers on the implementation contract to prevent direct initialization.
     * @dev This must remain in the implementation contract deployed to the network. Proxy will call initialize().
     * @custom:oz-upgrades-unsafe-allow constructor
     */
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initializes the Bridge contract
     * @dev Sets roles and deploys the default Wrapped TAO subnet (id=0)
     * @param adminAddress Admin with DEFAULT_ADMIN_ROLE and ADMIN_ROLE
     * @param alphaImplAddress Alpha token implementation (logic contract)
     * @param signerAddress Signer with SIGNER_ROLE for burn authorization
     */
    function initialize(
        address adminAddress,
        address alphaImplAddress,
        address signerAddress
    ) external initializer {
        if (adminAddress == address(0)) revert ZeroAddress();
        if (alphaImplAddress == address(0)) revert ZeroAddress();
        if (signerAddress == address(0)) revert ZeroAddress();

        __AccessControl_init();
        __UUPSUpgradeable_init();
        __ReentrancyGuard_init();
        __Pausable_init();

        _grantRole(DEFAULT_ADMIN_ROLE, adminAddress);
        _grantRole(ADMIN_ROLE, adminAddress);
        _grantRole(SIGNER_ROLE, signerAddress);

        alphaImplementation = alphaImplAddress; // set Implementation contract
        _deploySubnetToken(0, "Wrapped TAO", "xTAO", adminAddress);
    }

    /**
     * @notice Add a new subnet token
     * @dev Deploys a new Alpha clone and stores its details
     * @param subnetId Unique subnet identifier
     * @param name_ Token name (must be non-empty)
     * @param symbol_ Token symbol (must be non-empty)
     */
    function addSubnetToken(
        uint16 subnetId,
        string calldata name_,
        string calldata symbol_,
        address adminAddress
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        if (subnetId == 0) revert InvalidSubnet();
        if (bytes(name_).length == 0) revert EmptyString();
        if (bytes(symbol_).length == 0) revert EmptyString();
        if (adminAddress == address(0)) revert InvalidAdmin();
        if (subnetDetails[subnetId].token != address(0)) revert InvalidSubnet();
        if (adminAddress == address(0)) revert InvalidAdmin();
        _deploySubnetToken(subnetId, name_, symbol_, adminAddress);
    }

    /**
     * @notice Enable or disable an existing subnet
     * @dev Only callable by ADMIN_ROLE
     * @param subnetId Subnet ID
     * @param status Boolean flag for enabling/disabling
     */
    function updateSubnetStatus(
        uint16 subnetId,
        bool status
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        SubnetDetails storage subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        subnet.status = status;

        emit SubnetStatusUpdated(subnetId, status);
    }

    /**
     * @notice Mint tokens for a subnet with signature validation
     * @dev Records mint request and mints via subnet Alpha clone; prevents replay via nonce
     * @param encodedData ABI-encoded mint request (subnetId, receiver, amount, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function mint(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        ) = _mintTokens(encodedData, signature);

        unchecked {
            mintRequestIdCounter++;
            subnetSupply[subnetId] += amount;
        }

        MintRequest memory request = MintRequest({
            subnetId: subnetId,
            receiver: receiver,
            amount: amount,
            mintRequestId: mintRequestIdCounter,
            bittensorAddress: bittensorAddress,
            identifier: identifier,
            chainId: chainId
        });

        mintDetails[mintRequestIdCounter] = request;

        emit TokenMinted(request);
    }

    /**
     * @notice Refund tokens for a subnet with signature validation
     * @dev Records refund request and mints via subnet Alpha clone; prevents replay via nonce
     * @param encodedData ABI-encoded refund request (subnetId, receiver, amount, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function refund(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        ) = _mintTokens(encodedData, signature);

        unchecked {
            refundRequestIdCounter++;
            subnetSupply[subnetId] += amount;
        }

        RefundRequest memory request = RefundRequest({
            subnetId: subnetId,
            receiver: receiver,
            amount: amount,
            refundRequestId: refundRequestIdCounter,
            bittensorAddress: bittensorAddress,
            identifier: identifier,
            chainId: chainId
        });

        refundDetails[refundRequestIdCounter] = request;
        emit TokenRefunded(request);
    }

    /**
     * @notice Mint tokens by router
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param receiver Address that will receive tokens
     * @param amount Amount to mint
     */
    function mintByRouter(
        uint16 subnetId,
        address receiver,
        uint256 amount
    ) external nonReentrant whenNotPaused onlyRole(ROUTER_ROLE) {
        if (receiver == address(0)) revert ZeroAddress();
        if (amount == 0) revert InvalidAmount();

        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        unchecked {
            routerMintedCounter++;
            subnetSupply[subnetId] += amount;
            subnetRouterMinted[subnetId] += amount;
        }

        RouterMintRequest memory request = RouterMintRequest({
            subnetId: subnetId,
            receiver: receiver,
            amount: amount,
            routerMintRequestId: routerMintedCounter
        });

        routerMintDetails[routerMintedCounter] = request;

        Alpha(subnet.token).mint(receiver, amount);

        emit RouterMinted(request);
    }

    /**
     * @notice Burn tokens through router role
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param amount Amount to burn from user
     * @param user User whose tokens are burned
     */
    function burnByRouter(
        uint16 subnetId,
        uint256 amount,
        address user
    ) external nonReentrant whenNotPaused onlyRole(ROUTER_ROLE) {
        if (user == address(0)) revert ZeroAddress();
        if (amount == 0) revert InvalidAmount();

        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        // Check per-subnet supply before burning
        if (subnetSupply[subnetId] < amount) revert InvalidAmount();

        unchecked {
            routerBurnedCounter++;
            subnetSupply[subnetId] -= amount;
            subnetRouterBurned[subnetId] += amount;
        }

        RouterBurnRequest memory request = RouterBurnRequest({
            subnetId: subnetId,
            burner: user,
            amount: amount,
            routerBurnRequestId: routerBurnedCounter
        });

        routerBurnDetails[routerBurnedCounter] = request;

        Alpha(subnet.token).burn(user, amount);

        emit RouterBurned(request);
    }

    /**
     * @notice Burn subnet tokens with signature validation
     * @dev Requires valid signature from SIGNER_ROLE; prevents replay via nonce
     * @param encodedData ABI-encoded burn request (amount, subnetId, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function burn(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint256 amount,
            uint16 subnetId,
            uint256 expiry,
            uint256 nonce,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        ) = abi.decode(
                encodedData,
                (uint256, uint16, uint256, uint256, string, string, uint256)
            );

        if (amount == 0) revert InvalidAmount();
        if (bytes(bittensorAddress).length == 0) revert EmptyString();
        if (bytes(identifier).length == 0) revert EmptyString();
        if (chainId == 0) revert InvalidChain();

        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        _verifySignature(
            encodedData,
            signature,
            expiry,
            nonce,
            SIGNER_ROLE,
            chainId
        );

        usedNonces[nonce] = true;

        // Check per-subnet supply before burning
        if (subnetSupply[subnetId] < amount) revert InvalidAmount();

        unchecked {
            burnRequestIdCounter++;
            subnetSupply[subnetId] -= amount;
        }
        BurnRequest memory request = BurnRequest({
            subnetId: subnetId,
            burner: msg.sender,
            amount: amount,
            burnRequestId: burnRequestIdCounter,
            bittensorAddress: bittensorAddress,
            identifier: identifier,
            chainId: chainId
        });

        burnDetails[burnRequestIdCounter] = request;

        Alpha(subnet.token).burn(msg.sender, amount);

        emit TokenBurned(request);
    }

    /**
     * @notice Update token metadata (name & symbol) for a given subnet
     * @dev Calls Alpha clone's `updateNameAndSymbol` function
     * @param subnetId Subnet ID whose token metadata will be updated
     * @param newName New token name
     * @param newSymbol New token symbol
     */
    function updateTokenMetadata(
        uint16 subnetId,
        string calldata newName,
        string calldata newSymbol
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        SubnetDetails storage subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (bytes(newName).length == 0) revert EmptyString();
        if (bytes(newSymbol).length == 0) revert EmptyString();

        subnet.name = newName;
        subnet.symbol = newSymbol;

        Alpha(subnet.token).updateNameAndSymbol(newName, newSymbol);

        emit SubnetMetadataUpdated(subnetId, newName, newSymbol);
    }

    /**
     * @notice Update the Alpha implementation contract
     * @dev Only callable by ADMIN_ROLE. Future subnets will use the new implementation.
     * @param newImplementation New Alpha implementation contract address
     */
    function updateAlphaImplementation(
        address newImplementation
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        if (newImplementation == address(0)) revert ZeroAddress();
        alphaImplementation = newImplementation;
    }

    /**
     * @notice Pauses contract (only owner)
     */
    function pause() external onlyRole(ADMIN_ROLE) {
        _pause();
    }

    /**
     * @notice Unpauses contract (only owner)
     */
    function unpause() external onlyRole(ADMIN_ROLE) {
        _unpause();
    }

    /**
     * @notice Internal function to handle token minting logic
     * @dev Contains the core minting logic used by both mint and refund functions
     * @param encodedData ABI-encoded request (subnetId, receiver, amount, expiry, nonce, bittensorAddress, identifier)
     * @param signature Signature for verification
     * @return subnetId Subnet identifier
     * @return receiver Address that will receive tokens
     * @return amount Amount to mint
     * @return bittensorAddress Associated external identifier
     * @return identifier Associated external identifier
     */
    function _mintTokens(
        bytes calldata encodedData,
        bytes calldata signature
    )
        internal
        returns (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        )
    {
        uint256 expiry;
        uint256 nonce;

        (
            subnetId,
            receiver,
            amount,
            expiry,
            nonce,
            bittensorAddress,
            identifier,
            chainId
        ) = abi.decode(
            encodedData,
            (
                uint16,
                address,
                uint256,
                uint256,
                uint256,
                string,
                string,
                uint256
            )
        );

        if (receiver == address(0)) revert ZeroAddress();
        if (amount == 0) revert InvalidAmount();
        if (bytes(bittensorAddress).length == 0) revert EmptyString();
        if (bytes(identifier).length == 0) revert EmptyString();
        if (chainId == 0) revert InvalidChain();
        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        // verify signature (reverts on expiry/used nonce/invalid signer)
        _verifySignature(
            encodedData,
            signature,
            expiry,
            nonce,
            SIGNER_ROLE,
            chainId
        );

        // mark nonce used AFTER successful mint to avoid marking on failed external call
        usedNonces[nonce] = true;

        // mint on the subnet token
        Alpha(subnet.token).mint(receiver, amount);

        // return values expected by caller
        return (
            subnetId,
            receiver,
            amount,
            bittensorAddress,
            identifier,
            chainId
        );
    }

    /**
     * @notice Verifies the ECDSA signature for given data
     * @dev Verifies the validity of a signature and ensures it is not expired.
     * @param encodedData The original data that was signed.
     * @param signature The signature generated by signing the encoded data.
     * @param expiry The timestamp after which the signature becomes invalid.
     * @param nonce The unique number to avoid the use of encoded data and signature again.
     * @param role The role to verify the valid signer.
     */
    function _verifySignature(
        bytes memory encodedData,
        bytes memory signature,
        uint256 expiry,
        uint256 nonce,
        bytes32 role,
        uint256 chainId
    ) internal view {
        if (chainId == 0) revert InvalidChain();
        if (block.chainid != chainId) revert InvalidChain();
        if (block.timestamp > expiry) revert SignatureExpired();
        if (usedNonces[nonce]) revert NonceAlreadyUsed();
        bytes32 hash = keccak256(encodedData);
        address signer = hash.toEthSignedMessageHash().recover(signature);
        if (!hasRole(role, signer)) revert InvalidSigner();
    }

    /**
     * @notice Internal helper to deploy Alpha clones
     * @dev Used by `initialize` and `addSubnetToken`
     * @param subnetId Subnet ID
     * @param name_ Token name
     * @param symbol_ Token symbol
     * @param adminAddress Admin address for the token
     */
    function _deploySubnetToken(
        uint16 subnetId,
        string memory name_,
        string memory symbol_,
        address adminAddress
    ) internal {
        address clone = Clones.clone(alphaImplementation);
        subnetDetails[subnetId] = SubnetDetails({
            subnetId: subnetId,
            token: clone,
            name: name_,
            symbol: symbol_,
            status: true
        });

        Alpha(clone).initialize(
            name_,
            symbol_,
            DECIMAL,
            address(this),  // Bridge gets MINTER_ROLE and BURNER_ROLE
            adminAddress    // Admin gets DEFAULT_ADMIN_ROLE
        );

        emit SubnetTokenAdded(subnetDetails[subnetId]);
    }

    /**
     * @notice Authorizes contract upgrades
     * @dev Required by UUPSUpgradeable
     * @param newImplementation Address of new implementation
     */
    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(ADMIN_ROLE) {}
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    ReentrancyGuardUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";

import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";

// Alpha Token implementation
import {Alpha} from "./Alpha.sol";
// Signature verificaton library
import {ECDSALib} from "./ECDSALib.sol";
// Interface of Bridge contract
import {IBridge} from "./interface/IBridge.sol";

// Custom Errors
error NonceAlreadyUsed();
error SignatureExpired();
error InvalidSigner();
error ZeroAddress();
error InvalidAmount();
error InvalidSubnet();
error DisabledSubnet();
error InvalidRequestId();
error EmptyString();
error InvalidChain();
error InvalidOwner();
error InvalidAdmin();
error IdentifierAlreadyUsed();

/// @title BridgeV2
/// @author VoidAI
/// @notice Deploys & manages subnet tokens ("Alpha" clones)
/// @dev Upgradeable via UUPS, uses minimal proxy pattern for child tokens
contract BridgeV2 is
    Initializable,
    AccessControlUpgradeable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable,
    PausableUpgradeable,
    IBridge
{
    using Clones for address;

    /// @notice Adds ECDSA functions to bytes32 for signature verification.
    using ECDSALib for bytes32;

    /// @notice Role allowed to manage subnet creation and minting
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");

    /// @notice Role used to identify valid signers for off-chain authorizations
    bytes32 public constant SIGNER_ROLE = keccak256("SIGNER_ROLE");

    /// @notice Role for router operations
    bytes32 public constant ROUTER_ROLE = keccak256("ROUTER_ROLE");

    /// @notice Fixed decimals used for all Alpha tokens
    uint8 public constant DECIMAL = 9;

    /// @notice Base implementation of Alpha (used for cloning)
    address public alphaImplementation;

    /// @notice Internal counters for mint request ID
    uint256 public mintRequestIdCounter;

    /// @notice Internal counters for Burn request ID
    uint256 public burnRequestIdCounter;

    /// @notice Internal counters for Refund request ID
    uint256 public refundRequestIdCounter;

    /// @notice Internal counters for Router Mint request ID
    uint256 public routerMintedCounter;

    /// @notice Internal counters for Router Burn request ID
    uint256 public routerBurnedCounter;

    /// @notice Per-subnet supply tracking: subnetId => total supply
    mapping(uint16 => uint256) public subnetSupply;

    /// @notice Per-subnet router minted tracking: subnetId => total minted by router
    mapping(uint16 => uint256) public subnetRouterMinted;

    /// @notice Per-subnet router burned tracking: subnetId => total burned by router
    mapping(uint16 => uint256) public subnetRouterBurned;

    /// @notice Mapping to store subnet token details
    mapping(uint16 => SubnetDetails) public subnetDetails;

    /// @notice Store MintRequest details by nonce
    mapping(uint256 => MintRequest) public mintDetails;

    /// @notice Store BurnRequest details by requestId
    mapping(uint256 => BurnRequest) public burnDetails;

    /// @notice Store RefundRequest details by requestId
    mapping(uint256 => RefundRequest) public refundDetails;

    /// @notice Store RouterMintRequest details by requestId
    mapping(uint256 => RouterMintRequest) public routerMintDetails;

    /// @notice Store RouterBurnRequest details by requestId
    mapping(uint256 => RouterBurnRequest) public routerBurnDetails;

    /// @notice Mapping to store used nonces (deprecated, kept for storage compatibility)
    mapping(uint256 => bool) public usedNonces;

    /// @notice Mapping to store processed transaction identifiers
    mapping(bytes32 => bool) public isIdentifierUsed;

    /**
     * @notice Disables initializers on the implementation contract to prevent direct initialization.
     * @dev This must remain in the implementation contract deployed to the network. Proxy will call initialize().
     * @custom:oz-upgrades-unsafe-allow constructor
     */
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initializes the Bridge contract
     * @dev Sets roles and deploys the default Wrapped TAO subnet (id=0)
     * @param adminAddress Admin with DEFAULT_ADMIN_ROLE and ADMIN_ROLE
     * @param alphaImplAddress Alpha token implementation (logic contract)
     * @param signerAddress Signer with SIGNER_ROLE for burn authorization
     */
    function initialize(
        address adminAddress,
        address alphaImplAddress,
        address signerAddress
    ) external initializer {
        if (adminAddress == address(0)) revert ZeroAddress();
        if (alphaImplAddress == address(0)) revert ZeroAddress();
        if (signerAddress == address(0)) revert ZeroAddress();

        __AccessControl_init();
        __UUPSUpgradeable_init();
        __ReentrancyGuard_init();
        __Pausable_init();

        _grantRole(DEFAULT_ADMIN_ROLE, adminAddress);
        _grantRole(ADMIN_ROLE, adminAddress);
        _grantRole(SIGNER_ROLE, signerAddress);

        alphaImplementation = alphaImplAddress; // set Implementation contract
        _deploySubnetToken(0, "Wrapped TAO", "xTAO", adminAddress);
    }

    /**
     * @notice Add a new subnet token
     * @dev Deploys a new Alpha clone and stores its details
     * @param subnetId Unique subnet identifier
     * @param name_ Token name (must be non-empty)
     * @param symbol_ Token symbol (must be non-empty)
     */
    function addSubnetToken(
        uint16 subnetId,
        string calldata name_,
        string calldata symbol_,
        address adminAddress
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        if (subnetId == 0) revert InvalidSubnet();
        if (bytes(name_).length == 0) revert EmptyString();
        if (bytes(symbol_).length == 0) revert EmptyString();
        if (subnetDetails[subnetId].token != address(0)) revert InvalidSubnet();
        if (adminAddress == address(0)) revert InvalidAdmin();
        _deploySubnetToken(subnetId, name_, symbol_, adminAddress);
    }

    /**
     * @notice Enable or disable an existing subnet
     * @dev Only callable by ADMIN_ROLE
     * @param subnetId Subnet ID
     * @param status Boolean flag for enabling/disabling
     */
    function updateSubnetStatus(
        uint16 subnetId,
        bool status
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        SubnetDetails storage subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        subnet.status = status;

        emit SubnetStatusUpdated(subnetId, status);
    }

    /**
     * @notice Mint tokens for a subnet with signature validation
     * @dev Records mint request and mints via subnet Alpha clone; prevents replay via identifier
     * @param encodedData ABI-encoded mint request (subnetId, receiver, amount, expiry, nonce, bittensorAddress, identifier)
     * @param signature Signed message from signer
     */
    function mint(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        ) = _mintTokens(encodedData, signature);

        unchecked {
            mintRequestIdCounter++;
            subnetSupply[subnetId] += amount;
        }

        MintRequest memory request = MintRequest({
            subnetId: subnetId,
            receiver: receiver,
            amount: amount,
            mintRequestId: mintRequestIdCounter,
            bittensorAddress: bittensorAddress,
            identifier: identifier,
            chainId: chainId
        });

        mintDetails[mintRequestIdCounter] = request;

        emit TokenMinted(request);
    }

    /**
     * @notice Refund tokens for a subnet with signature validation
     * @dev Records refund request and mints via subnet Alpha clone; prevents replay via identifier
     * @param encodedData ABI-encoded refund request (subnetId, receiver, amount, expiry, nonce, bittensorAddress, identifier)
     * @param signature Signed message from signer
     */
    function refund(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        ) = _mintTokens(encodedData, signature);

        unchecked {
            refundRequestIdCounter++;
            subnetSupply[subnetId] += amount;
        }

        RefundRequest memory request = RefundRequest({
            subnetId: subnetId,
            receiver: receiver,
            amount: amount,
            refundRequestId: refundRequestIdCounter,
            bittensorAddress: bittensorAddress,
            identifier: identifier,
            chainId: chainId
        });

        refundDetails[refundRequestIdCounter] = request;
        emit TokenRefunded(request);
    }

    /**
     * @notice Mint tokens by router
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param receiver Address that will receive tokens
     * @param amount Amount to mint
     */
    function mintByRouter(
        uint16 subnetId,
        address receiver,
        uint256 amount
    ) external nonReentrant whenNotPaused onlyRole(ROUTER_ROLE) {
        if (receiver == address(0)) revert ZeroAddress();
        if (amount == 0) revert InvalidAmount();

        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        unchecked {
            routerMintedCounter++;
            subnetSupply[subnetId] += amount;
            subnetRouterMinted[subnetId] += amount;
        }

        RouterMintRequest memory request = RouterMintRequest({
            subnetId: subnetId,
            receiver: receiver,
            amount: amount,
            routerMintRequestId: routerMintedCounter
        });

        routerMintDetails[routerMintedCounter] = request;

        Alpha(subnet.token).mint(receiver, amount);

        emit RouterMinted(request);
    }

    /**
     * @notice Burn tokens through router role
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param amount Amount to burn from user
     * @param user User whose tokens are burned
     */
    function burnByRouter(
        uint16 subnetId,
        uint256 amount,
        address user
    ) external nonReentrant whenNotPaused onlyRole(ROUTER_ROLE) {
        if (user == address(0)) revert ZeroAddress();
        if (amount == 0) revert InvalidAmount();

        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        // Check per-subnet supply before burning
        if (subnetSupply[subnetId] < amount) revert InvalidAmount();

        unchecked {
            routerBurnedCounter++;
            subnetSupply[subnetId] -= amount;
            subnetRouterBurned[subnetId] += amount;
        }

        RouterBurnRequest memory request = RouterBurnRequest({
            subnetId: subnetId,
            burner: user,
            amount: amount,
            routerBurnRequestId: routerBurnedCounter
        });

        routerBurnDetails[routerBurnedCounter] = request;

        Alpha(subnet.token).burn(user, amount);

        emit RouterBurned(request);
    }

    /**
     * @notice Burn subnet tokens with signature validation
     * @dev Requires valid signature from SIGNER_ROLE; prevents replay via identifier
     * @param encodedData ABI-encoded burn request (amount, subnetId, expiry, bittensorAddress, identifier)
     * @param signature Signed message from signer
     */
    function burn(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint256 amount,
            uint16 subnetId,
            uint256 expiry,
            ,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        ) = abi.decode(
                encodedData,
                (uint256, uint16, uint256, uint256, string, string, uint256)
            );

        if (amount == 0) revert InvalidAmount();
        if (bytes(bittensorAddress).length == 0) revert EmptyString();
        if (bytes(identifier).length == 0) revert EmptyString();
        if (chainId == 0) revert InvalidChain();

        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        _verifySignature(
            encodedData,
            signature,
            expiry,
            SIGNER_ROLE,
            chainId,
            identifier
        );

        // Check per-subnet supply before burning
        if (subnetSupply[subnetId] < amount) revert InvalidAmount();

        unchecked {
            burnRequestIdCounter++;
            subnetSupply[subnetId] -= amount;
        }
        BurnRequest memory request = BurnRequest({
            subnetId: subnetId,
            burner: msg.sender,
            amount: amount,
            burnRequestId: burnRequestIdCounter,
            bittensorAddress: bittensorAddress,
            identifier: identifier,
            chainId: chainId
        });

        burnDetails[burnRequestIdCounter] = request;

        Alpha(subnet.token).burn(msg.sender, amount);

        emit TokenBurned(request);
    }

    /**
     * @notice Update token metadata (name & symbol) for a given subnet
     * @dev Calls Alpha clone's `updateNameAndSymbol` function
     * @param subnetId Subnet ID whose token metadata will be updated
     * @param newName New token name
     * @param newSymbol New token symbol
     */
    function updateTokenMetadata(
        uint16 subnetId,
        string calldata newName,
        string calldata newSymbol
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        SubnetDetails storage subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (bytes(newName).length == 0) revert EmptyString();
        if (bytes(newSymbol).length == 0) revert EmptyString();

        subnet.name = newName;
        subnet.symbol = newSymbol;

        Alpha(subnet.token).updateNameAndSymbol(newName, newSymbol);

        emit SubnetMetadataUpdated(subnetId, newName, newSymbol);
    }

    /**
     * @notice Update the Alpha implementation contract
     * @dev Only callable by ADMIN_ROLE. Future subnets will use the new implementation.
     * @param newImplementation New Alpha implementation contract address
     */
    function updateAlphaImplementation(
        address newImplementation
    ) external nonReentrant onlyRole(ADMIN_ROLE) {
        if (newImplementation == address(0)) revert ZeroAddress();
        alphaImplementation = newImplementation;
    }

    /**
     * @notice Pauses contract (only owner)
     */
    function pause() external onlyRole(ADMIN_ROLE) {
        _pause();
    }

    /**
     * @notice Unpauses contract (only owner)
     */
    function unpause() external onlyRole(ADMIN_ROLE) {
        _unpause();
    }

    /**
     * @notice Internal function to handle token minting logic
     * @dev Contains the core minting logic used by both mint and refund functions
     * @param encodedData ABI-encoded request (subnetId, receiver, amount, expiry, nonce, bittensorAddress, identifier)
     * @param signature Signature for verification
     * @return subnetId Subnet identifier
     * @return receiver Address that will receive tokens
     * @return amount Amount to mint
     * @return bittensorAddress Associated external identifier
     * @return identifier Associated external identifier
     */
    function _mintTokens(
        bytes calldata encodedData,
        bytes calldata signature
    )
        internal
        returns (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            string memory bittensorAddress,
            string memory identifier,
            uint256 chainId
        )
    {
        uint256 expiry;
        uint256 nonce;

        (
            subnetId,
            receiver,
            amount,
            expiry,
            ,
            bittensorAddress,
            identifier,
            chainId
        ) = abi.decode(
                encodedData,
                (
                    uint16,
                    address,
                    uint256,
                    uint256,
                    uint256,
                    string,
                    string,
                    uint256
                )
            );
        if (receiver == address(0)) revert ZeroAddress();
        if (amount == 0) revert InvalidAmount();
        if (bytes(bittensorAddress).length == 0) revert EmptyString();
        if (bytes(identifier).length == 0) revert EmptyString();
        if (chainId == 0) revert InvalidChain();
        SubnetDetails memory subnet = subnetDetails[subnetId];
        if (subnet.token == address(0)) revert InvalidSubnet();
        if (!subnet.status) revert DisabledSubnet();

        // verify signature (reverts on expiry/used identifier/invalid signer)
        _verifySignature(
            encodedData,
            signature,
            expiry,
            SIGNER_ROLE,
            chainId,
            identifier
        );

        // mint on the subnet token
        Alpha(subnet.token).mint(receiver, amount);

        // return values expected by caller
        return (
            subnetId,
            receiver,
            amount,
            bittensorAddress,
            identifier,
            chainId
        );
    }

    /**
     * @notice Verifies the ECDSA signature for given data
     * @dev Verifies the validity of a signature and ensures it is not expired.
     * @param encodedData The original data that was signed.
     * @param signature The signature generated by signing the encoded data.
     * @param expiry The timestamp after which the signature becomes invalid.
     * @param role The role to verify the valid signer.
     * @param chainId The chain ID of the signer.
     * @param identifier The identifier of the subnet.
     */
    function _verifySignature(
        bytes memory encodedData,
        bytes memory signature,
        uint256 expiry,
        bytes32 role,
        uint256 chainId,
        string memory identifier
    ) internal {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("BRIDGE_IDENTIFIER", block.chainid, identifier)
        );
        if (isIdentifierUsed[identifierHash]) revert IdentifierAlreadyUsed();
        if (chainId == 0) revert InvalidChain();
        if (block.chainid != chainId) revert InvalidChain();
        if (block.timestamp > expiry) revert SignatureExpired();
        bytes32 hash = keccak256(encodedData);
        address signer = hash.toEthSignedMessageHash().recover(signature);
        if (!hasRole(role, signer)) revert InvalidSigner();
        isIdentifierUsed[identifierHash] = true;
    }

    /**
     * @notice Internal helper to deploy Alpha clones
     * @dev Used by `initialize` and `addSubnetToken`
     * @param subnetId Subnet ID
     * @param name_ Token name
     * @param symbol_ Token symbol
     * @param adminAddress Admin address for the token
     */
    function _deploySubnetToken(
        uint16 subnetId,
        string memory name_,
        string memory symbol_,
        address adminAddress
    ) internal {
        address clone = Clones.clone(alphaImplementation);
        subnetDetails[subnetId] = SubnetDetails({
            subnetId: subnetId,
            token: clone,
            name: name_,
            symbol: symbol_,
            status: true
        });

        Alpha(clone).initialize(
            name_,
            symbol_,
            DECIMAL,
            address(this), // Bridge gets MINTER_ROLE and BURNER_ROLE
            adminAddress // Admin gets DEFAULT_ADMIN_ROLE
        );

        emit SubnetTokenAdded(subnetDetails[subnetId]);
    }

    /**
     * @notice Authorizes contract upgrades
     * @dev Required by UUPSUpgradeable
     * @param newImplementation Address of new implementation
     */
    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(ADMIN_ROLE) {}

    /**
     * @notice Returns the status of an identifier
     * @param identifier The identifier to check
     * @return True if the identifier is used, false otherwise
     */
    function identifierStatus(
        string memory identifier
    ) public view returns (bool) {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("BRIDGE_IDENTIFIER", block.chainid, identifier)
        );
        return isIdentifierUsed[identifierHash];
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {
    ITypeAndVersion
} from "@chainlink/contracts/src/v0.8/shared/interfaces/ITypeAndVersion.sol";
import {
    IBurnMintERC20
} from "@chainlink/contracts/src/v0.8/shared/token/ERC20/IBurnMintERC20.sol";

import {
    BurnMintTokenPoolAbstract
} from "@chainlink/contracts-ccip/contracts/pools/BurnMintTokenPoolAbstract.sol";
import {
    TokenPool
} from "@chainlink/contracts-ccip/contracts/pools/TokenPool.sol";

import {
    SafeERC20
} from "@openzeppelin/[email protected]/token/ERC20/utils/SafeERC20.sol";

/// @notice This pool mints and burns a 3rd-party token.
/// @dev Pool whitelisting mode is set in the constructor and cannot be modified later.
/// It either accepts any address as originalSender, or only accepts whitelisted originalSender.
/// The only way to change whitelisting mode is to deploy a new pool.
/// If that is expected, please make sure the token's burner/minter roles are adjustable.
/// @dev This contract is a variant of BurnMintTokenPool that uses `burnFrom(from, amount)`.
contract BurnFromMintTokenPool is BurnMintTokenPoolAbstract, ITypeAndVersion {
    using SafeERC20 for IBurnMintERC20;

    string public constant override typeAndVersion =
        "BurnFromMintTokenPool 1.6.x-dev";

    /**
     * @notice Constructor for BurnFromMintTokenPool
     * @param token The burn/mint ERC20 token
     * @param localTokenDecimals Token decimals
     * @param allowlist Array of allowed addresses (empty for open access)
     * @param rmnProxy RMN Proxy address
     * @param router CCIP Router address
     */
    constructor(
        IBurnMintERC20 token,
        uint8 localTokenDecimals,
        address[] memory allowlist,
        address rmnProxy,
        address router
    ) TokenPool(token, localTokenDecimals, allowlist, rmnProxy, router) {
        // Some tokens allow burning from the sender without approval, but not all do.
        // To be safe, we approve the pool to burn from the pool.
        token.safeIncreaseAllowance(address(this), type(uint256).max);
    }

    /// @inheritdoc TokenPool
    function _lockOrBurn(uint256 amount) internal virtual override {
        IBurnMintERC20(address(i_token)).burn(address(this), amount);
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {BurnFromMintTokenPool} from "./BurnFromMintTokenPool.sol";
import {
    TokenPool
} from "@chainlink/contracts-ccip/contracts/pools/TokenPool.sol";
import {
    RateLimiter
} from "@chainlink/contracts-ccip/contracts/libraries/RateLimiter.sol";
import {
    IBurnMintERC20
} from "@chainlink/contracts/src/v0.8/shared/token/ERC20/IBurnMintERC20.sol";
import {
    OwnerIsCreator
} from "@chainlink/contracts/src/v0.8/shared/access/OwnerIsCreator.sol";

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    ReentrancyGuardUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";

/// @title BurnMintPoolFactory
/// @notice Factory for deploying and managing BurnFromMintTokenPool instances
/// @dev UUPS-upgradeable factory. The factory becomes the owner of all deployed pools, allowing multiple admins to manage pools through wrapper functions.
contract BurnMintPoolFactory is
    Initializable,
    AccessControlUpgradeable,
    PausableUpgradeable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable
{
    bytes32 public constant POOL_CREATOR_ROLE = keccak256("POOL_CREATOR_ROLE");
    bytes32 public constant POOL_ADMIN_ROLE = keccak256("POOL_ADMIN_ROLE");
    bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");

    error InvalidAdmin();
    error InvalidToken();
    error PoolExists();
    error PoolDoesNotExist();
    error InvalidRmnProxy();
    error InvalidRouter();
    error ZeroAddress();
    error LengthMismatch();

    event PoolCreated(
        address indexed token,
        address indexed pool,
        uint8 localTokenDecimals,
        address[] allowlist,
        address rmnProxy,
        address router,
        address indexed creator
    );

    event PoolUpdated(
        address indexed token,
        address indexed oldPool,
        address indexed newPool
    );

    address[] public allPools;

    /// @notice Mapping from underlying token address to the latest deployed pool for that token
    mapping(address => address) public tokenToPool;

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /// @notice Initialize the BurnMintPoolFactory.
    /// @param admin The address that will receive the admin and pool roles.
    function initialize(address admin) external initializer {
        if (admin == address(0)) revert InvalidAdmin();

        __AccessControl_init();
        __Pausable_init();
        __UUPSUpgradeable_init();
        __ReentrancyGuard_init();

        _grantRole(DEFAULT_ADMIN_ROLE, admin);
        _grantRole(POOL_CREATOR_ROLE, admin);
        _grantRole(POOL_ADMIN_ROLE, admin);
        _grantRole(PAUSER_ROLE, admin);
    }

    /// @notice Deploy a BurnFromMintTokenPool for a single token
    /// @param token The ERC20 token address
    /// @param localTokenDecimals Token decimals
    /// @param allowlist Array of allowed addresses (empty for open access)
    /// @param rmnProxy RMN Proxy address
    /// @param router CCIP Router address
    function createPool(
        IBurnMintERC20 token,
        uint8 localTokenDecimals,
        address[] calldata allowlist,
        address rmnProxy,
        address router
    )
        external
        whenNotPaused
        onlyRole(POOL_CREATOR_ROLE)
        returns (address pool)
    {
        pool = _createPool(
            token,
            localTokenDecimals,
            allowlist,
            rmnProxy,
            router
        );
    }

    /// @notice Deploy multiple BurnFromMintTokenPool instances in a single transaction.
    /// @param tokens Array of tokens to create pools for.
    /// @param localTokenDecimals Array of token decimals (must match tokens length).
    /// @param allowlists Array of allowlists per token.
    /// @param rmnProxy RMN Proxy address (shared across pools).
    /// @param router CCIP Router address (shared across pools).
    /// @return pools The array of newly deployed pool addresses
    function createMultiplePools(
        IBurnMintERC20[] calldata tokens,
        uint8[] calldata localTokenDecimals,
        address[][] calldata allowlists,
        address rmnProxy,
        address router
    )
        external
        whenNotPaused
        onlyRole(POOL_CREATOR_ROLE)
        nonReentrant
        returns (address[] memory pools)
    {
        uint256 length = tokens.length;
        if (length != localTokenDecimals.length || length != allowlists.length)
            revert LengthMismatch();

        pools = new address[](length);
        for (uint256 i = 0; i < length; i++) {
            pools[i] = _createPool(
                tokens[i],
                localTokenDecimals[i],
                allowlists[i],
                rmnProxy,
                router
            );
        }
    }

    /// @notice Create a new pool for an existing token and update the token-to-pool mapping.
    /// @dev The previous pool remains valid but is no longer the "current" pool for that token.
    /// @param token The underlying token.
    /// @param localTokenDecimals Token decimals.
    /// @param allowlist Allowlist for the new pool.
    /// @param rmnProxy RMN Proxy address.
    /// @param router CCIP Router address.
    /// @return newPool The address of the newly deployed pool
    function updatePool(
        IBurnMintERC20 token,
        uint8 localTokenDecimals,
        address[] calldata allowlist,
        address rmnProxy,
        address router
    )
        external
        whenNotPaused
        onlyRole(POOL_ADMIN_ROLE)
        nonReentrant
        returns (address newPool)
    {
        address oldPool = tokenToPool[address(token)];
        if (oldPool == address(0)) revert PoolDoesNotExist();

        newPool = address(
            new BurnFromMintTokenPool(
                token,
                localTokenDecimals,
                allowlist,
                rmnProxy,
                router
            )
        );

        allPools.push(newPool);
        tokenToPool[address(token)] = newPool;

        emit PoolUpdated(address(token), oldPool, newPool);
    }

    /// @notice Internal helper to deploy a pool
    /// @param token The burn/mint ERC20 token
    /// @param localTokenDecimals Token decimals
    /// @param allowlist Array of allowed addresses
    /// @param rmnProxy RMN Proxy address
    /// @param router CCIP Router address
    function _createPool(
        IBurnMintERC20 token,
        uint8 localTokenDecimals,
        address[] calldata allowlist,
        address rmnProxy,
        address router
    ) internal returns (address pool) {
        if (address(token) == address(0)) revert InvalidToken();
        if (tokenToPool[address(token)] != address(0)) revert PoolExists();
        if (rmnProxy == address(0)) revert InvalidRmnProxy();
        if (router == address(0)) revert InvalidRouter();

        pool = address(
            new BurnFromMintTokenPool(
                token,
                localTokenDecimals,
                allowlist,
                rmnProxy,
                router
            )
        );

        allPools.push(pool);
        tokenToPool[address(token)] = pool;

        emit PoolCreated(
            address(token),
            pool,
            localTokenDecimals,
            allowlist,
            rmnProxy,
            router,
            msg.sender
        );
    }

    /// @notice Pause new pool creation and updates
    function pause() external onlyRole(PAUSER_ROLE) {
        _pause();
    }

    /// @notice Unpause new pool creation and updates
    function unpause() external onlyRole(PAUSER_ROLE) {
        _unpause();
    }

    /// @notice Returns all deployed pools
    function getAllPools() external view returns (address[] memory) {
        return allPools;
    }

    /// @notice Returns total number of pools
    function getPoolCount() external view returns (uint256) {
        return allPools.length;
    }

    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(DEFAULT_ADMIN_ROLE) {}

    // ================================================================
    // │                    POOL MANAGEMENT FUNCTIONS                 │
    // ================================================================

    /// @notice Set chain rate limiter configuration for a pool
    /// @param pool The pool address to configure
    /// @param remoteChainSelector The remote chain selector
    /// @param outboundConfig Outbound rate limiter configuration
    /// @param inboundConfig Inbound rate limiter configuration
    function setPoolChainRateLimiterConfig(
        address pool,
        uint64 remoteChainSelector,
        RateLimiter.Config memory outboundConfig,
        RateLimiter.Config memory inboundConfig
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).setChainRateLimiterConfig(
            remoteChainSelector,
            outboundConfig,
            inboundConfig
        );
    }

    /// @notice Apply chain updates to a pool (add/update chain configurations)
    /// @param pool The pool address to configure
    /// @param remoteChainSelectors Array of remote chain selectors
    /// @param chainUpdates Array of chain update configurations
    function applyPoolChainUpdates(
        address pool,
        uint64[] memory remoteChainSelectors,
        TokenPool.ChainUpdate[] memory chainUpdates
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).applyChainUpdates(remoteChainSelectors, chainUpdates);
    }

    /// @notice Set the router address for a pool
    /// @param pool The pool address to configure
    /// @param newRouter The new router address
    function setPoolRouter(
        address pool,
        address newRouter
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).setRouter(newRouter);
    }

    /// @notice Transfer ownership of a pool to a new owner
    /// @dev This should only be used in emergency situations or when migrating to a new factory
    /// @param pool The pool address
    /// @param newOwner The new owner address
    function transferPoolOwnership(
        address pool,
        address newOwner
    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
        OwnerIsCreator(pool).transferOwnership(newOwner);
    }

    /// @notice Accept ownership of a pool (if this factory is set as pending owner)
    /// @param pool The pool address
    function acceptPoolOwnership(
        address pool
    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
        OwnerIsCreator(pool).acceptOwnership();
    }

    /// @notice Add a remote pool address for cross-chain transfers
    /// @param pool The pool address to configure
    /// @param remoteChainSelector The remote chain selector
    /// @param remotePoolAddress The encoded remote pool address
    function addRemotePoolAddress(
        address pool,
        uint64 remoteChainSelector,
        bytes calldata remotePoolAddress
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).addRemotePool(remoteChainSelector, remotePoolAddress);
    }

    /// @notice Remove a remote pool address
    /// @param pool The pool address to configure
    /// @param remoteChainSelector The remote chain selector
    /// @param remotePoolAddress The encoded remote pool address to remove
    function removeRemotePoolAddress(
        address pool,
        uint64 remoteChainSelector,
        bytes calldata remotePoolAddress
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).removeRemotePool(
            remoteChainSelector,
            remotePoolAddress
        );
    }

    /// @notice Update the allowlist for a pool
    /// @param pool The pool address to configure
    /// @param removes Array of addresses to remove from allowlist
    /// @param adds Array of addresses to add to allowlist
    function updatePoolAllowList(
        address pool,
        address[] calldata removes,
        address[] calldata adds
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).applyAllowListUpdates(removes, adds);
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {LockReleaseTokenPool} from "./LockReleaseTokenPool.sol";
import {
    TokenPool
} from "@chainlink/contracts-ccip/contracts/pools/TokenPool.sol";
import {
    RateLimiter
} from "@chainlink/contracts-ccip/contracts/libraries/RateLimiter.sol";
import {IERC20} from "@openzeppelin/[email protected]/token/ERC20/IERC20.sol";
import {
    OwnerIsCreator
} from "@chainlink/contracts/src/v0.8/shared/access/OwnerIsCreator.sol";
import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";

/// @title LockReleasePoolFactory
/// @notice Factory contract for deploying and managing LockReleaseTokenPool instances
/// @dev UUPS-upgradeable factory. The factory becomes the owner of all deployed pools, allowing multiple admins to manage pools through wrapper functions.
contract LockReleasePoolFactory is
    Initializable,
    AccessControlUpgradeable,
    PausableUpgradeable,
    UUPSUpgradeable
{
    bytes32 public constant POOL_CREATOR_ROLE = keccak256("POOL_CREATOR_ROLE");
    bytes32 public constant POOL_ADMIN_ROLE = keccak256("POOL_ADMIN_ROLE");
    bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");

    error InvalidAdmin();
    error InvalidToken();
    error PoolExists();
    error PoolDoesNotExist();
    error InvalidRmnProxy();
    error InvalidRouter();
    error ZeroAddress();
    error LengthMismatch();

    event PoolCreated(
        address indexed token,
        address indexed pool,
        uint8 localTokenDecimals,
        address[] allowlist,
        address rmnProxy,
        address router,
        address indexed creator
    );

    event PoolUpdated(
        address indexed token,
        address indexed oldPool,
        address indexed newPool
    );

    address[] public allPools;

    /// @notice Mapping from underlying token address to the latest deployed pool for that token
    mapping(address => address) public tokenToPool;

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /// @notice Initialize the LockReleasePoolFactory.
    /// @param admin The address that will receive the admin and pool roles.
    function initialize(address admin) external initializer {
        if (admin == address(0)) revert InvalidAdmin();

        __AccessControl_init();
        __Pausable_init();
        __UUPSUpgradeable_init();

        _grantRole(DEFAULT_ADMIN_ROLE, admin);
        _grantRole(POOL_CREATOR_ROLE, admin);
        _grantRole(POOL_ADMIN_ROLE, admin);
        _grantRole(PAUSER_ROLE, admin);
    }

    /// @notice Deploy a LockReleaseTokenPool for a single token
    /// @param token The ERC20 token address
    /// @param localTokenDecimals Token decimals
    /// @param allowlist Array of allowed addresses (empty for open access)
    /// @param rmnProxy RMN Proxy address
    /// @param router CCIP Router address
    function createPool(
        IERC20 token,
        uint8 localTokenDecimals,
        address[] calldata allowlist,
        address rmnProxy,
        address router
    )
        external
        whenNotPaused
        onlyRole(POOL_CREATOR_ROLE)
        returns (address pool)
    {
        pool = _createPool(
            token,
            localTokenDecimals,
            allowlist,
            rmnProxy,
            router
        );
    }

    /// @notice Deploy multiple LockReleaseTokenPool instances in a single transaction.
    /// @param tokens Array of tokens to create pools for.
    /// @param localTokenDecimals Array of token decimals (must match tokens length).
    /// @param allowlists Array of allowlists per token.
    /// @param rmnProxy RMN Proxy address (shared across pools).
    /// @param router CCIP Router address (shared across pools).
    /// @return pools The array of newly deployed pool addresses
    function createMultiplePools(
        IERC20[] calldata tokens,
        uint8[] calldata localTokenDecimals,
        address[][] calldata allowlists,
        address rmnProxy,
        address router
    )
        external
        whenNotPaused
        onlyRole(POOL_CREATOR_ROLE)
        returns (address[] memory pools)
    {
        uint256 length = tokens.length;
        if (length != localTokenDecimals.length || length != allowlists.length)
            revert LengthMismatch();

        pools = new address[](length);
        for (uint256 i = 0; i < length; i++) {
            pools[i] = _createPool(
                tokens[i],
                localTokenDecimals[i],
                allowlists[i],
                rmnProxy,
                router
            );
        }
    }

    /// @notice Create a new pool for an existing token and update the token-to-pool mapping.
    /// @dev The previous pool remains valid but is no longer the "current" pool for that token.
    /// @param token The underlying token.
    /// @param localTokenDecimals Token decimals.
    /// @param allowlist Allowlist for the new pool.
    /// @param rmnProxy RMN Proxy address.
    /// @param router CCIP Router address.
    /// @return newPool The address of the newly deployed pool
    function updatePool(
        IERC20 token,
        uint8 localTokenDecimals,
        address[] calldata allowlist,
        address rmnProxy,
        address router
    )
        external
        whenNotPaused
        onlyRole(POOL_ADMIN_ROLE)
        returns (address newPool)
    {
        address oldPool = tokenToPool[address(token)];
        if (oldPool == address(0)) revert PoolDoesNotExist();

        newPool = address(
            new LockReleaseTokenPool(
                token,
                localTokenDecimals,
                allowlist,
                rmnProxy,
                router
            )
        );

        allPools.push(newPool);
        tokenToPool[address(token)] = newPool;

        emit PoolUpdated(address(token), oldPool, newPool);
    }

    /// @notice Internal helper to deploy a pool
    /// @param token The ERC20 token
    /// @param localTokenDecimals Token decimals
    /// @param allowlist Array of allowed addresses
    /// @param rmnProxy RMN Proxy address
    /// @param router CCIP Router address
    function _createPool(
        IERC20 token,
        uint8 localTokenDecimals,
        address[] calldata allowlist,
        address rmnProxy,
        address router
    ) internal returns (address pool) {
        if (address(token) == address(0)) revert InvalidToken();
        if (tokenToPool[address(token)] != address(0)) revert PoolExists();
        if (rmnProxy == address(0)) revert InvalidRmnProxy();
        if (router == address(0)) revert InvalidRouter();

        pool = address(
            new LockReleaseTokenPool(
                token,
                localTokenDecimals,
                allowlist,
                rmnProxy,
                router
            )
        );

        allPools.push(pool);
        tokenToPool[address(token)] = pool;

        emit PoolCreated(
            address(token),
            pool,
            localTokenDecimals,
            allowlist,
            rmnProxy,
            router,
            msg.sender
        );
    }

    /// @notice Pause pool deployment and updates
    function pause() external onlyRole(PAUSER_ROLE) {
        _pause();
    }

    /// @notice Unpause pool deployment and updates
    function unpause() external onlyRole(PAUSER_ROLE) {
        _unpause();
    }

    /// @notice Returns all deployed pools
    function getAllPools() external view returns (address[] memory) {
        return allPools;
    }

    /// @notice Get the number of deployed pools
    function getPoolCount() external view returns (uint256) {
        return allPools.length;
    }

    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(DEFAULT_ADMIN_ROLE) {}

    // ================================================================
    // │                    POOL MANAGEMENT FUNCTIONS                 │
    // ================================================================

    /// @notice Set chain rate limiter configuration for a pool
    /// @param pool The pool address to configure
    /// @param remoteChainSelector The remote chain selector
    /// @param outboundConfig Outbound rate limiter configuration
    /// @param inboundConfig Inbound rate limiter configuration
    function setPoolChainRateLimiterConfig(
        address pool,
        uint64 remoteChainSelector,
        RateLimiter.Config memory outboundConfig,
        RateLimiter.Config memory inboundConfig
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).setChainRateLimiterConfig(
            remoteChainSelector,
            outboundConfig,
            inboundConfig
        );
    }

    /// @notice Apply chain updates to a pool (add/update chain configurations)
    /// @param pool The pool address to configure
    /// @param remoteChainSelectors Array of remote chain selectors
    /// @param chainUpdates Array of chain update configurations
    function applyPoolChainUpdates(
        address pool,
        uint64[] memory remoteChainSelectors,
        TokenPool.ChainUpdate[] memory chainUpdates
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).applyChainUpdates(remoteChainSelectors, chainUpdates);
    }

    /// @notice Set the router address for a pool
    /// @param pool The pool address to configure
    /// @param newRouter The new router address
    function setPoolRouter(
        address pool,
        address newRouter
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).setRouter(newRouter);
    }

    /// @notice Transfer ownership of a pool to a new owner
    /// @dev This should only be used in emergency situations or when migrating to a new factory
    /// @param pool The pool address
    /// @param newOwner The new owner address
    function transferPoolOwnership(
        address pool,
        address newOwner
    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
        OwnerIsCreator(pool).transferOwnership(newOwner);
    }

    /// @notice Accept ownership of a pool (if this factory is set as pending owner)
    /// @param pool The pool address
    function acceptPoolOwnership(
        address pool
    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
        OwnerIsCreator(pool).acceptOwnership();
    }

    /// @notice Add a remote pool address for cross-chain transfers
    /// @param pool The pool address to configure
    /// @param remoteChainSelector The remote chain selector
    /// @param remotePoolAddress The encoded remote pool address
    function addRemotePoolAddress(
        address pool,
        uint64 remoteChainSelector,
        bytes calldata remotePoolAddress
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).addRemotePool(remoteChainSelector, remotePoolAddress);
    }

    /// @notice Remove a remote pool address
    /// @param pool The pool address to configure
    /// @param remoteChainSelector The remote chain selector
    /// @param remotePoolAddress The encoded remote pool address to remove
    function removeRemotePoolAddress(
        address pool,
        uint64 remoteChainSelector,
        bytes calldata remotePoolAddress
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).removeRemotePool(
            remoteChainSelector,
            remotePoolAddress
        );
    }

    /// @notice Update the allowlist for a pool
    /// @param pool The pool address to configure
    /// @param removes Array of addresses to remove from allowlist
    /// @param adds Array of addresses to add to allowlist
    function updatePoolAllowList(
        address pool,
        address[] calldata removes,
        address[] calldata adds
    ) external onlyRole(POOL_ADMIN_ROLE) {
        TokenPool(pool).applyAllowListUpdates(removes, adds);
    }

    // ================================================================
    // │            LOCK RELEASE POOL SPECIFIC FUNCTIONS              │
    // ================================================================

    /// @notice Set the rebalancer address for a LockRelease pool
    /// @param pool The pool address to configure
    /// @param rebalancer The rebalancer address (can be address(0) to disable)
    function setPoolRebalancer(
        address pool,
        address rebalancer
    ) external onlyRole(POOL_ADMIN_ROLE) {
        LockReleaseTokenPool(pool).setRebalancer(rebalancer);
    }

    /// @notice Transfer liquidity from an old pool to a new pool
    /// @dev This is used when upgrading pools to transfer liquidity
    /// @param pool The new pool address (that will receive liquidity)
    /// @param from The old pool address (source of liquidity)
    /// @param amount The amount to transfer (use type(uint256).max for all)
    function transferPoolLiquidity(
        address pool,
        address from,
        uint256 amount
    ) external onlyRole(POOL_ADMIN_ROLE) {
        LockReleaseTokenPool(pool).transferLiquidity(from, amount);
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {
    ITypeAndVersion
} from "@chainlink/contracts/src/v0.8/shared/interfaces/ITypeAndVersion.sol";

import {
    TokenPool
} from "@chainlink/contracts-ccip/contracts/pools/TokenPool.sol";

import {IERC20} from "@openzeppelin/[email protected]/token/ERC20/IERC20.sol";
import {
    SafeERC20
} from "@openzeppelin/[email protected]/token/ERC20/utils/SafeERC20.sol";

/// @notice Token pool used for tokens on their native chain. This uses a lock and release mechanism.
/// Because of lock/unlock requiring liquidity, this pool contract also has function to add and remove
/// liquidity. This allows for proper bookkeeping for both user and liquidity provider balances.
/// @dev One token per LockReleaseTokenPool.
contract LockReleaseTokenPool is TokenPool, ITypeAndVersion {
    using SafeERC20 for IERC20;

    error InsufficientLiquidity();

    event LiquidityTransferred(address indexed from, uint256 amount);
    event LiquidityAdded(address indexed provider, uint256 indexed amount);
    event LiquidityRemoved(address indexed provider, uint256 indexed amount);
    event RebalancerSet(address oldRebalancer, address newRebalancer);

    string public constant override typeAndVersion =
        "LockReleaseTokenPool 1.6.x-dev";

    /// @notice The address of the rebalancer.
    address internal s_rebalancer;

    /**
     * @notice Constructor for LockReleaseTokenPool
     * @param token The ERC20 token (lock/release)
     * @param localTokenDecimals Token decimals
     * @param allowlist Array of allowed addresses (empty for open access)
     * @param rmnProxy RMN Proxy address
     * @param router CCIP Router address
     */
    constructor(
        IERC20 token,
        uint8 localTokenDecimals,
        address[] memory allowlist,
        address rmnProxy,
        address router
    ) TokenPool(token, localTokenDecimals, allowlist, rmnProxy, router) {}

    /**
     * @notice Releases tokens to a receiver
     * @param receiver Address to receive tokens
     * @param amount Amount to release
     */
    function _releaseOrMint(
        address receiver,
        uint256 amount
    ) internal virtual override {
        i_token.safeTransfer(receiver, amount);
    }

    /// @notice Gets rebalancer, can be address(0) if none is configured.
    /// @return The current liquidity manager.
    function getRebalancer() external view returns (address) {
        return s_rebalancer;
    }

    /// @notice Sets the rebalancer address.
    /// @dev Address(0) can be used to disable the rebalancer.
    /// @dev Only callable by the owner.
    function setRebalancer(address rebalancer) external onlyOwner {
        address oldRebalancer = s_rebalancer;

        s_rebalancer = rebalancer;

        emit RebalancerSet(oldRebalancer, rebalancer);
    }

    /// @notice Adds liquidity to the pool. The tokens should be approved first.
    /// @param amount The amount of liquidity to provide.
    function provideLiquidity(uint256 amount) external {
        if (s_rebalancer != msg.sender) revert Unauthorized(msg.sender);

        i_token.safeTransferFrom(msg.sender, address(this), amount);
        emit LiquidityAdded(msg.sender, amount);
    }

    /// @notice Removed liquidity to the pool. The tokens will be sent to msg.sender.
    /// @param amount The amount of liquidity to remove.
    function withdrawLiquidity(uint256 amount) external {
        if (s_rebalancer != msg.sender) revert Unauthorized(msg.sender);

        if (i_token.balanceOf(address(this)) < amount)
            revert InsufficientLiquidity();
        i_token.safeTransfer(msg.sender, amount);
        emit LiquidityRemoved(msg.sender, amount);
    }

    /// @notice This function can be used to transfer liquidity from an older version of the pool to this pool. To do so
    /// this pool will have to be set as the rebalancer in the older version of the pool. This allows it to transfer the
    /// funds in the old pool to the new pool.
    /// @dev When upgrading a LockRelease pool, this function can be called at the same time as the pool is changed in the
    /// TokenAdminRegistry. This allows for a smooth transition of both liquidity and transactions to the new pool.
    /// Alternatively, when no multicall is available, a portion of the funds can be transferred to the new pool before
    /// changing which pool CCIP uses, to ensure both pools can operate. Then the pool should be changed in the
    /// TokenAdminRegistry, which will activate the new pool. All new transactions will use the new pool and its
    /// liquidity. Finally, the remaining liquidity can be transferred to the new pool using this function one more time.
    /// @param from The address of the old pool.
    /// @param amount The amount of liquidity to transfer. If uint256.max is passed, all liquidity will be transferred.
    function transferLiquidity(
        address from,
        uint256 amount
    ) external onlyOwner {
        if (amount == type(uint256).max) {
            amount = i_token.balanceOf(from);
        }

        LockReleaseTokenPool(from).withdrawLiquidity(amount);

        emit LiquidityTransferred(from, amount);
    }
}

//SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.28;

/// @title ECDSALib - Library for ECDSA signature verification
library ECDSALib {
    /**
     * @notice Recovers the signer address from a hashed message and signature.
     * @dev Uses `ecrecover` to obtain the signer address.
     * @param hash The hashed message.
     * @param signature The ECDSA signature (65 bytes).
     * @return address The recovered address of the signer.
     */
    function recover(
        bytes32 hash,
        bytes memory signature
    ) internal pure returns (address) {
        bytes32 r;
        bytes32 s;
        uint8 v;

        // Check the signature length
        require(signature.length == 65, "Invalid signature length");

        // Split the signature into components
        assembly {
            r := mload(add(signature, 32))
            s := mload(add(signature, 64))
            v := byte(0, mload(add(signature, 96)))
        }

        // EIP-2: Homestead
        if (v < 27) {
            v += 27;
        }

        // EIP-155: Replay attack protection
        if (v != 27 && v != 28) {
            revert("Invalid signature recovery id");
        }

        address recovered = ecrecover(hash, v, r, s);
        require(recovered != address(0), "Invalid signature");
        return recovered;
    }

    /**
     * @notice Converts a hash into an Ethereum signed message hash.
     * @dev Adds the Ethereum signed message prefix to prevent signature malleability.
     * @param hash The original hash.
     * @return bytes32 The Ethereum Signed Message hash.
     */
    function toEthSignedMessageHash(
        bytes32 hash
    ) internal pure returns (bytes32) {
        return
            keccak256(
                abi.encodePacked("\x19Ethereum Signed Message:\n32", hash)
            );
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    ReentrancyGuardUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {
    SafeERC20
} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

import {ECDSALib} from "./ECDSALib.sol";
import {IEVMVoidAIRouter} from "./interface/IEVMVoidAIRouter.sol";
import {
    IRouterClient
} from "@chainlink/contracts-ccip/contracts/interfaces/IRouterClient.sol";
import {Client} from "@chainlink/contracts-ccip/contracts/libraries/Client.sol";
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";

// Custom Errors
error ZeroAddress();
error InvalidAmount();
error InvalidChain();
error SignatureExpired();
error InvalidSigner();
error InvalidRouter();
error InsufficientFee();
error SameAddress();
error IdentifierAlreadyUsed();
error RefundFailed();

/// @title EVMVoidAIRouter
/// @author VoidAI
/// @notice Unified entry point for bridging and swapping operations
contract EVMVoidAIRouter is
    Initializable,
    AccessControlUpgradeable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable,
    PausableUpgradeable,
    IEVMVoidAIRouter
{
    using ECDSALib for bytes32;
    using SafeERC20 for IERC20;

    /// @notice Role allowed to manage the contract
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
    /// @notice Role used to identify valid signers
    bytes32 public constant SIGNER_ROLE = keccak256("SIGNER_ROLE");

    /// @notice Address of the CCIP Router
    IRouterClient public ccipRouter;

    /// @notice Address of the treasury
    address public treasury;

    /// @notice Mapping of identifiers to their usage status
    mapping(bytes32 => bool) public isIdentifierUsed;

    struct CCIPBridgeParams {
        bytes receiver;
        bytes extraArgs;
        address token;
        uint256 amount;
        uint256 fees;
        uint256 expiry;
        uint256 chainId;
        string identifier;
        uint16 originNetId;
        uint64 destinationChainSelector;
        bool sendMetadata;
    }

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initializes the EVMVoidAIRouter contract
     * @param adminAddress Admin address
     * @param signerAddress Signer address
     * @param ccipRouterAddress CCIP Router address
     * @param treasuryAddress Treasury address
     */
    function initialize(
        address adminAddress,
        address signerAddress,
        address ccipRouterAddress,
        address treasuryAddress
    ) external initializer {
        if (adminAddress == address(0)) revert ZeroAddress();
        if (signerAddress == address(0)) revert ZeroAddress();
        if (ccipRouterAddress == address(0)) revert ZeroAddress();
        if (treasuryAddress == address(0)) revert ZeroAddress();

        __AccessControl_init();
        __UUPSUpgradeable_init();
        __ReentrancyGuard_init();
        __Pausable_init();

        _grantRole(DEFAULT_ADMIN_ROLE, adminAddress);
        _grantRole(ADMIN_ROLE, adminAddress);
        _grantRole(SIGNER_ROLE, signerAddress);

        ccipRouter = IRouterClient(ccipRouterAddress);
        treasury = treasuryAddress;
    }

    /**
     * @notice Swap tokens via the router.
     * @dev The identifier is embedded into the CCIP message data and can be decoded on the destination chain.
     * @param encodedData ABI-encoded swap request
     * @param signature Signature from a valid signer
     */
    function swap(
        bytes calldata encodedData,
        bytes calldata signature
    ) external payable nonReentrant whenNotPaused {
        (
            bytes memory toAddress,
            bytes memory extraArgs,
            address fromAddress,
            address token,
            uint256 amount,
            uint256 sourceChainId,
            uint256 destinationChainId,
            uint256 expiry,
            string memory identifier,
            uint16 originNetId,
            uint16 destinationNetId,
            bool sendMetadata
        ) = abi.decode(
                encodedData,
                (
                    bytes,
                    bytes,
                    address,
                    address,
                    uint256,
                    uint256,
                    uint256,
                    uint256,
                    string,
                    uint16,
                    uint16,
                    bool
                )
            );

        if (amount == 0) revert InvalidAmount();
        if (fromAddress != msg.sender) revert InvalidSigner();

        _verifySignature(
            encodedData,
            signature,
            expiry,
            sourceChainId,
            identifier
        );

        IERC20(token).safeTransferFrom(msg.sender, address(this), amount);

        // Construct CCIP Message
        Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
            toAddress,
            extraArgs,
            token,
            amount,
            originNetId,
            uint16(destinationChainId),
            sendMetadata,
            identifier
        );

        uint256 ccipFees = ccipRouter.getFee(
            uint64(destinationChainId),
            evm2AnyMessage
        );

        // approve the Router to spend tokens on contract's behalf. It will spend the amount of the given token
        IERC20(token).forceApprove(address(ccipRouter), amount);

        if (address(ccipRouter) == address(0)) revert ZeroAddress();
        if (msg.value < ccipFees) revert InsufficientFee();
        bytes32 messageId = ccipRouter.ccipSend{value: ccipFees}(
            uint64(destinationChainId),
            evm2AnyMessage
        );

        // Refund excess ETH
        if (msg.value > ccipFees) {
            (bool success, ) = msg.sender.call{value: msg.value - ccipFees}("");
            if (!success) revert RefundFailed();
        }

        emit Swap(
            messageId,
            originNetId,
            destinationNetId,
            toAddress,
            fromAddress,
            token,
            amount,
            sourceChainId,
            destinationChainId,
            identifier
        );
    }

    /**
     * @notice Burn tokens via CCIP.
     * @dev The identifier is embedded into the CCIP message data and can be decoded on the destination chain.
     * @param encodedData ABI-encoded burn request
     * @param signature Signature from a valid signer
     */
    function ccipBridge(
        bytes calldata encodedData,
        bytes calldata signature
    ) external payable nonReentrant whenNotPaused {
        CCIPBridgeParams memory params;
        {
            bytes memory receiver;
            bytes memory extraArgs;
            address token;
            uint256 amount;
            uint256 fees;
            uint256 expiry;
            uint256 chainId;
            string memory identifier;
            uint16 originNetId;
            uint64 destinationChainSelector;
            bool sendMetadata;

            (
                receiver,
                extraArgs,
                token,
                amount,
                fees,
                expiry,
                chainId,
                identifier,
                originNetId,
                destinationChainSelector,
                sendMetadata
            ) = abi.decode(
                    encodedData,
                    (
                        bytes,
                        bytes,
                        address,
                        uint256,
                        uint256,
                        uint256,
                        uint256,
                        string,
                        uint16,
                        uint64,
                        bool
                    )
                );

            params = CCIPBridgeParams({
                receiver: receiver,
                extraArgs: extraArgs,
                token: token,
                amount: amount,
                fees: fees,
                expiry: expiry,
                chainId: chainId,
                identifier: identifier,
                originNetId: originNetId,
                destinationChainSelector: destinationChainSelector,
                sendMetadata: sendMetadata
            });
        }

        _verifySignature(
            encodedData,
            signature,
            params.expiry,
            params.chainId,
            params.identifier
        );

        _processCCIPBridge(params);
    }

    /**
     * @notice Internal function to process CCIP bridge requests
     * @param params CCIP bridge parameters
     */
    function _processCCIPBridge(CCIPBridgeParams memory params) internal {
        IERC20(params.token).safeTransferFrom(
            msg.sender,
            address(this),
            (params.amount + params.fees)
        );

        // Construct CCIP Message
        Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
            params.receiver,
            params.extraArgs,
            params.token,
            params.amount,
            params.originNetId,
            uint16(params.destinationChainSelector),
            params.sendMetadata,
            params.identifier
        );

        uint256 ccipFees = ccipRouter.getFee(
            params.destinationChainSelector,
            evm2AnyMessage
        );

        IERC20(params.token).forceApprove(address(ccipRouter), params.amount);

        if (address(ccipRouter) == address(0)) revert ZeroAddress();
        if (msg.value < ccipFees) revert InsufficientFee();
        bytes32 messageId = ccipRouter.ccipSend{value: ccipFees}(
            params.destinationChainSelector,
            evm2AnyMessage
        );

        // Refund excess ETH
        if (msg.value > ccipFees) {
            (bool success, ) = msg.sender.call{value: msg.value - ccipFees}("");
            if (!success) revert RefundFailed();
        }

        emit CCIPSent(
            params.identifier,
            messageId,
            params.destinationChainSelector,
            params.receiver,
            params.amount,
            ccipFees,
            params.originNetId
        );
    }

    /**
     * @notice Calculate CCIP fees for a cross-chain transfer
     * @param receiver The receiver address
     * @param extraArgs Extra arguments for CCIP
     * @param token Token address
     * @param amount Token amount
     * @param originNetId Origin network ID
     * @param destinationNetId Destination network ID
     * @param destinationChainSelector CCIP chain selector
     * @param sendMetadata Whether to send metadata
     * @param identifier Unique identifier
     * @return fees The calculated CCIP fee in native tokens
     */
    function getCCIPFee(
        bytes memory receiver,
        bytes memory extraArgs,
        address token,
        uint256 amount,
        uint16 originNetId,
        uint16 destinationNetId,
        uint64 destinationChainSelector,
        bool sendMetadata,
        string memory identifier
    ) external view returns (uint256 fees) {
        Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
            receiver,
            extraArgs,
            token,
            amount,
            originNetId,
            destinationNetId,
            sendMetadata,
            identifier
        );

        fees = ccipRouter.getFee(destinationChainSelector, evm2AnyMessage);
    }

    /**
     * @notice Set the CCIP Router address.
     * @dev Emits a {CCIPRouterUpdated} event on success.
     * @param newCCIPRouter Address of the new CCIP Router
     */
    function setCCIPRouter(
        IRouterClient newCCIPRouter
    ) external onlyRole(ADMIN_ROLE) {
        if (address(newCCIPRouter) == address(0)) revert ZeroAddress();
        if (newCCIPRouter == ccipRouter) revert SameAddress();
        address oldRouter = address(ccipRouter);
        ccipRouter = newCCIPRouter;
        emit CCIPRouterUpdated(oldRouter, address(newCCIPRouter));
    }

    /**
     * @notice Withdraw tokens from the contract
     * @param token Address of the token to withdraw
     */
    function withdrawTokens(address token) external onlyRole(ADMIN_ROLE) {
        uint256 balance = IERC20(token).balanceOf(address(this));
        IERC20(token).safeTransfer(treasury, balance);

        emit TokensWithdrawn(token, treasury);
    }

    /**
     * @notice Update the treasury address
     * @param newTreasury Address of the new treasury
     */
    function updateTreasury(address newTreasury) external onlyRole(ADMIN_ROLE) {
        if (newTreasury == address(0)) revert ZeroAddress();
        if (newTreasury == treasury) revert SameAddress();

        address oldTreasury = treasury;
        treasury = newTreasury;

        emit TreasuryUpdated(oldTreasury, newTreasury);
    }

    /**
     * @notice Pause contract operations
     */
    function pause() external onlyRole(ADMIN_ROLE) {
        _pause();
    }

    /**
     * @notice Unpause contract operations
     */
    function unpause() external onlyRole(ADMIN_ROLE) {
        _unpause();
    }

    /**
     * @notice Returns the status of an identifier
     * @param identifier The identifier to check
     * @return used True if the identifier is used, false otherwise
     */
    function identifierStatus(
        string memory identifier
    ) public view returns (bool) {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("ROUTER_IDENTIFIER", block.chainid, identifier)
        );
        return isIdentifierUsed[identifierHash];
    }

    /**
     * @notice Check if interface is supported
     */
    function supportsInterface(
        bytes4 interfaceId
    ) public view virtual override(AccessControlUpgradeable) returns (bool) {
        return
            interfaceId == type(IEVMVoidAIRouter).interfaceId ||
            interfaceId == type(IERC165).interfaceId ||
            super.supportsInterface(interfaceId);
    }

    /**
     * @notice Build a CCIP message
     * @param _receiver Encoded receiver address
     * @param _extraArgs CCIP extra arguments
     * @param _token Token address
     * @param _amount Token amount
     * @param _originNetId Origin network ID
     * @param _destinationNetId Destination network ID
     * @param _sendMetadata Whether to send metadata
     * @param _identifier Unique identifier
     * @return message The constructed EVM2AnyMessage
     */
    function _buildCCIPMessage(
        bytes memory _receiver,
        bytes memory _extraArgs,
        address _token,
        uint256 _amount,
        uint16 _originNetId,
        uint16 _destinationNetId,
        bool _sendMetadata,
        string memory _identifier
    ) internal pure returns (Client.EVM2AnyMessage memory) {
        Client.EVMTokenAmount[]
            memory tokenAmounts = new Client.EVMTokenAmount[](1);
        tokenAmounts[0] = Client.EVMTokenAmount({
            token: _token,
            amount: _amount
        });

        bytes memory data = "";
        if (_sendMetadata) {
            data = abi.encode(
                _amount,
                _receiver,
                _originNetId,
                _destinationNetId,
                _identifier
            );
        }

        return
            Client.EVM2AnyMessage({
                receiver: _receiver,
                data: data,
                tokenAmounts: tokenAmounts,
                extraArgs: _extraArgs,
                feeToken: address(0)
            });
    }
    /**
     * @notice Verify signature
     * @param encodedData Encoded data
     * @param signature Signature
     * @param expiry Expiry timestamp
     * @param chainId Chain ID
     * @param identifier Unique identifier
     */
    function _verifySignature(
        bytes memory encodedData,
        bytes memory signature,
        uint256 expiry,
        uint256 chainId,
        string memory identifier
    ) internal {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("ROUTER_IDENTIFIER", block.chainid, identifier)
        );

        if (isIdentifierUsed[identifierHash]) revert IdentifierAlreadyUsed();
        if (block.chainid != chainId) revert InvalidChain();
        if (block.timestamp > expiry) revert SignatureExpired();

        bytes32 hash = keccak256(encodedData);
        address signer = hash.toEthSignedMessageHash().recover(signature);
        if (!hasRole(SIGNER_ROLE, signer)) revert InvalidSigner();

        isIdentifierUsed[identifierHash] = true;
    }

    /**
     * @notice Authorizes contract upgrades
     * @param newImplementation Address of new implementation
     */
    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(ADMIN_ROLE) {}
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

interface IBridge {
    /**
     * @notice Stores subnet details for an Alpha token clone
     * @dev Each subnet corresponds to a token deployed via the Bridge contract
     * @param subnetId Unique identifier for the subnet
     * @param token Address of the deployed Alpha token clone
     * @param name Token name (customizable per subnet)
     * @param symbol Token symbol (customizable per subnet)
     * @param status Boolean flag indicating if the subnet is active (true) or disabled (false)
     */
    struct SubnetDetails {
        uint16 subnetId;
        address token;
        string name;
        string symbol;
        bool status;
    }

    /**
     * @notice Structure representing a mint request
     * @param subnetId Subnet identifier (uint16)
     * @param receiver Address that will receive minted tokens
     * @param amount Amount to mint (native token units)
     * @param mintRequestId Unique mint request ID
     * @param bittensorAddress Associated external identifier (string)
     * @param identifier Associated external identifier (string)
     */
    struct MintRequest {
        uint16 subnetId;
        address receiver;
        uint256 amount;
        uint256 mintRequestId;
        string bittensorAddress;
        string identifier;
        uint256 chainId;
    }

    /**
     * @notice Structure representing a burn request
     * @param subnetId Subnet identifier (uint16)
     * @param burner Address that performed the burn (msg.sender)
     * @param amount Amount burned
     * @param burnRequestId Unique burn request ID
     * @param bittensorAddress Associated external identifier (string)
     * @param identifier Associated external identifier (string)
     */
    struct BurnRequest {
        uint16 subnetId;
        address burner;
        uint256 amount;
        uint256 burnRequestId;
        string bittensorAddress;
        string identifier;
        uint256 chainId;
    }

    /**
     * @notice Structure representing a refund request
     * @param subnetId Subnet identifier (uint16)
     * @param receiver Address that will receive refunded tokens
     * @param amount Amount to refund (native token units)
     * @param refundRequestId Unique refund request ID
     * @param bittensorAddress Associated external identifier (string)
     * @param identifier Associated external identifier (string)
     */
    struct RefundRequest {
        uint16 subnetId;
        address receiver;
        uint256 amount;
        uint256 refundRequestId;
        string bittensorAddress;
        string identifier;
        uint256 chainId;
    }

    /**
     * @notice Structure representing a router mint request
     * @param subnetId Subnet identifier (uint16)
     * @param receiver Address that will receive minted tokens
     * @param amount Amount to mint (native token units)
     * @param routerMintRequestId Unique router mint request ID
     */
    struct RouterMintRequest {
        uint16 subnetId;
        address receiver;
        uint256 amount;
        uint256 routerMintRequestId;
    }

    /**
     * @notice Structure representing a router burn request
     * @param subnetId Subnet identifier (uint16)
     * @param burner Address that performed the burn (msg.sender)
     * @param amount Amount burned
     * @param routerBurnRequestId Unique router burn request ID
     */
    struct RouterBurnRequest {
        uint16 subnetId;
        address burner;
        uint256 amount;
        uint256 routerBurnRequestId;
    }

    /**
     * @notice Emitted when a new subnet token is created
     */
    event SubnetTokenAdded(SubnetDetails details);

    /**
     * @notice Emitted when a mint request is executed
     * @param request MintRequest struct captured on-chain
     */
    event TokenMinted(MintRequest request);

    /**
     * @notice Emitted when a burn request is executed
     * @param request BurnRequest struct captured on-chain
     */
    event TokenBurned(BurnRequest request);

    /**
     * @notice Emitted when a refund request is executed
     * @param request RefundRequest struct captured on-chain
     */
    event TokenRefunded(RefundRequest request);

    /**
     * @notice Emitted when a router mint request is executed
     * @param request RouterMintRequest struct captured on-chain
     */
    event RouterMinted(RouterMintRequest request);

    /**
     * @notice Emitted when a router burn request is executed
     * @param request RouterBurnRequest struct captured on-chain
     */
    event RouterBurned(RouterBurnRequest request);

    /**
     * @notice Emitted when a subnet status is updated
     * @param subnetId Subnet ID
     * @param status Boolean flag (true if status, false if disabled)
     */
    event SubnetStatusUpdated(uint16 indexed subnetId, bool indexed status);

    /**
     * @notice Emitted when subnet token metadata is updated
     * @param subnetId Subnet ID
     * @param newName Updated token name
     * @param newSymbol Updated token symbol
     */
    event SubnetMetadataUpdated(
        uint16 indexed subnetId,
        string newName,
        string newSymbol
    );

    /**
     * @notice Add a new subnet token (Alpha clone)
     * @param subnetId ID of subnet
     * @param name_ Token name
     * @param symbol_ Token symbol
     */
    function addSubnetToken(
        uint16 subnetId,
        string memory name_,
        string memory symbol_,
        address adminAddress
    ) external;

    /**
     * @notice Enable or disable a subnet
     * @param subnetId ID of subnet
     * @param status New status
     */
    function updateSubnetStatus(uint16 subnetId, bool status) external;

    /**
     * @notice Mint tokens for a given subnet (admin only)
     * @param encodedData ABI-encoded mint request (subnetId, receiver, amount, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function mint(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Burn tokens (user callable, with off-chain signature)
     * @param encodedData ABI-encoded (amount, subnetId, expiry, nonce, bittensorAddress)
     * @param signature Signature produced by a SIGNER_ROLE account
     */
    function burn(bytes memory encodedData, bytes memory signature) external;

    /**
     * @notice Refund tokens for a given subnet (admin only)
     * @param encodedData ABI-encoded refund request (subnetId, receiver, amount, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function refund(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Mint tokens by router
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param receiver Address that will receive tokens
     * @param amount Amount to mint
     */
    function mintByRouter(
        uint16 subnetId,
        address receiver,
        uint256 amount
    ) external;

    /**
     * @notice Burn tokens through router role
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param amount Amount to burn from user
     * @param user User whose tokens are burned
     */
    function burnByRouter(
        uint16 subnetId,
        uint256 amount,
        address user
    ) external;

    /**
     * @notice Update token metadata (name & symbol) for a given subnet
     * @dev Calls Alpha clone's `updateNameAndSymbol` function
     * @param subnetId Subnet ID whose token metadata will be updated
     * @param newName New token name
     * @param newSymbol New token symbol
     */
    function updateTokenMetadata(
        uint16 subnetId,
        string memory newName,
        string memory newSymbol
    ) external;

    /**
     * @notice Pause contract operations
     */
    function pause() external;

    /**
     * @notice Unpause contract operations
     */
    function unpause() external;

    // -----------------------------
    // Read-only accessors (public variables)
    // -----------------------------

    /**
     * @notice Returns the Alpha implementation contract address used for cloning
     * @dev This is the logic contract used as the base for minimal proxy clones
     * @return alphaImplementation Address of the Alpha implementation contract
     */
    function alphaImplementation()
        external
        view
        returns (address alphaImplementation);

    /**
     * @notice Returns the counter for mint requests
     * @dev Auto-incremented whenever a mint request is stored
     * @return mintRequestIdCounter Current mint request counter
     */
    function mintRequestIdCounter()
        external
        view
        returns (uint256 mintRequestIdCounter);

    /**
     * @notice Returns the counter for burn requests
     * @dev Auto-incremented whenever a burn request is stored
     * @return burnRequestIdCounter Current burn request counter
     */
    function burnRequestIdCounter()
        external
        view
        returns (uint256 burnRequestIdCounter);

    /**
     * @notice Returns the counter for refund requests
     * @dev Auto-incremented whenever a refund request is stored
     * @return refundRequestIdCounter Current refund request counter
     */
    function refundRequestIdCounter()
        external
        view
        returns (uint256 refundRequestIdCounter);

    /**
     * @notice Returns the counter for router mint requests
     * @dev Auto-incremented whenever a router mint request is stored
     * @return routerMintedCounter Current router mint request counter
     */
    function routerMintedCounter()
        external
        view
        returns (uint256 routerMintedCounter);

    /**
     * @notice Returns the counter for router burn requests
     * @dev Auto-incremented whenever a router burn request is stored
     * @return routerBurnedCounter Current router burn request counter
     */
    function routerBurnedCounter()
        external
        view
        returns (uint256 routerBurnedCounter);

    /**
     * @notice Returns the total supply for a specific subnet
     * @dev Tracks per-subnet token supply managed by the Bridge contract
     * @param subnetId The subnet identifier
     * @return supply Current circulating supply for the subnet
     */
    function subnetSupply(
        uint16 subnetId
    ) external view returns (uint256 supply);

    /**
     * @notice Returns the total tokens minted by router for a specific subnet
     * @dev Tracks per-subnet router minted tokens
     * @param subnetId The subnet identifier
     * @return minted Total tokens minted by router for this subnet
     */
    function subnetRouterMinted(
        uint16 subnetId
    ) external view returns (uint256 minted);

    /**
     * @notice Returns the total tokens burned by router for a specific subnet
     * @dev Tracks per-subnet router burned tokens
     * @param subnetId The subnet identifier
     * @return burned Total tokens burned by router for this subnet
     */
    function subnetRouterBurned(
        uint16 subnetId
    ) external view returns (uint256 burned);

    /**
     * @notice Returns the subnet details
     * @param subnetId The subnet identifier
     * @return subnetId_ The subnet identifier
     * @return token The token address
     * @return name The token name
     * @return symbol The token symbol
     * @return status The subnet status
     */
    function subnetDetails(
        uint16 subnetId
    )
        external
        view
        returns (
            uint16 subnetId_,
            address token,
            string memory name,
            string memory symbol,
            bool status
        );
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

interface IBridge {
    /**
     * @notice Stores subnet details for an Alpha token clone
     * @dev Each subnet corresponds to a token deployed via the Bridge contract
     * @param subnetId Unique identifier for the subnet
     * @param token Address of the deployed Alpha token clone
     * @param name Token name (customizable per subnet)
     * @param symbol Token symbol (customizable per subnet)
     * @param status Boolean flag indicating if the subnet is active (true) or disabled (false)
     */
    struct SubnetDetails {
        uint16 subnetId;
        address token;
        string name;
        string symbol;
        bool status;
    }

    /**
     * @notice Structure representing a mint request
     * @param subnetId Subnet identifier (uint16)
     * @param receiver Address that will receive minted tokens
     * @param amount Amount to mint (native token units)
     * @param mintRequestId Unique mint request ID
     * @param bittensorAddress Associated external identifier (string)
     * @param identifier Associated external identifier (string)
     */
    struct MintRequest {
        uint16 subnetId;
        address receiver;
        uint256 amount;
        uint256 mintRequestId;
        string bittensorAddress;
        string identifier;
        uint256 chainId;
    }

    /**
     * @notice Structure representing a burn request
     * @param subnetId Subnet identifier (uint16)
     * @param burner Address that performed the burn (msg.sender)
     * @param amount Amount burned
     * @param burnRequestId Unique burn request ID
     * @param bittensorAddress Associated external identifier (string)
     * @param identifier Associated external identifier (string)
     */
    struct BurnRequest {
        uint16 subnetId;
        address burner;
        uint256 amount;
        uint256 burnRequestId;
        string bittensorAddress;
        string identifier;
        uint256 chainId;
    }

    /**
     * @notice Structure representing a refund request
     * @param subnetId Subnet identifier (uint16)
     * @param receiver Address that will receive refunded tokens
     * @param amount Amount to refund (native token units)
     * @param refundRequestId Unique refund request ID
     * @param bittensorAddress Associated external identifier (string)
     * @param identifier Associated external identifier (string)
     */
    struct RefundRequest {
        uint16 subnetId;
        address receiver;
        uint256 amount;
        uint256 refundRequestId;
        string bittensorAddress;
        string identifier;
        uint256 chainId;
    }

    /**
     * @notice Structure representing a router mint request
     * @param subnetId Subnet identifier (uint16)
     * @param receiver Address that will receive minted tokens
     * @param amount Amount to mint (native token units)
     * @param routerMintRequestId Unique router mint request ID
     */
    struct RouterMintRequest {
        uint16 subnetId;
        address receiver;
        uint256 amount;
        uint256 routerMintRequestId;
    }

    /**
     * @notice Structure representing a router burn request
     * @param subnetId Subnet identifier (uint16)
     * @param burner Address that performed the burn (msg.sender)
     * @param amount Amount burned
     * @param routerBurnRequestId Unique router burn request ID
     */
    struct RouterBurnRequest {
        uint16 subnetId;
        address burner;
        uint256 amount;
        uint256 routerBurnRequestId;
    }

    /**
     * @notice Emitted when a new subnet token is created
     */
    event SubnetTokenAdded(SubnetDetails details);

    /**
     * @notice Emitted when a mint request is executed
     * @param request MintRequest struct captured on-chain
     */
    event TokenMinted(MintRequest request);

    /**
     * @notice Emitted when a burn request is executed
     * @param request BurnRequest struct captured on-chain
     */
    event TokenBurned(BurnRequest request);

    /**
     * @notice Emitted when a refund request is executed
     * @param request RefundRequest struct captured on-chain
     */
    event TokenRefunded(RefundRequest request);

    /**
     * @notice Emitted when a router mint request is executed
     * @param request RouterMintRequest struct captured on-chain
     */
    event RouterMinted(RouterMintRequest request);

    /**
     * @notice Emitted when a router burn request is executed
     * @param request RouterBurnRequest struct captured on-chain
     */
    event RouterBurned(RouterBurnRequest request);

    /**
     * @notice Emitted when a subnet status is updated
     * @param subnetId Subnet ID
     * @param status Boolean flag (true if status, false if disabled)
     */
    event SubnetStatusUpdated(uint16 indexed subnetId, bool indexed status);

    /**
     * @notice Emitted when subnet token metadata is updated
     * @param subnetId Subnet ID
     * @param newName Updated token name
     * @param newSymbol Updated token symbol
     */
    event SubnetMetadataUpdated(
        uint16 indexed subnetId,
        string newName,
        string newSymbol
    );

    /**
     * @notice Add a new subnet token (Alpha clone)
     * @param subnetId ID of subnet
     * @param name_ Token name
     * @param symbol_ Token symbol
     */
    function addSubnetToken(
        uint16 subnetId,
        string memory name_,
        string memory symbol_,
        address adminAddress
    ) external;

    /**
     * @notice Enable or disable a subnet
     * @param subnetId ID of subnet
     * @param status New status
     */
    function updateSubnetStatus(uint16 subnetId, bool status) external;

    /**
     * @notice Mint tokens for a given subnet (admin only)
     * @param encodedData ABI-encoded mint request (subnetId, receiver, amount, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function mint(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Burn tokens (user callable, with off-chain signature)
     * @param encodedData ABI-encoded (amount, subnetId, expiry, nonce, bittensorAddress)
     * @param signature Signature produced by a SIGNER_ROLE account
     */
    function burn(bytes memory encodedData, bytes memory signature) external;

    /**
     * @notice Refund tokens for a given subnet (admin only)
     * @param encodedData ABI-encoded refund request (subnetId, receiver, amount, expiry, nonce, bittensorAddress)
     * @param signature Signed message from signer
     */
    function refund(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Mint tokens by router
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param receiver Address that will receive tokens
     * @param amount Amount to mint
     */
    function mintByRouter(
        uint16 subnetId,
        address receiver,
        uint256 amount
    ) external;

    /**
     * @notice Burn tokens through router role
     * @dev Only callable by ROUTER_ROLE
     * @param subnetId Bittensor Subnet Id
     * @param amount Amount to burn from user
     * @param user User whose tokens are burned
     */
    function burnByRouter(
        uint16 subnetId,
        uint256 amount,
        address user
    ) external;

    /**
     * @notice Update token metadata (name & symbol) for a given subnet
     * @dev Calls Alpha clone's `updateNameAndSymbol` function
     * @param subnetId Subnet ID whose token metadata will be updated
     * @param newName New token name
     * @param newSymbol New token symbol
     */
    function updateTokenMetadata(
        uint16 subnetId,
        string memory newName,
        string memory newSymbol
    ) external;

    /**
     * @notice Pause contract operations
     */
    function pause() external;

    /**
     * @notice Unpause contract operations
     */
    function unpause() external;

    // -----------------------------
    // Read-only accessors (public variables)
    // -----------------------------

    /**
     * @notice Returns the Alpha implementation contract address used for cloning
     * @dev This is the logic contract used as the base for minimal proxy clones
     * @return impl Address of the Alpha implementation contract
     */
    function alphaImplementation() external view returns (address impl);

    /**
     * @notice Returns the counter for mint requests
     * @dev Auto-incremented whenever a mint request is stored
     * @return count Current mint request counter
     */
    function mintRequestIdCounter() external view returns (uint256 count);

    /**
     * @notice Returns the counter for burn requests
     * @dev Auto-incremented whenever a burn request is stored
     * @return count Current burn request counter
     */
    function burnRequestIdCounter() external view returns (uint256 count);

    /**
     * @notice Returns the counter for refund requests
     * @dev Auto-incremented whenever a refund request is stored
     * @return count Current refund request counter
     */
    function refundRequestIdCounter() external view returns (uint256 count);

    /**
     * @notice Returns the counter for router mint requests
     * @dev Auto-incremented whenever a router mint request is stored
     * @return count Current router mint request counter
     */
    function routerMintedCounter() external view returns (uint256 count);

    /**
     * @notice Returns the counter for router burn requests
     * @dev Auto-incremented whenever a router burn request is stored
     * @return count Current router burn request counter
     */
    function routerBurnedCounter() external view returns (uint256 count);

    /**
     * @notice Returns the total supply for a specific subnet
     * @dev Tracks per-subnet token supply managed by the Bridge contract
     * @param subnetId The subnet identifier
     * @return supply Current circulating supply for the subnet
     */
    function subnetSupply(
        uint16 subnetId
    ) external view returns (uint256 supply);

    /**
     * @notice Returns the total tokens minted by router for a specific subnet
     * @dev Tracks per-subnet router minted tokens
     * @param subnetId The subnet identifier
     * @return minted Total tokens minted by router for this subnet
     */
    function subnetRouterMinted(
        uint16 subnetId
    ) external view returns (uint256 minted);

    /**
     * @notice Returns the total tokens burned by router for a specific subnet
     * @dev Tracks per-subnet router burned tokens
     * @param subnetId The subnet identifier
     * @return burned Total tokens burned by router for this subnet
     */
    function subnetRouterBurned(
        uint16 subnetId
    ) external view returns (uint256 burned);

    /**
     * @notice Returns the subnet details
     * @param subnetId The subnet identifier
     * @return subnetId_ The subnet identifier
     * @return token The token address
     * @return name The token name
     * @return symbol The token symbol
     * @return status The subnet status
     */
    function subnetDetails(
        uint16 subnetId
    )
        external
        view
        returns (
            uint16 subnetId_,
            address token,
            string memory name,
            string memory symbol,
            bool status
        );

    /**
     * @notice Returns the status of an identifier
     * @param identifier The identifier to check
     * @return True if the identifier is used, false otherwise
     */
    function identifierStatus(
        string memory identifier
    ) external view returns (bool);
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    IRouterClient
} from "@chainlink/contracts-ccip/contracts/interfaces/IRouterClient.sol";

interface IEVMVoidAIRouter {
    /**
     * @notice Emitted when a CCIP message is sent
     */
    event CCIPSent(
        string identifier,
        bytes32 indexed messageId,
        uint64 indexed destinationChainSelector,
        bytes receiver,
        uint256 amount,
        uint256 fees,
        uint16 originNetId
    );

    /**
     * @notice Emitted when a CCIP message is received
     */
    event CCIPReceived(
        bytes32 indexed messageId,
        uint64 indexed sourceChainSelector,
        address sender,
        uint256 amount,
        uint16 originNetId,
        uint16 destinationNetId
    );

    /**
     * @notice Emitted when a swap is initiated
     * @param messageId ID of the message
     * @param originSubnetId ID of the source subnet
     * @param destinationSubnetId ID of the destination subnet
     * @param toAddress Address of the receiver
     * @param fromAddress Address of the sender
     * @param token Address of the token
     * @param amount Amount to swap
     * @param sourceChainId ID of the source chain
     * @param destinationChainId ID of the destination chain
     * @param uuid Unique identifier for the swap
     */
    event Swap(
        bytes32 indexed messageId,
        uint16 originSubnetId,
        uint16 destinationSubnetId,
        bytes toAddress,
        address fromAddress,
        address token,
        uint256 amount,
        uint256 sourceChainId,
        uint256 destinationChainId,
        string uuid
    );

    /**
     * @notice Emitted when tokens are withdrawn
     */
    event TokensWithdrawn(address indexed token, address indexed to);

    /**
     * @notice Emitted when treasury is updated
     */
    event TreasuryUpdated(
        address indexed oldTreasury,
        address indexed newTreasury
    );

    /**
     * @notice Emitted when the CCIP router address is updated
     * @param oldRouter Address of the previous CCIP router
     * @param newRouter Address of the new CCIP router
     */
    event CCIPRouterUpdated(address indexed oldRouter, address indexed newRouter);

    /**
     * @notice Swap tokens via the router
     * @param encodedData ABI-encoded swap request
     * @param signature Signature from a valid signer
     */
    function swap(
        bytes calldata encodedData,
        bytes calldata signature
    ) external payable;

    /**
     * @notice Burn tokens via CCIP
     * @param encodedData ABI-encoded burn request
     * @param signature Signature from a valid signer
     */
    function ccipBridge(
        bytes calldata encodedData,
        bytes calldata signature
    ) external payable;

    /**
     * @notice Set the CCIP Router address
     * @param newCCIPRouter Address of the new CCIP Router
     */
    function setCCIPRouter(IRouterClient newCCIPRouter) external;

    /**
     * @notice Pause the contract
     */
    function pause() external;

    /**
     * @notice Unpause the contract
     */
    function unpause() external;
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";

interface ILSDVault is IERC4626 {
    /**
     * @notice Emitted when the router address is updated.
     * @param previousRouter The address of the old router.
     * @param newRouter The address of the new router.
     */
    event RouterUpdated(
        address indexed previousRouter,
        address indexed newRouter
    );

    /**
     * @notice Emitted when assets are swept from the vault.
     * @param to The address receiving the assets.
     * @param amount The amount of assets swept.
     */
    event AssetsSwept(address indexed to, uint256 amount);

    /**
     * @notice Emitted when reward assets are added to the vault.
     * @param amount The amount of reward assets added.
     */
    event RewardAssetsAdded(uint256 amount);

    /**
     * @notice Adds reward assets to the vault.
     * @param amount The amount of reward assets to add.
     */
    function addRewardAssets(uint256 amount) external;
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

interface ILSDVaultFactory {
    /**
     * @notice Emitted when the router address is updated.
     * @param previousRouter The address of the old router.
     * @param newRouter The address of the new router.
     */
    event RouterUpdated(
        address indexed previousRouter,
        address indexed newRouter
    );
    /**
     * @notice Emitted when the vault implementation address is updated.
     * @param previousImplementation The address of the old implementation.
     * @param newImplementation The address of the new implementation.
     */
    event ImplementationUpdated(
        address indexed previousImplementation,
        address indexed newImplementation
    );
    /**
     * @notice Emitted when a new LSDVault is created.
     * @param asset The address of the underlying asset.
     * @param vault The address of the newly created vault.
     * @param name The name of the vault token.
     * @param symbol The symbol of the vault token.
     * @param creator The address that triggered the vault creation.
     */
    event VaultCreated(
        address indexed asset,
        address indexed vault,
        string name,
        string symbol,
        address indexed creator
    );
    /**
     * @notice Emitted when a vault's active status is updated.
     * @param asset The address of the underlying asset.
     * @param isActive The new active status.
     */
    event VaultStatusUpdated(address indexed asset, bool isActive);

    /**
     * @notice Struct to store vault details
     * @param asset Address of the asset
     * @param vault Address of the vault
     * @param name Name of the vault
     * @param symbol Symbol of the vault
     * @param isActive Boolean indicating if the vault is active
     */
    struct VaultDetails {
        address asset;
        address vault;
        string name;
        string symbol;
        bool isActive;
    }

    /**
     * @notice Create a new LSD vault
     * @param asset Address of the asset
     * @param name Name of the vault
     * @param symbol Symbol of the vault
     * @return vault Address of the new vault
     */
    function createVault(
        address asset,
        string calldata name,
        string calldata symbol
    ) external returns (address vault);

    /**
     * @notice Create multiple new LSD vaults in a single batch
     * @param assets Array of asset addresses
     * @param names Array of vault names
     * @param symbols Array of vault symbols
     * @return vaults_ Array of new vault addresses
     */
    function createVaults(
        address[] calldata assets,
        string[] calldata names,
        string[] calldata symbols
    ) external returns (address[] memory vaults_);

    /**
     * @notice Get the address of an LSD vault
     * @param asset Address of the asset
     * @return vault Address of the LSD vault
     */
    function getVault(address asset) external view returns (address);

    /**
     * @notice Get the details of an LSD vault
     * @param asset Address of the asset
     * @return details Details of the LSD vault
     */
    function getVaultDetails(
        address asset
    ) external view returns (VaultDetails memory);

    /**
     * @notice Get the total number of LSD vaults
     * @return total Number of LSD vaults
     */
    function totalVaults() external view returns (uint256);
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    IRouterClient
} from "@chainlink/contracts-ccip/contracts/interfaces/IRouterClient.sol";

interface IVoidAIRouter {
    /**
     * @notice Emitted when a CCIP message is sent
     */
    event CCIPSent(
        string identifier,
        bytes32 indexed messageId,
        uint64 indexed destinationChainSelector,
        bytes receiver,
        uint256 amount,
        uint256 fees,
        uint16 originNetId
    );

    /**
     * @notice Emitted when a CCIP message is received
     */
    event CCIPReceived(
        bytes32 indexed messageId,
        uint64 indexed sourceChainSelector,
        bytes sender,
        bytes receiver,
        uint256 amount,
        uint16 originNetId,
        uint16 destinationNetId,
        string identifier
    );

    /**
     * @notice Emitted when a swap is initiated
     * @param originSubnetId ID of the source subnet
     * @param destinationSubnetId ID of the destination subnet
     * @param toAddress Address of the receiver
     * @param fromAddress Address of the sender
     * @param token Address of the token
     * @param amount Amount to swap
     * @param sourceChainId ID of the source chain
     * @param destinationChainId ID of the destination chain
     * @param uuid Unique identifier for the swap
     */
    event Swap(
        uint16 originSubnetId,
        uint16 destinationSubnetId,
        address toAddress,
        address fromAddress,
        address token,
        uint256 amount,
        uint256 sourceChainId,
        uint256 destinationChainId,
        string uuid
    );

    /**
     * @notice Emitted when tokens are staked
     * @param receiver Address of the receiver
     * @param asset Address of the asset token
     * @param vault Address of the vault token
     * @param assets Amount of the asset tokens
     * @param shares Amount of the vault tokens
     * @param fees Amount of the fees
     * @param uuid Unique identifier for the staking
     */
    event Staked(
        address receiver,
        address asset,
        address vault,
        uint256 assets,
        uint256 shares,
        uint256 fees,
        string uuid
    );

    /**
     * @notice Emitted when tokens are unstaked
     * @param receiver Address of the receiver
     * @param asset Address of the asset token
     * @param vault Address of the vault token
     * @param assets Amount of the asset tokens
     * @param shares Amount of the vault tokens
     * @param fees Amount of the fees
     * @param uuid Unique identifier for the unstaking
     */
    event Unstaked(
        address receiver,
        address asset,
        address vault,
        uint256 assets,
        uint256 shares,
        uint256 fees,
        string uuid
    );

    /**
     * @notice Emitted when reward assets are added to the vault.
     * @param amount The amount of reward assets added.
     */
    event RewardAssetsAdded(uint256 amount);

    /**
     * @notice Emitted when tokens are withdrawn
     */
    event TokensWithdrawn(address indexed token, address indexed to);

    /**
     * @notice Emitted when treasury is updated
     */
    event TreasuryUpdated(
        address indexed oldTreasury,
        address indexed newTreasury
    );

    /**
     * @notice Emitted when the bridge contract is updated
     * @param oldBridge Address of the old bridge contract
     * @param newBridge Address of the new bridge contract
     */
    event BridgeUpdated(address oldBridge, address newBridge);

    /**
     * @notice Emitted when the contract is paused
     * @param by Address of the pauser
     */
    event ContractPaused(address by);

    /**
     * @notice Emitted when the contract is unpaused
     * @param by Address of the unpauser
     */
    event ContractUnpaused(address by);

    /**
     * @notice Emitted when the CCIP router address is updated
     * @param oldRouter Address of the previous CCIP router
     * @param newRouter Address of the new CCIP router
     */
    event CCIPRouterUpdated(address indexed oldRouter, address indexed newRouter);

    /**
     * @notice Mint tokens via the router
     * @param encodedData ABI-encoded mint request
     * @param signature Signature from a valid signer
     */
    function mint(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Burn tokens via the router
     * @param encodedData ABI-encoded burn request
     * @param signature Signature from a valid signer
     */
    function burn(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Swap tokens via the router
     * @param encodedData ABI-encoded swap request
     * @param signature Signature from a valid signer
     */
    function swap(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Refund tokens via the router
     * @param encodedData ABI-encoded refund request
     * @param signature Signature from a valid signer
     */
    function refund(
        bytes calldata encodedData,
        bytes calldata signature
    ) external;

    /**
     * @notice Burn tokens via CCIP
     * @param encodedData ABI-encoded burn request
     * @param signature Signature from a valid signer
     */
    function ccipBridge(
        bytes calldata encodedData,
        bytes calldata signature
    ) external payable;

    /**
     * @notice Set the CCIP Router address
     * @param newCCIPRouter Address of the new CCIP Router
     */
    function setCCIPRouter(IRouterClient newCCIPRouter) external;

    /**
     * @notice Pause the contract
     */
    function pause() external;

    /**
     * @notice Unpause the contract
     */
    function unpause() external;
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    ERC4626Upgradeable
} from "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC4626Upgradeable.sol";
import {
    ERC20Upgradeable
} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    ReentrancyGuardUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    SafeERC20
} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {ILSDVault} from "./interface/ILSDVault.sol";

// Custom Errors
error ZeroAddress();
error ZeroAmount();
error NotRouter();
error NotEnoughAssets();

/**
 * @title LSDVault
 * @notice ERC4626-compliant vault whose deposits/withdrawals are exclusively routed through the VoidAIRouter.
 */
contract LSDVault is
    Initializable,
    ERC4626Upgradeable,
    AccessControlUpgradeable,
    PausableUpgradeable,
    ReentrancyGuardUpgradeable,
    ILSDVault
{
    using SafeERC20 for IERC20;

    /// @notice Access control role for administrative actions.
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");

    /// @notice Address of the VoidAIRouter contract.
    address public router;

    /// @notice Total assets accounted for by the vault.
    uint256 private _accountedAssets;

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initializes the LSDVault contract.
     * @param asset_ The underlying asset for the vault.
     * @param name_ The name of the vault token.
     * @param symbol_ The symbol of the vault token.
     * @param admin The address to be granted the admin and default admin roles.
     * @param router_ The address of the VoidAIRouter contract.
     */
    function initialize(
        IERC20 asset_,
        string memory name_,
        string memory symbol_,
        address admin,
        address router_
    ) external initializer {
        if (admin == address(0)) revert ZeroAddress();
        if (router_ == address(0)) revert ZeroAddress();

        __ERC20_init(name_, symbol_);
        __ERC4626_init(asset_);
        __AccessControl_init();
        __Pausable_init();
        __ReentrancyGuard_init();

        router = router_;

        _grantRole(DEFAULT_ADMIN_ROLE, admin);
        _grantRole(ADMIN_ROLE, admin);
    }

    /**
     * @dev Modifier to restrict access to only the router.
     */
    modifier onlyRouter() {
        if (msg.sender != router) revert NotRouter();
        _;
    }

    /**
     * @notice Updates the router address.
     * @param newRouter The address of the new router.
     */
    function setRouter(address newRouter) external onlyRole(ADMIN_ROLE) {
        if (newRouter == address(0)) revert ZeroAddress();
        address oldRouter = router;
        router = newRouter;
        emit RouterUpdated(oldRouter, newRouter);
    }

    /**
     * @notice Sweeps assets from the vault to the specified address.
     * @param to The address receiving the assets.
     */
    function sweep(address to) external onlyRole(ADMIN_ROLE) {
        if (to == address(0)) revert ZeroAddress();
        uint256 actual = IERC20(asset()).balanceOf(address(this));
        if (actual < _accountedAssets) revert NotEnoughAssets();
        uint256 surplus = actual - _accountedAssets;
        if (surplus > 0) {
            IERC20(asset()).transfer(to, surplus);
        }
        emit AssetsSwept(to, surplus);
    }

    /**
     * @notice Pauses the vault.
     */
    function pause() external onlyRole(ADMIN_ROLE) {
        _pause();
    }

    /**
     * @notice Unpauses the vault.
     */
    function unpause() external onlyRole(ADMIN_ROLE) {
        _unpause();
    }

    /**
     * @notice Deposits assets into the vault via the router.
     * @param assets The amount of assets to deposit.
     * @param receiver The address receiving the shares.
     * @return shares The amount of shares minted.
     */
    function deposit(
        uint256 assets,
        address receiver
    )
        public
        override(ERC4626Upgradeable, IERC4626)
        onlyRouter
        nonReentrant
        whenNotPaused
        returns (uint256)
    {
        return super.deposit(assets, receiver);
    }

    /**
     * @notice Mints shares into the vault via the router.
     * @param shares The amount of shares to mint.
     * @param receiver The address receiving the shares.
     * @return success Boolean indicating success.
     */
    function mint(
        uint256 shares,
        address receiver
    )
        public
        override(ERC4626Upgradeable, IERC4626)
        onlyRouter
        nonReentrant
        whenNotPaused
        returns (uint256)
    {
        return super.mint(shares, receiver);
    }

    /**
     * @notice Withdraws assets from the vault via the router.
     * @param assets The amount of assets to withdraw.
     * @param receiver The address receiving the assets.
     * @return shares The amount of shares burned.
     */
    function withdraw(
        uint256 assets,
        address receiver,
        address owner
    )
        public
        override(ERC4626Upgradeable, IERC4626)
        onlyRouter
        nonReentrant
        whenNotPaused
        returns (uint256)
    {
        return super.withdraw(assets, receiver, owner);
    }

    /**
     * @notice Redeems shares from the vault via the router.
     * @param shares The amount of shares to redeem.
     * @param owner The address whose shares are being redeemed.
     * @param receiver The address receiving the underlying assets.
     * @return assets The amount of assets withdrawn.
     */
    function redeem(
        uint256 shares,
        address receiver,
        address owner
    )
        public
        override(ERC4626Upgradeable, IERC4626)
        onlyRouter
        nonReentrant
        whenNotPaused
        returns (uint256)
    {
        return super.redeem(shares, receiver, owner);
    }

    /**
     * @notice Adds reward assets to the vault.
     * @param amount The amount of reward assets to add.
     */
    function addRewardAssets(
        uint256 amount
    ) external onlyRouter nonReentrant whenNotPaused {
        if (amount == 0) revert ZeroAmount();
        _accountedAssets += amount;
        emit RewardAssetsAdded(amount);
    }

    /**
     * @notice Calculates the equivalent amount of shares for a given amount of assets.
     * @param assets The amount of assets to convert.
     * @return The equivalent amount of shares.
     */
    function exchangeRate(uint256 assets) external view returns (uint256) {
        return convertToShares(assets);
    }

    /**
     * @notice Returns the total assets accounted for by the vault.
     * @return The total assets accounted for by the vault.
     */
    function totalAssets()
        public
        view
        override(ERC4626Upgradeable, IERC4626)
        returns (uint256)
    {
        return _accountedAssets;
    }

    /**
     * @notice Internal function to deposit assets into the vault.
     * @param caller The address depositing the assets.
     * @param receiver The address receiving the shares.
     * @param assets The amount of assets to deposit.
     * @param shares The amount of shares to mint.
     */
    function _deposit(
        address caller,
        address receiver,
        uint256 assets,
        uint256 shares
    ) internal override {
        _accountedAssets += assets;
        super._deposit(caller, receiver, assets, shares);
    }

    /**
     * @notice Internal function to withdraw assets from the vault.
     * @param caller The address withdrawing the assets.
     * @param receiver The address receiving the assets.
     * @param owner The address whose shares are being withdrawn.
     * @param assets The amount of assets to withdraw.
     * @param shares The amount of shares to burn.
     */
    function _withdraw(
        address caller,
        address receiver,
        address owner,
        uint256 assets,
        uint256 shares
    ) internal override {
        _accountedAssets -= assets;
        super._withdraw(caller, receiver, owner, assets, shares);
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {
    BeaconProxy
} from "@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol";
import {
    UpgradeableBeacon
} from "@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol";

import {ILSDVaultFactory} from "./interface/ILSDVaultFactory.sol";

/**
 * @title IInitializableVault
 * @notice Interface for initializing a newly deployed LSDVault clone.
 */
interface IInitializableVault {
    /**
     * @notice Initializes the vault clone.
     * @param asset_ The underlying asset for the vault.
     * @param name_ The name of the vault token.
     * @param symbol_ The symbol of the vault token.
     * @param admin The address to be granted administrative roles.
     * @param router_ The address of the VoidAIRouter contract.
     */
    function initialize(
        IERC20 asset_,
        string memory name_,
        string memory symbol_,
        address admin,
        address router_
    ) external;
}

// Custom Errors
error ZeroAddress();
error RouterNotSet();
error VaultExists();
error VaultMissing();
error ImplementationNotSet();
error MismatchedInputArrays();
/**
 * @title LSDVaultFactory
 * @notice Deploys and tracks all LSD vaults using the Minimal Proxy (Clones) pattern.
 */
contract LSDVaultFactory is
    Initializable,
    AccessControlUpgradeable,
    UUPSUpgradeable,
    ILSDVaultFactory
{
    /// @notice Access control role for administrative actions.
    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");

    /// @notice Address of the VoidAIRouter contract.
    address public router;

    /// @notice Address of the protocol administrator.
    address public protocolAdmin;

    /// @notice The UpgradeableBeacon contract that manages the vault implementation.
    UpgradeableBeacon public beacon;

    /// @dev Internal list of all deployed vaults.
    VaultDetails[] private vaults;

    /// @dev Mapping from asset address to vault index (index + 1).
    mapping(address => uint256) private vaultIndex; // asset => index+1

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /**
     * @notice Initializes the LSDVaultFactory contract.
     * @param adminAddress The address to be granted the admin and default admin roles.
     * @param routerAddress The address of the VoidAIRouter contract.
     * @param implementationAddress The address of the LSDVault implementation contract.
     */
    function initialize(
        address adminAddress,
        address routerAddress,
        address implementationAddress
    ) external initializer {
        if (adminAddress == address(0)) revert ZeroAddress();
        if (routerAddress == address(0)) revert ZeroAddress();
        if (implementationAddress == address(0)) revert ZeroAddress();

        __AccessControl_init();
        __UUPSUpgradeable_init();

        protocolAdmin = adminAddress;
        router = routerAddress;

        // Deploy the beacon with the initial implementation, owner is the factory itself
        beacon = new UpgradeableBeacon(implementationAddress, address(this));

        _grantRole(DEFAULT_ADMIN_ROLE, adminAddress);
        _grantRole(ADMIN_ROLE, adminAddress);
    }

    /**
     * @notice Updates the router address.
     * @param newRouter The address of the new router.
     */
    function updateRouter(address newRouter) external onlyRole(ADMIN_ROLE) {
        if (newRouter == address(0)) revert ZeroAddress();
        address oldRouter = router;
        router = newRouter;
        emit RouterUpdated(oldRouter, newRouter);
    }

    /**
     * @notice Updates the vault implementation address.
     * @param newImplementation The address of the new implementation.
     */
    function updateImplementation(
        address newImplementation
    ) external onlyRole(ADMIN_ROLE) {
        if (newImplementation == address(0)) revert ZeroAddress();
        address oldImplementation = beacon.implementation();
        beacon.upgradeTo(newImplementation);
        emit ImplementationUpdated(oldImplementation, newImplementation);
    }

    /**
     * @notice Updates the protocol administrator address.
     * @param newAdmin The address of the new protocol administrator.
     */
    function updateAdmin(
        address newAdmin
    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
        if (newAdmin == address(0)) revert ZeroAddress();
        protocolAdmin = newAdmin;
        _grantRole(DEFAULT_ADMIN_ROLE, newAdmin);
        _grantRole(ADMIN_ROLE, newAdmin);
    }

    /**
     * @notice Create a new LSD vault
     * @param asset Address of the asset
     * @param name Name of the vault
     * @param symbol Symbol of the vault
     * @return vault Address of the new vault
     */
    function createVault(
        address asset,
        string calldata name,
        string calldata symbol
    ) public override onlyRole(ADMIN_ROLE) returns (address vault) {
        if (router == address(0)) revert RouterNotSet();
        if (address(beacon) == address(0)) revert ImplementationNotSet();
        if (asset == address(0)) revert ZeroAddress();
        if (vaultIndex[asset] != 0) revert VaultExists();

        bytes memory initData = abi.encodeWithSelector(
            IInitializableVault.initialize.selector,
            IERC20(asset),
            name,
            symbol,
            protocolAdmin,
            router
        );
        BeaconProxy proxy = new BeaconProxy(address(beacon), initData);
        vault = address(proxy);

        ILSDVaultFactory.VaultDetails memory details = ILSDVaultFactory
            .VaultDetails({
                asset: asset,
                vault: vault,
                name: name,
                symbol: symbol,
                isActive: true
            });

        vaults.push(details);
        vaultIndex[asset] = vaults.length;

        emit VaultCreated(asset, vault, name, symbol, msg.sender);
    }

    /**
     * @notice Create multiple new LSD vaults in a single batch
     * @param assets Array of asset addresses
     * @param names Array of vault names
     * @param symbols Array of vault symbols
     * @return vaults_ Array of new vault addresses
     */
    function createVaults(
        address[] calldata assets,
        string[] calldata names,
        string[] calldata symbols
    )
        external
        override
        onlyRole(ADMIN_ROLE)
        returns (address[] memory vaults_)
    {
        uint256 length = assets.length;
        if (length != names.length || length != symbols.length)
            revert MismatchedInputArrays();

        vaults_ = new address[](length);
        for (uint256 i = 0; i < length; i++) {
            vaults_[i] = createVault(assets[i], names[i], symbols[i]);
        }
    }

    /**
     * @notice Get the address of an LSD vault
     * @param asset Address of the asset
     * @return vault Address of the LSD vault
     */
    function getVault(address asset) external view override returns (address) {
        uint256 index = vaultIndex[asset];
        if (index == 0) {
            return address(0);
        }
        return vaults[index - 1].vault;
    }

    /**
     * @notice Get the details of an LSD vault
     * @param asset Address of the asset
     * @return details Details of the LSD vault
     */
    function getVaultDetails(
        address asset
    ) external view override returns (ILSDVaultFactory.VaultDetails memory) {
        uint256 index = vaultIndex[asset];
        if (index == 0) {
            return
                ILSDVaultFactory.VaultDetails({
                    asset: address(0),
                    vault: address(0),
                    name: "",
                    symbol: "",
                    isActive: false
                });
        }
        return vaults[index - 1];
    }

    /**
     * @notice Updates the active status of a vault.
     * @param asset The address of the underlying asset.
     * @param isActive The new active status.
     */
    function setVaultStatus(
        address asset,
        bool isActive
    ) external onlyRole(ADMIN_ROLE) {
        uint256 index = vaultIndex[asset];
        if (index == 0) revert VaultMissing();
        ILSDVaultFactory.VaultDetails storage details = vaults[index - 1];
        details.isActive = isActive;
        emit VaultStatusUpdated(asset, isActive);
    }

    /**
     * @notice Get the total number of LSD vaults
     * @return total Number of LSD vaults
     */
    function totalVaults() external view override returns (uint256) {
        return vaults.length;
    }

    /**
     * @notice Get the address of the current vault implementation.
     * @return implementation Address of the current vault implementation.
     */
    function vaultImplementation() external view returns (address) {
        return beacon.implementation();
    }

    /**
     * @dev Internal function to authorize contract upgrades. Restricted to ADMIN_ROLE.
     */
    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(ADMIN_ROLE) {}
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {Client} from "@chainlink/contracts-ccip/contracts/libraries/Client.sol";

contract MockRMN {
    function isBadData(bytes32, uint64) external pure returns (bool) {
        return false;
    }

    function isCursed() external pure returns (bool) {
        return false;
    }

    function isCursed(bytes16) external pure returns (bool) {
        return false;
    }
}

contract MockCCIPRouter {
    mapping(uint64 => address) public onRamps;
    mapping(uint64 => address) public offRamps;

    uint256 public fee;
    bytes32 public nextMessageId;

    function getFee(
        uint64,
        Client.EVM2AnyMessage memory
    ) external view returns (uint256) {
        return fee;
    }

    function setFee(uint256 _fee) external {
        fee = _fee;
    }

    function getOnRamp(
        uint64 destChainSelector
    ) external view returns (address) {
        return onRamps[destChainSelector];
    }

    function isOffRamp(
        uint64 sourceChainSelector,
        address offRamp
    ) external view returns (bool) {
        return offRamps[sourceChainSelector] == offRamp;
    }

    function setOnRamp(uint64 chainSelector, address onRamp) external {
        onRamps[chainSelector] = onRamp;
    }

    function setOffRamp(uint64 chainSelector, address offRamp) external {
        offRamps[chainSelector] = offRamp;
    }

    function setNextMessageId(bytes32 _nextMessageId) external {
        nextMessageId = _nextMessageId;
    }

    function ccipSend(
        uint64 destinationChainSelector,
        Client.EVM2AnyMessage calldata message
    ) external payable returns (bytes32) {
        // Transfer tokens if any
        if (message.tokenAmounts.length > 0) {
            for (uint i = 0; i < message.tokenAmounts.length; i++) {
                require(
                    IERC20(message.tokenAmounts[i].token).transferFrom(
                        msg.sender,
                        address(this),
                        message.tokenAmounts[i].amount
                    ),
                    "Transfer failed"
                );
            }
        }

        // Return the preset message ID if set, otherwise generate one
        if (nextMessageId != bytes32(0)) {
            bytes32 messageId = nextMessageId;
            nextMessageId = bytes32(0); // Reset after use
            return messageId;
        }

        return
            keccak256(
                abi.encode(destinationChainSelector, message, block.timestamp)
            );
    }
}

contract MockBurnMintERC20 {
    string public name;
    string public symbol;
    uint8 public decimals;
    uint256 public totalSupply;
    mapping(address => uint256) public balanceOf;
    mapping(address => mapping(address => uint256)) public allowance;

    constructor(string memory _name, string memory _symbol, uint8 _decimals) {
        name = _name;
        symbol = _symbol;
        decimals = _decimals;
    }

    function mint(address to, uint256 amount) external {
        balanceOf[to] += amount;
        totalSupply += amount;
        emit Transfer(address(0), to, amount);
    }

    function burn(address from, uint256 amount) external {
        balanceOf[from] -= amount;
        totalSupply -= amount;
        emit Transfer(from, address(0), amount);
    }

    function transfer(address to, uint256 amount) external returns (bool) {
        balanceOf[msg.sender] -= amount;
        balanceOf[to] += amount;
        emit Transfer(msg.sender, to, amount);
        return true;
    }

    function approve(address spender, uint256 amount) external returns (bool) {
        allowance[msg.sender][spender] = amount;
        emit Approval(msg.sender, spender, amount);
        return true;
    }

    function transferFrom(
        address from,
        address to,
        uint256 amount
    ) external returns (bool) {
        allowance[from][msg.sender] -= amount;
        balanceOf[from] -= amount;
        balanceOf[to] += amount;
        emit Transfer(from, to, amount);
        return true;
    }

    event Transfer(address indexed from, address indexed to, uint256 value);
    event Approval(
        address indexed owner,
        address indexed spender,
        uint256 value
    );
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "../LSDVaultFactory.sol";

contract LSDVaultFactoryHarness is LSDVaultFactory {
    function setRouterUnsafe(address newRouter) external {
        router = newRouter;
    }

    function setImplementationUnsafe(address newImpl) external {
        beacon.upgradeTo(newImpl);
    }

    function createVaultUnsafe(
        address asset,
        address admin,
        address router_
    ) external {
        bytes memory initData = abi.encodeWithSelector(
            IInitializableVault.initialize.selector,
            IERC20(asset),
            "N",
            "S",
            admin,
            router_
        );
        new BeaconProxy(address(beacon), initData);
    }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract MockBridge {
    mapping(string => bool) public identifierStatus;
    
    function setIdentifierStatus(string memory id, bool status) external {
        identifierStatus[id] = status;
    }
    
    function subnetDetails(uint16) external view returns (address, address, uint256, uint256, bool) {
        return (address(0), address(0), 0, 0, true);
    }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import {
    ERC4626
} from "@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol";
import {ERC20, IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";

contract MockLSDVault is ERC4626 {
    address public router;

    constructor(
        address _asset,
        address _router
    ) ERC20("Mock LSD", "MLSD") ERC4626(IERC20(_asset)) {
        router = _router;
    }

    function depositViaRouter(
        uint256 assets,
        address receiver
    ) external returns (uint256) {
        return deposit(assets, receiver);
    }

    function redeemViaRouter(
        uint256 shares,
        address owner,
        address receiver
    ) external returns (uint256) {
        return redeem(shares, receiver, owner);
    }

    bool public failDeposit;

    function setFailDeposit(bool _fail) external {
        failDeposit = _fail;
    }

    function exchangeRate(uint256 assets) external view returns (uint256) {
        return convertToShares(assets);
    }

    // Dummy implementations for Pausable
    function pause() external {}
    function unpause() external {}
    function setRouter(address _router) external {
        router = _router;
    }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import {ILSDVaultFactory} from "../interface/ILSDVaultFactory.sol";

contract MockLSDVaultFactory is ILSDVaultFactory {
    mapping(address => VaultDetails) public vaults;

    function setVaultDetails(
        address asset,
        address vault,
        bool isActive
    ) external {
        vaults[asset] = VaultDetails({
            vault: vault,
            asset: asset,
            isActive: isActive,
            name: "Mock Vault",
            symbol: "MV"
        });
    }

    function getVaultDetails(
        address asset
    ) external view returns (VaultDetails memory) {
        return vaults[asset];
    }

    function getVault(address asset) external view returns (address) {
        return vaults[asset].vault;
    }

    function createVault(
        address,
        string calldata,
        string calldata
    ) external override returns (address) {
        return address(0);
    }
    function createVaults(
        address[] calldata,
        string[] calldata,
        string[] calldata
    ) external override returns (address[] memory) {
        return new address[](0);
    }
    function setVaultStatus(address, bool) external {}
    function updateRouter(address) external {}
    function updateImplementation(address) external {}
    function updateAdmin(address) external {}
    function totalVaults() external view override returns (uint256) {
        return 0;
    }
    function protocolAdmin() external view returns (address) {
        return address(0);
    }
    function router() external view returns (address) {
        return address(0);
    }
    function vaultImplementation() external view returns (address) {
        return address(0);
    }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

error ZeroAddress();

/**
 * @title RevertingAccount
 * @notice A contract that reverts when receiving ETH, used for testing refund failures
 */
contract RevertingAccount {
    /**
     * @notice Revert on receiving ETH
     */
    receive() external payable {
        revert("Cannot receive ETH");
    }

    /**
     * @notice Revert on fallback
     */
    fallback() external payable {
        revert("Cannot receive ETH");
    }

    /**
     * @notice Call another contract's function
     * @param target The contract to call
     * @param data The calldata to send
     * @param value The ETH value to send
     * @return The return data from the call
     */
    function callFunction(
        address target,
        bytes calldata data,
        uint256 value
    ) external payable returns (bytes memory) {
        if (target == address(0)) revert ZeroAddress();
        (bool success, bytes memory result) = target.call{value: value}(data);
        require(success, "Call failed");
        return result;
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";

contract TestProxy is ERC1967Proxy {
    constructor(address logic, bytes memory data) ERC1967Proxy(logic, data) {}
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {
    AccessControlUpgradeable
} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {
    Initializable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {
    UUPSUpgradeable
} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
    PausableUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {
    ReentrancyGuardUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {
    SafeERC20
} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

import {ECDSALib} from "./ECDSALib.sol";
import {IVoidAIRouter} from "./interface/IVoidAIRouter.sol";
import {IBridge} from "./interface/IBridgeV2.sol";
import {
    IAny2EVMMessageReceiver
} from "@chainlink/contracts-ccip/contracts/interfaces/IAny2EVMMessageReceiver.sol";
import {
    IRouterClient
} from "@chainlink/contracts-ccip/contracts/interfaces/IRouterClient.sol";
import {
    CCIPReceiver
} from "@chainlink/contracts-ccip/contracts/applications/CCIPReceiver.sol";
import {Client} from "@chainlink/contracts-ccip/contracts/libraries/Client.sol";
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {ILSDVaultFactory} from "./interface/ILSDVaultFactory.sol";
import {ILSDVault} from "./interface/ILSDVault.sol";

// Custom Errors
error ZeroAddress();
error InvalidAmount();
error InvalidSubnet();
error InvalidToken();
error DisabledSubnet();
error InvalidChain();
error SignatureExpired();
error InvalidSigner();
error InsufficientFee();
error SameAddress();
error IdentifierAlreadyUsed();
error MintIdentifierAlreadyUsed();
error BurnIdentifierAlreadyUsed();
error RefundFailed();
error ZeroAmount();
error VaultMissing();
error VaultInactive();
error DepositFailed();
error VaultEmpty();

/// @title VoidAIRouter
/// @author VoidAI
/// @notice Unified entry point for bridging and swapping operations
contract VoidAIRouter is
    Initializable,
    AccessControlUpgradeable,
    UUPSUpgradeable,
    ReentrancyGuardUpgradeable,
    PausableUpgradeable,
    CCIPReceiver,
    IVoidAIRouter
{
    using ECDSALib for bytes32;
    using SafeERC20 for IERC20;

    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
    bytes32 public constant SIGNER_ROLE = keccak256("SIGNER_ROLE");

    /// @notice Address of the Bridge contract
    IBridge public bridge;

    /// @notice Address of the CCIP Router
    IRouterClient public ccipRouter;

    struct CCIPBridgeParams {
        bytes receiver;
        bytes extraArgs;
        address token;
        uint256 amount;
        uint256 fees;
        uint256 expiry;
        uint256 chainId;
        string identifier;
        uint16 originNetId;
        uint64 destinationChainSelector;
        bool sendMetadata;
    }

    struct MintAndSwapParams {
        bytes receiver;
        bytes extraArgs;
        address token;
        uint256 amount;
        uint256 expiry;
        uint256 chainId;
        string identifier;
        uint16 originNetId;
        uint64 destinationNetId;
        bool sendMetadata;
    }

    // Storage for token pool mapping used by the bridge
    address public treasury;

    /// @notice Address of the LSDVaultFactory
    ILSDVaultFactory public lsdVaultFactory;

    /// @notice Mapping of identifiers to their usage status
    mapping(bytes32 => bool) public isMintIdentifierUsed;

    /// @notice Mapping of identifiers to their usage status
    mapping(bytes32 => bool) public isBurnIdentifierUsed;

    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor(address _ccipRouter) CCIPReceiver(_ccipRouter) {
        _disableInitializers();
    }

    /**
     * @notice Initializes the VoidAIRouter contract
     * @param adminAddress Admin address
     * @param signerAddress Signer address
     * @param bridgeAddress Bridge contract address
     * @param ccipRouterAddress CCIP Router address
     * @param treasuryAddress Treasury address
     */
    function initialize(
        address adminAddress,
        address signerAddress,
        address bridgeAddress,
        address ccipRouterAddress,
        address treasuryAddress
    ) external initializer {
        if (adminAddress == address(0)) revert ZeroAddress();
        if (signerAddress == address(0)) revert ZeroAddress();
        if (bridgeAddress == address(0)) revert ZeroAddress();
        if (ccipRouterAddress == address(0)) revert ZeroAddress();
        if (treasuryAddress == address(0)) revert ZeroAddress();

        __AccessControl_init();
        __UUPSUpgradeable_init();
        __ReentrancyGuard_init();
        __Pausable_init();

        _grantRole(DEFAULT_ADMIN_ROLE, adminAddress);
        _grantRole(ADMIN_ROLE, adminAddress);
        _grantRole(SIGNER_ROLE, signerAddress);

        bridge = IBridge(bridgeAddress);
        ccipRouter = IRouterClient(ccipRouterAddress);
        treasury = treasuryAddress;
    }

    /**
     * @notice Mint tokens via the router
     * @param encodedData ABI-encoded mint request
     * @param signature Signature from a valid signer
     */
    function mint(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            uint256 expiry,
            ,
            string memory identifier,
            uint256 chainId
        ) = abi.decode(
                encodedData,
                (uint16, address, uint256, uint256, string, string, uint256)
            );

        _verifyMintSignature(
            encodedData,
            signature,
            expiry,
            chainId,
            identifier
        );
        (, address token, , , bool subnetStatus) = bridge.subnetDetails(
            subnetId
        );
        if (token == address(0)) revert InvalidSubnet();
        if (!subnetStatus) revert DisabledSubnet();
        bridge.mintByRouter(subnetId, receiver, amount);
    }

    /**
     * @notice Burn tokens via the router
     * @param encodedData ABI-encoded burn request
     * @param signature Signature from a valid signer
     */
    function burn(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint256 amount,
            uint16 subnetId,
            uint256 expiry,
            , // bittensorAddress
            string memory identifier,
            uint256 chainId
        ) = abi.decode(
                encodedData,
                (uint256, uint16, uint256, string, string, uint256)
            );

        _verifyBurnSignature(
            encodedData,
            signature,
            expiry,
            chainId,
            identifier
        );
        (, address token, , , bool subnetStatus) = bridge.subnetDetails(
            subnetId
        );
        if (token == address(0)) revert InvalidSubnet();
        if (!subnetStatus) revert DisabledSubnet();
        bridge.burnByRouter(subnetId, amount, msg.sender);
    }

    /**
     * @notice Refund tokens via the router
     * @param encodedData ABI-encoded refund request
     * @param signature Signature from a valid signer
     */
    function refund(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            uint16 subnetId,
            address receiver,
            uint256 amount,
            uint256 expiry,
            , // bittensorAddress
            string memory identifier,
            uint256 chainId
        ) = abi.decode(
                encodedData,
                (uint16, address, uint256, uint256, string, string, uint256)
            );

        _verifyMintSignature(
            encodedData,
            signature,
            expiry,
            chainId,
            identifier
        );
        (, address token, , , bool subnetStatus) = bridge.subnetDetails(
            subnetId
        );
        if (token == address(0)) revert InvalidSubnet();
        if (!subnetStatus) revert DisabledSubnet();
        bridge.mintByRouter(subnetId, receiver, amount);
    }

    /**
     * @notice Swap tokens via the router
     * @param encodedData ABI-encoded swap request
     * @param signature Signature from a valid signer
     */
    function swap(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused {
        (
            address toAddress,
            address fromAddress,
            address token,
            uint256 amount,
            uint256 sourceChainId,
            uint256 destinationChainId,
            uint256 expiry,
            ,
            string memory identifier,
            uint16 originNetId,
            uint16 destinationNetId
        ) = abi.decode(
                encodedData,
                (
                    address,
                    address,
                    address,
                    uint256,
                    uint256,
                    uint256,
                    uint256,
                    uint256,
                    string,
                    uint16,
                    uint16
                )
            );

        if (amount == 0) revert InvalidAmount();
        if (fromAddress == address(0) || toAddress == address(0))
            revert ZeroAddress();
        if (fromAddress != msg.sender) revert InvalidSigner();

        _verifyBurnSignature(
            encodedData,
            signature,
            expiry,
            sourceChainId,
            identifier
        );

        // Get token address for origin subnet
        (, address subnetToken, , , bool status) = bridge.subnetDetails(
            originNetId
        );
        if (subnetToken == address(0)) revert InvalidSubnet();
        if (subnetToken != token) revert InvalidToken();
        if (!status) revert DisabledSubnet();

        bridge.burnByRouter(originNetId, amount, fromAddress);

        emit Swap(
            originNetId,
            destinationNetId,
            fromAddress,
            toAddress,
            token,
            amount,
            sourceChainId,
            destinationChainId,
            identifier
        );
    }

    /**
     * @notice Lock tokens via CCIP and send a CCIP message to mint a token on destination chain.
     * @dev The identifier is embedded into the CCIP message data and can be read on the destination chain.
     * @param encodedData ABI-encoded ccip bridge request
     * @param signature Signature from a valid signer
     */
    function ccipBridge(
        bytes calldata encodedData,
        bytes calldata signature
    ) external payable nonReentrant whenNotPaused {
        CCIPBridgeParams memory params;
        {
            bytes memory receiver;
            bytes memory extraArgs;
            address token;
            uint256 amount;
            uint256 fees;
            uint256 expiry;
            uint256 chainId;
            string memory identifier;
            uint16 originNetId;
            uint64 destinationChainSelector;
            bool sendMetadata;

            (
                receiver,
                extraArgs,
                token,
                amount,
                fees,
                expiry,
                chainId,
                identifier,
                originNetId,
                destinationChainSelector,
                sendMetadata
            ) = abi.decode(
                    encodedData,
                    (
                        bytes,
                        bytes,
                        address,
                        uint256,
                        uint256,
                        uint256,
                        uint256,
                        string,
                        uint16,
                        uint64,
                        bool
                    )
                );

            params = CCIPBridgeParams({
                receiver: receiver,
                extraArgs: extraArgs,
                token: token,
                amount: amount,
                fees: fees,
                expiry: expiry,
                chainId: chainId,
                identifier: identifier,
                originNetId: originNetId,
                destinationChainSelector: destinationChainSelector,
                sendMetadata: sendMetadata
            });
        }

        _verifyBurnSignature(
            encodedData,
            signature,
            params.expiry,
            params.chainId,
            params.identifier
        );

        _processCCIPBridge(params);
    }

    function _processCCIPBridge(CCIPBridgeParams memory params) internal {
        IERC20(params.token).safeTransferFrom(
            msg.sender,
            address(this),
            (params.amount + params.fees)
        );

        // Construct CCIP Message
        Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
            params.receiver,
            params.extraArgs,
            params.token,
            params.amount,
            params.originNetId,
            uint16(params.destinationChainSelector),
            params.sendMetadata,
            params.identifier
        );

        uint256 ccipFees = ccipRouter.getFee(
            params.destinationChainSelector,
            evm2AnyMessage
        );

        IERC20(params.token).forceApprove(address(ccipRouter), params.amount);

        if (address(ccipRouter) == address(0)) revert ZeroAddress();
        if (msg.value < ccipFees) revert InsufficientFee();
        bytes32 messageId = ccipRouter.ccipSend{value: ccipFees}(
            params.destinationChainSelector,
            evm2AnyMessage
        );

        // Refund excess ETH
        if (msg.value > ccipFees) {
            (bool success, ) = msg.sender.call{value: msg.value - ccipFees}("");
            if (!success) revert RefundFailed();
        }

        emit CCIPSent(
            params.identifier,
            messageId,
            params.destinationChainSelector,
            params.receiver,
            params.amount,
            ccipFees,
            params.originNetId
        );
    }

    /**
     * @notice Handle incoming CCIP message
     * @param message The CCIP message
     */
    function _ccipReceive(
        Client.Any2EVMMessage memory message
    ) internal virtual override {
        (
            uint256 amount,
            bytes memory receiverAddress,
            uint16 originNetId,
            uint16 destinationNetId,
            string memory identifier
        ) = abi.decode(message.data, (uint256, bytes, uint16, uint16, string));

        emit CCIPReceived(
            message.messageId,
            message.sourceChainSelector,
            message.sender,
            receiverAddress,
            amount,
            originNetId,
            destinationNetId,
            identifier
        );
    }

    /**
     * @notice Get CCIP fee
     * @param receiver Receiver address
     * @param extraArgs Extra arguments
     * @param token Token address
     * @param amount Amount of the token
     * @param originNetId Origin network ID
     * @param destinationNetId Destination network ID
     * @param destinationChainSelector Destination chain selector
     * @param sendMetadata Send metadata
     * @param identifier Unique identifier
     */
    function getCCIPFee(
        bytes memory receiver,
        bytes memory extraArgs,
        address token,
        uint256 amount,
        uint16 originNetId,
        uint16 destinationNetId,
        uint64 destinationChainSelector,
        bool sendMetadata,
        string calldata identifier
    ) external view returns (uint256 fees) {
        Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
            receiver,
            extraArgs,
            token,
            amount,
            originNetId,
            destinationNetId,
            sendMetadata,
            identifier
        );

        fees = ccipRouter.getFee(destinationChainSelector, evm2AnyMessage);
    }

    /**
     * @notice Stake tokens
     * @param encodedData ABI-encoded stake request
     * @param signature Signature of the encoded data
     * @return shares The number of shares minted
     */
    function stake(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused returns (uint256 shares) {
        (
            address asset,
            uint256 assets,
            uint256 fees,
            uint256 expiry,
            uint256 chainId,
            string memory identifier
        ) = abi.decode(
                encodedData,
                (address, uint256, uint256, uint256, uint256, string)
            );

        _verifyMintSignature(
            encodedData,
            signature,
            expiry,
            chainId,
            identifier
        );
        if (asset == address(0)) revert ZeroAddress();
        if (assets == 0) revert ZeroAmount();

        ILSDVaultFactory.VaultDetails memory details = lsdVaultFactory
            .getVaultDetails(asset);
        if (details.vault == address(0)) revert VaultMissing();
        if (!details.isActive) revert VaultInactive();

        IERC20(asset).safeTransferFrom(msg.sender, address(this), assets);

        uint256 finalAssets = assets;
        if (fees > 0) {
            IERC20(asset).safeTransfer(treasury, fees);
            finalAssets = assets - fees;
        }

        IERC20(asset).approve(details.vault, finalAssets);

        shares = ILSDVault(details.vault).deposit(finalAssets, msg.sender);

        emit Staked(
            msg.sender,
            asset,
            details.vault,
            assets,
            shares,
            fees,
            identifier
        );
    }

    /**
     * @notice Unstake tokens
     * @param encodedData ABI-encoded unstake request
     * @param signature Signature of the encoded data
     * @return finalAssets The number of assets returned after unstaking
     */
    function unstake(
        bytes calldata encodedData,
        bytes calldata signature
    ) external nonReentrant whenNotPaused returns (uint256 finalAssets) {
        (
            address asset,
            uint256 shares,
            uint256 fees,
            uint256 expiry,
            uint256 chainId,
            string memory identifier
        ) = abi.decode(
                encodedData,
                (address, uint256, uint256, uint256, uint256, string)
            );

        _verifyMintSignature(
            encodedData,
            signature,
            expiry,
            chainId,
            identifier
        );
        if (asset == address(0)) revert ZeroAddress();
        if (shares == 0) revert ZeroAmount();

        ILSDVaultFactory.VaultDetails memory details = lsdVaultFactory
            .getVaultDetails(asset);
        if (details.vault == address(0)) revert VaultMissing();
        if (!details.isActive) revert VaultInactive();

        IERC20(details.vault).safeTransferFrom(
            msg.sender,
            address(this),
            shares
        );

        uint256 assets = ILSDVault(details.vault).redeem(
            shares,
            address(this),
            address(this)
        );

        if (fees > 0) {
            IERC20(asset).safeTransfer(treasury, fees);
        }
        finalAssets = assets - fees;

        IERC20(asset).safeTransfer(msg.sender, finalAssets);

        emit Unstaked(
            msg.sender,
            asset,
            details.vault,
            assets,
            shares,
            fees,
            identifier
        );
    }

    /**
     * @notice Add reward assets to the vault
     * @param asset Address of the asset to add
     * @param amount Amount of the asset to add
     */
    function addStakeRewards(
        address asset,
        uint256 amount
    ) external onlyRole(ADMIN_ROLE) nonReentrant whenNotPaused {
        if (amount == 0) revert ZeroAmount();
        ILSDVaultFactory.VaultDetails memory details = lsdVaultFactory
            .getVaultDetails(asset);
        if (details.vault == address(0)) revert VaultMissing();
        if (!details.isActive) revert VaultInactive();
        if (IERC20(details.vault).totalSupply() == 0) revert VaultEmpty();
        IERC20(asset).safeTransferFrom(msg.sender, details.vault, amount);

        ILSDVault(details.vault).addRewardAssets(amount);
        emit RewardAssetsAdded(amount);
    }

    /**
     * @notice Update the LSDVaultFactory address
     * @param newFactory Address of the new LSDVaultFactory
     */
    function updateLSDFactoryAddress(
        ILSDVaultFactory newFactory
    ) external onlyRole(ADMIN_ROLE) {
        if (address(newFactory) == address(0)) revert ZeroAddress();
        if (newFactory == lsdVaultFactory) revert SameAddress();
        lsdVaultFactory = newFactory;
    }

    /**
     * @notice Update the Bridge contract address
     * @param newBridge Address of the new Bridge contract
     */
    function updateBridge(IBridge newBridge) external onlyRole(ADMIN_ROLE) {
        if (address(newBridge) == address(0)) revert ZeroAddress();
        if (newBridge == bridge) revert SameAddress();
        address oldBridge = address(bridge);
        bridge = newBridge;
        emit BridgeUpdated(oldBridge, address(newBridge));
    }

    /**
     * @notice Set the CCIP Router address.
     * @dev Emits a {CCIPRouterUpdated} event on success.
     * @param newCCIPRouter Address of the new CCIP Router
     */
    function setCCIPRouter(
        IRouterClient newCCIPRouter
    ) external onlyRole(ADMIN_ROLE) {
        if (address(newCCIPRouter) == address(0)) revert ZeroAddress();
        if (newCCIPRouter == ccipRouter) revert SameAddress();
        address oldRouter = address(ccipRouter);
        ccipRouter = newCCIPRouter;
        emit CCIPRouterUpdated(oldRouter, address(newCCIPRouter));
    }

    /**
     * @notice Withdraw tokens from the contract
     * @param token Address of the token to withdraw
     */
    function withdrawTokens(address token) external onlyRole(ADMIN_ROLE) {
        uint256 balance = IERC20(token).balanceOf(address(this));
        IERC20(token).safeTransfer(treasury, balance);

        emit TokensWithdrawn(token, treasury);
    }

    /**
     * @notice Update the treasury address
     * @param newTreasury Address of the new treasury
     */
    function updateTreasury(address newTreasury) external onlyRole(ADMIN_ROLE) {
        if (newTreasury == address(0)) revert ZeroAddress();
        if (newTreasury == treasury) revert SameAddress();

        address oldTreasury = treasury;
        treasury = newTreasury;

        emit TreasuryUpdated(oldTreasury, newTreasury);
    }

    /**
     * @notice Pause contract operations
     */
    function pause() external onlyRole(ADMIN_ROLE) {
        _pause();
        emit ContractPaused(msg.sender);
    }

    /**
     * @notice Unpause contract operations
     */
    function unpause() external onlyRole(ADMIN_ROLE) {
        _unpause();
        emit ContractUnpaused(msg.sender);
    }

    /**
     * @notice Check if an identifier is already used
     * @param identifier The identifier to check
     * @return isMintIdentifierUsedStatus if the identifier is already used, false otherwise
     */
    function mintIdentifierStatus(
        string memory identifier
    ) public view returns (bool isMintIdentifierUsedStatus) {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("ROUTER_IDENTIFIER", block.chainid, identifier)
        );
        return isMintIdentifierUsed[identifierHash];
    }

    /**
     * @notice Check if an identifier is already used
     * @param identifier The identifier to check
     * @return isBurnIdentifierUsedStatus if the identifier is already used, false otherwise
     */
    function burnIdentifierStatus(
        string memory identifier
    ) public view returns (bool) {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("ROUTER_IDENTIFIER", block.chainid, identifier)
        );
        return isBurnIdentifierUsed[identifierHash];
    }

    /**
     * @notice Check if interface is supported
     */
    function supportsInterface(
        bytes4 interfaceId
    )
        public
        pure
        virtual
        override(AccessControlUpgradeable, CCIPReceiver)
        returns (bool)
    {
        return
            interfaceId == type(IVoidAIRouter).interfaceId ||
            interfaceId == type(IERC165).interfaceId ||
            super.supportsInterface(interfaceId);
    }

    /**
     * @notice Internal function to build CCIP message
     * @param _receiver Receiver address
     * @param _extraArgs Extra arguments
     * @param _token Token address
     * @param _amount Amount of the token
     * @param _originNetId Origin network ID
     * @param _destinationNetId Destination network ID
     * @param _sendMetadata Send metadata
     * @return message CCIP message
     */
    function _buildCCIPMessage(
        bytes memory _receiver,
        bytes memory _extraArgs,
        address _token,
        uint256 _amount,
        uint16 _originNetId,
        uint16 _destinationNetId,
        bool _sendMetadata,
        string memory _identifier
    ) internal pure returns (Client.EVM2AnyMessage memory) {
        Client.EVMTokenAmount[]
            memory tokenAmounts = new Client.EVMTokenAmount[](1);
        tokenAmounts[0] = Client.EVMTokenAmount({
            token: _token,
            amount: _amount
        });

        bytes memory data = "";
        if (_sendMetadata) {
            data = abi.encode(
                _amount,
                _receiver,
                _originNetId,
                _destinationNetId,
                _identifier
            );
        }

        return
            Client.EVM2AnyMessage({
                receiver: _receiver,
                data: data,
                tokenAmounts: tokenAmounts,
                extraArgs: _extraArgs,
                feeToken: address(0)
            });
    }

    /**
     * @notice Verify the signature of a mint request
     * @param encodedData ABI-encoded mint request
     * @param signature Signature from a valid signer
     * @param expiry Expiry of the signature
     * @param chainId Chain ID of the signature
     * @param identifier Identifier of the signature
     */
    function _verifyMintSignature(
        bytes memory encodedData,
        bytes memory signature,
        uint256 expiry,
        uint256 chainId,
        string memory identifier
    ) internal {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("ROUTER_IDENTIFIER", block.chainid, identifier)
        );

        if (isMintIdentifierUsed[identifierHash])
            revert MintIdentifierAlreadyUsed();
        if (bridge.identifierStatus(identifier)) revert IdentifierAlreadyUsed();
        if (block.timestamp > expiry) revert SignatureExpired();
        if (block.chainid != chainId) revert InvalidChain();

        bytes32 hash = keccak256(encodedData);
        address signer = hash.toEthSignedMessageHash().recover(signature);
        if (!hasRole(SIGNER_ROLE, signer)) revert InvalidSigner();

        isMintIdentifierUsed[identifierHash] = true;
    }

    /**
     * @notice Verify the signature of a burn request
     * @param encodedData ABI-encoded burn request
     * @param signature Signature from a valid signer
     * @param expiry Expiry of the signature
     * @param chainId Chain ID of the signature
     * @param identifier Identifier of the signature
     */
    function _verifyBurnSignature(
        bytes memory encodedData,
        bytes memory signature,
        uint256 expiry,
        uint256 chainId,
        string memory identifier
    ) internal {
        bytes32 identifierHash = keccak256(
            abi.encodePacked("ROUTER_IDENTIFIER", block.chainid, identifier)
        );

        if (isBurnIdentifierUsed[identifierHash])
            revert BurnIdentifierAlreadyUsed();
        if (bridge.identifierStatus(identifier)) revert IdentifierAlreadyUsed();
        if (block.timestamp > expiry) revert SignatureExpired();
        if (block.chainid != chainId) revert InvalidChain();

        bytes32 hash = keccak256(encodedData);
        address signer = hash.toEthSignedMessageHash().recover(signature);
        if (!hasRole(SIGNER_ROLE, signer)) revert InvalidSigner();

        isBurnIdentifierUsed[identifierHash] = true;
    }

    /**
     * @notice Authorize upgrade
     * @param newImplementation Address of the new implementation
     */
    function _authorizeUpgrade(
        address newImplementation
    ) internal override onlyRole(ADMIN_ROLE) {}
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";

/**
 * @title VoidProxy
 * @dev Re-export OpenZeppelin's ERC1967Proxy for deployment
 */
contract VoidProxy is ERC1967Proxy {
    /**
     * @notice Constructor for VoidProxy
     * @param implementation Address of the implementation contract
     * @param _data Initializer data
     */
    constructor(
        address implementation,
        bytes memory _data
    ) ERC1967Proxy(implementation, _data) {}
}