Contract Source Code (Solidity Standard Json-Input format)

IDE

• Blockscan IDE
• 🤖 Code ReaderBeta

More Options

• Similar
• Submit Audit
• Compare

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {Ownable2StepUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
import {Actions} from "../libs/Actions.sol";
import {INotaryConsortium} from "./INotaryConsortium.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

/// @title The contract utilizes consortium governance functions using multisignature verification
/// @author Lombard.Finance
/// @notice The contracts are a part of the Lombard.Finance protocol
contract Consortium is Ownable2StepUpgradeable, INotaryConsortium {
    struct ValidatorSet {
        /// @notice addresses of the signers
        address[] validators;
        /// @notice weight of each signer
        uint256[] weights;
        /// @notice current threshold for signatures weight to be accepted
        uint256 weightThreshold;
    }
    /// @custom:storage-location erc7201:lombardfinance.storage.Consortium
    struct ConsortiumStorage {
        /// @notice Current epoch
        uint256 epoch;
        /// @notice Store the Validator set for each epoch
        mapping(uint256 => ValidatorSet) validatorSet;
    }

    // keccak256(abi.encode(uint256(keccak256("lombardfinance.storage.Consortium")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant CONSORTIUM_STORAGE_LOCATION =
        0xbac09a3ab0e06910f94a49c10c16eb53146536ec1a9e948951735cde3a58b500;

    /// @dev https://docs.openzeppelin.com/upgrades-plugins/1.x/writing-upgradeable#initializing_the_implementation_contract
    /// @custom:oz-upgrades-unsafe-allow constructor
    constructor() {
        _disableInitializers();
    }

    /// @notice Initializes the consortium contract
    /// @param _owner - The address of the initial owner
    function initialize(address _owner) external initializer {
        __Ownable_init(_owner);
        __Ownable2Step_init();
        __Consortium_init();
    }

    /// ONLY OWNER FUNCTIONS ///

    /// @notice Sets the initial validator set from any epoch
    /// @param _initialValSet - The initial list of validators
    function setInitialValidatorSet(
        bytes calldata _initialValSet
    ) external onlyOwner {
        // Payload validation
        if (bytes4(_initialValSet) != Actions.NEW_VALSET)
            revert UnexpectedAction(bytes4(_initialValSet));

        ConsortiumStorage storage $ = _getConsortiumStorage();

        Actions.ValSetAction memory action = Actions.validateValSet(
            _initialValSet[4:]
        );

        if ($.epoch != 0) {
            revert ValSetAlreadySet();
        }

        _setValidatorSet(
            $,
            action.validators,
            action.weights,
            action.weightThreshold,
            action.epoch
        );
    }

    /// USER ACTIONS ///

    /// @notice Validates the provided signature against the given hash
    /// @param _payloadHash the hash of the data to be signed
    /// @param _proof nonce, expiry and signatures to validate
    function checkProof(
        bytes32 _payloadHash,
        bytes calldata _proof
    ) public view override {
        _checkProof(_payloadHash, _proof);
    }

    function setNextValidatorSet(
        bytes calldata payload,
        bytes calldata proof
    ) external {
        // payload validation
        if (bytes4(payload) != Actions.NEW_VALSET) {
            revert UnexpectedAction(bytes4(payload));
        }
        Actions.ValSetAction memory action = Actions.validateValSet(
            payload[4:]
        );

        ConsortiumStorage storage $ = _getConsortiumStorage();

        // check proof
        bytes32 payloadHash = sha256(payload);
        checkProof(payloadHash, proof);

        if (action.epoch != $.epoch + 1) revert InvalidEpoch();

        _setValidatorSet(
            $,
            action.validators,
            action.weights,
            action.weightThreshold,
            action.epoch
        );
    }

    /// GETTERS ///

    /// @notice Returns the validator for a given epoch
    /// @param epoch the epoch to get the threshold for
    function getValidatorSet(
        uint256 epoch
    ) external view returns (ValidatorSet memory) {
        return _getConsortiumStorage().validatorSet[epoch];
    }

    /// @notice Returns the current epoch
    function curEpoch() external view returns (uint256) {
        return _getConsortiumStorage().epoch;
    }

    /// PRIVATE FUNCTIONS ///

    /// @notice Internal initializer for the consortium
    function __Consortium_init() internal onlyInitializing {}

    function _setValidatorSet(
        ConsortiumStorage storage $,
        address[] memory _validators,
        uint256[] memory _weights,
        uint256 _threshold,
        uint256 _epoch
    ) internal {
        // do not allow to rewrite existing valset
        if ($.validatorSet[_epoch].weightThreshold != 0) {
            revert InvalidEpoch();
        }

        $.epoch = _epoch;
        $.validatorSet[_epoch] = ValidatorSet({
            validators: _validators,
            weights: _weights,
            weightThreshold: _threshold
        });
        emit ValidatorSetUpdated(_epoch, _validators, _weights, _threshold);
    }

    /// @dev Checks that `_proof` is correct
    /// @param _payloadHash data to be signed
    /// @param _proof encoding of signatures array
    /// @dev Negative weight means that the validator did not sign, any positive weight means that the validator signed
    function _checkProof(
        bytes32 _payloadHash,
        bytes calldata _proof
    ) internal view virtual {
        ConsortiumStorage storage $ = _getConsortiumStorage();
        if ($.epoch == 0) {
            revert NoValidatorSet();
        }
        // decode proof
        bytes[] memory signatures = abi.decode(_proof, (bytes[]));

        address[] storage validators = $.validatorSet[$.epoch].validators;
        uint256 length = validators.length;
        if (signatures.length != length) {
            revert LengthMismatch();
        }

        uint256 weight = 0;
        uint256[] storage weights = $.validatorSet[$.epoch].weights;
        for (uint256 i; i < length; ++i) {
            // each signature preset R || S values
            // V is missed, because validators use Cosmos SDK keyring which is not signing in eth style
            // We only check signatures which are the expected 64 bytes long - we are expecting
            // a signatures array with the same amount of items as there are validators, but not all
            // validators will need to sign for a proof to be valid, so validators who have not signed
            // will have their corresponding signature set to 0 bytes.
            // In case of a malformed signature (i.e. length isn't 0 bytes but also isn't 64 bytes)
            // this signature will be discarded.
            if (signatures[i].length == 64) {
                // split signature by R and S values
                bytes memory sig = signatures[i];
                bytes32 r;
                bytes32 s;

                // load the first 32 bytes (r) and the second 32 bytes (s) from the sig
                assembly {
                    r := mload(add(sig, 0x20)) // first 32 bytes (offset 0x20)
                    s := mload(add(sig, 0x40)) // next 32 bytes (offset 0x40)
                }

                if (r != bytes32(0) && s != bytes32(0)) {
                    // try recover with V = 27
                    (address signer, ECDSA.RecoverError err, ) = ECDSA
                        .tryRecover(_payloadHash, 27, r, s);

                    // ignore if bad signature
                    if (err != ECDSA.RecoverError.NoError) {
                        continue;
                    }

                    // if signer doesn't match try V = 28
                    if (signer != validators[i]) {
                        (signer, err, ) = ECDSA.tryRecover(
                            _payloadHash,
                            28,
                            r,
                            s
                        );
                        if (err != ECDSA.RecoverError.NoError) {
                            continue;
                        }

                        if (signer != validators[i]) {
                            continue;
                        }
                    }
                    // signature accepted

                    unchecked {
                        weight += weights[i];
                    }
                }
            }
        }
        if (weight < $.validatorSet[$.epoch].weightThreshold) {
            revert NotEnoughSignatures();
        }
    }

    /// @notice Retrieve the ConsortiumStorage struct from the specific storage slot
    function _getConsortiumStorage()
        private
        pure
        returns (ConsortiumStorage storage $)
    {
        assembly {
            $.slot := CONSORTIUM_STORAGE_LOCATION
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable2Step.sol)

pragma solidity ^0.8.20;

import {OwnableUpgradeable} from "./OwnableUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is specified at deployment time in the constructor for `Ownable`. This
 * can later be changed with {transferOwnership} and {acceptOwnership}.
 *
 * This module is used through inheritance. It will make available all functions
 * from parent (Ownable).
 */
abstract contract Ownable2StepUpgradeable is Initializable, OwnableUpgradeable {
    /// @custom:storage-location erc7201:openzeppelin.storage.Ownable2Step
    struct Ownable2StepStorage {
        address _pendingOwner;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable2Step")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant Ownable2StepStorageLocation = 0x237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c00;

    function _getOwnable2StepStorage() private pure returns (Ownable2StepStorage storage $) {
        assembly {
            $.slot := Ownable2StepStorageLocation
        }
    }

    event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);

    function __Ownable2Step_init() internal onlyInitializing {
    }

    function __Ownable2Step_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev Returns the address of the pending owner.
     */
    function pendingOwner() public view virtual returns (address) {
        Ownable2StepStorage storage $ = _getOwnable2StepStorage();
        return $._pendingOwner;
    }

    /**
     * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual override onlyOwner {
        Ownable2StepStorage storage $ = _getOwnable2StepStorage();
        $._pendingOwner = newOwner;
        emit OwnershipTransferStarted(owner(), newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual override {
        Ownable2StepStorage storage $ = _getOwnable2StepStorage();
        delete $._pendingOwner;
        super._transferOwnership(newOwner);
    }

    /**
     * @dev The new owner accepts the ownership transfer.
     */
    function acceptOwnership() public virtual {
        address sender = _msgSender();
        if (pendingOwner() != sender) {
            revert OwnableUnauthorizedAccount(sender);
        }
        _transferOwnership(sender);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
    /// @custom:storage-location erc7201:openzeppelin.storage.Ownable
    struct OwnableStorage {
        address _owner;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;

    function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
        assembly {
            $.slot := OwnableStorageLocation
        }
    }

    /**
     * @dev The caller account is not authorized to perform an operation.
     */
    error OwnableUnauthorizedAccount(address account);

    /**
     * @dev The owner is not a valid owner account. (eg. `address(0)`)
     */
    error OwnableInvalidOwner(address owner);

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
     */
    function __Ownable_init(address initialOwner) internal onlyInitializing {
        __Ownable_init_unchained(initialOwner);
    }

    function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
        if (initialOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(initialOwner);
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        OwnableStorage storage $ = _getOwnableStorage();
        return $._owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        if (owner() != _msgSender()) {
            revert OwnableUnauthorizedAccount(_msgSender());
        }
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        if (newOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        OwnableStorage storage $ = _getOwnableStorage();
        address oldOwner = $._owner;
        $._owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.20;

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```solidity
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 *
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
    /**
     * @dev Storage of the initializable contract.
     *
     * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
     * when using with upgradeable contracts.
     *
     * @custom:storage-location erc7201:openzeppelin.storage.Initializable
     */
    struct InitializableStorage {
        /**
         * @dev Indicates that the contract has been initialized.
         */
        uint64 _initialized;
        /**
         * @dev Indicates that the contract is in the process of being initialized.
         */
        bool _initializing;
    }

    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
    bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;

    /**
     * @dev The contract is already initialized.
     */
    error InvalidInitialization();

    /**
     * @dev The contract is not initializing.
     */
    error NotInitializing();

    /**
     * @dev Triggered when the contract has been initialized or reinitialized.
     */
    event Initialized(uint64 version);

    /**
     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
     * `onlyInitializing` functions can be used to initialize parent contracts.
     *
     * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
     * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
     * production.
     *
     * Emits an {Initialized} event.
     */
    modifier initializer() {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        // Cache values to avoid duplicated sloads
        bool isTopLevelCall = !$._initializing;
        uint64 initialized = $._initialized;

        // Allowed calls:
        // - initialSetup: the contract is not in the initializing state and no previous version was
        //                 initialized
        // - construction: the contract is initialized at version 1 (no reininitialization) and the
        //                 current contract is just being deployed
        bool initialSetup = initialized == 0 && isTopLevelCall;
        bool construction = initialized == 1 && address(this).code.length == 0;

        if (!initialSetup && !construction) {
            revert InvalidInitialization();
        }
        $._initialized = 1;
        if (isTopLevelCall) {
            $._initializing = true;
        }
        _;
        if (isTopLevelCall) {
            $._initializing = false;
            emit Initialized(1);
        }
    }

    /**
     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
     * used to initialize parent contracts.
     *
     * A reinitializer may be used after the original initialization step. This is essential to configure modules that
     * are added through upgrades and that require initialization.
     *
     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
     * cannot be nested. If one is invoked in the context of another, execution will revert.
     *
     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
     * a contract, executing them in the right order is up to the developer or operator.
     *
     * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
     *
     * Emits an {Initialized} event.
     */
    modifier reinitializer(uint64 version) {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing || $._initialized >= version) {
            revert InvalidInitialization();
        }
        $._initialized = version;
        $._initializing = true;
        _;
        $._initializing = false;
        emit Initialized(version);
    }

    /**
     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
     * {initializer} and {reinitializer} modifiers, directly or indirectly.
     */
    modifier onlyInitializing() {
        _checkInitializing();
        _;
    }

    /**
     * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
     */
    function _checkInitializing() internal view virtual {
        if (!_isInitializing()) {
            revert NotInitializing();
        }
    }

    /**
     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
     * through proxies.
     *
     * Emits an {Initialized} event the first time it is successfully executed.
     */
    function _disableInitializers() internal virtual {
        // solhint-disable-next-line var-name-mixedcase
        InitializableStorage storage $ = _getInitializableStorage();

        if ($._initializing) {
            revert InvalidInitialization();
        }
        if ($._initialized != type(uint64).max) {
            $._initialized = type(uint64).max;
            emit Initialized(type(uint64).max);
        }
    }

    /**
     * @dev Returns the highest version that has been initialized. See {reinitializer}.
     */
    function _getInitializedVersion() internal view returns (uint64) {
        return _getInitializableStorage()._initialized;
    }

    /**
     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
     */
    function _isInitializing() internal view returns (bool) {
        return _getInitializableStorage()._initializing;
    }

    /**
     * @dev Returns a pointer to the storage namespace.
     */
    // solhint-disable-next-line var-name-mixedcase
    function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
        assembly {
            $.slot := INITIALIZABLE_STORAGE
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.20;

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS
    }

    /**
     * @dev The signature derives the `address(0)`.
     */
    error ECDSAInvalidSignature();

    /**
     * @dev The signature has an invalid length.
     */
    error ECDSAInvalidSignatureLength(uint256 length);

    /**
     * @dev The signature has an S value that is in the upper half order.
     */
    error ECDSAInvalidSignatureS(bytes32 s);

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
     * return address(0) without also returning an error description. Errors are documented using an enum (error type)
     * and a bytes32 providing additional information about the error.
     *
     * If no error is returned, then the address can be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError, bytes32) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     */
    function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError, bytes32) {
        unchecked {
            bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
            // We do not check for an overflow here since the shift operation results in 0 or 1.
            uint8 v = uint8((uint256(vs) >> 255) + 27);
            return tryRecover(hash, v, r, s);
        }
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function tryRecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address, RecoverError, bytes32) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS, s);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature, bytes32(0));
        }

        return (signer, RecoverError.NoError, bytes32(0));
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
     */
    function _throwError(RecoverError error, bytes32 errorArg) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert ECDSAInvalidSignature();
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert ECDSAInvalidSignatureLength(uint256(errorArg));
        } else if (error == RecoverError.InvalidSignatureS) {
            revert ECDSAInvalidSignatureS(errorArg);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MessageHashUtils.sol)

pragma solidity ^0.8.20;

import {Strings} from "../Strings.sol";

/**
 * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
 *
 * The library provides methods for generating a hash of a message that conforms to the
 * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
 * specifications.
 */
library MessageHashUtils {
    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x45` (`personal_sign` messages).
     *
     * The digest is calculated by prefixing a bytes32 `messageHash` with
     * `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the
     * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
     *
     * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
     * keccak256, although any bytes32 value can be safely used because the final digest will
     * be re-hashed.
     *
     * See {ECDSA-recover}.
     */
    function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash
            mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
            digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
        }
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x45` (`personal_sign` messages).
     *
     * The digest is calculated by prefixing an arbitrary `message` with
     * `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the
     * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
     *
     * See {ECDSA-recover}.
     */
    function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
        return
            keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message));
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x00` (data with intended validator).
     *
     * The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended
     * `validator` address. Then hashing the result.
     *
     * See {ECDSA-recover}.
     */
    function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked(hex"19_00", validator, data));
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
     *
     * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
     * `\x19\x01` and hashing the result. It corresponds to the hash signed by the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
     *
     * See {ECDSA-recover}.
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
        /// @solidity memory-safe-assembly
        assembly {
            let ptr := mload(0x40)
            mstore(ptr, hex"19_01")
            mstore(add(ptr, 0x02), domainSeparator)
            mstore(add(ptr, 0x22), structHash)
            digest := keccak256(ptr, 0x42)
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    /**
     * @dev Muldiv operation overflow.
     */
    error MathOverflowedMulDiv();

    enum Rounding {
        Floor, // Toward negative infinity
        Ceil, // Toward positive infinity
        Trunc, // Toward zero
        Expand // Away from zero
    }

    /**
     * @dev Returns the addition of two unsigned integers, with an overflow flag.
     */
    function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            uint256 c = a + b;
            if (c < a) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
     */
    function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b > a) return (false, 0);
            return (true, a - b);
        }
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
     */
    function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
            // benefit is lost if 'b' is also tested.
            // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
            if (a == 0) return (true, 0);
            uint256 c = a * b;
            if (c / a != b) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the division of two unsigned integers, with a division by zero flag.
     */
    function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a / b);
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
     */
    function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a % b);
        }
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds towards infinity instead
     * of rounding towards zero.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        if (b == 0) {
            // Guarantee the same behavior as in a regular Solidity division.
            return a / b;
        }

        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
     * denominator == 0.
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
     * Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0 = x * y; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            if (denominator <= prod1) {
                revert MathOverflowedMulDiv();
            }

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
            // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.

            uint256 twos = denominator & (0 - denominator);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
            // works in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
     * towards zero.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
        }
    }

    /**
     * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
     */
    function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
        return uint8(rounding) % 2 == 1;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard signed math utilities missing in the Solidity language.
 */
library SignedMath {
    /**
     * @dev Returns the largest of two signed numbers.
     */
    function max(int256 a, int256 b) internal pure returns (int256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two signed numbers.
     */
    function min(int256 a, int256 b) internal pure returns (int256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two signed numbers without overflow.
     * The result is rounded towards zero.
     */
    function average(int256 a, int256 b) internal pure returns (int256) {
        // Formula from the book "Hacker's Delight"
        int256 x = (a & b) + ((a ^ b) >> 1);
        return x + (int256(uint256(x) >> 255) & (a ^ b));
    }

    /**
     * @dev Returns the absolute unsigned value of a signed value.
     */
    function abs(int256 n) internal pure returns (uint256) {
        unchecked {
            // must be unchecked in order to support `n = type(int256).min`
            return uint256(n >= 0 ? n : -n);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)

pragma solidity ^0.8.20;

import {Math} from "./math/Math.sol";
import {SignedMath} from "./math/SignedMath.sol";

/**
 * @dev String operations.
 */
library Strings {
    bytes16 private constant HEX_DIGITS = "0123456789abcdef";
    uint8 private constant ADDRESS_LENGTH = 20;

    /**
     * @dev The `value` string doesn't fit in the specified `length`.
     */
    error StringsInsufficientHexLength(uint256 value, uint256 length);

    /**
     * @dev Converts a `uint256` to its ASCII `string` decimal representation.
     */
    function toString(uint256 value) internal pure returns (string memory) {
        unchecked {
            uint256 length = Math.log10(value) + 1;
            string memory buffer = new string(length);
            uint256 ptr;
            /// @solidity memory-safe-assembly
            assembly {
                ptr := add(buffer, add(32, length))
            }
            while (true) {
                ptr--;
                /// @solidity memory-safe-assembly
                assembly {
                    mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
                }
                value /= 10;
                if (value == 0) break;
            }
            return buffer;
        }
    }

    /**
     * @dev Converts a `int256` to its ASCII `string` decimal representation.
     */
    function toStringSigned(int256 value) internal pure returns (string memory) {
        return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
     */
    function toHexString(uint256 value) internal pure returns (string memory) {
        unchecked {
            return toHexString(value, Math.log256(value) + 1);
        }
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
     */
    function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
        uint256 localValue = value;
        bytes memory buffer = new bytes(2 * length + 2);
        buffer[0] = "0";
        buffer[1] = "x";
        for (uint256 i = 2 * length + 1; i > 1; --i) {
            buffer[i] = HEX_DIGITS[localValue & 0xf];
            localValue >>= 4;
        }
        if (localValue != 0) {
            revert StringsInsufficientHexLength(value, length);
        }
        return string(buffer);
    }

    /**
     * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
     * representation.
     */
    function toHexString(address addr) internal pure returns (string memory) {
        return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
    }

    /**
     * @dev Returns true if the two strings are equal.
     */
    function equal(string memory a, string memory b) internal pure returns (bool) {
        return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
    }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

interface INotaryConsortium {
    /// @dev Error thrown when signature payload is already used
    error PayloadAlreadyUsed();

    /// @dev Error thrown when signatures length is not equal to signers length
    error LengthMismatch();

    /// @dev Error thrown when there are not enough signatures
    error NotEnoughSignatures();

    /// @dev Error thrown when unexpected action is used
    error UnexpectedAction(bytes4 action);

    /// @dev Event emitted when the validator set is updated
    event ValidatorSetUpdated(
        uint256 indexed epoch,
        address[] validators,
        uint256[] weights,
        uint256 threshold
    );

    /// @dev Error thrown when validator set already set
    error ValSetAlreadySet();

    /// @dev Error thrown when no validator set is set
    error NoValidatorSet();

    /// @dev Error thrown when invalid epoch is provided
    error InvalidEpoch();

    function checkProof(
        bytes32 _payloadHash,
        bytes calldata _proof
    ) external view;
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

library Actions {
    struct DepositBtcActionV0 {
        uint256 toChain;
        address recipient;
        uint256 amount;
        bytes32 txid;
        uint32 vout;
    }

    struct DepositBtcActionV1 {
        uint256 toChain;
        address recipient;
        uint256 amount;
        bytes32 txid;
        uint32 vout;
        address tokenAddress;
    }

    struct DepositBridgeAction {
        uint256 fromChain;
        bytes32 fromContract;
        uint256 toChain;
        address toContract;
        address recipient;
        uint64 amount;
        uint256 nonce;
    }

    struct ValSetAction {
        uint256 epoch;
        address[] validators;
        uint256[] weights;
        uint256 weightThreshold;
        uint256 height;
    }

    struct FeeApprovalAction {
        uint256 fee;
        uint256 expiry;
    }

    /// @dev Error thrown when invalid public key is provided
    error InvalidPublicKey(bytes pubKey);

    /// @dev Error thrown when signatures length is not equal to signers length
    error Actions_LengthMismatch();

    /// @dev Error thrown when threshold is invalid
    error InvalidThreshold();

    /// @dev Error thrown when validator set size is invalid
    error InvalidValidatorSetSize();

    /// @dev Error thrown when zero validator is provided
    error ZeroValidator();

    /// @dev Error thrown when wrong chain id is provided
    error WrongChainId();

    /// @dev Error thrown when wrong contract is provided
    error WrongContract();

    /// @dev Error thrown when zero address is provided
    error Actions_ZeroAddress();

    /// @dev Error thrown when zero amount is provided
    error ZeroAmount();

    /// @dev Error thrown when zero weight is provided
    error ZeroWeight();

    /// @dev Error thrown when fee approval is expired
    error UserSignatureExpired(uint256 expiry);

    /// @dev Error thrown when amount is below fee
    error NotEnoughAmountToUseApproval();

    /// @dev Error thrown when zero fee is used
    error ZeroFee();

    /// @dev Error thrown when payload length is too big
    error InvalidPayloadSize(uint256 expected, uint256 actual);

    // bytes4(keccak256("feeApproval(uint256,uint256)"))
    bytes4 internal constant FEE_APPROVAL_ACTION = 0x8175ca94;
    // keccak256("feeApproval(uint256 chainId,uint256 fee,uint256 expiry)")
    bytes32 internal constant FEE_APPROVAL_EIP712_ACTION =
        0x40ac9f6aa27075e64c1ed1ea2e831b20b8c25efdeb6b79fd0cf683c9a9c50725;
    // bytes4(keccak256("payload(bytes32,bytes32,uint64,bytes32,uint32)"))
    bytes4 internal constant DEPOSIT_BTC_ACTION_V0 = 0xf2e73f7c;
    // bytes4(keccak256("payload(bytes32,bytes32,uint64,bytes32,uint32,bytes32)"))
    bytes4 internal constant DEPOSIT_BTC_ACTION_V1 = 0xce25e7c2;
    // bytes4(keccak256("payload(bytes32,bytes32,bytes32,bytes32,bytes32,uint64,uint256)"))
    bytes4 internal constant DEPOSIT_BRIDGE_ACTION = 0x5c70a505;
    // bytes4(keccak256("payload(uint256,bytes[],uint256[],uint256,uint256)"))
    bytes4 internal constant NEW_VALSET = 0x4aab1d6f;

    /// @dev Maximum number of validators allowed in the consortium.
    /// @notice This value is determined by the minimum of CometBFT consensus limitations and gas considerations:
    /// - CometBFT has a hard limit of 10,000 validators (https://docs.cometbft.com/v0.38/spec/core/state)
    /// - Gas-based calculation:
    ///   - Assumes 4281 gas per ECDSA signature verification
    ///   - Uses a conservative 30 million gas block limit
    ///   - Maximum possible signatures: 30,000,000 / 4,281 ≈ 7007
    ///   - Reverse calculated for BFT consensus (2/3 + 1):
    ///     7,007 = (10,509 * 2/3 + 1) rounded down
    /// - The lower value of 10,000 (CometBFT limit) and 10,509 (gas calculation) is chosen
    /// @dev This limit ensures compatibility with CometBFT while also considering gas limitations
    ///      for signature verification within a single block.
    uint256 private constant MAX_VALIDATOR_SET_SIZE = 102;

    /// @dev Minimum number of validators allowed in the system.
    /// @notice While set to 1 to allow for non-distributed scenarios, this configuration
    /// does not provide Byzantine fault tolerance. For a truly distributed and
    /// fault-tolerant system, a minimum of 4 validators would be recommended to tolerate
    /// at least one Byzantine fault.
    uint256 private constant MIN_VALIDATOR_SET_SIZE = 1;

    /// @dev A constant representing the number of bytes for a slot of information in a payload.
    uint256 internal constant ABI_SLOT_SIZE = 32;

    /**
     * @notice Returns decoded deposit btc msg v0
     * @dev Message should not contain the selector
     * @param payload Body of the mint payload
     */
    function depositBtcV0(
        bytes memory payload
    ) internal view returns (DepositBtcActionV0 memory) {
        if (payload.length != ABI_SLOT_SIZE * 5)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 5, payload.length);

        (
            uint256 toChain,
            address recipient,
            uint256 amount,
            bytes32 txid,
            uint32 vout
        ) = abi.decode(payload, (uint256, address, uint256, bytes32, uint32));

        if (toChain != block.chainid) {
            revert WrongChainId();
        }
        if (recipient == address(0)) {
            revert Actions_ZeroAddress();
        }
        if (amount == 0) {
            revert ZeroAmount();
        }

        return DepositBtcActionV0(toChain, recipient, amount, txid, vout);
    }

    /**
     * @notice Returns decoded deposit btc msg v1
     * @dev Message should not contain the selector
     * @param payload Body of the mint payload
     */
    function depositBtcV1(
        bytes memory payload
    ) internal view returns (DepositBtcActionV1 memory) {
        if (payload.length != ABI_SLOT_SIZE * 6)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 6, payload.length);

        (
            uint256 toChain,
            address recipient,
            uint256 amount,
            bytes32 txid,
            uint32 vout,
            address tokenAddress
        ) = abi.decode(
                payload,
                (uint256, address, uint256, bytes32, uint32, address)
            );

        if (toChain != block.chainid) {
            revert WrongChainId();
        }
        if (recipient == address(0)) {
            revert Actions_ZeroAddress();
        }
        if (amount == 0) {
            revert ZeroAmount();
        }

        return
            DepositBtcActionV1(
                toChain,
                recipient,
                amount,
                txid,
                vout,
                tokenAddress
            );
    }

    /**
     * @notice Returns decoded bridge payload
     * @dev Payload should not contain the selector
     * @param payload Body of the burn payload
     */
    function depositBridge(
        bytes memory payload
    ) internal view returns (DepositBridgeAction memory) {
        if (payload.length != ABI_SLOT_SIZE * 7)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 7, payload.length);

        (
            uint256 fromChain,
            bytes32 fromContract,
            uint256 toChain,
            address toContract,
            address recipient,
            uint64 amount,
            uint256 nonce
        ) = abi.decode(
                payload,
                (uint256, bytes32, uint256, address, address, uint64, uint256)
            );

        if (toChain != block.chainid) {
            revert WrongChainId();
        }
        if (recipient == address(0)) {
            revert Actions_ZeroAddress();
        }
        if (amount == 0) {
            revert ZeroAmount();
        }

        return
            DepositBridgeAction(
                fromChain,
                fromContract,
                toChain,
                toContract,
                recipient,
                amount,
                nonce
            );
    }

    /**
     * @notice Returns decoded validator set
     * @dev Payload should not contain the selector
     * @param payload Body of the set validators set payload
     */
    function validateValSet(
        bytes memory payload
    ) internal pure returns (ValSetAction memory) {
        (
            uint256 epoch,
            bytes[] memory pubKeys,
            uint256[] memory weights,
            uint256 weightThreshold,
            uint256 height
        ) = abi.decode(
                payload,
                (uint256, bytes[], uint256[], uint256, uint256)
            );

        // Since dynamic arrays can variably insert more slots of data for things such as data length,
        // offset etc., we will just encode the received variables again and check for a length match.
        bytes memory reEncodedPayload = abi.encode(
            epoch,
            pubKeys,
            weights,
            weightThreshold,
            height
        );
        if (reEncodedPayload.length != payload.length)
            revert InvalidPayloadSize(payload.length, reEncodedPayload.length);

        if (
            pubKeys.length < MIN_VALIDATOR_SET_SIZE ||
            pubKeys.length > MAX_VALIDATOR_SET_SIZE
        ) revert InvalidValidatorSetSize();

        if (pubKeys.length != weights.length) revert Actions_LengthMismatch();

        if (weightThreshold == 0) revert InvalidThreshold();

        uint256 sum = 0;
        for (uint256 i; i < weights.length; ) {
            if (weights[i] == 0) {
                revert ZeroWeight();
            }
            sum += weights[i];
            unchecked {
                ++i;
            }
        }
        if (sum < weightThreshold) revert InvalidThreshold();

        address[] memory validators = pubKeysToAddress(pubKeys);

        return
            ValSetAction(epoch, validators, weights, weightThreshold, height);
    }

    function pubKeysToAddress(
        bytes[] memory _pubKeys
    ) internal pure returns (address[] memory) {
        address[] memory addresses = new address[](_pubKeys.length);
        for (uint256 i; i < _pubKeys.length; ) {
            // each pubkey represented as uncompressed

            if (_pubKeys[i].length == 65) {
                bytes memory data = _pubKeys[i];

                // Ensure that first byte of pubkey is 0x04
                if (_pubKeys[i][0] != 0x04)
                    revert InvalidPublicKey(_pubKeys[i]);

                // create a new array with length - 1 (excluding the first 0x04 byte)
                bytes memory result = new bytes(data.length - 1);

                // use inline assembly for memory manipulation
                assembly {
                    // calculate the start of the `result` and `data` in memory
                    let resultData := add(result, 0x20) // points to the first byte of the result
                    let dataStart := add(data, 0x21) // points to the second byte of data (skip 0x04)

                    // copy 64 bytes from input (excluding the first byte) to result
                    mstore(resultData, mload(dataStart)) // copy the first 32 bytes
                    mstore(add(resultData, 0x20), mload(add(dataStart, 0x20))) // copy the next 32 bytes
                }

                addresses[i] = address(uint160(uint256(keccak256(result))));
            } else {
                revert InvalidPublicKey(_pubKeys[i]);
            }

            unchecked {
                ++i;
            }
        }
        return addresses;
    }

    /**
     * @notice Returns decoded fee approval
     * @dev Payload should not contain the selector
     * @param payload Body of the fee approval payload
     */
    function feeApproval(
        bytes memory payload
    ) internal view returns (FeeApprovalAction memory) {
        if (payload.length != ABI_SLOT_SIZE * 2)
            revert InvalidPayloadSize(ABI_SLOT_SIZE * 2, payload.length);

        (uint256 fee, uint256 expiry) = abi.decode(payload, (uint256, uint256));

        if (block.timestamp > expiry) {
            revert UserSignatureExpired(expiry);
        }
        if (fee == 0) {
            revert ZeroFee();
        }

        return FeeApprovalAction(fee, expiry);
    }
}

{
  "optimizer": {
    "enabled": true,
    "runs": 200
  },
  "evmVersion": "paris",
  "outputSelection": {
    "*": {
      "*": [
        "evm.bytecode",
        "evm.deployedBytecode",
        "devdoc",
        "userdoc",
        "metadata",
        "abi"
      ]
    }
  },
  "metadata": {
    "useLiteralContent": true
  },
  "libraries": {}
}

• No Contract Security Audit Submitted- Submit Audit Here

[{"inputs":[],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"Actions_LengthMismatch","type":"error"},{"inputs":[],"name":"InvalidEpoch","type":"error"},{"inputs":[],"name":"InvalidInitialization","type":"error"},{"inputs":[{"internalType":"uint256","name":"expected","type":"uint256"},{"internalType":"uint256","name":"actual","type":"uint256"}],"name":"InvalidPayloadSize","type":"error"},{"inputs":[{"internalType":"bytes","name":"pubKey","type":"bytes"}],"name":"InvalidPublicKey","type":"error"},{"inputs":[],"name":"InvalidThreshold","type":"error"},{"inputs":[],"name":"InvalidValidatorSetSize","type":"error"},{"inputs":[],"name":"LengthMismatch","type":"error"},{"inputs":[],"name":"NoValidatorSet","type":"error"},{"inputs":[],"name":"NotEnoughSignatures","type":"error"},{"inputs":[],"name":"NotInitializing","type":"error"},{"inputs":[{"internalType":"address","name":"owner","type":"address"}],"name":"OwnableInvalidOwner","type":"error"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"OwnableUnauthorizedAccount","type":"error"},{"inputs":[],"name":"PayloadAlreadyUsed","type":"error"},{"inputs":[{"internalType":"bytes4","name":"action","type":"bytes4"}],"name":"UnexpectedAction","type":"error"},{"inputs":[],"name":"ValSetAlreadySet","type":"error"},{"inputs":[],"name":"ZeroWeight","type":"error"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint64","name":"version","type":"uint64"}],"name":"Initialized","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"epoch","type":"uint256"},{"indexed":false,"internalType":"address[]","name":"validators","type":"address[]"},{"indexed":false,"internalType":"uint256[]","name":"weights","type":"uint256[]"},{"indexed":false,"internalType":"uint256","name":"threshold","type":"uint256"}],"name":"ValidatorSetUpdated","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"_payloadHash","type":"bytes32"},{"internalType":"bytes","name":"_proof","type":"bytes"}],"name":"checkProof","outputs":[],"stateMutability":"view","type":"function"},{"inputs":[],"name":"curEpoch","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"epoch","type":"uint256"}],"name":"getValidatorSet","outputs":[{"components":[{"internalType":"address[]","name":"validators","type":"address[]"},{"internalType":"uint256[]","name":"weights","type":"uint256[]"},{"internalType":"uint256","name":"weightThreshold","type":"uint256"}],"internalType":"struct Consortium.ValidatorSet","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_owner","type":"address"}],"name":"initialize","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"renounceOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes","name":"_initialValSet","type":"bytes"}],"name":"setInitialValidatorSet","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes","name":"payload","type":"bytes"},{"internalType":"bytes","name":"proof","type":"bytes"}],"name":"setNextValidatorSet","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"}]

608060405234801561001057600080fd5b5061001961001e565b6100d0565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00805468010000000000000000900460ff161561006e5760405163f92ee8a960e01b815260040160405180910390fd5b80546001600160401b03908116146100cd5780546001600160401b0319166001600160401b0390811782556040519081527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b50565b611935806100df6000396000f3fe608060405234801561001057600080fd5b50600436106100a95760003560e01c8063a2f09d0611610071578063a2f09d0614610118578063c4d66de81461012b578063d88873151461013e578063e30c39781461015c578063f2fde38b14610164578063f5213bc11461017757600080fd5b80633ed18bea146100ae578063715018a6146100c357806379ba5097146100cb5780638da5cb5b146100d3578063a04e8293146100f8575b600080fd5b6100c16100bc366004611155565b61018a565b005b6100c161019a565b6100c16101ae565b6100db6101fb565b6040516001600160a01b0390911681526020015b60405180910390f35b61010b6101063660046111a0565b610230565b6040516100ef91906111b9565b6100c1610126366004611263565b61034f565b6100c16101393660046112a4565b610449565b6000805160206118e0833981519152546040519081526020016100ef565b6100db610567565b6100c16101723660046112a4565b610590565b6100c16101853660046112d4565b610615565b61019583838361071b565b505050565b6101a2610962565b6101ac6000610994565b565b33806101b8610567565b6001600160a01b0316146101ef5760405163118cdaa760e01b81526001600160a01b03821660048201526024015b60405180910390fd5b6101f881610994565b50565b6000807f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c1993005b546001600160a01b031692915050565b61025460405180606001604052806060815260200160608152602001600081525090565b60008281527fbac09a3ab0e06910f94a49c10c16eb53146536ec1a9e948951735cde3a58b5016020908152604091829020825181546080938102820184019094526060810184815290939192849284918401828280156102dd57602002820191906000526020600020905b81546001600160a01b031681526001909101906020018083116102bf575b505050505081526020016001820180548060200260200160405190810160405280929190818152602001828054801561033557602002820191906000526020600020905b815481526020019060010190808311610321575b505050505081526020016002820154815250509050919050565b610357610962565b634aab1d6f60e01b610369828461133f565b6001600160e01b031916146103a857610382818361133f565b60405163f3c2729f60e01b81526001600160e01b031990911660048201526024016101e6565b6000805160206118e083398151915260006104036103c9846004818861136f565b8080601f0160208091040260200160405190810160405280939291908181526020018383808284376000920191909152506109d092505050565b825490915015610426576040516304641ce760e01b815260040160405180910390fd5b610443828260200151836040015184606001518560000151610bcb565b50505050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a008054600160401b810460ff1615906001600160401b031660008115801561048e5750825b90506000826001600160401b031660011480156104aa5750303b155b9050811580156104b8575080155b156104d65760405163f92ee8a960e01b815260040160405180910390fd5b845467ffffffffffffffff19166001178555831561050057845460ff60401b1916600160401b1785555b61050986610ca9565b610511610cba565b610519610cba565b831561055f57845460ff60401b19168555604051600181527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b505050505050565b6000807f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c00610220565b610598610962565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b0319166001600160a01b03831690811782556105dc6101fb565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a35050565b634aab1d6f60e01b610627848661133f565b6001600160e01b0319161461064057610382838561133f565b60006106526103c9856004818961136f565b905060006000805160206118e0833981519152905060006002878760405161067b929190611399565b602060405180830381855afa158015610698573d6000803e3d6000fd5b5050506040513d601f19601f820116820180604052508101906106bb91906113a9565b90506106c881868661018a565b81546106d59060016113d8565b8351146106f55760405163d5b25b6360e01b815260040160405180910390fd5b610712828460200151856040015186606001518760000151610bcb565b50505050505050565b6000805160206118e0833981519152805460000361074c57604051632df8ced160e11b815260040160405180910390fd5b600061075a83850185611481565b8254600090815260018401602052604090208054825192935090918114610797576040516001621398b960e31b0319815260040160405180910390fd5b8354600090815260018086016020526040822001815b83811015610920578581815181106107c7576107c7611575565b6020026020010151516040036109185760008682815181106107eb576107eb611575565b60209081029190910181015190810151604082015191925090811580159061081257508015155b15610914576000806108278f601b8686610cc2565b50909250905060008160038111156108415761084161158b565b14610850575050505050610918565b89868154811061086257610862611575565b6000918252602090912001546001600160a01b038381169116146108f05761088d8f601c8686610cc2565b50909250905060008160038111156108a7576108a761158b565b146108b6575050505050610918565b8986815481106108c8576108c8611575565b6000918252602090912001546001600160a01b038381169116146108f0575050505050610918565b86868154811061090257610902611575565b90600052602060002001548801975050505b5050505b6001016107ad565b50855460009081526001870160205260409020600201548210156109575760405163e246dc6360e01b815260040160405180910390fd5b505050505050505050565b3361096b6101fb565b6001600160a01b0316146101ac5760405163118cdaa760e01b81523360048201526024016101e6565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b03191681556109cc82610d91565b5050565b610a026040518060a0016040528060008152602001606081526020016060815260200160008152602001600081525090565b600080600080600086806020019051810190610a1e919061162f565b9450945094509450945060008585858585604051602001610a439594939291906117c6565b60405160208183030381529060405290508751815114610a8357875181516040516371cccdf360e11b8152600481019290925260248201526044016101e6565b600185511080610a94575060668551115b15610ab25760405163ca0cef7960e01b815260040160405180910390fd5b8351855114610ad4576040516344a7120b60e01b815260040160405180910390fd5b82600003610af55760405163aabd5a0960e01b815260040160405180910390fd5b6000805b8551811015610b6b57858181518110610b1457610b14611575565b6020026020010151600003610b3c576040516319a2a9bd60e01b815260040160405180910390fd5b858181518110610b4e57610b4e611575565b602002602001015182610b6191906113d8565b9150600101610af9565b5083811015610b8d5760405163aabd5a0960e01b815260040160405180910390fd5b6000610b9887610e02565b6040805160a081018252998a5260208a019190915288019590955250506060850191909152608084015250909392505050565b600081815260018601602052604090206002015415610bfd5760405163d5b25b6360e01b815260040160405180910390fd5b8085556040805160608101825285815260208082018690528183018590526000848152600189018252929092208151805192939192610c3f9284920190611058565b506020828101518051610c5892600185019201906110bd565b5060408201518160020155905050807ff401f5a770121fc0f928a49d6d2bbd6210392212fde4d7421059b944afba5165858585604051610c9a93929190611850565b60405180910390a25050505050565b610cb1610fdd565b6101f881611026565b6101ac610fdd565b600080807f7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0841115610cfd5750600091506003905082610d87565b604080516000808252602082018084528a905260ff891692820192909252606081018790526080810186905260019060a0016020604051602081039080840390855afa158015610d51573d6000803e3d6000fd5b5050604051601f1901519150506001600160a01b038116610d7d57506000925060019150829050610d87565b9250600091508190505b9450945094915050565b7f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c19930080546001600160a01b031981166001600160a01b03848116918217845560405192169182907f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e090600090a3505050565b6060600082516001600160401b03811115610e1f57610e1f6113f1565b604051908082528060200260200182016040528015610e48578160200160208202803683370190505b50905060005b8351811015610fd657838181518110610e6957610e69611575565b602002602001015151604103610fbc576000848281518110610e8d57610e8d611575565b60200260200101519050848281518110610ea957610ea9611575565b6020026020010151600081518110610ec357610ec3611575565b6020910101516001600160f81b031916600160fa1b14610f1157848281518110610eef57610eef611575565b6020026020010151604051635f475a1760e01b81526004016101e691906118b9565b600060018251610f2191906118cc565b6001600160401b03811115610f3857610f386113f1565b6040519080825280601f01601f191660200182016040528015610f62576020820181803683370190505b506021830151602082019081526041840151604083015281519020855191925090859085908110610f9557610f95611575565b60200260200101906001600160a01b031690816001600160a01b0316815250505050610fce565b838181518110610eef57610eef611575565b600101610e4e565b5092915050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a0054600160401b900460ff166101ac57604051631afcd79f60e31b815260040160405180910390fd5b61102e610fdd565b6001600160a01b0381166101ef57604051631e4fbdf760e01b8152600060048201526024016101e6565b8280548282559060005260206000209081019282156110ad579160200282015b828111156110ad57825182546001600160a01b0319166001600160a01b03909116178255602090920191600190910190611078565b506110b99291506110f8565b5090565b8280548282559060005260206000209081019282156110ad579160200282015b828111156110ad5782518255916020019190600101906110dd565b5b808211156110b957600081556001016110f9565b60008083601f84011261111f57600080fd5b5081356001600160401b0381111561113657600080fd5b60208301915083602082850101111561114e57600080fd5b9250929050565b60008060006040848603121561116a57600080fd5b8335925060208401356001600160401b0381111561118757600080fd5b6111938682870161110d565b9497909650939450505050565b6000602082840312156111b257600080fd5b5035919050565b6020808252825160608383015280516080840181905260009291820190839060a08601905b808310156112075783516001600160a01b031682529284019260019290920191908401906111de565b5086840151868203601f190160408801528051808352908501935090840191506000905b8082101561124b578351835292840192918401916001919091019061122b565b50506040860151606086015280935050505092915050565b6000806020838503121561127657600080fd5b82356001600160401b0381111561128c57600080fd5b6112988582860161110d565b90969095509350505050565b6000602082840312156112b657600080fd5b81356001600160a01b03811681146112cd57600080fd5b9392505050565b600080600080604085870312156112ea57600080fd5b84356001600160401b038082111561130157600080fd5b61130d8883890161110d565b9096509450602087013591508082111561132657600080fd5b506113338782880161110d565b95989497509550505050565b6001600160e01b031981358181169160048510156113675780818660040360031b1b83161692505b505092915050565b6000808585111561137f57600080fd5b8386111561138c57600080fd5b5050820193919092039150565b8183823760009101908152919050565b6000602082840312156113bb57600080fd5b5051919050565b634e487b7160e01b600052601160045260246000fd5b808201808211156113eb576113eb6113c2565b92915050565b634e487b7160e01b600052604160045260246000fd5b604051601f8201601f191681016001600160401b038111828210171561142f5761142f6113f1565b604052919050565b60006001600160401b03821115611450576114506113f1565b5060051b60200190565b60006001600160401b03821115611473576114736113f1565b50601f01601f191660200190565b6000602080838503121561149457600080fd5b82356001600160401b03808211156114ab57600080fd5b818501915085601f8301126114bf57600080fd5b81356114d26114cd82611437565b611407565b81815260059190911b830184019084810190888311156114f157600080fd5b8585015b838110156115685780358581111561150d5760008081fd5b8601603f81018b1361151f5760008081fd5b8781013560406115316114cd8361145a565b8281528d828486010111156115465760008081fd5b828285018c83013760009281018b0192909252508452509186019186016114f5565b5098975050505050505050565b634e487b7160e01b600052603260045260246000fd5b634e487b7160e01b600052602160045260246000fd5b60005b838110156115bc5781810151838201526020016115a4565b50506000910152565b600082601f8301126115d657600080fd5b815160206115e66114cd83611437565b8083825260208201915060208460051b87010193508684111561160857600080fd5b602086015b84811015611624578051835291830191830161160d565b509695505050505050565b600080600080600060a0868803121561164757600080fd5b8551945060208601516001600160401b038082111561166557600080fd5b818801915088601f83011261167957600080fd5b81516116876114cd82611437565b8082825260208201915060208360051b86010192508b8311156116a957600080fd5b602085015b8381101561171d578051858111156116c557600080fd5b8601603f81018e136116d657600080fd5b60208101516116e76114cd8261145a565b8181528f60408385010111156116fc57600080fd5b61170d8260208301604086016115a1565b85525050602092830192016116ae565b5060408b0151909850935050508082111561173757600080fd5b50611744888289016115c5565b606088015160809098015196999598509695949350505050565b600081518084526117768160208601602086016115a1565b601f01601f19169290920160200192915050565b60008151808452602080850194506020840160005b838110156117bb5781518752958201959082019060010161179f565b509495945050505050565b600060a08201878352602060a0602085015281885180845260c08601915060c08160051b870101935060208a0160005b828110156118245760bf1988870301845261181286835161175e565b955092840192908401906001016117f6565b5050505050828103604084015261183b818761178a565b60608401959095525050608001529392505050565b606080825284519082018190526000906020906080840190828801845b828110156118925781516001600160a01b03168452928401929084019060010161186d565b50505083810360208501526118a7818761178a565b92505050826040830152949350505050565b6020815260006112cd602083018461175e565b818103818111156113eb576113eb6113c256febac09a3ab0e06910f94a49c10c16eb53146536ec1a9e948951735cde3a58b500a264697066735822122027e0c40188b678ca7212d1c587e1b3c2ba73c45ed858f1e70ee53c7493d0ed2c64736f6c63430008180033

0x608060405234801561001057600080fd5b50600436106100a95760003560e01c8063a2f09d0611610071578063a2f09d0614610118578063c4d66de81461012b578063d88873151461013e578063e30c39781461015c578063f2fde38b14610164578063f5213bc11461017757600080fd5b80633ed18bea146100ae578063715018a6146100c357806379ba5097146100cb5780638da5cb5b146100d3578063a04e8293146100f8575b600080fd5b6100c16100bc366004611155565b61018a565b005b6100c161019a565b6100c16101ae565b6100db6101fb565b6040516001600160a01b0390911681526020015b60405180910390f35b61010b6101063660046111a0565b610230565b6040516100ef91906111b9565b6100c1610126366004611263565b61034f565b6100c16101393660046112a4565b610449565b6000805160206118e0833981519152546040519081526020016100ef565b6100db610567565b6100c16101723660046112a4565b610590565b6100c16101853660046112d4565b610615565b61019583838361071b565b505050565b6101a2610962565b6101ac6000610994565b565b33806101b8610567565b6001600160a01b0316146101ef5760405163118cdaa760e01b81526001600160a01b03821660048201526024015b60405180910390fd5b6101f881610994565b50565b6000807f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c1993005b546001600160a01b031692915050565b61025460405180606001604052806060815260200160608152602001600081525090565b60008281527fbac09a3ab0e06910f94a49c10c16eb53146536ec1a9e948951735cde3a58b5016020908152604091829020825181546080938102820184019094526060810184815290939192849284918401828280156102dd57602002820191906000526020600020905b81546001600160a01b031681526001909101906020018083116102bf575b505050505081526020016001820180548060200260200160405190810160405280929190818152602001828054801561033557602002820191906000526020600020905b815481526020019060010190808311610321575b505050505081526020016002820154815250509050919050565b610357610962565b634aab1d6f60e01b610369828461133f565b6001600160e01b031916146103a857610382818361133f565b60405163f3c2729f60e01b81526001600160e01b031990911660048201526024016101e6565b6000805160206118e083398151915260006104036103c9846004818861136f565b8080601f0160208091040260200160405190810160405280939291908181526020018383808284376000920191909152506109d092505050565b825490915015610426576040516304641ce760e01b815260040160405180910390fd5b610443828260200151836040015184606001518560000151610bcb565b50505050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a008054600160401b810460ff1615906001600160401b031660008115801561048e5750825b90506000826001600160401b031660011480156104aa5750303b155b9050811580156104b8575080155b156104d65760405163f92ee8a960e01b815260040160405180910390fd5b845467ffffffffffffffff19166001178555831561050057845460ff60401b1916600160401b1785555b61050986610ca9565b610511610cba565b610519610cba565b831561055f57845460ff60401b19168555604051600181527fc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d29060200160405180910390a15b505050505050565b6000807f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c00610220565b610598610962565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b0319166001600160a01b03831690811782556105dc6101fb565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a35050565b634aab1d6f60e01b610627848661133f565b6001600160e01b0319161461064057610382838561133f565b60006106526103c9856004818961136f565b905060006000805160206118e0833981519152905060006002878760405161067b929190611399565b602060405180830381855afa158015610698573d6000803e3d6000fd5b5050506040513d601f19601f820116820180604052508101906106bb91906113a9565b90506106c881868661018a565b81546106d59060016113d8565b8351146106f55760405163d5b25b6360e01b815260040160405180910390fd5b610712828460200151856040015186606001518760000151610bcb565b50505050505050565b6000805160206118e0833981519152805460000361074c57604051632df8ced160e11b815260040160405180910390fd5b600061075a83850185611481565b8254600090815260018401602052604090208054825192935090918114610797576040516001621398b960e31b0319815260040160405180910390fd5b8354600090815260018086016020526040822001815b83811015610920578581815181106107c7576107c7611575565b6020026020010151516040036109185760008682815181106107eb576107eb611575565b60209081029190910181015190810151604082015191925090811580159061081257508015155b15610914576000806108278f601b8686610cc2565b50909250905060008160038111156108415761084161158b565b14610850575050505050610918565b89868154811061086257610862611575565b6000918252602090912001546001600160a01b038381169116146108f05761088d8f601c8686610cc2565b50909250905060008160038111156108a7576108a761158b565b146108b6575050505050610918565b8986815481106108c8576108c8611575565b6000918252602090912001546001600160a01b038381169116146108f0575050505050610918565b86868154811061090257610902611575565b90600052602060002001548801975050505b5050505b6001016107ad565b50855460009081526001870160205260409020600201548210156109575760405163e246dc6360e01b815260040160405180910390fd5b505050505050505050565b3361096b6101fb565b6001600160a01b0316146101ac5760405163118cdaa760e01b81523360048201526024016101e6565b7f237e158222e3e6968b72b9db0d8043aacf074ad9f650f0d1606b4d82ee432c0080546001600160a01b03191681556109cc82610d91565b5050565b610a026040518060a0016040528060008152602001606081526020016060815260200160008152602001600081525090565b600080600080600086806020019051810190610a1e919061162f565b9450945094509450945060008585858585604051602001610a439594939291906117c6565b60405160208183030381529060405290508751815114610a8357875181516040516371cccdf360e11b8152600481019290925260248201526044016101e6565b600185511080610a94575060668551115b15610ab25760405163ca0cef7960e01b815260040160405180910390fd5b8351855114610ad4576040516344a7120b60e01b815260040160405180910390fd5b82600003610af55760405163aabd5a0960e01b815260040160405180910390fd5b6000805b8551811015610b6b57858181518110610b1457610b14611575565b6020026020010151600003610b3c576040516319a2a9bd60e01b815260040160405180910390fd5b858181518110610b4e57610b4e611575565b602002602001015182610b6191906113d8565b9150600101610af9565b5083811015610b8d5760405163aabd5a0960e01b815260040160405180910390fd5b6000610b9887610e02565b6040805160a081018252998a5260208a019190915288019590955250506060850191909152608084015250909392505050565b600081815260018601602052604090206002015415610bfd5760405163d5b25b6360e01b815260040160405180910390fd5b8085556040805160608101825285815260208082018690528183018590526000848152600189018252929092208151805192939192610c3f9284920190611058565b506020828101518051610c5892600185019201906110bd565b5060408201518160020155905050807ff401f5a770121fc0f928a49d6d2bbd6210392212fde4d7421059b944afba5165858585604051610c9a93929190611850565b60405180910390a25050505050565b610cb1610fdd565b6101f881611026565b6101ac610fdd565b600080807f7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0841115610cfd5750600091506003905082610d87565b604080516000808252602082018084528a905260ff891692820192909252606081018790526080810186905260019060a0016020604051602081039080840390855afa158015610d51573d6000803e3d6000fd5b5050604051601f1901519150506001600160a01b038116610d7d57506000925060019150829050610d87565b9250600091508190505b9450945094915050565b7f9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c19930080546001600160a01b031981166001600160a01b03848116918217845560405192169182907f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e090600090a3505050565b6060600082516001600160401b03811115610e1f57610e1f6113f1565b604051908082528060200260200182016040528015610e48578160200160208202803683370190505b50905060005b8351811015610fd657838181518110610e6957610e69611575565b602002602001015151604103610fbc576000848281518110610e8d57610e8d611575565b60200260200101519050848281518110610ea957610ea9611575565b6020026020010151600081518110610ec357610ec3611575565b6020910101516001600160f81b031916600160fa1b14610f1157848281518110610eef57610eef611575565b6020026020010151604051635f475a1760e01b81526004016101e691906118b9565b600060018251610f2191906118cc565b6001600160401b03811115610f3857610f386113f1565b6040519080825280601f01601f191660200182016040528015610f62576020820181803683370190505b506021830151602082019081526041840151604083015281519020855191925090859085908110610f9557610f95611575565b60200260200101906001600160a01b031690816001600160a01b0316815250505050610fce565b838181518110610eef57610eef611575565b600101610e4e565b5092915050565b7ff0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a0054600160401b900460ff166101ac57604051631afcd79f60e31b815260040160405180910390fd5b61102e610fdd565b6001600160a01b0381166101ef57604051631e4fbdf760e01b8152600060048201526024016101e6565b8280548282559060005260206000209081019282156110ad579160200282015b828111156110ad57825182546001600160a01b0319166001600160a01b03909116178255602090920191600190910190611078565b506110b99291506110f8565b5090565b8280548282559060005260206000209081019282156110ad579160200282015b828111156110ad5782518255916020019190600101906110dd565b5b808211156110b957600081556001016110f9565b60008083601f84011261111f57600080fd5b5081356001600160401b0381111561113657600080fd5b60208301915083602082850101111561114e57600080fd5b9250929050565b60008060006040848603121561116a57600080fd5b8335925060208401356001600160401b0381111561118757600080fd5b6111938682870161110d565b9497909650939450505050565b6000602082840312156111b257600080fd5b5035919050565b6020808252825160608383015280516080840181905260009291820190839060a08601905b808310156112075783516001600160a01b031682529284019260019290920191908401906111de565b5086840151868203601f190160408801528051808352908501935090840191506000905b8082101561124b578351835292840192918401916001919091019061122b565b50506040860151606086015280935050505092915050565b6000806020838503121561127657600080fd5b82356001600160401b0381111561128c57600080fd5b6112988582860161110d565b90969095509350505050565b6000602082840312156112b657600080fd5b81356001600160a01b03811681146112cd57600080fd5b9392505050565b600080600080604085870312156112ea57600080fd5b84356001600160401b038082111561130157600080fd5b61130d8883890161110d565b9096509450602087013591508082111561132657600080fd5b506113338782880161110d565b95989497509550505050565b6001600160e01b031981358181169160048510156113675780818660040360031b1b83161692505b505092915050565b6000808585111561137f57600080fd5b8386111561138c57600080fd5b5050820193919092039150565b8183823760009101908152919050565b6000602082840312156113bb57600080fd5b5051919050565b634e487b7160e01b600052601160045260246000fd5b808201808211156113eb576113eb6113c2565b92915050565b634e487b7160e01b600052604160045260246000fd5b604051601f8201601f191681016001600160401b038111828210171561142f5761142f6113f1565b604052919050565b60006001600160401b03821115611450576114506113f1565b5060051b60200190565b60006001600160401b03821115611473576114736113f1565b50601f01601f191660200190565b6000602080838503121561149457600080fd5b82356001600160401b03808211156114ab57600080fd5b818501915085601f8301126114bf57600080fd5b81356114d26114cd82611437565b611407565b81815260059190911b830184019084810190888311156114f157600080fd5b8585015b838110156115685780358581111561150d5760008081fd5b8601603f81018b1361151f5760008081fd5b8781013560406115316114cd8361145a565b8281528d828486010111156115465760008081fd5b828285018c83013760009281018b0192909252508452509186019186016114f5565b5098975050505050505050565b634e487b7160e01b600052603260045260246000fd5b634e487b7160e01b600052602160045260246000fd5b60005b838110156115bc5781810151838201526020016115a4565b50506000910152565b600082601f8301126115d657600080fd5b815160206115e66114cd83611437565b8083825260208201915060208460051b87010193508684111561160857600080fd5b602086015b84811015611624578051835291830191830161160d565b509695505050505050565b600080600080600060a0868803121561164757600080fd5b8551945060208601516001600160401b038082111561166557600080fd5b818801915088601f83011261167957600080fd5b81516116876114cd82611437565b8082825260208201915060208360051b86010192508b8311156116a957600080fd5b602085015b8381101561171d578051858111156116c557600080fd5b8601603f81018e136116d657600080fd5b60208101516116e76114cd8261145a565b8181528f60408385010111156116fc57600080fd5b61170d8260208301604086016115a1565b85525050602092830192016116ae565b5060408b0151909850935050508082111561173757600080fd5b50611744888289016115c5565b606088015160809098015196999598509695949350505050565b600081518084526117768160208601602086016115a1565b601f01601f19169290920160200192915050565b60008151808452602080850194506020840160005b838110156117bb5781518752958201959082019060010161179f565b509495945050505050565b600060a08201878352602060a0602085015281885180845260c08601915060c08160051b870101935060208a0160005b828110156118245760bf1988870301845261181286835161175e565b955092840192908401906001016117f6565b5050505050828103604084015261183b818761178a565b60608401959095525050608001529392505050565b606080825284519082018190526000906020906080840190828801845b828110156118925781516001600160a01b03168452928401929084019060010161186d565b50505083810360208501526118a7818761178a565b92505050826040830152949350505050565b6020815260006112cd602083018461175e565b818103818111156113eb576113eb6113c256febac09a3ab0e06910f94a49c10c16eb53146536ec1a9e948951735cde3a58b500a264697066735822122027e0c40188b678ca7212d1c587e1b3c2ba73c45ed858f1e70ee53c7493d0ed2c64736f6c63430008180033