diff --git a/deployments/arbitrum/SpokePoolVerifier.json b/deployments/arbitrum/SpokePoolVerifier.json new file mode 100644 index 000000000..5c5a30d4c --- /dev/null +++ b/deployments/arbitrum/SpokePoolVerifier.json @@ -0,0 +1,115 @@ +{ + "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", + "abi": [ + { + "inputs": [ + { + "internalType": "contract SpokePoolInterface", + "name": "spokePool", + "type": "address" + }, + { + "internalType": "address", + "name": "recipient", + "type": "address" + }, + { + "internalType": "address", + "name": "originToken", + "type": "address" + }, + { + "internalType": "uint256", + "name": "amount", + "type": "uint256" + }, + { + "internalType": "uint256", + "name": "destinationChainId", + "type": "uint256" + }, + { + "internalType": "int64", + "name": "relayerFeePct", + "type": "int64" + }, + { + "internalType": "uint32", + "name": "quoteTimestamp", + "type": "uint32" + }, + { + "internalType": "bytes", + "name": "message", + "type": "bytes" + }, + { + "internalType": "uint256", + "name": "maxCount", + "type": "uint256" + } + ], + "name": "deposit", + "outputs": [], + "stateMutability": "payable", + "type": "function" + } + ], + "transactionHash": "0x72312f4d56e5569c0ef860296caf0deda7ec85b1633699d709385614fd074bfd", + "receipt": { + "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", + "from": "0x9A8f92a830A5cB89a3816e3D267CB7791c16b04D", + "contractAddress": null, + "transactionIndex": 1, + "gasUsed": "2180734", + "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "blockHash": "0x716ef0bce9728e6a42019a7cbfc350c5810d55efd8c80424dad36a2158861660", + "transactionHash": "0x72312f4d56e5569c0ef860296caf0deda7ec85b1633699d709385614fd074bfd", + "logs": [], + "blockNumber": 137490903, + "cumulativeGasUsed": "2180734", + "status": 1, + "byzantium": true + }, + "args": [], + "numDeployments": 1, + "solcInputHash": "ddd636e0d4b16feb9b78418745aefa13", + "metadata": "{\"compiler\":{\"version\":\"0.8.18+commit.87f61d96\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"contract SpokePoolInterface\",\"name\":\"spokePool\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"originToken\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"},{\"internalType\":\"uint256\",\"name\":\"destinationChainId\",\"type\":\"uint256\"},{\"internalType\":\"int64\",\"name\":\"relayerFeePct\",\"type\":\"int64\"},{\"internalType\":\"uint32\",\"name\":\"quoteTimestamp\",\"type\":\"uint32\"},{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"uint256\",\"name\":\"maxCount\",\"type\":\"uint256\"}],\"name\":\"deposit\",\"outputs\":[],\"stateMutability\":\"payable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\",\"kind\":\"dev\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"details\":\"Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.\",\"params\":{\"amount\":\"Amount of tokens to deposit. Will be amount of tokens to receive less fees.\",\"destinationChainId\":\"Denotes network where user will receive funds from SpokePool by a relayer.\",\"maxCount\":\"used to protect the depositor from frontrunning to guarantee their quote remains valid.\",\"message\":\"Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\",\"originToken\":\"Token to lock into this contract to initiate deposit.\",\"quoteTimestamp\":\"Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.\",\"recipient\":\"Address to receive funds at on destination chain.\",\"relayerFeePct\":\"% of deposit amount taken out to incentivize a fast relayer.\",\"spokePool\":\"Address of the SpokePool contract that the user is intending to call.\"}}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"notice\":\"Passthrough function to `deposit()` on the SpokePool contract.\"}},\"notice\":\"SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"contracts/SpokePoolVerifier.sol\":\"SpokePoolVerifier\"},\"evmVersion\":\"paris\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":true},\"optimizer\":{\"enabled\":true,\"runs\":1000000},\"remappings\":[],\"viaIR\":true},\"sources\":{\"@openzeppelin/contracts/utils/Address.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\\n\\npragma solidity ^0.8.1;\\n\\n/**\\n * @dev Collection of functions related to the address type\\n */\\nlibrary Address {\\n /**\\n * @dev Returns true if `account` is a contract.\\n *\\n * [IMPORTANT]\\n * ====\\n * It is unsafe to assume that an address for which this function returns\\n * false is an externally-owned account (EOA) and not a contract.\\n *\\n * Among others, `isContract` will return false for the following\\n * types of addresses:\\n *\\n * - an externally-owned account\\n * - a contract in construction\\n * - an address where a contract will be created\\n * - an address where a contract lived, but was destroyed\\n *\\n * Furthermore, `isContract` will also return true if the target contract within\\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\\n * which only has an effect at the end of a transaction.\\n * ====\\n *\\n * [IMPORTANT]\\n * ====\\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\\n *\\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\\n * constructor.\\n * ====\\n */\\n function isContract(address account) internal view returns (bool) {\\n // This method relies on extcodesize/address.code.length, which returns 0\\n // for contracts in construction, since the code is only stored at the end\\n // of the constructor execution.\\n\\n return account.code.length > 0;\\n }\\n\\n /**\\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\\n * `recipient`, forwarding all available gas and reverting on errors.\\n *\\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\\n * imposed by `transfer`, making them unable to receive funds via\\n * `transfer`. {sendValue} removes this limitation.\\n *\\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\\n *\\n * IMPORTANT: because control is transferred to `recipient`, care must be\\n * taken to not create reentrancy vulnerabilities. Consider using\\n * {ReentrancyGuard} or the\\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\\n */\\n function sendValue(address payable recipient, uint256 amount) internal {\\n require(address(this).balance >= amount, \\\"Address: insufficient balance\\\");\\n\\n (bool success, ) = recipient.call{value: amount}(\\\"\\\");\\n require(success, \\\"Address: unable to send value, recipient may have reverted\\\");\\n }\\n\\n /**\\n * @dev Performs a Solidity function call using a low level `call`. A\\n * plain `call` is an unsafe replacement for a function call: use this\\n * function instead.\\n *\\n * If `target` reverts with a revert reason, it is bubbled up by this\\n * function (like regular Solidity function calls).\\n *\\n * Returns the raw returned data. To convert to the expected return value,\\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\\n *\\n * Requirements:\\n *\\n * - `target` must be a contract.\\n * - calling `target` with `data` must not revert.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, \\\"Address: low-level call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\\n * `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but also transferring `value` wei to `target`.\\n *\\n * Requirements:\\n *\\n * - the calling contract must have an ETH balance of at least `value`.\\n * - the called Solidity function must be `payable`.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, value, \\\"Address: low-level call with value failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\\n * with `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(\\n address target,\\n bytes memory data,\\n uint256 value,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n require(address(this).balance >= value, \\\"Address: insufficient balance for call\\\");\\n (bool success, bytes memory returndata) = target.call{value: value}(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\\n return functionStaticCall(target, data, \\\"Address: low-level static call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.staticcall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionDelegateCall(target, data, \\\"Address: low-level delegate call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.delegatecall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\\n *\\n * _Available since v4.8._\\n */\\n function verifyCallResultFromTarget(\\n address target,\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n if (success) {\\n if (returndata.length == 0) {\\n // only check isContract if the call was successful and the return data is empty\\n // otherwise we already know that it was a contract\\n require(isContract(target), \\\"Address: call to non-contract\\\");\\n }\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\\n * revert reason or using the provided one.\\n *\\n * _Available since v4.3._\\n */\\n function verifyCallResult(\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal pure returns (bytes memory) {\\n if (success) {\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\\n // Look for revert reason and bubble it up if present\\n if (returndata.length > 0) {\\n // The easiest way to bubble the revert reason is using memory via assembly\\n /// @solidity memory-safe-assembly\\n assembly {\\n let returndata_size := mload(returndata)\\n revert(add(32, returndata), returndata_size)\\n }\\n } else {\\n revert(errorMessage);\\n }\\n }\\n}\\n\",\"keccak256\":\"0x006dd67219697fe68d7fbfdea512e7c4cb64a43565ed86171d67e844982da6fa\",\"license\":\"MIT\"},\"contracts/SpokePoolVerifier.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\nimport \\\"@openzeppelin/contracts/utils/Address.sol\\\";\\nimport \\\"./interfaces/SpokePoolInterface.sol\\\";\\n\\n/**\\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\\n */\\ncontract SpokePoolVerifier {\\n using Address for address;\\n\\n /**\\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\\n * @param recipient Address to receive funds at on destination chain.\\n * @param originToken Token to lock into this contract to initiate deposit.\\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\\n * to LP pool on HubPool.\\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\\n */\\n function deposit(\\n SpokePoolInterface spokePool,\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable {\\n require(msg.value == amount, \\\"msg.value != amount\\\");\\n require(address(spokePool).isContract(), \\\"spokePool is not a contract\\\");\\n spokePool.deposit{ value: msg.value }(\\n recipient,\\n originToken,\\n amount,\\n destinationChainId,\\n relayerFeePct,\\n quoteTimestamp,\\n message,\\n maxCount\\n );\\n }\\n}\\n\",\"keccak256\":\"0x307def15b466a7b358bd8429d1e0602bc623d7c03aa07b78552e551625196c29\",\"license\":\"BUSL-1.1\"},\"contracts/interfaces/SpokePoolInterface.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\n/**\\n * @notice Contains common data structures and functions used by all SpokePool implementations.\\n */\\ninterface SpokePoolInterface {\\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\\n struct RelayerRefundLeaf {\\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\\n // is negative. This is just the negative of this value.\\n uint256 amountToReturn;\\n // Used to verify that this is being executed on the correct destination chainId.\\n uint256 chainId;\\n // This array designates how much each of those addresses should be refunded.\\n uint256[] refundAmounts;\\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\\n uint32 leafId;\\n // The associated L2TokenAddress that these claims apply to.\\n address l2TokenAddress;\\n // Must be same length as refundAmounts and designates each address that must be refunded.\\n address[] refundAddresses;\\n }\\n\\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\\n // chain validator can choose when to refund slow relayers.\\n struct RelayData {\\n // The address that made the deposit on the origin chain.\\n address depositor;\\n // The recipient address on the destination chain.\\n address recipient;\\n // The corresponding token address on the destination chain.\\n address destinationToken;\\n // The total relay amount before fees are taken out.\\n uint256 amount;\\n // Origin chain id.\\n uint256 originChainId;\\n // Destination chain id.\\n uint256 destinationChainId;\\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\\n // and the HubPool's utilization.\\n int64 realizedLpFeePct;\\n // The relayer fee percentage specified in the deposit.\\n int64 relayerFeePct;\\n // The id uniquely identifying this deposit on the origin chain.\\n uint32 depositId;\\n // Data that is forwarded to the recipient.\\n bytes message;\\n }\\n\\n struct SlowFill {\\n RelayData relayData;\\n int256 payoutAdjustmentPct;\\n }\\n\\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\\n // by \\\"data workers\\\" via inclusion proofs to execute leaves in the roots.\\n struct RootBundle {\\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\\n bytes32 slowRelayRoot;\\n // Merkle root of relayer refunds for successful relays.\\n bytes32 relayerRefundRoot;\\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\\n // 256x(2^248) leaves per root.\\n mapping(uint256 => uint256) claimedBitmap;\\n }\\n\\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\\n\\n function setHubPool(address newHubPool) external;\\n\\n function setEnableRoute(\\n address originToken,\\n uint256 destinationChainId,\\n bool enable\\n ) external;\\n\\n function pauseDeposits(bool pause) external;\\n\\n function pauseFills(bool pause) external;\\n\\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\\n\\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\\n\\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\\n\\n function deposit(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function depositNow(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function speedUpDeposit(\\n address depositor,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n address updatedRecipient,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature\\n ) external;\\n\\n function fillRelay(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n uint256 maxCount\\n ) external;\\n\\n function fillRelayWithUpdatedDeposit(\\n address depositor,\\n address recipient,\\n address updatedRecipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature,\\n uint256 maxCount\\n ) external;\\n\\n function executeSlowRelayLeaf(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n uint32 rootBundleId,\\n bytes memory message,\\n int256 payoutAdjustment,\\n bytes32[] memory proof\\n ) external;\\n\\n function executeRelayerRefundLeaf(\\n uint32 rootBundleId,\\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\\n bytes32[] memory proof\\n ) external;\\n\\n function chainId() external view returns (uint256);\\n}\\n\",\"keccak256\":\"0x8ca5e32ee496553c1055954283747b6725356548dc35f5aad565e5cf37bf6449\",\"license\":\"BUSL-1.1\"}},\"version\":1}", + "bytecode": "0x60808060405234610016576103c3908161001c8239f35b600080fdfe608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "deployedBytecode": "0x608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "devdoc": { + "details": "This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2", + "kind": "dev", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "details": "Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.", + "params": { + "amount": "Amount of tokens to deposit. Will be amount of tokens to receive less fees.", + "destinationChainId": "Denotes network where user will receive funds from SpokePool by a relayer.", + "maxCount": "used to protect the depositor from frontrunning to guarantee their quote remains valid.", + "message": "Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.", + "originToken": "Token to lock into this contract to initiate deposit.", + "quoteTimestamp": "Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.", + "recipient": "Address to receive funds at on destination chain.", + "relayerFeePct": "% of deposit amount taken out to incentivize a fast relayer.", + "spokePool": "Address of the SpokePool contract that the user is intending to call." + } + } + }, + "version": 1 + }, + "userdoc": { + "kind": "user", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "notice": "Passthrough function to `deposit()` on the SpokePool contract." + } + }, + "notice": "SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.", + "version": 1 + }, + "storageLayout": { + "storage": [], + "types": null + } +} diff --git a/deployments/arbitrum/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json b/deployments/arbitrum/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json new file mode 100644 index 000000000..abf783f9a --- /dev/null +++ b/deployments/arbitrum/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json @@ -0,0 +1,247 @@ +{ + "language": "Solidity", + "sources": { + "@eth-optimism/contracts/L1/messaging/IL1ERC20Bridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title IL1ERC20Bridge\n */\ninterface IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n\n event ERC20DepositInitiated(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n event ERC20WithdrawalFinalized(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev get the address of the corresponding L2 bridge contract.\n * @return Address of the corresponding L2 bridge contract.\n */\n function l2TokenBridge() external returns (address);\n\n /**\n * @dev deposit an amount of the ERC20 to the caller's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _amount Amount of the ERC20 to deposit\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20(\n address _l1Token,\n address _l2Token,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /**\n * @dev deposit an amount of ERC20 to a recipient's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _to L2 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20To(\n address _l1Token,\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ERC20 token.\n * This call will fail if the initialized withdrawal from L2 has not been finalized.\n *\n * @param _l1Token Address of L1 token to finalizeWithdrawal for.\n * @param _l2Token Address of L2 token where withdrawal was initiated.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Data provided by the sender on L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeERC20Withdrawal(\n address _l1Token,\n address _l2Token,\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\nimport \"./IL1ERC20Bridge.sol\";\n\n/**\n * @title IL1StandardBridge\n */\ninterface IL1StandardBridge is IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n event ETHDepositInitiated(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n event ETHWithdrawalFinalized(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev Deposit an amount of the ETH to the caller's balance on L2.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETH(uint32 _l2Gas, bytes calldata _data) external payable;\n\n /**\n * @dev Deposit an amount of ETH to a recipient's balance on L2.\n * @param _to L2 address to credit the withdrawal to.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETHTo(\n address _to,\n uint32 _l2Gas,\n bytes calldata _data\n ) external payable;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ETH token. Since only the xDomainMessenger can call this function, it will never be called\n * before the withdrawal is finalized.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeETHWithdrawal(\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessenger {\n /**********\n * Events *\n **********/\n\n event SentMessage(\n address indexed target,\n address sender,\n bytes message,\n uint256 messageNonce,\n uint256 gasLimit\n );\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(\n address _target,\n bytes calldata _message,\n uint32 _gasLimit\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.9;\n\n/**\n * @title Lib_PredeployAddresses\n */\nlibrary Lib_PredeployAddresses {\n address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;\n address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;\n address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;\n address payable internal constant OVM_ETH = payable(0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000);\n address internal constant L2_CROSS_DOMAIN_MESSENGER =\n 0x4200000000000000000000000000000000000007;\n address internal constant LIB_ADDRESS_MANAGER = 0x4200000000000000000000000000000000000008;\n address internal constant PROXY_EOA = 0x4200000000000000000000000000000000000009;\n address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;\n address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;\n address internal constant L2_STANDARD_TOKEN_FACTORY =\n 0x4200000000000000000000000000000000000012;\n address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/ContextUpgradeable.sol\";\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n function __Ownable_init() internal onlyInitializing {\n __Ownable_init_unchained();\n }\n\n function __Ownable_init_unchained() internal onlyInitializing {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/errorsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.6.0) (crosschain/errors.sol)\n\npragma solidity ^0.8.4;\n\nerror NotCrossChainCall();\nerror InvalidCrossChainSender(address actual, address expected);\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (crosschain/optimism/LibOptimism.sol)\n\npragma solidity ^0.8.4;\n\nimport { ICrossDomainMessengerUpgradeable as Optimism_Bridge } from \"../../vendor/optimism/ICrossDomainMessengerUpgradeable.sol\";\nimport \"../errorsUpgradeable.sol\";\n\n/**\n * @dev Primitives for cross-chain aware contracts for https://www.optimism.io/[Optimism].\n * See the https://community.optimism.io/docs/developers/bridge/messaging/#accessing-msg-sender[documentation]\n * for the functionality used here.\n */\nlibrary LibOptimismUpgradeable {\n /**\n * @dev Returns whether the current function call is the result of a\n * cross-chain message relayed by `messenger`.\n */\n function isCrossChain(address messenger) internal view returns (bool) {\n return msg.sender == messenger;\n }\n\n /**\n * @dev Returns the address of the sender that triggered the current\n * cross-chain message through `messenger`.\n *\n * NOTE: {isCrossChain} should be checked before trying to recover the\n * sender, as it will revert with `NotCrossChainCall` if the current\n * function call is not the result of a cross-chain message.\n */\n function crossChainSender(address messenger) internal view returns (address) {\n if (!isCrossChain(messenger)) revert NotCrossChainCall();\n\n return Optimism_Bridge(messenger).xDomainMessageSender();\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/draft-IERC1822Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified\n * proxy whose upgrades are fully controlled by the current implementation.\n */\ninterface IERC1822ProxiableUpgradeable {\n /**\n * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation\n * address.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy.\n */\n function proxiableUUID() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/IERC1967Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n *\n * _Available since v4.8.3._\n */\ninterface IERC1967Upgradeable {\n /**\n * @dev Emitted when the implementation is upgraded.\n */\n event Upgraded(address indexed implementation);\n\n /**\n * @dev Emitted when the admin account has changed.\n */\n event AdminChanged(address previousAdmin, address newAdmin);\n\n /**\n * @dev Emitted when the beacon is changed.\n */\n event BeaconUpgraded(address indexed beacon);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/beacon/IBeaconUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeaconUpgradeable {\n /**\n * @dev Must return an address that can be used as a delegate call target.\n *\n * {BeaconProxy} will check that this address is a contract.\n */\n function implementation() external view returns (address);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../beacon/IBeaconUpgradeable.sol\";\nimport \"../../interfaces/IERC1967Upgradeable.sol\";\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../../utils/AddressUpgradeable.sol\";\nimport \"../../utils/StorageSlotUpgradeable.sol\";\nimport \"../utils/Initializable.sol\";\n\n/**\n * @dev This abstract contract provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.\n *\n * _Available since v4.1._\n */\nabstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {\n function __ERC1967Upgrade_init() internal onlyInitializing {\n }\n\n function __ERC1967Upgrade_init_unchained() internal onlyInitializing {\n }\n // This is the keccak-256 hash of \"eip1967.proxy.rollback\" subtracted by 1\n bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;\n\n /**\n * @dev Storage slot with the address of the current implementation.\n * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n /**\n * @dev Returns the current implementation address.\n */\n function _getImplementation() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 implementation slot.\n */\n function _setImplementation(address newImplementation) private {\n require(AddressUpgradeable.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n }\n\n /**\n * @dev Perform implementation upgrade\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeTo(address newImplementation) internal {\n _setImplementation(newImplementation);\n emit Upgraded(newImplementation);\n }\n\n /**\n * @dev Perform implementation upgrade with additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {\n _upgradeTo(newImplementation);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(newImplementation, data);\n }\n }\n\n /**\n * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {\n // Upgrades from old implementations will perform a rollback test. This test requires the new\n // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing\n // this special case will break upgrade paths from old UUPS implementation to new ones.\n if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {\n _setImplementation(newImplementation);\n } else {\n try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {\n require(slot == _IMPLEMENTATION_SLOT, \"ERC1967Upgrade: unsupported proxiableUUID\");\n } catch {\n revert(\"ERC1967Upgrade: new implementation is not UUPS\");\n }\n _upgradeToAndCall(newImplementation, data, forceCall);\n }\n }\n\n /**\n * @dev Storage slot with the admin of the contract.\n * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n /**\n * @dev Returns the current admin.\n */\n function _getAdmin() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 admin slot.\n */\n function _setAdmin(address newAdmin) private {\n require(newAdmin != address(0), \"ERC1967: new admin is the zero address\");\n StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;\n }\n\n /**\n * @dev Changes the admin of the proxy.\n *\n * Emits an {AdminChanged} event.\n */\n function _changeAdmin(address newAdmin) internal {\n emit AdminChanged(_getAdmin(), newAdmin);\n _setAdmin(newAdmin);\n }\n\n /**\n * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.\n */\n bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n /**\n * @dev Returns the current beacon.\n */\n function _getBeacon() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;\n }\n\n /**\n * @dev Stores a new beacon in the EIP1967 beacon slot.\n */\n function _setBeacon(address newBeacon) private {\n require(AddressUpgradeable.isContract(newBeacon), \"ERC1967: new beacon is not a contract\");\n require(\n AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),\n \"ERC1967: beacon implementation is not a contract\"\n );\n StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;\n }\n\n /**\n * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does\n * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).\n *\n * Emits a {BeaconUpgraded} event.\n */\n function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {\n _setBeacon(newBeacon);\n emit BeaconUpgraded(newBeacon);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);\n }\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../../utils/AddressUpgradeable.sol\";\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n * function initialize() initializer public {\n * __ERC20_init(\"MyToken\", \"MTK\");\n * }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n * function initializeV2() reinitializer(2) public {\n * __ERC20Permit_init(\"MyToken\");\n * }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n * _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n /**\n * @dev Indicates that the contract has been initialized.\n * @custom:oz-retyped-from bool\n */\n uint8 private _initialized;\n\n /**\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private _initializing;\n\n /**\n * @dev Triggered when the contract has been initialized or reinitialized.\n */\n event Initialized(uint8 version);\n\n /**\n * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n * `onlyInitializing` functions can be used to initialize parent contracts.\n *\n * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a\n * constructor.\n *\n * Emits an {Initialized} event.\n */\n modifier initializer() {\n bool isTopLevelCall = !_initializing;\n require(\n (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),\n \"Initializable: contract is already initialized\"\n );\n _initialized = 1;\n if (isTopLevelCall) {\n _initializing = true;\n }\n _;\n if (isTopLevelCall) {\n _initializing = false;\n emit Initialized(1);\n }\n }\n\n /**\n * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n * used to initialize parent contracts.\n *\n * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n * are added through upgrades and that require initialization.\n *\n * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n * cannot be nested. If one is invoked in the context of another, execution will revert.\n *\n * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n * a contract, executing them in the right order is up to the developer or operator.\n *\n * WARNING: setting the version to 255 will prevent any future reinitialization.\n *\n * Emits an {Initialized} event.\n */\n modifier reinitializer(uint8 version) {\n require(!_initializing && _initialized < version, \"Initializable: contract is already initialized\");\n _initialized = version;\n _initializing = true;\n _;\n _initializing = false;\n emit Initialized(version);\n }\n\n /**\n * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n * {initializer} and {reinitializer} modifiers, directly or indirectly.\n */\n modifier onlyInitializing() {\n require(_initializing, \"Initializable: contract is not initializing\");\n _;\n }\n\n /**\n * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n * through proxies.\n *\n * Emits an {Initialized} event the first time it is successfully executed.\n */\n function _disableInitializers() internal virtual {\n require(!_initializing, \"Initializable: contract is initializing\");\n if (_initialized != type(uint8).max) {\n _initialized = type(uint8).max;\n emit Initialized(type(uint8).max);\n }\n }\n\n /**\n * @dev Returns the highest version that has been initialized. See {reinitializer}.\n */\n function _getInitializedVersion() internal view returns (uint8) {\n return _initialized;\n }\n\n /**\n * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n */\n function _isInitializing() internal view returns (bool) {\n return _initializing;\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../ERC1967/ERC1967UpgradeUpgradeable.sol\";\nimport \"./Initializable.sol\";\n\n/**\n * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an\n * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.\n *\n * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is\n * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing\n * `UUPSUpgradeable` with a custom implementation of upgrades.\n *\n * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.\n *\n * _Available since v4.1._\n */\nabstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {\n function __UUPSUpgradeable_init() internal onlyInitializing {\n }\n\n function __UUPSUpgradeable_init_unchained() internal onlyInitializing {\n }\n /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment\n address private immutable __self = address(this);\n\n /**\n * @dev Check that the execution is being performed through a delegatecall call and that the execution context is\n * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case\n * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a\n * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to\n * fail.\n */\n modifier onlyProxy() {\n require(address(this) != __self, \"Function must be called through delegatecall\");\n require(_getImplementation() == __self, \"Function must be called through active proxy\");\n _;\n }\n\n /**\n * @dev Check that the execution is not being performed through a delegate call. This allows a function to be\n * callable on the implementing contract but not through proxies.\n */\n modifier notDelegated() {\n require(address(this) == __self, \"UUPSUpgradeable: must not be called through delegatecall\");\n _;\n }\n\n /**\n * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the\n * implementation. It is used to validate the implementation's compatibility when performing an upgrade.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.\n */\n function proxiableUUID() external view virtual override notDelegated returns (bytes32) {\n return _IMPLEMENTATION_SLOT;\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeTo(address newImplementation) public virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, new bytes(0), false);\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call\n * encoded in `data`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, data, true);\n }\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n *\n * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.\n *\n * ```solidity\n * function _authorizeUpgrade(address) internal override onlyOwner {}\n * ```\n */\n function _authorizeUpgrade(address newImplementation) internal virtual;\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n *\n * TIP: If you would like to learn more about reentrancy and alternative ways\n * to protect against it, check out our blog post\n * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].\n */\nabstract contract ReentrancyGuardUpgradeable is Initializable {\n // Booleans are more expensive than uint256 or any type that takes up a full\n // word because each write operation emits an extra SLOAD to first read the\n // slot's contents, replace the bits taken up by the boolean, and then write\n // back. This is the compiler's defense against contract upgrades and\n // pointer aliasing, and it cannot be disabled.\n\n // The values being non-zero value makes deployment a bit more expensive,\n // but in exchange the refund on every call to nonReentrant will be lower in\n // amount. Since refunds are capped to a percentage of the total\n // transaction's gas, it is best to keep them low in cases like this one, to\n // increase the likelihood of the full refund coming into effect.\n uint256 private constant _NOT_ENTERED = 1;\n uint256 private constant _ENTERED = 2;\n\n uint256 private _status;\n\n function __ReentrancyGuard_init() internal onlyInitializing {\n __ReentrancyGuard_init_unchained();\n }\n\n function __ReentrancyGuard_init_unchained() internal onlyInitializing {\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and making it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _nonReentrantBefore();\n _;\n _nonReentrantAfter();\n }\n\n function _nonReentrantBefore() private {\n // On the first call to nonReentrant, _status will be _NOT_ENTERED\n require(_status != _ENTERED, \"ReentrancyGuard: reentrant call\");\n\n // Any calls to nonReentrant after this point will fail\n _status = _ENTERED;\n }\n\n function _nonReentrantAfter() private {\n // By storing the original value once again, a refund is triggered (see\n // https://eips.ethereum.org/EIPS/eip-2200)\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Returns true if the reentrancy guard is currently set to \"entered\", which indicates there is a\n * `nonReentrant` function in the call stack.\n */\n function _reentrancyGuardEntered() internal view returns (bool) {\n return _status == _ENTERED;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20PermitUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20PermitUpgradeable {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20Upgradeable {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20Upgradeable.sol\";\nimport \"../extensions/IERC20PermitUpgradeable.sol\";\nimport \"../../../utils/AddressUpgradeable.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20Upgradeable {\n using AddressUpgradeable for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20PermitUpgradeable token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary AddressUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n function __Context_init() internal onlyInitializing {\n }\n\n function __Context_init_unchained() internal onlyInitializing {\n }\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../StringsUpgradeable.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSAUpgradeable {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", StringsUpgradeable.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/MathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary MathUpgradeable {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/SignedMathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMathUpgradeable {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StorageSlotUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n * function _getImplementation() internal view returns (address) {\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n * }\n *\n * function _setImplementation(address newImplementation) internal {\n * require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n * }\n * }\n * ```\n *\n * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._\n * _Available since v4.9 for `string`, `bytes`._\n */\nlibrary StorageSlotUpgradeable {\n struct AddressSlot {\n address value;\n }\n\n struct BooleanSlot {\n bool value;\n }\n\n struct Bytes32Slot {\n bytes32 value;\n }\n\n struct Uint256Slot {\n uint256 value;\n }\n\n struct StringSlot {\n string value;\n }\n\n struct BytesSlot {\n bytes value;\n }\n\n /**\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n */\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BooleanSlot` with member `value` located at `slot`.\n */\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.\n */\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Uint256Slot` with member `value` located at `slot`.\n */\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` with member `value` located at `slot`.\n */\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n */\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` with member `value` located at `slot`.\n */\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n */\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StringsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/MathUpgradeable.sol\";\nimport \"./math/SignedMathUpgradeable.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary StringsUpgradeable {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = MathUpgradeable.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMathUpgradeable.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, MathUpgradeable.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/vendor/optimism/ICrossDomainMessengerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (vendor/optimism/ICrossDomainMessenger.sol)\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessengerUpgradeable {\n /**********\n * Events *\n **********/\n\n event SentMessage(address indexed target, address sender, bytes message, uint256 messageNonce, uint256 gasLimit);\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(address _target, bytes calldata _message, uint32 _gasLimit) external;\n}\n" + }, + "@openzeppelin/contracts/access/Ownable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n" + }, + "@openzeppelin/contracts/interfaces/IERC1271.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC1271 standard signature validation method for\n * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].\n *\n * _Available since v4.1._\n */\ninterface IERC1271 {\n /**\n * @dev Should return whether the signature provided is valid for the provided data\n * @param hash Hash of the data to be signed\n * @param signature Signature byte array associated with _data\n */\n function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20Permit {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/IERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\nimport \"../extensions/IERC20Permit.sol\";\nimport \"../../../utils/Address.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using Address for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20 token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20Permit token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Address.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Context.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/ECDSA.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../Strings.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", Strings.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.2) (utils/cryptography/MerkleProof.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev These functions deal with verification of Merkle Tree proofs.\n *\n * The tree and the proofs can be generated using our\n * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].\n * You will find a quickstart guide in the readme.\n *\n * WARNING: You should avoid using leaf values that are 64 bytes long prior to\n * hashing, or use a hash function other than keccak256 for hashing leaves.\n * This is because the concatenation of a sorted pair of internal nodes in\n * the merkle tree could be reinterpreted as a leaf value.\n * OpenZeppelin's JavaScript library generates merkle trees that are safe\n * against this attack out of the box.\n */\nlibrary MerkleProof {\n /**\n * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree\n * defined by `root`. For this, a `proof` must be provided, containing\n * sibling hashes on the branch from the leaf to the root of the tree. Each\n * pair of leaves and each pair of pre-images are assumed to be sorted.\n */\n function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProof(proof, leaf) == root;\n }\n\n /**\n * @dev Calldata version of {verify}\n *\n * _Available since v4.7._\n */\n function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProofCalldata(proof, leaf) == root;\n }\n\n /**\n * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up\n * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt\n * hash matches the root of the tree. When processing the proof, the pairs\n * of leafs & pre-images are assumed to be sorted.\n *\n * _Available since v4.4._\n */\n function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Calldata version of {processProof}\n *\n * _Available since v4.7._\n */\n function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a merkle tree defined by\n * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerify(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProof(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Calldata version of {multiProofVerify}\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerifyCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProofCalldata(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction\n * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another\n * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false\n * respectively.\n *\n * CAUTION: Not all merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree\n * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the\n * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).\n *\n * _Available since v4.7._\n */\n function processMultiProof(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n /**\n * @dev Calldata version of {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function processMultiProofCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {\n return a < b ? _efficientHash(a, b) : _efficientHash(b, a);\n }\n\n function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, a)\n mstore(0x20, b)\n value := keccak256(0x00, 0x40)\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/SignatureChecker.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./ECDSA.sol\";\nimport \"../../interfaces/IERC1271.sol\";\n\n/**\n * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA\n * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets like\n * Argent and Gnosis Safe.\n *\n * _Available since v4.1._\n */\nlibrary SignatureChecker {\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the\n * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECDSA.recover`.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {\n (address recovered, ECDSA.RecoverError error) = ECDSA.tryRecover(hash, signature);\n return\n (error == ECDSA.RecoverError.NoError && recovered == signer) ||\n isValidERC1271SignatureNow(signer, hash, signature);\n }\n\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated\n * against the signer smart contract using ERC1271.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidERC1271SignatureNow(\n address signer,\n bytes32 hash,\n bytes memory signature\n ) internal view returns (bool) {\n (bool success, bytes memory result) = signer.staticcall(\n abi.encodeWithSelector(IERC1271.isValidSignature.selector, hash, signature)\n );\n return (success &&\n result.length >= 32 &&\n abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/Math.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary Math {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/SignedMath.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMath {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Strings.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/Math.sol\";\nimport \"./math/SignedMath.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = Math.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMath.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, Math.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: AGPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"./MerkleDistributorInterface.sol\";\n\n/**\n * Inspired by:\n * - https://github.com/pie-dao/vested-token-migration-app\n * - https://github.com/Uniswap/merkle-distributor\n * - https://github.com/balancer-labs/erc20-redeemable\n *\n * @title MerkleDistributor contract.\n * @notice Allows an owner to distribute any reward ERC20 to claimants according to Merkle roots. The owner can specify\n * multiple Merkle roots distributions with customized reward currencies.\n * @dev The Merkle trees are not validated in any way, so the system assumes the contract owner behaves honestly.\n */\ncontract MerkleDistributor is MerkleDistributorInterface, Ownable {\n using SafeERC20 for IERC20;\n\n // Windows are mapped to arbitrary indices.\n mapping(uint256 => Window) public merkleWindows;\n\n // Index of next created Merkle root.\n uint256 public nextCreatedIndex;\n\n // Track which accounts have claimed for each window index.\n // Note: uses a packed array of bools for gas optimization on tracking certain claims. Copied from Uniswap's contract.\n mapping(uint256 => mapping(uint256 => uint256)) private claimedBitMap;\n\n /****************************************\n * EVENTS\n ****************************************/\n event Claimed(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n event CreatedWindow(\n uint256 indexed windowIndex,\n uint256 rewardsDeposited,\n address indexed rewardToken,\n address owner\n );\n event WithdrawRewards(address indexed owner, uint256 amount, address indexed currency);\n event DeleteWindow(uint256 indexed windowIndex, address owner);\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Set merkle root for the next available window index and seed allocations.\n * @notice Callable only by owner of this contract. Caller must have approved this contract to transfer\n * `rewardsToDeposit` amount of `rewardToken` or this call will fail. Importantly, we assume that the\n * owner of this contract correctly chooses an amount `rewardsToDeposit` that is sufficient to cover all\n * claims within the `merkleRoot`.\n * @param rewardsToDeposit amount of rewards to deposit to seed this allocation.\n * @param rewardToken ERC20 reward token.\n * @param merkleRoot merkle root describing allocation.\n * @param ipfsHash hash of IPFS object, conveniently stored for clients\n */\n function setWindow(\n uint256 rewardsToDeposit,\n address rewardToken,\n bytes32 merkleRoot,\n string calldata ipfsHash\n ) external onlyOwner {\n uint256 indexToSet = nextCreatedIndex;\n nextCreatedIndex = indexToSet + 1;\n\n _setWindow(indexToSet, rewardsToDeposit, rewardToken, merkleRoot, ipfsHash);\n }\n\n /**\n * @notice Delete merkle root at window index.\n * @dev Callable only by owner. Likely to be followed by a withdrawRewards call to clear contract state.\n * @param windowIndex merkle root index to delete.\n */\n function deleteWindow(uint256 windowIndex) external onlyOwner {\n delete merkleWindows[windowIndex];\n emit DeleteWindow(windowIndex, msg.sender);\n }\n\n /**\n * @notice Emergency method that transfers rewards out of the contract if the contract was configured improperly.\n * @dev Callable only by owner.\n * @param rewardCurrency rewards to withdraw from contract.\n * @param amount amount of rewards to withdraw.\n */\n function withdrawRewards(IERC20 rewardCurrency, uint256 amount) external onlyOwner {\n rewardCurrency.safeTransfer(msg.sender, amount);\n emit WithdrawRewards(msg.sender, amount, address(rewardCurrency));\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev Optimistically tries to batch together consecutive claims for the same account and same\n * reward token to reduce gas. Therefore, the most gas-cost-optimal way to use this method\n * is to pass in an array of claims sorted by account and reward currency. It also reverts\n * when any of individual `_claim`'s `amount` exceeds `remainingAmount` for its window.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public virtual override {\n uint256 batchedAmount;\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n Claim memory _claim = claims[i];\n _verifyAndMarkClaimed(_claim);\n batchedAmount += _claim.amount;\n\n // If the next claim is NOT the same account or the same token (or this claim is the last one),\n // then disburse the `batchedAmount` to the current claim's account for the current claim's reward token.\n uint256 nextI = i + 1;\n IERC20 currentRewardToken = merkleWindows[_claim.windowIndex].rewardToken;\n if (\n nextI == claimCount ||\n // This claim is last claim.\n claims[nextI].account != _claim.account ||\n // Next claim account is different than current one.\n merkleWindows[claims[nextI].windowIndex].rewardToken != currentRewardToken\n // Next claim reward token is different than current one.\n ) {\n currentRewardToken.safeTransfer(_claim.account, batchedAmount);\n batchedAmount = 0;\n }\n }\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev If the `_claim`'s `amount`, `accountIndex`, and `account` do not exactly match the\n * values stored in the merkle root for the `_claim`'s `windowIndex` this method\n * will revert. It also reverts when `_claim`'s `amount` exceeds `remainingAmount` for the window.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public virtual override {\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(_claim.account, _claim.amount);\n }\n\n /**\n * @notice Returns True if the claim for `accountIndex` has already been completed for the Merkle root at\n * `windowIndex`.\n * @dev This method will only work as intended if all `accountIndex`'s are unique for a given `windowIndex`.\n * The onus is on the Owner of this contract to submit only valid Merkle roots.\n * @param windowIndex merkle root to check.\n * @param accountIndex account index to check within window index.\n * @return True if claim has been executed already, False otherwise.\n */\n function isClaimed(uint256 windowIndex, uint256 accountIndex) public view returns (bool) {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n uint256 claimedWord = claimedBitMap[windowIndex][claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Returns rewardToken set by admin for windowIndex.\n * @param windowIndex merkle root to check.\n * @return address Reward token address\n */\n function getRewardTokenForWindow(uint256 windowIndex) public view override returns (address) {\n return address(merkleWindows[windowIndex].rewardToken);\n }\n\n /**\n * @notice Returns True if leaf described by {account, amount, accountIndex} is stored in Merkle root at given\n * window index.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n * @return valid True if leaf exists.\n */\n function verifyClaim(Claim memory _claim) public view returns (bool valid) {\n bytes32 leaf = keccak256(abi.encodePacked(_claim.account, _claim.amount, _claim.accountIndex));\n return MerkleProof.verify(_claim.merkleProof, merkleWindows[_claim.windowIndex].merkleRoot, leaf);\n }\n\n /****************************\n * PRIVATE FUNCTIONS\n ****************************/\n\n // Mark claim as completed for `accountIndex` for Merkle root at `windowIndex`.\n function _setClaimed(uint256 windowIndex, uint256 accountIndex) private {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n claimedBitMap[windowIndex][claimedWordIndex] =\n claimedBitMap[windowIndex][claimedWordIndex] |\n (1 << claimedBitIndex);\n }\n\n // Store new Merkle root at `windowindex`. Pull `rewardsDeposited` from caller to seed distribution for this root.\n function _setWindow(\n uint256 windowIndex,\n uint256 rewardsDeposited,\n address rewardToken,\n bytes32 merkleRoot,\n string memory ipfsHash\n ) private {\n Window storage window = merkleWindows[windowIndex];\n window.merkleRoot = merkleRoot;\n window.remainingAmount = rewardsDeposited;\n window.rewardToken = IERC20(rewardToken);\n window.ipfsHash = ipfsHash;\n\n emit CreatedWindow(windowIndex, rewardsDeposited, rewardToken, msg.sender);\n\n window.rewardToken.safeTransferFrom(msg.sender, address(this), rewardsDeposited);\n }\n\n // Verify claim is valid and mark it as completed in this contract.\n function _verifyAndMarkClaimed(Claim memory _claim) internal {\n // Check claimed proof against merkle window at given index.\n require(verifyClaim(_claim), \"Incorrect merkle proof\");\n // Check the account has not yet claimed for this window.\n require(!isClaimed(_claim.windowIndex, _claim.accountIndex), \"Account has already claimed for this window\");\n\n // Proof is correct and claim has not occurred yet, mark claimed complete.\n _setClaimed(_claim.windowIndex, _claim.accountIndex);\n merkleWindows[_claim.windowIndex].remainingAmount -= _claim.amount;\n emit Claimed(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributorInterface.sol": { + "content": "// SPDX-License-Identifier: GPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in MerkleDistributor implementation that would be called by\n * a consuming external contract (such as the Across Protocol's AcceleratingDistributor).\n */\ninterface MerkleDistributorInterface {\n // A Window maps a Merkle root to a reward token address.\n struct Window {\n // Merkle root describing the distribution.\n bytes32 merkleRoot;\n // Remaining amount of deposited rewards that have not yet been claimed.\n uint256 remainingAmount;\n // Currency in which reward is processed.\n IERC20 rewardToken;\n // IPFS hash of the merkle tree. Can be used to independently fetch recipient proofs and tree. Note that the canonical\n // data type for storing an IPFS hash is a multihash which is the concatenation of \n // . We opted to store this in a string type to make it easier\n // for users to query the ipfs data without needing to reconstruct the multihash. to view the IPFS data simply\n // go to https://cloudflare-ipfs.com/ipfs/.\n string ipfsHash;\n }\n\n // Represents an account's claim for `amount` within the Merkle root located at the `windowIndex`.\n struct Claim {\n uint256 windowIndex;\n uint256 amount;\n uint256 accountIndex; // Used only for bitmap. Assumed to be unique for each claim.\n address account;\n bytes32[] merkleProof;\n }\n\n function claim(Claim memory _claim) external;\n\n function claimMulti(Claim[] memory claims) external;\n\n function getRewardTokenForWindow(uint256 windowIndex) external view returns (address);\n}\n" + }, + "contracts/Arbitrum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\ninterface StandardBridgeLike {\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external payable returns (bytes memory);\n}\n\n/**\n * @notice AVM specific SpokePool. Uses AVM cross-domain-enabled logic to implement admin only access to functions.\n */\ncontract Arbitrum_SpokePool is SpokePool {\n // Address of the Arbitrum L2 token gateway to send funds to L1.\n address public l2GatewayRouter;\n\n // Admin controlled mapping of arbitrum tokens to L1 counterpart. L1 counterpart addresses\n // are necessary params used when bridging tokens to L1.\n mapping(address => address) public whitelistedTokens;\n\n event ArbitrumTokensBridged(address indexed l1Token, address target, uint256 numberOfTokensBridged);\n event SetL2GatewayRouter(address indexed newL2GatewayRouter);\n event WhitelistedTokens(address indexed l2Token, address indexed l1Token);\n\n /**\n * @notice Construct the AVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _l2GatewayRouter Address of L2 token gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _l2GatewayRouter,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setL2GatewayRouter(_l2GatewayRouter);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ARBITRUM-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 gateway router. Callable only by admin.\n * @param newL2GatewayRouter New L2 gateway router.\n */\n function setL2GatewayRouter(address newL2GatewayRouter) public onlyAdmin nonReentrant {\n _setL2GatewayRouter(newL2GatewayRouter);\n }\n\n /**\n * @notice Add L2 -> L1 token mapping. Callable only by admin.\n * @param l2Token Arbitrum token.\n * @param l1Token Ethereum version of l2Token.\n */\n function whitelistToken(address l2Token, address l1Token) public onlyAdmin nonReentrant {\n _whitelistToken(l2Token, l1Token);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // Check that the Ethereum counterpart of the L2 token is stored on this contract.\n address ethereumTokenToBridge = whitelistedTokens[relayerRefundLeaf.l2TokenAddress];\n require(ethereumTokenToBridge != address(0), \"Uninitialized mainnet token\");\n //slither-disable-next-line unused-return\n StandardBridgeLike(l2GatewayRouter).outboundTransfer(\n ethereumTokenToBridge, // _l1Token. Address of the L1 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 hub pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n emit ArbitrumTokensBridged(address(0), hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setL2GatewayRouter(address _l2GatewayRouter) internal {\n l2GatewayRouter = _l2GatewayRouter;\n emit SetL2GatewayRouter(l2GatewayRouter);\n }\n\n function _whitelistToken(address _l2Token, address _l1Token) internal {\n whitelistedTokens[_l2Token] = _l1Token;\n emit WhitelistedTokens(_l2Token, _l1Token);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://developer.offchainlabs.com/docs/l1_l2_messages#address-aliasing for more information.\n // This cannot be pulled directly from Arbitrum contracts because their contracts are not 0.8.X compatible and\n // this operation takes advantage of overflows, whose behavior changed in 0.8.0.\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n // Allows overflows as explained above.\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n // Apply AVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + }, + "contracts/chain-adapters/Arbitrum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Arbitrum's L1 Inbox contract used to send messages to Arbitrum.\n */\ninterface ArbitrumL1InboxLike {\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @dev Caller must set msg.value equal to at least `maxSubmissionCost + maxGas * gasPriceBid`.\n * all msg.value will deposited to callValueRefundAddress on L2\n * @dev More details can be found here: https://developer.arbitrum.io/arbos/l1-to-l2-messaging\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function createRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed\n * funds come from the deposit alone, rather than falling back on the user's L2 balance\n * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).\n * createRetryableTicket method is the recommended standard.\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function unsafeCreateRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n}\n\n/**\n * @notice Layer 1 Gateway contract for bridging standard ERC20s to Arbitrum.\n */\ninterface ArbitrumL1ERC20GatewayLike {\n /**\n * @notice Deprecated in favor of outboundTransferCustomRefund but still used in custom bridges\n * like the DAI bridge.\n * @dev Refunded to aliased L2 address of sender if sender has code on L1, otherwise to to sender's EOA on L2.\n * @param _l1Token L1 address of ERC20\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice Deposit ERC20 token from Ethereum into Arbitrum.\n * @dev L2 address alias will not be applied to the following types of addresses on L1:\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * @param _l1Token L1 address of ERC20\n * @param _refundTo Account, or its L2 alias if it have code in L1, to be credited with excess gas refund in L2\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransferCustomRefund(\n address _l1Token,\n address _refundTo,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice get ERC20 gateway for token.\n * @param _token ERC20 address.\n * @return address of ERC20 gateway.\n */\n function getGateway(address _token) external view returns (address);\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Arbitrum.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public constant l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public constant l2GasPrice = 5e9; // 5 gWei\n\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n uint32 public constant RELAY_MESSAGE_L2_GAS_LIMIT = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(\n ArbitrumL1InboxLike _l1ArbitrumInbox,\n ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter,\n address _l2RefundL2Address\n ) {\n l1Inbox = _l1ArbitrumInbox;\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send cross-chain message to target on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param target Contract on Arbitrum that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_MESSAGE_L2_GAS_LIMIT);\n\n l1Inbox.createRetryableTicket{ value: requiredL1CallValue }(\n target, // destAddr destination L2 contract address\n 0, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n RELAY_MESSAGE_L2_GAS_LIMIT, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n message // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for Arbitrum.\n uint256 amount,\n address to\n ) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_TOKENS_L2_GAS_LIMIT);\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n // Note: Legacy routers don't have the outboundTransferCustomRefund method, so default to using\n // outboundTransfer(). Legacy routers are used for the following tokens that are currently enabled:\n // - DAI: the implementation of `outboundTransfer` at the current DAI custom gateway\n // (https://etherscan.io/address/0xD3B5b60020504bc3489D6949d545893982BA3011#writeContract) sets the\n // sender as the refund address so the aliased HubPool should receive excess funds. Implementation here:\n // https://github.com/makerdao/arbitrum-dai-bridge/blob/11a80385e2622968069c34d401b3d54a59060e87/contracts/l1/L1DaiGateway.sol#L109\n if (l1Token == 0x6B175474E89094C44Da98b954EedeAC495271d0F) {\n // This means that the excess ETH to pay for the L2 transaction will be sent to the aliased\n // contract address on L2, which we'd have to retrieve via a custom adapter, the Arbitrum_RescueAdapter.\n // To do so, in a single transaction: 1) setCrossChainContracts to Arbitrum_RescueAdapter, 2) relayMessage\n // with function data = abi.encode(amountToRescue), 3) setCrossChainContracts back to this adapter.\n l1ERC20GatewayRouter.outboundTransfer{ value: requiredL1CallValue }(\n l1Token,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n } else {\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue(uint32 l2GasLimit) public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance(uint32 l2GasLimit) internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue(l2GasLimit);\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"./Arbitrum_Adapter.sol\"; // Used to import `ArbitrumL1ERC20GatewayLike` and `ArbitrumL1InboxLike`\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Meant to copy the Arbitrum_Adapter exactly in how it sends L1 --> L2 messages but is designed only to be\n * used by the owner of the HubPool to retrieve ETH held by its aliased address on L2. This ETH builds up because\n * `relayTokens` calls `l1ERC20GatewayRouter.outboundTransfer` which does not allow the caller to specify an L2 refund\n * address the same way that `l1Inbox.createRetryableTicket` does. This means that the alias address of the caller, the\n * HubPool in this case, receives ETH on L2. This Adapter can be used to send messages to Arbitrum specifically to send\n * transactions as if called by the aliased HubPool address.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public immutable l2GasPrice = 5e9; // 5 gWei\n\n // Gas limit for immediate L2 execution attempt (can be estimated via NodeInterface.estimateRetryableTicket).\n // NodeInterface precompile interface exists at L2 address 0x00000000000000000000000000000000000000C8\n uint32 public immutable l2GasLimit = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n // L1 HubPool address aliased on L2: https://github.com/OffchainLabs/arbitrum/blob/master/docs/L1_L2_Messages.md#address-aliasing\n address public immutable aliasedL2HubPoolAddress = 0xd297fA914353c44B2e33EBE05F21846f1048CFeB;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n */\n constructor(ArbitrumL1InboxLike _l1ArbitrumInbox) {\n l1Inbox = _l1ArbitrumInbox;\n\n l2RefundL2Address = msg.sender;\n }\n\n /**\n * @notice Send cross-chain message to aliased hub pool address on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param message Data to send to aliased hub pool.\n */\n function relayMessage(address, bytes memory message) external payable override {\n uint256 valueToReturn = abi.decode(message, (uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // In the rescue ETH setup, we send the transaction to the refund address, we provide a call value equal to the\n // amount we want to rescue, and we specify an empty calldata, since it's a simple ETH transfer.\n // Note: we use the unsafe version of createRetryableTicket because it doesn't require the msg.sender to pass\n // in arbTxCallValue in addition to maxSubmissionCost + maxGas * gasPriceBid.\n l1Inbox.unsafeCreateRetryableTicket{ value: requiredL1CallValue }(\n l2RefundL2Address, // destAddr destination L2 contract address\n valueToReturn, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n l2GasLimit, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n \"\" // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(aliasedL2HubPoolAddress, \"\");\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"useless function\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_SendTokensAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport { ArbitrumL1ERC20GatewayLike } from \"./Arbitrum_Adapter.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to send funds from the Hub to a Spoke in the event that a spoke pool\n * received a duplicate root bundle relay, due to some replay issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_SendTokensAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n uint256 public immutable l2GasPrice = 5e9;\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n address public immutable l2RefundL2Address;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter, address _l2RefundL2Address) {\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send tokens to SpokePool. Enables HubPool admin to call relaySpokePoolAdminFunction that will trigger\n * this function.\n * @dev This performs similar logic to relayTokens in the normal Arbitrum_Adapter by sending tokens\n * the Arbitrum_SpokePool out of the HubPool.\n * @param message The encoded address of the ERC20 to send to the rescue address.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n (address l1Token, uint256 amount) = abi.decode(message, (address, uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n target,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n\n // Purposefully not emitting any events so as not to confuse off-chain monitors that track this event.\n // emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * RELAY_TOKENS_L2_GAS_LIMIT;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Base_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Base. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Base_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Base system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Base.\n * @param target Contract on Base that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Base.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Boba_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Boba. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Boba_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 2_000_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Boba system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Boba.\n * @param target Contract on Boba that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Boba.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/CrossDomainEnabled.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.0;\n\n/* Interface Imports */\nimport { ICrossDomainMessenger } from \"@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol\";\n\n/**\n * @title CrossDomainEnabled\n * @dev Helper contract for contracts performing cross-domain communications between L1 and Optimism.\n * @dev This modifies the eth-optimism/CrossDomainEnabled contract only by changing state variables to be\n * immutable for use in contracts like the Optimism_Adapter which use delegateCall().\n */\ncontract CrossDomainEnabled {\n // Messenger contract used to send and recieve messages from the other domain.\n address public immutable messenger;\n\n /**\n * @param _messenger Address of the CrossDomainMessenger on the current layer.\n */\n constructor(address _messenger) {\n messenger = _messenger;\n }\n\n /**\n * Enforces that the modified function is only callable by a specific cross-domain account.\n * @param _sourceDomainAccount The only account on the originating domain which is\n * authenticated to call this function.\n */\n modifier onlyFromCrossDomainAccount(address _sourceDomainAccount) {\n require(msg.sender == address(getCrossDomainMessenger()), \"invalid cross domain messenger\");\n\n require(\n getCrossDomainMessenger().xDomainMessageSender() == _sourceDomainAccount,\n \"invalid cross domain sender\"\n );\n\n _;\n }\n\n /**\n * Gets the messenger, usually from storage. This function is exposed in case a child contract\n * needs to override.\n * @return The address of the cross-domain messenger contract which should be used.\n */\n function getCrossDomainMessenger() internal virtual returns (ICrossDomainMessenger) {\n return ICrossDomainMessenger(messenger);\n }\n\n /**\n * Sends a message to an account on another domain\n * @param _crossDomainTarget The intended recipient on the destination domain\n * @param _message The data to send to the target (usually calldata to a function with\n * onlyFromCrossDomainAccount())\n * @param _gasLimit The gasLimit for the receipt of the message on the target domain.\n */\n function sendCrossDomainMessage(\n address _crossDomainTarget,\n uint32 _gasLimit,\n bytes calldata _message\n ) internal {\n // slither-disable-next-line reentrancy-events, reentrancy-benign\n getCrossDomainMessenger().sendMessage(_crossDomainTarget, _message, _gasLimit);\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Ethereum SpokePool.\n * @notice This contract should always be deployed on the same chain as the HubPool, as it acts as a pass-through\n * contract between HubPool and SpokePool on the same chain. Its named \"Ethereum_Adapter\" because a core assumption\n * is that the HubPool will be deployed on Ethereum, so this adapter will be used to communicate between HubPool\n * and the Ethereum_SpokePool.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n /**\n * @notice Send message to target on Ethereum.\n * @notice This function, and contract overall, is not useful in practice except that the HubPool\n * expects to interact with the SpokePool via an Adapter, so when communicating to the Ethereum_SpokePool, it must\n * send messages via this pass-through contract.\n * @param target Contract that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n _executeCall(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Send tokens to target.\n * @param l1Token L1 token to send.\n * @param l2Token Unused parameter in this contract.\n * @param amount Amount of L1 tokens to send.\n * @param to recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for ethereum since we are assuming that the HubPool is only deployed\n // on this network.\n uint256 amount,\n address to\n ) external payable override {\n IERC20(l1Token).safeTransfer(to, amount);\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n // Note: this snippet of code is copied from Governor.sol. Source: https://github.com/UMAprotocol/protocol/blob/5b37ea818a28479c01e458389a83c3e736306b17/packages/core/contracts/oracle/implementation/Governor.sol#L190-L207\n function _executeCall(address to, bytes memory data) private {\n // Note: this snippet of code is copied from Governor.sol and modified to not include any \"value\" field.\n\n bool success;\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let inputData := add(data, 0x20)\n let inputDataSize := mload(data)\n // Hardcode value to be 0 for relayed governance calls in order to avoid addressing complexity of bridging\n // value cross-chain.\n success := call(gas(), to, 0, inputData, inputDataSize, 0, 0)\n }\n require(success, \"execute call failed\");\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to rescue funds from a Hub in the event of a misconfiguration or\n * security issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n address public immutable rescueAddress;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rescueAddress Rescue address to send funds to.\n */\n constructor(address _rescueAddress) {\n rescueAddress = _rescueAddress;\n }\n\n /**\n * @notice Rescues the tokens from the calling contract.\n * @param message The encoded address of the ERC20 to send to the rescue addres.\n */\n function relayMessage(address, bytes memory message) external payable override {\n IERC20 tokenAddress = IERC20(abi.decode(message, (address)));\n\n // Transfer full balance of tokens to the rescue address.\n tokenAddress.safeTransfer(rescueAddress, tokenAddress.balanceOf(address(this)));\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n}\n" + }, + "contracts/chain-adapters/interfaces/AdapterInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Sends cross chain messages and tokens to contracts on a specific L2 network.\n * This interface is implemented by an adapter contract that is deployed on L1.\n */\n\ninterface AdapterInterface {\n event MessageRelayed(address target, bytes message);\n\n event TokensRelayed(address l1Token, address l2Token, uint256 amount, address to);\n\n /**\n * @notice Send message to `target` on L2.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param target L2 address to send message to.\n * @param message Message to send to `target`.\n */\n function relayMessage(address target, bytes calldata message) external payable;\n\n /**\n * @notice Send `amount` of `l1Token` to `to` on L2. `l2Token` is the L2 address equivalent of `l1Token`.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param l1Token L1 token to bridge.\n * @param l2Token L2 token to receive.\n * @param amount Amount of `l1Token` to bridge.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable;\n}\n" + }, + "contracts/chain-adapters/Optimism_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Synthetix custom bridge to Optimism.\n */\ninterface SynthetixBridgeToOptimism is IL1StandardBridge {\n /**\n * @notice Send tokens to Optimism.\n * @param to Address to send tokens to on L2.\n * @param amount Amount of tokens to send.\n */\n function depositTo(address to, uint256 amount) external;\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Optimism.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore it's only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Optimism_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n // Optimism has the ability to support \"custom\" bridges. These bridges are not supported by the canonical bridge\n // and so we need to store the address of the custom token and the associated bridge. In the event we want to\n // support a new token that is not supported by Optimism, we can add a new custom bridge for it and re-deploy the\n // adapter. A full list of custom optimism tokens and their associated bridges can be found here:\n // https://github.com/ethereum-optimism/ethereum-optimism.github.io/blob/master/optimism.tokenlist.json\n address public immutable dai = 0x6B175474E89094C44Da98b954EedeAC495271d0F;\n address public immutable daiOptimismBridge = 0x10E6593CDda8c58a1d0f14C5164B376352a55f2F;\n address public immutable snx = 0xC011a73ee8576Fb46F5E1c5751cA3B9Fe0af2a6F;\n address public immutable snxOptimismBridge = 0x39Ea01a0298C315d149a490E34B59Dbf2EC7e48F;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Optimism system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Optimism.\n * @param target Contract on Optimism that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Optimism.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n address bridgeToUse = address(l1StandardBridge);\n\n // Check if the L1 token requires a custom bridge. If so, use that bridge over the standard bridge.\n if (l1Token == dai) bridgeToUse = daiOptimismBridge; // 1. DAI\n if (l1Token == snx) bridgeToUse = snxOptimismBridge; // 2. SNX\n\n IERC20(l1Token).safeIncreaseAllowance(bridgeToUse, amount);\n if (l1Token == snx) SynthetixBridgeToOptimism(bridgeToUse).depositTo(to, amount);\n else IL1StandardBridge(bridgeToUse).depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Polygon_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Send tokens to Polygon.\n */\ninterface IRootChainManager {\n /**\n * @notice Send msg.value of ETH to Polygon\n * @param user Recipient of ETH on Polygon.\n */\n function depositEtherFor(address user) external payable;\n\n /**\n * @notice Send ERC20 tokens to Polygon.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param rootToken L1 Address of token to send.\n * @param depositData Data to pass to L2 including amount of tokens to send. Should be abi.encode(amount).\n */\n function depositFor(\n address user,\n address rootToken,\n bytes calldata depositData\n ) external;\n}\n\n/**\n * @notice Send arbitrary messages to Polygon.\n */\ninterface IFxStateSender {\n /**\n * @notice Send arbitrary message to Polygon.\n * @param _receiver Address on Polygon to receive message.\n * @param _data Message to send to `_receiver` on Polygon.\n */\n function sendMessageToChild(address _receiver, bytes calldata _data) external;\n}\n\n/**\n * @notice Similar to RootChainManager, but for Matic (Plasma) bridge.\n */\ninterface DepositManager {\n /**\n * @notice Send tokens to Polygon. Only used to send MATIC in this Polygon_Adapter.\n * @param token L1 token to send. Should be MATIC.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param amount Amount of `token` to send.\n */\n function depositERC20ForUser(\n address token,\n address user,\n uint256 amount\n ) external;\n}\n\n/**\n * @notice Sends cross chain messages Polygon L2 network.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Polygon_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n IRootChainManager public immutable rootChainManager;\n IFxStateSender public immutable fxStateSender;\n DepositManager public immutable depositManager;\n address public immutable erc20Predicate;\n address public immutable l1Matic;\n WETH9Interface public immutable l1Weth;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rootChainManager RootChainManager Polygon system contract to deposit tokens over the PoS bridge.\n * @param _fxStateSender FxStateSender Polygon system contract to send arbitrary messages to L2.\n * @param _depositManager DepositManager Polygon system contract to deposit tokens over the Plasma bridge (Matic).\n * @param _erc20Predicate ERC20Predicate Polygon system contract to approve when depositing to the PoS bridge.\n * @param _l1Matic matic address on l1.\n * @param _l1Weth WETH address on L1.\n */\n constructor(\n IRootChainManager _rootChainManager,\n IFxStateSender _fxStateSender,\n DepositManager _depositManager,\n address _erc20Predicate,\n address _l1Matic,\n WETH9Interface _l1Weth\n ) {\n rootChainManager = _rootChainManager;\n fxStateSender = _fxStateSender;\n depositManager = _depositManager;\n erc20Predicate = _erc20Predicate;\n l1Matic = _l1Matic;\n l1Weth = _l1Weth;\n }\n\n /**\n * @notice Send cross-chain message to target on Polygon.\n * @param target Contract on Polygon that will receive message.\n * @param message Data to send to target.\n */\n\n function relayMessage(address target, bytes calldata message) external payable override {\n fxStateSender.sendMessageToChild(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Polygon.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n rootChainManager.depositEtherFor{ value: amount }(to);\n } else if (l1Token == l1Matic) {\n IERC20(l1Token).safeIncreaseAllowance(address(depositManager), amount);\n depositManager.depositERC20ForUser(l1Token, to, amount);\n } else {\n IERC20(l1Token).safeIncreaseAllowance(erc20Predicate, amount);\n rootChainManager.depositFor(to, l1Token, abi.encode(amount));\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/ZkSync_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\ninterface ZkSyncInterface {\n // _contractL2: L2 address of the contract to be called.\n // _l2Value: Amount of ETH to pass with the call to L2; used as msg.value for the transaction.\n // _calldata: Calldata of the transaction call; encoded the same way as in Ethereum.\n // _l2GasLimit: Gas limit of the L2 transaction call.\n // _l2GasPerPubdataByteLimit: A constant representing how much gas is required to publish a byte of data from\n // L1 to L2. https://era.zksync.io/docs/api/js/utils.html#gas\n // _factoryDeps: Bytecodes array containing the bytecode of the contract being deployed.\n // If the contract is a factory contract, the array contains the bytecodes of the contracts it can deploy.\n // _refundRecipient: Address that receives the rest of the fee after the transaction execution.\n // If refundRecipient == 0, L2 msg.sender is used. Note: If the _refundRecipient is a smart contract,\n // then during the L1 to L2 transaction its address is aliased.\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash);\n\n // @notice Estimates the cost in Ether of requesting execution of an L2 transaction from L1\n // @param _l1GasPrice Effective gas price on L1 (priority fee + base fee)\n // @param _l2GasLimit Gas limit for the L2 transaction\n // @param _l2GasPerPubdataByteLimit Gas limit for the L2 transaction per byte of pubdata\n // @return The estimated L2 gas for the transaction to be paid\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256);\n}\n\ninterface ZkBridgeLike {\n // @dev: Use ZkSyncInterface.requestL2Transaction to bridge WETH as ETH to L2.\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash);\n}\n\n// Note: this contract just forwards the calls from the HubPool to ZkSync to avoid limits.\n// A modified ZKSync_Adapter should be deployed with this address swapped in for all zkSync addresses.\ncontract LimitBypassProxy is ZkSyncInterface, ZkBridgeLike {\n using SafeERC20 for IERC20;\n ZkSyncInterface public constant zkSync = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256) {\n return zkSync.l2TransactionBaseCost(_l1GasPrice, _l2GasLimit, _l2GasPerPubdataByteLimit);\n }\n\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash) {\n return\n zkSync.requestL2Transaction{ value: msg.value }(\n _contractL2,\n _l2Value,\n _calldata,\n _l2GasLimit,\n _l2GasPerPubdataByteLimit,\n _factoryDeps,\n _refundRecipient\n );\n }\n\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash) {\n IERC20(_l1Token).safeIncreaseAllowance(address(zkErc20Bridge), _amount);\n return\n zkErc20Bridge.deposit{ value: msg.value }(\n _l2Receiver,\n _l1Token,\n _amount,\n _l2TxGasLimit,\n _l2TxGasPerPubdataByte,\n _refundRecipient\n );\n }\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to ZkSync.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract ZkSync_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // We need to pay a base fee to the operator to include our L1 --> L2 transaction.\n // https://era.zksync.io/docs/dev/developer-guides/bridging/l1-l2.html#getting-the-base-cost\n\n // Generally, the following params are a bit hard to set and may change in the future once ZkSync\n // goes live. For now, we'll hardcode these and use aggressive values to ensure inclusion.\n\n // Limit on L2 gas to spend.\n uint256 public constant L2_GAS_LIMIT = 2_000_000;\n\n // How much gas is required to publish a byte of data from L1 to L2. 800 is the required value\n // as set here https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L226\n // Note, this value can change and will require an updated adapter.\n uint256 public constant L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT = 800;\n\n // This address receives any remaining fee after an L1 to L2 transaction completes.\n // If refund recipient = address(0) then L2 msg.sender is used, unless msg.sender is a contract then its address\n // gets aliased.\n address public immutable l2RefundAddress;\n\n // Hardcode the following ZkSync system contract addresses to save gas on construction. This adapter can be\n // redeployed in the event that the following addresses change.\n\n // Main contract used to send L1 --> L2 messages. Fetchable via `zks_getMainContract` method on JSON RPC.\n ZkSyncInterface public constant zkSyncMessageBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Contract used to send ETH to L2. Note: this is the same address as the main contract, but separated to allow\n // only this contract to be swapped (leaving the main zkSync contract to be used for messaging).\n ZkSyncInterface public constant zkSyncEthBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Bridges to send ERC20 and ETH to L2. Fetchable via `zks_getBridgeContracts` method on JSON RPC.\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n // Set l1Weth at construction time to make testing easier.\n WETH9Interface public immutable l1Weth;\n\n event ZkSyncMessageRelayed(bytes32 canonicalTxHash);\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _l2RefundAddress address that recieves excess gas refunds on L2.\n */\n constructor(WETH9Interface _l1Weth, address _l2RefundAddress) {\n l1Weth = _l1Weth;\n l2RefundAddress = _l2RefundAddress;\n }\n\n /**\n * @notice Send cross-chain message to target on ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message, or the message\n * will revert.\n * @param target Contract on L2 that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // Returns the hash of the requested L2 transaction. This hash can be used to follow the transaction status.\n bytes32 canonicalTxHash = zkSyncMessageBridge.requestL2Transaction{ value: txBaseCost }(\n target,\n // We pass no ETH with the call, otherwise we'd need to add to the txBaseCost this value.\n 0,\n message,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n\n emit MessageRelayed(target, message);\n emit ZkSyncMessageRelayed(canonicalTxHash);\n }\n\n /**\n * @notice Bridge tokens to ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message\n * or the message will revert.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused.\n uint256 amount,\n address to\n ) external payable override {\n // This could revert if the relay amount is over the ZkSync deposit\n // limit: https://github.com/matter-labs/era-contracts/blob/main/ethereum/contracts/common/AllowList.sol#L150\n // We should make sure that the limit is either set very high or we need to do logic\n // that splits the amount to deposit into multiple chunks. We can't have\n // this function revert or the HubPool will not be able to proceed to the\n // next bundle. See more here:\n // https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#deposit-limitation\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L230\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // If the l1Token is WETH then unwrap it to ETH then send the ETH to the standard bridge along with the base\n // cost. I've tried sending WETH over the erc20Bridge directly but we receive the wrong WETH\n // on the L2 side. So, we need to unwrap the WETH into ETH and then send.\n bytes32 txHash;\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n // We cannot call the standard ERC20 bridge because it disallows ETH deposits.\n txHash = zkSyncEthBridge.requestL2Transaction{ value: txBaseCost + amount }(\n to,\n amount,\n \"\",\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n } else {\n IERC20(l1Token).safeIncreaseAllowance(address(zkErc20Bridge), amount);\n txHash = zkErc20Bridge.deposit{ value: txBaseCost }(\n to,\n l1Token,\n amount,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n l2RefundAddress\n );\n }\n\n emit TokensRelayed(l1Token, l2Token, amount, to);\n emit ZkSyncMessageRelayed(txHash);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public view returns (uint256) {\n // - tx.gasprice returns effective_gas_price. It's also used by Mailbox contract to estimate L2GasPrice\n // so using tx.gasprice should always pass this check that msg.value >= baseCost + _l2Value\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L273\n // - priority_fee_per_gas = min(transaction.max_priority_fee_per_gas, transaction.max_fee_per_gas - block.base_fee_per_gas)\n // - effective_gas_price = priority_fee_per_gas + block.base_fee_per_gas\n return\n zkSyncMessageBridge.l2TransactionBaseCost(tx.gasprice, L2_GAS_LIMIT, L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT);\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/Ethereum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @notice Ethereum L1 specific SpokePool. Used on Ethereum L1 to facilitate L2->L1 transfers.\n */\ncontract Ethereum_SpokePool is SpokePool, OwnableUpgradeable {\n using SafeERC20Upgradeable for IERC20Upgradeable;\n\n /**\n * @notice Construct the Ethereum SpokePool.\n * @dev crossDomainAdmin is unused on this contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _hubPool, _hubPool, _wethAddress);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n // The SpokePool deployed to the same network as the HubPool must be owned by the HubPool.\n // A core assumption of this contract system is that the HubPool is deployed on Ethereum.\n function _requireAdminSender() internal override onlyOwner {}\n}\n" + }, + "contracts/external/interfaces/SuccinctInterfaces.sol": { + "content": "pragma solidity ^0.8.0;\n\n// These interfaces are a subset of the Succinct interfaces here: https://github.com/succinctlabs/telepathy-contracts.\n\n// This interface should be implemented by any contract wanting to receive messages sent over the Succinct bridge.\ninterface ITelepathyHandler {\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external returns (bytes4);\n}\n\n// This interface represents the contract that we call into to send messages over the Succinct AMB.\ninterface ITelepathyBroadcaster {\n function send(\n uint16 _recipientChainId,\n address _recipientAddress,\n bytes calldata _data\n ) external returns (bytes32);\n}\n" + }, + "contracts/external/interfaces/WETH9Interface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Interface for the WETH9 contract.\n */\ninterface WETH9Interface {\n /**\n * @notice Burn Wrapped Ether and receive native Ether.\n * @param wad Amount of WETH to unwrap and send to caller.\n */\n function withdraw(uint256 wad) external;\n\n /**\n * @notice Lock native Ether and mint Wrapped Ether ERC20\n * @dev msg.value is amount of Wrapped Ether to mint/Ether to lock.\n */\n function deposit() external payable;\n\n /**\n * @notice Get balance of WETH held by `guy`.\n * @param guy Address to get balance of.\n * @return wad Amount of WETH held by `guy`.\n */\n function balanceOf(address guy) external view returns (uint256 wad);\n\n /**\n * @notice Transfer `wad` of WETH from caller to `guy`.\n * @param guy Address to send WETH to.\n * @param wad Amount of WETH to send.\n * @return ok True if transfer succeeded.\n */\n function transfer(address guy, uint256 wad) external returns (bool);\n}\n" + }, + "contracts/interfaces/HubPoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in HubPool implementation.\n */\ninterface HubPoolInterface {\n // This leaf is meant to be decoded in the HubPool to rebalance tokens between HubPool and SpokePool.\n struct PoolRebalanceLeaf {\n // This is used to know which chain to send cross-chain transactions to (and which SpokePool to send to).\n uint256 chainId;\n // Total LP fee amount per token in this bundle, encompassing all associated bundled relays.\n uint256[] bundleLpFees;\n // Represents the amount to push to or pull from the SpokePool. If +, the pool pays the SpokePool. If negative\n // the SpokePool pays the HubPool. There can be arbitrarily complex rebalancing rules defined offchain. This\n // number is only nonzero when the rules indicate that a rebalancing action should occur. When a rebalance does\n // occur, runningBalances must be set to zero for this token and netSendAmounts should be set to the previous\n // runningBalances + relays - deposits in this bundle. If non-zero then it must be set on the SpokePool's\n // RelayerRefundLeaf amountToReturn as -1 * this value to show if funds are being sent from or to the SpokePool.\n int256[] netSendAmounts;\n // This is only here to be emitted in an event to track a running unpaid balance between the L2 pool and the L1\n // pool. A positive number indicates that the HubPool owes the SpokePool funds. A negative number indicates that\n // the SpokePool owes the HubPool funds. See the comment above for the dynamics of this and netSendAmounts.\n int256[] runningBalances;\n // Used by data worker to mark which leaves should relay roots to SpokePools, and to otherwise organize leaves.\n // For example, each leaf should contain all the rebalance information for a single chain, but in the case where\n // the list of l1Tokens is very large such that they all can't fit into a single leaf that can be executed under\n // the block gas limit, then the data worker can use this groupIndex to organize them. Any leaves with\n // a groupIndex equal to 0 will relay roots to the SpokePool, so the data worker should ensure that only one\n // leaf for a specific chainId should have a groupIndex equal to 0.\n uint256 groupIndex;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint8 leafId;\n // The bundleLpFees, netSendAmounts, and runningBalances are required to be the same length. They are parallel\n // arrays for the given chainId and should be ordered by the l1Tokens field. All whitelisted tokens with nonzero\n // relays on this chain in this bundle in the order of whitelisting.\n address[] l1Tokens;\n }\n\n // A data worker can optimistically store several merkle roots on this contract by staking a bond and calling\n // proposeRootBundle. By staking a bond, the data worker is alleging that the merkle roots all contain valid leaves\n // that can be executed later to:\n // - Send funds from this contract to a SpokePool or vice versa\n // - Send funds from a SpokePool to Relayer as a refund for a relayed deposit\n // - Send funds from a SpokePool to a deposit recipient to fulfill a \"slow\" relay\n // Anyone can dispute this struct if the merkle roots contain invalid leaves before the\n // challengePeriodEndTimestamp. Once the expiration timestamp is passed, executeRootBundle to execute a leaf\n // from the poolRebalanceRoot on this contract and it will simultaneously publish the relayerRefundRoot and\n // slowRelayRoot to a SpokePool. The latter two roots, once published to the SpokePool, contain\n // leaves that can be executed on the SpokePool to pay relayers or recipients.\n struct RootBundle {\n // Contains leaves instructing this contract to send funds to SpokePools.\n bytes32 poolRebalanceRoot;\n // Relayer refund merkle root to be published to a SpokePool.\n bytes32 relayerRefundRoot;\n // Slow relay merkle root to be published to a SpokePool.\n bytes32 slowRelayRoot;\n // This is a 1D bitmap, with max size of 256 elements, limiting us to 256 chainsIds.\n uint256 claimedBitMap;\n // Proposer of this root bundle.\n address proposer;\n // Number of pool rebalance leaves to execute in the poolRebalanceRoot. After this number\n // of leaves are executed, a new root bundle can be proposed\n uint8 unclaimedPoolRebalanceLeafCount;\n // When root bundle challenge period passes and this root bundle becomes executable.\n uint32 challengePeriodEndTimestamp;\n }\n\n // Each whitelisted L1 token has an associated pooledToken struct that contains all information used to track the\n // cumulative LP positions and if this token is enabled for deposits.\n struct PooledToken {\n // LP token given to LPs of a specific L1 token.\n address lpToken;\n // True if accepting new LP's.\n bool isEnabled;\n // Timestamp of last LP fee update.\n uint32 lastLpFeeUpdate;\n // Number of LP funds sent via pool rebalances to SpokePools and are expected to be sent\n // back later.\n int256 utilizedReserves;\n // Number of LP funds held in contract less utilized reserves.\n uint256 liquidReserves;\n // Number of LP funds reserved to pay out to LPs as fees.\n uint256 undistributedLpFees;\n }\n\n // Helper contracts to facilitate cross chain actions between HubPool and SpokePool for a specific network.\n struct CrossChainContract {\n address adapter;\n address spokePool;\n }\n\n function setPaused(bool pause) external;\n\n function emergencyDeleteProposal() external;\n\n function relaySpokePoolAdminFunction(uint256 chainId, bytes memory functionData) external;\n\n function setProtocolFeeCapture(address newProtocolFeeCaptureAddress, uint256 newProtocolFeeCapturePct) external;\n\n function setBond(IERC20 newBondToken, uint256 newBondAmount) external;\n\n function setLiveness(uint32 newLiveness) external;\n\n function setIdentifier(bytes32 newIdentifier) external;\n\n function setCrossChainContracts(\n uint256 l2ChainId,\n address adapter,\n address spokePool\n ) external;\n\n function enableL1TokenForLiquidityProvision(address l1Token) external;\n\n function disableL1TokenForLiquidityProvision(address l1Token) external;\n\n function addLiquidity(address l1Token, uint256 l1TokenAmount) external payable;\n\n function removeLiquidity(\n address l1Token,\n uint256 lpTokenAmount,\n bool sendEth\n ) external;\n\n function exchangeRateCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationPostRelay(address l1Token, uint256 relayedAmount) external returns (uint256);\n\n function sync(address l1Token) external;\n\n function proposeRootBundle(\n uint256[] memory bundleEvaluationBlockNumbers,\n uint8 poolRebalanceLeafCount,\n bytes32 poolRebalanceRoot,\n bytes32 relayerRefundRoot,\n bytes32 slowRelayRoot\n ) external;\n\n function executeRootBundle(\n uint256 chainId,\n uint256 groupIndex,\n uint256[] memory bundleLpFees,\n int256[] memory netSendAmounts,\n int256[] memory runningBalances,\n uint8 leafId,\n address[] memory l1Tokens,\n bytes32[] memory proof\n ) external;\n\n function disputeRootBundle() external;\n\n function claimProtocolFeesCaptured(address l1Token) external;\n\n function setPoolRebalanceRoute(\n uint256 destinationChainId,\n address l1Token,\n address destinationToken\n ) external;\n\n function setDepositRoute(\n uint256 originChainId,\n uint256 destinationChainId,\n address originToken,\n bool depositsEnabled\n ) external;\n\n function poolRebalanceRoute(uint256 destinationChainId, address l1Token)\n external\n view\n returns (address destinationToken);\n\n function loadEthForL2Calls() external payable;\n}\n" + }, + "contracts/interfaces/SpokePoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Contains common data structures and functions used by all SpokePool implementations.\n */\ninterface SpokePoolInterface {\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\n struct RelayerRefundLeaf {\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\n // is negative. This is just the negative of this value.\n uint256 amountToReturn;\n // Used to verify that this is being executed on the correct destination chainId.\n uint256 chainId;\n // This array designates how much each of those addresses should be refunded.\n uint256[] refundAmounts;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint32 leafId;\n // The associated L2TokenAddress that these claims apply to.\n address l2TokenAddress;\n // Must be same length as refundAmounts and designates each address that must be refunded.\n address[] refundAddresses;\n }\n\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\n // chain validator can choose when to refund slow relayers.\n struct RelayData {\n // The address that made the deposit on the origin chain.\n address depositor;\n // The recipient address on the destination chain.\n address recipient;\n // The corresponding token address on the destination chain.\n address destinationToken;\n // The total relay amount before fees are taken out.\n uint256 amount;\n // Origin chain id.\n uint256 originChainId;\n // Destination chain id.\n uint256 destinationChainId;\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\n // and the HubPool's utilization.\n int64 realizedLpFeePct;\n // The relayer fee percentage specified in the deposit.\n int64 relayerFeePct;\n // The id uniquely identifying this deposit on the origin chain.\n uint32 depositId;\n // Data that is forwarded to the recipient.\n bytes message;\n }\n\n struct SlowFill {\n RelayData relayData;\n int256 payoutAdjustmentPct;\n }\n\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\n // by \"data workers\" via inclusion proofs to execute leaves in the roots.\n struct RootBundle {\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\n bytes32 slowRelayRoot;\n // Merkle root of relayer refunds for successful relays.\n bytes32 relayerRefundRoot;\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\n // 256x(2^248) leaves per root.\n mapping(uint256 => uint256) claimedBitmap;\n }\n\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\n\n function setHubPool(address newHubPool) external;\n\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enable\n ) external;\n\n function pauseDeposits(bool pause) external;\n\n function pauseFills(bool pause) external;\n\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\n\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\n\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\n\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) external;\n\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) external;\n\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) external;\n\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) external;\n\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) external;\n\n function chainId() external view returns (uint256);\n}\n" + }, + "contracts/merkle-distributor/AcrossMerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @title Extended MerkleDistributor contract.\n * @notice Adds additional constraints governing who can claim leaves from merkle windows.\n */\ncontract AcrossMerkleDistributor is MerkleDistributor {\n using SafeERC20 for IERC20;\n\n // Addresses that can claim on user's behalf.\n mapping(address => bool) public whitelistedClaimers;\n\n /****************************************\n * EVENTS\n ****************************************/\n event WhitelistedClaimer(address indexed claimer, bool indexed whitelist);\n event ClaimFor(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Updates whitelisted claimer status.\n * @dev Callable only by owner.\n * @param newContract Reset claimer contract to this address.\n * @param whitelist True to whitelist claimer, False otherwise.\n */\n function whitelistClaimer(address newContract, bool whitelist) external onlyOwner {\n whitelistedClaimers[newContract] = whitelist;\n emit WhitelistedClaimer(newContract, whitelist);\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev All claim recipients must be equal to msg.sender.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public override {\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n require(claims[i].account == msg.sender, \"invalid claimer\");\n }\n super.claimMulti(claims);\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev Claim recipient must be equal to msg.sender.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public override {\n require(_claim.account == msg.sender, \"invalid claimer\");\n super.claim(_claim);\n }\n\n /**\n * @notice Executes merkle leaf claim on behaf of user. This can only be called by a trusted\n * claimer address. This function is designed to be called atomically with other transactions\n * that ultimately return the claimed amount to the rightful recipient. For example,\n * AcceleratingDistributor could call this function and then stake atomically on behalf of the user.\n * @dev Caller must be in whitelistedClaimers struct set to \"true\".\n * @param _claim leaf to claim.\n */\n\n function claimFor(Claim memory _claim) public {\n require(whitelistedClaimers[msg.sender], \"unwhitelisted claimer\");\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(msg.sender, _claim.amount);\n emit ClaimFor(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "contracts/MerkleLib.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./interfaces/HubPoolInterface.sol\";\n\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\n\n/**\n * @notice Library to help with merkle roots, proofs, and claims.\n */\nlibrary MerkleLib {\n /**\n * @notice Verifies that a repayment is contained within a merkle root.\n * @param root the merkle root.\n * @param rebalance the rebalance struct.\n * @param proof the merkle proof.\n * @return bool to signal if the pool rebalance proof correctly shows inclusion of the rebalance within the tree.\n */\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(rebalance)));\n }\n\n /**\n * @notice Verifies that a relayer refund is contained within a merkle root.\n * @param root the merkle root.\n * @param refund the refund struct.\n * @param proof the merkle proof.\n * @return bool to signal if the relayer refund proof correctly shows inclusion of the refund within the tree.\n */\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(refund)));\n }\n\n /**\n * @notice Verifies that a distribution is contained within a merkle root.\n * @param root the merkle root.\n * @param slowRelayFulfillment the relayData fulfillment struct.\n * @param proof the merkle proof.\n * @return bool to signal if the slow relay's proof correctly shows inclusion of the slow relay within the tree.\n */\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowRelayFulfillment,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(slowRelayFulfillment)));\n }\n\n // The following functions are primarily copied from\n // https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol with minor changes.\n\n /**\n * @notice Tests whether a claim is contained within a claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to check in the bitmap.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal view returns (bool) {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n uint256 claimedWord = claimedBitMap[claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to mark in the bitmap.\n */\n function setClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n claimedBitMap[claimedWordIndex] = claimedBitMap[claimedWordIndex] | (1 << claimedBitIndex);\n }\n\n /**\n * @notice Tests whether a claim is contained within a 1D claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 value, encoding a 1D bitmap.\n * @param index the index to check in the bitmap. Uint8 type enforces that index can't be > 255.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (bool) {\n uint256 mask = (1 << index);\n return claimedBitMap & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap. Uint8 type enforces that index\n * can't be > 255.\n * @param index the index to mark in the bitmap.\n * @return uint256 representing the modified input claimedBitMap with the index set to true.\n */\n function setClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (uint256) {\n return claimedBitMap | (1 << index);\n }\n}\n" + }, + "contracts/Ovm_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol\";\nimport \"@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol\";\n\n// https://github.com/Synthetixio/synthetix/blob/5ca27785fad8237fb0710eac01421cafbbd69647/contracts/SynthetixBridgeToBase.sol#L50\ninterface SynthetixBridgeToBase {\n function withdrawTo(address to, uint256 amount) external;\n}\n\n// https://github.com/ethereum-optimism/optimism/blob/bf51c4935261634120f31827c3910aa631f6bf9c/packages/contracts-bedrock/contracts/L2/L2StandardBridge.sol\ninterface IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable;\n}\n\n/**\n * @notice OVM specific SpokePool. Uses OVM cross-domain-enabled logic to implement admin only access to functions. * Optimism and Boba each implement this spoke pool and set their chain specific contract addresses for l2Eth and l2Weth.\n */\ncontract Ovm_SpokePool is SpokePool {\n // \"l1Gas\" parameter used in call to bridge tokens from this contract back to L1 via IL2ERC20Bridge. Currently\n // unused by bridge but included for future compatibility.\n uint32 public l1Gas;\n\n // ETH is an ERC20 on OVM.\n address public l2Eth;\n\n // Address of the Optimism L2 messenger.\n address public messenger;\n\n // Address of custom bridge used to bridge Synthetix-related assets like SNX.\n address private constant SYNTHETIX_BRIDGE = 0x136b1EC699c62b0606854056f02dC7Bb80482d63;\n\n // Address of SNX ERC20\n address private constant SNX = 0x8700dAec35aF8Ff88c16BdF0418774CB3D7599B4;\n\n // Stores alternative token bridges to use for L2 tokens that don't go over the standard bridge. This is needed\n // to support non-standard ERC20 tokens on Optimism, such as DIA and SNX which both use custom bridges.\n mapping(address => address) public tokenBridges;\n\n event OptimismTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged, uint256 l1Gas);\n event SetL1Gas(uint32 indexed newL1Gas);\n event SetL2TokenBridge(address indexed l2Token, address indexed tokenBridge);\n\n /**\n * @notice Construct the OVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n */\n function __OvmSpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _l2Eth,\n address _wrappedNativeToken\n ) public onlyInitializing {\n l1Gas = 5_000_000;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n messenger = Lib_PredeployAddresses.L2_CROSS_DOMAIN_MESSENGER;\n //slither-disable-next-line missing-zero-check\n l2Eth = _l2Eth;\n }\n\n /*******************************************\n * OPTIMISM-SPECIFIC ADMIN FUNCTIONS *\n *******************************************/\n\n /**\n * @notice Change L1 gas limit. Callable only by admin.\n * @param newl1Gas New L1 gas limit to set.\n */\n function setL1GasLimit(uint32 newl1Gas) public onlyAdmin nonReentrant {\n l1Gas = newl1Gas;\n emit SetL1Gas(newl1Gas);\n }\n\n /**\n * @notice Set bridge contract for L2 token used to withdraw back to L1.\n * @dev If this mapping isn't set for an L2 token, then the standard bridge will be used to bridge this token.\n * @param tokenBridge Address of token bridge\n */\n function setTokenBridge(address l2Token, address tokenBridge) public onlyAdmin nonReentrant {\n tokenBridges[l2Token] = tokenBridge;\n emit SetL2TokenBridge(l2Token, tokenBridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. Its not sufficient to execute\n // this logic inside a fallback method that executes when this contract receives ETH because ETH is an ERC20\n // on the OVM.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // If the token being bridged is WETH then we need to first unwrap it to ETH and then send ETH over the\n // canonical bridge. On Optimism, this is address 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n relayerRefundLeaf.l2TokenAddress = l2Eth; // Set the l2TokenAddress to ETH.\n IL2ERC20Bridge(Lib_PredeployAddresses.L2_STANDARD_BRIDGE).withdrawTo{\n value: relayerRefundLeaf.amountToReturn\n }(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n }\n // Handle custom SNX bridge which doesn't conform to the standard bridge interface.\n else if (relayerRefundLeaf.l2TokenAddress == SNX)\n SynthetixBridgeToBase(SYNTHETIX_BRIDGE).withdrawTo(\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn // _amount.\n );\n else\n IL2ERC20Bridge(\n tokenBridges[relayerRefundLeaf.l2TokenAddress] == address(0)\n ? Lib_PredeployAddresses.L2_STANDARD_BRIDGE\n : tokenBridges[relayerRefundLeaf.l2TokenAddress]\n ).withdrawTo(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n\n emit OptimismTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn, l1Gas);\n }\n\n // Apply OVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal view override {\n require(\n LibOptimismUpgradeable.crossChainSender(messenger) == crossDomainAdmin,\n \"OVM_XCHAIN: wrong sender of cross-domain message\"\n );\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./MerkleLib.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./upgradeable/MultiCallerUpgradeable.sol\";\nimport \"./upgradeable/EIP712CrossChainUpgradeable.sol\";\nimport \"./upgradeable/AddressLibUpgradeable.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/math/SignedMath.sol\";\n\n// This interface is expected to be implemented by any contract that expects to recieve messages from the SpokePool.\ninterface AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external;\n}\n\n/**\n * @title SpokePool\n * @notice Base contract deployed on source and destination chains enabling depositors to transfer assets from source to\n * destination. Deposit orders are fulfilled by off-chain relayers who also interact with this contract. Deposited\n * tokens are locked on the source chain and relayers send the recipient the desired token currency and amount\n * on the destination chain. Locked source chain tokens are later sent over the canonical token bridge to L1 HubPool.\n * Relayers are refunded with destination tokens out of this contract after another off-chain actor, a \"data worker\",\n * submits a proof that the relayer correctly submitted a relay on this SpokePool.\n */\nabstract contract SpokePool is\n SpokePoolInterface,\n UUPSUpgradeable,\n ReentrancyGuardUpgradeable,\n MultiCallerUpgradeable,\n EIP712CrossChainUpgradeable\n{\n using SafeERC20Upgradeable for IERC20Upgradeable;\n using AddressLibUpgradeable for address;\n\n // Address of the L1 contract that acts as the owner of this SpokePool. This should normally be set to the HubPool\n // address. The crossDomainAdmin address is unused when the SpokePool is deployed to the same chain as the HubPool.\n address public crossDomainAdmin;\n\n // Address of the L1 contract that will send tokens to and receive tokens from this contract to fund relayer\n // refunds and slow relays.\n address public hubPool;\n\n // Address of wrappedNativeToken contract for this network. If an origin token matches this, then the caller can\n // optionally instruct this contract to wrap native tokens when depositing (ie ETH->WETH or MATIC->WMATIC).\n WETH9Interface public wrappedNativeToken;\n\n // Any deposit quote times greater than or less than this value to the current contract time is blocked. Forces\n // caller to use an approximately \"current\" realized fee. Defaults to 1 hour.\n uint32 public depositQuoteTimeBuffer;\n\n // Count of deposits is used to construct a unique deposit identifier for this spoke pool.\n uint32 public numberOfDeposits;\n\n // Whether deposits and fills are disabled.\n bool public pausedFills;\n bool public pausedDeposits;\n\n // This contract can store as many root bundles as the HubPool chooses to publish here.\n RootBundle[] public rootBundles;\n\n // Origin token to destination token routings can be turned on or off, which can enable or disable deposits.\n mapping(address => mapping(uint256 => bool)) public enabledDepositRoutes;\n\n // Each relay is associated with the hash of parameters that uniquely identify the original deposit and a relay\n // attempt for that deposit. The relay itself is just represented as the amount filled so far. The total amount to\n // relay, the fees, and the agents are all parameters included in the hash key.\n mapping(bytes32 => uint256) public relayFills;\n\n // This keeps track of the worst-case liabilities due to fills.\n // It is never reset. Users should only rely on it to determine the worst-case increase in liabilities between\n // two points. This is used to provide frontrunning protection to ensure the relayer's assumptions about the state\n // upon which their expected repayments are based will not change before their transaction is mined.\n mapping(address => uint256) public fillCounter;\n\n // This keeps track of the total running deposits for each token. This allows depositors to protect themselves from\n // frontrunning that might change their worst-case quote.\n mapping(address => uint256) public depositCounter;\n\n // This tracks the number of identical refunds that have been requested.\n // The intention is to allow an off-chain system to know when this could be a duplicate and ensure that the other\n // requests are known and accounted for.\n mapping(bytes32 => uint256) public refundsRequested;\n\n uint256 public constant MAX_TRANSFER_SIZE = 1e36;\n\n // Note: this needs to be larger than the max transfer size to ensure that all slow fills are fillable, even if\n // their fees are negative.\n // It's important that it isn't too large, however, as it should be multipliable by ~2e18 without overflowing.\n // 1e40 * 2e18 = 2e58 << 2^255 ~= 5e76\n uint256 public constant SLOW_FILL_MAX_TOKENS_TO_SEND = 1e40;\n\n // Set max payout adjustment to something\n\n bytes32 public constant UPDATE_DEPOSIT_DETAILS_HASH =\n keccak256(\n \"UpdateDepositDetails(uint32 depositId,uint256 originChainId,int64 updatedRelayerFeePct,address updatedRecipient,bytes updatedMessage)\"\n );\n\n /****************************************\n * EVENTS *\n ****************************************/\n event SetXDomainAdmin(address indexed newAdmin);\n event SetHubPool(address indexed newHubPool);\n event EnabledDepositRoute(address indexed originToken, uint256 indexed destinationChainId, bool enabled);\n event SetDepositQuoteTimeBuffer(uint32 newBuffer);\n event FundsDeposited(\n uint256 amount,\n uint256 originChainId,\n uint256 indexed destinationChainId,\n int64 relayerFeePct,\n uint32 indexed depositId,\n uint32 quoteTimestamp,\n address originToken,\n address recipient,\n address indexed depositor,\n bytes message\n );\n event RequestedSpeedUpDeposit(\n int64 newRelayerFeePct,\n uint32 indexed depositId,\n address indexed depositor,\n address updatedRecipient,\n bytes updatedMessage,\n bytes depositorSignature\n );\n event FilledRelay(\n uint256 amount,\n uint256 totalFilledAmount,\n uint256 fillAmount,\n uint256 repaymentChainId,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 relayerFeePct,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n address destinationToken,\n address relayer,\n address indexed depositor,\n address recipient,\n bytes message,\n RelayExecutionInfo updatableRelayData\n );\n event RefundRequested(\n address indexed relayer,\n address refundToken,\n uint256 amount,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n uint256 fillBlock,\n uint256 previousIdenticalRequests\n );\n event RelayedRootBundle(\n uint32 indexed rootBundleId,\n bytes32 indexed relayerRefundRoot,\n bytes32 indexed slowRelayRoot\n );\n event ExecutedRelayerRefundRoot(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint256[] refundAmounts,\n uint32 indexed rootBundleId,\n uint32 indexed leafId,\n address l2TokenAddress,\n address[] refundAddresses,\n address caller\n );\n event TokensBridged(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint32 indexed leafId,\n address indexed l2TokenAddress,\n address caller\n );\n event EmergencyDeleteRootBundle(uint256 indexed rootBundleId);\n event PausedDeposits(bool isPaused);\n event PausedFills(bool isPaused);\n\n /**\n * @notice Represents data used to fill a deposit.\n * @param relay Relay containing original data linked to deposit. Contains fields that can be\n * overridden by other parameters in the RelayExecution struct.\n * @param relayHash Hash of the relay data.\n * @param updatedRelayerFeePct Actual relayer fee pct to use for this relay.\n * @param updatedRecipient Actual recipient to use for this relay.\n * @param updatedMessage Actual message to use for this relay.\n * @param repaymentChainId Chain ID of the network that the relayer will receive refunds on.\n * @param maxTokensToSend Max number of tokens to pull from relayer.\n * @param maxCount Max count to protect the relayer from frontrunning.\n * @param slowFill Whether this is a slow fill.\n * @param payoutAdjustmentPct Adjustment to the payout amount. Can be used to increase or decrease the payout to\n * allow for rewards or penalties. Used in slow fills.\n */\n struct RelayExecution {\n RelayData relay;\n bytes32 relayHash;\n int64 updatedRelayerFeePct;\n address updatedRecipient;\n bytes updatedMessage;\n uint256 repaymentChainId;\n uint256 maxTokensToSend;\n uint256 maxCount;\n bool slowFill;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * @notice Packs together information to include in FilledRelay event.\n * @dev This struct is emitted as opposed to its constituent parameters due to the limit on number of\n * parameters in an event.\n * @param recipient Recipient of the relayed funds.\n * @param message Message included in the relay.\n * @param relayerFeePct Relayer fee pct used for this relay.\n * @param isSlowRelay Whether this is a slow relay.\n * @param payoutAdjustmentPct Adjustment to the payout amount.\n */\n struct RelayExecutionInfo {\n address recipient;\n bytes message;\n int64 relayerFeePct;\n bool isSlowRelay;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * Do not leave an implementation contract uninitialized. An uninitialized implementation contract can be\n * taken over by an attacker, which may impact the proxy. To prevent the implementation contract from being\n * used, you should invoke the _disableInitializers function in the constructor to automatically lock it when\n * it is deployed:\n */\n /// @custom:oz-upgrades-unsafe-allow constructor\n constructor() {\n _disableInitializers();\n }\n\n /**\n * @notice Construct the base SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeTokenAddress wrappedNativeToken address for this network to set.\n */\n function __SpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeTokenAddress\n ) public onlyInitializing {\n numberOfDeposits = _initialDepositId;\n __EIP712_init(\"ACROSS-V2\", \"1.0.0\");\n __UUPSUpgradeable_init();\n __ReentrancyGuard_init();\n depositQuoteTimeBuffer = 3600;\n _setCrossDomainAdmin(_crossDomainAdmin);\n _setHubPool(_hubPool);\n wrappedNativeToken = WETH9Interface(_wrappedNativeTokenAddress);\n }\n\n /****************************************\n * MODIFIERS *\n ****************************************/\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n * @dev This should be set to cross domain admin for specific SpokePool.\n */\n modifier onlyAdmin() {\n _requireAdminSender();\n _;\n }\n\n modifier unpausedDeposits() {\n require(!pausedDeposits, \"Paused deposits\");\n _;\n }\n\n modifier unpausedFills() {\n require(!pausedFills, \"Paused fills\");\n _;\n }\n\n /**************************************\n * ADMIN FUNCTIONS *\n **************************************/\n\n // Allows cross domain admin to upgrade UUPS proxy implementation.\n function _authorizeUpgrade(address newImplementation) internal override onlyAdmin {}\n\n /**\n * @notice Pauses deposit-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects `deposit()` but not `speedUpDeposit()`, so that existing deposits can be sped up and still\n * relayed.\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseDeposits(bool pause) public override onlyAdmin nonReentrant {\n pausedDeposits = pause;\n emit PausedDeposits(pause);\n }\n\n /**\n * @notice Pauses fill-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects fillRelayWithUpdatedDeposit() and fillRelay().\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseFills(bool pause) public override onlyAdmin nonReentrant {\n pausedFills = pause;\n emit PausedFills(pause);\n }\n\n /**\n * @notice Change cross domain admin address. Callable by admin only.\n * @param newCrossDomainAdmin New cross domain admin.\n */\n function setCrossDomainAdmin(address newCrossDomainAdmin) public override onlyAdmin nonReentrant {\n _setCrossDomainAdmin(newCrossDomainAdmin);\n }\n\n /**\n * @notice Change L1 hub pool address. Callable by admin only.\n * @param newHubPool New hub pool.\n */\n function setHubPool(address newHubPool) public override onlyAdmin nonReentrant {\n _setHubPool(newHubPool);\n }\n\n /**\n * @notice Enable/Disable an origin token => destination chain ID route for deposits. Callable by admin only.\n * @param originToken Token that depositor can deposit to this contract.\n * @param destinationChainId Chain ID for where depositor wants to receive funds.\n * @param enabled True to enable deposits, False otherwise.\n */\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enabled\n ) public override onlyAdmin nonReentrant {\n enabledDepositRoutes[originToken][destinationChainId] = enabled;\n emit EnabledDepositRoute(originToken, destinationChainId, enabled);\n }\n\n /**\n * @notice Change allowance for deposit quote time to differ from current block time. Callable by admin only.\n * @param newDepositQuoteTimeBuffer New quote time buffer.\n */\n function setDepositQuoteTimeBuffer(uint32 newDepositQuoteTimeBuffer) public override onlyAdmin nonReentrant {\n depositQuoteTimeBuffer = newDepositQuoteTimeBuffer;\n emit SetDepositQuoteTimeBuffer(newDepositQuoteTimeBuffer);\n }\n\n /**\n * @notice This method stores a new root bundle in this contract that can be executed to refund relayers, fulfill\n * slow relays, and send funds back to the HubPool on L1. This method can only be called by the admin and is\n * designed to be called as part of a cross-chain message from the HubPool's executeRootBundle method.\n * @param relayerRefundRoot Merkle root containing relayer refund leaves that can be individually executed via\n * executeRelayerRefundLeaf().\n * @param slowRelayRoot Merkle root containing slow relay fulfillment leaves that can be individually executed via\n * executeSlowRelayLeaf().\n */\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) public override onlyAdmin nonReentrant {\n uint32 rootBundleId = uint32(rootBundles.length);\n RootBundle storage rootBundle = rootBundles.push();\n rootBundle.relayerRefundRoot = relayerRefundRoot;\n rootBundle.slowRelayRoot = slowRelayRoot;\n emit RelayedRootBundle(rootBundleId, relayerRefundRoot, slowRelayRoot);\n }\n\n /**\n * @notice This method is intended to only be used in emergencies where a bad root bundle has reached the\n * SpokePool.\n * @param rootBundleId Index of the root bundle that needs to be deleted. Note: this is intentionally a uint256\n * to ensure that a small input range doesn't limit which indices this method is able to reach.\n */\n function emergencyDeleteRootBundle(uint256 rootBundleId) public override onlyAdmin nonReentrant {\n // Deleting a struct containing a mapping does not delete the mapping in Solidity, therefore the bitmap's\n // data will still remain potentially leading to vulnerabilities down the line. The way around this would\n // be to iterate through every key in the mapping and resetting the value to 0, but this seems expensive and\n // would require a new list in storage to keep track of keys.\n //slither-disable-next-line mapping-deletion\n delete rootBundles[rootBundleId];\n emit EmergencyDeleteRootBundle(rootBundleId);\n }\n\n /**************************************\n * DEPOSITOR FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by user to bridge funds from origin to destination chain. Depositor will effectively lock\n * tokens in this contract and receive a destination token on the destination chain. The origin => destination\n * token mapping is stored on the L1 HubPool.\n * @notice The caller must first approve this contract to spend amount of originToken.\n * @notice The originToken => destinationChainId must be enabled.\n * @notice This method is payable because the caller is able to deposit native token if the originToken is\n * wrappedNativeToken and this function will handle wrapping the native token to wrappedNativeToken.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) public payable override nonReentrant unpausedDeposits {\n // Check that deposit route is enabled.\n require(enabledDepositRoutes[originToken][destinationChainId], \"Disabled route\");\n\n // We limit the relay fees to prevent the user spending all their funds on fees.\n require(SignedMath.abs(relayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n require(depositCounter[originToken] <= maxCount, \"Above max count\");\n\n // Require that quoteTimestamp has a maximum age so that depositors pay an LP fee based on recent HubPool usage.\n // It is assumed that cross-chain timestamps are normally loosely in-sync, but clock drift can occur. If the\n // SpokePool time stalls or lags significantly, it is still possible to make deposits by setting quoteTimestamp\n // within the configured buffer. The owner should pause deposits if this is undesirable. This will underflow if\n // quoteTimestamp is more than depositQuoteTimeBuffer; this is safe but will throw an unintuitive error.\n\n // slither-disable-next-line timestamp\n require(getCurrentTime() - quoteTimestamp <= depositQuoteTimeBuffer, \"invalid quoteTimestamp\");\n\n // Increment count of deposits so that deposit ID for this spoke pool is unique.\n uint32 newDepositId = numberOfDeposits++;\n depositCounter[originToken] += amount;\n\n // If the address of the origin token is a wrappedNativeToken contract and there is a msg.value with the\n // transaction then the user is sending ETH. In this case, the ETH should be deposited to wrappedNativeToken.\n if (originToken == address(wrappedNativeToken) && msg.value > 0) {\n require(msg.value == amount, \"msg.value must match amount\");\n wrappedNativeToken.deposit{ value: msg.value }();\n // Else, it is a normal ERC20. In this case pull the token from the user's wallet as per normal.\n // Note: this includes the case where the L2 user has WETH (already wrapped ETH) and wants to bridge them.\n // In this case the msg.value will be set to 0, indicating a \"normal\" ERC20 bridging action.\n } else IERC20Upgradeable(originToken).safeTransferFrom(msg.sender, address(this), amount);\n\n emit FundsDeposited(\n amount,\n chainId(),\n destinationChainId,\n relayerFeePct,\n newDepositId,\n quoteTimestamp,\n originToken,\n recipient,\n msg.sender,\n message\n );\n }\n\n /**\n * @notice This is a simple wrapper for deposit() that sets the quoteTimestamp to the current SpokePool timestamp.\n * @notice This function is intended for multisig depositors who can accept some LP fee uncertainty in order to lift\n * the quoteTimestamp buffer constraint.\n * @dev Re-orgs may produce invalid fills if the quoteTimestamp moves across a change in HubPool utilisation.\n * @dev The existing function modifiers are already enforced by deposit(), so no additional modifiers are imposed.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) public payable {\n deposit(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n uint32(getCurrentTime()),\n message,\n maxCount\n );\n }\n\n /**\n * @notice Convenience method that depositor can use to signal to relayer to use updated fee.\n * @notice Relayer should only use events emitted by this function to submit fills with updated fees, otherwise they\n * risk their fills getting disputed for being invalid, for example if the depositor never actually signed the\n * update fee message.\n * @notice This function will revert if the depositor did not sign a message containing the updated fee for the\n * deposit ID stored in this contract. If the deposit ID is for another contract, or the depositor address is\n * incorrect, or the updated fee is incorrect, then the signature will not match and this function will revert.\n * @notice This function is not subject to a deposit pause on the off chance that deposits sent before all deposits\n * are paused have very low fees and the user wants to entice a relayer to fill them with a higher fee.\n * @param depositor Signer of the update fee message who originally submitted the deposit. If the deposit doesn't\n * exist, then the relayer will not be able to fill any relay, so the caller should validate that the depositor\n * did in fact submit a relay.\n * @param updatedRelayerFeePct New relayer fee that relayers can use.\n * @param depositId Deposit to update fee for that originated in this contract.\n * @param updatedRecipient New recipient address that should receive the tokens.\n * @param updatedMessage New message that should be provided to the recipient.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n */\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) public override nonReentrant {\n require(SignedMath.abs(updatedRelayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n chainId(),\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n\n // Assuming the above checks passed, a relayer can take the signature and the updated relayer fee information\n // from the following event to submit a fill with an updated fee %.\n emit RequestedSpeedUpDeposit(\n updatedRelayerFeePct,\n depositId,\n depositor,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n }\n\n /**************************************\n * RELAYER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by relayer to fulfill part of a deposit by sending destination tokens to the recipient.\n * Relayer is expected to pass in unique identifying information for deposit that they want to fulfill, and this\n * relay submission will be validated by off-chain data workers who can dispute this relay if any part is invalid.\n * If the relay is valid, then the relayer will be refunded on their desired repayment chain. If relay is invalid,\n * then relayer will not receive any refund.\n * @notice All of the deposit data can be found via on-chain events from the origin SpokePool, except for the\n * realizedLpFeePct which is a function of the HubPool's utilization at the deposit quote time. This fee %\n * is deterministic based on the quote time, so the relayer should just compute it using the canonical algorithm\n * as described in a UMIP linked to the HubPool's identifier.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Fee % to keep as relayer, specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Message to send to recipient along with tokens.\n * @param maxCount Max count to protect the relayer from frontrunning.\n */\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) public nonReentrant unpausedFills {\n // Each relay attempt is mapped to the hash of data uniquely identifying it, which includes the deposit data\n // such as the origin chain ID and the deposit ID, and the data in a relay attempt such as who the recipient\n // is, which chain and currency the recipient wants to receive funds on, and the relay fees.\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: relayerFeePct,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Called by relayer to execute same logic as calling fillRelay except that relayer is using an updated\n * relayer fee %. The fee % must have been emitted in a message cryptographically signed by the depositor.\n * @notice By design, the depositor probably emitted the message with the updated fee by calling speedUpDeposit().\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param updatedRelayerFeePct New fee % to keep as relayer also specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Original message that was sent along with this deposit.\n * @param updatedMessage Modified message that the depositor signed when updating parameters.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n * @param maxCount Max fill count to protect the relayer from frontrunning.\n */\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) public override nonReentrant unpausedFills {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: updatedRelayerFeePct,\n updatedRecipient: updatedRecipient,\n updatedMessage: updatedMessage,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Caller signals to the system that they want a refund on this chain, which they set as the\n * `repaymentChainId` on the original fillRelay() call on the `destinationChainId`. An observer should be\n * be able to 1-to-1 match the emitted RefundRequested event with the FilledRelay event on the `destinationChainId`.\n * @dev This function could be used to artificially inflate the `fillCounter`, allowing the caller to \"frontrun\"\n * and cancel pending fills in the mempool. This would in the worst case censor fills at the cost of the caller's\n * gas costs. We don't view this as a major issue as the fill can be resubmitted and obtain the same incentive,\n * since incentives are based on validated refunds and would ignore these censoring attempts. This is no\n * different from calling `fillRelay` and setting msg.sender = recipient.\n * @dev Caller needs to pass in `fillBlock` that the FilledRelay event was emitted on the `destinationChainId`.\n * This is to make it hard to request a refund before a fill has been mined and to make lookups of the original\n * fill as simple as possible.\n * @param refundToken This chain's token equivalent for original fill destination token.\n * @param amount Original deposit amount.\n * @param originChainId Original origin chain ID.\n * @param destinationChainId Original destination chain ID.\n * @param realizedLpFeePct Original realized LP fee %.\n * @param depositId Original deposit ID.\n * @param maxCount Max count to protect the refund recipient from frontrunning.\n */\n function requestRefund(\n address refundToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 depositId,\n uint256 fillBlock,\n uint256 maxCount\n ) external nonReentrant {\n // Prevent unrealistic amounts from increasing fill counter too high.\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[refundToken] <= maxCount, \"Above max count\");\n\n // Track duplicate refund requests.\n bytes32 refundHash = keccak256(\n abi.encode(\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock\n )\n );\n\n // Track duplicate requests so that an offchain actor knows if an identical request has already been made.\n // If so, it can check to ensure that that request was thrown out as invalid before honoring the duplicate.\n // In particular, this is meant to handle odd cases where an initial request is invalidated based on\n // timing, but can be validated by a later, identical request.\n uint256 previousIdenticalRequests = refundsRequested[refundHash]++;\n\n // Refund will take tokens out of this pool, increment the fill counter. This function should only be\n // called if a relayer from destinationChainId wants to take a refund on this chain, a different chain.\n // This type of repayment should only be possible for full fills, so the starting fill amount should\n // always be 0. Also, just like in _fillRelay we should revert if the first fill pre fees rounds to 0,\n // and in this case `amount` == `fillAmountPreFees`.\n require(amount > 0, \"Amount must be > 0\");\n _updateCountFromFill(\n 0,\n true, // The refund is being requested here, so it is local.\n amount,\n realizedLpFeePct,\n refundToken,\n false // Slow fills should never match with a Refund. This should be enforced by off-chain bundle builders.\n );\n\n emit RefundRequested(\n // Set caller as relayer. If caller is not relayer from destination chain that originally sent\n // fill, then off-chain validator should discard this refund attempt.\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock,\n previousIdenticalRequests\n );\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Executes a slow relay leaf stored as part of a root bundle. Will send the full amount remaining in the\n * relay to the recipient, less fees.\n * @dev This function assumes that the relay's destination chain ID is the current chain ID, which prevents\n * the caller from executing a slow relay intended for another chain on this chain.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param rootBundleId Unique ID of root bundle containing slow relay root that this leaf is contained in.\n * @param message Message to send to the recipient if the recipient is a contract.\n * @param payoutAdjustment Adjustment to the payout amount. Can be used to increase or decrease the payout to allow\n * for rewards or penalties.\n * @param proof Inclusion proof for this leaf in slow relay root in root bundle.\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n amount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Executes a relayer refund leaf stored as part of a root bundle. Will send the relayer the amount they\n * sent to the recipient plus a relayer fee.\n * @param rootBundleId Unique ID of root bundle containing relayer refund root that this leaf is contained in.\n * @param relayerRefundLeaf Contains all data necessary to reconstruct leaf contained in root bundle and to\n * refund relayer. This data structure is explained in detail in the SpokePoolInterface.\n * @param proof Inclusion proof for this leaf in relayer refund root in root bundle.\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * VIEW FUNCTIONS *\n **************************************/\n\n /**\n * @notice Returns chain ID for this network.\n * @dev Some L2s like ZKSync don't support the CHAIN_ID opcode so we allow the implementer to override this.\n */\n function chainId() public view virtual override returns (uint256) {\n return block.chainid;\n }\n\n /**\n * @notice Gets the current time.\n * @return uint for the current timestamp.\n */\n function getCurrentTime() public view virtual returns (uint256) {\n return block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Verifies inclusion proof of leaf in root, sends relayer their refund, and sends to HubPool any rebalance\n // transfers.\n function _executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) internal {\n // Check integrity of leaf structure:\n require(relayerRefundLeaf.chainId == chainId(), \"Invalid chainId\");\n require(relayerRefundLeaf.refundAddresses.length == relayerRefundLeaf.refundAmounts.length, \"invalid leaf\");\n\n RootBundle storage rootBundle = rootBundles[rootBundleId];\n\n // Check that inclusionProof proves that relayerRefundLeaf is contained within the relayer refund root.\n // Note: This should revert if the relayerRefundRoot is uninitialized.\n require(MerkleLib.verifyRelayerRefund(rootBundle.relayerRefundRoot, relayerRefundLeaf, proof), \"Bad Proof\");\n\n // Verify the leafId in the leaf has not yet been claimed.\n require(!MerkleLib.isClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId), \"Already claimed\");\n\n // Set leaf as claimed in bitmap. This is passed by reference to the storage rootBundle.\n MerkleLib.setClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId);\n\n // Send each relayer refund address the associated refundAmount for the L2 token address.\n // Note: Even if the L2 token is not enabled on this spoke pool, we should still refund relayers.\n uint256 length = relayerRefundLeaf.refundAmounts.length;\n for (uint256 i = 0; i < length; ) {\n uint256 amount = relayerRefundLeaf.refundAmounts[i];\n if (amount > 0)\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(\n relayerRefundLeaf.refundAddresses[i],\n amount\n );\n\n // OK because we assume refund array length won't be > types(uint256).max.\n // Based on the stress test results in /test/gas-analytics/SpokePool.RelayerRefundLeaf.ts, the UMIP should\n // limit the refund count in valid proposals to be ~800 so any RelayerRefundLeaves with > 800 refunds should\n // not make it to this stage.\n\n unchecked {\n ++i;\n }\n }\n\n // If leaf's amountToReturn is positive, then send L2 --> L1 message to bridge tokens back via\n // chain-specific bridging method.\n if (relayerRefundLeaf.amountToReturn > 0) {\n _bridgeTokensToHubPool(relayerRefundLeaf);\n\n emit TokensBridged(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n msg.sender\n );\n }\n\n emit ExecutedRelayerRefundRoot(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.refundAmounts,\n rootBundleId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n relayerRefundLeaf.refundAddresses,\n msg.sender\n );\n }\n\n // Verifies inclusion proof of leaf in root and sends recipient remainder of relay. Marks relay as filled.\n function _executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustmentPct,\n bytes32[] memory proof\n ) internal {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: destinationChainId,\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: 0,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: 0,\n maxTokensToSend: SLOW_FILL_MAX_TOKENS_TO_SEND,\n slowFill: true,\n payoutAdjustmentPct: payoutAdjustmentPct,\n maxCount: type(uint256).max\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifySlowFill(relayExecution, rootBundleId, proof);\n\n // Note: use relayAmount as the max amount to send, so the relay is always completely filled by the contract's\n // funds in all cases. As this is a slow relay we set the relayerFeePct to 0. This effectively refunds the\n // relayer component of the relayerFee thereby only charging the depositor the LpFee.\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n\n // Note: Set repayment chain ID to 0 to indicate that there is no repayment to be made. The off-chain data\n // worker can use repaymentChainId=0 as a signal to ignore such relays for refunds. Also, set the relayerFeePct\n // to 0 as slow relays do not pay the caller of this method (depositor is refunded this fee).\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n function _setCrossDomainAdmin(address newCrossDomainAdmin) internal {\n require(newCrossDomainAdmin != address(0), \"Bad bridge router address\");\n crossDomainAdmin = newCrossDomainAdmin;\n emit SetXDomainAdmin(newCrossDomainAdmin);\n }\n\n function _setHubPool(address newHubPool) internal {\n require(newHubPool != address(0), \"Bad hub pool address\");\n hubPool = newHubPool;\n emit SetHubPool(newHubPool);\n }\n\n // Should be overriden by implementing contract depending on how L2 handles sending tokens to L1.\n function _bridgeTokensToHubPool(SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf) internal virtual;\n\n function _verifyUpdateDepositMessage(\n address depositor,\n uint32 depositId,\n uint256 originChainId,\n int64 updatedRelayerFeePct,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) internal view {\n // A depositor can request to modify an un-relayed deposit by signing a hash containing the updated\n // details and information uniquely identifying the deposit to relay. This information ensures\n // that this signature cannot be re-used for other deposits.\n // Note: We use the EIP-712 (https://eips.ethereum.org/EIPS/eip-712) standard for hashing and signing typed data.\n // Specifically, we use the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n // `eth_signedTypedDataV4` in MetaMask (https://docs.metamask.io/guide/signing-data.html).\n bytes32 expectedTypedDataV4Hash = _hashTypedDataV4(\n // EIP-712 compliant hash struct: https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct\n keccak256(\n abi.encode(\n UPDATE_DEPOSIT_DETAILS_HASH,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n keccak256(updatedMessage)\n )\n ),\n // By passing in the origin chain id, we enable the verification of the signature on a different chain\n originChainId\n );\n _verifyDepositorSignature(depositor, expectedTypedDataV4Hash, depositorSignature);\n }\n\n // This function is isolated and made virtual to allow different L2's to implement chain specific recovery of\n // signers from signatures because some L2s might not support ecrecover. To be safe, consider always reverting\n // this function for L2s where ecrecover is different from how it works on Ethereum, otherwise there is the\n // potential to forge a signature from the depositor using a different private key than the original depositor's.\n function _verifyDepositorSignature(\n address depositor,\n bytes32 ethSignedMessageHash,\n bytes memory depositorSignature\n ) internal view virtual {\n // Note:\n // - We don't need to worry about reentrancy from a contract deployed at the depositor address since the method\n // `SignatureChecker.isValidSignatureNow` is a view method. Re-entrancy can happen, but it cannot affect state.\n // - EIP-1271 signatures are supported. This means that a signature valid now, may not be valid later and vice-versa.\n // - For an EIP-1271 signature to work, the depositor contract address must map to a deployed contract on the destination\n // chain that can validate the signature.\n // - Regular signatures from an EOA are also supported.\n bool isValid = SignatureChecker.isValidSignatureNow(depositor, ethSignedMessageHash, depositorSignature);\n require(isValid, \"invalid signature\");\n }\n\n function _verifySlowFill(\n RelayExecution memory relayExecution,\n uint32 rootBundleId,\n bytes32[] memory proof\n ) internal view {\n SlowFill memory slowFill = SlowFill({\n relayData: relayExecution.relay,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n require(\n MerkleLib.verifySlowRelayFulfillment(rootBundles[rootBundleId].slowRelayRoot, slowFill, proof),\n \"Invalid slow relay proof\"\n );\n }\n\n function _computeAmountPreFees(uint256 amount, int64 feesPct) private pure returns (uint256) {\n return (1e18 * amount) / uint256((int256(1e18) - feesPct));\n }\n\n function _computeAmountPostFees(uint256 amount, int256 feesPct) private pure returns (uint256) {\n return (amount * uint256(int256(1e18) - feesPct)) / 1e18;\n }\n\n function _getRelayHash(SpokePoolInterface.RelayData memory relayData) private pure returns (bytes32) {\n return keccak256(abi.encode(relayData));\n }\n\n // Unwraps ETH and does a transfer to a recipient address. If the recipient is a smart contract then sends wrappedNativeToken.\n function _unwrapwrappedNativeTokenTo(address payable to, uint256 amount) internal {\n if (address(to).isContract()) {\n IERC20Upgradeable(address(wrappedNativeToken)).safeTransfer(to, amount);\n } else {\n wrappedNativeToken.withdraw(amount);\n AddressLibUpgradeable.sendValue(to, amount);\n }\n }\n\n /**\n * @notice Caller specifies the max amount of tokens to send to user. Based on this amount and the amount of the\n * relay remaining (as stored in the relayFills mapping), pull the amount of tokens from the caller\n * and send to the recipient.\n * @dev relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n * numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n * fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n * @dev Caller must approve this contract to transfer up to maxTokensToSend of the relayData.destinationToken.\n * The amount to be sent might end up less if there is insufficient relay amount remaining to be sent.\n */\n function _fillRelay(RelayExecution memory relayExecution) internal returns (uint256 fillAmountPreFees) {\n RelayData memory relayData = relayExecution.relay;\n // We limit the relay fees to prevent the user spending all their funds on fees. Note that 0.5e18 (i.e. 50%)\n // fees are just magic numbers. The important point is to prevent the total fee from being 100%, otherwise\n // computing the amount pre fees runs into divide-by-0 issues.\n require(\n SignedMath.abs(relayExecution.updatedRelayerFeePct) < 0.5e18 &&\n SignedMath.abs(relayData.realizedLpFeePct) < 0.5e18,\n \"invalid fees\"\n );\n\n require(relayData.amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // Check that the relay has not already been completely filled. Note that the relays mapping will point to\n // the amount filled so far for a particular relayHash, so this will start at 0 and increment with each fill.\n require(relayFills[relayExecution.relayHash] < relayData.amount, \"relay filled\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[relayData.destinationToken] <= relayExecution.maxCount, \"Above max count\");\n\n // Derive the amount of the relay filled if the caller wants to send exactly maxTokensToSend tokens to\n // the recipient. For example, if the user wants to send 10 tokens to the recipient, the full relay amount\n // is 100, and the fee %'s total 5%, then this computation would return ~10.5, meaning that to fill 10.5/100\n // of the full relay size, the caller would need to send 10 tokens to the user.\n // This is equivalent to the amount to be sent by the relayer before fees have been taken out.\n fillAmountPreFees = _computeAmountPreFees(\n relayExecution.maxTokensToSend,\n (relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct)\n );\n // If fill amount minus fees, which is possible with small fill amounts and negative fees, then\n // revert.\n require(fillAmountPreFees > 0, \"fill amount pre fees is 0\");\n\n // If user's specified max amount to send is greater than the amount of the relay remaining pre-fees,\n // we'll pull exactly enough tokens to complete the relay.\n uint256 amountRemainingInRelay = relayData.amount - relayFills[relayExecution.relayHash];\n if (amountRemainingInRelay < fillAmountPreFees) {\n fillAmountPreFees = amountRemainingInRelay;\n }\n\n // Apply post-fees computation to amount that relayer will send to user. Rounding errors are possible\n // when computing fillAmountPreFees and then amountToSend, and we just want to enforce that\n // the error added to amountToSend is consistently applied to partial and full fills.\n uint256 amountToSend = _computeAmountPostFees(\n fillAmountPreFees,\n relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct\n );\n\n // This can only happen in a slow fill, where the contract is funding the relay.\n if (relayExecution.payoutAdjustmentPct != 0) {\n // If payoutAdjustmentPct is positive, then the recipient will receive more than the amount they\n // were originally expecting. If it is negative, then the recipient will receive less.\n // -1e18 is -100%. Because we cannot pay out negative values, that is the minimum.\n require(relayExecution.payoutAdjustmentPct >= -1e18, \"payoutAdjustmentPct too small\");\n\n // Allow the payout adjustment to go up to 1000% (i.e. 11x).\n // This is a sanity check to ensure the payouts do not grow too large via some sort of issue in bundle\n // construction.\n require(relayExecution.payoutAdjustmentPct <= 100e18, \"payoutAdjustmentPct too large\");\n\n // Note: since _computeAmountPostFees is typically intended for fees, the signage must be reversed.\n amountToSend = _computeAmountPostFees(amountToSend, -relayExecution.payoutAdjustmentPct);\n\n // Note: this error should never happen, since the maxTokensToSend is expected to be set much higher than\n // the amount, but it is here as a sanity check.\n require(amountToSend <= relayExecution.maxTokensToSend, \"Somehow hit maxTokensToSend!\");\n }\n\n // Since the first partial fill is used to update the fill counter for the entire refund amount, we don't have\n // a simple way to handle the case where follow-up partial fills take repayment on different chains. We'd\n // need a way to decrement the fill counter in this case (or increase deposit counter) to ensure that users\n // have adequate frontrunning protections.\n // Instead of adding complexity, we require that all partial fills set repayment chain equal to destination chain.\n // Note: .slowFill is checked because slow fills set repaymentChainId to 0.\n bool localRepayment = relayExecution.repaymentChainId == relayExecution.relay.destinationChainId;\n require(\n localRepayment || relayExecution.relay.amount == fillAmountPreFees || relayExecution.slowFill,\n \"invalid repayment chain\"\n );\n\n // Update fill counter.\n _updateCountFromFill(\n relayFills[relayExecution.relayHash],\n localRepayment,\n relayData.amount,\n relayData.realizedLpFeePct,\n relayData.destinationToken,\n relayExecution.slowFill\n );\n\n // relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n // numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n // fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n relayFills[relayExecution.relayHash] += fillAmountPreFees;\n\n // If relayer and receiver are the same address, there is no need to do any transfer, as it would result in no\n // net movement of funds.\n // Note: this is important because it means that relayers can intentionally self-relay in a capital efficient\n // way (no need to have funds on the destination).\n // If this is a slow fill, we can't exit early since we still need to send funds out of this contract\n // since there is no \"relayer\".\n if (msg.sender == relayExecution.updatedRecipient && !relayExecution.slowFill) return fillAmountPreFees;\n\n // If relay token is wrappedNativeToken then unwrap and send native token.\n if (relayData.destinationToken == address(wrappedNativeToken)) {\n // Note: useContractFunds is True if we want to send funds to the recipient directly out of this contract,\n // otherwise we expect the caller to send funds to the recipient. If useContractFunds is True and the\n // recipient wants wrappedNativeToken, then we can assume that wrappedNativeToken is already in the\n // contract, otherwise we'll need the user to send wrappedNativeToken to this contract. Regardless, we'll\n // need to unwrap it to native token before sending to the user.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(msg.sender, address(this), amountToSend);\n _unwrapwrappedNativeTokenTo(payable(relayExecution.updatedRecipient), amountToSend);\n // Else, this is a normal ERC20 token. Send to recipient.\n } else {\n // Note: Similar to note above, send token directly from the contract to the user in the slow relay case.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(\n msg.sender,\n relayExecution.updatedRecipient,\n amountToSend\n );\n else\n IERC20Upgradeable(relayData.destinationToken).safeTransfer(\n relayExecution.updatedRecipient,\n amountToSend\n );\n }\n\n if (relayExecution.updatedRecipient.isContract() && relayExecution.updatedMessage.length > 0) {\n AcrossMessageHandler(relayExecution.updatedRecipient).handleAcrossMessage(\n relayData.destinationToken,\n amountToSend,\n relayFills[relayExecution.relayHash] >= relayData.amount,\n msg.sender,\n relayExecution.updatedMessage\n );\n }\n }\n\n function _updateCountFromFill(\n uint256 startingFillAmount,\n bool localRepayment,\n uint256 totalFillAmount,\n int64 realizedLPFeePct,\n address token,\n bool useContractFunds\n ) internal {\n // If this is a slow fill, a first partial fill with repayment on another chain, or a partial fill has already happened, do nothing, as these\n // should not impact the count. Initial 0-fills will not reach this part of the code.\n if (useContractFunds || startingFillAmount > 0 || !localRepayment) return;\n fillCounter[token] += _computeAmountPostFees(totalFillAmount, realizedLPFeePct);\n }\n\n function _emitFillRelay(RelayExecution memory relayExecution, uint256 fillAmountPreFees) internal {\n RelayExecutionInfo memory relayExecutionInfo = RelayExecutionInfo({\n relayerFeePct: relayExecution.updatedRelayerFeePct,\n recipient: relayExecution.updatedRecipient,\n message: relayExecution.updatedMessage,\n isSlowRelay: relayExecution.slowFill,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n emit FilledRelay(\n relayExecution.relay.amount,\n relayFills[relayExecution.relayHash],\n fillAmountPreFees,\n relayExecution.repaymentChainId,\n relayExecution.relay.originChainId,\n relayExecution.relay.destinationChainId,\n relayExecution.relay.relayerFeePct,\n relayExecution.relay.realizedLpFeePct,\n relayExecution.relay.depositId,\n relayExecution.relay.destinationToken,\n msg.sender,\n relayExecution.relay.depositor,\n relayExecution.relay.recipient,\n relayExecution.relay.message,\n relayExecutionInfo\n );\n }\n\n // Implementing contract needs to override this to ensure that only the appropriate cross chain admin can execute\n // certain admin functions. For L2 contracts, the cross chain admin refers to some L1 address or contract, and for\n // L1, this would just be the same admin of the HubPool.\n function _requireAdminSender() internal virtual;\n\n // Added to enable the this contract to receive native token (ETH). Used when unwrapping wrappedNativeToken.\n receive() external payable {}\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePoolVerifier.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/utils/Address.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\n */\ncontract SpokePoolVerifier {\n using Address for address;\n\n /**\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n SpokePoolInterface spokePool,\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable {\n require(msg.value == amount, \"msg.value != amount\");\n require(address(spokePool).isContract(), \"spokePool is not a contract\");\n spokePool.deposit{ value: msg.value }(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n quoteTimestamp,\n message,\n maxCount\n );\n }\n}\n" + }, + "contracts/Succinct_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/SuccinctInterfaces.sol\";\n\n/**\n * @notice Succinct Spoke pool.\n */\ncontract Succinct_SpokePool is SpokePool, ITelepathyHandler {\n // Address of the succinct AMB contract.\n address public succinctTargetAmb;\n\n // Chain where HubPool is deployed that is linked to this SpokePool.\n uint16 public hubChainId;\n\n // Warning: this variable should _never_ be touched outside of this contract. It is intentionally set to be\n // private. Leaving it set to true can permanently disable admin calls.\n bool private adminCallValidated;\n\n event SetSuccinctTargetAmb(address indexed newSuccinctTargetAmb);\n event ReceivedMessageFromL1(address indexed caller, address indexed rootMessageSender);\n\n // Note: validating calls this way ensures that strange calls coming from the succinctTargetAmb won't be\n // misinterpreted. Put differently, just checking that msg.sender == succinctTargetAmb is not sufficient.\n // All calls that have admin privileges must be fired from within the handleTelepathy method that's gone\n // through validation where the sender is checked and the sender from the other chain is also validated.\n // This modifier sets the adminCallValidated variable so this condition can be checked in _requireAdminSender().\n modifier validateInternalCalls() {\n // Make sure adminCallValidated is set to True only once at beginning of processMessageFromRoot, which prevents\n // processMessageFromRoot from being re-entered.\n require(!adminCallValidated, \"adminCallValidated already set\");\n\n // This sets a variable indicating that we're now inside a validated call.\n // Note: this is used by other methods to ensure that this call has been validated by this method and is not\n // spoofed.\n adminCallValidated = true;\n\n _;\n\n // Reset adminCallValidated to false to disallow admin calls after this method exits.\n adminCallValidated = false;\n }\n\n /**\n * @notice Construct the Succinct SpokePool.\n * @param _hubChainId Chain ID of the chain where the HubPool is deployed.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeToken Address of the wrapped native token.\n */\n function initialize(\n uint16 _hubChainId,\n address _succinctTargetAmb,\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeToken\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n succinctTargetAmb = _succinctTargetAmb;\n hubChainId = _hubChainId;\n }\n\n /**\n * @notice Admin can reset the succinct contract address.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n */\n function setSuccinctTargetAmb(address _succinctTargetAmb) external onlyAdmin {\n succinctTargetAmb = _succinctTargetAmb;\n emit SetSuccinctTargetAmb(_succinctTargetAmb);\n }\n\n /**\n * @notice This will be called by Succinct AMB on this network to relay a message sent from the HubPool.\n * @param _sourceChainId Chain ID of the chain where the message originated.\n * @param _senderAddress Address of the sender on the chain where the message originated.\n * @param _data Data to be received and executed on this contract.\n */\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external override validateInternalCalls returns (bytes4) {\n // Validate msg.sender as succinct, the x-chain sender as being the hubPool (the admin) and the source chain as\n // 1 (mainnet).\n require(msg.sender == succinctTargetAmb, \"caller not succinct AMB\");\n require(_senderAddress == hubPool, \"sender not hubPool\");\n require(_sourceChainId == hubChainId, \"source chain not hub chain\");\n\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, ) = address(this).delegatecall(_data);\n require(success, \"delegatecall failed\");\n\n emit ReceivedMessageFromL1(msg.sender, _senderAddress);\n return ITelepathyHandler.handleTelepathy.selector;\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory) internal override {\n // This method is a no-op. If the chain intends to include bridging functionality, this must be overriden.\n // If not, leaving this unimplemented means this method may be triggered, but the result will be that no\n // balance is transferred.\n }\n\n // Check that the handleTelepathy method has validated the method to ensure the sender is authenticated.\n function _requireAdminSender() internal view override {\n require(adminCallValidated, \"Admin call not validated\");\n }\n}\n" + }, + "contracts/test/AcrossMessageHandlerMock.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\n\ncontract AcrossMessageHandlerMock is AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external override {}\n}\n" + }, + "contracts/test/MerkleLibTest.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../MerkleLib.sol\";\nimport \"../interfaces/HubPoolInterface.sol\";\nimport \"../interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice Contract to test the MerkleLib.\n */\ncontract MerkleLibTest {\n mapping(uint256 => uint256) public claimedBitMap;\n\n uint256 public claimedBitMap1D;\n\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyPoolRebalance(root, rebalance, proof);\n }\n\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyRelayerRefund(root, refund, proof);\n }\n\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowFill,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifySlowRelayFulfillment(root, slowFill, proof);\n }\n\n function isClaimed(uint256 index) public view returns (bool) {\n return MerkleLib.isClaimed(claimedBitMap, index);\n }\n\n function setClaimed(uint256 index) public {\n MerkleLib.setClaimed(claimedBitMap, index);\n }\n\n function isClaimed1D(uint8 index) public view returns (bool) {\n return MerkleLib.isClaimed1D(claimedBitMap1D, index);\n }\n\n function setClaimed1D(uint8 index) public {\n claimedBitMap1D = MerkleLib.setClaimed1D(claimedBitMap1D, index);\n }\n}\n" + }, + "contracts/test/MockBedrockStandardBridge.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../Ovm_SpokePool.sol\";\n\n// Provides payable withdrawTo interface introduced on Bedrock\ncontract MockBedrockL2StandardBridge is IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable {\n // do nothing\n }\n}\n" + }, + "contracts/test/MockSpokePool.sol": { + "content": "//SPDX-License-Identifier: Unlicense\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @title MockSpokePool\n * @notice Implements abstract contract for testing.\n */\ncontract MockSpokePool is SpokePool, OwnableUpgradeable {\n uint256 private chainId_;\n uint256 private currentTime;\n\n function initialize(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n currentTime = block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n function setCurrentTime(uint256 time) external {\n currentTime = time;\n }\n\n function getCurrentTime() public view override returns (uint256) {\n return currentTime;\n }\n\n // solhint-disable-next-line no-empty-blocks\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {}\n\n function _requireAdminSender() internal override onlyOwner {} // solhint-disable-line no-empty-blocks\n\n function chainId() public view override(SpokePool) returns (uint256) {\n // If chainId_ is set then return it, else do nothing and return the parent chainId().\n return chainId_ == 0 ? super.chainId() : chainId_;\n }\n\n function setChainId(uint256 _chainId) public {\n chainId_ = _chainId;\n }\n}\n" + }, + "contracts/upgradeable/AddressLibUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @title AddressUpgradeable\n * @dev Collection of functions related to the address type\n * @notice Logic is 100% copied from \"@openzeppelin/contracts-upgradeable/contracts/utils/AddressUpgradeable.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\nlibrary AddressLibUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "contracts/upgradeable/EIP712CrossChainUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol\";\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.\n *\n * This contract is based on OpenZeppelin's implementation:\n * https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/utils/cryptography/EIP712Upgradeable.sol\n *\n * NOTE: Modified version that allows to build a domain separator that relies on a different chain id than the chain this\n * contract is deployed to. An example use case we want to support is:\n * - User A signs a message on chain with id = 1\n * - User B executes a method by verifying user A's EIP-712 compliant signature on a chain with id != 1\n */\nabstract contract EIP712CrossChainUpgradeable is Initializable {\n /* solhint-disable var-name-mixedcase */\n bytes32 private _HASHED_NAME;\n bytes32 private _HASHED_VERSION;\n bytes32 private constant _TYPE_HASH = keccak256(\"EIP712Domain(string name,string version,uint256 chainId)\");\n\n /* solhint-enable var-name-mixedcase */\n\n /**\n * @dev Initializes the domain separator and parameter caches.\n *\n * The meaning of `name` and `version` is specified in\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:\n *\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n * - `version`: the current major version of the signing domain.\n *\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n * contract upgrade].\n */\n function __EIP712_init(string memory name, string memory version) internal onlyInitializing {\n __EIP712_init_unchained(name, version);\n }\n\n function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {\n bytes32 hashedName = keccak256(bytes(name));\n bytes32 hashedVersion = keccak256(bytes(version));\n _HASHED_NAME = hashedName;\n _HASHED_VERSION = hashedVersion;\n }\n\n /**\n * @dev Returns the domain separator depending on the `originChainId`.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 EIP-712-compliant domain separator.\n */\n function _domainSeparatorV4(uint256 originChainId) internal view returns (bytes32) {\n return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, originChainId));\n }\n\n /**\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n * function returns the hash of the fully encoded EIP712 message for this domain.\n *\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n *\n * ```solidity\n * bytes32 structHash = keccak256(abi.encode(\n * keccak256(\"Mail(address to,string contents)\"),\n * mailTo,\n * keccak256(bytes(mailContents))\n * ));\n * bytes32 digest = _hashTypedDataV4(structHash, originChainId);\n * address signer = ECDSA.recover(digest, signature);\n * ```\n * @param structHash Hashed struct as defined in https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 Hash digest that is recoverable via `EDCSA.recover`.\n */\n function _hashTypedDataV4(bytes32 structHash, uint256 originChainId) internal view virtual returns (bytes32) {\n return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(originChainId), structHash);\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/upgradeable/MultiCallerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @title MultiCallerUpgradeable\n * @notice Logic is 100% copied from \"@uma/core/contracts/common/implementation/MultiCaller.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\ncontract MultiCallerUpgradeable {\n function multicall(bytes[] calldata data) external returns (bytes[] memory results) {\n results = new bytes[](data.length);\n\n //slither-disable-start calls-loop\n for (uint256 i = 0; i < data.length; i++) {\n // Typically, implementation contracts used in the upgradeable proxy pattern shouldn't call `delegatecall`\n // because it could allow a malicious actor to call this implementation contract directly (rather than\n // through a proxy contract) and then selfdestruct() the contract, thereby freezing the upgradeable\n // proxy. However, since we're only delegatecall-ing into this contract, then we can consider this\n // use of delegatecall() safe.\n\n //slither-disable-start low-level-calls\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory result) = address(this).delegatecall(data[i]);\n //slither-disable-end low-level-calls\n\n if (!success) {\n // Next 5 lines from https://ethereum.stackexchange.com/a/83577\n if (result.length < 68) revert();\n //slither-disable-next-line assembly\n assembly {\n result := add(result, 0x04)\n }\n revert(abi.decode(result, (string)));\n }\n\n results[i] = result;\n }\n //slither-disable-end calls-loop\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/ZkSync_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\n// https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/zksync/contracts/bridge/L2ERC20Bridge.sol#L104\ninterface ZkBridgeLike {\n function withdraw(\n address _l1Receiver,\n address _l2Token,\n uint256 _amount\n ) external;\n}\n\ninterface IL2ETH {\n function withdraw(address _l1Receiver) external payable;\n}\n\n/**\n * @notice ZkSync specific SpokePool, intended to be compiled with `@matterlabs/hardhat-zksync-solc`.\n * @dev Resources for compiling and deploying contracts with hardhat: https://era.zksync.io/docs/tools/hardhat/hardhat-zksync-solc.html\n */\ncontract ZkSync_SpokePool is SpokePool {\n // On Ethereum, avoiding constructor parameters and putting them into constants reduces some of the gas cost\n // upon contract deployment. On zkSync the opposite is true: deploying the same bytecode for contracts,\n // while changing only constructor parameters can lead to substantial fee savings. So, the following params\n // are all set by passing in constructor params where possible.\n\n // ETH on ZkSync implements a subset of the ERC-20 interface, with additional built-in support to bridge to L1.\n address public l2Eth;\n\n // Bridge used to withdraw ERC20's to L1\n ZkBridgeLike public zkErc20Bridge;\n\n event SetZkBridge(address indexed erc20Bridge, address indexed oldErc20Bridge);\n event ZkSyncTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged);\n\n /**\n * @notice Construct the ZkSync SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _zkErc20Bridge Address of L2 ERC20 gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n ZkBridgeLike _zkErc20Bridge,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n l2Eth = 0x000000000000000000000000000000000000800A;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setZkBridge(_zkErc20Bridge);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ZKSYNC-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 token bridge addresses. Callable only by admin.\n * @param _zkErc20Bridge New address of L2 ERC20 gateway.\n */\n function setZkBridge(ZkBridgeLike _zkErc20Bridge) public onlyAdmin nonReentrant {\n _setZkBridge(_zkErc20Bridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. This may not be neccessary\n // if ETH on ZkSync is treated as ETH and the fallback() function is triggered when this contract receives\n // ETH. We will have to test this but this function for now allows the contract to safely convert all of its\n // held ETH into WETH at the cost of higher gas costs.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // SpokePool is expected to receive ETH from the L1 HubPool and currently, withdrawing ETH directly\n // over the ERC20 Bridge is blocked at the contract level. Therefore, we need to unwrap it before withdrawing.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n // To withdraw tokens, we actually call 'withdraw' on the L2 eth token itself.\n IL2ETH(l2Eth).withdraw{ value: relayerRefundLeaf.amountToReturn }(hubPool);\n } else {\n zkErc20Bridge.withdraw(hubPool, relayerRefundLeaf.l2TokenAddress, relayerRefundLeaf.amountToReturn);\n }\n emit ZkSyncTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setZkBridge(ZkBridgeLike _zkErc20Bridge) internal {\n address oldErc20Bridge = address(zkErc20Bridge);\n zkErc20Bridge = _zkErc20Bridge;\n emit SetZkBridge(address(_zkErc20Bridge), oldErc20Bridge);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#mailboxfacet for more information.\n // Another source: https://github.com/matter-labs/era-contracts/blob/41c25aa16d182f757c3fed1463c78a81896f65e6/ethereum/contracts/vendor/AddressAliasHelper.sol#L28\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + } + }, + "settings": { + "optimizer": { + "enabled": true, + "runs": 1000000 + }, + "viaIR": true, + "outputSelection": { + "*": { + "*": [ + "abi", + "evm.bytecode", + "evm.deployedBytecode", + "evm.methodIdentifiers", + "metadata", + "devdoc", + "userdoc", + "storageLayout", + "evm.gasEstimates" + ], + "": ["ast"] + } + }, + "metadata": { + "useLiteralContent": true + } + } +} diff --git a/deployments/base/SpokePoolVerifier.json b/deployments/base/SpokePoolVerifier.json new file mode 100644 index 000000000..c3ef95d8c --- /dev/null +++ b/deployments/base/SpokePoolVerifier.json @@ -0,0 +1,115 @@ +{ + "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", + "abi": [ + { + "inputs": [ + { + "internalType": "contract SpokePoolInterface", + "name": "spokePool", + "type": "address" + }, + { + "internalType": "address", + "name": "recipient", + "type": "address" + }, + { + "internalType": "address", + "name": "originToken", + "type": "address" + }, + { + "internalType": "uint256", + "name": "amount", + "type": "uint256" + }, + { + "internalType": "uint256", + "name": "destinationChainId", + "type": "uint256" + }, + { + "internalType": "int64", + "name": "relayerFeePct", + "type": "int64" + }, + { + "internalType": "uint32", + "name": "quoteTimestamp", + "type": "uint32" + }, + { + "internalType": "bytes", + "name": "message", + "type": "bytes" + }, + { + "internalType": "uint256", + "name": "maxCount", + "type": "uint256" + } + ], + "name": "deposit", + "outputs": [], + "stateMutability": "payable", + "type": "function" + } + ], + "transactionHash": "0xbcca86cc77b1cbbba6d3e30f152e39fc9e7fbbb9b48d8bd4b43b8656dbee20fe", + "receipt": { + "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", + "from": "0x9A8f92a830A5cB89a3816e3D267CB7791c16b04D", + "contractAddress": null, + "transactionIndex": 7, + "gasUsed": "259943", + "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "blockHash": "0xba8cd58935e901bb316850dfae943c3ea5ac4e09aaad09a74020d010191f9783", + "transactionHash": "0xbcca86cc77b1cbbba6d3e30f152e39fc9e7fbbb9b48d8bd4b43b8656dbee20fe", + "logs": [], + "blockNumber": 4822423, + "cumulativeGasUsed": "1659433", + "status": 1, + "byzantium": true + }, + "args": [], + "numDeployments": 1, + "solcInputHash": "ddd636e0d4b16feb9b78418745aefa13", + "metadata": "{\"compiler\":{\"version\":\"0.8.18+commit.87f61d96\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"contract SpokePoolInterface\",\"name\":\"spokePool\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"originToken\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"},{\"internalType\":\"uint256\",\"name\":\"destinationChainId\",\"type\":\"uint256\"},{\"internalType\":\"int64\",\"name\":\"relayerFeePct\",\"type\":\"int64\"},{\"internalType\":\"uint32\",\"name\":\"quoteTimestamp\",\"type\":\"uint32\"},{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"uint256\",\"name\":\"maxCount\",\"type\":\"uint256\"}],\"name\":\"deposit\",\"outputs\":[],\"stateMutability\":\"payable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\",\"kind\":\"dev\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"details\":\"Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.\",\"params\":{\"amount\":\"Amount of tokens to deposit. Will be amount of tokens to receive less fees.\",\"destinationChainId\":\"Denotes network where user will receive funds from SpokePool by a relayer.\",\"maxCount\":\"used to protect the depositor from frontrunning to guarantee their quote remains valid.\",\"message\":\"Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\",\"originToken\":\"Token to lock into this contract to initiate deposit.\",\"quoteTimestamp\":\"Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.\",\"recipient\":\"Address to receive funds at on destination chain.\",\"relayerFeePct\":\"% of deposit amount taken out to incentivize a fast relayer.\",\"spokePool\":\"Address of the SpokePool contract that the user is intending to call.\"}}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"notice\":\"Passthrough function to `deposit()` on the SpokePool contract.\"}},\"notice\":\"SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"contracts/SpokePoolVerifier.sol\":\"SpokePoolVerifier\"},\"evmVersion\":\"paris\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":true},\"optimizer\":{\"enabled\":true,\"runs\":1000000},\"remappings\":[],\"viaIR\":true},\"sources\":{\"@openzeppelin/contracts/utils/Address.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\\n\\npragma solidity ^0.8.1;\\n\\n/**\\n * @dev Collection of functions related to the address type\\n */\\nlibrary Address {\\n /**\\n * @dev Returns true if `account` is a contract.\\n *\\n * [IMPORTANT]\\n * ====\\n * It is unsafe to assume that an address for which this function returns\\n * false is an externally-owned account (EOA) and not a contract.\\n *\\n * Among others, `isContract` will return false for the following\\n * types of addresses:\\n *\\n * - an externally-owned account\\n * - a contract in construction\\n * - an address where a contract will be created\\n * - an address where a contract lived, but was destroyed\\n *\\n * Furthermore, `isContract` will also return true if the target contract within\\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\\n * which only has an effect at the end of a transaction.\\n * ====\\n *\\n * [IMPORTANT]\\n * ====\\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\\n *\\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\\n * constructor.\\n * ====\\n */\\n function isContract(address account) internal view returns (bool) {\\n // This method relies on extcodesize/address.code.length, which returns 0\\n // for contracts in construction, since the code is only stored at the end\\n // of the constructor execution.\\n\\n return account.code.length > 0;\\n }\\n\\n /**\\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\\n * `recipient`, forwarding all available gas and reverting on errors.\\n *\\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\\n * imposed by `transfer`, making them unable to receive funds via\\n * `transfer`. {sendValue} removes this limitation.\\n *\\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\\n *\\n * IMPORTANT: because control is transferred to `recipient`, care must be\\n * taken to not create reentrancy vulnerabilities. Consider using\\n * {ReentrancyGuard} or the\\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\\n */\\n function sendValue(address payable recipient, uint256 amount) internal {\\n require(address(this).balance >= amount, \\\"Address: insufficient balance\\\");\\n\\n (bool success, ) = recipient.call{value: amount}(\\\"\\\");\\n require(success, \\\"Address: unable to send value, recipient may have reverted\\\");\\n }\\n\\n /**\\n * @dev Performs a Solidity function call using a low level `call`. A\\n * plain `call` is an unsafe replacement for a function call: use this\\n * function instead.\\n *\\n * If `target` reverts with a revert reason, it is bubbled up by this\\n * function (like regular Solidity function calls).\\n *\\n * Returns the raw returned data. To convert to the expected return value,\\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\\n *\\n * Requirements:\\n *\\n * - `target` must be a contract.\\n * - calling `target` with `data` must not revert.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, \\\"Address: low-level call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\\n * `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but also transferring `value` wei to `target`.\\n *\\n * Requirements:\\n *\\n * - the calling contract must have an ETH balance of at least `value`.\\n * - the called Solidity function must be `payable`.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, value, \\\"Address: low-level call with value failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\\n * with `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(\\n address target,\\n bytes memory data,\\n uint256 value,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n require(address(this).balance >= value, \\\"Address: insufficient balance for call\\\");\\n (bool success, bytes memory returndata) = target.call{value: value}(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\\n return functionStaticCall(target, data, \\\"Address: low-level static call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.staticcall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionDelegateCall(target, data, \\\"Address: low-level delegate call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.delegatecall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\\n *\\n * _Available since v4.8._\\n */\\n function verifyCallResultFromTarget(\\n address target,\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n if (success) {\\n if (returndata.length == 0) {\\n // only check isContract if the call was successful and the return data is empty\\n // otherwise we already know that it was a contract\\n require(isContract(target), \\\"Address: call to non-contract\\\");\\n }\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\\n * revert reason or using the provided one.\\n *\\n * _Available since v4.3._\\n */\\n function verifyCallResult(\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal pure returns (bytes memory) {\\n if (success) {\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\\n // Look for revert reason and bubble it up if present\\n if (returndata.length > 0) {\\n // The easiest way to bubble the revert reason is using memory via assembly\\n /// @solidity memory-safe-assembly\\n assembly {\\n let returndata_size := mload(returndata)\\n revert(add(32, returndata), returndata_size)\\n }\\n } else {\\n revert(errorMessage);\\n }\\n }\\n}\\n\",\"keccak256\":\"0x006dd67219697fe68d7fbfdea512e7c4cb64a43565ed86171d67e844982da6fa\",\"license\":\"MIT\"},\"contracts/SpokePoolVerifier.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\nimport \\\"@openzeppelin/contracts/utils/Address.sol\\\";\\nimport \\\"./interfaces/SpokePoolInterface.sol\\\";\\n\\n/**\\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\\n */\\ncontract SpokePoolVerifier {\\n using Address for address;\\n\\n /**\\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\\n * @param recipient Address to receive funds at on destination chain.\\n * @param originToken Token to lock into this contract to initiate deposit.\\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\\n * to LP pool on HubPool.\\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\\n */\\n function deposit(\\n SpokePoolInterface spokePool,\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable {\\n require(msg.value == amount, \\\"msg.value != amount\\\");\\n require(address(spokePool).isContract(), \\\"spokePool is not a contract\\\");\\n spokePool.deposit{ value: msg.value }(\\n recipient,\\n originToken,\\n amount,\\n destinationChainId,\\n relayerFeePct,\\n quoteTimestamp,\\n message,\\n maxCount\\n );\\n }\\n}\\n\",\"keccak256\":\"0x307def15b466a7b358bd8429d1e0602bc623d7c03aa07b78552e551625196c29\",\"license\":\"BUSL-1.1\"},\"contracts/interfaces/SpokePoolInterface.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\n/**\\n * @notice Contains common data structures and functions used by all SpokePool implementations.\\n */\\ninterface SpokePoolInterface {\\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\\n struct RelayerRefundLeaf {\\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\\n // is negative. This is just the negative of this value.\\n uint256 amountToReturn;\\n // Used to verify that this is being executed on the correct destination chainId.\\n uint256 chainId;\\n // This array designates how much each of those addresses should be refunded.\\n uint256[] refundAmounts;\\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\\n uint32 leafId;\\n // The associated L2TokenAddress that these claims apply to.\\n address l2TokenAddress;\\n // Must be same length as refundAmounts and designates each address that must be refunded.\\n address[] refundAddresses;\\n }\\n\\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\\n // chain validator can choose when to refund slow relayers.\\n struct RelayData {\\n // The address that made the deposit on the origin chain.\\n address depositor;\\n // The recipient address on the destination chain.\\n address recipient;\\n // The corresponding token address on the destination chain.\\n address destinationToken;\\n // The total relay amount before fees are taken out.\\n uint256 amount;\\n // Origin chain id.\\n uint256 originChainId;\\n // Destination chain id.\\n uint256 destinationChainId;\\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\\n // and the HubPool's utilization.\\n int64 realizedLpFeePct;\\n // The relayer fee percentage specified in the deposit.\\n int64 relayerFeePct;\\n // The id uniquely identifying this deposit on the origin chain.\\n uint32 depositId;\\n // Data that is forwarded to the recipient.\\n bytes message;\\n }\\n\\n struct SlowFill {\\n RelayData relayData;\\n int256 payoutAdjustmentPct;\\n }\\n\\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\\n // by \\\"data workers\\\" via inclusion proofs to execute leaves in the roots.\\n struct RootBundle {\\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\\n bytes32 slowRelayRoot;\\n // Merkle root of relayer refunds for successful relays.\\n bytes32 relayerRefundRoot;\\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\\n // 256x(2^248) leaves per root.\\n mapping(uint256 => uint256) claimedBitmap;\\n }\\n\\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\\n\\n function setHubPool(address newHubPool) external;\\n\\n function setEnableRoute(\\n address originToken,\\n uint256 destinationChainId,\\n bool enable\\n ) external;\\n\\n function pauseDeposits(bool pause) external;\\n\\n function pauseFills(bool pause) external;\\n\\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\\n\\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\\n\\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\\n\\n function deposit(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function depositNow(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function speedUpDeposit(\\n address depositor,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n address updatedRecipient,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature\\n ) external;\\n\\n function fillRelay(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n uint256 maxCount\\n ) external;\\n\\n function fillRelayWithUpdatedDeposit(\\n address depositor,\\n address recipient,\\n address updatedRecipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature,\\n uint256 maxCount\\n ) external;\\n\\n function executeSlowRelayLeaf(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n uint32 rootBundleId,\\n bytes memory message,\\n int256 payoutAdjustment,\\n bytes32[] memory proof\\n ) external;\\n\\n function executeRelayerRefundLeaf(\\n uint32 rootBundleId,\\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\\n bytes32[] memory proof\\n ) external;\\n\\n function chainId() external view returns (uint256);\\n}\\n\",\"keccak256\":\"0x8ca5e32ee496553c1055954283747b6725356548dc35f5aad565e5cf37bf6449\",\"license\":\"BUSL-1.1\"}},\"version\":1}", + "bytecode": "0x60808060405234610016576103c3908161001c8239f35b600080fdfe608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "deployedBytecode": "0x608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "devdoc": { + "details": "This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2", + "kind": "dev", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "details": "Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.", + "params": { + "amount": "Amount of tokens to deposit. Will be amount of tokens to receive less fees.", + "destinationChainId": "Denotes network where user will receive funds from SpokePool by a relayer.", + "maxCount": "used to protect the depositor from frontrunning to guarantee their quote remains valid.", + "message": "Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.", + "originToken": "Token to lock into this contract to initiate deposit.", + "quoteTimestamp": "Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.", + "recipient": "Address to receive funds at on destination chain.", + "relayerFeePct": "% of deposit amount taken out to incentivize a fast relayer.", + "spokePool": "Address of the SpokePool contract that the user is intending to call." + } + } + }, + "version": 1 + }, + "userdoc": { + "kind": "user", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "notice": "Passthrough function to `deposit()` on the SpokePool contract." + } + }, + "notice": "SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.", + "version": 1 + }, + "storageLayout": { + "storage": [], + "types": null + } +} diff --git a/deployments/base/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json b/deployments/base/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json new file mode 100644 index 000000000..abf783f9a --- /dev/null +++ b/deployments/base/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json @@ -0,0 +1,247 @@ +{ + "language": "Solidity", + "sources": { + "@eth-optimism/contracts/L1/messaging/IL1ERC20Bridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title IL1ERC20Bridge\n */\ninterface IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n\n event ERC20DepositInitiated(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n event ERC20WithdrawalFinalized(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev get the address of the corresponding L2 bridge contract.\n * @return Address of the corresponding L2 bridge contract.\n */\n function l2TokenBridge() external returns (address);\n\n /**\n * @dev deposit an amount of the ERC20 to the caller's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _amount Amount of the ERC20 to deposit\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20(\n address _l1Token,\n address _l2Token,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /**\n * @dev deposit an amount of ERC20 to a recipient's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _to L2 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20To(\n address _l1Token,\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ERC20 token.\n * This call will fail if the initialized withdrawal from L2 has not been finalized.\n *\n * @param _l1Token Address of L1 token to finalizeWithdrawal for.\n * @param _l2Token Address of L2 token where withdrawal was initiated.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Data provided by the sender on L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeERC20Withdrawal(\n address _l1Token,\n address _l2Token,\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\nimport \"./IL1ERC20Bridge.sol\";\n\n/**\n * @title IL1StandardBridge\n */\ninterface IL1StandardBridge is IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n event ETHDepositInitiated(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n event ETHWithdrawalFinalized(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev Deposit an amount of the ETH to the caller's balance on L2.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETH(uint32 _l2Gas, bytes calldata _data) external payable;\n\n /**\n * @dev Deposit an amount of ETH to a recipient's balance on L2.\n * @param _to L2 address to credit the withdrawal to.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETHTo(\n address _to,\n uint32 _l2Gas,\n bytes calldata _data\n ) external payable;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ETH token. Since only the xDomainMessenger can call this function, it will never be called\n * before the withdrawal is finalized.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeETHWithdrawal(\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessenger {\n /**********\n * Events *\n **********/\n\n event SentMessage(\n address indexed target,\n address sender,\n bytes message,\n uint256 messageNonce,\n uint256 gasLimit\n );\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(\n address _target,\n bytes calldata _message,\n uint32 _gasLimit\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.9;\n\n/**\n * @title Lib_PredeployAddresses\n */\nlibrary Lib_PredeployAddresses {\n address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;\n address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;\n address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;\n address payable internal constant OVM_ETH = payable(0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000);\n address internal constant L2_CROSS_DOMAIN_MESSENGER =\n 0x4200000000000000000000000000000000000007;\n address internal constant LIB_ADDRESS_MANAGER = 0x4200000000000000000000000000000000000008;\n address internal constant PROXY_EOA = 0x4200000000000000000000000000000000000009;\n address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;\n address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;\n address internal constant L2_STANDARD_TOKEN_FACTORY =\n 0x4200000000000000000000000000000000000012;\n address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/ContextUpgradeable.sol\";\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n function __Ownable_init() internal onlyInitializing {\n __Ownable_init_unchained();\n }\n\n function __Ownable_init_unchained() internal onlyInitializing {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/errorsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.6.0) (crosschain/errors.sol)\n\npragma solidity ^0.8.4;\n\nerror NotCrossChainCall();\nerror InvalidCrossChainSender(address actual, address expected);\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (crosschain/optimism/LibOptimism.sol)\n\npragma solidity ^0.8.4;\n\nimport { ICrossDomainMessengerUpgradeable as Optimism_Bridge } from \"../../vendor/optimism/ICrossDomainMessengerUpgradeable.sol\";\nimport \"../errorsUpgradeable.sol\";\n\n/**\n * @dev Primitives for cross-chain aware contracts for https://www.optimism.io/[Optimism].\n * See the https://community.optimism.io/docs/developers/bridge/messaging/#accessing-msg-sender[documentation]\n * for the functionality used here.\n */\nlibrary LibOptimismUpgradeable {\n /**\n * @dev Returns whether the current function call is the result of a\n * cross-chain message relayed by `messenger`.\n */\n function isCrossChain(address messenger) internal view returns (bool) {\n return msg.sender == messenger;\n }\n\n /**\n * @dev Returns the address of the sender that triggered the current\n * cross-chain message through `messenger`.\n *\n * NOTE: {isCrossChain} should be checked before trying to recover the\n * sender, as it will revert with `NotCrossChainCall` if the current\n * function call is not the result of a cross-chain message.\n */\n function crossChainSender(address messenger) internal view returns (address) {\n if (!isCrossChain(messenger)) revert NotCrossChainCall();\n\n return Optimism_Bridge(messenger).xDomainMessageSender();\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/draft-IERC1822Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified\n * proxy whose upgrades are fully controlled by the current implementation.\n */\ninterface IERC1822ProxiableUpgradeable {\n /**\n * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation\n * address.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy.\n */\n function proxiableUUID() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/IERC1967Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n *\n * _Available since v4.8.3._\n */\ninterface IERC1967Upgradeable {\n /**\n * @dev Emitted when the implementation is upgraded.\n */\n event Upgraded(address indexed implementation);\n\n /**\n * @dev Emitted when the admin account has changed.\n */\n event AdminChanged(address previousAdmin, address newAdmin);\n\n /**\n * @dev Emitted when the beacon is changed.\n */\n event BeaconUpgraded(address indexed beacon);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/beacon/IBeaconUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeaconUpgradeable {\n /**\n * @dev Must return an address that can be used as a delegate call target.\n *\n * {BeaconProxy} will check that this address is a contract.\n */\n function implementation() external view returns (address);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../beacon/IBeaconUpgradeable.sol\";\nimport \"../../interfaces/IERC1967Upgradeable.sol\";\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../../utils/AddressUpgradeable.sol\";\nimport \"../../utils/StorageSlotUpgradeable.sol\";\nimport \"../utils/Initializable.sol\";\n\n/**\n * @dev This abstract contract provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.\n *\n * _Available since v4.1._\n */\nabstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {\n function __ERC1967Upgrade_init() internal onlyInitializing {\n }\n\n function __ERC1967Upgrade_init_unchained() internal onlyInitializing {\n }\n // This is the keccak-256 hash of \"eip1967.proxy.rollback\" subtracted by 1\n bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;\n\n /**\n * @dev Storage slot with the address of the current implementation.\n * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n /**\n * @dev Returns the current implementation address.\n */\n function _getImplementation() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 implementation slot.\n */\n function _setImplementation(address newImplementation) private {\n require(AddressUpgradeable.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n }\n\n /**\n * @dev Perform implementation upgrade\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeTo(address newImplementation) internal {\n _setImplementation(newImplementation);\n emit Upgraded(newImplementation);\n }\n\n /**\n * @dev Perform implementation upgrade with additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {\n _upgradeTo(newImplementation);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(newImplementation, data);\n }\n }\n\n /**\n * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {\n // Upgrades from old implementations will perform a rollback test. This test requires the new\n // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing\n // this special case will break upgrade paths from old UUPS implementation to new ones.\n if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {\n _setImplementation(newImplementation);\n } else {\n try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {\n require(slot == _IMPLEMENTATION_SLOT, \"ERC1967Upgrade: unsupported proxiableUUID\");\n } catch {\n revert(\"ERC1967Upgrade: new implementation is not UUPS\");\n }\n _upgradeToAndCall(newImplementation, data, forceCall);\n }\n }\n\n /**\n * @dev Storage slot with the admin of the contract.\n * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n /**\n * @dev Returns the current admin.\n */\n function _getAdmin() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 admin slot.\n */\n function _setAdmin(address newAdmin) private {\n require(newAdmin != address(0), \"ERC1967: new admin is the zero address\");\n StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;\n }\n\n /**\n * @dev Changes the admin of the proxy.\n *\n * Emits an {AdminChanged} event.\n */\n function _changeAdmin(address newAdmin) internal {\n emit AdminChanged(_getAdmin(), newAdmin);\n _setAdmin(newAdmin);\n }\n\n /**\n * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.\n */\n bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n /**\n * @dev Returns the current beacon.\n */\n function _getBeacon() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;\n }\n\n /**\n * @dev Stores a new beacon in the EIP1967 beacon slot.\n */\n function _setBeacon(address newBeacon) private {\n require(AddressUpgradeable.isContract(newBeacon), \"ERC1967: new beacon is not a contract\");\n require(\n AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),\n \"ERC1967: beacon implementation is not a contract\"\n );\n StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;\n }\n\n /**\n * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does\n * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).\n *\n * Emits a {BeaconUpgraded} event.\n */\n function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {\n _setBeacon(newBeacon);\n emit BeaconUpgraded(newBeacon);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);\n }\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../../utils/AddressUpgradeable.sol\";\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n * function initialize() initializer public {\n * __ERC20_init(\"MyToken\", \"MTK\");\n * }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n * function initializeV2() reinitializer(2) public {\n * __ERC20Permit_init(\"MyToken\");\n * }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n * _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n /**\n * @dev Indicates that the contract has been initialized.\n * @custom:oz-retyped-from bool\n */\n uint8 private _initialized;\n\n /**\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private _initializing;\n\n /**\n * @dev Triggered when the contract has been initialized or reinitialized.\n */\n event Initialized(uint8 version);\n\n /**\n * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n * `onlyInitializing` functions can be used to initialize parent contracts.\n *\n * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a\n * constructor.\n *\n * Emits an {Initialized} event.\n */\n modifier initializer() {\n bool isTopLevelCall = !_initializing;\n require(\n (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),\n \"Initializable: contract is already initialized\"\n );\n _initialized = 1;\n if (isTopLevelCall) {\n _initializing = true;\n }\n _;\n if (isTopLevelCall) {\n _initializing = false;\n emit Initialized(1);\n }\n }\n\n /**\n * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n * used to initialize parent contracts.\n *\n * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n * are added through upgrades and that require initialization.\n *\n * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n * cannot be nested. If one is invoked in the context of another, execution will revert.\n *\n * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n * a contract, executing them in the right order is up to the developer or operator.\n *\n * WARNING: setting the version to 255 will prevent any future reinitialization.\n *\n * Emits an {Initialized} event.\n */\n modifier reinitializer(uint8 version) {\n require(!_initializing && _initialized < version, \"Initializable: contract is already initialized\");\n _initialized = version;\n _initializing = true;\n _;\n _initializing = false;\n emit Initialized(version);\n }\n\n /**\n * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n * {initializer} and {reinitializer} modifiers, directly or indirectly.\n */\n modifier onlyInitializing() {\n require(_initializing, \"Initializable: contract is not initializing\");\n _;\n }\n\n /**\n * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n * through proxies.\n *\n * Emits an {Initialized} event the first time it is successfully executed.\n */\n function _disableInitializers() internal virtual {\n require(!_initializing, \"Initializable: contract is initializing\");\n if (_initialized != type(uint8).max) {\n _initialized = type(uint8).max;\n emit Initialized(type(uint8).max);\n }\n }\n\n /**\n * @dev Returns the highest version that has been initialized. See {reinitializer}.\n */\n function _getInitializedVersion() internal view returns (uint8) {\n return _initialized;\n }\n\n /**\n * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n */\n function _isInitializing() internal view returns (bool) {\n return _initializing;\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../ERC1967/ERC1967UpgradeUpgradeable.sol\";\nimport \"./Initializable.sol\";\n\n/**\n * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an\n * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.\n *\n * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is\n * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing\n * `UUPSUpgradeable` with a custom implementation of upgrades.\n *\n * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.\n *\n * _Available since v4.1._\n */\nabstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {\n function __UUPSUpgradeable_init() internal onlyInitializing {\n }\n\n function __UUPSUpgradeable_init_unchained() internal onlyInitializing {\n }\n /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment\n address private immutable __self = address(this);\n\n /**\n * @dev Check that the execution is being performed through a delegatecall call and that the execution context is\n * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case\n * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a\n * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to\n * fail.\n */\n modifier onlyProxy() {\n require(address(this) != __self, \"Function must be called through delegatecall\");\n require(_getImplementation() == __self, \"Function must be called through active proxy\");\n _;\n }\n\n /**\n * @dev Check that the execution is not being performed through a delegate call. This allows a function to be\n * callable on the implementing contract but not through proxies.\n */\n modifier notDelegated() {\n require(address(this) == __self, \"UUPSUpgradeable: must not be called through delegatecall\");\n _;\n }\n\n /**\n * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the\n * implementation. It is used to validate the implementation's compatibility when performing an upgrade.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.\n */\n function proxiableUUID() external view virtual override notDelegated returns (bytes32) {\n return _IMPLEMENTATION_SLOT;\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeTo(address newImplementation) public virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, new bytes(0), false);\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call\n * encoded in `data`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, data, true);\n }\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n *\n * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.\n *\n * ```solidity\n * function _authorizeUpgrade(address) internal override onlyOwner {}\n * ```\n */\n function _authorizeUpgrade(address newImplementation) internal virtual;\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n *\n * TIP: If you would like to learn more about reentrancy and alternative ways\n * to protect against it, check out our blog post\n * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].\n */\nabstract contract ReentrancyGuardUpgradeable is Initializable {\n // Booleans are more expensive than uint256 or any type that takes up a full\n // word because each write operation emits an extra SLOAD to first read the\n // slot's contents, replace the bits taken up by the boolean, and then write\n // back. This is the compiler's defense against contract upgrades and\n // pointer aliasing, and it cannot be disabled.\n\n // The values being non-zero value makes deployment a bit more expensive,\n // but in exchange the refund on every call to nonReentrant will be lower in\n // amount. Since refunds are capped to a percentage of the total\n // transaction's gas, it is best to keep them low in cases like this one, to\n // increase the likelihood of the full refund coming into effect.\n uint256 private constant _NOT_ENTERED = 1;\n uint256 private constant _ENTERED = 2;\n\n uint256 private _status;\n\n function __ReentrancyGuard_init() internal onlyInitializing {\n __ReentrancyGuard_init_unchained();\n }\n\n function __ReentrancyGuard_init_unchained() internal onlyInitializing {\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and making it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _nonReentrantBefore();\n _;\n _nonReentrantAfter();\n }\n\n function _nonReentrantBefore() private {\n // On the first call to nonReentrant, _status will be _NOT_ENTERED\n require(_status != _ENTERED, \"ReentrancyGuard: reentrant call\");\n\n // Any calls to nonReentrant after this point will fail\n _status = _ENTERED;\n }\n\n function _nonReentrantAfter() private {\n // By storing the original value once again, a refund is triggered (see\n // https://eips.ethereum.org/EIPS/eip-2200)\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Returns true if the reentrancy guard is currently set to \"entered\", which indicates there is a\n * `nonReentrant` function in the call stack.\n */\n function _reentrancyGuardEntered() internal view returns (bool) {\n return _status == _ENTERED;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20PermitUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20PermitUpgradeable {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20Upgradeable {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20Upgradeable.sol\";\nimport \"../extensions/IERC20PermitUpgradeable.sol\";\nimport \"../../../utils/AddressUpgradeable.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20Upgradeable {\n using AddressUpgradeable for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20PermitUpgradeable token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary AddressUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n function __Context_init() internal onlyInitializing {\n }\n\n function __Context_init_unchained() internal onlyInitializing {\n }\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../StringsUpgradeable.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSAUpgradeable {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", StringsUpgradeable.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/MathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary MathUpgradeable {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/SignedMathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMathUpgradeable {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StorageSlotUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n * function _getImplementation() internal view returns (address) {\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n * }\n *\n * function _setImplementation(address newImplementation) internal {\n * require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n * }\n * }\n * ```\n *\n * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._\n * _Available since v4.9 for `string`, `bytes`._\n */\nlibrary StorageSlotUpgradeable {\n struct AddressSlot {\n address value;\n }\n\n struct BooleanSlot {\n bool value;\n }\n\n struct Bytes32Slot {\n bytes32 value;\n }\n\n struct Uint256Slot {\n uint256 value;\n }\n\n struct StringSlot {\n string value;\n }\n\n struct BytesSlot {\n bytes value;\n }\n\n /**\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n */\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BooleanSlot` with member `value` located at `slot`.\n */\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.\n */\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Uint256Slot` with member `value` located at `slot`.\n */\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` with member `value` located at `slot`.\n */\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n */\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` with member `value` located at `slot`.\n */\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n */\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StringsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/MathUpgradeable.sol\";\nimport \"./math/SignedMathUpgradeable.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary StringsUpgradeable {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = MathUpgradeable.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMathUpgradeable.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, MathUpgradeable.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/vendor/optimism/ICrossDomainMessengerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (vendor/optimism/ICrossDomainMessenger.sol)\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessengerUpgradeable {\n /**********\n * Events *\n **********/\n\n event SentMessage(address indexed target, address sender, bytes message, uint256 messageNonce, uint256 gasLimit);\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(address _target, bytes calldata _message, uint32 _gasLimit) external;\n}\n" + }, + "@openzeppelin/contracts/access/Ownable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n" + }, + "@openzeppelin/contracts/interfaces/IERC1271.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC1271 standard signature validation method for\n * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].\n *\n * _Available since v4.1._\n */\ninterface IERC1271 {\n /**\n * @dev Should return whether the signature provided is valid for the provided data\n * @param hash Hash of the data to be signed\n * @param signature Signature byte array associated with _data\n */\n function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20Permit {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/IERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\nimport \"../extensions/IERC20Permit.sol\";\nimport \"../../../utils/Address.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using Address for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20 token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20Permit token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Address.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Context.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/ECDSA.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../Strings.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", Strings.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.2) (utils/cryptography/MerkleProof.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev These functions deal with verification of Merkle Tree proofs.\n *\n * The tree and the proofs can be generated using our\n * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].\n * You will find a quickstart guide in the readme.\n *\n * WARNING: You should avoid using leaf values that are 64 bytes long prior to\n * hashing, or use a hash function other than keccak256 for hashing leaves.\n * This is because the concatenation of a sorted pair of internal nodes in\n * the merkle tree could be reinterpreted as a leaf value.\n * OpenZeppelin's JavaScript library generates merkle trees that are safe\n * against this attack out of the box.\n */\nlibrary MerkleProof {\n /**\n * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree\n * defined by `root`. For this, a `proof` must be provided, containing\n * sibling hashes on the branch from the leaf to the root of the tree. Each\n * pair of leaves and each pair of pre-images are assumed to be sorted.\n */\n function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProof(proof, leaf) == root;\n }\n\n /**\n * @dev Calldata version of {verify}\n *\n * _Available since v4.7._\n */\n function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProofCalldata(proof, leaf) == root;\n }\n\n /**\n * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up\n * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt\n * hash matches the root of the tree. When processing the proof, the pairs\n * of leafs & pre-images are assumed to be sorted.\n *\n * _Available since v4.4._\n */\n function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Calldata version of {processProof}\n *\n * _Available since v4.7._\n */\n function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a merkle tree defined by\n * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerify(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProof(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Calldata version of {multiProofVerify}\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerifyCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProofCalldata(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction\n * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another\n * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false\n * respectively.\n *\n * CAUTION: Not all merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree\n * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the\n * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).\n *\n * _Available since v4.7._\n */\n function processMultiProof(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n /**\n * @dev Calldata version of {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function processMultiProofCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {\n return a < b ? _efficientHash(a, b) : _efficientHash(b, a);\n }\n\n function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, a)\n mstore(0x20, b)\n value := keccak256(0x00, 0x40)\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/SignatureChecker.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./ECDSA.sol\";\nimport \"../../interfaces/IERC1271.sol\";\n\n/**\n * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA\n * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets like\n * Argent and Gnosis Safe.\n *\n * _Available since v4.1._\n */\nlibrary SignatureChecker {\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the\n * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECDSA.recover`.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {\n (address recovered, ECDSA.RecoverError error) = ECDSA.tryRecover(hash, signature);\n return\n (error == ECDSA.RecoverError.NoError && recovered == signer) ||\n isValidERC1271SignatureNow(signer, hash, signature);\n }\n\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated\n * against the signer smart contract using ERC1271.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidERC1271SignatureNow(\n address signer,\n bytes32 hash,\n bytes memory signature\n ) internal view returns (bool) {\n (bool success, bytes memory result) = signer.staticcall(\n abi.encodeWithSelector(IERC1271.isValidSignature.selector, hash, signature)\n );\n return (success &&\n result.length >= 32 &&\n abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/Math.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary Math {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/SignedMath.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMath {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Strings.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/Math.sol\";\nimport \"./math/SignedMath.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = Math.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMath.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, Math.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: AGPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"./MerkleDistributorInterface.sol\";\n\n/**\n * Inspired by:\n * - https://github.com/pie-dao/vested-token-migration-app\n * - https://github.com/Uniswap/merkle-distributor\n * - https://github.com/balancer-labs/erc20-redeemable\n *\n * @title MerkleDistributor contract.\n * @notice Allows an owner to distribute any reward ERC20 to claimants according to Merkle roots. The owner can specify\n * multiple Merkle roots distributions with customized reward currencies.\n * @dev The Merkle trees are not validated in any way, so the system assumes the contract owner behaves honestly.\n */\ncontract MerkleDistributor is MerkleDistributorInterface, Ownable {\n using SafeERC20 for IERC20;\n\n // Windows are mapped to arbitrary indices.\n mapping(uint256 => Window) public merkleWindows;\n\n // Index of next created Merkle root.\n uint256 public nextCreatedIndex;\n\n // Track which accounts have claimed for each window index.\n // Note: uses a packed array of bools for gas optimization on tracking certain claims. Copied from Uniswap's contract.\n mapping(uint256 => mapping(uint256 => uint256)) private claimedBitMap;\n\n /****************************************\n * EVENTS\n ****************************************/\n event Claimed(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n event CreatedWindow(\n uint256 indexed windowIndex,\n uint256 rewardsDeposited,\n address indexed rewardToken,\n address owner\n );\n event WithdrawRewards(address indexed owner, uint256 amount, address indexed currency);\n event DeleteWindow(uint256 indexed windowIndex, address owner);\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Set merkle root for the next available window index and seed allocations.\n * @notice Callable only by owner of this contract. Caller must have approved this contract to transfer\n * `rewardsToDeposit` amount of `rewardToken` or this call will fail. Importantly, we assume that the\n * owner of this contract correctly chooses an amount `rewardsToDeposit` that is sufficient to cover all\n * claims within the `merkleRoot`.\n * @param rewardsToDeposit amount of rewards to deposit to seed this allocation.\n * @param rewardToken ERC20 reward token.\n * @param merkleRoot merkle root describing allocation.\n * @param ipfsHash hash of IPFS object, conveniently stored for clients\n */\n function setWindow(\n uint256 rewardsToDeposit,\n address rewardToken,\n bytes32 merkleRoot,\n string calldata ipfsHash\n ) external onlyOwner {\n uint256 indexToSet = nextCreatedIndex;\n nextCreatedIndex = indexToSet + 1;\n\n _setWindow(indexToSet, rewardsToDeposit, rewardToken, merkleRoot, ipfsHash);\n }\n\n /**\n * @notice Delete merkle root at window index.\n * @dev Callable only by owner. Likely to be followed by a withdrawRewards call to clear contract state.\n * @param windowIndex merkle root index to delete.\n */\n function deleteWindow(uint256 windowIndex) external onlyOwner {\n delete merkleWindows[windowIndex];\n emit DeleteWindow(windowIndex, msg.sender);\n }\n\n /**\n * @notice Emergency method that transfers rewards out of the contract if the contract was configured improperly.\n * @dev Callable only by owner.\n * @param rewardCurrency rewards to withdraw from contract.\n * @param amount amount of rewards to withdraw.\n */\n function withdrawRewards(IERC20 rewardCurrency, uint256 amount) external onlyOwner {\n rewardCurrency.safeTransfer(msg.sender, amount);\n emit WithdrawRewards(msg.sender, amount, address(rewardCurrency));\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev Optimistically tries to batch together consecutive claims for the same account and same\n * reward token to reduce gas. Therefore, the most gas-cost-optimal way to use this method\n * is to pass in an array of claims sorted by account and reward currency. It also reverts\n * when any of individual `_claim`'s `amount` exceeds `remainingAmount` for its window.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public virtual override {\n uint256 batchedAmount;\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n Claim memory _claim = claims[i];\n _verifyAndMarkClaimed(_claim);\n batchedAmount += _claim.amount;\n\n // If the next claim is NOT the same account or the same token (or this claim is the last one),\n // then disburse the `batchedAmount` to the current claim's account for the current claim's reward token.\n uint256 nextI = i + 1;\n IERC20 currentRewardToken = merkleWindows[_claim.windowIndex].rewardToken;\n if (\n nextI == claimCount ||\n // This claim is last claim.\n claims[nextI].account != _claim.account ||\n // Next claim account is different than current one.\n merkleWindows[claims[nextI].windowIndex].rewardToken != currentRewardToken\n // Next claim reward token is different than current one.\n ) {\n currentRewardToken.safeTransfer(_claim.account, batchedAmount);\n batchedAmount = 0;\n }\n }\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev If the `_claim`'s `amount`, `accountIndex`, and `account` do not exactly match the\n * values stored in the merkle root for the `_claim`'s `windowIndex` this method\n * will revert. It also reverts when `_claim`'s `amount` exceeds `remainingAmount` for the window.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public virtual override {\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(_claim.account, _claim.amount);\n }\n\n /**\n * @notice Returns True if the claim for `accountIndex` has already been completed for the Merkle root at\n * `windowIndex`.\n * @dev This method will only work as intended if all `accountIndex`'s are unique for a given `windowIndex`.\n * The onus is on the Owner of this contract to submit only valid Merkle roots.\n * @param windowIndex merkle root to check.\n * @param accountIndex account index to check within window index.\n * @return True if claim has been executed already, False otherwise.\n */\n function isClaimed(uint256 windowIndex, uint256 accountIndex) public view returns (bool) {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n uint256 claimedWord = claimedBitMap[windowIndex][claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Returns rewardToken set by admin for windowIndex.\n * @param windowIndex merkle root to check.\n * @return address Reward token address\n */\n function getRewardTokenForWindow(uint256 windowIndex) public view override returns (address) {\n return address(merkleWindows[windowIndex].rewardToken);\n }\n\n /**\n * @notice Returns True if leaf described by {account, amount, accountIndex} is stored in Merkle root at given\n * window index.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n * @return valid True if leaf exists.\n */\n function verifyClaim(Claim memory _claim) public view returns (bool valid) {\n bytes32 leaf = keccak256(abi.encodePacked(_claim.account, _claim.amount, _claim.accountIndex));\n return MerkleProof.verify(_claim.merkleProof, merkleWindows[_claim.windowIndex].merkleRoot, leaf);\n }\n\n /****************************\n * PRIVATE FUNCTIONS\n ****************************/\n\n // Mark claim as completed for `accountIndex` for Merkle root at `windowIndex`.\n function _setClaimed(uint256 windowIndex, uint256 accountIndex) private {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n claimedBitMap[windowIndex][claimedWordIndex] =\n claimedBitMap[windowIndex][claimedWordIndex] |\n (1 << claimedBitIndex);\n }\n\n // Store new Merkle root at `windowindex`. Pull `rewardsDeposited` from caller to seed distribution for this root.\n function _setWindow(\n uint256 windowIndex,\n uint256 rewardsDeposited,\n address rewardToken,\n bytes32 merkleRoot,\n string memory ipfsHash\n ) private {\n Window storage window = merkleWindows[windowIndex];\n window.merkleRoot = merkleRoot;\n window.remainingAmount = rewardsDeposited;\n window.rewardToken = IERC20(rewardToken);\n window.ipfsHash = ipfsHash;\n\n emit CreatedWindow(windowIndex, rewardsDeposited, rewardToken, msg.sender);\n\n window.rewardToken.safeTransferFrom(msg.sender, address(this), rewardsDeposited);\n }\n\n // Verify claim is valid and mark it as completed in this contract.\n function _verifyAndMarkClaimed(Claim memory _claim) internal {\n // Check claimed proof against merkle window at given index.\n require(verifyClaim(_claim), \"Incorrect merkle proof\");\n // Check the account has not yet claimed for this window.\n require(!isClaimed(_claim.windowIndex, _claim.accountIndex), \"Account has already claimed for this window\");\n\n // Proof is correct and claim has not occurred yet, mark claimed complete.\n _setClaimed(_claim.windowIndex, _claim.accountIndex);\n merkleWindows[_claim.windowIndex].remainingAmount -= _claim.amount;\n emit Claimed(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributorInterface.sol": { + "content": "// SPDX-License-Identifier: GPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in MerkleDistributor implementation that would be called by\n * a consuming external contract (such as the Across Protocol's AcceleratingDistributor).\n */\ninterface MerkleDistributorInterface {\n // A Window maps a Merkle root to a reward token address.\n struct Window {\n // Merkle root describing the distribution.\n bytes32 merkleRoot;\n // Remaining amount of deposited rewards that have not yet been claimed.\n uint256 remainingAmount;\n // Currency in which reward is processed.\n IERC20 rewardToken;\n // IPFS hash of the merkle tree. Can be used to independently fetch recipient proofs and tree. Note that the canonical\n // data type for storing an IPFS hash is a multihash which is the concatenation of \n // . We opted to store this in a string type to make it easier\n // for users to query the ipfs data without needing to reconstruct the multihash. to view the IPFS data simply\n // go to https://cloudflare-ipfs.com/ipfs/.\n string ipfsHash;\n }\n\n // Represents an account's claim for `amount` within the Merkle root located at the `windowIndex`.\n struct Claim {\n uint256 windowIndex;\n uint256 amount;\n uint256 accountIndex; // Used only for bitmap. Assumed to be unique for each claim.\n address account;\n bytes32[] merkleProof;\n }\n\n function claim(Claim memory _claim) external;\n\n function claimMulti(Claim[] memory claims) external;\n\n function getRewardTokenForWindow(uint256 windowIndex) external view returns (address);\n}\n" + }, + "contracts/Arbitrum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\ninterface StandardBridgeLike {\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external payable returns (bytes memory);\n}\n\n/**\n * @notice AVM specific SpokePool. Uses AVM cross-domain-enabled logic to implement admin only access to functions.\n */\ncontract Arbitrum_SpokePool is SpokePool {\n // Address of the Arbitrum L2 token gateway to send funds to L1.\n address public l2GatewayRouter;\n\n // Admin controlled mapping of arbitrum tokens to L1 counterpart. L1 counterpart addresses\n // are necessary params used when bridging tokens to L1.\n mapping(address => address) public whitelistedTokens;\n\n event ArbitrumTokensBridged(address indexed l1Token, address target, uint256 numberOfTokensBridged);\n event SetL2GatewayRouter(address indexed newL2GatewayRouter);\n event WhitelistedTokens(address indexed l2Token, address indexed l1Token);\n\n /**\n * @notice Construct the AVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _l2GatewayRouter Address of L2 token gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _l2GatewayRouter,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setL2GatewayRouter(_l2GatewayRouter);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ARBITRUM-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 gateway router. Callable only by admin.\n * @param newL2GatewayRouter New L2 gateway router.\n */\n function setL2GatewayRouter(address newL2GatewayRouter) public onlyAdmin nonReentrant {\n _setL2GatewayRouter(newL2GatewayRouter);\n }\n\n /**\n * @notice Add L2 -> L1 token mapping. Callable only by admin.\n * @param l2Token Arbitrum token.\n * @param l1Token Ethereum version of l2Token.\n */\n function whitelistToken(address l2Token, address l1Token) public onlyAdmin nonReentrant {\n _whitelistToken(l2Token, l1Token);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // Check that the Ethereum counterpart of the L2 token is stored on this contract.\n address ethereumTokenToBridge = whitelistedTokens[relayerRefundLeaf.l2TokenAddress];\n require(ethereumTokenToBridge != address(0), \"Uninitialized mainnet token\");\n //slither-disable-next-line unused-return\n StandardBridgeLike(l2GatewayRouter).outboundTransfer(\n ethereumTokenToBridge, // _l1Token. Address of the L1 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 hub pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n emit ArbitrumTokensBridged(address(0), hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setL2GatewayRouter(address _l2GatewayRouter) internal {\n l2GatewayRouter = _l2GatewayRouter;\n emit SetL2GatewayRouter(l2GatewayRouter);\n }\n\n function _whitelistToken(address _l2Token, address _l1Token) internal {\n whitelistedTokens[_l2Token] = _l1Token;\n emit WhitelistedTokens(_l2Token, _l1Token);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://developer.offchainlabs.com/docs/l1_l2_messages#address-aliasing for more information.\n // This cannot be pulled directly from Arbitrum contracts because their contracts are not 0.8.X compatible and\n // this operation takes advantage of overflows, whose behavior changed in 0.8.0.\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n // Allows overflows as explained above.\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n // Apply AVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + }, + "contracts/chain-adapters/Arbitrum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Arbitrum's L1 Inbox contract used to send messages to Arbitrum.\n */\ninterface ArbitrumL1InboxLike {\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @dev Caller must set msg.value equal to at least `maxSubmissionCost + maxGas * gasPriceBid`.\n * all msg.value will deposited to callValueRefundAddress on L2\n * @dev More details can be found here: https://developer.arbitrum.io/arbos/l1-to-l2-messaging\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function createRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed\n * funds come from the deposit alone, rather than falling back on the user's L2 balance\n * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).\n * createRetryableTicket method is the recommended standard.\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function unsafeCreateRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n}\n\n/**\n * @notice Layer 1 Gateway contract for bridging standard ERC20s to Arbitrum.\n */\ninterface ArbitrumL1ERC20GatewayLike {\n /**\n * @notice Deprecated in favor of outboundTransferCustomRefund but still used in custom bridges\n * like the DAI bridge.\n * @dev Refunded to aliased L2 address of sender if sender has code on L1, otherwise to to sender's EOA on L2.\n * @param _l1Token L1 address of ERC20\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice Deposit ERC20 token from Ethereum into Arbitrum.\n * @dev L2 address alias will not be applied to the following types of addresses on L1:\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * @param _l1Token L1 address of ERC20\n * @param _refundTo Account, or its L2 alias if it have code in L1, to be credited with excess gas refund in L2\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransferCustomRefund(\n address _l1Token,\n address _refundTo,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice get ERC20 gateway for token.\n * @param _token ERC20 address.\n * @return address of ERC20 gateway.\n */\n function getGateway(address _token) external view returns (address);\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Arbitrum.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public constant l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public constant l2GasPrice = 5e9; // 5 gWei\n\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n uint32 public constant RELAY_MESSAGE_L2_GAS_LIMIT = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(\n ArbitrumL1InboxLike _l1ArbitrumInbox,\n ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter,\n address _l2RefundL2Address\n ) {\n l1Inbox = _l1ArbitrumInbox;\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send cross-chain message to target on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param target Contract on Arbitrum that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_MESSAGE_L2_GAS_LIMIT);\n\n l1Inbox.createRetryableTicket{ value: requiredL1CallValue }(\n target, // destAddr destination L2 contract address\n 0, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n RELAY_MESSAGE_L2_GAS_LIMIT, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n message // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for Arbitrum.\n uint256 amount,\n address to\n ) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_TOKENS_L2_GAS_LIMIT);\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n // Note: Legacy routers don't have the outboundTransferCustomRefund method, so default to using\n // outboundTransfer(). Legacy routers are used for the following tokens that are currently enabled:\n // - DAI: the implementation of `outboundTransfer` at the current DAI custom gateway\n // (https://etherscan.io/address/0xD3B5b60020504bc3489D6949d545893982BA3011#writeContract) sets the\n // sender as the refund address so the aliased HubPool should receive excess funds. Implementation here:\n // https://github.com/makerdao/arbitrum-dai-bridge/blob/11a80385e2622968069c34d401b3d54a59060e87/contracts/l1/L1DaiGateway.sol#L109\n if (l1Token == 0x6B175474E89094C44Da98b954EedeAC495271d0F) {\n // This means that the excess ETH to pay for the L2 transaction will be sent to the aliased\n // contract address on L2, which we'd have to retrieve via a custom adapter, the Arbitrum_RescueAdapter.\n // To do so, in a single transaction: 1) setCrossChainContracts to Arbitrum_RescueAdapter, 2) relayMessage\n // with function data = abi.encode(amountToRescue), 3) setCrossChainContracts back to this adapter.\n l1ERC20GatewayRouter.outboundTransfer{ value: requiredL1CallValue }(\n l1Token,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n } else {\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue(uint32 l2GasLimit) public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance(uint32 l2GasLimit) internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue(l2GasLimit);\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"./Arbitrum_Adapter.sol\"; // Used to import `ArbitrumL1ERC20GatewayLike` and `ArbitrumL1InboxLike`\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Meant to copy the Arbitrum_Adapter exactly in how it sends L1 --> L2 messages but is designed only to be\n * used by the owner of the HubPool to retrieve ETH held by its aliased address on L2. This ETH builds up because\n * `relayTokens` calls `l1ERC20GatewayRouter.outboundTransfer` which does not allow the caller to specify an L2 refund\n * address the same way that `l1Inbox.createRetryableTicket` does. This means that the alias address of the caller, the\n * HubPool in this case, receives ETH on L2. This Adapter can be used to send messages to Arbitrum specifically to send\n * transactions as if called by the aliased HubPool address.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public immutable l2GasPrice = 5e9; // 5 gWei\n\n // Gas limit for immediate L2 execution attempt (can be estimated via NodeInterface.estimateRetryableTicket).\n // NodeInterface precompile interface exists at L2 address 0x00000000000000000000000000000000000000C8\n uint32 public immutable l2GasLimit = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n // L1 HubPool address aliased on L2: https://github.com/OffchainLabs/arbitrum/blob/master/docs/L1_L2_Messages.md#address-aliasing\n address public immutable aliasedL2HubPoolAddress = 0xd297fA914353c44B2e33EBE05F21846f1048CFeB;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n */\n constructor(ArbitrumL1InboxLike _l1ArbitrumInbox) {\n l1Inbox = _l1ArbitrumInbox;\n\n l2RefundL2Address = msg.sender;\n }\n\n /**\n * @notice Send cross-chain message to aliased hub pool address on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param message Data to send to aliased hub pool.\n */\n function relayMessage(address, bytes memory message) external payable override {\n uint256 valueToReturn = abi.decode(message, (uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // In the rescue ETH setup, we send the transaction to the refund address, we provide a call value equal to the\n // amount we want to rescue, and we specify an empty calldata, since it's a simple ETH transfer.\n // Note: we use the unsafe version of createRetryableTicket because it doesn't require the msg.sender to pass\n // in arbTxCallValue in addition to maxSubmissionCost + maxGas * gasPriceBid.\n l1Inbox.unsafeCreateRetryableTicket{ value: requiredL1CallValue }(\n l2RefundL2Address, // destAddr destination L2 contract address\n valueToReturn, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n l2GasLimit, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n \"\" // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(aliasedL2HubPoolAddress, \"\");\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"useless function\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_SendTokensAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport { ArbitrumL1ERC20GatewayLike } from \"./Arbitrum_Adapter.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to send funds from the Hub to a Spoke in the event that a spoke pool\n * received a duplicate root bundle relay, due to some replay issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_SendTokensAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n uint256 public immutable l2GasPrice = 5e9;\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n address public immutable l2RefundL2Address;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter, address _l2RefundL2Address) {\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send tokens to SpokePool. Enables HubPool admin to call relaySpokePoolAdminFunction that will trigger\n * this function.\n * @dev This performs similar logic to relayTokens in the normal Arbitrum_Adapter by sending tokens\n * the Arbitrum_SpokePool out of the HubPool.\n * @param message The encoded address of the ERC20 to send to the rescue address.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n (address l1Token, uint256 amount) = abi.decode(message, (address, uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n target,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n\n // Purposefully not emitting any events so as not to confuse off-chain monitors that track this event.\n // emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * RELAY_TOKENS_L2_GAS_LIMIT;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Base_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Base. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Base_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Base system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Base.\n * @param target Contract on Base that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Base.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Boba_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Boba. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Boba_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 2_000_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Boba system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Boba.\n * @param target Contract on Boba that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Boba.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/CrossDomainEnabled.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.0;\n\n/* Interface Imports */\nimport { ICrossDomainMessenger } from \"@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol\";\n\n/**\n * @title CrossDomainEnabled\n * @dev Helper contract for contracts performing cross-domain communications between L1 and Optimism.\n * @dev This modifies the eth-optimism/CrossDomainEnabled contract only by changing state variables to be\n * immutable for use in contracts like the Optimism_Adapter which use delegateCall().\n */\ncontract CrossDomainEnabled {\n // Messenger contract used to send and recieve messages from the other domain.\n address public immutable messenger;\n\n /**\n * @param _messenger Address of the CrossDomainMessenger on the current layer.\n */\n constructor(address _messenger) {\n messenger = _messenger;\n }\n\n /**\n * Enforces that the modified function is only callable by a specific cross-domain account.\n * @param _sourceDomainAccount The only account on the originating domain which is\n * authenticated to call this function.\n */\n modifier onlyFromCrossDomainAccount(address _sourceDomainAccount) {\n require(msg.sender == address(getCrossDomainMessenger()), \"invalid cross domain messenger\");\n\n require(\n getCrossDomainMessenger().xDomainMessageSender() == _sourceDomainAccount,\n \"invalid cross domain sender\"\n );\n\n _;\n }\n\n /**\n * Gets the messenger, usually from storage. This function is exposed in case a child contract\n * needs to override.\n * @return The address of the cross-domain messenger contract which should be used.\n */\n function getCrossDomainMessenger() internal virtual returns (ICrossDomainMessenger) {\n return ICrossDomainMessenger(messenger);\n }\n\n /**\n * Sends a message to an account on another domain\n * @param _crossDomainTarget The intended recipient on the destination domain\n * @param _message The data to send to the target (usually calldata to a function with\n * onlyFromCrossDomainAccount())\n * @param _gasLimit The gasLimit for the receipt of the message on the target domain.\n */\n function sendCrossDomainMessage(\n address _crossDomainTarget,\n uint32 _gasLimit,\n bytes calldata _message\n ) internal {\n // slither-disable-next-line reentrancy-events, reentrancy-benign\n getCrossDomainMessenger().sendMessage(_crossDomainTarget, _message, _gasLimit);\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Ethereum SpokePool.\n * @notice This contract should always be deployed on the same chain as the HubPool, as it acts as a pass-through\n * contract between HubPool and SpokePool on the same chain. Its named \"Ethereum_Adapter\" because a core assumption\n * is that the HubPool will be deployed on Ethereum, so this adapter will be used to communicate between HubPool\n * and the Ethereum_SpokePool.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n /**\n * @notice Send message to target on Ethereum.\n * @notice This function, and contract overall, is not useful in practice except that the HubPool\n * expects to interact with the SpokePool via an Adapter, so when communicating to the Ethereum_SpokePool, it must\n * send messages via this pass-through contract.\n * @param target Contract that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n _executeCall(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Send tokens to target.\n * @param l1Token L1 token to send.\n * @param l2Token Unused parameter in this contract.\n * @param amount Amount of L1 tokens to send.\n * @param to recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for ethereum since we are assuming that the HubPool is only deployed\n // on this network.\n uint256 amount,\n address to\n ) external payable override {\n IERC20(l1Token).safeTransfer(to, amount);\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n // Note: this snippet of code is copied from Governor.sol. Source: https://github.com/UMAprotocol/protocol/blob/5b37ea818a28479c01e458389a83c3e736306b17/packages/core/contracts/oracle/implementation/Governor.sol#L190-L207\n function _executeCall(address to, bytes memory data) private {\n // Note: this snippet of code is copied from Governor.sol and modified to not include any \"value\" field.\n\n bool success;\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let inputData := add(data, 0x20)\n let inputDataSize := mload(data)\n // Hardcode value to be 0 for relayed governance calls in order to avoid addressing complexity of bridging\n // value cross-chain.\n success := call(gas(), to, 0, inputData, inputDataSize, 0, 0)\n }\n require(success, \"execute call failed\");\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to rescue funds from a Hub in the event of a misconfiguration or\n * security issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n address public immutable rescueAddress;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rescueAddress Rescue address to send funds to.\n */\n constructor(address _rescueAddress) {\n rescueAddress = _rescueAddress;\n }\n\n /**\n * @notice Rescues the tokens from the calling contract.\n * @param message The encoded address of the ERC20 to send to the rescue addres.\n */\n function relayMessage(address, bytes memory message) external payable override {\n IERC20 tokenAddress = IERC20(abi.decode(message, (address)));\n\n // Transfer full balance of tokens to the rescue address.\n tokenAddress.safeTransfer(rescueAddress, tokenAddress.balanceOf(address(this)));\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n}\n" + }, + "contracts/chain-adapters/interfaces/AdapterInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Sends cross chain messages and tokens to contracts on a specific L2 network.\n * This interface is implemented by an adapter contract that is deployed on L1.\n */\n\ninterface AdapterInterface {\n event MessageRelayed(address target, bytes message);\n\n event TokensRelayed(address l1Token, address l2Token, uint256 amount, address to);\n\n /**\n * @notice Send message to `target` on L2.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param target L2 address to send message to.\n * @param message Message to send to `target`.\n */\n function relayMessage(address target, bytes calldata message) external payable;\n\n /**\n * @notice Send `amount` of `l1Token` to `to` on L2. `l2Token` is the L2 address equivalent of `l1Token`.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param l1Token L1 token to bridge.\n * @param l2Token L2 token to receive.\n * @param amount Amount of `l1Token` to bridge.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable;\n}\n" + }, + "contracts/chain-adapters/Optimism_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Synthetix custom bridge to Optimism.\n */\ninterface SynthetixBridgeToOptimism is IL1StandardBridge {\n /**\n * @notice Send tokens to Optimism.\n * @param to Address to send tokens to on L2.\n * @param amount Amount of tokens to send.\n */\n function depositTo(address to, uint256 amount) external;\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Optimism.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore it's only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Optimism_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n // Optimism has the ability to support \"custom\" bridges. These bridges are not supported by the canonical bridge\n // and so we need to store the address of the custom token and the associated bridge. In the event we want to\n // support a new token that is not supported by Optimism, we can add a new custom bridge for it and re-deploy the\n // adapter. A full list of custom optimism tokens and their associated bridges can be found here:\n // https://github.com/ethereum-optimism/ethereum-optimism.github.io/blob/master/optimism.tokenlist.json\n address public immutable dai = 0x6B175474E89094C44Da98b954EedeAC495271d0F;\n address public immutable daiOptimismBridge = 0x10E6593CDda8c58a1d0f14C5164B376352a55f2F;\n address public immutable snx = 0xC011a73ee8576Fb46F5E1c5751cA3B9Fe0af2a6F;\n address public immutable snxOptimismBridge = 0x39Ea01a0298C315d149a490E34B59Dbf2EC7e48F;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Optimism system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Optimism.\n * @param target Contract on Optimism that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Optimism.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n address bridgeToUse = address(l1StandardBridge);\n\n // Check if the L1 token requires a custom bridge. If so, use that bridge over the standard bridge.\n if (l1Token == dai) bridgeToUse = daiOptimismBridge; // 1. DAI\n if (l1Token == snx) bridgeToUse = snxOptimismBridge; // 2. SNX\n\n IERC20(l1Token).safeIncreaseAllowance(bridgeToUse, amount);\n if (l1Token == snx) SynthetixBridgeToOptimism(bridgeToUse).depositTo(to, amount);\n else IL1StandardBridge(bridgeToUse).depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Polygon_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Send tokens to Polygon.\n */\ninterface IRootChainManager {\n /**\n * @notice Send msg.value of ETH to Polygon\n * @param user Recipient of ETH on Polygon.\n */\n function depositEtherFor(address user) external payable;\n\n /**\n * @notice Send ERC20 tokens to Polygon.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param rootToken L1 Address of token to send.\n * @param depositData Data to pass to L2 including amount of tokens to send. Should be abi.encode(amount).\n */\n function depositFor(\n address user,\n address rootToken,\n bytes calldata depositData\n ) external;\n}\n\n/**\n * @notice Send arbitrary messages to Polygon.\n */\ninterface IFxStateSender {\n /**\n * @notice Send arbitrary message to Polygon.\n * @param _receiver Address on Polygon to receive message.\n * @param _data Message to send to `_receiver` on Polygon.\n */\n function sendMessageToChild(address _receiver, bytes calldata _data) external;\n}\n\n/**\n * @notice Similar to RootChainManager, but for Matic (Plasma) bridge.\n */\ninterface DepositManager {\n /**\n * @notice Send tokens to Polygon. Only used to send MATIC in this Polygon_Adapter.\n * @param token L1 token to send. Should be MATIC.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param amount Amount of `token` to send.\n */\n function depositERC20ForUser(\n address token,\n address user,\n uint256 amount\n ) external;\n}\n\n/**\n * @notice Sends cross chain messages Polygon L2 network.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Polygon_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n IRootChainManager public immutable rootChainManager;\n IFxStateSender public immutable fxStateSender;\n DepositManager public immutable depositManager;\n address public immutable erc20Predicate;\n address public immutable l1Matic;\n WETH9Interface public immutable l1Weth;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rootChainManager RootChainManager Polygon system contract to deposit tokens over the PoS bridge.\n * @param _fxStateSender FxStateSender Polygon system contract to send arbitrary messages to L2.\n * @param _depositManager DepositManager Polygon system contract to deposit tokens over the Plasma bridge (Matic).\n * @param _erc20Predicate ERC20Predicate Polygon system contract to approve when depositing to the PoS bridge.\n * @param _l1Matic matic address on l1.\n * @param _l1Weth WETH address on L1.\n */\n constructor(\n IRootChainManager _rootChainManager,\n IFxStateSender _fxStateSender,\n DepositManager _depositManager,\n address _erc20Predicate,\n address _l1Matic,\n WETH9Interface _l1Weth\n ) {\n rootChainManager = _rootChainManager;\n fxStateSender = _fxStateSender;\n depositManager = _depositManager;\n erc20Predicate = _erc20Predicate;\n l1Matic = _l1Matic;\n l1Weth = _l1Weth;\n }\n\n /**\n * @notice Send cross-chain message to target on Polygon.\n * @param target Contract on Polygon that will receive message.\n * @param message Data to send to target.\n */\n\n function relayMessage(address target, bytes calldata message) external payable override {\n fxStateSender.sendMessageToChild(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Polygon.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n rootChainManager.depositEtherFor{ value: amount }(to);\n } else if (l1Token == l1Matic) {\n IERC20(l1Token).safeIncreaseAllowance(address(depositManager), amount);\n depositManager.depositERC20ForUser(l1Token, to, amount);\n } else {\n IERC20(l1Token).safeIncreaseAllowance(erc20Predicate, amount);\n rootChainManager.depositFor(to, l1Token, abi.encode(amount));\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/ZkSync_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\ninterface ZkSyncInterface {\n // _contractL2: L2 address of the contract to be called.\n // _l2Value: Amount of ETH to pass with the call to L2; used as msg.value for the transaction.\n // _calldata: Calldata of the transaction call; encoded the same way as in Ethereum.\n // _l2GasLimit: Gas limit of the L2 transaction call.\n // _l2GasPerPubdataByteLimit: A constant representing how much gas is required to publish a byte of data from\n // L1 to L2. https://era.zksync.io/docs/api/js/utils.html#gas\n // _factoryDeps: Bytecodes array containing the bytecode of the contract being deployed.\n // If the contract is a factory contract, the array contains the bytecodes of the contracts it can deploy.\n // _refundRecipient: Address that receives the rest of the fee after the transaction execution.\n // If refundRecipient == 0, L2 msg.sender is used. Note: If the _refundRecipient is a smart contract,\n // then during the L1 to L2 transaction its address is aliased.\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash);\n\n // @notice Estimates the cost in Ether of requesting execution of an L2 transaction from L1\n // @param _l1GasPrice Effective gas price on L1 (priority fee + base fee)\n // @param _l2GasLimit Gas limit for the L2 transaction\n // @param _l2GasPerPubdataByteLimit Gas limit for the L2 transaction per byte of pubdata\n // @return The estimated L2 gas for the transaction to be paid\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256);\n}\n\ninterface ZkBridgeLike {\n // @dev: Use ZkSyncInterface.requestL2Transaction to bridge WETH as ETH to L2.\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash);\n}\n\n// Note: this contract just forwards the calls from the HubPool to ZkSync to avoid limits.\n// A modified ZKSync_Adapter should be deployed with this address swapped in for all zkSync addresses.\ncontract LimitBypassProxy is ZkSyncInterface, ZkBridgeLike {\n using SafeERC20 for IERC20;\n ZkSyncInterface public constant zkSync = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256) {\n return zkSync.l2TransactionBaseCost(_l1GasPrice, _l2GasLimit, _l2GasPerPubdataByteLimit);\n }\n\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash) {\n return\n zkSync.requestL2Transaction{ value: msg.value }(\n _contractL2,\n _l2Value,\n _calldata,\n _l2GasLimit,\n _l2GasPerPubdataByteLimit,\n _factoryDeps,\n _refundRecipient\n );\n }\n\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash) {\n IERC20(_l1Token).safeIncreaseAllowance(address(zkErc20Bridge), _amount);\n return\n zkErc20Bridge.deposit{ value: msg.value }(\n _l2Receiver,\n _l1Token,\n _amount,\n _l2TxGasLimit,\n _l2TxGasPerPubdataByte,\n _refundRecipient\n );\n }\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to ZkSync.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract ZkSync_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // We need to pay a base fee to the operator to include our L1 --> L2 transaction.\n // https://era.zksync.io/docs/dev/developer-guides/bridging/l1-l2.html#getting-the-base-cost\n\n // Generally, the following params are a bit hard to set and may change in the future once ZkSync\n // goes live. For now, we'll hardcode these and use aggressive values to ensure inclusion.\n\n // Limit on L2 gas to spend.\n uint256 public constant L2_GAS_LIMIT = 2_000_000;\n\n // How much gas is required to publish a byte of data from L1 to L2. 800 is the required value\n // as set here https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L226\n // Note, this value can change and will require an updated adapter.\n uint256 public constant L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT = 800;\n\n // This address receives any remaining fee after an L1 to L2 transaction completes.\n // If refund recipient = address(0) then L2 msg.sender is used, unless msg.sender is a contract then its address\n // gets aliased.\n address public immutable l2RefundAddress;\n\n // Hardcode the following ZkSync system contract addresses to save gas on construction. This adapter can be\n // redeployed in the event that the following addresses change.\n\n // Main contract used to send L1 --> L2 messages. Fetchable via `zks_getMainContract` method on JSON RPC.\n ZkSyncInterface public constant zkSyncMessageBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Contract used to send ETH to L2. Note: this is the same address as the main contract, but separated to allow\n // only this contract to be swapped (leaving the main zkSync contract to be used for messaging).\n ZkSyncInterface public constant zkSyncEthBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Bridges to send ERC20 and ETH to L2. Fetchable via `zks_getBridgeContracts` method on JSON RPC.\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n // Set l1Weth at construction time to make testing easier.\n WETH9Interface public immutable l1Weth;\n\n event ZkSyncMessageRelayed(bytes32 canonicalTxHash);\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _l2RefundAddress address that recieves excess gas refunds on L2.\n */\n constructor(WETH9Interface _l1Weth, address _l2RefundAddress) {\n l1Weth = _l1Weth;\n l2RefundAddress = _l2RefundAddress;\n }\n\n /**\n * @notice Send cross-chain message to target on ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message, or the message\n * will revert.\n * @param target Contract on L2 that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // Returns the hash of the requested L2 transaction. This hash can be used to follow the transaction status.\n bytes32 canonicalTxHash = zkSyncMessageBridge.requestL2Transaction{ value: txBaseCost }(\n target,\n // We pass no ETH with the call, otherwise we'd need to add to the txBaseCost this value.\n 0,\n message,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n\n emit MessageRelayed(target, message);\n emit ZkSyncMessageRelayed(canonicalTxHash);\n }\n\n /**\n * @notice Bridge tokens to ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message\n * or the message will revert.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused.\n uint256 amount,\n address to\n ) external payable override {\n // This could revert if the relay amount is over the ZkSync deposit\n // limit: https://github.com/matter-labs/era-contracts/blob/main/ethereum/contracts/common/AllowList.sol#L150\n // We should make sure that the limit is either set very high or we need to do logic\n // that splits the amount to deposit into multiple chunks. We can't have\n // this function revert or the HubPool will not be able to proceed to the\n // next bundle. See more here:\n // https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#deposit-limitation\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L230\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // If the l1Token is WETH then unwrap it to ETH then send the ETH to the standard bridge along with the base\n // cost. I've tried sending WETH over the erc20Bridge directly but we receive the wrong WETH\n // on the L2 side. So, we need to unwrap the WETH into ETH and then send.\n bytes32 txHash;\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n // We cannot call the standard ERC20 bridge because it disallows ETH deposits.\n txHash = zkSyncEthBridge.requestL2Transaction{ value: txBaseCost + amount }(\n to,\n amount,\n \"\",\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n } else {\n IERC20(l1Token).safeIncreaseAllowance(address(zkErc20Bridge), amount);\n txHash = zkErc20Bridge.deposit{ value: txBaseCost }(\n to,\n l1Token,\n amount,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n l2RefundAddress\n );\n }\n\n emit TokensRelayed(l1Token, l2Token, amount, to);\n emit ZkSyncMessageRelayed(txHash);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public view returns (uint256) {\n // - tx.gasprice returns effective_gas_price. It's also used by Mailbox contract to estimate L2GasPrice\n // so using tx.gasprice should always pass this check that msg.value >= baseCost + _l2Value\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L273\n // - priority_fee_per_gas = min(transaction.max_priority_fee_per_gas, transaction.max_fee_per_gas - block.base_fee_per_gas)\n // - effective_gas_price = priority_fee_per_gas + block.base_fee_per_gas\n return\n zkSyncMessageBridge.l2TransactionBaseCost(tx.gasprice, L2_GAS_LIMIT, L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT);\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/Ethereum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @notice Ethereum L1 specific SpokePool. Used on Ethereum L1 to facilitate L2->L1 transfers.\n */\ncontract Ethereum_SpokePool is SpokePool, OwnableUpgradeable {\n using SafeERC20Upgradeable for IERC20Upgradeable;\n\n /**\n * @notice Construct the Ethereum SpokePool.\n * @dev crossDomainAdmin is unused on this contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _hubPool, _hubPool, _wethAddress);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n // The SpokePool deployed to the same network as the HubPool must be owned by the HubPool.\n // A core assumption of this contract system is that the HubPool is deployed on Ethereum.\n function _requireAdminSender() internal override onlyOwner {}\n}\n" + }, + "contracts/external/interfaces/SuccinctInterfaces.sol": { + "content": "pragma solidity ^0.8.0;\n\n// These interfaces are a subset of the Succinct interfaces here: https://github.com/succinctlabs/telepathy-contracts.\n\n// This interface should be implemented by any contract wanting to receive messages sent over the Succinct bridge.\ninterface ITelepathyHandler {\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external returns (bytes4);\n}\n\n// This interface represents the contract that we call into to send messages over the Succinct AMB.\ninterface ITelepathyBroadcaster {\n function send(\n uint16 _recipientChainId,\n address _recipientAddress,\n bytes calldata _data\n ) external returns (bytes32);\n}\n" + }, + "contracts/external/interfaces/WETH9Interface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Interface for the WETH9 contract.\n */\ninterface WETH9Interface {\n /**\n * @notice Burn Wrapped Ether and receive native Ether.\n * @param wad Amount of WETH to unwrap and send to caller.\n */\n function withdraw(uint256 wad) external;\n\n /**\n * @notice Lock native Ether and mint Wrapped Ether ERC20\n * @dev msg.value is amount of Wrapped Ether to mint/Ether to lock.\n */\n function deposit() external payable;\n\n /**\n * @notice Get balance of WETH held by `guy`.\n * @param guy Address to get balance of.\n * @return wad Amount of WETH held by `guy`.\n */\n function balanceOf(address guy) external view returns (uint256 wad);\n\n /**\n * @notice Transfer `wad` of WETH from caller to `guy`.\n * @param guy Address to send WETH to.\n * @param wad Amount of WETH to send.\n * @return ok True if transfer succeeded.\n */\n function transfer(address guy, uint256 wad) external returns (bool);\n}\n" + }, + "contracts/interfaces/HubPoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in HubPool implementation.\n */\ninterface HubPoolInterface {\n // This leaf is meant to be decoded in the HubPool to rebalance tokens between HubPool and SpokePool.\n struct PoolRebalanceLeaf {\n // This is used to know which chain to send cross-chain transactions to (and which SpokePool to send to).\n uint256 chainId;\n // Total LP fee amount per token in this bundle, encompassing all associated bundled relays.\n uint256[] bundleLpFees;\n // Represents the amount to push to or pull from the SpokePool. If +, the pool pays the SpokePool. If negative\n // the SpokePool pays the HubPool. There can be arbitrarily complex rebalancing rules defined offchain. This\n // number is only nonzero when the rules indicate that a rebalancing action should occur. When a rebalance does\n // occur, runningBalances must be set to zero for this token and netSendAmounts should be set to the previous\n // runningBalances + relays - deposits in this bundle. If non-zero then it must be set on the SpokePool's\n // RelayerRefundLeaf amountToReturn as -1 * this value to show if funds are being sent from or to the SpokePool.\n int256[] netSendAmounts;\n // This is only here to be emitted in an event to track a running unpaid balance between the L2 pool and the L1\n // pool. A positive number indicates that the HubPool owes the SpokePool funds. A negative number indicates that\n // the SpokePool owes the HubPool funds. See the comment above for the dynamics of this and netSendAmounts.\n int256[] runningBalances;\n // Used by data worker to mark which leaves should relay roots to SpokePools, and to otherwise organize leaves.\n // For example, each leaf should contain all the rebalance information for a single chain, but in the case where\n // the list of l1Tokens is very large such that they all can't fit into a single leaf that can be executed under\n // the block gas limit, then the data worker can use this groupIndex to organize them. Any leaves with\n // a groupIndex equal to 0 will relay roots to the SpokePool, so the data worker should ensure that only one\n // leaf for a specific chainId should have a groupIndex equal to 0.\n uint256 groupIndex;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint8 leafId;\n // The bundleLpFees, netSendAmounts, and runningBalances are required to be the same length. They are parallel\n // arrays for the given chainId and should be ordered by the l1Tokens field. All whitelisted tokens with nonzero\n // relays on this chain in this bundle in the order of whitelisting.\n address[] l1Tokens;\n }\n\n // A data worker can optimistically store several merkle roots on this contract by staking a bond and calling\n // proposeRootBundle. By staking a bond, the data worker is alleging that the merkle roots all contain valid leaves\n // that can be executed later to:\n // - Send funds from this contract to a SpokePool or vice versa\n // - Send funds from a SpokePool to Relayer as a refund for a relayed deposit\n // - Send funds from a SpokePool to a deposit recipient to fulfill a \"slow\" relay\n // Anyone can dispute this struct if the merkle roots contain invalid leaves before the\n // challengePeriodEndTimestamp. Once the expiration timestamp is passed, executeRootBundle to execute a leaf\n // from the poolRebalanceRoot on this contract and it will simultaneously publish the relayerRefundRoot and\n // slowRelayRoot to a SpokePool. The latter two roots, once published to the SpokePool, contain\n // leaves that can be executed on the SpokePool to pay relayers or recipients.\n struct RootBundle {\n // Contains leaves instructing this contract to send funds to SpokePools.\n bytes32 poolRebalanceRoot;\n // Relayer refund merkle root to be published to a SpokePool.\n bytes32 relayerRefundRoot;\n // Slow relay merkle root to be published to a SpokePool.\n bytes32 slowRelayRoot;\n // This is a 1D bitmap, with max size of 256 elements, limiting us to 256 chainsIds.\n uint256 claimedBitMap;\n // Proposer of this root bundle.\n address proposer;\n // Number of pool rebalance leaves to execute in the poolRebalanceRoot. After this number\n // of leaves are executed, a new root bundle can be proposed\n uint8 unclaimedPoolRebalanceLeafCount;\n // When root bundle challenge period passes and this root bundle becomes executable.\n uint32 challengePeriodEndTimestamp;\n }\n\n // Each whitelisted L1 token has an associated pooledToken struct that contains all information used to track the\n // cumulative LP positions and if this token is enabled for deposits.\n struct PooledToken {\n // LP token given to LPs of a specific L1 token.\n address lpToken;\n // True if accepting new LP's.\n bool isEnabled;\n // Timestamp of last LP fee update.\n uint32 lastLpFeeUpdate;\n // Number of LP funds sent via pool rebalances to SpokePools and are expected to be sent\n // back later.\n int256 utilizedReserves;\n // Number of LP funds held in contract less utilized reserves.\n uint256 liquidReserves;\n // Number of LP funds reserved to pay out to LPs as fees.\n uint256 undistributedLpFees;\n }\n\n // Helper contracts to facilitate cross chain actions between HubPool and SpokePool for a specific network.\n struct CrossChainContract {\n address adapter;\n address spokePool;\n }\n\n function setPaused(bool pause) external;\n\n function emergencyDeleteProposal() external;\n\n function relaySpokePoolAdminFunction(uint256 chainId, bytes memory functionData) external;\n\n function setProtocolFeeCapture(address newProtocolFeeCaptureAddress, uint256 newProtocolFeeCapturePct) external;\n\n function setBond(IERC20 newBondToken, uint256 newBondAmount) external;\n\n function setLiveness(uint32 newLiveness) external;\n\n function setIdentifier(bytes32 newIdentifier) external;\n\n function setCrossChainContracts(\n uint256 l2ChainId,\n address adapter,\n address spokePool\n ) external;\n\n function enableL1TokenForLiquidityProvision(address l1Token) external;\n\n function disableL1TokenForLiquidityProvision(address l1Token) external;\n\n function addLiquidity(address l1Token, uint256 l1TokenAmount) external payable;\n\n function removeLiquidity(\n address l1Token,\n uint256 lpTokenAmount,\n bool sendEth\n ) external;\n\n function exchangeRateCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationPostRelay(address l1Token, uint256 relayedAmount) external returns (uint256);\n\n function sync(address l1Token) external;\n\n function proposeRootBundle(\n uint256[] memory bundleEvaluationBlockNumbers,\n uint8 poolRebalanceLeafCount,\n bytes32 poolRebalanceRoot,\n bytes32 relayerRefundRoot,\n bytes32 slowRelayRoot\n ) external;\n\n function executeRootBundle(\n uint256 chainId,\n uint256 groupIndex,\n uint256[] memory bundleLpFees,\n int256[] memory netSendAmounts,\n int256[] memory runningBalances,\n uint8 leafId,\n address[] memory l1Tokens,\n bytes32[] memory proof\n ) external;\n\n function disputeRootBundle() external;\n\n function claimProtocolFeesCaptured(address l1Token) external;\n\n function setPoolRebalanceRoute(\n uint256 destinationChainId,\n address l1Token,\n address destinationToken\n ) external;\n\n function setDepositRoute(\n uint256 originChainId,\n uint256 destinationChainId,\n address originToken,\n bool depositsEnabled\n ) external;\n\n function poolRebalanceRoute(uint256 destinationChainId, address l1Token)\n external\n view\n returns (address destinationToken);\n\n function loadEthForL2Calls() external payable;\n}\n" + }, + "contracts/interfaces/SpokePoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Contains common data structures and functions used by all SpokePool implementations.\n */\ninterface SpokePoolInterface {\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\n struct RelayerRefundLeaf {\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\n // is negative. This is just the negative of this value.\n uint256 amountToReturn;\n // Used to verify that this is being executed on the correct destination chainId.\n uint256 chainId;\n // This array designates how much each of those addresses should be refunded.\n uint256[] refundAmounts;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint32 leafId;\n // The associated L2TokenAddress that these claims apply to.\n address l2TokenAddress;\n // Must be same length as refundAmounts and designates each address that must be refunded.\n address[] refundAddresses;\n }\n\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\n // chain validator can choose when to refund slow relayers.\n struct RelayData {\n // The address that made the deposit on the origin chain.\n address depositor;\n // The recipient address on the destination chain.\n address recipient;\n // The corresponding token address on the destination chain.\n address destinationToken;\n // The total relay amount before fees are taken out.\n uint256 amount;\n // Origin chain id.\n uint256 originChainId;\n // Destination chain id.\n uint256 destinationChainId;\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\n // and the HubPool's utilization.\n int64 realizedLpFeePct;\n // The relayer fee percentage specified in the deposit.\n int64 relayerFeePct;\n // The id uniquely identifying this deposit on the origin chain.\n uint32 depositId;\n // Data that is forwarded to the recipient.\n bytes message;\n }\n\n struct SlowFill {\n RelayData relayData;\n int256 payoutAdjustmentPct;\n }\n\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\n // by \"data workers\" via inclusion proofs to execute leaves in the roots.\n struct RootBundle {\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\n bytes32 slowRelayRoot;\n // Merkle root of relayer refunds for successful relays.\n bytes32 relayerRefundRoot;\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\n // 256x(2^248) leaves per root.\n mapping(uint256 => uint256) claimedBitmap;\n }\n\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\n\n function setHubPool(address newHubPool) external;\n\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enable\n ) external;\n\n function pauseDeposits(bool pause) external;\n\n function pauseFills(bool pause) external;\n\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\n\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\n\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\n\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) external;\n\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) external;\n\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) external;\n\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) external;\n\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) external;\n\n function chainId() external view returns (uint256);\n}\n" + }, + "contracts/merkle-distributor/AcrossMerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @title Extended MerkleDistributor contract.\n * @notice Adds additional constraints governing who can claim leaves from merkle windows.\n */\ncontract AcrossMerkleDistributor is MerkleDistributor {\n using SafeERC20 for IERC20;\n\n // Addresses that can claim on user's behalf.\n mapping(address => bool) public whitelistedClaimers;\n\n /****************************************\n * EVENTS\n ****************************************/\n event WhitelistedClaimer(address indexed claimer, bool indexed whitelist);\n event ClaimFor(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Updates whitelisted claimer status.\n * @dev Callable only by owner.\n * @param newContract Reset claimer contract to this address.\n * @param whitelist True to whitelist claimer, False otherwise.\n */\n function whitelistClaimer(address newContract, bool whitelist) external onlyOwner {\n whitelistedClaimers[newContract] = whitelist;\n emit WhitelistedClaimer(newContract, whitelist);\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev All claim recipients must be equal to msg.sender.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public override {\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n require(claims[i].account == msg.sender, \"invalid claimer\");\n }\n super.claimMulti(claims);\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev Claim recipient must be equal to msg.sender.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public override {\n require(_claim.account == msg.sender, \"invalid claimer\");\n super.claim(_claim);\n }\n\n /**\n * @notice Executes merkle leaf claim on behaf of user. This can only be called by a trusted\n * claimer address. This function is designed to be called atomically with other transactions\n * that ultimately return the claimed amount to the rightful recipient. For example,\n * AcceleratingDistributor could call this function and then stake atomically on behalf of the user.\n * @dev Caller must be in whitelistedClaimers struct set to \"true\".\n * @param _claim leaf to claim.\n */\n\n function claimFor(Claim memory _claim) public {\n require(whitelistedClaimers[msg.sender], \"unwhitelisted claimer\");\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(msg.sender, _claim.amount);\n emit ClaimFor(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "contracts/MerkleLib.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./interfaces/HubPoolInterface.sol\";\n\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\n\n/**\n * @notice Library to help with merkle roots, proofs, and claims.\n */\nlibrary MerkleLib {\n /**\n * @notice Verifies that a repayment is contained within a merkle root.\n * @param root the merkle root.\n * @param rebalance the rebalance struct.\n * @param proof the merkle proof.\n * @return bool to signal if the pool rebalance proof correctly shows inclusion of the rebalance within the tree.\n */\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(rebalance)));\n }\n\n /**\n * @notice Verifies that a relayer refund is contained within a merkle root.\n * @param root the merkle root.\n * @param refund the refund struct.\n * @param proof the merkle proof.\n * @return bool to signal if the relayer refund proof correctly shows inclusion of the refund within the tree.\n */\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(refund)));\n }\n\n /**\n * @notice Verifies that a distribution is contained within a merkle root.\n * @param root the merkle root.\n * @param slowRelayFulfillment the relayData fulfillment struct.\n * @param proof the merkle proof.\n * @return bool to signal if the slow relay's proof correctly shows inclusion of the slow relay within the tree.\n */\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowRelayFulfillment,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(slowRelayFulfillment)));\n }\n\n // The following functions are primarily copied from\n // https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol with minor changes.\n\n /**\n * @notice Tests whether a claim is contained within a claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to check in the bitmap.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal view returns (bool) {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n uint256 claimedWord = claimedBitMap[claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to mark in the bitmap.\n */\n function setClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n claimedBitMap[claimedWordIndex] = claimedBitMap[claimedWordIndex] | (1 << claimedBitIndex);\n }\n\n /**\n * @notice Tests whether a claim is contained within a 1D claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 value, encoding a 1D bitmap.\n * @param index the index to check in the bitmap. Uint8 type enforces that index can't be > 255.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (bool) {\n uint256 mask = (1 << index);\n return claimedBitMap & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap. Uint8 type enforces that index\n * can't be > 255.\n * @param index the index to mark in the bitmap.\n * @return uint256 representing the modified input claimedBitMap with the index set to true.\n */\n function setClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (uint256) {\n return claimedBitMap | (1 << index);\n }\n}\n" + }, + "contracts/Ovm_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol\";\nimport \"@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol\";\n\n// https://github.com/Synthetixio/synthetix/blob/5ca27785fad8237fb0710eac01421cafbbd69647/contracts/SynthetixBridgeToBase.sol#L50\ninterface SynthetixBridgeToBase {\n function withdrawTo(address to, uint256 amount) external;\n}\n\n// https://github.com/ethereum-optimism/optimism/blob/bf51c4935261634120f31827c3910aa631f6bf9c/packages/contracts-bedrock/contracts/L2/L2StandardBridge.sol\ninterface IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable;\n}\n\n/**\n * @notice OVM specific SpokePool. Uses OVM cross-domain-enabled logic to implement admin only access to functions. * Optimism and Boba each implement this spoke pool and set their chain specific contract addresses for l2Eth and l2Weth.\n */\ncontract Ovm_SpokePool is SpokePool {\n // \"l1Gas\" parameter used in call to bridge tokens from this contract back to L1 via IL2ERC20Bridge. Currently\n // unused by bridge but included for future compatibility.\n uint32 public l1Gas;\n\n // ETH is an ERC20 on OVM.\n address public l2Eth;\n\n // Address of the Optimism L2 messenger.\n address public messenger;\n\n // Address of custom bridge used to bridge Synthetix-related assets like SNX.\n address private constant SYNTHETIX_BRIDGE = 0x136b1EC699c62b0606854056f02dC7Bb80482d63;\n\n // Address of SNX ERC20\n address private constant SNX = 0x8700dAec35aF8Ff88c16BdF0418774CB3D7599B4;\n\n // Stores alternative token bridges to use for L2 tokens that don't go over the standard bridge. This is needed\n // to support non-standard ERC20 tokens on Optimism, such as DIA and SNX which both use custom bridges.\n mapping(address => address) public tokenBridges;\n\n event OptimismTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged, uint256 l1Gas);\n event SetL1Gas(uint32 indexed newL1Gas);\n event SetL2TokenBridge(address indexed l2Token, address indexed tokenBridge);\n\n /**\n * @notice Construct the OVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n */\n function __OvmSpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _l2Eth,\n address _wrappedNativeToken\n ) public onlyInitializing {\n l1Gas = 5_000_000;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n messenger = Lib_PredeployAddresses.L2_CROSS_DOMAIN_MESSENGER;\n //slither-disable-next-line missing-zero-check\n l2Eth = _l2Eth;\n }\n\n /*******************************************\n * OPTIMISM-SPECIFIC ADMIN FUNCTIONS *\n *******************************************/\n\n /**\n * @notice Change L1 gas limit. Callable only by admin.\n * @param newl1Gas New L1 gas limit to set.\n */\n function setL1GasLimit(uint32 newl1Gas) public onlyAdmin nonReentrant {\n l1Gas = newl1Gas;\n emit SetL1Gas(newl1Gas);\n }\n\n /**\n * @notice Set bridge contract for L2 token used to withdraw back to L1.\n * @dev If this mapping isn't set for an L2 token, then the standard bridge will be used to bridge this token.\n * @param tokenBridge Address of token bridge\n */\n function setTokenBridge(address l2Token, address tokenBridge) public onlyAdmin nonReentrant {\n tokenBridges[l2Token] = tokenBridge;\n emit SetL2TokenBridge(l2Token, tokenBridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. Its not sufficient to execute\n // this logic inside a fallback method that executes when this contract receives ETH because ETH is an ERC20\n // on the OVM.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // If the token being bridged is WETH then we need to first unwrap it to ETH and then send ETH over the\n // canonical bridge. On Optimism, this is address 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n relayerRefundLeaf.l2TokenAddress = l2Eth; // Set the l2TokenAddress to ETH.\n IL2ERC20Bridge(Lib_PredeployAddresses.L2_STANDARD_BRIDGE).withdrawTo{\n value: relayerRefundLeaf.amountToReturn\n }(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n }\n // Handle custom SNX bridge which doesn't conform to the standard bridge interface.\n else if (relayerRefundLeaf.l2TokenAddress == SNX)\n SynthetixBridgeToBase(SYNTHETIX_BRIDGE).withdrawTo(\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn // _amount.\n );\n else\n IL2ERC20Bridge(\n tokenBridges[relayerRefundLeaf.l2TokenAddress] == address(0)\n ? Lib_PredeployAddresses.L2_STANDARD_BRIDGE\n : tokenBridges[relayerRefundLeaf.l2TokenAddress]\n ).withdrawTo(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n\n emit OptimismTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn, l1Gas);\n }\n\n // Apply OVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal view override {\n require(\n LibOptimismUpgradeable.crossChainSender(messenger) == crossDomainAdmin,\n \"OVM_XCHAIN: wrong sender of cross-domain message\"\n );\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./MerkleLib.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./upgradeable/MultiCallerUpgradeable.sol\";\nimport \"./upgradeable/EIP712CrossChainUpgradeable.sol\";\nimport \"./upgradeable/AddressLibUpgradeable.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/math/SignedMath.sol\";\n\n// This interface is expected to be implemented by any contract that expects to recieve messages from the SpokePool.\ninterface AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external;\n}\n\n/**\n * @title SpokePool\n * @notice Base contract deployed on source and destination chains enabling depositors to transfer assets from source to\n * destination. Deposit orders are fulfilled by off-chain relayers who also interact with this contract. Deposited\n * tokens are locked on the source chain and relayers send the recipient the desired token currency and amount\n * on the destination chain. Locked source chain tokens are later sent over the canonical token bridge to L1 HubPool.\n * Relayers are refunded with destination tokens out of this contract after another off-chain actor, a \"data worker\",\n * submits a proof that the relayer correctly submitted a relay on this SpokePool.\n */\nabstract contract SpokePool is\n SpokePoolInterface,\n UUPSUpgradeable,\n ReentrancyGuardUpgradeable,\n MultiCallerUpgradeable,\n EIP712CrossChainUpgradeable\n{\n using SafeERC20Upgradeable for IERC20Upgradeable;\n using AddressLibUpgradeable for address;\n\n // Address of the L1 contract that acts as the owner of this SpokePool. This should normally be set to the HubPool\n // address. The crossDomainAdmin address is unused when the SpokePool is deployed to the same chain as the HubPool.\n address public crossDomainAdmin;\n\n // Address of the L1 contract that will send tokens to and receive tokens from this contract to fund relayer\n // refunds and slow relays.\n address public hubPool;\n\n // Address of wrappedNativeToken contract for this network. If an origin token matches this, then the caller can\n // optionally instruct this contract to wrap native tokens when depositing (ie ETH->WETH or MATIC->WMATIC).\n WETH9Interface public wrappedNativeToken;\n\n // Any deposit quote times greater than or less than this value to the current contract time is blocked. Forces\n // caller to use an approximately \"current\" realized fee. Defaults to 1 hour.\n uint32 public depositQuoteTimeBuffer;\n\n // Count of deposits is used to construct a unique deposit identifier for this spoke pool.\n uint32 public numberOfDeposits;\n\n // Whether deposits and fills are disabled.\n bool public pausedFills;\n bool public pausedDeposits;\n\n // This contract can store as many root bundles as the HubPool chooses to publish here.\n RootBundle[] public rootBundles;\n\n // Origin token to destination token routings can be turned on or off, which can enable or disable deposits.\n mapping(address => mapping(uint256 => bool)) public enabledDepositRoutes;\n\n // Each relay is associated with the hash of parameters that uniquely identify the original deposit and a relay\n // attempt for that deposit. The relay itself is just represented as the amount filled so far. The total amount to\n // relay, the fees, and the agents are all parameters included in the hash key.\n mapping(bytes32 => uint256) public relayFills;\n\n // This keeps track of the worst-case liabilities due to fills.\n // It is never reset. Users should only rely on it to determine the worst-case increase in liabilities between\n // two points. This is used to provide frontrunning protection to ensure the relayer's assumptions about the state\n // upon which their expected repayments are based will not change before their transaction is mined.\n mapping(address => uint256) public fillCounter;\n\n // This keeps track of the total running deposits for each token. This allows depositors to protect themselves from\n // frontrunning that might change their worst-case quote.\n mapping(address => uint256) public depositCounter;\n\n // This tracks the number of identical refunds that have been requested.\n // The intention is to allow an off-chain system to know when this could be a duplicate and ensure that the other\n // requests are known and accounted for.\n mapping(bytes32 => uint256) public refundsRequested;\n\n uint256 public constant MAX_TRANSFER_SIZE = 1e36;\n\n // Note: this needs to be larger than the max transfer size to ensure that all slow fills are fillable, even if\n // their fees are negative.\n // It's important that it isn't too large, however, as it should be multipliable by ~2e18 without overflowing.\n // 1e40 * 2e18 = 2e58 << 2^255 ~= 5e76\n uint256 public constant SLOW_FILL_MAX_TOKENS_TO_SEND = 1e40;\n\n // Set max payout adjustment to something\n\n bytes32 public constant UPDATE_DEPOSIT_DETAILS_HASH =\n keccak256(\n \"UpdateDepositDetails(uint32 depositId,uint256 originChainId,int64 updatedRelayerFeePct,address updatedRecipient,bytes updatedMessage)\"\n );\n\n /****************************************\n * EVENTS *\n ****************************************/\n event SetXDomainAdmin(address indexed newAdmin);\n event SetHubPool(address indexed newHubPool);\n event EnabledDepositRoute(address indexed originToken, uint256 indexed destinationChainId, bool enabled);\n event SetDepositQuoteTimeBuffer(uint32 newBuffer);\n event FundsDeposited(\n uint256 amount,\n uint256 originChainId,\n uint256 indexed destinationChainId,\n int64 relayerFeePct,\n uint32 indexed depositId,\n uint32 quoteTimestamp,\n address originToken,\n address recipient,\n address indexed depositor,\n bytes message\n );\n event RequestedSpeedUpDeposit(\n int64 newRelayerFeePct,\n uint32 indexed depositId,\n address indexed depositor,\n address updatedRecipient,\n bytes updatedMessage,\n bytes depositorSignature\n );\n event FilledRelay(\n uint256 amount,\n uint256 totalFilledAmount,\n uint256 fillAmount,\n uint256 repaymentChainId,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 relayerFeePct,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n address destinationToken,\n address relayer,\n address indexed depositor,\n address recipient,\n bytes message,\n RelayExecutionInfo updatableRelayData\n );\n event RefundRequested(\n address indexed relayer,\n address refundToken,\n uint256 amount,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n uint256 fillBlock,\n uint256 previousIdenticalRequests\n );\n event RelayedRootBundle(\n uint32 indexed rootBundleId,\n bytes32 indexed relayerRefundRoot,\n bytes32 indexed slowRelayRoot\n );\n event ExecutedRelayerRefundRoot(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint256[] refundAmounts,\n uint32 indexed rootBundleId,\n uint32 indexed leafId,\n address l2TokenAddress,\n address[] refundAddresses,\n address caller\n );\n event TokensBridged(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint32 indexed leafId,\n address indexed l2TokenAddress,\n address caller\n );\n event EmergencyDeleteRootBundle(uint256 indexed rootBundleId);\n event PausedDeposits(bool isPaused);\n event PausedFills(bool isPaused);\n\n /**\n * @notice Represents data used to fill a deposit.\n * @param relay Relay containing original data linked to deposit. Contains fields that can be\n * overridden by other parameters in the RelayExecution struct.\n * @param relayHash Hash of the relay data.\n * @param updatedRelayerFeePct Actual relayer fee pct to use for this relay.\n * @param updatedRecipient Actual recipient to use for this relay.\n * @param updatedMessage Actual message to use for this relay.\n * @param repaymentChainId Chain ID of the network that the relayer will receive refunds on.\n * @param maxTokensToSend Max number of tokens to pull from relayer.\n * @param maxCount Max count to protect the relayer from frontrunning.\n * @param slowFill Whether this is a slow fill.\n * @param payoutAdjustmentPct Adjustment to the payout amount. Can be used to increase or decrease the payout to\n * allow for rewards or penalties. Used in slow fills.\n */\n struct RelayExecution {\n RelayData relay;\n bytes32 relayHash;\n int64 updatedRelayerFeePct;\n address updatedRecipient;\n bytes updatedMessage;\n uint256 repaymentChainId;\n uint256 maxTokensToSend;\n uint256 maxCount;\n bool slowFill;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * @notice Packs together information to include in FilledRelay event.\n * @dev This struct is emitted as opposed to its constituent parameters due to the limit on number of\n * parameters in an event.\n * @param recipient Recipient of the relayed funds.\n * @param message Message included in the relay.\n * @param relayerFeePct Relayer fee pct used for this relay.\n * @param isSlowRelay Whether this is a slow relay.\n * @param payoutAdjustmentPct Adjustment to the payout amount.\n */\n struct RelayExecutionInfo {\n address recipient;\n bytes message;\n int64 relayerFeePct;\n bool isSlowRelay;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * Do not leave an implementation contract uninitialized. An uninitialized implementation contract can be\n * taken over by an attacker, which may impact the proxy. To prevent the implementation contract from being\n * used, you should invoke the _disableInitializers function in the constructor to automatically lock it when\n * it is deployed:\n */\n /// @custom:oz-upgrades-unsafe-allow constructor\n constructor() {\n _disableInitializers();\n }\n\n /**\n * @notice Construct the base SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeTokenAddress wrappedNativeToken address for this network to set.\n */\n function __SpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeTokenAddress\n ) public onlyInitializing {\n numberOfDeposits = _initialDepositId;\n __EIP712_init(\"ACROSS-V2\", \"1.0.0\");\n __UUPSUpgradeable_init();\n __ReentrancyGuard_init();\n depositQuoteTimeBuffer = 3600;\n _setCrossDomainAdmin(_crossDomainAdmin);\n _setHubPool(_hubPool);\n wrappedNativeToken = WETH9Interface(_wrappedNativeTokenAddress);\n }\n\n /****************************************\n * MODIFIERS *\n ****************************************/\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n * @dev This should be set to cross domain admin for specific SpokePool.\n */\n modifier onlyAdmin() {\n _requireAdminSender();\n _;\n }\n\n modifier unpausedDeposits() {\n require(!pausedDeposits, \"Paused deposits\");\n _;\n }\n\n modifier unpausedFills() {\n require(!pausedFills, \"Paused fills\");\n _;\n }\n\n /**************************************\n * ADMIN FUNCTIONS *\n **************************************/\n\n // Allows cross domain admin to upgrade UUPS proxy implementation.\n function _authorizeUpgrade(address newImplementation) internal override onlyAdmin {}\n\n /**\n * @notice Pauses deposit-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects `deposit()` but not `speedUpDeposit()`, so that existing deposits can be sped up and still\n * relayed.\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseDeposits(bool pause) public override onlyAdmin nonReentrant {\n pausedDeposits = pause;\n emit PausedDeposits(pause);\n }\n\n /**\n * @notice Pauses fill-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects fillRelayWithUpdatedDeposit() and fillRelay().\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseFills(bool pause) public override onlyAdmin nonReentrant {\n pausedFills = pause;\n emit PausedFills(pause);\n }\n\n /**\n * @notice Change cross domain admin address. Callable by admin only.\n * @param newCrossDomainAdmin New cross domain admin.\n */\n function setCrossDomainAdmin(address newCrossDomainAdmin) public override onlyAdmin nonReentrant {\n _setCrossDomainAdmin(newCrossDomainAdmin);\n }\n\n /**\n * @notice Change L1 hub pool address. Callable by admin only.\n * @param newHubPool New hub pool.\n */\n function setHubPool(address newHubPool) public override onlyAdmin nonReentrant {\n _setHubPool(newHubPool);\n }\n\n /**\n * @notice Enable/Disable an origin token => destination chain ID route for deposits. Callable by admin only.\n * @param originToken Token that depositor can deposit to this contract.\n * @param destinationChainId Chain ID for where depositor wants to receive funds.\n * @param enabled True to enable deposits, False otherwise.\n */\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enabled\n ) public override onlyAdmin nonReentrant {\n enabledDepositRoutes[originToken][destinationChainId] = enabled;\n emit EnabledDepositRoute(originToken, destinationChainId, enabled);\n }\n\n /**\n * @notice Change allowance for deposit quote time to differ from current block time. Callable by admin only.\n * @param newDepositQuoteTimeBuffer New quote time buffer.\n */\n function setDepositQuoteTimeBuffer(uint32 newDepositQuoteTimeBuffer) public override onlyAdmin nonReentrant {\n depositQuoteTimeBuffer = newDepositQuoteTimeBuffer;\n emit SetDepositQuoteTimeBuffer(newDepositQuoteTimeBuffer);\n }\n\n /**\n * @notice This method stores a new root bundle in this contract that can be executed to refund relayers, fulfill\n * slow relays, and send funds back to the HubPool on L1. This method can only be called by the admin and is\n * designed to be called as part of a cross-chain message from the HubPool's executeRootBundle method.\n * @param relayerRefundRoot Merkle root containing relayer refund leaves that can be individually executed via\n * executeRelayerRefundLeaf().\n * @param slowRelayRoot Merkle root containing slow relay fulfillment leaves that can be individually executed via\n * executeSlowRelayLeaf().\n */\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) public override onlyAdmin nonReentrant {\n uint32 rootBundleId = uint32(rootBundles.length);\n RootBundle storage rootBundle = rootBundles.push();\n rootBundle.relayerRefundRoot = relayerRefundRoot;\n rootBundle.slowRelayRoot = slowRelayRoot;\n emit RelayedRootBundle(rootBundleId, relayerRefundRoot, slowRelayRoot);\n }\n\n /**\n * @notice This method is intended to only be used in emergencies where a bad root bundle has reached the\n * SpokePool.\n * @param rootBundleId Index of the root bundle that needs to be deleted. Note: this is intentionally a uint256\n * to ensure that a small input range doesn't limit which indices this method is able to reach.\n */\n function emergencyDeleteRootBundle(uint256 rootBundleId) public override onlyAdmin nonReentrant {\n // Deleting a struct containing a mapping does not delete the mapping in Solidity, therefore the bitmap's\n // data will still remain potentially leading to vulnerabilities down the line. The way around this would\n // be to iterate through every key in the mapping and resetting the value to 0, but this seems expensive and\n // would require a new list in storage to keep track of keys.\n //slither-disable-next-line mapping-deletion\n delete rootBundles[rootBundleId];\n emit EmergencyDeleteRootBundle(rootBundleId);\n }\n\n /**************************************\n * DEPOSITOR FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by user to bridge funds from origin to destination chain. Depositor will effectively lock\n * tokens in this contract and receive a destination token on the destination chain. The origin => destination\n * token mapping is stored on the L1 HubPool.\n * @notice The caller must first approve this contract to spend amount of originToken.\n * @notice The originToken => destinationChainId must be enabled.\n * @notice This method is payable because the caller is able to deposit native token if the originToken is\n * wrappedNativeToken and this function will handle wrapping the native token to wrappedNativeToken.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) public payable override nonReentrant unpausedDeposits {\n // Check that deposit route is enabled.\n require(enabledDepositRoutes[originToken][destinationChainId], \"Disabled route\");\n\n // We limit the relay fees to prevent the user spending all their funds on fees.\n require(SignedMath.abs(relayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n require(depositCounter[originToken] <= maxCount, \"Above max count\");\n\n // Require that quoteTimestamp has a maximum age so that depositors pay an LP fee based on recent HubPool usage.\n // It is assumed that cross-chain timestamps are normally loosely in-sync, but clock drift can occur. If the\n // SpokePool time stalls or lags significantly, it is still possible to make deposits by setting quoteTimestamp\n // within the configured buffer. The owner should pause deposits if this is undesirable. This will underflow if\n // quoteTimestamp is more than depositQuoteTimeBuffer; this is safe but will throw an unintuitive error.\n\n // slither-disable-next-line timestamp\n require(getCurrentTime() - quoteTimestamp <= depositQuoteTimeBuffer, \"invalid quoteTimestamp\");\n\n // Increment count of deposits so that deposit ID for this spoke pool is unique.\n uint32 newDepositId = numberOfDeposits++;\n depositCounter[originToken] += amount;\n\n // If the address of the origin token is a wrappedNativeToken contract and there is a msg.value with the\n // transaction then the user is sending ETH. In this case, the ETH should be deposited to wrappedNativeToken.\n if (originToken == address(wrappedNativeToken) && msg.value > 0) {\n require(msg.value == amount, \"msg.value must match amount\");\n wrappedNativeToken.deposit{ value: msg.value }();\n // Else, it is a normal ERC20. In this case pull the token from the user's wallet as per normal.\n // Note: this includes the case where the L2 user has WETH (already wrapped ETH) and wants to bridge them.\n // In this case the msg.value will be set to 0, indicating a \"normal\" ERC20 bridging action.\n } else IERC20Upgradeable(originToken).safeTransferFrom(msg.sender, address(this), amount);\n\n emit FundsDeposited(\n amount,\n chainId(),\n destinationChainId,\n relayerFeePct,\n newDepositId,\n quoteTimestamp,\n originToken,\n recipient,\n msg.sender,\n message\n );\n }\n\n /**\n * @notice This is a simple wrapper for deposit() that sets the quoteTimestamp to the current SpokePool timestamp.\n * @notice This function is intended for multisig depositors who can accept some LP fee uncertainty in order to lift\n * the quoteTimestamp buffer constraint.\n * @dev Re-orgs may produce invalid fills if the quoteTimestamp moves across a change in HubPool utilisation.\n * @dev The existing function modifiers are already enforced by deposit(), so no additional modifiers are imposed.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) public payable {\n deposit(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n uint32(getCurrentTime()),\n message,\n maxCount\n );\n }\n\n /**\n * @notice Convenience method that depositor can use to signal to relayer to use updated fee.\n * @notice Relayer should only use events emitted by this function to submit fills with updated fees, otherwise they\n * risk their fills getting disputed for being invalid, for example if the depositor never actually signed the\n * update fee message.\n * @notice This function will revert if the depositor did not sign a message containing the updated fee for the\n * deposit ID stored in this contract. If the deposit ID is for another contract, or the depositor address is\n * incorrect, or the updated fee is incorrect, then the signature will not match and this function will revert.\n * @notice This function is not subject to a deposit pause on the off chance that deposits sent before all deposits\n * are paused have very low fees and the user wants to entice a relayer to fill them with a higher fee.\n * @param depositor Signer of the update fee message who originally submitted the deposit. If the deposit doesn't\n * exist, then the relayer will not be able to fill any relay, so the caller should validate that the depositor\n * did in fact submit a relay.\n * @param updatedRelayerFeePct New relayer fee that relayers can use.\n * @param depositId Deposit to update fee for that originated in this contract.\n * @param updatedRecipient New recipient address that should receive the tokens.\n * @param updatedMessage New message that should be provided to the recipient.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n */\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) public override nonReentrant {\n require(SignedMath.abs(updatedRelayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n chainId(),\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n\n // Assuming the above checks passed, a relayer can take the signature and the updated relayer fee information\n // from the following event to submit a fill with an updated fee %.\n emit RequestedSpeedUpDeposit(\n updatedRelayerFeePct,\n depositId,\n depositor,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n }\n\n /**************************************\n * RELAYER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by relayer to fulfill part of a deposit by sending destination tokens to the recipient.\n * Relayer is expected to pass in unique identifying information for deposit that they want to fulfill, and this\n * relay submission will be validated by off-chain data workers who can dispute this relay if any part is invalid.\n * If the relay is valid, then the relayer will be refunded on their desired repayment chain. If relay is invalid,\n * then relayer will not receive any refund.\n * @notice All of the deposit data can be found via on-chain events from the origin SpokePool, except for the\n * realizedLpFeePct which is a function of the HubPool's utilization at the deposit quote time. This fee %\n * is deterministic based on the quote time, so the relayer should just compute it using the canonical algorithm\n * as described in a UMIP linked to the HubPool's identifier.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Fee % to keep as relayer, specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Message to send to recipient along with tokens.\n * @param maxCount Max count to protect the relayer from frontrunning.\n */\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) public nonReentrant unpausedFills {\n // Each relay attempt is mapped to the hash of data uniquely identifying it, which includes the deposit data\n // such as the origin chain ID and the deposit ID, and the data in a relay attempt such as who the recipient\n // is, which chain and currency the recipient wants to receive funds on, and the relay fees.\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: relayerFeePct,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Called by relayer to execute same logic as calling fillRelay except that relayer is using an updated\n * relayer fee %. The fee % must have been emitted in a message cryptographically signed by the depositor.\n * @notice By design, the depositor probably emitted the message with the updated fee by calling speedUpDeposit().\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param updatedRelayerFeePct New fee % to keep as relayer also specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Original message that was sent along with this deposit.\n * @param updatedMessage Modified message that the depositor signed when updating parameters.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n * @param maxCount Max fill count to protect the relayer from frontrunning.\n */\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) public override nonReentrant unpausedFills {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: updatedRelayerFeePct,\n updatedRecipient: updatedRecipient,\n updatedMessage: updatedMessage,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Caller signals to the system that they want a refund on this chain, which they set as the\n * `repaymentChainId` on the original fillRelay() call on the `destinationChainId`. An observer should be\n * be able to 1-to-1 match the emitted RefundRequested event with the FilledRelay event on the `destinationChainId`.\n * @dev This function could be used to artificially inflate the `fillCounter`, allowing the caller to \"frontrun\"\n * and cancel pending fills in the mempool. This would in the worst case censor fills at the cost of the caller's\n * gas costs. We don't view this as a major issue as the fill can be resubmitted and obtain the same incentive,\n * since incentives are based on validated refunds and would ignore these censoring attempts. This is no\n * different from calling `fillRelay` and setting msg.sender = recipient.\n * @dev Caller needs to pass in `fillBlock` that the FilledRelay event was emitted on the `destinationChainId`.\n * This is to make it hard to request a refund before a fill has been mined and to make lookups of the original\n * fill as simple as possible.\n * @param refundToken This chain's token equivalent for original fill destination token.\n * @param amount Original deposit amount.\n * @param originChainId Original origin chain ID.\n * @param destinationChainId Original destination chain ID.\n * @param realizedLpFeePct Original realized LP fee %.\n * @param depositId Original deposit ID.\n * @param maxCount Max count to protect the refund recipient from frontrunning.\n */\n function requestRefund(\n address refundToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 depositId,\n uint256 fillBlock,\n uint256 maxCount\n ) external nonReentrant {\n // Prevent unrealistic amounts from increasing fill counter too high.\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[refundToken] <= maxCount, \"Above max count\");\n\n // Track duplicate refund requests.\n bytes32 refundHash = keccak256(\n abi.encode(\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock\n )\n );\n\n // Track duplicate requests so that an offchain actor knows if an identical request has already been made.\n // If so, it can check to ensure that that request was thrown out as invalid before honoring the duplicate.\n // In particular, this is meant to handle odd cases where an initial request is invalidated based on\n // timing, but can be validated by a later, identical request.\n uint256 previousIdenticalRequests = refundsRequested[refundHash]++;\n\n // Refund will take tokens out of this pool, increment the fill counter. This function should only be\n // called if a relayer from destinationChainId wants to take a refund on this chain, a different chain.\n // This type of repayment should only be possible for full fills, so the starting fill amount should\n // always be 0. Also, just like in _fillRelay we should revert if the first fill pre fees rounds to 0,\n // and in this case `amount` == `fillAmountPreFees`.\n require(amount > 0, \"Amount must be > 0\");\n _updateCountFromFill(\n 0,\n true, // The refund is being requested here, so it is local.\n amount,\n realizedLpFeePct,\n refundToken,\n false // Slow fills should never match with a Refund. This should be enforced by off-chain bundle builders.\n );\n\n emit RefundRequested(\n // Set caller as relayer. If caller is not relayer from destination chain that originally sent\n // fill, then off-chain validator should discard this refund attempt.\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock,\n previousIdenticalRequests\n );\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Executes a slow relay leaf stored as part of a root bundle. Will send the full amount remaining in the\n * relay to the recipient, less fees.\n * @dev This function assumes that the relay's destination chain ID is the current chain ID, which prevents\n * the caller from executing a slow relay intended for another chain on this chain.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param rootBundleId Unique ID of root bundle containing slow relay root that this leaf is contained in.\n * @param message Message to send to the recipient if the recipient is a contract.\n * @param payoutAdjustment Adjustment to the payout amount. Can be used to increase or decrease the payout to allow\n * for rewards or penalties.\n * @param proof Inclusion proof for this leaf in slow relay root in root bundle.\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n amount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Executes a relayer refund leaf stored as part of a root bundle. Will send the relayer the amount they\n * sent to the recipient plus a relayer fee.\n * @param rootBundleId Unique ID of root bundle containing relayer refund root that this leaf is contained in.\n * @param relayerRefundLeaf Contains all data necessary to reconstruct leaf contained in root bundle and to\n * refund relayer. This data structure is explained in detail in the SpokePoolInterface.\n * @param proof Inclusion proof for this leaf in relayer refund root in root bundle.\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * VIEW FUNCTIONS *\n **************************************/\n\n /**\n * @notice Returns chain ID for this network.\n * @dev Some L2s like ZKSync don't support the CHAIN_ID opcode so we allow the implementer to override this.\n */\n function chainId() public view virtual override returns (uint256) {\n return block.chainid;\n }\n\n /**\n * @notice Gets the current time.\n * @return uint for the current timestamp.\n */\n function getCurrentTime() public view virtual returns (uint256) {\n return block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Verifies inclusion proof of leaf in root, sends relayer their refund, and sends to HubPool any rebalance\n // transfers.\n function _executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) internal {\n // Check integrity of leaf structure:\n require(relayerRefundLeaf.chainId == chainId(), \"Invalid chainId\");\n require(relayerRefundLeaf.refundAddresses.length == relayerRefundLeaf.refundAmounts.length, \"invalid leaf\");\n\n RootBundle storage rootBundle = rootBundles[rootBundleId];\n\n // Check that inclusionProof proves that relayerRefundLeaf is contained within the relayer refund root.\n // Note: This should revert if the relayerRefundRoot is uninitialized.\n require(MerkleLib.verifyRelayerRefund(rootBundle.relayerRefundRoot, relayerRefundLeaf, proof), \"Bad Proof\");\n\n // Verify the leafId in the leaf has not yet been claimed.\n require(!MerkleLib.isClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId), \"Already claimed\");\n\n // Set leaf as claimed in bitmap. This is passed by reference to the storage rootBundle.\n MerkleLib.setClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId);\n\n // Send each relayer refund address the associated refundAmount for the L2 token address.\n // Note: Even if the L2 token is not enabled on this spoke pool, we should still refund relayers.\n uint256 length = relayerRefundLeaf.refundAmounts.length;\n for (uint256 i = 0; i < length; ) {\n uint256 amount = relayerRefundLeaf.refundAmounts[i];\n if (amount > 0)\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(\n relayerRefundLeaf.refundAddresses[i],\n amount\n );\n\n // OK because we assume refund array length won't be > types(uint256).max.\n // Based on the stress test results in /test/gas-analytics/SpokePool.RelayerRefundLeaf.ts, the UMIP should\n // limit the refund count in valid proposals to be ~800 so any RelayerRefundLeaves with > 800 refunds should\n // not make it to this stage.\n\n unchecked {\n ++i;\n }\n }\n\n // If leaf's amountToReturn is positive, then send L2 --> L1 message to bridge tokens back via\n // chain-specific bridging method.\n if (relayerRefundLeaf.amountToReturn > 0) {\n _bridgeTokensToHubPool(relayerRefundLeaf);\n\n emit TokensBridged(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n msg.sender\n );\n }\n\n emit ExecutedRelayerRefundRoot(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.refundAmounts,\n rootBundleId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n relayerRefundLeaf.refundAddresses,\n msg.sender\n );\n }\n\n // Verifies inclusion proof of leaf in root and sends recipient remainder of relay. Marks relay as filled.\n function _executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustmentPct,\n bytes32[] memory proof\n ) internal {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: destinationChainId,\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: 0,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: 0,\n maxTokensToSend: SLOW_FILL_MAX_TOKENS_TO_SEND,\n slowFill: true,\n payoutAdjustmentPct: payoutAdjustmentPct,\n maxCount: type(uint256).max\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifySlowFill(relayExecution, rootBundleId, proof);\n\n // Note: use relayAmount as the max amount to send, so the relay is always completely filled by the contract's\n // funds in all cases. As this is a slow relay we set the relayerFeePct to 0. This effectively refunds the\n // relayer component of the relayerFee thereby only charging the depositor the LpFee.\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n\n // Note: Set repayment chain ID to 0 to indicate that there is no repayment to be made. The off-chain data\n // worker can use repaymentChainId=0 as a signal to ignore such relays for refunds. Also, set the relayerFeePct\n // to 0 as slow relays do not pay the caller of this method (depositor is refunded this fee).\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n function _setCrossDomainAdmin(address newCrossDomainAdmin) internal {\n require(newCrossDomainAdmin != address(0), \"Bad bridge router address\");\n crossDomainAdmin = newCrossDomainAdmin;\n emit SetXDomainAdmin(newCrossDomainAdmin);\n }\n\n function _setHubPool(address newHubPool) internal {\n require(newHubPool != address(0), \"Bad hub pool address\");\n hubPool = newHubPool;\n emit SetHubPool(newHubPool);\n }\n\n // Should be overriden by implementing contract depending on how L2 handles sending tokens to L1.\n function _bridgeTokensToHubPool(SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf) internal virtual;\n\n function _verifyUpdateDepositMessage(\n address depositor,\n uint32 depositId,\n uint256 originChainId,\n int64 updatedRelayerFeePct,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) internal view {\n // A depositor can request to modify an un-relayed deposit by signing a hash containing the updated\n // details and information uniquely identifying the deposit to relay. This information ensures\n // that this signature cannot be re-used for other deposits.\n // Note: We use the EIP-712 (https://eips.ethereum.org/EIPS/eip-712) standard for hashing and signing typed data.\n // Specifically, we use the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n // `eth_signedTypedDataV4` in MetaMask (https://docs.metamask.io/guide/signing-data.html).\n bytes32 expectedTypedDataV4Hash = _hashTypedDataV4(\n // EIP-712 compliant hash struct: https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct\n keccak256(\n abi.encode(\n UPDATE_DEPOSIT_DETAILS_HASH,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n keccak256(updatedMessage)\n )\n ),\n // By passing in the origin chain id, we enable the verification of the signature on a different chain\n originChainId\n );\n _verifyDepositorSignature(depositor, expectedTypedDataV4Hash, depositorSignature);\n }\n\n // This function is isolated and made virtual to allow different L2's to implement chain specific recovery of\n // signers from signatures because some L2s might not support ecrecover. To be safe, consider always reverting\n // this function for L2s where ecrecover is different from how it works on Ethereum, otherwise there is the\n // potential to forge a signature from the depositor using a different private key than the original depositor's.\n function _verifyDepositorSignature(\n address depositor,\n bytes32 ethSignedMessageHash,\n bytes memory depositorSignature\n ) internal view virtual {\n // Note:\n // - We don't need to worry about reentrancy from a contract deployed at the depositor address since the method\n // `SignatureChecker.isValidSignatureNow` is a view method. Re-entrancy can happen, but it cannot affect state.\n // - EIP-1271 signatures are supported. This means that a signature valid now, may not be valid later and vice-versa.\n // - For an EIP-1271 signature to work, the depositor contract address must map to a deployed contract on the destination\n // chain that can validate the signature.\n // - Regular signatures from an EOA are also supported.\n bool isValid = SignatureChecker.isValidSignatureNow(depositor, ethSignedMessageHash, depositorSignature);\n require(isValid, \"invalid signature\");\n }\n\n function _verifySlowFill(\n RelayExecution memory relayExecution,\n uint32 rootBundleId,\n bytes32[] memory proof\n ) internal view {\n SlowFill memory slowFill = SlowFill({\n relayData: relayExecution.relay,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n require(\n MerkleLib.verifySlowRelayFulfillment(rootBundles[rootBundleId].slowRelayRoot, slowFill, proof),\n \"Invalid slow relay proof\"\n );\n }\n\n function _computeAmountPreFees(uint256 amount, int64 feesPct) private pure returns (uint256) {\n return (1e18 * amount) / uint256((int256(1e18) - feesPct));\n }\n\n function _computeAmountPostFees(uint256 amount, int256 feesPct) private pure returns (uint256) {\n return (amount * uint256(int256(1e18) - feesPct)) / 1e18;\n }\n\n function _getRelayHash(SpokePoolInterface.RelayData memory relayData) private pure returns (bytes32) {\n return keccak256(abi.encode(relayData));\n }\n\n // Unwraps ETH and does a transfer to a recipient address. If the recipient is a smart contract then sends wrappedNativeToken.\n function _unwrapwrappedNativeTokenTo(address payable to, uint256 amount) internal {\n if (address(to).isContract()) {\n IERC20Upgradeable(address(wrappedNativeToken)).safeTransfer(to, amount);\n } else {\n wrappedNativeToken.withdraw(amount);\n AddressLibUpgradeable.sendValue(to, amount);\n }\n }\n\n /**\n * @notice Caller specifies the max amount of tokens to send to user. Based on this amount and the amount of the\n * relay remaining (as stored in the relayFills mapping), pull the amount of tokens from the caller\n * and send to the recipient.\n * @dev relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n * numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n * fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n * @dev Caller must approve this contract to transfer up to maxTokensToSend of the relayData.destinationToken.\n * The amount to be sent might end up less if there is insufficient relay amount remaining to be sent.\n */\n function _fillRelay(RelayExecution memory relayExecution) internal returns (uint256 fillAmountPreFees) {\n RelayData memory relayData = relayExecution.relay;\n // We limit the relay fees to prevent the user spending all their funds on fees. Note that 0.5e18 (i.e. 50%)\n // fees are just magic numbers. The important point is to prevent the total fee from being 100%, otherwise\n // computing the amount pre fees runs into divide-by-0 issues.\n require(\n SignedMath.abs(relayExecution.updatedRelayerFeePct) < 0.5e18 &&\n SignedMath.abs(relayData.realizedLpFeePct) < 0.5e18,\n \"invalid fees\"\n );\n\n require(relayData.amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // Check that the relay has not already been completely filled. Note that the relays mapping will point to\n // the amount filled so far for a particular relayHash, so this will start at 0 and increment with each fill.\n require(relayFills[relayExecution.relayHash] < relayData.amount, \"relay filled\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[relayData.destinationToken] <= relayExecution.maxCount, \"Above max count\");\n\n // Derive the amount of the relay filled if the caller wants to send exactly maxTokensToSend tokens to\n // the recipient. For example, if the user wants to send 10 tokens to the recipient, the full relay amount\n // is 100, and the fee %'s total 5%, then this computation would return ~10.5, meaning that to fill 10.5/100\n // of the full relay size, the caller would need to send 10 tokens to the user.\n // This is equivalent to the amount to be sent by the relayer before fees have been taken out.\n fillAmountPreFees = _computeAmountPreFees(\n relayExecution.maxTokensToSend,\n (relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct)\n );\n // If fill amount minus fees, which is possible with small fill amounts and negative fees, then\n // revert.\n require(fillAmountPreFees > 0, \"fill amount pre fees is 0\");\n\n // If user's specified max amount to send is greater than the amount of the relay remaining pre-fees,\n // we'll pull exactly enough tokens to complete the relay.\n uint256 amountRemainingInRelay = relayData.amount - relayFills[relayExecution.relayHash];\n if (amountRemainingInRelay < fillAmountPreFees) {\n fillAmountPreFees = amountRemainingInRelay;\n }\n\n // Apply post-fees computation to amount that relayer will send to user. Rounding errors are possible\n // when computing fillAmountPreFees and then amountToSend, and we just want to enforce that\n // the error added to amountToSend is consistently applied to partial and full fills.\n uint256 amountToSend = _computeAmountPostFees(\n fillAmountPreFees,\n relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct\n );\n\n // This can only happen in a slow fill, where the contract is funding the relay.\n if (relayExecution.payoutAdjustmentPct != 0) {\n // If payoutAdjustmentPct is positive, then the recipient will receive more than the amount they\n // were originally expecting. If it is negative, then the recipient will receive less.\n // -1e18 is -100%. Because we cannot pay out negative values, that is the minimum.\n require(relayExecution.payoutAdjustmentPct >= -1e18, \"payoutAdjustmentPct too small\");\n\n // Allow the payout adjustment to go up to 1000% (i.e. 11x).\n // This is a sanity check to ensure the payouts do not grow too large via some sort of issue in bundle\n // construction.\n require(relayExecution.payoutAdjustmentPct <= 100e18, \"payoutAdjustmentPct too large\");\n\n // Note: since _computeAmountPostFees is typically intended for fees, the signage must be reversed.\n amountToSend = _computeAmountPostFees(amountToSend, -relayExecution.payoutAdjustmentPct);\n\n // Note: this error should never happen, since the maxTokensToSend is expected to be set much higher than\n // the amount, but it is here as a sanity check.\n require(amountToSend <= relayExecution.maxTokensToSend, \"Somehow hit maxTokensToSend!\");\n }\n\n // Since the first partial fill is used to update the fill counter for the entire refund amount, we don't have\n // a simple way to handle the case where follow-up partial fills take repayment on different chains. We'd\n // need a way to decrement the fill counter in this case (or increase deposit counter) to ensure that users\n // have adequate frontrunning protections.\n // Instead of adding complexity, we require that all partial fills set repayment chain equal to destination chain.\n // Note: .slowFill is checked because slow fills set repaymentChainId to 0.\n bool localRepayment = relayExecution.repaymentChainId == relayExecution.relay.destinationChainId;\n require(\n localRepayment || relayExecution.relay.amount == fillAmountPreFees || relayExecution.slowFill,\n \"invalid repayment chain\"\n );\n\n // Update fill counter.\n _updateCountFromFill(\n relayFills[relayExecution.relayHash],\n localRepayment,\n relayData.amount,\n relayData.realizedLpFeePct,\n relayData.destinationToken,\n relayExecution.slowFill\n );\n\n // relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n // numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n // fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n relayFills[relayExecution.relayHash] += fillAmountPreFees;\n\n // If relayer and receiver are the same address, there is no need to do any transfer, as it would result in no\n // net movement of funds.\n // Note: this is important because it means that relayers can intentionally self-relay in a capital efficient\n // way (no need to have funds on the destination).\n // If this is a slow fill, we can't exit early since we still need to send funds out of this contract\n // since there is no \"relayer\".\n if (msg.sender == relayExecution.updatedRecipient && !relayExecution.slowFill) return fillAmountPreFees;\n\n // If relay token is wrappedNativeToken then unwrap and send native token.\n if (relayData.destinationToken == address(wrappedNativeToken)) {\n // Note: useContractFunds is True if we want to send funds to the recipient directly out of this contract,\n // otherwise we expect the caller to send funds to the recipient. If useContractFunds is True and the\n // recipient wants wrappedNativeToken, then we can assume that wrappedNativeToken is already in the\n // contract, otherwise we'll need the user to send wrappedNativeToken to this contract. Regardless, we'll\n // need to unwrap it to native token before sending to the user.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(msg.sender, address(this), amountToSend);\n _unwrapwrappedNativeTokenTo(payable(relayExecution.updatedRecipient), amountToSend);\n // Else, this is a normal ERC20 token. Send to recipient.\n } else {\n // Note: Similar to note above, send token directly from the contract to the user in the slow relay case.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(\n msg.sender,\n relayExecution.updatedRecipient,\n amountToSend\n );\n else\n IERC20Upgradeable(relayData.destinationToken).safeTransfer(\n relayExecution.updatedRecipient,\n amountToSend\n );\n }\n\n if (relayExecution.updatedRecipient.isContract() && relayExecution.updatedMessage.length > 0) {\n AcrossMessageHandler(relayExecution.updatedRecipient).handleAcrossMessage(\n relayData.destinationToken,\n amountToSend,\n relayFills[relayExecution.relayHash] >= relayData.amount,\n msg.sender,\n relayExecution.updatedMessage\n );\n }\n }\n\n function _updateCountFromFill(\n uint256 startingFillAmount,\n bool localRepayment,\n uint256 totalFillAmount,\n int64 realizedLPFeePct,\n address token,\n bool useContractFunds\n ) internal {\n // If this is a slow fill, a first partial fill with repayment on another chain, or a partial fill has already happened, do nothing, as these\n // should not impact the count. Initial 0-fills will not reach this part of the code.\n if (useContractFunds || startingFillAmount > 0 || !localRepayment) return;\n fillCounter[token] += _computeAmountPostFees(totalFillAmount, realizedLPFeePct);\n }\n\n function _emitFillRelay(RelayExecution memory relayExecution, uint256 fillAmountPreFees) internal {\n RelayExecutionInfo memory relayExecutionInfo = RelayExecutionInfo({\n relayerFeePct: relayExecution.updatedRelayerFeePct,\n recipient: relayExecution.updatedRecipient,\n message: relayExecution.updatedMessage,\n isSlowRelay: relayExecution.slowFill,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n emit FilledRelay(\n relayExecution.relay.amount,\n relayFills[relayExecution.relayHash],\n fillAmountPreFees,\n relayExecution.repaymentChainId,\n relayExecution.relay.originChainId,\n relayExecution.relay.destinationChainId,\n relayExecution.relay.relayerFeePct,\n relayExecution.relay.realizedLpFeePct,\n relayExecution.relay.depositId,\n relayExecution.relay.destinationToken,\n msg.sender,\n relayExecution.relay.depositor,\n relayExecution.relay.recipient,\n relayExecution.relay.message,\n relayExecutionInfo\n );\n }\n\n // Implementing contract needs to override this to ensure that only the appropriate cross chain admin can execute\n // certain admin functions. For L2 contracts, the cross chain admin refers to some L1 address or contract, and for\n // L1, this would just be the same admin of the HubPool.\n function _requireAdminSender() internal virtual;\n\n // Added to enable the this contract to receive native token (ETH). Used when unwrapping wrappedNativeToken.\n receive() external payable {}\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePoolVerifier.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/utils/Address.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\n */\ncontract SpokePoolVerifier {\n using Address for address;\n\n /**\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n SpokePoolInterface spokePool,\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable {\n require(msg.value == amount, \"msg.value != amount\");\n require(address(spokePool).isContract(), \"spokePool is not a contract\");\n spokePool.deposit{ value: msg.value }(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n quoteTimestamp,\n message,\n maxCount\n );\n }\n}\n" + }, + "contracts/Succinct_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/SuccinctInterfaces.sol\";\n\n/**\n * @notice Succinct Spoke pool.\n */\ncontract Succinct_SpokePool is SpokePool, ITelepathyHandler {\n // Address of the succinct AMB contract.\n address public succinctTargetAmb;\n\n // Chain where HubPool is deployed that is linked to this SpokePool.\n uint16 public hubChainId;\n\n // Warning: this variable should _never_ be touched outside of this contract. It is intentionally set to be\n // private. Leaving it set to true can permanently disable admin calls.\n bool private adminCallValidated;\n\n event SetSuccinctTargetAmb(address indexed newSuccinctTargetAmb);\n event ReceivedMessageFromL1(address indexed caller, address indexed rootMessageSender);\n\n // Note: validating calls this way ensures that strange calls coming from the succinctTargetAmb won't be\n // misinterpreted. Put differently, just checking that msg.sender == succinctTargetAmb is not sufficient.\n // All calls that have admin privileges must be fired from within the handleTelepathy method that's gone\n // through validation where the sender is checked and the sender from the other chain is also validated.\n // This modifier sets the adminCallValidated variable so this condition can be checked in _requireAdminSender().\n modifier validateInternalCalls() {\n // Make sure adminCallValidated is set to True only once at beginning of processMessageFromRoot, which prevents\n // processMessageFromRoot from being re-entered.\n require(!adminCallValidated, \"adminCallValidated already set\");\n\n // This sets a variable indicating that we're now inside a validated call.\n // Note: this is used by other methods to ensure that this call has been validated by this method and is not\n // spoofed.\n adminCallValidated = true;\n\n _;\n\n // Reset adminCallValidated to false to disallow admin calls after this method exits.\n adminCallValidated = false;\n }\n\n /**\n * @notice Construct the Succinct SpokePool.\n * @param _hubChainId Chain ID of the chain where the HubPool is deployed.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeToken Address of the wrapped native token.\n */\n function initialize(\n uint16 _hubChainId,\n address _succinctTargetAmb,\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeToken\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n succinctTargetAmb = _succinctTargetAmb;\n hubChainId = _hubChainId;\n }\n\n /**\n * @notice Admin can reset the succinct contract address.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n */\n function setSuccinctTargetAmb(address _succinctTargetAmb) external onlyAdmin {\n succinctTargetAmb = _succinctTargetAmb;\n emit SetSuccinctTargetAmb(_succinctTargetAmb);\n }\n\n /**\n * @notice This will be called by Succinct AMB on this network to relay a message sent from the HubPool.\n * @param _sourceChainId Chain ID of the chain where the message originated.\n * @param _senderAddress Address of the sender on the chain where the message originated.\n * @param _data Data to be received and executed on this contract.\n */\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external override validateInternalCalls returns (bytes4) {\n // Validate msg.sender as succinct, the x-chain sender as being the hubPool (the admin) and the source chain as\n // 1 (mainnet).\n require(msg.sender == succinctTargetAmb, \"caller not succinct AMB\");\n require(_senderAddress == hubPool, \"sender not hubPool\");\n require(_sourceChainId == hubChainId, \"source chain not hub chain\");\n\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, ) = address(this).delegatecall(_data);\n require(success, \"delegatecall failed\");\n\n emit ReceivedMessageFromL1(msg.sender, _senderAddress);\n return ITelepathyHandler.handleTelepathy.selector;\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory) internal override {\n // This method is a no-op. If the chain intends to include bridging functionality, this must be overriden.\n // If not, leaving this unimplemented means this method may be triggered, but the result will be that no\n // balance is transferred.\n }\n\n // Check that the handleTelepathy method has validated the method to ensure the sender is authenticated.\n function _requireAdminSender() internal view override {\n require(adminCallValidated, \"Admin call not validated\");\n }\n}\n" + }, + "contracts/test/AcrossMessageHandlerMock.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\n\ncontract AcrossMessageHandlerMock is AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external override {}\n}\n" + }, + "contracts/test/MerkleLibTest.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../MerkleLib.sol\";\nimport \"../interfaces/HubPoolInterface.sol\";\nimport \"../interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice Contract to test the MerkleLib.\n */\ncontract MerkleLibTest {\n mapping(uint256 => uint256) public claimedBitMap;\n\n uint256 public claimedBitMap1D;\n\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyPoolRebalance(root, rebalance, proof);\n }\n\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyRelayerRefund(root, refund, proof);\n }\n\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowFill,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifySlowRelayFulfillment(root, slowFill, proof);\n }\n\n function isClaimed(uint256 index) public view returns (bool) {\n return MerkleLib.isClaimed(claimedBitMap, index);\n }\n\n function setClaimed(uint256 index) public {\n MerkleLib.setClaimed(claimedBitMap, index);\n }\n\n function isClaimed1D(uint8 index) public view returns (bool) {\n return MerkleLib.isClaimed1D(claimedBitMap1D, index);\n }\n\n function setClaimed1D(uint8 index) public {\n claimedBitMap1D = MerkleLib.setClaimed1D(claimedBitMap1D, index);\n }\n}\n" + }, + "contracts/test/MockBedrockStandardBridge.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../Ovm_SpokePool.sol\";\n\n// Provides payable withdrawTo interface introduced on Bedrock\ncontract MockBedrockL2StandardBridge is IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable {\n // do nothing\n }\n}\n" + }, + "contracts/test/MockSpokePool.sol": { + "content": "//SPDX-License-Identifier: Unlicense\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @title MockSpokePool\n * @notice Implements abstract contract for testing.\n */\ncontract MockSpokePool is SpokePool, OwnableUpgradeable {\n uint256 private chainId_;\n uint256 private currentTime;\n\n function initialize(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n currentTime = block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n function setCurrentTime(uint256 time) external {\n currentTime = time;\n }\n\n function getCurrentTime() public view override returns (uint256) {\n return currentTime;\n }\n\n // solhint-disable-next-line no-empty-blocks\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {}\n\n function _requireAdminSender() internal override onlyOwner {} // solhint-disable-line no-empty-blocks\n\n function chainId() public view override(SpokePool) returns (uint256) {\n // If chainId_ is set then return it, else do nothing and return the parent chainId().\n return chainId_ == 0 ? super.chainId() : chainId_;\n }\n\n function setChainId(uint256 _chainId) public {\n chainId_ = _chainId;\n }\n}\n" + }, + "contracts/upgradeable/AddressLibUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @title AddressUpgradeable\n * @dev Collection of functions related to the address type\n * @notice Logic is 100% copied from \"@openzeppelin/contracts-upgradeable/contracts/utils/AddressUpgradeable.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\nlibrary AddressLibUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "contracts/upgradeable/EIP712CrossChainUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol\";\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.\n *\n * This contract is based on OpenZeppelin's implementation:\n * https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/utils/cryptography/EIP712Upgradeable.sol\n *\n * NOTE: Modified version that allows to build a domain separator that relies on a different chain id than the chain this\n * contract is deployed to. An example use case we want to support is:\n * - User A signs a message on chain with id = 1\n * - User B executes a method by verifying user A's EIP-712 compliant signature on a chain with id != 1\n */\nabstract contract EIP712CrossChainUpgradeable is Initializable {\n /* solhint-disable var-name-mixedcase */\n bytes32 private _HASHED_NAME;\n bytes32 private _HASHED_VERSION;\n bytes32 private constant _TYPE_HASH = keccak256(\"EIP712Domain(string name,string version,uint256 chainId)\");\n\n /* solhint-enable var-name-mixedcase */\n\n /**\n * @dev Initializes the domain separator and parameter caches.\n *\n * The meaning of `name` and `version` is specified in\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:\n *\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n * - `version`: the current major version of the signing domain.\n *\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n * contract upgrade].\n */\n function __EIP712_init(string memory name, string memory version) internal onlyInitializing {\n __EIP712_init_unchained(name, version);\n }\n\n function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {\n bytes32 hashedName = keccak256(bytes(name));\n bytes32 hashedVersion = keccak256(bytes(version));\n _HASHED_NAME = hashedName;\n _HASHED_VERSION = hashedVersion;\n }\n\n /**\n * @dev Returns the domain separator depending on the `originChainId`.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 EIP-712-compliant domain separator.\n */\n function _domainSeparatorV4(uint256 originChainId) internal view returns (bytes32) {\n return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, originChainId));\n }\n\n /**\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n * function returns the hash of the fully encoded EIP712 message for this domain.\n *\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n *\n * ```solidity\n * bytes32 structHash = keccak256(abi.encode(\n * keccak256(\"Mail(address to,string contents)\"),\n * mailTo,\n * keccak256(bytes(mailContents))\n * ));\n * bytes32 digest = _hashTypedDataV4(structHash, originChainId);\n * address signer = ECDSA.recover(digest, signature);\n * ```\n * @param structHash Hashed struct as defined in https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 Hash digest that is recoverable via `EDCSA.recover`.\n */\n function _hashTypedDataV4(bytes32 structHash, uint256 originChainId) internal view virtual returns (bytes32) {\n return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(originChainId), structHash);\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/upgradeable/MultiCallerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @title MultiCallerUpgradeable\n * @notice Logic is 100% copied from \"@uma/core/contracts/common/implementation/MultiCaller.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\ncontract MultiCallerUpgradeable {\n function multicall(bytes[] calldata data) external returns (bytes[] memory results) {\n results = new bytes[](data.length);\n\n //slither-disable-start calls-loop\n for (uint256 i = 0; i < data.length; i++) {\n // Typically, implementation contracts used in the upgradeable proxy pattern shouldn't call `delegatecall`\n // because it could allow a malicious actor to call this implementation contract directly (rather than\n // through a proxy contract) and then selfdestruct() the contract, thereby freezing the upgradeable\n // proxy. However, since we're only delegatecall-ing into this contract, then we can consider this\n // use of delegatecall() safe.\n\n //slither-disable-start low-level-calls\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory result) = address(this).delegatecall(data[i]);\n //slither-disable-end low-level-calls\n\n if (!success) {\n // Next 5 lines from https://ethereum.stackexchange.com/a/83577\n if (result.length < 68) revert();\n //slither-disable-next-line assembly\n assembly {\n result := add(result, 0x04)\n }\n revert(abi.decode(result, (string)));\n }\n\n results[i] = result;\n }\n //slither-disable-end calls-loop\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/ZkSync_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\n// https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/zksync/contracts/bridge/L2ERC20Bridge.sol#L104\ninterface ZkBridgeLike {\n function withdraw(\n address _l1Receiver,\n address _l2Token,\n uint256 _amount\n ) external;\n}\n\ninterface IL2ETH {\n function withdraw(address _l1Receiver) external payable;\n}\n\n/**\n * @notice ZkSync specific SpokePool, intended to be compiled with `@matterlabs/hardhat-zksync-solc`.\n * @dev Resources for compiling and deploying contracts with hardhat: https://era.zksync.io/docs/tools/hardhat/hardhat-zksync-solc.html\n */\ncontract ZkSync_SpokePool is SpokePool {\n // On Ethereum, avoiding constructor parameters and putting them into constants reduces some of the gas cost\n // upon contract deployment. On zkSync the opposite is true: deploying the same bytecode for contracts,\n // while changing only constructor parameters can lead to substantial fee savings. So, the following params\n // are all set by passing in constructor params where possible.\n\n // ETH on ZkSync implements a subset of the ERC-20 interface, with additional built-in support to bridge to L1.\n address public l2Eth;\n\n // Bridge used to withdraw ERC20's to L1\n ZkBridgeLike public zkErc20Bridge;\n\n event SetZkBridge(address indexed erc20Bridge, address indexed oldErc20Bridge);\n event ZkSyncTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged);\n\n /**\n * @notice Construct the ZkSync SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _zkErc20Bridge Address of L2 ERC20 gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n ZkBridgeLike _zkErc20Bridge,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n l2Eth = 0x000000000000000000000000000000000000800A;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setZkBridge(_zkErc20Bridge);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ZKSYNC-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 token bridge addresses. Callable only by admin.\n * @param _zkErc20Bridge New address of L2 ERC20 gateway.\n */\n function setZkBridge(ZkBridgeLike _zkErc20Bridge) public onlyAdmin nonReentrant {\n _setZkBridge(_zkErc20Bridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. This may not be neccessary\n // if ETH on ZkSync is treated as ETH and the fallback() function is triggered when this contract receives\n // ETH. We will have to test this but this function for now allows the contract to safely convert all of its\n // held ETH into WETH at the cost of higher gas costs.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // SpokePool is expected to receive ETH from the L1 HubPool and currently, withdrawing ETH directly\n // over the ERC20 Bridge is blocked at the contract level. Therefore, we need to unwrap it before withdrawing.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n // To withdraw tokens, we actually call 'withdraw' on the L2 eth token itself.\n IL2ETH(l2Eth).withdraw{ value: relayerRefundLeaf.amountToReturn }(hubPool);\n } else {\n zkErc20Bridge.withdraw(hubPool, relayerRefundLeaf.l2TokenAddress, relayerRefundLeaf.amountToReturn);\n }\n emit ZkSyncTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setZkBridge(ZkBridgeLike _zkErc20Bridge) internal {\n address oldErc20Bridge = address(zkErc20Bridge);\n zkErc20Bridge = _zkErc20Bridge;\n emit SetZkBridge(address(_zkErc20Bridge), oldErc20Bridge);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#mailboxfacet for more information.\n // Another source: https://github.com/matter-labs/era-contracts/blob/41c25aa16d182f757c3fed1463c78a81896f65e6/ethereum/contracts/vendor/AddressAliasHelper.sol#L28\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + } + }, + "settings": { + "optimizer": { + "enabled": true, + "runs": 1000000 + }, + "viaIR": true, + "outputSelection": { + "*": { + "*": [ + "abi", + "evm.bytecode", + "evm.deployedBytecode", + "evm.methodIdentifiers", + "metadata", + "devdoc", + "userdoc", + "storageLayout", + "evm.gasEstimates" + ], + "": ["ast"] + } + }, + "metadata": { + "useLiteralContent": true + } + } +} diff --git a/deployments/deployments.json b/deployments/deployments.json index 7519f5285..416f89bca 100644 --- a/deployments/deployments.json +++ b/deployments/deployments.json @@ -15,7 +15,8 @@ "Polygon_Adapter": { "address": "0x3E94e8d4316a1eBfb2245E45E6F0B8724094CE1A", "blockNumber": 14704450 }, "ZkSync_Adapter": { "address": "0xE233009838CB898b50e0012a6E783FC9FeE447FB", "blockNumber": 17842162 }, "Base_Adapter": { "address": "0x2d8B1e2B0Dff62DF132d23BEa68a6D2c4D20046E", "blockNumber": 17944163 }, - "BondToken": { "address": "0xee1dc6bcf1ee967a350e9ac6caaaa236109002ea", "blockNumber": 17980554 } + "BondToken": { "address": "0xee1dc6bcf1ee967a350e9ac6caaaa236109002ea", "blockNumber": 17980554 }, + "SpokePoolVerifier": { "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", "blockNumber": 18278587 } }, "4": { "Arbitrum_Adapter": { "address": "0x18F4D98C7CeA6Ab934F2976c2a98009A529d8F49", "blockNumber": 10367195 }, @@ -40,7 +41,10 @@ "BondToken": { "address": "0xbe37d8a126900698b1f6784a1d5c16253643d746", "blockNumber": 9567985 }, "Polygon_Adapter": { "address": "0x209058225f89b80079c408d408413c0fe240c1a2", "blockNumber": 9767499 } }, - "10": { "SpokePool": { "address": "0x6f26Bf09B1C792e3228e5467807a900A503c0281", "blockNumber": 93903076 } }, + "10": { + "SpokePool": { "address": "0x6f26Bf09B1C792e3228e5467807a900A503c0281", "blockNumber": 93903076 }, + "SpokePoolVerifier": { "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", "blockNumber": 110419958 } + }, "42": { "AcrossConfigStore": { "address": "0xDd74f7603e3fDA6435aEc91F8960a6b8b40415f3", "blockNumber": 31457380 }, "Ethereum_Adapter": { "address": "0x5b0539e0ED5273604bf13b4A30050d475E586a64", "blockNumber": 31457390 }, @@ -53,13 +57,20 @@ "137": { "MintableERC1155": { "address": "0xA15a90E7936A2F8B70E181E955760860D133e56B", "blockNumber": 40600414 }, "PolygonTokenBridger": { "address": "0x0330E9b4D0325cCfF515E81DFbc7754F2a02ac57", "blockNumber": 28604258 }, - "SpokePool": { "address": "0x9295ee1d8C5b022Be115A2AD3c30C72E34e7F096", "blockNumber": 41908657 } + "SpokePool": { "address": "0x9295ee1d8C5b022Be115A2AD3c30C72E34e7F096", "blockNumber": 41908657 }, + "SpokePoolVerifier": { "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", "blockNumber": 48324598 } }, "280": { "SpokePool": { "address": "0x863859ef502F0Ee9676626ED5B418037252eFeb2", "blockNumber": 10263886 } }, "288": { "SpokePool": { "address": "0xBbc6009fEfFc27ce705322832Cb2068F8C1e0A58", "blockNumber": 619993 } }, "324": { "SpokePool": { "address": "0xE0B015E54d54fc84a6cB9B666099c46adE9335FF", "blockNumber": 10352565 } }, - "8453": { "SpokePool": { "address": "0x09aea4b2242abC8bb4BB78D537A67a245A7bEC64", "blockNumber": 2164878 } }, - "42161": { "SpokePool": { "address": "0xe35e9842fceaCA96570B734083f4a58e8F7C5f2A", "blockNumber": 83868041 } }, + "8453": { + "SpokePool": { "address": "0x09aea4b2242abC8bb4BB78D537A67a245A7bEC64", "blockNumber": 2164878 }, + "SpokePoolVerifier": { "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", "blockNumber": 4822423 } + }, + "42161": { + "SpokePool": { "address": "0xe35e9842fceaCA96570B734083f4a58e8F7C5f2A", "blockNumber": 83868041 }, + "SpokePoolVerifier": { "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", "blockNumber": 137490903 } + }, "84531": { "SpokePool": { "address": "0x1F5AA71C79ec6a11FC55789ed32dAE3B64d75791", "blockNumber": 7992905 } }, "80001": { "MintableERC1155": { "address": "0xe377d7C510fEbc64525f480e33306b21b30066F7", "blockNumber": 33352305 }, diff --git a/deployments/mainnet/SpokePoolVerifier.json b/deployments/mainnet/SpokePoolVerifier.json new file mode 100644 index 000000000..c42fe71f5 --- /dev/null +++ b/deployments/mainnet/SpokePoolVerifier.json @@ -0,0 +1,115 @@ +{ + "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", + "abi": [ + { + "inputs": [ + { + "internalType": "contract SpokePoolInterface", + "name": "spokePool", + "type": "address" + }, + { + "internalType": "address", + "name": "recipient", + "type": "address" + }, + { + "internalType": "address", + "name": "originToken", + "type": "address" + }, + { + "internalType": "uint256", + "name": "amount", + "type": "uint256" + }, + { + "internalType": "uint256", + "name": "destinationChainId", + "type": "uint256" + }, + { + "internalType": "int64", + "name": "relayerFeePct", + "type": "int64" + }, + { + "internalType": "uint32", + "name": "quoteTimestamp", + "type": "uint32" + }, + { + "internalType": "bytes", + "name": "message", + "type": "bytes" + }, + { + "internalType": "uint256", + "name": "maxCount", + "type": "uint256" + } + ], + "name": "deposit", + "outputs": [], + "stateMutability": "payable", + "type": "function" + } + ], + "transactionHash": "0x0dd416ddaa7b564ec7d7fbe56e46f27ed85458b98ff2feee51999975cf316761", + "receipt": { + "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", + "from": "0x9A8f92a830A5cB89a3816e3D267CB7791c16b04D", + "contractAddress": null, + "transactionIndex": 64, + "gasUsed": "260005", + "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "blockHash": "0x96d79b12ba5c58947b153ca8982150c3bb5d0669304dd85d13d71c2098549346", + "transactionHash": "0x0dd416ddaa7b564ec7d7fbe56e46f27ed85458b98ff2feee51999975cf316761", + "logs": [], + "blockNumber": 18278587, + "cumulativeGasUsed": "5487587", + "status": 1, + "byzantium": true + }, + "args": [], + "numDeployments": 1, + "solcInputHash": "ddd636e0d4b16feb9b78418745aefa13", + "metadata": "{\"compiler\":{\"version\":\"0.8.18+commit.87f61d96\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"contract SpokePoolInterface\",\"name\":\"spokePool\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"originToken\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"},{\"internalType\":\"uint256\",\"name\":\"destinationChainId\",\"type\":\"uint256\"},{\"internalType\":\"int64\",\"name\":\"relayerFeePct\",\"type\":\"int64\"},{\"internalType\":\"uint32\",\"name\":\"quoteTimestamp\",\"type\":\"uint32\"},{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"uint256\",\"name\":\"maxCount\",\"type\":\"uint256\"}],\"name\":\"deposit\",\"outputs\":[],\"stateMutability\":\"payable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\",\"kind\":\"dev\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"details\":\"Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.\",\"params\":{\"amount\":\"Amount of tokens to deposit. Will be amount of tokens to receive less fees.\",\"destinationChainId\":\"Denotes network where user will receive funds from SpokePool by a relayer.\",\"maxCount\":\"used to protect the depositor from frontrunning to guarantee their quote remains valid.\",\"message\":\"Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\",\"originToken\":\"Token to lock into this contract to initiate deposit.\",\"quoteTimestamp\":\"Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.\",\"recipient\":\"Address to receive funds at on destination chain.\",\"relayerFeePct\":\"% of deposit amount taken out to incentivize a fast relayer.\",\"spokePool\":\"Address of the SpokePool contract that the user is intending to call.\"}}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"notice\":\"Passthrough function to `deposit()` on the SpokePool contract.\"}},\"notice\":\"SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"contracts/SpokePoolVerifier.sol\":\"SpokePoolVerifier\"},\"evmVersion\":\"paris\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":true},\"optimizer\":{\"enabled\":true,\"runs\":1000000},\"remappings\":[],\"viaIR\":true},\"sources\":{\"@openzeppelin/contracts/utils/Address.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\\n\\npragma solidity ^0.8.1;\\n\\n/**\\n * @dev Collection of functions related to the address type\\n */\\nlibrary Address {\\n /**\\n * @dev Returns true if `account` is a contract.\\n *\\n * [IMPORTANT]\\n * ====\\n * It is unsafe to assume that an address for which this function returns\\n * false is an externally-owned account (EOA) and not a contract.\\n *\\n * Among others, `isContract` will return false for the following\\n * types of addresses:\\n *\\n * - an externally-owned account\\n * - a contract in construction\\n * - an address where a contract will be created\\n * - an address where a contract lived, but was destroyed\\n *\\n * Furthermore, `isContract` will also return true if the target contract within\\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\\n * which only has an effect at the end of a transaction.\\n * ====\\n *\\n * [IMPORTANT]\\n * ====\\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\\n *\\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\\n * constructor.\\n * ====\\n */\\n function isContract(address account) internal view returns (bool) {\\n // This method relies on extcodesize/address.code.length, which returns 0\\n // for contracts in construction, since the code is only stored at the end\\n // of the constructor execution.\\n\\n return account.code.length > 0;\\n }\\n\\n /**\\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\\n * `recipient`, forwarding all available gas and reverting on errors.\\n *\\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\\n * imposed by `transfer`, making them unable to receive funds via\\n * `transfer`. {sendValue} removes this limitation.\\n *\\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\\n *\\n * IMPORTANT: because control is transferred to `recipient`, care must be\\n * taken to not create reentrancy vulnerabilities. Consider using\\n * {ReentrancyGuard} or the\\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\\n */\\n function sendValue(address payable recipient, uint256 amount) internal {\\n require(address(this).balance >= amount, \\\"Address: insufficient balance\\\");\\n\\n (bool success, ) = recipient.call{value: amount}(\\\"\\\");\\n require(success, \\\"Address: unable to send value, recipient may have reverted\\\");\\n }\\n\\n /**\\n * @dev Performs a Solidity function call using a low level `call`. A\\n * plain `call` is an unsafe replacement for a function call: use this\\n * function instead.\\n *\\n * If `target` reverts with a revert reason, it is bubbled up by this\\n * function (like regular Solidity function calls).\\n *\\n * Returns the raw returned data. To convert to the expected return value,\\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\\n *\\n * Requirements:\\n *\\n * - `target` must be a contract.\\n * - calling `target` with `data` must not revert.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, \\\"Address: low-level call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\\n * `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but also transferring `value` wei to `target`.\\n *\\n * Requirements:\\n *\\n * - the calling contract must have an ETH balance of at least `value`.\\n * - the called Solidity function must be `payable`.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, value, \\\"Address: low-level call with value failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\\n * with `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(\\n address target,\\n bytes memory data,\\n uint256 value,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n require(address(this).balance >= value, \\\"Address: insufficient balance for call\\\");\\n (bool success, bytes memory returndata) = target.call{value: value}(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\\n return functionStaticCall(target, data, \\\"Address: low-level static call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.staticcall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionDelegateCall(target, data, \\\"Address: low-level delegate call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.delegatecall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\\n *\\n * _Available since v4.8._\\n */\\n function verifyCallResultFromTarget(\\n address target,\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n if (success) {\\n if (returndata.length == 0) {\\n // only check isContract if the call was successful and the return data is empty\\n // otherwise we already know that it was a contract\\n require(isContract(target), \\\"Address: call to non-contract\\\");\\n }\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\\n * revert reason or using the provided one.\\n *\\n * _Available since v4.3._\\n */\\n function verifyCallResult(\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal pure returns (bytes memory) {\\n if (success) {\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\\n // Look for revert reason and bubble it up if present\\n if (returndata.length > 0) {\\n // The easiest way to bubble the revert reason is using memory via assembly\\n /// @solidity memory-safe-assembly\\n assembly {\\n let returndata_size := mload(returndata)\\n revert(add(32, returndata), returndata_size)\\n }\\n } else {\\n revert(errorMessage);\\n }\\n }\\n}\\n\",\"keccak256\":\"0x006dd67219697fe68d7fbfdea512e7c4cb64a43565ed86171d67e844982da6fa\",\"license\":\"MIT\"},\"contracts/SpokePoolVerifier.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\nimport \\\"@openzeppelin/contracts/utils/Address.sol\\\";\\nimport \\\"./interfaces/SpokePoolInterface.sol\\\";\\n\\n/**\\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\\n */\\ncontract SpokePoolVerifier {\\n using Address for address;\\n\\n /**\\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\\n * @param recipient Address to receive funds at on destination chain.\\n * @param originToken Token to lock into this contract to initiate deposit.\\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\\n * to LP pool on HubPool.\\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\\n */\\n function deposit(\\n SpokePoolInterface spokePool,\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable {\\n require(msg.value == amount, \\\"msg.value != amount\\\");\\n require(address(spokePool).isContract(), \\\"spokePool is not a contract\\\");\\n spokePool.deposit{ value: msg.value }(\\n recipient,\\n originToken,\\n amount,\\n destinationChainId,\\n relayerFeePct,\\n quoteTimestamp,\\n message,\\n maxCount\\n );\\n }\\n}\\n\",\"keccak256\":\"0x307def15b466a7b358bd8429d1e0602bc623d7c03aa07b78552e551625196c29\",\"license\":\"BUSL-1.1\"},\"contracts/interfaces/SpokePoolInterface.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\n/**\\n * @notice Contains common data structures and functions used by all SpokePool implementations.\\n */\\ninterface SpokePoolInterface {\\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\\n struct RelayerRefundLeaf {\\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\\n // is negative. This is just the negative of this value.\\n uint256 amountToReturn;\\n // Used to verify that this is being executed on the correct destination chainId.\\n uint256 chainId;\\n // This array designates how much each of those addresses should be refunded.\\n uint256[] refundAmounts;\\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\\n uint32 leafId;\\n // The associated L2TokenAddress that these claims apply to.\\n address l2TokenAddress;\\n // Must be same length as refundAmounts and designates each address that must be refunded.\\n address[] refundAddresses;\\n }\\n\\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\\n // chain validator can choose when to refund slow relayers.\\n struct RelayData {\\n // The address that made the deposit on the origin chain.\\n address depositor;\\n // The recipient address on the destination chain.\\n address recipient;\\n // The corresponding token address on the destination chain.\\n address destinationToken;\\n // The total relay amount before fees are taken out.\\n uint256 amount;\\n // Origin chain id.\\n uint256 originChainId;\\n // Destination chain id.\\n uint256 destinationChainId;\\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\\n // and the HubPool's utilization.\\n int64 realizedLpFeePct;\\n // The relayer fee percentage specified in the deposit.\\n int64 relayerFeePct;\\n // The id uniquely identifying this deposit on the origin chain.\\n uint32 depositId;\\n // Data that is forwarded to the recipient.\\n bytes message;\\n }\\n\\n struct SlowFill {\\n RelayData relayData;\\n int256 payoutAdjustmentPct;\\n }\\n\\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\\n // by \\\"data workers\\\" via inclusion proofs to execute leaves in the roots.\\n struct RootBundle {\\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\\n bytes32 slowRelayRoot;\\n // Merkle root of relayer refunds for successful relays.\\n bytes32 relayerRefundRoot;\\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\\n // 256x(2^248) leaves per root.\\n mapping(uint256 => uint256) claimedBitmap;\\n }\\n\\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\\n\\n function setHubPool(address newHubPool) external;\\n\\n function setEnableRoute(\\n address originToken,\\n uint256 destinationChainId,\\n bool enable\\n ) external;\\n\\n function pauseDeposits(bool pause) external;\\n\\n function pauseFills(bool pause) external;\\n\\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\\n\\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\\n\\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\\n\\n function deposit(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function depositNow(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function speedUpDeposit(\\n address depositor,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n address updatedRecipient,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature\\n ) external;\\n\\n function fillRelay(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n uint256 maxCount\\n ) external;\\n\\n function fillRelayWithUpdatedDeposit(\\n address depositor,\\n address recipient,\\n address updatedRecipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature,\\n uint256 maxCount\\n ) external;\\n\\n function executeSlowRelayLeaf(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n uint32 rootBundleId,\\n bytes memory message,\\n int256 payoutAdjustment,\\n bytes32[] memory proof\\n ) external;\\n\\n function executeRelayerRefundLeaf(\\n uint32 rootBundleId,\\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\\n bytes32[] memory proof\\n ) external;\\n\\n function chainId() external view returns (uint256);\\n}\\n\",\"keccak256\":\"0x8ca5e32ee496553c1055954283747b6725356548dc35f5aad565e5cf37bf6449\",\"license\":\"BUSL-1.1\"}},\"version\":1}", + "bytecode": "0x60808060405234610016576103c3908161001c8239f35b600080fdfe608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "deployedBytecode": "0x608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "devdoc": { + "details": "This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2", + "kind": "dev", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "details": "Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.", + "params": { + "amount": "Amount of tokens to deposit. Will be amount of tokens to receive less fees.", + "destinationChainId": "Denotes network where user will receive funds from SpokePool by a relayer.", + "maxCount": "used to protect the depositor from frontrunning to guarantee their quote remains valid.", + "message": "Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.", + "originToken": "Token to lock into this contract to initiate deposit.", + "quoteTimestamp": "Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.", + "recipient": "Address to receive funds at on destination chain.", + "relayerFeePct": "% of deposit amount taken out to incentivize a fast relayer.", + "spokePool": "Address of the SpokePool contract that the user is intending to call." + } + } + }, + "version": 1 + }, + "userdoc": { + "kind": "user", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "notice": "Passthrough function to `deposit()` on the SpokePool contract." + } + }, + "notice": "SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.", + "version": 1 + }, + "storageLayout": { + "storage": [], + "types": null + } +} diff --git a/deployments/mainnet/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json b/deployments/mainnet/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json new file mode 100644 index 000000000..abf783f9a --- /dev/null +++ b/deployments/mainnet/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json @@ -0,0 +1,247 @@ +{ + "language": "Solidity", + "sources": { + "@eth-optimism/contracts/L1/messaging/IL1ERC20Bridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title IL1ERC20Bridge\n */\ninterface IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n\n event ERC20DepositInitiated(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n event ERC20WithdrawalFinalized(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev get the address of the corresponding L2 bridge contract.\n * @return Address of the corresponding L2 bridge contract.\n */\n function l2TokenBridge() external returns (address);\n\n /**\n * @dev deposit an amount of the ERC20 to the caller's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _amount Amount of the ERC20 to deposit\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20(\n address _l1Token,\n address _l2Token,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /**\n * @dev deposit an amount of ERC20 to a recipient's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _to L2 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20To(\n address _l1Token,\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ERC20 token.\n * This call will fail if the initialized withdrawal from L2 has not been finalized.\n *\n * @param _l1Token Address of L1 token to finalizeWithdrawal for.\n * @param _l2Token Address of L2 token where withdrawal was initiated.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Data provided by the sender on L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeERC20Withdrawal(\n address _l1Token,\n address _l2Token,\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\nimport \"./IL1ERC20Bridge.sol\";\n\n/**\n * @title IL1StandardBridge\n */\ninterface IL1StandardBridge is IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n event ETHDepositInitiated(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n event ETHWithdrawalFinalized(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev Deposit an amount of the ETH to the caller's balance on L2.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETH(uint32 _l2Gas, bytes calldata _data) external payable;\n\n /**\n * @dev Deposit an amount of ETH to a recipient's balance on L2.\n * @param _to L2 address to credit the withdrawal to.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETHTo(\n address _to,\n uint32 _l2Gas,\n bytes calldata _data\n ) external payable;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ETH token. Since only the xDomainMessenger can call this function, it will never be called\n * before the withdrawal is finalized.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeETHWithdrawal(\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessenger {\n /**********\n * Events *\n **********/\n\n event SentMessage(\n address indexed target,\n address sender,\n bytes message,\n uint256 messageNonce,\n uint256 gasLimit\n );\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(\n address _target,\n bytes calldata _message,\n uint32 _gasLimit\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.9;\n\n/**\n * @title Lib_PredeployAddresses\n */\nlibrary Lib_PredeployAddresses {\n address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;\n address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;\n address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;\n address payable internal constant OVM_ETH = payable(0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000);\n address internal constant L2_CROSS_DOMAIN_MESSENGER =\n 0x4200000000000000000000000000000000000007;\n address internal constant LIB_ADDRESS_MANAGER = 0x4200000000000000000000000000000000000008;\n address internal constant PROXY_EOA = 0x4200000000000000000000000000000000000009;\n address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;\n address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;\n address internal constant L2_STANDARD_TOKEN_FACTORY =\n 0x4200000000000000000000000000000000000012;\n address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/ContextUpgradeable.sol\";\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n function __Ownable_init() internal onlyInitializing {\n __Ownable_init_unchained();\n }\n\n function __Ownable_init_unchained() internal onlyInitializing {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/errorsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.6.0) (crosschain/errors.sol)\n\npragma solidity ^0.8.4;\n\nerror NotCrossChainCall();\nerror InvalidCrossChainSender(address actual, address expected);\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (crosschain/optimism/LibOptimism.sol)\n\npragma solidity ^0.8.4;\n\nimport { ICrossDomainMessengerUpgradeable as Optimism_Bridge } from \"../../vendor/optimism/ICrossDomainMessengerUpgradeable.sol\";\nimport \"../errorsUpgradeable.sol\";\n\n/**\n * @dev Primitives for cross-chain aware contracts for https://www.optimism.io/[Optimism].\n * See the https://community.optimism.io/docs/developers/bridge/messaging/#accessing-msg-sender[documentation]\n * for the functionality used here.\n */\nlibrary LibOptimismUpgradeable {\n /**\n * @dev Returns whether the current function call is the result of a\n * cross-chain message relayed by `messenger`.\n */\n function isCrossChain(address messenger) internal view returns (bool) {\n return msg.sender == messenger;\n }\n\n /**\n * @dev Returns the address of the sender that triggered the current\n * cross-chain message through `messenger`.\n *\n * NOTE: {isCrossChain} should be checked before trying to recover the\n * sender, as it will revert with `NotCrossChainCall` if the current\n * function call is not the result of a cross-chain message.\n */\n function crossChainSender(address messenger) internal view returns (address) {\n if (!isCrossChain(messenger)) revert NotCrossChainCall();\n\n return Optimism_Bridge(messenger).xDomainMessageSender();\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/draft-IERC1822Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified\n * proxy whose upgrades are fully controlled by the current implementation.\n */\ninterface IERC1822ProxiableUpgradeable {\n /**\n * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation\n * address.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy.\n */\n function proxiableUUID() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/IERC1967Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n *\n * _Available since v4.8.3._\n */\ninterface IERC1967Upgradeable {\n /**\n * @dev Emitted when the implementation is upgraded.\n */\n event Upgraded(address indexed implementation);\n\n /**\n * @dev Emitted when the admin account has changed.\n */\n event AdminChanged(address previousAdmin, address newAdmin);\n\n /**\n * @dev Emitted when the beacon is changed.\n */\n event BeaconUpgraded(address indexed beacon);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/beacon/IBeaconUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeaconUpgradeable {\n /**\n * @dev Must return an address that can be used as a delegate call target.\n *\n * {BeaconProxy} will check that this address is a contract.\n */\n function implementation() external view returns (address);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../beacon/IBeaconUpgradeable.sol\";\nimport \"../../interfaces/IERC1967Upgradeable.sol\";\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../../utils/AddressUpgradeable.sol\";\nimport \"../../utils/StorageSlotUpgradeable.sol\";\nimport \"../utils/Initializable.sol\";\n\n/**\n * @dev This abstract contract provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.\n *\n * _Available since v4.1._\n */\nabstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {\n function __ERC1967Upgrade_init() internal onlyInitializing {\n }\n\n function __ERC1967Upgrade_init_unchained() internal onlyInitializing {\n }\n // This is the keccak-256 hash of \"eip1967.proxy.rollback\" subtracted by 1\n bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;\n\n /**\n * @dev Storage slot with the address of the current implementation.\n * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n /**\n * @dev Returns the current implementation address.\n */\n function _getImplementation() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 implementation slot.\n */\n function _setImplementation(address newImplementation) private {\n require(AddressUpgradeable.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n }\n\n /**\n * @dev Perform implementation upgrade\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeTo(address newImplementation) internal {\n _setImplementation(newImplementation);\n emit Upgraded(newImplementation);\n }\n\n /**\n * @dev Perform implementation upgrade with additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {\n _upgradeTo(newImplementation);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(newImplementation, data);\n }\n }\n\n /**\n * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {\n // Upgrades from old implementations will perform a rollback test. This test requires the new\n // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing\n // this special case will break upgrade paths from old UUPS implementation to new ones.\n if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {\n _setImplementation(newImplementation);\n } else {\n try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {\n require(slot == _IMPLEMENTATION_SLOT, \"ERC1967Upgrade: unsupported proxiableUUID\");\n } catch {\n revert(\"ERC1967Upgrade: new implementation is not UUPS\");\n }\n _upgradeToAndCall(newImplementation, data, forceCall);\n }\n }\n\n /**\n * @dev Storage slot with the admin of the contract.\n * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n /**\n * @dev Returns the current admin.\n */\n function _getAdmin() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 admin slot.\n */\n function _setAdmin(address newAdmin) private {\n require(newAdmin != address(0), \"ERC1967: new admin is the zero address\");\n StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;\n }\n\n /**\n * @dev Changes the admin of the proxy.\n *\n * Emits an {AdminChanged} event.\n */\n function _changeAdmin(address newAdmin) internal {\n emit AdminChanged(_getAdmin(), newAdmin);\n _setAdmin(newAdmin);\n }\n\n /**\n * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.\n */\n bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n /**\n * @dev Returns the current beacon.\n */\n function _getBeacon() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;\n }\n\n /**\n * @dev Stores a new beacon in the EIP1967 beacon slot.\n */\n function _setBeacon(address newBeacon) private {\n require(AddressUpgradeable.isContract(newBeacon), \"ERC1967: new beacon is not a contract\");\n require(\n AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),\n \"ERC1967: beacon implementation is not a contract\"\n );\n StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;\n }\n\n /**\n * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does\n * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).\n *\n * Emits a {BeaconUpgraded} event.\n */\n function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {\n _setBeacon(newBeacon);\n emit BeaconUpgraded(newBeacon);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);\n }\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../../utils/AddressUpgradeable.sol\";\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n * function initialize() initializer public {\n * __ERC20_init(\"MyToken\", \"MTK\");\n * }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n * function initializeV2() reinitializer(2) public {\n * __ERC20Permit_init(\"MyToken\");\n * }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n * _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n /**\n * @dev Indicates that the contract has been initialized.\n * @custom:oz-retyped-from bool\n */\n uint8 private _initialized;\n\n /**\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private _initializing;\n\n /**\n * @dev Triggered when the contract has been initialized or reinitialized.\n */\n event Initialized(uint8 version);\n\n /**\n * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n * `onlyInitializing` functions can be used to initialize parent contracts.\n *\n * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a\n * constructor.\n *\n * Emits an {Initialized} event.\n */\n modifier initializer() {\n bool isTopLevelCall = !_initializing;\n require(\n (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),\n \"Initializable: contract is already initialized\"\n );\n _initialized = 1;\n if (isTopLevelCall) {\n _initializing = true;\n }\n _;\n if (isTopLevelCall) {\n _initializing = false;\n emit Initialized(1);\n }\n }\n\n /**\n * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n * used to initialize parent contracts.\n *\n * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n * are added through upgrades and that require initialization.\n *\n * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n * cannot be nested. If one is invoked in the context of another, execution will revert.\n *\n * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n * a contract, executing them in the right order is up to the developer or operator.\n *\n * WARNING: setting the version to 255 will prevent any future reinitialization.\n *\n * Emits an {Initialized} event.\n */\n modifier reinitializer(uint8 version) {\n require(!_initializing && _initialized < version, \"Initializable: contract is already initialized\");\n _initialized = version;\n _initializing = true;\n _;\n _initializing = false;\n emit Initialized(version);\n }\n\n /**\n * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n * {initializer} and {reinitializer} modifiers, directly or indirectly.\n */\n modifier onlyInitializing() {\n require(_initializing, \"Initializable: contract is not initializing\");\n _;\n }\n\n /**\n * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n * through proxies.\n *\n * Emits an {Initialized} event the first time it is successfully executed.\n */\n function _disableInitializers() internal virtual {\n require(!_initializing, \"Initializable: contract is initializing\");\n if (_initialized != type(uint8).max) {\n _initialized = type(uint8).max;\n emit Initialized(type(uint8).max);\n }\n }\n\n /**\n * @dev Returns the highest version that has been initialized. See {reinitializer}.\n */\n function _getInitializedVersion() internal view returns (uint8) {\n return _initialized;\n }\n\n /**\n * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n */\n function _isInitializing() internal view returns (bool) {\n return _initializing;\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../ERC1967/ERC1967UpgradeUpgradeable.sol\";\nimport \"./Initializable.sol\";\n\n/**\n * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an\n * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.\n *\n * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is\n * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing\n * `UUPSUpgradeable` with a custom implementation of upgrades.\n *\n * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.\n *\n * _Available since v4.1._\n */\nabstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {\n function __UUPSUpgradeable_init() internal onlyInitializing {\n }\n\n function __UUPSUpgradeable_init_unchained() internal onlyInitializing {\n }\n /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment\n address private immutable __self = address(this);\n\n /**\n * @dev Check that the execution is being performed through a delegatecall call and that the execution context is\n * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case\n * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a\n * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to\n * fail.\n */\n modifier onlyProxy() {\n require(address(this) != __self, \"Function must be called through delegatecall\");\n require(_getImplementation() == __self, \"Function must be called through active proxy\");\n _;\n }\n\n /**\n * @dev Check that the execution is not being performed through a delegate call. This allows a function to be\n * callable on the implementing contract but not through proxies.\n */\n modifier notDelegated() {\n require(address(this) == __self, \"UUPSUpgradeable: must not be called through delegatecall\");\n _;\n }\n\n /**\n * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the\n * implementation. It is used to validate the implementation's compatibility when performing an upgrade.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.\n */\n function proxiableUUID() external view virtual override notDelegated returns (bytes32) {\n return _IMPLEMENTATION_SLOT;\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeTo(address newImplementation) public virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, new bytes(0), false);\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call\n * encoded in `data`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, data, true);\n }\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n *\n * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.\n *\n * ```solidity\n * function _authorizeUpgrade(address) internal override onlyOwner {}\n * ```\n */\n function _authorizeUpgrade(address newImplementation) internal virtual;\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n *\n * TIP: If you would like to learn more about reentrancy and alternative ways\n * to protect against it, check out our blog post\n * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].\n */\nabstract contract ReentrancyGuardUpgradeable is Initializable {\n // Booleans are more expensive than uint256 or any type that takes up a full\n // word because each write operation emits an extra SLOAD to first read the\n // slot's contents, replace the bits taken up by the boolean, and then write\n // back. This is the compiler's defense against contract upgrades and\n // pointer aliasing, and it cannot be disabled.\n\n // The values being non-zero value makes deployment a bit more expensive,\n // but in exchange the refund on every call to nonReentrant will be lower in\n // amount. Since refunds are capped to a percentage of the total\n // transaction's gas, it is best to keep them low in cases like this one, to\n // increase the likelihood of the full refund coming into effect.\n uint256 private constant _NOT_ENTERED = 1;\n uint256 private constant _ENTERED = 2;\n\n uint256 private _status;\n\n function __ReentrancyGuard_init() internal onlyInitializing {\n __ReentrancyGuard_init_unchained();\n }\n\n function __ReentrancyGuard_init_unchained() internal onlyInitializing {\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and making it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _nonReentrantBefore();\n _;\n _nonReentrantAfter();\n }\n\n function _nonReentrantBefore() private {\n // On the first call to nonReentrant, _status will be _NOT_ENTERED\n require(_status != _ENTERED, \"ReentrancyGuard: reentrant call\");\n\n // Any calls to nonReentrant after this point will fail\n _status = _ENTERED;\n }\n\n function _nonReentrantAfter() private {\n // By storing the original value once again, a refund is triggered (see\n // https://eips.ethereum.org/EIPS/eip-2200)\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Returns true if the reentrancy guard is currently set to \"entered\", which indicates there is a\n * `nonReentrant` function in the call stack.\n */\n function _reentrancyGuardEntered() internal view returns (bool) {\n return _status == _ENTERED;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20PermitUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20PermitUpgradeable {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20Upgradeable {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20Upgradeable.sol\";\nimport \"../extensions/IERC20PermitUpgradeable.sol\";\nimport \"../../../utils/AddressUpgradeable.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20Upgradeable {\n using AddressUpgradeable for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20PermitUpgradeable token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary AddressUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n function __Context_init() internal onlyInitializing {\n }\n\n function __Context_init_unchained() internal onlyInitializing {\n }\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../StringsUpgradeable.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSAUpgradeable {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", StringsUpgradeable.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/MathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary MathUpgradeable {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/SignedMathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMathUpgradeable {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StorageSlotUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n * function _getImplementation() internal view returns (address) {\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n * }\n *\n * function _setImplementation(address newImplementation) internal {\n * require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n * }\n * }\n * ```\n *\n * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._\n * _Available since v4.9 for `string`, `bytes`._\n */\nlibrary StorageSlotUpgradeable {\n struct AddressSlot {\n address value;\n }\n\n struct BooleanSlot {\n bool value;\n }\n\n struct Bytes32Slot {\n bytes32 value;\n }\n\n struct Uint256Slot {\n uint256 value;\n }\n\n struct StringSlot {\n string value;\n }\n\n struct BytesSlot {\n bytes value;\n }\n\n /**\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n */\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BooleanSlot` with member `value` located at `slot`.\n */\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.\n */\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Uint256Slot` with member `value` located at `slot`.\n */\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` with member `value` located at `slot`.\n */\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n */\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` with member `value` located at `slot`.\n */\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n */\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StringsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/MathUpgradeable.sol\";\nimport \"./math/SignedMathUpgradeable.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary StringsUpgradeable {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = MathUpgradeable.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMathUpgradeable.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, MathUpgradeable.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/vendor/optimism/ICrossDomainMessengerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (vendor/optimism/ICrossDomainMessenger.sol)\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessengerUpgradeable {\n /**********\n * Events *\n **********/\n\n event SentMessage(address indexed target, address sender, bytes message, uint256 messageNonce, uint256 gasLimit);\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(address _target, bytes calldata _message, uint32 _gasLimit) external;\n}\n" + }, + "@openzeppelin/contracts/access/Ownable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n" + }, + "@openzeppelin/contracts/interfaces/IERC1271.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC1271 standard signature validation method for\n * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].\n *\n * _Available since v4.1._\n */\ninterface IERC1271 {\n /**\n * @dev Should return whether the signature provided is valid for the provided data\n * @param hash Hash of the data to be signed\n * @param signature Signature byte array associated with _data\n */\n function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20Permit {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/IERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\nimport \"../extensions/IERC20Permit.sol\";\nimport \"../../../utils/Address.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using Address for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20 token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20Permit token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Address.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Context.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/ECDSA.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../Strings.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", Strings.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.2) (utils/cryptography/MerkleProof.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev These functions deal with verification of Merkle Tree proofs.\n *\n * The tree and the proofs can be generated using our\n * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].\n * You will find a quickstart guide in the readme.\n *\n * WARNING: You should avoid using leaf values that are 64 bytes long prior to\n * hashing, or use a hash function other than keccak256 for hashing leaves.\n * This is because the concatenation of a sorted pair of internal nodes in\n * the merkle tree could be reinterpreted as a leaf value.\n * OpenZeppelin's JavaScript library generates merkle trees that are safe\n * against this attack out of the box.\n */\nlibrary MerkleProof {\n /**\n * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree\n * defined by `root`. For this, a `proof` must be provided, containing\n * sibling hashes on the branch from the leaf to the root of the tree. Each\n * pair of leaves and each pair of pre-images are assumed to be sorted.\n */\n function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProof(proof, leaf) == root;\n }\n\n /**\n * @dev Calldata version of {verify}\n *\n * _Available since v4.7._\n */\n function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProofCalldata(proof, leaf) == root;\n }\n\n /**\n * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up\n * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt\n * hash matches the root of the tree. When processing the proof, the pairs\n * of leafs & pre-images are assumed to be sorted.\n *\n * _Available since v4.4._\n */\n function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Calldata version of {processProof}\n *\n * _Available since v4.7._\n */\n function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a merkle tree defined by\n * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerify(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProof(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Calldata version of {multiProofVerify}\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerifyCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProofCalldata(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction\n * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another\n * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false\n * respectively.\n *\n * CAUTION: Not all merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree\n * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the\n * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).\n *\n * _Available since v4.7._\n */\n function processMultiProof(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n /**\n * @dev Calldata version of {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function processMultiProofCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {\n return a < b ? _efficientHash(a, b) : _efficientHash(b, a);\n }\n\n function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, a)\n mstore(0x20, b)\n value := keccak256(0x00, 0x40)\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/SignatureChecker.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./ECDSA.sol\";\nimport \"../../interfaces/IERC1271.sol\";\n\n/**\n * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA\n * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets like\n * Argent and Gnosis Safe.\n *\n * _Available since v4.1._\n */\nlibrary SignatureChecker {\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the\n * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECDSA.recover`.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {\n (address recovered, ECDSA.RecoverError error) = ECDSA.tryRecover(hash, signature);\n return\n (error == ECDSA.RecoverError.NoError && recovered == signer) ||\n isValidERC1271SignatureNow(signer, hash, signature);\n }\n\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated\n * against the signer smart contract using ERC1271.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidERC1271SignatureNow(\n address signer,\n bytes32 hash,\n bytes memory signature\n ) internal view returns (bool) {\n (bool success, bytes memory result) = signer.staticcall(\n abi.encodeWithSelector(IERC1271.isValidSignature.selector, hash, signature)\n );\n return (success &&\n result.length >= 32 &&\n abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/Math.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary Math {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/SignedMath.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMath {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Strings.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/Math.sol\";\nimport \"./math/SignedMath.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = Math.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMath.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, Math.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: AGPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"./MerkleDistributorInterface.sol\";\n\n/**\n * Inspired by:\n * - https://github.com/pie-dao/vested-token-migration-app\n * - https://github.com/Uniswap/merkle-distributor\n * - https://github.com/balancer-labs/erc20-redeemable\n *\n * @title MerkleDistributor contract.\n * @notice Allows an owner to distribute any reward ERC20 to claimants according to Merkle roots. The owner can specify\n * multiple Merkle roots distributions with customized reward currencies.\n * @dev The Merkle trees are not validated in any way, so the system assumes the contract owner behaves honestly.\n */\ncontract MerkleDistributor is MerkleDistributorInterface, Ownable {\n using SafeERC20 for IERC20;\n\n // Windows are mapped to arbitrary indices.\n mapping(uint256 => Window) public merkleWindows;\n\n // Index of next created Merkle root.\n uint256 public nextCreatedIndex;\n\n // Track which accounts have claimed for each window index.\n // Note: uses a packed array of bools for gas optimization on tracking certain claims. Copied from Uniswap's contract.\n mapping(uint256 => mapping(uint256 => uint256)) private claimedBitMap;\n\n /****************************************\n * EVENTS\n ****************************************/\n event Claimed(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n event CreatedWindow(\n uint256 indexed windowIndex,\n uint256 rewardsDeposited,\n address indexed rewardToken,\n address owner\n );\n event WithdrawRewards(address indexed owner, uint256 amount, address indexed currency);\n event DeleteWindow(uint256 indexed windowIndex, address owner);\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Set merkle root for the next available window index and seed allocations.\n * @notice Callable only by owner of this contract. Caller must have approved this contract to transfer\n * `rewardsToDeposit` amount of `rewardToken` or this call will fail. Importantly, we assume that the\n * owner of this contract correctly chooses an amount `rewardsToDeposit` that is sufficient to cover all\n * claims within the `merkleRoot`.\n * @param rewardsToDeposit amount of rewards to deposit to seed this allocation.\n * @param rewardToken ERC20 reward token.\n * @param merkleRoot merkle root describing allocation.\n * @param ipfsHash hash of IPFS object, conveniently stored for clients\n */\n function setWindow(\n uint256 rewardsToDeposit,\n address rewardToken,\n bytes32 merkleRoot,\n string calldata ipfsHash\n ) external onlyOwner {\n uint256 indexToSet = nextCreatedIndex;\n nextCreatedIndex = indexToSet + 1;\n\n _setWindow(indexToSet, rewardsToDeposit, rewardToken, merkleRoot, ipfsHash);\n }\n\n /**\n * @notice Delete merkle root at window index.\n * @dev Callable only by owner. Likely to be followed by a withdrawRewards call to clear contract state.\n * @param windowIndex merkle root index to delete.\n */\n function deleteWindow(uint256 windowIndex) external onlyOwner {\n delete merkleWindows[windowIndex];\n emit DeleteWindow(windowIndex, msg.sender);\n }\n\n /**\n * @notice Emergency method that transfers rewards out of the contract if the contract was configured improperly.\n * @dev Callable only by owner.\n * @param rewardCurrency rewards to withdraw from contract.\n * @param amount amount of rewards to withdraw.\n */\n function withdrawRewards(IERC20 rewardCurrency, uint256 amount) external onlyOwner {\n rewardCurrency.safeTransfer(msg.sender, amount);\n emit WithdrawRewards(msg.sender, amount, address(rewardCurrency));\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev Optimistically tries to batch together consecutive claims for the same account and same\n * reward token to reduce gas. Therefore, the most gas-cost-optimal way to use this method\n * is to pass in an array of claims sorted by account and reward currency. It also reverts\n * when any of individual `_claim`'s `amount` exceeds `remainingAmount` for its window.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public virtual override {\n uint256 batchedAmount;\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n Claim memory _claim = claims[i];\n _verifyAndMarkClaimed(_claim);\n batchedAmount += _claim.amount;\n\n // If the next claim is NOT the same account or the same token (or this claim is the last one),\n // then disburse the `batchedAmount` to the current claim's account for the current claim's reward token.\n uint256 nextI = i + 1;\n IERC20 currentRewardToken = merkleWindows[_claim.windowIndex].rewardToken;\n if (\n nextI == claimCount ||\n // This claim is last claim.\n claims[nextI].account != _claim.account ||\n // Next claim account is different than current one.\n merkleWindows[claims[nextI].windowIndex].rewardToken != currentRewardToken\n // Next claim reward token is different than current one.\n ) {\n currentRewardToken.safeTransfer(_claim.account, batchedAmount);\n batchedAmount = 0;\n }\n }\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev If the `_claim`'s `amount`, `accountIndex`, and `account` do not exactly match the\n * values stored in the merkle root for the `_claim`'s `windowIndex` this method\n * will revert. It also reverts when `_claim`'s `amount` exceeds `remainingAmount` for the window.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public virtual override {\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(_claim.account, _claim.amount);\n }\n\n /**\n * @notice Returns True if the claim for `accountIndex` has already been completed for the Merkle root at\n * `windowIndex`.\n * @dev This method will only work as intended if all `accountIndex`'s are unique for a given `windowIndex`.\n * The onus is on the Owner of this contract to submit only valid Merkle roots.\n * @param windowIndex merkle root to check.\n * @param accountIndex account index to check within window index.\n * @return True if claim has been executed already, False otherwise.\n */\n function isClaimed(uint256 windowIndex, uint256 accountIndex) public view returns (bool) {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n uint256 claimedWord = claimedBitMap[windowIndex][claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Returns rewardToken set by admin for windowIndex.\n * @param windowIndex merkle root to check.\n * @return address Reward token address\n */\n function getRewardTokenForWindow(uint256 windowIndex) public view override returns (address) {\n return address(merkleWindows[windowIndex].rewardToken);\n }\n\n /**\n * @notice Returns True if leaf described by {account, amount, accountIndex} is stored in Merkle root at given\n * window index.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n * @return valid True if leaf exists.\n */\n function verifyClaim(Claim memory _claim) public view returns (bool valid) {\n bytes32 leaf = keccak256(abi.encodePacked(_claim.account, _claim.amount, _claim.accountIndex));\n return MerkleProof.verify(_claim.merkleProof, merkleWindows[_claim.windowIndex].merkleRoot, leaf);\n }\n\n /****************************\n * PRIVATE FUNCTIONS\n ****************************/\n\n // Mark claim as completed for `accountIndex` for Merkle root at `windowIndex`.\n function _setClaimed(uint256 windowIndex, uint256 accountIndex) private {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n claimedBitMap[windowIndex][claimedWordIndex] =\n claimedBitMap[windowIndex][claimedWordIndex] |\n (1 << claimedBitIndex);\n }\n\n // Store new Merkle root at `windowindex`. Pull `rewardsDeposited` from caller to seed distribution for this root.\n function _setWindow(\n uint256 windowIndex,\n uint256 rewardsDeposited,\n address rewardToken,\n bytes32 merkleRoot,\n string memory ipfsHash\n ) private {\n Window storage window = merkleWindows[windowIndex];\n window.merkleRoot = merkleRoot;\n window.remainingAmount = rewardsDeposited;\n window.rewardToken = IERC20(rewardToken);\n window.ipfsHash = ipfsHash;\n\n emit CreatedWindow(windowIndex, rewardsDeposited, rewardToken, msg.sender);\n\n window.rewardToken.safeTransferFrom(msg.sender, address(this), rewardsDeposited);\n }\n\n // Verify claim is valid and mark it as completed in this contract.\n function _verifyAndMarkClaimed(Claim memory _claim) internal {\n // Check claimed proof against merkle window at given index.\n require(verifyClaim(_claim), \"Incorrect merkle proof\");\n // Check the account has not yet claimed for this window.\n require(!isClaimed(_claim.windowIndex, _claim.accountIndex), \"Account has already claimed for this window\");\n\n // Proof is correct and claim has not occurred yet, mark claimed complete.\n _setClaimed(_claim.windowIndex, _claim.accountIndex);\n merkleWindows[_claim.windowIndex].remainingAmount -= _claim.amount;\n emit Claimed(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributorInterface.sol": { + "content": "// SPDX-License-Identifier: GPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in MerkleDistributor implementation that would be called by\n * a consuming external contract (such as the Across Protocol's AcceleratingDistributor).\n */\ninterface MerkleDistributorInterface {\n // A Window maps a Merkle root to a reward token address.\n struct Window {\n // Merkle root describing the distribution.\n bytes32 merkleRoot;\n // Remaining amount of deposited rewards that have not yet been claimed.\n uint256 remainingAmount;\n // Currency in which reward is processed.\n IERC20 rewardToken;\n // IPFS hash of the merkle tree. Can be used to independently fetch recipient proofs and tree. Note that the canonical\n // data type for storing an IPFS hash is a multihash which is the concatenation of \n // . We opted to store this in a string type to make it easier\n // for users to query the ipfs data without needing to reconstruct the multihash. to view the IPFS data simply\n // go to https://cloudflare-ipfs.com/ipfs/.\n string ipfsHash;\n }\n\n // Represents an account's claim for `amount` within the Merkle root located at the `windowIndex`.\n struct Claim {\n uint256 windowIndex;\n uint256 amount;\n uint256 accountIndex; // Used only for bitmap. Assumed to be unique for each claim.\n address account;\n bytes32[] merkleProof;\n }\n\n function claim(Claim memory _claim) external;\n\n function claimMulti(Claim[] memory claims) external;\n\n function getRewardTokenForWindow(uint256 windowIndex) external view returns (address);\n}\n" + }, + "contracts/Arbitrum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\ninterface StandardBridgeLike {\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external payable returns (bytes memory);\n}\n\n/**\n * @notice AVM specific SpokePool. Uses AVM cross-domain-enabled logic to implement admin only access to functions.\n */\ncontract Arbitrum_SpokePool is SpokePool {\n // Address of the Arbitrum L2 token gateway to send funds to L1.\n address public l2GatewayRouter;\n\n // Admin controlled mapping of arbitrum tokens to L1 counterpart. L1 counterpart addresses\n // are necessary params used when bridging tokens to L1.\n mapping(address => address) public whitelistedTokens;\n\n event ArbitrumTokensBridged(address indexed l1Token, address target, uint256 numberOfTokensBridged);\n event SetL2GatewayRouter(address indexed newL2GatewayRouter);\n event WhitelistedTokens(address indexed l2Token, address indexed l1Token);\n\n /**\n * @notice Construct the AVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _l2GatewayRouter Address of L2 token gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _l2GatewayRouter,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setL2GatewayRouter(_l2GatewayRouter);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ARBITRUM-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 gateway router. Callable only by admin.\n * @param newL2GatewayRouter New L2 gateway router.\n */\n function setL2GatewayRouter(address newL2GatewayRouter) public onlyAdmin nonReentrant {\n _setL2GatewayRouter(newL2GatewayRouter);\n }\n\n /**\n * @notice Add L2 -> L1 token mapping. Callable only by admin.\n * @param l2Token Arbitrum token.\n * @param l1Token Ethereum version of l2Token.\n */\n function whitelistToken(address l2Token, address l1Token) public onlyAdmin nonReentrant {\n _whitelistToken(l2Token, l1Token);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // Check that the Ethereum counterpart of the L2 token is stored on this contract.\n address ethereumTokenToBridge = whitelistedTokens[relayerRefundLeaf.l2TokenAddress];\n require(ethereumTokenToBridge != address(0), \"Uninitialized mainnet token\");\n //slither-disable-next-line unused-return\n StandardBridgeLike(l2GatewayRouter).outboundTransfer(\n ethereumTokenToBridge, // _l1Token. Address of the L1 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 hub pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n emit ArbitrumTokensBridged(address(0), hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setL2GatewayRouter(address _l2GatewayRouter) internal {\n l2GatewayRouter = _l2GatewayRouter;\n emit SetL2GatewayRouter(l2GatewayRouter);\n }\n\n function _whitelistToken(address _l2Token, address _l1Token) internal {\n whitelistedTokens[_l2Token] = _l1Token;\n emit WhitelistedTokens(_l2Token, _l1Token);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://developer.offchainlabs.com/docs/l1_l2_messages#address-aliasing for more information.\n // This cannot be pulled directly from Arbitrum contracts because their contracts are not 0.8.X compatible and\n // this operation takes advantage of overflows, whose behavior changed in 0.8.0.\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n // Allows overflows as explained above.\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n // Apply AVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + }, + "contracts/chain-adapters/Arbitrum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Arbitrum's L1 Inbox contract used to send messages to Arbitrum.\n */\ninterface ArbitrumL1InboxLike {\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @dev Caller must set msg.value equal to at least `maxSubmissionCost + maxGas * gasPriceBid`.\n * all msg.value will deposited to callValueRefundAddress on L2\n * @dev More details can be found here: https://developer.arbitrum.io/arbos/l1-to-l2-messaging\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function createRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed\n * funds come from the deposit alone, rather than falling back on the user's L2 balance\n * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).\n * createRetryableTicket method is the recommended standard.\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function unsafeCreateRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n}\n\n/**\n * @notice Layer 1 Gateway contract for bridging standard ERC20s to Arbitrum.\n */\ninterface ArbitrumL1ERC20GatewayLike {\n /**\n * @notice Deprecated in favor of outboundTransferCustomRefund but still used in custom bridges\n * like the DAI bridge.\n * @dev Refunded to aliased L2 address of sender if sender has code on L1, otherwise to to sender's EOA on L2.\n * @param _l1Token L1 address of ERC20\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice Deposit ERC20 token from Ethereum into Arbitrum.\n * @dev L2 address alias will not be applied to the following types of addresses on L1:\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * @param _l1Token L1 address of ERC20\n * @param _refundTo Account, or its L2 alias if it have code in L1, to be credited with excess gas refund in L2\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransferCustomRefund(\n address _l1Token,\n address _refundTo,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice get ERC20 gateway for token.\n * @param _token ERC20 address.\n * @return address of ERC20 gateway.\n */\n function getGateway(address _token) external view returns (address);\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Arbitrum.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public constant l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public constant l2GasPrice = 5e9; // 5 gWei\n\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n uint32 public constant RELAY_MESSAGE_L2_GAS_LIMIT = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(\n ArbitrumL1InboxLike _l1ArbitrumInbox,\n ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter,\n address _l2RefundL2Address\n ) {\n l1Inbox = _l1ArbitrumInbox;\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send cross-chain message to target on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param target Contract on Arbitrum that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_MESSAGE_L2_GAS_LIMIT);\n\n l1Inbox.createRetryableTicket{ value: requiredL1CallValue }(\n target, // destAddr destination L2 contract address\n 0, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n RELAY_MESSAGE_L2_GAS_LIMIT, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n message // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for Arbitrum.\n uint256 amount,\n address to\n ) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_TOKENS_L2_GAS_LIMIT);\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n // Note: Legacy routers don't have the outboundTransferCustomRefund method, so default to using\n // outboundTransfer(). Legacy routers are used for the following tokens that are currently enabled:\n // - DAI: the implementation of `outboundTransfer` at the current DAI custom gateway\n // (https://etherscan.io/address/0xD3B5b60020504bc3489D6949d545893982BA3011#writeContract) sets the\n // sender as the refund address so the aliased HubPool should receive excess funds. Implementation here:\n // https://github.com/makerdao/arbitrum-dai-bridge/blob/11a80385e2622968069c34d401b3d54a59060e87/contracts/l1/L1DaiGateway.sol#L109\n if (l1Token == 0x6B175474E89094C44Da98b954EedeAC495271d0F) {\n // This means that the excess ETH to pay for the L2 transaction will be sent to the aliased\n // contract address on L2, which we'd have to retrieve via a custom adapter, the Arbitrum_RescueAdapter.\n // To do so, in a single transaction: 1) setCrossChainContracts to Arbitrum_RescueAdapter, 2) relayMessage\n // with function data = abi.encode(amountToRescue), 3) setCrossChainContracts back to this adapter.\n l1ERC20GatewayRouter.outboundTransfer{ value: requiredL1CallValue }(\n l1Token,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n } else {\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue(uint32 l2GasLimit) public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance(uint32 l2GasLimit) internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue(l2GasLimit);\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"./Arbitrum_Adapter.sol\"; // Used to import `ArbitrumL1ERC20GatewayLike` and `ArbitrumL1InboxLike`\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Meant to copy the Arbitrum_Adapter exactly in how it sends L1 --> L2 messages but is designed only to be\n * used by the owner of the HubPool to retrieve ETH held by its aliased address on L2. This ETH builds up because\n * `relayTokens` calls `l1ERC20GatewayRouter.outboundTransfer` which does not allow the caller to specify an L2 refund\n * address the same way that `l1Inbox.createRetryableTicket` does. This means that the alias address of the caller, the\n * HubPool in this case, receives ETH on L2. This Adapter can be used to send messages to Arbitrum specifically to send\n * transactions as if called by the aliased HubPool address.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public immutable l2GasPrice = 5e9; // 5 gWei\n\n // Gas limit for immediate L2 execution attempt (can be estimated via NodeInterface.estimateRetryableTicket).\n // NodeInterface precompile interface exists at L2 address 0x00000000000000000000000000000000000000C8\n uint32 public immutable l2GasLimit = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n // L1 HubPool address aliased on L2: https://github.com/OffchainLabs/arbitrum/blob/master/docs/L1_L2_Messages.md#address-aliasing\n address public immutable aliasedL2HubPoolAddress = 0xd297fA914353c44B2e33EBE05F21846f1048CFeB;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n */\n constructor(ArbitrumL1InboxLike _l1ArbitrumInbox) {\n l1Inbox = _l1ArbitrumInbox;\n\n l2RefundL2Address = msg.sender;\n }\n\n /**\n * @notice Send cross-chain message to aliased hub pool address on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param message Data to send to aliased hub pool.\n */\n function relayMessage(address, bytes memory message) external payable override {\n uint256 valueToReturn = abi.decode(message, (uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // In the rescue ETH setup, we send the transaction to the refund address, we provide a call value equal to the\n // amount we want to rescue, and we specify an empty calldata, since it's a simple ETH transfer.\n // Note: we use the unsafe version of createRetryableTicket because it doesn't require the msg.sender to pass\n // in arbTxCallValue in addition to maxSubmissionCost + maxGas * gasPriceBid.\n l1Inbox.unsafeCreateRetryableTicket{ value: requiredL1CallValue }(\n l2RefundL2Address, // destAddr destination L2 contract address\n valueToReturn, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n l2GasLimit, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n \"\" // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(aliasedL2HubPoolAddress, \"\");\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"useless function\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_SendTokensAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport { ArbitrumL1ERC20GatewayLike } from \"./Arbitrum_Adapter.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to send funds from the Hub to a Spoke in the event that a spoke pool\n * received a duplicate root bundle relay, due to some replay issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_SendTokensAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n uint256 public immutable l2GasPrice = 5e9;\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n address public immutable l2RefundL2Address;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter, address _l2RefundL2Address) {\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send tokens to SpokePool. Enables HubPool admin to call relaySpokePoolAdminFunction that will trigger\n * this function.\n * @dev This performs similar logic to relayTokens in the normal Arbitrum_Adapter by sending tokens\n * the Arbitrum_SpokePool out of the HubPool.\n * @param message The encoded address of the ERC20 to send to the rescue address.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n (address l1Token, uint256 amount) = abi.decode(message, (address, uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n target,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n\n // Purposefully not emitting any events so as not to confuse off-chain monitors that track this event.\n // emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * RELAY_TOKENS_L2_GAS_LIMIT;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Base_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Base. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Base_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Base system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Base.\n * @param target Contract on Base that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Base.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Boba_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Boba. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Boba_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 2_000_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Boba system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Boba.\n * @param target Contract on Boba that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Boba.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/CrossDomainEnabled.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.0;\n\n/* Interface Imports */\nimport { ICrossDomainMessenger } from \"@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol\";\n\n/**\n * @title CrossDomainEnabled\n * @dev Helper contract for contracts performing cross-domain communications between L1 and Optimism.\n * @dev This modifies the eth-optimism/CrossDomainEnabled contract only by changing state variables to be\n * immutable for use in contracts like the Optimism_Adapter which use delegateCall().\n */\ncontract CrossDomainEnabled {\n // Messenger contract used to send and recieve messages from the other domain.\n address public immutable messenger;\n\n /**\n * @param _messenger Address of the CrossDomainMessenger on the current layer.\n */\n constructor(address _messenger) {\n messenger = _messenger;\n }\n\n /**\n * Enforces that the modified function is only callable by a specific cross-domain account.\n * @param _sourceDomainAccount The only account on the originating domain which is\n * authenticated to call this function.\n */\n modifier onlyFromCrossDomainAccount(address _sourceDomainAccount) {\n require(msg.sender == address(getCrossDomainMessenger()), \"invalid cross domain messenger\");\n\n require(\n getCrossDomainMessenger().xDomainMessageSender() == _sourceDomainAccount,\n \"invalid cross domain sender\"\n );\n\n _;\n }\n\n /**\n * Gets the messenger, usually from storage. This function is exposed in case a child contract\n * needs to override.\n * @return The address of the cross-domain messenger contract which should be used.\n */\n function getCrossDomainMessenger() internal virtual returns (ICrossDomainMessenger) {\n return ICrossDomainMessenger(messenger);\n }\n\n /**\n * Sends a message to an account on another domain\n * @param _crossDomainTarget The intended recipient on the destination domain\n * @param _message The data to send to the target (usually calldata to a function with\n * onlyFromCrossDomainAccount())\n * @param _gasLimit The gasLimit for the receipt of the message on the target domain.\n */\n function sendCrossDomainMessage(\n address _crossDomainTarget,\n uint32 _gasLimit,\n bytes calldata _message\n ) internal {\n // slither-disable-next-line reentrancy-events, reentrancy-benign\n getCrossDomainMessenger().sendMessage(_crossDomainTarget, _message, _gasLimit);\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Ethereum SpokePool.\n * @notice This contract should always be deployed on the same chain as the HubPool, as it acts as a pass-through\n * contract between HubPool and SpokePool on the same chain. Its named \"Ethereum_Adapter\" because a core assumption\n * is that the HubPool will be deployed on Ethereum, so this adapter will be used to communicate between HubPool\n * and the Ethereum_SpokePool.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n /**\n * @notice Send message to target on Ethereum.\n * @notice This function, and contract overall, is not useful in practice except that the HubPool\n * expects to interact with the SpokePool via an Adapter, so when communicating to the Ethereum_SpokePool, it must\n * send messages via this pass-through contract.\n * @param target Contract that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n _executeCall(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Send tokens to target.\n * @param l1Token L1 token to send.\n * @param l2Token Unused parameter in this contract.\n * @param amount Amount of L1 tokens to send.\n * @param to recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for ethereum since we are assuming that the HubPool is only deployed\n // on this network.\n uint256 amount,\n address to\n ) external payable override {\n IERC20(l1Token).safeTransfer(to, amount);\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n // Note: this snippet of code is copied from Governor.sol. Source: https://github.com/UMAprotocol/protocol/blob/5b37ea818a28479c01e458389a83c3e736306b17/packages/core/contracts/oracle/implementation/Governor.sol#L190-L207\n function _executeCall(address to, bytes memory data) private {\n // Note: this snippet of code is copied from Governor.sol and modified to not include any \"value\" field.\n\n bool success;\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let inputData := add(data, 0x20)\n let inputDataSize := mload(data)\n // Hardcode value to be 0 for relayed governance calls in order to avoid addressing complexity of bridging\n // value cross-chain.\n success := call(gas(), to, 0, inputData, inputDataSize, 0, 0)\n }\n require(success, \"execute call failed\");\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to rescue funds from a Hub in the event of a misconfiguration or\n * security issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n address public immutable rescueAddress;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rescueAddress Rescue address to send funds to.\n */\n constructor(address _rescueAddress) {\n rescueAddress = _rescueAddress;\n }\n\n /**\n * @notice Rescues the tokens from the calling contract.\n * @param message The encoded address of the ERC20 to send to the rescue addres.\n */\n function relayMessage(address, bytes memory message) external payable override {\n IERC20 tokenAddress = IERC20(abi.decode(message, (address)));\n\n // Transfer full balance of tokens to the rescue address.\n tokenAddress.safeTransfer(rescueAddress, tokenAddress.balanceOf(address(this)));\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n}\n" + }, + "contracts/chain-adapters/interfaces/AdapterInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Sends cross chain messages and tokens to contracts on a specific L2 network.\n * This interface is implemented by an adapter contract that is deployed on L1.\n */\n\ninterface AdapterInterface {\n event MessageRelayed(address target, bytes message);\n\n event TokensRelayed(address l1Token, address l2Token, uint256 amount, address to);\n\n /**\n * @notice Send message to `target` on L2.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param target L2 address to send message to.\n * @param message Message to send to `target`.\n */\n function relayMessage(address target, bytes calldata message) external payable;\n\n /**\n * @notice Send `amount` of `l1Token` to `to` on L2. `l2Token` is the L2 address equivalent of `l1Token`.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param l1Token L1 token to bridge.\n * @param l2Token L2 token to receive.\n * @param amount Amount of `l1Token` to bridge.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable;\n}\n" + }, + "contracts/chain-adapters/Optimism_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Synthetix custom bridge to Optimism.\n */\ninterface SynthetixBridgeToOptimism is IL1StandardBridge {\n /**\n * @notice Send tokens to Optimism.\n * @param to Address to send tokens to on L2.\n * @param amount Amount of tokens to send.\n */\n function depositTo(address to, uint256 amount) external;\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Optimism.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore it's only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Optimism_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n // Optimism has the ability to support \"custom\" bridges. These bridges are not supported by the canonical bridge\n // and so we need to store the address of the custom token and the associated bridge. In the event we want to\n // support a new token that is not supported by Optimism, we can add a new custom bridge for it and re-deploy the\n // adapter. A full list of custom optimism tokens and their associated bridges can be found here:\n // https://github.com/ethereum-optimism/ethereum-optimism.github.io/blob/master/optimism.tokenlist.json\n address public immutable dai = 0x6B175474E89094C44Da98b954EedeAC495271d0F;\n address public immutable daiOptimismBridge = 0x10E6593CDda8c58a1d0f14C5164B376352a55f2F;\n address public immutable snx = 0xC011a73ee8576Fb46F5E1c5751cA3B9Fe0af2a6F;\n address public immutable snxOptimismBridge = 0x39Ea01a0298C315d149a490E34B59Dbf2EC7e48F;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Optimism system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Optimism.\n * @param target Contract on Optimism that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Optimism.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n address bridgeToUse = address(l1StandardBridge);\n\n // Check if the L1 token requires a custom bridge. If so, use that bridge over the standard bridge.\n if (l1Token == dai) bridgeToUse = daiOptimismBridge; // 1. DAI\n if (l1Token == snx) bridgeToUse = snxOptimismBridge; // 2. SNX\n\n IERC20(l1Token).safeIncreaseAllowance(bridgeToUse, amount);\n if (l1Token == snx) SynthetixBridgeToOptimism(bridgeToUse).depositTo(to, amount);\n else IL1StandardBridge(bridgeToUse).depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Polygon_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Send tokens to Polygon.\n */\ninterface IRootChainManager {\n /**\n * @notice Send msg.value of ETH to Polygon\n * @param user Recipient of ETH on Polygon.\n */\n function depositEtherFor(address user) external payable;\n\n /**\n * @notice Send ERC20 tokens to Polygon.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param rootToken L1 Address of token to send.\n * @param depositData Data to pass to L2 including amount of tokens to send. Should be abi.encode(amount).\n */\n function depositFor(\n address user,\n address rootToken,\n bytes calldata depositData\n ) external;\n}\n\n/**\n * @notice Send arbitrary messages to Polygon.\n */\ninterface IFxStateSender {\n /**\n * @notice Send arbitrary message to Polygon.\n * @param _receiver Address on Polygon to receive message.\n * @param _data Message to send to `_receiver` on Polygon.\n */\n function sendMessageToChild(address _receiver, bytes calldata _data) external;\n}\n\n/**\n * @notice Similar to RootChainManager, but for Matic (Plasma) bridge.\n */\ninterface DepositManager {\n /**\n * @notice Send tokens to Polygon. Only used to send MATIC in this Polygon_Adapter.\n * @param token L1 token to send. Should be MATIC.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param amount Amount of `token` to send.\n */\n function depositERC20ForUser(\n address token,\n address user,\n uint256 amount\n ) external;\n}\n\n/**\n * @notice Sends cross chain messages Polygon L2 network.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Polygon_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n IRootChainManager public immutable rootChainManager;\n IFxStateSender public immutable fxStateSender;\n DepositManager public immutable depositManager;\n address public immutable erc20Predicate;\n address public immutable l1Matic;\n WETH9Interface public immutable l1Weth;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rootChainManager RootChainManager Polygon system contract to deposit tokens over the PoS bridge.\n * @param _fxStateSender FxStateSender Polygon system contract to send arbitrary messages to L2.\n * @param _depositManager DepositManager Polygon system contract to deposit tokens over the Plasma bridge (Matic).\n * @param _erc20Predicate ERC20Predicate Polygon system contract to approve when depositing to the PoS bridge.\n * @param _l1Matic matic address on l1.\n * @param _l1Weth WETH address on L1.\n */\n constructor(\n IRootChainManager _rootChainManager,\n IFxStateSender _fxStateSender,\n DepositManager _depositManager,\n address _erc20Predicate,\n address _l1Matic,\n WETH9Interface _l1Weth\n ) {\n rootChainManager = _rootChainManager;\n fxStateSender = _fxStateSender;\n depositManager = _depositManager;\n erc20Predicate = _erc20Predicate;\n l1Matic = _l1Matic;\n l1Weth = _l1Weth;\n }\n\n /**\n * @notice Send cross-chain message to target on Polygon.\n * @param target Contract on Polygon that will receive message.\n * @param message Data to send to target.\n */\n\n function relayMessage(address target, bytes calldata message) external payable override {\n fxStateSender.sendMessageToChild(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Polygon.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n rootChainManager.depositEtherFor{ value: amount }(to);\n } else if (l1Token == l1Matic) {\n IERC20(l1Token).safeIncreaseAllowance(address(depositManager), amount);\n depositManager.depositERC20ForUser(l1Token, to, amount);\n } else {\n IERC20(l1Token).safeIncreaseAllowance(erc20Predicate, amount);\n rootChainManager.depositFor(to, l1Token, abi.encode(amount));\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/ZkSync_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\ninterface ZkSyncInterface {\n // _contractL2: L2 address of the contract to be called.\n // _l2Value: Amount of ETH to pass with the call to L2; used as msg.value for the transaction.\n // _calldata: Calldata of the transaction call; encoded the same way as in Ethereum.\n // _l2GasLimit: Gas limit of the L2 transaction call.\n // _l2GasPerPubdataByteLimit: A constant representing how much gas is required to publish a byte of data from\n // L1 to L2. https://era.zksync.io/docs/api/js/utils.html#gas\n // _factoryDeps: Bytecodes array containing the bytecode of the contract being deployed.\n // If the contract is a factory contract, the array contains the bytecodes of the contracts it can deploy.\n // _refundRecipient: Address that receives the rest of the fee after the transaction execution.\n // If refundRecipient == 0, L2 msg.sender is used. Note: If the _refundRecipient is a smart contract,\n // then during the L1 to L2 transaction its address is aliased.\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash);\n\n // @notice Estimates the cost in Ether of requesting execution of an L2 transaction from L1\n // @param _l1GasPrice Effective gas price on L1 (priority fee + base fee)\n // @param _l2GasLimit Gas limit for the L2 transaction\n // @param _l2GasPerPubdataByteLimit Gas limit for the L2 transaction per byte of pubdata\n // @return The estimated L2 gas for the transaction to be paid\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256);\n}\n\ninterface ZkBridgeLike {\n // @dev: Use ZkSyncInterface.requestL2Transaction to bridge WETH as ETH to L2.\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash);\n}\n\n// Note: this contract just forwards the calls from the HubPool to ZkSync to avoid limits.\n// A modified ZKSync_Adapter should be deployed with this address swapped in for all zkSync addresses.\ncontract LimitBypassProxy is ZkSyncInterface, ZkBridgeLike {\n using SafeERC20 for IERC20;\n ZkSyncInterface public constant zkSync = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256) {\n return zkSync.l2TransactionBaseCost(_l1GasPrice, _l2GasLimit, _l2GasPerPubdataByteLimit);\n }\n\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash) {\n return\n zkSync.requestL2Transaction{ value: msg.value }(\n _contractL2,\n _l2Value,\n _calldata,\n _l2GasLimit,\n _l2GasPerPubdataByteLimit,\n _factoryDeps,\n _refundRecipient\n );\n }\n\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash) {\n IERC20(_l1Token).safeIncreaseAllowance(address(zkErc20Bridge), _amount);\n return\n zkErc20Bridge.deposit{ value: msg.value }(\n _l2Receiver,\n _l1Token,\n _amount,\n _l2TxGasLimit,\n _l2TxGasPerPubdataByte,\n _refundRecipient\n );\n }\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to ZkSync.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract ZkSync_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // We need to pay a base fee to the operator to include our L1 --> L2 transaction.\n // https://era.zksync.io/docs/dev/developer-guides/bridging/l1-l2.html#getting-the-base-cost\n\n // Generally, the following params are a bit hard to set and may change in the future once ZkSync\n // goes live. For now, we'll hardcode these and use aggressive values to ensure inclusion.\n\n // Limit on L2 gas to spend.\n uint256 public constant L2_GAS_LIMIT = 2_000_000;\n\n // How much gas is required to publish a byte of data from L1 to L2. 800 is the required value\n // as set here https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L226\n // Note, this value can change and will require an updated adapter.\n uint256 public constant L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT = 800;\n\n // This address receives any remaining fee after an L1 to L2 transaction completes.\n // If refund recipient = address(0) then L2 msg.sender is used, unless msg.sender is a contract then its address\n // gets aliased.\n address public immutable l2RefundAddress;\n\n // Hardcode the following ZkSync system contract addresses to save gas on construction. This adapter can be\n // redeployed in the event that the following addresses change.\n\n // Main contract used to send L1 --> L2 messages. Fetchable via `zks_getMainContract` method on JSON RPC.\n ZkSyncInterface public constant zkSyncMessageBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Contract used to send ETH to L2. Note: this is the same address as the main contract, but separated to allow\n // only this contract to be swapped (leaving the main zkSync contract to be used for messaging).\n ZkSyncInterface public constant zkSyncEthBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Bridges to send ERC20 and ETH to L2. Fetchable via `zks_getBridgeContracts` method on JSON RPC.\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n // Set l1Weth at construction time to make testing easier.\n WETH9Interface public immutable l1Weth;\n\n event ZkSyncMessageRelayed(bytes32 canonicalTxHash);\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _l2RefundAddress address that recieves excess gas refunds on L2.\n */\n constructor(WETH9Interface _l1Weth, address _l2RefundAddress) {\n l1Weth = _l1Weth;\n l2RefundAddress = _l2RefundAddress;\n }\n\n /**\n * @notice Send cross-chain message to target on ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message, or the message\n * will revert.\n * @param target Contract on L2 that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // Returns the hash of the requested L2 transaction. This hash can be used to follow the transaction status.\n bytes32 canonicalTxHash = zkSyncMessageBridge.requestL2Transaction{ value: txBaseCost }(\n target,\n // We pass no ETH with the call, otherwise we'd need to add to the txBaseCost this value.\n 0,\n message,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n\n emit MessageRelayed(target, message);\n emit ZkSyncMessageRelayed(canonicalTxHash);\n }\n\n /**\n * @notice Bridge tokens to ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message\n * or the message will revert.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused.\n uint256 amount,\n address to\n ) external payable override {\n // This could revert if the relay amount is over the ZkSync deposit\n // limit: https://github.com/matter-labs/era-contracts/blob/main/ethereum/contracts/common/AllowList.sol#L150\n // We should make sure that the limit is either set very high or we need to do logic\n // that splits the amount to deposit into multiple chunks. We can't have\n // this function revert or the HubPool will not be able to proceed to the\n // next bundle. See more here:\n // https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#deposit-limitation\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L230\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // If the l1Token is WETH then unwrap it to ETH then send the ETH to the standard bridge along with the base\n // cost. I've tried sending WETH over the erc20Bridge directly but we receive the wrong WETH\n // on the L2 side. So, we need to unwrap the WETH into ETH and then send.\n bytes32 txHash;\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n // We cannot call the standard ERC20 bridge because it disallows ETH deposits.\n txHash = zkSyncEthBridge.requestL2Transaction{ value: txBaseCost + amount }(\n to,\n amount,\n \"\",\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n } else {\n IERC20(l1Token).safeIncreaseAllowance(address(zkErc20Bridge), amount);\n txHash = zkErc20Bridge.deposit{ value: txBaseCost }(\n to,\n l1Token,\n amount,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n l2RefundAddress\n );\n }\n\n emit TokensRelayed(l1Token, l2Token, amount, to);\n emit ZkSyncMessageRelayed(txHash);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public view returns (uint256) {\n // - tx.gasprice returns effective_gas_price. It's also used by Mailbox contract to estimate L2GasPrice\n // so using tx.gasprice should always pass this check that msg.value >= baseCost + _l2Value\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L273\n // - priority_fee_per_gas = min(transaction.max_priority_fee_per_gas, transaction.max_fee_per_gas - block.base_fee_per_gas)\n // - effective_gas_price = priority_fee_per_gas + block.base_fee_per_gas\n return\n zkSyncMessageBridge.l2TransactionBaseCost(tx.gasprice, L2_GAS_LIMIT, L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT);\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/Ethereum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @notice Ethereum L1 specific SpokePool. Used on Ethereum L1 to facilitate L2->L1 transfers.\n */\ncontract Ethereum_SpokePool is SpokePool, OwnableUpgradeable {\n using SafeERC20Upgradeable for IERC20Upgradeable;\n\n /**\n * @notice Construct the Ethereum SpokePool.\n * @dev crossDomainAdmin is unused on this contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _hubPool, _hubPool, _wethAddress);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n // The SpokePool deployed to the same network as the HubPool must be owned by the HubPool.\n // A core assumption of this contract system is that the HubPool is deployed on Ethereum.\n function _requireAdminSender() internal override onlyOwner {}\n}\n" + }, + "contracts/external/interfaces/SuccinctInterfaces.sol": { + "content": "pragma solidity ^0.8.0;\n\n// These interfaces are a subset of the Succinct interfaces here: https://github.com/succinctlabs/telepathy-contracts.\n\n// This interface should be implemented by any contract wanting to receive messages sent over the Succinct bridge.\ninterface ITelepathyHandler {\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external returns (bytes4);\n}\n\n// This interface represents the contract that we call into to send messages over the Succinct AMB.\ninterface ITelepathyBroadcaster {\n function send(\n uint16 _recipientChainId,\n address _recipientAddress,\n bytes calldata _data\n ) external returns (bytes32);\n}\n" + }, + "contracts/external/interfaces/WETH9Interface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Interface for the WETH9 contract.\n */\ninterface WETH9Interface {\n /**\n * @notice Burn Wrapped Ether and receive native Ether.\n * @param wad Amount of WETH to unwrap and send to caller.\n */\n function withdraw(uint256 wad) external;\n\n /**\n * @notice Lock native Ether and mint Wrapped Ether ERC20\n * @dev msg.value is amount of Wrapped Ether to mint/Ether to lock.\n */\n function deposit() external payable;\n\n /**\n * @notice Get balance of WETH held by `guy`.\n * @param guy Address to get balance of.\n * @return wad Amount of WETH held by `guy`.\n */\n function balanceOf(address guy) external view returns (uint256 wad);\n\n /**\n * @notice Transfer `wad` of WETH from caller to `guy`.\n * @param guy Address to send WETH to.\n * @param wad Amount of WETH to send.\n * @return ok True if transfer succeeded.\n */\n function transfer(address guy, uint256 wad) external returns (bool);\n}\n" + }, + "contracts/interfaces/HubPoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in HubPool implementation.\n */\ninterface HubPoolInterface {\n // This leaf is meant to be decoded in the HubPool to rebalance tokens between HubPool and SpokePool.\n struct PoolRebalanceLeaf {\n // This is used to know which chain to send cross-chain transactions to (and which SpokePool to send to).\n uint256 chainId;\n // Total LP fee amount per token in this bundle, encompassing all associated bundled relays.\n uint256[] bundleLpFees;\n // Represents the amount to push to or pull from the SpokePool. If +, the pool pays the SpokePool. If negative\n // the SpokePool pays the HubPool. There can be arbitrarily complex rebalancing rules defined offchain. This\n // number is only nonzero when the rules indicate that a rebalancing action should occur. When a rebalance does\n // occur, runningBalances must be set to zero for this token and netSendAmounts should be set to the previous\n // runningBalances + relays - deposits in this bundle. If non-zero then it must be set on the SpokePool's\n // RelayerRefundLeaf amountToReturn as -1 * this value to show if funds are being sent from or to the SpokePool.\n int256[] netSendAmounts;\n // This is only here to be emitted in an event to track a running unpaid balance between the L2 pool and the L1\n // pool. A positive number indicates that the HubPool owes the SpokePool funds. A negative number indicates that\n // the SpokePool owes the HubPool funds. See the comment above for the dynamics of this and netSendAmounts.\n int256[] runningBalances;\n // Used by data worker to mark which leaves should relay roots to SpokePools, and to otherwise organize leaves.\n // For example, each leaf should contain all the rebalance information for a single chain, but in the case where\n // the list of l1Tokens is very large such that they all can't fit into a single leaf that can be executed under\n // the block gas limit, then the data worker can use this groupIndex to organize them. Any leaves with\n // a groupIndex equal to 0 will relay roots to the SpokePool, so the data worker should ensure that only one\n // leaf for a specific chainId should have a groupIndex equal to 0.\n uint256 groupIndex;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint8 leafId;\n // The bundleLpFees, netSendAmounts, and runningBalances are required to be the same length. They are parallel\n // arrays for the given chainId and should be ordered by the l1Tokens field. All whitelisted tokens with nonzero\n // relays on this chain in this bundle in the order of whitelisting.\n address[] l1Tokens;\n }\n\n // A data worker can optimistically store several merkle roots on this contract by staking a bond and calling\n // proposeRootBundle. By staking a bond, the data worker is alleging that the merkle roots all contain valid leaves\n // that can be executed later to:\n // - Send funds from this contract to a SpokePool or vice versa\n // - Send funds from a SpokePool to Relayer as a refund for a relayed deposit\n // - Send funds from a SpokePool to a deposit recipient to fulfill a \"slow\" relay\n // Anyone can dispute this struct if the merkle roots contain invalid leaves before the\n // challengePeriodEndTimestamp. Once the expiration timestamp is passed, executeRootBundle to execute a leaf\n // from the poolRebalanceRoot on this contract and it will simultaneously publish the relayerRefundRoot and\n // slowRelayRoot to a SpokePool. The latter two roots, once published to the SpokePool, contain\n // leaves that can be executed on the SpokePool to pay relayers or recipients.\n struct RootBundle {\n // Contains leaves instructing this contract to send funds to SpokePools.\n bytes32 poolRebalanceRoot;\n // Relayer refund merkle root to be published to a SpokePool.\n bytes32 relayerRefundRoot;\n // Slow relay merkle root to be published to a SpokePool.\n bytes32 slowRelayRoot;\n // This is a 1D bitmap, with max size of 256 elements, limiting us to 256 chainsIds.\n uint256 claimedBitMap;\n // Proposer of this root bundle.\n address proposer;\n // Number of pool rebalance leaves to execute in the poolRebalanceRoot. After this number\n // of leaves are executed, a new root bundle can be proposed\n uint8 unclaimedPoolRebalanceLeafCount;\n // When root bundle challenge period passes and this root bundle becomes executable.\n uint32 challengePeriodEndTimestamp;\n }\n\n // Each whitelisted L1 token has an associated pooledToken struct that contains all information used to track the\n // cumulative LP positions and if this token is enabled for deposits.\n struct PooledToken {\n // LP token given to LPs of a specific L1 token.\n address lpToken;\n // True if accepting new LP's.\n bool isEnabled;\n // Timestamp of last LP fee update.\n uint32 lastLpFeeUpdate;\n // Number of LP funds sent via pool rebalances to SpokePools and are expected to be sent\n // back later.\n int256 utilizedReserves;\n // Number of LP funds held in contract less utilized reserves.\n uint256 liquidReserves;\n // Number of LP funds reserved to pay out to LPs as fees.\n uint256 undistributedLpFees;\n }\n\n // Helper contracts to facilitate cross chain actions between HubPool and SpokePool for a specific network.\n struct CrossChainContract {\n address adapter;\n address spokePool;\n }\n\n function setPaused(bool pause) external;\n\n function emergencyDeleteProposal() external;\n\n function relaySpokePoolAdminFunction(uint256 chainId, bytes memory functionData) external;\n\n function setProtocolFeeCapture(address newProtocolFeeCaptureAddress, uint256 newProtocolFeeCapturePct) external;\n\n function setBond(IERC20 newBondToken, uint256 newBondAmount) external;\n\n function setLiveness(uint32 newLiveness) external;\n\n function setIdentifier(bytes32 newIdentifier) external;\n\n function setCrossChainContracts(\n uint256 l2ChainId,\n address adapter,\n address spokePool\n ) external;\n\n function enableL1TokenForLiquidityProvision(address l1Token) external;\n\n function disableL1TokenForLiquidityProvision(address l1Token) external;\n\n function addLiquidity(address l1Token, uint256 l1TokenAmount) external payable;\n\n function removeLiquidity(\n address l1Token,\n uint256 lpTokenAmount,\n bool sendEth\n ) external;\n\n function exchangeRateCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationPostRelay(address l1Token, uint256 relayedAmount) external returns (uint256);\n\n function sync(address l1Token) external;\n\n function proposeRootBundle(\n uint256[] memory bundleEvaluationBlockNumbers,\n uint8 poolRebalanceLeafCount,\n bytes32 poolRebalanceRoot,\n bytes32 relayerRefundRoot,\n bytes32 slowRelayRoot\n ) external;\n\n function executeRootBundle(\n uint256 chainId,\n uint256 groupIndex,\n uint256[] memory bundleLpFees,\n int256[] memory netSendAmounts,\n int256[] memory runningBalances,\n uint8 leafId,\n address[] memory l1Tokens,\n bytes32[] memory proof\n ) external;\n\n function disputeRootBundle() external;\n\n function claimProtocolFeesCaptured(address l1Token) external;\n\n function setPoolRebalanceRoute(\n uint256 destinationChainId,\n address l1Token,\n address destinationToken\n ) external;\n\n function setDepositRoute(\n uint256 originChainId,\n uint256 destinationChainId,\n address originToken,\n bool depositsEnabled\n ) external;\n\n function poolRebalanceRoute(uint256 destinationChainId, address l1Token)\n external\n view\n returns (address destinationToken);\n\n function loadEthForL2Calls() external payable;\n}\n" + }, + "contracts/interfaces/SpokePoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Contains common data structures and functions used by all SpokePool implementations.\n */\ninterface SpokePoolInterface {\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\n struct RelayerRefundLeaf {\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\n // is negative. This is just the negative of this value.\n uint256 amountToReturn;\n // Used to verify that this is being executed on the correct destination chainId.\n uint256 chainId;\n // This array designates how much each of those addresses should be refunded.\n uint256[] refundAmounts;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint32 leafId;\n // The associated L2TokenAddress that these claims apply to.\n address l2TokenAddress;\n // Must be same length as refundAmounts and designates each address that must be refunded.\n address[] refundAddresses;\n }\n\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\n // chain validator can choose when to refund slow relayers.\n struct RelayData {\n // The address that made the deposit on the origin chain.\n address depositor;\n // The recipient address on the destination chain.\n address recipient;\n // The corresponding token address on the destination chain.\n address destinationToken;\n // The total relay amount before fees are taken out.\n uint256 amount;\n // Origin chain id.\n uint256 originChainId;\n // Destination chain id.\n uint256 destinationChainId;\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\n // and the HubPool's utilization.\n int64 realizedLpFeePct;\n // The relayer fee percentage specified in the deposit.\n int64 relayerFeePct;\n // The id uniquely identifying this deposit on the origin chain.\n uint32 depositId;\n // Data that is forwarded to the recipient.\n bytes message;\n }\n\n struct SlowFill {\n RelayData relayData;\n int256 payoutAdjustmentPct;\n }\n\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\n // by \"data workers\" via inclusion proofs to execute leaves in the roots.\n struct RootBundle {\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\n bytes32 slowRelayRoot;\n // Merkle root of relayer refunds for successful relays.\n bytes32 relayerRefundRoot;\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\n // 256x(2^248) leaves per root.\n mapping(uint256 => uint256) claimedBitmap;\n }\n\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\n\n function setHubPool(address newHubPool) external;\n\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enable\n ) external;\n\n function pauseDeposits(bool pause) external;\n\n function pauseFills(bool pause) external;\n\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\n\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\n\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\n\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) external;\n\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) external;\n\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) external;\n\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) external;\n\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) external;\n\n function chainId() external view returns (uint256);\n}\n" + }, + "contracts/merkle-distributor/AcrossMerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @title Extended MerkleDistributor contract.\n * @notice Adds additional constraints governing who can claim leaves from merkle windows.\n */\ncontract AcrossMerkleDistributor is MerkleDistributor {\n using SafeERC20 for IERC20;\n\n // Addresses that can claim on user's behalf.\n mapping(address => bool) public whitelistedClaimers;\n\n /****************************************\n * EVENTS\n ****************************************/\n event WhitelistedClaimer(address indexed claimer, bool indexed whitelist);\n event ClaimFor(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Updates whitelisted claimer status.\n * @dev Callable only by owner.\n * @param newContract Reset claimer contract to this address.\n * @param whitelist True to whitelist claimer, False otherwise.\n */\n function whitelistClaimer(address newContract, bool whitelist) external onlyOwner {\n whitelistedClaimers[newContract] = whitelist;\n emit WhitelistedClaimer(newContract, whitelist);\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev All claim recipients must be equal to msg.sender.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public override {\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n require(claims[i].account == msg.sender, \"invalid claimer\");\n }\n super.claimMulti(claims);\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev Claim recipient must be equal to msg.sender.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public override {\n require(_claim.account == msg.sender, \"invalid claimer\");\n super.claim(_claim);\n }\n\n /**\n * @notice Executes merkle leaf claim on behaf of user. This can only be called by a trusted\n * claimer address. This function is designed to be called atomically with other transactions\n * that ultimately return the claimed amount to the rightful recipient. For example,\n * AcceleratingDistributor could call this function and then stake atomically on behalf of the user.\n * @dev Caller must be in whitelistedClaimers struct set to \"true\".\n * @param _claim leaf to claim.\n */\n\n function claimFor(Claim memory _claim) public {\n require(whitelistedClaimers[msg.sender], \"unwhitelisted claimer\");\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(msg.sender, _claim.amount);\n emit ClaimFor(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "contracts/MerkleLib.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./interfaces/HubPoolInterface.sol\";\n\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\n\n/**\n * @notice Library to help with merkle roots, proofs, and claims.\n */\nlibrary MerkleLib {\n /**\n * @notice Verifies that a repayment is contained within a merkle root.\n * @param root the merkle root.\n * @param rebalance the rebalance struct.\n * @param proof the merkle proof.\n * @return bool to signal if the pool rebalance proof correctly shows inclusion of the rebalance within the tree.\n */\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(rebalance)));\n }\n\n /**\n * @notice Verifies that a relayer refund is contained within a merkle root.\n * @param root the merkle root.\n * @param refund the refund struct.\n * @param proof the merkle proof.\n * @return bool to signal if the relayer refund proof correctly shows inclusion of the refund within the tree.\n */\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(refund)));\n }\n\n /**\n * @notice Verifies that a distribution is contained within a merkle root.\n * @param root the merkle root.\n * @param slowRelayFulfillment the relayData fulfillment struct.\n * @param proof the merkle proof.\n * @return bool to signal if the slow relay's proof correctly shows inclusion of the slow relay within the tree.\n */\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowRelayFulfillment,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(slowRelayFulfillment)));\n }\n\n // The following functions are primarily copied from\n // https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol with minor changes.\n\n /**\n * @notice Tests whether a claim is contained within a claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to check in the bitmap.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal view returns (bool) {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n uint256 claimedWord = claimedBitMap[claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to mark in the bitmap.\n */\n function setClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n claimedBitMap[claimedWordIndex] = claimedBitMap[claimedWordIndex] | (1 << claimedBitIndex);\n }\n\n /**\n * @notice Tests whether a claim is contained within a 1D claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 value, encoding a 1D bitmap.\n * @param index the index to check in the bitmap. Uint8 type enforces that index can't be > 255.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (bool) {\n uint256 mask = (1 << index);\n return claimedBitMap & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap. Uint8 type enforces that index\n * can't be > 255.\n * @param index the index to mark in the bitmap.\n * @return uint256 representing the modified input claimedBitMap with the index set to true.\n */\n function setClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (uint256) {\n return claimedBitMap | (1 << index);\n }\n}\n" + }, + "contracts/Ovm_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol\";\nimport \"@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol\";\n\n// https://github.com/Synthetixio/synthetix/blob/5ca27785fad8237fb0710eac01421cafbbd69647/contracts/SynthetixBridgeToBase.sol#L50\ninterface SynthetixBridgeToBase {\n function withdrawTo(address to, uint256 amount) external;\n}\n\n// https://github.com/ethereum-optimism/optimism/blob/bf51c4935261634120f31827c3910aa631f6bf9c/packages/contracts-bedrock/contracts/L2/L2StandardBridge.sol\ninterface IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable;\n}\n\n/**\n * @notice OVM specific SpokePool. Uses OVM cross-domain-enabled logic to implement admin only access to functions. * Optimism and Boba each implement this spoke pool and set their chain specific contract addresses for l2Eth and l2Weth.\n */\ncontract Ovm_SpokePool is SpokePool {\n // \"l1Gas\" parameter used in call to bridge tokens from this contract back to L1 via IL2ERC20Bridge. Currently\n // unused by bridge but included for future compatibility.\n uint32 public l1Gas;\n\n // ETH is an ERC20 on OVM.\n address public l2Eth;\n\n // Address of the Optimism L2 messenger.\n address public messenger;\n\n // Address of custom bridge used to bridge Synthetix-related assets like SNX.\n address private constant SYNTHETIX_BRIDGE = 0x136b1EC699c62b0606854056f02dC7Bb80482d63;\n\n // Address of SNX ERC20\n address private constant SNX = 0x8700dAec35aF8Ff88c16BdF0418774CB3D7599B4;\n\n // Stores alternative token bridges to use for L2 tokens that don't go over the standard bridge. This is needed\n // to support non-standard ERC20 tokens on Optimism, such as DIA and SNX which both use custom bridges.\n mapping(address => address) public tokenBridges;\n\n event OptimismTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged, uint256 l1Gas);\n event SetL1Gas(uint32 indexed newL1Gas);\n event SetL2TokenBridge(address indexed l2Token, address indexed tokenBridge);\n\n /**\n * @notice Construct the OVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n */\n function __OvmSpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _l2Eth,\n address _wrappedNativeToken\n ) public onlyInitializing {\n l1Gas = 5_000_000;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n messenger = Lib_PredeployAddresses.L2_CROSS_DOMAIN_MESSENGER;\n //slither-disable-next-line missing-zero-check\n l2Eth = _l2Eth;\n }\n\n /*******************************************\n * OPTIMISM-SPECIFIC ADMIN FUNCTIONS *\n *******************************************/\n\n /**\n * @notice Change L1 gas limit. Callable only by admin.\n * @param newl1Gas New L1 gas limit to set.\n */\n function setL1GasLimit(uint32 newl1Gas) public onlyAdmin nonReentrant {\n l1Gas = newl1Gas;\n emit SetL1Gas(newl1Gas);\n }\n\n /**\n * @notice Set bridge contract for L2 token used to withdraw back to L1.\n * @dev If this mapping isn't set for an L2 token, then the standard bridge will be used to bridge this token.\n * @param tokenBridge Address of token bridge\n */\n function setTokenBridge(address l2Token, address tokenBridge) public onlyAdmin nonReentrant {\n tokenBridges[l2Token] = tokenBridge;\n emit SetL2TokenBridge(l2Token, tokenBridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. Its not sufficient to execute\n // this logic inside a fallback method that executes when this contract receives ETH because ETH is an ERC20\n // on the OVM.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // If the token being bridged is WETH then we need to first unwrap it to ETH and then send ETH over the\n // canonical bridge. On Optimism, this is address 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n relayerRefundLeaf.l2TokenAddress = l2Eth; // Set the l2TokenAddress to ETH.\n IL2ERC20Bridge(Lib_PredeployAddresses.L2_STANDARD_BRIDGE).withdrawTo{\n value: relayerRefundLeaf.amountToReturn\n }(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n }\n // Handle custom SNX bridge which doesn't conform to the standard bridge interface.\n else if (relayerRefundLeaf.l2TokenAddress == SNX)\n SynthetixBridgeToBase(SYNTHETIX_BRIDGE).withdrawTo(\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn // _amount.\n );\n else\n IL2ERC20Bridge(\n tokenBridges[relayerRefundLeaf.l2TokenAddress] == address(0)\n ? Lib_PredeployAddresses.L2_STANDARD_BRIDGE\n : tokenBridges[relayerRefundLeaf.l2TokenAddress]\n ).withdrawTo(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n\n emit OptimismTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn, l1Gas);\n }\n\n // Apply OVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal view override {\n require(\n LibOptimismUpgradeable.crossChainSender(messenger) == crossDomainAdmin,\n \"OVM_XCHAIN: wrong sender of cross-domain message\"\n );\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./MerkleLib.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./upgradeable/MultiCallerUpgradeable.sol\";\nimport \"./upgradeable/EIP712CrossChainUpgradeable.sol\";\nimport \"./upgradeable/AddressLibUpgradeable.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/math/SignedMath.sol\";\n\n// This interface is expected to be implemented by any contract that expects to recieve messages from the SpokePool.\ninterface AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external;\n}\n\n/**\n * @title SpokePool\n * @notice Base contract deployed on source and destination chains enabling depositors to transfer assets from source to\n * destination. Deposit orders are fulfilled by off-chain relayers who also interact with this contract. Deposited\n * tokens are locked on the source chain and relayers send the recipient the desired token currency and amount\n * on the destination chain. Locked source chain tokens are later sent over the canonical token bridge to L1 HubPool.\n * Relayers are refunded with destination tokens out of this contract after another off-chain actor, a \"data worker\",\n * submits a proof that the relayer correctly submitted a relay on this SpokePool.\n */\nabstract contract SpokePool is\n SpokePoolInterface,\n UUPSUpgradeable,\n ReentrancyGuardUpgradeable,\n MultiCallerUpgradeable,\n EIP712CrossChainUpgradeable\n{\n using SafeERC20Upgradeable for IERC20Upgradeable;\n using AddressLibUpgradeable for address;\n\n // Address of the L1 contract that acts as the owner of this SpokePool. This should normally be set to the HubPool\n // address. The crossDomainAdmin address is unused when the SpokePool is deployed to the same chain as the HubPool.\n address public crossDomainAdmin;\n\n // Address of the L1 contract that will send tokens to and receive tokens from this contract to fund relayer\n // refunds and slow relays.\n address public hubPool;\n\n // Address of wrappedNativeToken contract for this network. If an origin token matches this, then the caller can\n // optionally instruct this contract to wrap native tokens when depositing (ie ETH->WETH or MATIC->WMATIC).\n WETH9Interface public wrappedNativeToken;\n\n // Any deposit quote times greater than or less than this value to the current contract time is blocked. Forces\n // caller to use an approximately \"current\" realized fee. Defaults to 1 hour.\n uint32 public depositQuoteTimeBuffer;\n\n // Count of deposits is used to construct a unique deposit identifier for this spoke pool.\n uint32 public numberOfDeposits;\n\n // Whether deposits and fills are disabled.\n bool public pausedFills;\n bool public pausedDeposits;\n\n // This contract can store as many root bundles as the HubPool chooses to publish here.\n RootBundle[] public rootBundles;\n\n // Origin token to destination token routings can be turned on or off, which can enable or disable deposits.\n mapping(address => mapping(uint256 => bool)) public enabledDepositRoutes;\n\n // Each relay is associated with the hash of parameters that uniquely identify the original deposit and a relay\n // attempt for that deposit. The relay itself is just represented as the amount filled so far. The total amount to\n // relay, the fees, and the agents are all parameters included in the hash key.\n mapping(bytes32 => uint256) public relayFills;\n\n // This keeps track of the worst-case liabilities due to fills.\n // It is never reset. Users should only rely on it to determine the worst-case increase in liabilities between\n // two points. This is used to provide frontrunning protection to ensure the relayer's assumptions about the state\n // upon which their expected repayments are based will not change before their transaction is mined.\n mapping(address => uint256) public fillCounter;\n\n // This keeps track of the total running deposits for each token. This allows depositors to protect themselves from\n // frontrunning that might change their worst-case quote.\n mapping(address => uint256) public depositCounter;\n\n // This tracks the number of identical refunds that have been requested.\n // The intention is to allow an off-chain system to know when this could be a duplicate and ensure that the other\n // requests are known and accounted for.\n mapping(bytes32 => uint256) public refundsRequested;\n\n uint256 public constant MAX_TRANSFER_SIZE = 1e36;\n\n // Note: this needs to be larger than the max transfer size to ensure that all slow fills are fillable, even if\n // their fees are negative.\n // It's important that it isn't too large, however, as it should be multipliable by ~2e18 without overflowing.\n // 1e40 * 2e18 = 2e58 << 2^255 ~= 5e76\n uint256 public constant SLOW_FILL_MAX_TOKENS_TO_SEND = 1e40;\n\n // Set max payout adjustment to something\n\n bytes32 public constant UPDATE_DEPOSIT_DETAILS_HASH =\n keccak256(\n \"UpdateDepositDetails(uint32 depositId,uint256 originChainId,int64 updatedRelayerFeePct,address updatedRecipient,bytes updatedMessage)\"\n );\n\n /****************************************\n * EVENTS *\n ****************************************/\n event SetXDomainAdmin(address indexed newAdmin);\n event SetHubPool(address indexed newHubPool);\n event EnabledDepositRoute(address indexed originToken, uint256 indexed destinationChainId, bool enabled);\n event SetDepositQuoteTimeBuffer(uint32 newBuffer);\n event FundsDeposited(\n uint256 amount,\n uint256 originChainId,\n uint256 indexed destinationChainId,\n int64 relayerFeePct,\n uint32 indexed depositId,\n uint32 quoteTimestamp,\n address originToken,\n address recipient,\n address indexed depositor,\n bytes message\n );\n event RequestedSpeedUpDeposit(\n int64 newRelayerFeePct,\n uint32 indexed depositId,\n address indexed depositor,\n address updatedRecipient,\n bytes updatedMessage,\n bytes depositorSignature\n );\n event FilledRelay(\n uint256 amount,\n uint256 totalFilledAmount,\n uint256 fillAmount,\n uint256 repaymentChainId,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 relayerFeePct,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n address destinationToken,\n address relayer,\n address indexed depositor,\n address recipient,\n bytes message,\n RelayExecutionInfo updatableRelayData\n );\n event RefundRequested(\n address indexed relayer,\n address refundToken,\n uint256 amount,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n uint256 fillBlock,\n uint256 previousIdenticalRequests\n );\n event RelayedRootBundle(\n uint32 indexed rootBundleId,\n bytes32 indexed relayerRefundRoot,\n bytes32 indexed slowRelayRoot\n );\n event ExecutedRelayerRefundRoot(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint256[] refundAmounts,\n uint32 indexed rootBundleId,\n uint32 indexed leafId,\n address l2TokenAddress,\n address[] refundAddresses,\n address caller\n );\n event TokensBridged(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint32 indexed leafId,\n address indexed l2TokenAddress,\n address caller\n );\n event EmergencyDeleteRootBundle(uint256 indexed rootBundleId);\n event PausedDeposits(bool isPaused);\n event PausedFills(bool isPaused);\n\n /**\n * @notice Represents data used to fill a deposit.\n * @param relay Relay containing original data linked to deposit. Contains fields that can be\n * overridden by other parameters in the RelayExecution struct.\n * @param relayHash Hash of the relay data.\n * @param updatedRelayerFeePct Actual relayer fee pct to use for this relay.\n * @param updatedRecipient Actual recipient to use for this relay.\n * @param updatedMessage Actual message to use for this relay.\n * @param repaymentChainId Chain ID of the network that the relayer will receive refunds on.\n * @param maxTokensToSend Max number of tokens to pull from relayer.\n * @param maxCount Max count to protect the relayer from frontrunning.\n * @param slowFill Whether this is a slow fill.\n * @param payoutAdjustmentPct Adjustment to the payout amount. Can be used to increase or decrease the payout to\n * allow for rewards or penalties. Used in slow fills.\n */\n struct RelayExecution {\n RelayData relay;\n bytes32 relayHash;\n int64 updatedRelayerFeePct;\n address updatedRecipient;\n bytes updatedMessage;\n uint256 repaymentChainId;\n uint256 maxTokensToSend;\n uint256 maxCount;\n bool slowFill;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * @notice Packs together information to include in FilledRelay event.\n * @dev This struct is emitted as opposed to its constituent parameters due to the limit on number of\n * parameters in an event.\n * @param recipient Recipient of the relayed funds.\n * @param message Message included in the relay.\n * @param relayerFeePct Relayer fee pct used for this relay.\n * @param isSlowRelay Whether this is a slow relay.\n * @param payoutAdjustmentPct Adjustment to the payout amount.\n */\n struct RelayExecutionInfo {\n address recipient;\n bytes message;\n int64 relayerFeePct;\n bool isSlowRelay;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * Do not leave an implementation contract uninitialized. An uninitialized implementation contract can be\n * taken over by an attacker, which may impact the proxy. To prevent the implementation contract from being\n * used, you should invoke the _disableInitializers function in the constructor to automatically lock it when\n * it is deployed:\n */\n /// @custom:oz-upgrades-unsafe-allow constructor\n constructor() {\n _disableInitializers();\n }\n\n /**\n * @notice Construct the base SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeTokenAddress wrappedNativeToken address for this network to set.\n */\n function __SpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeTokenAddress\n ) public onlyInitializing {\n numberOfDeposits = _initialDepositId;\n __EIP712_init(\"ACROSS-V2\", \"1.0.0\");\n __UUPSUpgradeable_init();\n __ReentrancyGuard_init();\n depositQuoteTimeBuffer = 3600;\n _setCrossDomainAdmin(_crossDomainAdmin);\n _setHubPool(_hubPool);\n wrappedNativeToken = WETH9Interface(_wrappedNativeTokenAddress);\n }\n\n /****************************************\n * MODIFIERS *\n ****************************************/\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n * @dev This should be set to cross domain admin for specific SpokePool.\n */\n modifier onlyAdmin() {\n _requireAdminSender();\n _;\n }\n\n modifier unpausedDeposits() {\n require(!pausedDeposits, \"Paused deposits\");\n _;\n }\n\n modifier unpausedFills() {\n require(!pausedFills, \"Paused fills\");\n _;\n }\n\n /**************************************\n * ADMIN FUNCTIONS *\n **************************************/\n\n // Allows cross domain admin to upgrade UUPS proxy implementation.\n function _authorizeUpgrade(address newImplementation) internal override onlyAdmin {}\n\n /**\n * @notice Pauses deposit-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects `deposit()` but not `speedUpDeposit()`, so that existing deposits can be sped up and still\n * relayed.\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseDeposits(bool pause) public override onlyAdmin nonReentrant {\n pausedDeposits = pause;\n emit PausedDeposits(pause);\n }\n\n /**\n * @notice Pauses fill-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects fillRelayWithUpdatedDeposit() and fillRelay().\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseFills(bool pause) public override onlyAdmin nonReentrant {\n pausedFills = pause;\n emit PausedFills(pause);\n }\n\n /**\n * @notice Change cross domain admin address. Callable by admin only.\n * @param newCrossDomainAdmin New cross domain admin.\n */\n function setCrossDomainAdmin(address newCrossDomainAdmin) public override onlyAdmin nonReentrant {\n _setCrossDomainAdmin(newCrossDomainAdmin);\n }\n\n /**\n * @notice Change L1 hub pool address. Callable by admin only.\n * @param newHubPool New hub pool.\n */\n function setHubPool(address newHubPool) public override onlyAdmin nonReentrant {\n _setHubPool(newHubPool);\n }\n\n /**\n * @notice Enable/Disable an origin token => destination chain ID route for deposits. Callable by admin only.\n * @param originToken Token that depositor can deposit to this contract.\n * @param destinationChainId Chain ID for where depositor wants to receive funds.\n * @param enabled True to enable deposits, False otherwise.\n */\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enabled\n ) public override onlyAdmin nonReentrant {\n enabledDepositRoutes[originToken][destinationChainId] = enabled;\n emit EnabledDepositRoute(originToken, destinationChainId, enabled);\n }\n\n /**\n * @notice Change allowance for deposit quote time to differ from current block time. Callable by admin only.\n * @param newDepositQuoteTimeBuffer New quote time buffer.\n */\n function setDepositQuoteTimeBuffer(uint32 newDepositQuoteTimeBuffer) public override onlyAdmin nonReentrant {\n depositQuoteTimeBuffer = newDepositQuoteTimeBuffer;\n emit SetDepositQuoteTimeBuffer(newDepositQuoteTimeBuffer);\n }\n\n /**\n * @notice This method stores a new root bundle in this contract that can be executed to refund relayers, fulfill\n * slow relays, and send funds back to the HubPool on L1. This method can only be called by the admin and is\n * designed to be called as part of a cross-chain message from the HubPool's executeRootBundle method.\n * @param relayerRefundRoot Merkle root containing relayer refund leaves that can be individually executed via\n * executeRelayerRefundLeaf().\n * @param slowRelayRoot Merkle root containing slow relay fulfillment leaves that can be individually executed via\n * executeSlowRelayLeaf().\n */\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) public override onlyAdmin nonReentrant {\n uint32 rootBundleId = uint32(rootBundles.length);\n RootBundle storage rootBundle = rootBundles.push();\n rootBundle.relayerRefundRoot = relayerRefundRoot;\n rootBundle.slowRelayRoot = slowRelayRoot;\n emit RelayedRootBundle(rootBundleId, relayerRefundRoot, slowRelayRoot);\n }\n\n /**\n * @notice This method is intended to only be used in emergencies where a bad root bundle has reached the\n * SpokePool.\n * @param rootBundleId Index of the root bundle that needs to be deleted. Note: this is intentionally a uint256\n * to ensure that a small input range doesn't limit which indices this method is able to reach.\n */\n function emergencyDeleteRootBundle(uint256 rootBundleId) public override onlyAdmin nonReentrant {\n // Deleting a struct containing a mapping does not delete the mapping in Solidity, therefore the bitmap's\n // data will still remain potentially leading to vulnerabilities down the line. The way around this would\n // be to iterate through every key in the mapping and resetting the value to 0, but this seems expensive and\n // would require a new list in storage to keep track of keys.\n //slither-disable-next-line mapping-deletion\n delete rootBundles[rootBundleId];\n emit EmergencyDeleteRootBundle(rootBundleId);\n }\n\n /**************************************\n * DEPOSITOR FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by user to bridge funds from origin to destination chain. Depositor will effectively lock\n * tokens in this contract and receive a destination token on the destination chain. The origin => destination\n * token mapping is stored on the L1 HubPool.\n * @notice The caller must first approve this contract to spend amount of originToken.\n * @notice The originToken => destinationChainId must be enabled.\n * @notice This method is payable because the caller is able to deposit native token if the originToken is\n * wrappedNativeToken and this function will handle wrapping the native token to wrappedNativeToken.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) public payable override nonReentrant unpausedDeposits {\n // Check that deposit route is enabled.\n require(enabledDepositRoutes[originToken][destinationChainId], \"Disabled route\");\n\n // We limit the relay fees to prevent the user spending all their funds on fees.\n require(SignedMath.abs(relayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n require(depositCounter[originToken] <= maxCount, \"Above max count\");\n\n // Require that quoteTimestamp has a maximum age so that depositors pay an LP fee based on recent HubPool usage.\n // It is assumed that cross-chain timestamps are normally loosely in-sync, but clock drift can occur. If the\n // SpokePool time stalls or lags significantly, it is still possible to make deposits by setting quoteTimestamp\n // within the configured buffer. The owner should pause deposits if this is undesirable. This will underflow if\n // quoteTimestamp is more than depositQuoteTimeBuffer; this is safe but will throw an unintuitive error.\n\n // slither-disable-next-line timestamp\n require(getCurrentTime() - quoteTimestamp <= depositQuoteTimeBuffer, \"invalid quoteTimestamp\");\n\n // Increment count of deposits so that deposit ID for this spoke pool is unique.\n uint32 newDepositId = numberOfDeposits++;\n depositCounter[originToken] += amount;\n\n // If the address of the origin token is a wrappedNativeToken contract and there is a msg.value with the\n // transaction then the user is sending ETH. In this case, the ETH should be deposited to wrappedNativeToken.\n if (originToken == address(wrappedNativeToken) && msg.value > 0) {\n require(msg.value == amount, \"msg.value must match amount\");\n wrappedNativeToken.deposit{ value: msg.value }();\n // Else, it is a normal ERC20. In this case pull the token from the user's wallet as per normal.\n // Note: this includes the case where the L2 user has WETH (already wrapped ETH) and wants to bridge them.\n // In this case the msg.value will be set to 0, indicating a \"normal\" ERC20 bridging action.\n } else IERC20Upgradeable(originToken).safeTransferFrom(msg.sender, address(this), amount);\n\n emit FundsDeposited(\n amount,\n chainId(),\n destinationChainId,\n relayerFeePct,\n newDepositId,\n quoteTimestamp,\n originToken,\n recipient,\n msg.sender,\n message\n );\n }\n\n /**\n * @notice This is a simple wrapper for deposit() that sets the quoteTimestamp to the current SpokePool timestamp.\n * @notice This function is intended for multisig depositors who can accept some LP fee uncertainty in order to lift\n * the quoteTimestamp buffer constraint.\n * @dev Re-orgs may produce invalid fills if the quoteTimestamp moves across a change in HubPool utilisation.\n * @dev The existing function modifiers are already enforced by deposit(), so no additional modifiers are imposed.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) public payable {\n deposit(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n uint32(getCurrentTime()),\n message,\n maxCount\n );\n }\n\n /**\n * @notice Convenience method that depositor can use to signal to relayer to use updated fee.\n * @notice Relayer should only use events emitted by this function to submit fills with updated fees, otherwise they\n * risk their fills getting disputed for being invalid, for example if the depositor never actually signed the\n * update fee message.\n * @notice This function will revert if the depositor did not sign a message containing the updated fee for the\n * deposit ID stored in this contract. If the deposit ID is for another contract, or the depositor address is\n * incorrect, or the updated fee is incorrect, then the signature will not match and this function will revert.\n * @notice This function is not subject to a deposit pause on the off chance that deposits sent before all deposits\n * are paused have very low fees and the user wants to entice a relayer to fill them with a higher fee.\n * @param depositor Signer of the update fee message who originally submitted the deposit. If the deposit doesn't\n * exist, then the relayer will not be able to fill any relay, so the caller should validate that the depositor\n * did in fact submit a relay.\n * @param updatedRelayerFeePct New relayer fee that relayers can use.\n * @param depositId Deposit to update fee for that originated in this contract.\n * @param updatedRecipient New recipient address that should receive the tokens.\n * @param updatedMessage New message that should be provided to the recipient.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n */\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) public override nonReentrant {\n require(SignedMath.abs(updatedRelayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n chainId(),\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n\n // Assuming the above checks passed, a relayer can take the signature and the updated relayer fee information\n // from the following event to submit a fill with an updated fee %.\n emit RequestedSpeedUpDeposit(\n updatedRelayerFeePct,\n depositId,\n depositor,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n }\n\n /**************************************\n * RELAYER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by relayer to fulfill part of a deposit by sending destination tokens to the recipient.\n * Relayer is expected to pass in unique identifying information for deposit that they want to fulfill, and this\n * relay submission will be validated by off-chain data workers who can dispute this relay if any part is invalid.\n * If the relay is valid, then the relayer will be refunded on their desired repayment chain. If relay is invalid,\n * then relayer will not receive any refund.\n * @notice All of the deposit data can be found via on-chain events from the origin SpokePool, except for the\n * realizedLpFeePct which is a function of the HubPool's utilization at the deposit quote time. This fee %\n * is deterministic based on the quote time, so the relayer should just compute it using the canonical algorithm\n * as described in a UMIP linked to the HubPool's identifier.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Fee % to keep as relayer, specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Message to send to recipient along with tokens.\n * @param maxCount Max count to protect the relayer from frontrunning.\n */\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) public nonReentrant unpausedFills {\n // Each relay attempt is mapped to the hash of data uniquely identifying it, which includes the deposit data\n // such as the origin chain ID and the deposit ID, and the data in a relay attempt such as who the recipient\n // is, which chain and currency the recipient wants to receive funds on, and the relay fees.\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: relayerFeePct,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Called by relayer to execute same logic as calling fillRelay except that relayer is using an updated\n * relayer fee %. The fee % must have been emitted in a message cryptographically signed by the depositor.\n * @notice By design, the depositor probably emitted the message with the updated fee by calling speedUpDeposit().\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param updatedRelayerFeePct New fee % to keep as relayer also specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Original message that was sent along with this deposit.\n * @param updatedMessage Modified message that the depositor signed when updating parameters.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n * @param maxCount Max fill count to protect the relayer from frontrunning.\n */\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) public override nonReentrant unpausedFills {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: updatedRelayerFeePct,\n updatedRecipient: updatedRecipient,\n updatedMessage: updatedMessage,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Caller signals to the system that they want a refund on this chain, which they set as the\n * `repaymentChainId` on the original fillRelay() call on the `destinationChainId`. An observer should be\n * be able to 1-to-1 match the emitted RefundRequested event with the FilledRelay event on the `destinationChainId`.\n * @dev This function could be used to artificially inflate the `fillCounter`, allowing the caller to \"frontrun\"\n * and cancel pending fills in the mempool. This would in the worst case censor fills at the cost of the caller's\n * gas costs. We don't view this as a major issue as the fill can be resubmitted and obtain the same incentive,\n * since incentives are based on validated refunds and would ignore these censoring attempts. This is no\n * different from calling `fillRelay` and setting msg.sender = recipient.\n * @dev Caller needs to pass in `fillBlock` that the FilledRelay event was emitted on the `destinationChainId`.\n * This is to make it hard to request a refund before a fill has been mined and to make lookups of the original\n * fill as simple as possible.\n * @param refundToken This chain's token equivalent for original fill destination token.\n * @param amount Original deposit amount.\n * @param originChainId Original origin chain ID.\n * @param destinationChainId Original destination chain ID.\n * @param realizedLpFeePct Original realized LP fee %.\n * @param depositId Original deposit ID.\n * @param maxCount Max count to protect the refund recipient from frontrunning.\n */\n function requestRefund(\n address refundToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 depositId,\n uint256 fillBlock,\n uint256 maxCount\n ) external nonReentrant {\n // Prevent unrealistic amounts from increasing fill counter too high.\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[refundToken] <= maxCount, \"Above max count\");\n\n // Track duplicate refund requests.\n bytes32 refundHash = keccak256(\n abi.encode(\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock\n )\n );\n\n // Track duplicate requests so that an offchain actor knows if an identical request has already been made.\n // If so, it can check to ensure that that request was thrown out as invalid before honoring the duplicate.\n // In particular, this is meant to handle odd cases where an initial request is invalidated based on\n // timing, but can be validated by a later, identical request.\n uint256 previousIdenticalRequests = refundsRequested[refundHash]++;\n\n // Refund will take tokens out of this pool, increment the fill counter. This function should only be\n // called if a relayer from destinationChainId wants to take a refund on this chain, a different chain.\n // This type of repayment should only be possible for full fills, so the starting fill amount should\n // always be 0. Also, just like in _fillRelay we should revert if the first fill pre fees rounds to 0,\n // and in this case `amount` == `fillAmountPreFees`.\n require(amount > 0, \"Amount must be > 0\");\n _updateCountFromFill(\n 0,\n true, // The refund is being requested here, so it is local.\n amount,\n realizedLpFeePct,\n refundToken,\n false // Slow fills should never match with a Refund. This should be enforced by off-chain bundle builders.\n );\n\n emit RefundRequested(\n // Set caller as relayer. If caller is not relayer from destination chain that originally sent\n // fill, then off-chain validator should discard this refund attempt.\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock,\n previousIdenticalRequests\n );\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Executes a slow relay leaf stored as part of a root bundle. Will send the full amount remaining in the\n * relay to the recipient, less fees.\n * @dev This function assumes that the relay's destination chain ID is the current chain ID, which prevents\n * the caller from executing a slow relay intended for another chain on this chain.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param rootBundleId Unique ID of root bundle containing slow relay root that this leaf is contained in.\n * @param message Message to send to the recipient if the recipient is a contract.\n * @param payoutAdjustment Adjustment to the payout amount. Can be used to increase or decrease the payout to allow\n * for rewards or penalties.\n * @param proof Inclusion proof for this leaf in slow relay root in root bundle.\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n amount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Executes a relayer refund leaf stored as part of a root bundle. Will send the relayer the amount they\n * sent to the recipient plus a relayer fee.\n * @param rootBundleId Unique ID of root bundle containing relayer refund root that this leaf is contained in.\n * @param relayerRefundLeaf Contains all data necessary to reconstruct leaf contained in root bundle and to\n * refund relayer. This data structure is explained in detail in the SpokePoolInterface.\n * @param proof Inclusion proof for this leaf in relayer refund root in root bundle.\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * VIEW FUNCTIONS *\n **************************************/\n\n /**\n * @notice Returns chain ID for this network.\n * @dev Some L2s like ZKSync don't support the CHAIN_ID opcode so we allow the implementer to override this.\n */\n function chainId() public view virtual override returns (uint256) {\n return block.chainid;\n }\n\n /**\n * @notice Gets the current time.\n * @return uint for the current timestamp.\n */\n function getCurrentTime() public view virtual returns (uint256) {\n return block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Verifies inclusion proof of leaf in root, sends relayer their refund, and sends to HubPool any rebalance\n // transfers.\n function _executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) internal {\n // Check integrity of leaf structure:\n require(relayerRefundLeaf.chainId == chainId(), \"Invalid chainId\");\n require(relayerRefundLeaf.refundAddresses.length == relayerRefundLeaf.refundAmounts.length, \"invalid leaf\");\n\n RootBundle storage rootBundle = rootBundles[rootBundleId];\n\n // Check that inclusionProof proves that relayerRefundLeaf is contained within the relayer refund root.\n // Note: This should revert if the relayerRefundRoot is uninitialized.\n require(MerkleLib.verifyRelayerRefund(rootBundle.relayerRefundRoot, relayerRefundLeaf, proof), \"Bad Proof\");\n\n // Verify the leafId in the leaf has not yet been claimed.\n require(!MerkleLib.isClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId), \"Already claimed\");\n\n // Set leaf as claimed in bitmap. This is passed by reference to the storage rootBundle.\n MerkleLib.setClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId);\n\n // Send each relayer refund address the associated refundAmount for the L2 token address.\n // Note: Even if the L2 token is not enabled on this spoke pool, we should still refund relayers.\n uint256 length = relayerRefundLeaf.refundAmounts.length;\n for (uint256 i = 0; i < length; ) {\n uint256 amount = relayerRefundLeaf.refundAmounts[i];\n if (amount > 0)\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(\n relayerRefundLeaf.refundAddresses[i],\n amount\n );\n\n // OK because we assume refund array length won't be > types(uint256).max.\n // Based on the stress test results in /test/gas-analytics/SpokePool.RelayerRefundLeaf.ts, the UMIP should\n // limit the refund count in valid proposals to be ~800 so any RelayerRefundLeaves with > 800 refunds should\n // not make it to this stage.\n\n unchecked {\n ++i;\n }\n }\n\n // If leaf's amountToReturn is positive, then send L2 --> L1 message to bridge tokens back via\n // chain-specific bridging method.\n if (relayerRefundLeaf.amountToReturn > 0) {\n _bridgeTokensToHubPool(relayerRefundLeaf);\n\n emit TokensBridged(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n msg.sender\n );\n }\n\n emit ExecutedRelayerRefundRoot(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.refundAmounts,\n rootBundleId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n relayerRefundLeaf.refundAddresses,\n msg.sender\n );\n }\n\n // Verifies inclusion proof of leaf in root and sends recipient remainder of relay. Marks relay as filled.\n function _executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustmentPct,\n bytes32[] memory proof\n ) internal {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: destinationChainId,\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: 0,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: 0,\n maxTokensToSend: SLOW_FILL_MAX_TOKENS_TO_SEND,\n slowFill: true,\n payoutAdjustmentPct: payoutAdjustmentPct,\n maxCount: type(uint256).max\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifySlowFill(relayExecution, rootBundleId, proof);\n\n // Note: use relayAmount as the max amount to send, so the relay is always completely filled by the contract's\n // funds in all cases. As this is a slow relay we set the relayerFeePct to 0. This effectively refunds the\n // relayer component of the relayerFee thereby only charging the depositor the LpFee.\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n\n // Note: Set repayment chain ID to 0 to indicate that there is no repayment to be made. The off-chain data\n // worker can use repaymentChainId=0 as a signal to ignore such relays for refunds. Also, set the relayerFeePct\n // to 0 as slow relays do not pay the caller of this method (depositor is refunded this fee).\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n function _setCrossDomainAdmin(address newCrossDomainAdmin) internal {\n require(newCrossDomainAdmin != address(0), \"Bad bridge router address\");\n crossDomainAdmin = newCrossDomainAdmin;\n emit SetXDomainAdmin(newCrossDomainAdmin);\n }\n\n function _setHubPool(address newHubPool) internal {\n require(newHubPool != address(0), \"Bad hub pool address\");\n hubPool = newHubPool;\n emit SetHubPool(newHubPool);\n }\n\n // Should be overriden by implementing contract depending on how L2 handles sending tokens to L1.\n function _bridgeTokensToHubPool(SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf) internal virtual;\n\n function _verifyUpdateDepositMessage(\n address depositor,\n uint32 depositId,\n uint256 originChainId,\n int64 updatedRelayerFeePct,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) internal view {\n // A depositor can request to modify an un-relayed deposit by signing a hash containing the updated\n // details and information uniquely identifying the deposit to relay. This information ensures\n // that this signature cannot be re-used for other deposits.\n // Note: We use the EIP-712 (https://eips.ethereum.org/EIPS/eip-712) standard for hashing and signing typed data.\n // Specifically, we use the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n // `eth_signedTypedDataV4` in MetaMask (https://docs.metamask.io/guide/signing-data.html).\n bytes32 expectedTypedDataV4Hash = _hashTypedDataV4(\n // EIP-712 compliant hash struct: https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct\n keccak256(\n abi.encode(\n UPDATE_DEPOSIT_DETAILS_HASH,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n keccak256(updatedMessage)\n )\n ),\n // By passing in the origin chain id, we enable the verification of the signature on a different chain\n originChainId\n );\n _verifyDepositorSignature(depositor, expectedTypedDataV4Hash, depositorSignature);\n }\n\n // This function is isolated and made virtual to allow different L2's to implement chain specific recovery of\n // signers from signatures because some L2s might not support ecrecover. To be safe, consider always reverting\n // this function for L2s where ecrecover is different from how it works on Ethereum, otherwise there is the\n // potential to forge a signature from the depositor using a different private key than the original depositor's.\n function _verifyDepositorSignature(\n address depositor,\n bytes32 ethSignedMessageHash,\n bytes memory depositorSignature\n ) internal view virtual {\n // Note:\n // - We don't need to worry about reentrancy from a contract deployed at the depositor address since the method\n // `SignatureChecker.isValidSignatureNow` is a view method. Re-entrancy can happen, but it cannot affect state.\n // - EIP-1271 signatures are supported. This means that a signature valid now, may not be valid later and vice-versa.\n // - For an EIP-1271 signature to work, the depositor contract address must map to a deployed contract on the destination\n // chain that can validate the signature.\n // - Regular signatures from an EOA are also supported.\n bool isValid = SignatureChecker.isValidSignatureNow(depositor, ethSignedMessageHash, depositorSignature);\n require(isValid, \"invalid signature\");\n }\n\n function _verifySlowFill(\n RelayExecution memory relayExecution,\n uint32 rootBundleId,\n bytes32[] memory proof\n ) internal view {\n SlowFill memory slowFill = SlowFill({\n relayData: relayExecution.relay,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n require(\n MerkleLib.verifySlowRelayFulfillment(rootBundles[rootBundleId].slowRelayRoot, slowFill, proof),\n \"Invalid slow relay proof\"\n );\n }\n\n function _computeAmountPreFees(uint256 amount, int64 feesPct) private pure returns (uint256) {\n return (1e18 * amount) / uint256((int256(1e18) - feesPct));\n }\n\n function _computeAmountPostFees(uint256 amount, int256 feesPct) private pure returns (uint256) {\n return (amount * uint256(int256(1e18) - feesPct)) / 1e18;\n }\n\n function _getRelayHash(SpokePoolInterface.RelayData memory relayData) private pure returns (bytes32) {\n return keccak256(abi.encode(relayData));\n }\n\n // Unwraps ETH and does a transfer to a recipient address. If the recipient is a smart contract then sends wrappedNativeToken.\n function _unwrapwrappedNativeTokenTo(address payable to, uint256 amount) internal {\n if (address(to).isContract()) {\n IERC20Upgradeable(address(wrappedNativeToken)).safeTransfer(to, amount);\n } else {\n wrappedNativeToken.withdraw(amount);\n AddressLibUpgradeable.sendValue(to, amount);\n }\n }\n\n /**\n * @notice Caller specifies the max amount of tokens to send to user. Based on this amount and the amount of the\n * relay remaining (as stored in the relayFills mapping), pull the amount of tokens from the caller\n * and send to the recipient.\n * @dev relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n * numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n * fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n * @dev Caller must approve this contract to transfer up to maxTokensToSend of the relayData.destinationToken.\n * The amount to be sent might end up less if there is insufficient relay amount remaining to be sent.\n */\n function _fillRelay(RelayExecution memory relayExecution) internal returns (uint256 fillAmountPreFees) {\n RelayData memory relayData = relayExecution.relay;\n // We limit the relay fees to prevent the user spending all their funds on fees. Note that 0.5e18 (i.e. 50%)\n // fees are just magic numbers. The important point is to prevent the total fee from being 100%, otherwise\n // computing the amount pre fees runs into divide-by-0 issues.\n require(\n SignedMath.abs(relayExecution.updatedRelayerFeePct) < 0.5e18 &&\n SignedMath.abs(relayData.realizedLpFeePct) < 0.5e18,\n \"invalid fees\"\n );\n\n require(relayData.amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // Check that the relay has not already been completely filled. Note that the relays mapping will point to\n // the amount filled so far for a particular relayHash, so this will start at 0 and increment with each fill.\n require(relayFills[relayExecution.relayHash] < relayData.amount, \"relay filled\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[relayData.destinationToken] <= relayExecution.maxCount, \"Above max count\");\n\n // Derive the amount of the relay filled if the caller wants to send exactly maxTokensToSend tokens to\n // the recipient. For example, if the user wants to send 10 tokens to the recipient, the full relay amount\n // is 100, and the fee %'s total 5%, then this computation would return ~10.5, meaning that to fill 10.5/100\n // of the full relay size, the caller would need to send 10 tokens to the user.\n // This is equivalent to the amount to be sent by the relayer before fees have been taken out.\n fillAmountPreFees = _computeAmountPreFees(\n relayExecution.maxTokensToSend,\n (relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct)\n );\n // If fill amount minus fees, which is possible with small fill amounts and negative fees, then\n // revert.\n require(fillAmountPreFees > 0, \"fill amount pre fees is 0\");\n\n // If user's specified max amount to send is greater than the amount of the relay remaining pre-fees,\n // we'll pull exactly enough tokens to complete the relay.\n uint256 amountRemainingInRelay = relayData.amount - relayFills[relayExecution.relayHash];\n if (amountRemainingInRelay < fillAmountPreFees) {\n fillAmountPreFees = amountRemainingInRelay;\n }\n\n // Apply post-fees computation to amount that relayer will send to user. Rounding errors are possible\n // when computing fillAmountPreFees and then amountToSend, and we just want to enforce that\n // the error added to amountToSend is consistently applied to partial and full fills.\n uint256 amountToSend = _computeAmountPostFees(\n fillAmountPreFees,\n relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct\n );\n\n // This can only happen in a slow fill, where the contract is funding the relay.\n if (relayExecution.payoutAdjustmentPct != 0) {\n // If payoutAdjustmentPct is positive, then the recipient will receive more than the amount they\n // were originally expecting. If it is negative, then the recipient will receive less.\n // -1e18 is -100%. Because we cannot pay out negative values, that is the minimum.\n require(relayExecution.payoutAdjustmentPct >= -1e18, \"payoutAdjustmentPct too small\");\n\n // Allow the payout adjustment to go up to 1000% (i.e. 11x).\n // This is a sanity check to ensure the payouts do not grow too large via some sort of issue in bundle\n // construction.\n require(relayExecution.payoutAdjustmentPct <= 100e18, \"payoutAdjustmentPct too large\");\n\n // Note: since _computeAmountPostFees is typically intended for fees, the signage must be reversed.\n amountToSend = _computeAmountPostFees(amountToSend, -relayExecution.payoutAdjustmentPct);\n\n // Note: this error should never happen, since the maxTokensToSend is expected to be set much higher than\n // the amount, but it is here as a sanity check.\n require(amountToSend <= relayExecution.maxTokensToSend, \"Somehow hit maxTokensToSend!\");\n }\n\n // Since the first partial fill is used to update the fill counter for the entire refund amount, we don't have\n // a simple way to handle the case where follow-up partial fills take repayment on different chains. We'd\n // need a way to decrement the fill counter in this case (or increase deposit counter) to ensure that users\n // have adequate frontrunning protections.\n // Instead of adding complexity, we require that all partial fills set repayment chain equal to destination chain.\n // Note: .slowFill is checked because slow fills set repaymentChainId to 0.\n bool localRepayment = relayExecution.repaymentChainId == relayExecution.relay.destinationChainId;\n require(\n localRepayment || relayExecution.relay.amount == fillAmountPreFees || relayExecution.slowFill,\n \"invalid repayment chain\"\n );\n\n // Update fill counter.\n _updateCountFromFill(\n relayFills[relayExecution.relayHash],\n localRepayment,\n relayData.amount,\n relayData.realizedLpFeePct,\n relayData.destinationToken,\n relayExecution.slowFill\n );\n\n // relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n // numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n // fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n relayFills[relayExecution.relayHash] += fillAmountPreFees;\n\n // If relayer and receiver are the same address, there is no need to do any transfer, as it would result in no\n // net movement of funds.\n // Note: this is important because it means that relayers can intentionally self-relay in a capital efficient\n // way (no need to have funds on the destination).\n // If this is a slow fill, we can't exit early since we still need to send funds out of this contract\n // since there is no \"relayer\".\n if (msg.sender == relayExecution.updatedRecipient && !relayExecution.slowFill) return fillAmountPreFees;\n\n // If relay token is wrappedNativeToken then unwrap and send native token.\n if (relayData.destinationToken == address(wrappedNativeToken)) {\n // Note: useContractFunds is True if we want to send funds to the recipient directly out of this contract,\n // otherwise we expect the caller to send funds to the recipient. If useContractFunds is True and the\n // recipient wants wrappedNativeToken, then we can assume that wrappedNativeToken is already in the\n // contract, otherwise we'll need the user to send wrappedNativeToken to this contract. Regardless, we'll\n // need to unwrap it to native token before sending to the user.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(msg.sender, address(this), amountToSend);\n _unwrapwrappedNativeTokenTo(payable(relayExecution.updatedRecipient), amountToSend);\n // Else, this is a normal ERC20 token. Send to recipient.\n } else {\n // Note: Similar to note above, send token directly from the contract to the user in the slow relay case.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(\n msg.sender,\n relayExecution.updatedRecipient,\n amountToSend\n );\n else\n IERC20Upgradeable(relayData.destinationToken).safeTransfer(\n relayExecution.updatedRecipient,\n amountToSend\n );\n }\n\n if (relayExecution.updatedRecipient.isContract() && relayExecution.updatedMessage.length > 0) {\n AcrossMessageHandler(relayExecution.updatedRecipient).handleAcrossMessage(\n relayData.destinationToken,\n amountToSend,\n relayFills[relayExecution.relayHash] >= relayData.amount,\n msg.sender,\n relayExecution.updatedMessage\n );\n }\n }\n\n function _updateCountFromFill(\n uint256 startingFillAmount,\n bool localRepayment,\n uint256 totalFillAmount,\n int64 realizedLPFeePct,\n address token,\n bool useContractFunds\n ) internal {\n // If this is a slow fill, a first partial fill with repayment on another chain, or a partial fill has already happened, do nothing, as these\n // should not impact the count. Initial 0-fills will not reach this part of the code.\n if (useContractFunds || startingFillAmount > 0 || !localRepayment) return;\n fillCounter[token] += _computeAmountPostFees(totalFillAmount, realizedLPFeePct);\n }\n\n function _emitFillRelay(RelayExecution memory relayExecution, uint256 fillAmountPreFees) internal {\n RelayExecutionInfo memory relayExecutionInfo = RelayExecutionInfo({\n relayerFeePct: relayExecution.updatedRelayerFeePct,\n recipient: relayExecution.updatedRecipient,\n message: relayExecution.updatedMessage,\n isSlowRelay: relayExecution.slowFill,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n emit FilledRelay(\n relayExecution.relay.amount,\n relayFills[relayExecution.relayHash],\n fillAmountPreFees,\n relayExecution.repaymentChainId,\n relayExecution.relay.originChainId,\n relayExecution.relay.destinationChainId,\n relayExecution.relay.relayerFeePct,\n relayExecution.relay.realizedLpFeePct,\n relayExecution.relay.depositId,\n relayExecution.relay.destinationToken,\n msg.sender,\n relayExecution.relay.depositor,\n relayExecution.relay.recipient,\n relayExecution.relay.message,\n relayExecutionInfo\n );\n }\n\n // Implementing contract needs to override this to ensure that only the appropriate cross chain admin can execute\n // certain admin functions. For L2 contracts, the cross chain admin refers to some L1 address or contract, and for\n // L1, this would just be the same admin of the HubPool.\n function _requireAdminSender() internal virtual;\n\n // Added to enable the this contract to receive native token (ETH). Used when unwrapping wrappedNativeToken.\n receive() external payable {}\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePoolVerifier.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/utils/Address.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\n */\ncontract SpokePoolVerifier {\n using Address for address;\n\n /**\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n SpokePoolInterface spokePool,\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable {\n require(msg.value == amount, \"msg.value != amount\");\n require(address(spokePool).isContract(), \"spokePool is not a contract\");\n spokePool.deposit{ value: msg.value }(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n quoteTimestamp,\n message,\n maxCount\n );\n }\n}\n" + }, + "contracts/Succinct_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/SuccinctInterfaces.sol\";\n\n/**\n * @notice Succinct Spoke pool.\n */\ncontract Succinct_SpokePool is SpokePool, ITelepathyHandler {\n // Address of the succinct AMB contract.\n address public succinctTargetAmb;\n\n // Chain where HubPool is deployed that is linked to this SpokePool.\n uint16 public hubChainId;\n\n // Warning: this variable should _never_ be touched outside of this contract. It is intentionally set to be\n // private. Leaving it set to true can permanently disable admin calls.\n bool private adminCallValidated;\n\n event SetSuccinctTargetAmb(address indexed newSuccinctTargetAmb);\n event ReceivedMessageFromL1(address indexed caller, address indexed rootMessageSender);\n\n // Note: validating calls this way ensures that strange calls coming from the succinctTargetAmb won't be\n // misinterpreted. Put differently, just checking that msg.sender == succinctTargetAmb is not sufficient.\n // All calls that have admin privileges must be fired from within the handleTelepathy method that's gone\n // through validation where the sender is checked and the sender from the other chain is also validated.\n // This modifier sets the adminCallValidated variable so this condition can be checked in _requireAdminSender().\n modifier validateInternalCalls() {\n // Make sure adminCallValidated is set to True only once at beginning of processMessageFromRoot, which prevents\n // processMessageFromRoot from being re-entered.\n require(!adminCallValidated, \"adminCallValidated already set\");\n\n // This sets a variable indicating that we're now inside a validated call.\n // Note: this is used by other methods to ensure that this call has been validated by this method and is not\n // spoofed.\n adminCallValidated = true;\n\n _;\n\n // Reset adminCallValidated to false to disallow admin calls after this method exits.\n adminCallValidated = false;\n }\n\n /**\n * @notice Construct the Succinct SpokePool.\n * @param _hubChainId Chain ID of the chain where the HubPool is deployed.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeToken Address of the wrapped native token.\n */\n function initialize(\n uint16 _hubChainId,\n address _succinctTargetAmb,\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeToken\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n succinctTargetAmb = _succinctTargetAmb;\n hubChainId = _hubChainId;\n }\n\n /**\n * @notice Admin can reset the succinct contract address.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n */\n function setSuccinctTargetAmb(address _succinctTargetAmb) external onlyAdmin {\n succinctTargetAmb = _succinctTargetAmb;\n emit SetSuccinctTargetAmb(_succinctTargetAmb);\n }\n\n /**\n * @notice This will be called by Succinct AMB on this network to relay a message sent from the HubPool.\n * @param _sourceChainId Chain ID of the chain where the message originated.\n * @param _senderAddress Address of the sender on the chain where the message originated.\n * @param _data Data to be received and executed on this contract.\n */\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external override validateInternalCalls returns (bytes4) {\n // Validate msg.sender as succinct, the x-chain sender as being the hubPool (the admin) and the source chain as\n // 1 (mainnet).\n require(msg.sender == succinctTargetAmb, \"caller not succinct AMB\");\n require(_senderAddress == hubPool, \"sender not hubPool\");\n require(_sourceChainId == hubChainId, \"source chain not hub chain\");\n\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, ) = address(this).delegatecall(_data);\n require(success, \"delegatecall failed\");\n\n emit ReceivedMessageFromL1(msg.sender, _senderAddress);\n return ITelepathyHandler.handleTelepathy.selector;\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory) internal override {\n // This method is a no-op. If the chain intends to include bridging functionality, this must be overriden.\n // If not, leaving this unimplemented means this method may be triggered, but the result will be that no\n // balance is transferred.\n }\n\n // Check that the handleTelepathy method has validated the method to ensure the sender is authenticated.\n function _requireAdminSender() internal view override {\n require(adminCallValidated, \"Admin call not validated\");\n }\n}\n" + }, + "contracts/test/AcrossMessageHandlerMock.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\n\ncontract AcrossMessageHandlerMock is AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external override {}\n}\n" + }, + "contracts/test/MerkleLibTest.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../MerkleLib.sol\";\nimport \"../interfaces/HubPoolInterface.sol\";\nimport \"../interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice Contract to test the MerkleLib.\n */\ncontract MerkleLibTest {\n mapping(uint256 => uint256) public claimedBitMap;\n\n uint256 public claimedBitMap1D;\n\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyPoolRebalance(root, rebalance, proof);\n }\n\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyRelayerRefund(root, refund, proof);\n }\n\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowFill,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifySlowRelayFulfillment(root, slowFill, proof);\n }\n\n function isClaimed(uint256 index) public view returns (bool) {\n return MerkleLib.isClaimed(claimedBitMap, index);\n }\n\n function setClaimed(uint256 index) public {\n MerkleLib.setClaimed(claimedBitMap, index);\n }\n\n function isClaimed1D(uint8 index) public view returns (bool) {\n return MerkleLib.isClaimed1D(claimedBitMap1D, index);\n }\n\n function setClaimed1D(uint8 index) public {\n claimedBitMap1D = MerkleLib.setClaimed1D(claimedBitMap1D, index);\n }\n}\n" + }, + "contracts/test/MockBedrockStandardBridge.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../Ovm_SpokePool.sol\";\n\n// Provides payable withdrawTo interface introduced on Bedrock\ncontract MockBedrockL2StandardBridge is IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable {\n // do nothing\n }\n}\n" + }, + "contracts/test/MockSpokePool.sol": { + "content": "//SPDX-License-Identifier: Unlicense\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @title MockSpokePool\n * @notice Implements abstract contract for testing.\n */\ncontract MockSpokePool is SpokePool, OwnableUpgradeable {\n uint256 private chainId_;\n uint256 private currentTime;\n\n function initialize(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n currentTime = block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n function setCurrentTime(uint256 time) external {\n currentTime = time;\n }\n\n function getCurrentTime() public view override returns (uint256) {\n return currentTime;\n }\n\n // solhint-disable-next-line no-empty-blocks\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {}\n\n function _requireAdminSender() internal override onlyOwner {} // solhint-disable-line no-empty-blocks\n\n function chainId() public view override(SpokePool) returns (uint256) {\n // If chainId_ is set then return it, else do nothing and return the parent chainId().\n return chainId_ == 0 ? super.chainId() : chainId_;\n }\n\n function setChainId(uint256 _chainId) public {\n chainId_ = _chainId;\n }\n}\n" + }, + "contracts/upgradeable/AddressLibUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @title AddressUpgradeable\n * @dev Collection of functions related to the address type\n * @notice Logic is 100% copied from \"@openzeppelin/contracts-upgradeable/contracts/utils/AddressUpgradeable.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\nlibrary AddressLibUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "contracts/upgradeable/EIP712CrossChainUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol\";\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.\n *\n * This contract is based on OpenZeppelin's implementation:\n * https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/utils/cryptography/EIP712Upgradeable.sol\n *\n * NOTE: Modified version that allows to build a domain separator that relies on a different chain id than the chain this\n * contract is deployed to. An example use case we want to support is:\n * - User A signs a message on chain with id = 1\n * - User B executes a method by verifying user A's EIP-712 compliant signature on a chain with id != 1\n */\nabstract contract EIP712CrossChainUpgradeable is Initializable {\n /* solhint-disable var-name-mixedcase */\n bytes32 private _HASHED_NAME;\n bytes32 private _HASHED_VERSION;\n bytes32 private constant _TYPE_HASH = keccak256(\"EIP712Domain(string name,string version,uint256 chainId)\");\n\n /* solhint-enable var-name-mixedcase */\n\n /**\n * @dev Initializes the domain separator and parameter caches.\n *\n * The meaning of `name` and `version` is specified in\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:\n *\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n * - `version`: the current major version of the signing domain.\n *\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n * contract upgrade].\n */\n function __EIP712_init(string memory name, string memory version) internal onlyInitializing {\n __EIP712_init_unchained(name, version);\n }\n\n function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {\n bytes32 hashedName = keccak256(bytes(name));\n bytes32 hashedVersion = keccak256(bytes(version));\n _HASHED_NAME = hashedName;\n _HASHED_VERSION = hashedVersion;\n }\n\n /**\n * @dev Returns the domain separator depending on the `originChainId`.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 EIP-712-compliant domain separator.\n */\n function _domainSeparatorV4(uint256 originChainId) internal view returns (bytes32) {\n return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, originChainId));\n }\n\n /**\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n * function returns the hash of the fully encoded EIP712 message for this domain.\n *\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n *\n * ```solidity\n * bytes32 structHash = keccak256(abi.encode(\n * keccak256(\"Mail(address to,string contents)\"),\n * mailTo,\n * keccak256(bytes(mailContents))\n * ));\n * bytes32 digest = _hashTypedDataV4(structHash, originChainId);\n * address signer = ECDSA.recover(digest, signature);\n * ```\n * @param structHash Hashed struct as defined in https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 Hash digest that is recoverable via `EDCSA.recover`.\n */\n function _hashTypedDataV4(bytes32 structHash, uint256 originChainId) internal view virtual returns (bytes32) {\n return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(originChainId), structHash);\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/upgradeable/MultiCallerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @title MultiCallerUpgradeable\n * @notice Logic is 100% copied from \"@uma/core/contracts/common/implementation/MultiCaller.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\ncontract MultiCallerUpgradeable {\n function multicall(bytes[] calldata data) external returns (bytes[] memory results) {\n results = new bytes[](data.length);\n\n //slither-disable-start calls-loop\n for (uint256 i = 0; i < data.length; i++) {\n // Typically, implementation contracts used in the upgradeable proxy pattern shouldn't call `delegatecall`\n // because it could allow a malicious actor to call this implementation contract directly (rather than\n // through a proxy contract) and then selfdestruct() the contract, thereby freezing the upgradeable\n // proxy. However, since we're only delegatecall-ing into this contract, then we can consider this\n // use of delegatecall() safe.\n\n //slither-disable-start low-level-calls\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory result) = address(this).delegatecall(data[i]);\n //slither-disable-end low-level-calls\n\n if (!success) {\n // Next 5 lines from https://ethereum.stackexchange.com/a/83577\n if (result.length < 68) revert();\n //slither-disable-next-line assembly\n assembly {\n result := add(result, 0x04)\n }\n revert(abi.decode(result, (string)));\n }\n\n results[i] = result;\n }\n //slither-disable-end calls-loop\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/ZkSync_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\n// https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/zksync/contracts/bridge/L2ERC20Bridge.sol#L104\ninterface ZkBridgeLike {\n function withdraw(\n address _l1Receiver,\n address _l2Token,\n uint256 _amount\n ) external;\n}\n\ninterface IL2ETH {\n function withdraw(address _l1Receiver) external payable;\n}\n\n/**\n * @notice ZkSync specific SpokePool, intended to be compiled with `@matterlabs/hardhat-zksync-solc`.\n * @dev Resources for compiling and deploying contracts with hardhat: https://era.zksync.io/docs/tools/hardhat/hardhat-zksync-solc.html\n */\ncontract ZkSync_SpokePool is SpokePool {\n // On Ethereum, avoiding constructor parameters and putting them into constants reduces some of the gas cost\n // upon contract deployment. On zkSync the opposite is true: deploying the same bytecode for contracts,\n // while changing only constructor parameters can lead to substantial fee savings. So, the following params\n // are all set by passing in constructor params where possible.\n\n // ETH on ZkSync implements a subset of the ERC-20 interface, with additional built-in support to bridge to L1.\n address public l2Eth;\n\n // Bridge used to withdraw ERC20's to L1\n ZkBridgeLike public zkErc20Bridge;\n\n event SetZkBridge(address indexed erc20Bridge, address indexed oldErc20Bridge);\n event ZkSyncTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged);\n\n /**\n * @notice Construct the ZkSync SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _zkErc20Bridge Address of L2 ERC20 gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n ZkBridgeLike _zkErc20Bridge,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n l2Eth = 0x000000000000000000000000000000000000800A;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setZkBridge(_zkErc20Bridge);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ZKSYNC-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 token bridge addresses. Callable only by admin.\n * @param _zkErc20Bridge New address of L2 ERC20 gateway.\n */\n function setZkBridge(ZkBridgeLike _zkErc20Bridge) public onlyAdmin nonReentrant {\n _setZkBridge(_zkErc20Bridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. This may not be neccessary\n // if ETH on ZkSync is treated as ETH and the fallback() function is triggered when this contract receives\n // ETH. We will have to test this but this function for now allows the contract to safely convert all of its\n // held ETH into WETH at the cost of higher gas costs.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // SpokePool is expected to receive ETH from the L1 HubPool and currently, withdrawing ETH directly\n // over the ERC20 Bridge is blocked at the contract level. Therefore, we need to unwrap it before withdrawing.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n // To withdraw tokens, we actually call 'withdraw' on the L2 eth token itself.\n IL2ETH(l2Eth).withdraw{ value: relayerRefundLeaf.amountToReturn }(hubPool);\n } else {\n zkErc20Bridge.withdraw(hubPool, relayerRefundLeaf.l2TokenAddress, relayerRefundLeaf.amountToReturn);\n }\n emit ZkSyncTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setZkBridge(ZkBridgeLike _zkErc20Bridge) internal {\n address oldErc20Bridge = address(zkErc20Bridge);\n zkErc20Bridge = _zkErc20Bridge;\n emit SetZkBridge(address(_zkErc20Bridge), oldErc20Bridge);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#mailboxfacet for more information.\n // Another source: https://github.com/matter-labs/era-contracts/blob/41c25aa16d182f757c3fed1463c78a81896f65e6/ethereum/contracts/vendor/AddressAliasHelper.sol#L28\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + } + }, + "settings": { + "optimizer": { + "enabled": true, + "runs": 1000000 + }, + "viaIR": true, + "outputSelection": { + "*": { + "*": [ + "abi", + "evm.bytecode", + "evm.deployedBytecode", + "evm.methodIdentifiers", + "metadata", + "devdoc", + "userdoc", + "storageLayout", + "evm.gasEstimates" + ], + "": ["ast"] + } + }, + "metadata": { + "useLiteralContent": true + } + } +} diff --git a/deployments/optimism/SpokePoolVerifier.json b/deployments/optimism/SpokePoolVerifier.json new file mode 100644 index 000000000..2861fac0b --- /dev/null +++ b/deployments/optimism/SpokePoolVerifier.json @@ -0,0 +1,115 @@ +{ + "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", + "abi": [ + { + "inputs": [ + { + "internalType": "contract SpokePoolInterface", + "name": "spokePool", + "type": "address" + }, + { + "internalType": "address", + "name": "recipient", + "type": "address" + }, + { + "internalType": "address", + "name": "originToken", + "type": "address" + }, + { + "internalType": "uint256", + "name": "amount", + "type": "uint256" + }, + { + "internalType": "uint256", + "name": "destinationChainId", + "type": "uint256" + }, + { + "internalType": "int64", + "name": "relayerFeePct", + "type": "int64" + }, + { + "internalType": "uint32", + "name": "quoteTimestamp", + "type": "uint32" + }, + { + "internalType": "bytes", + "name": "message", + "type": "bytes" + }, + { + "internalType": "uint256", + "name": "maxCount", + "type": "uint256" + } + ], + "name": "deposit", + "outputs": [], + "stateMutability": "payable", + "type": "function" + } + ], + "transactionHash": "0xff8cf0054496d28d9077b85e1900f92614b42f22f88aa22b37201333546d0c7d", + "receipt": { + "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", + "from": "0x9A8f92a830A5cB89a3816e3D267CB7791c16b04D", + "contractAddress": null, + "transactionIndex": 2, + "gasUsed": "259943", + "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "blockHash": "0xff7984e81bb2c456195abef5fe03c5d707f5f14ec1b85f8f35f271986fae86f6", + "transactionHash": "0xff8cf0054496d28d9077b85e1900f92614b42f22f88aa22b37201333546d0c7d", + "logs": [], + "blockNumber": 110419958, + "cumulativeGasUsed": "358364", + "status": 1, + "byzantium": true + }, + "args": [], + "numDeployments": 1, + "solcInputHash": "ddd636e0d4b16feb9b78418745aefa13", + "metadata": "{\"compiler\":{\"version\":\"0.8.18+commit.87f61d96\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"contract SpokePoolInterface\",\"name\":\"spokePool\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"originToken\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"},{\"internalType\":\"uint256\",\"name\":\"destinationChainId\",\"type\":\"uint256\"},{\"internalType\":\"int64\",\"name\":\"relayerFeePct\",\"type\":\"int64\"},{\"internalType\":\"uint32\",\"name\":\"quoteTimestamp\",\"type\":\"uint32\"},{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"uint256\",\"name\":\"maxCount\",\"type\":\"uint256\"}],\"name\":\"deposit\",\"outputs\":[],\"stateMutability\":\"payable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\",\"kind\":\"dev\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"details\":\"Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.\",\"params\":{\"amount\":\"Amount of tokens to deposit. Will be amount of tokens to receive less fees.\",\"destinationChainId\":\"Denotes network where user will receive funds from SpokePool by a relayer.\",\"maxCount\":\"used to protect the depositor from frontrunning to guarantee their quote remains valid.\",\"message\":\"Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\",\"originToken\":\"Token to lock into this contract to initiate deposit.\",\"quoteTimestamp\":\"Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.\",\"recipient\":\"Address to receive funds at on destination chain.\",\"relayerFeePct\":\"% of deposit amount taken out to incentivize a fast relayer.\",\"spokePool\":\"Address of the SpokePool contract that the user is intending to call.\"}}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"notice\":\"Passthrough function to `deposit()` on the SpokePool contract.\"}},\"notice\":\"SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"contracts/SpokePoolVerifier.sol\":\"SpokePoolVerifier\"},\"evmVersion\":\"paris\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":true},\"optimizer\":{\"enabled\":true,\"runs\":1000000},\"remappings\":[],\"viaIR\":true},\"sources\":{\"@openzeppelin/contracts/utils/Address.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\\n\\npragma solidity ^0.8.1;\\n\\n/**\\n * @dev Collection of functions related to the address type\\n */\\nlibrary Address {\\n /**\\n * @dev Returns true if `account` is a contract.\\n *\\n * [IMPORTANT]\\n * ====\\n * It is unsafe to assume that an address for which this function returns\\n * false is an externally-owned account (EOA) and not a contract.\\n *\\n * Among others, `isContract` will return false for the following\\n * types of addresses:\\n *\\n * - an externally-owned account\\n * - a contract in construction\\n * - an address where a contract will be created\\n * - an address where a contract lived, but was destroyed\\n *\\n * Furthermore, `isContract` will also return true if the target contract within\\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\\n * which only has an effect at the end of a transaction.\\n * ====\\n *\\n * [IMPORTANT]\\n * ====\\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\\n *\\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\\n * constructor.\\n * ====\\n */\\n function isContract(address account) internal view returns (bool) {\\n // This method relies on extcodesize/address.code.length, which returns 0\\n // for contracts in construction, since the code is only stored at the end\\n // of the constructor execution.\\n\\n return account.code.length > 0;\\n }\\n\\n /**\\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\\n * `recipient`, forwarding all available gas and reverting on errors.\\n *\\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\\n * imposed by `transfer`, making them unable to receive funds via\\n * `transfer`. {sendValue} removes this limitation.\\n *\\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\\n *\\n * IMPORTANT: because control is transferred to `recipient`, care must be\\n * taken to not create reentrancy vulnerabilities. Consider using\\n * {ReentrancyGuard} or the\\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\\n */\\n function sendValue(address payable recipient, uint256 amount) internal {\\n require(address(this).balance >= amount, \\\"Address: insufficient balance\\\");\\n\\n (bool success, ) = recipient.call{value: amount}(\\\"\\\");\\n require(success, \\\"Address: unable to send value, recipient may have reverted\\\");\\n }\\n\\n /**\\n * @dev Performs a Solidity function call using a low level `call`. A\\n * plain `call` is an unsafe replacement for a function call: use this\\n * function instead.\\n *\\n * If `target` reverts with a revert reason, it is bubbled up by this\\n * function (like regular Solidity function calls).\\n *\\n * Returns the raw returned data. To convert to the expected return value,\\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\\n *\\n * Requirements:\\n *\\n * - `target` must be a contract.\\n * - calling `target` with `data` must not revert.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, \\\"Address: low-level call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\\n * `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but also transferring `value` wei to `target`.\\n *\\n * Requirements:\\n *\\n * - the calling contract must have an ETH balance of at least `value`.\\n * - the called Solidity function must be `payable`.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, value, \\\"Address: low-level call with value failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\\n * with `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(\\n address target,\\n bytes memory data,\\n uint256 value,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n require(address(this).balance >= value, \\\"Address: insufficient balance for call\\\");\\n (bool success, bytes memory returndata) = target.call{value: value}(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\\n return functionStaticCall(target, data, \\\"Address: low-level static call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.staticcall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionDelegateCall(target, data, \\\"Address: low-level delegate call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.delegatecall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\\n *\\n * _Available since v4.8._\\n */\\n function verifyCallResultFromTarget(\\n address target,\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n if (success) {\\n if (returndata.length == 0) {\\n // only check isContract if the call was successful and the return data is empty\\n // otherwise we already know that it was a contract\\n require(isContract(target), \\\"Address: call to non-contract\\\");\\n }\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\\n * revert reason or using the provided one.\\n *\\n * _Available since v4.3._\\n */\\n function verifyCallResult(\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal pure returns (bytes memory) {\\n if (success) {\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\\n // Look for revert reason and bubble it up if present\\n if (returndata.length > 0) {\\n // The easiest way to bubble the revert reason is using memory via assembly\\n /// @solidity memory-safe-assembly\\n assembly {\\n let returndata_size := mload(returndata)\\n revert(add(32, returndata), returndata_size)\\n }\\n } else {\\n revert(errorMessage);\\n }\\n }\\n}\\n\",\"keccak256\":\"0x006dd67219697fe68d7fbfdea512e7c4cb64a43565ed86171d67e844982da6fa\",\"license\":\"MIT\"},\"contracts/SpokePoolVerifier.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\nimport \\\"@openzeppelin/contracts/utils/Address.sol\\\";\\nimport \\\"./interfaces/SpokePoolInterface.sol\\\";\\n\\n/**\\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\\n */\\ncontract SpokePoolVerifier {\\n using Address for address;\\n\\n /**\\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\\n * @param recipient Address to receive funds at on destination chain.\\n * @param originToken Token to lock into this contract to initiate deposit.\\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\\n * to LP pool on HubPool.\\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\\n */\\n function deposit(\\n SpokePoolInterface spokePool,\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable {\\n require(msg.value == amount, \\\"msg.value != amount\\\");\\n require(address(spokePool).isContract(), \\\"spokePool is not a contract\\\");\\n spokePool.deposit{ value: msg.value }(\\n recipient,\\n originToken,\\n amount,\\n destinationChainId,\\n relayerFeePct,\\n quoteTimestamp,\\n message,\\n maxCount\\n );\\n }\\n}\\n\",\"keccak256\":\"0x307def15b466a7b358bd8429d1e0602bc623d7c03aa07b78552e551625196c29\",\"license\":\"BUSL-1.1\"},\"contracts/interfaces/SpokePoolInterface.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\n/**\\n * @notice Contains common data structures and functions used by all SpokePool implementations.\\n */\\ninterface SpokePoolInterface {\\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\\n struct RelayerRefundLeaf {\\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\\n // is negative. This is just the negative of this value.\\n uint256 amountToReturn;\\n // Used to verify that this is being executed on the correct destination chainId.\\n uint256 chainId;\\n // This array designates how much each of those addresses should be refunded.\\n uint256[] refundAmounts;\\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\\n uint32 leafId;\\n // The associated L2TokenAddress that these claims apply to.\\n address l2TokenAddress;\\n // Must be same length as refundAmounts and designates each address that must be refunded.\\n address[] refundAddresses;\\n }\\n\\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\\n // chain validator can choose when to refund slow relayers.\\n struct RelayData {\\n // The address that made the deposit on the origin chain.\\n address depositor;\\n // The recipient address on the destination chain.\\n address recipient;\\n // The corresponding token address on the destination chain.\\n address destinationToken;\\n // The total relay amount before fees are taken out.\\n uint256 amount;\\n // Origin chain id.\\n uint256 originChainId;\\n // Destination chain id.\\n uint256 destinationChainId;\\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\\n // and the HubPool's utilization.\\n int64 realizedLpFeePct;\\n // The relayer fee percentage specified in the deposit.\\n int64 relayerFeePct;\\n // The id uniquely identifying this deposit on the origin chain.\\n uint32 depositId;\\n // Data that is forwarded to the recipient.\\n bytes message;\\n }\\n\\n struct SlowFill {\\n RelayData relayData;\\n int256 payoutAdjustmentPct;\\n }\\n\\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\\n // by \\\"data workers\\\" via inclusion proofs to execute leaves in the roots.\\n struct RootBundle {\\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\\n bytes32 slowRelayRoot;\\n // Merkle root of relayer refunds for successful relays.\\n bytes32 relayerRefundRoot;\\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\\n // 256x(2^248) leaves per root.\\n mapping(uint256 => uint256) claimedBitmap;\\n }\\n\\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\\n\\n function setHubPool(address newHubPool) external;\\n\\n function setEnableRoute(\\n address originToken,\\n uint256 destinationChainId,\\n bool enable\\n ) external;\\n\\n function pauseDeposits(bool pause) external;\\n\\n function pauseFills(bool pause) external;\\n\\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\\n\\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\\n\\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\\n\\n function deposit(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function depositNow(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function speedUpDeposit(\\n address depositor,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n address updatedRecipient,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature\\n ) external;\\n\\n function fillRelay(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n uint256 maxCount\\n ) external;\\n\\n function fillRelayWithUpdatedDeposit(\\n address depositor,\\n address recipient,\\n address updatedRecipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature,\\n uint256 maxCount\\n ) external;\\n\\n function executeSlowRelayLeaf(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n uint32 rootBundleId,\\n bytes memory message,\\n int256 payoutAdjustment,\\n bytes32[] memory proof\\n ) external;\\n\\n function executeRelayerRefundLeaf(\\n uint32 rootBundleId,\\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\\n bytes32[] memory proof\\n ) external;\\n\\n function chainId() external view returns (uint256);\\n}\\n\",\"keccak256\":\"0x8ca5e32ee496553c1055954283747b6725356548dc35f5aad565e5cf37bf6449\",\"license\":\"BUSL-1.1\"}},\"version\":1}", + "bytecode": "0x60808060405234610016576103c3908161001c8239f35b600080fdfe608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "deployedBytecode": "0x608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "devdoc": { + "details": "This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2", + "kind": "dev", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "details": "Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.", + "params": { + "amount": "Amount of tokens to deposit. Will be amount of tokens to receive less fees.", + "destinationChainId": "Denotes network where user will receive funds from SpokePool by a relayer.", + "maxCount": "used to protect the depositor from frontrunning to guarantee their quote remains valid.", + "message": "Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.", + "originToken": "Token to lock into this contract to initiate deposit.", + "quoteTimestamp": "Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.", + "recipient": "Address to receive funds at on destination chain.", + "relayerFeePct": "% of deposit amount taken out to incentivize a fast relayer.", + "spokePool": "Address of the SpokePool contract that the user is intending to call." + } + } + }, + "version": 1 + }, + "userdoc": { + "kind": "user", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "notice": "Passthrough function to `deposit()` on the SpokePool contract." + } + }, + "notice": "SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.", + "version": 1 + }, + "storageLayout": { + "storage": [], + "types": null + } +} diff --git a/deployments/optimism/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json b/deployments/optimism/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json new file mode 100644 index 000000000..abf783f9a --- /dev/null +++ b/deployments/optimism/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json @@ -0,0 +1,247 @@ +{ + "language": "Solidity", + "sources": { + "@eth-optimism/contracts/L1/messaging/IL1ERC20Bridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title IL1ERC20Bridge\n */\ninterface IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n\n event ERC20DepositInitiated(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n event ERC20WithdrawalFinalized(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev get the address of the corresponding L2 bridge contract.\n * @return Address of the corresponding L2 bridge contract.\n */\n function l2TokenBridge() external returns (address);\n\n /**\n * @dev deposit an amount of the ERC20 to the caller's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _amount Amount of the ERC20 to deposit\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20(\n address _l1Token,\n address _l2Token,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /**\n * @dev deposit an amount of ERC20 to a recipient's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _to L2 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20To(\n address _l1Token,\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ERC20 token.\n * This call will fail if the initialized withdrawal from L2 has not been finalized.\n *\n * @param _l1Token Address of L1 token to finalizeWithdrawal for.\n * @param _l2Token Address of L2 token where withdrawal was initiated.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Data provided by the sender on L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeERC20Withdrawal(\n address _l1Token,\n address _l2Token,\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\nimport \"./IL1ERC20Bridge.sol\";\n\n/**\n * @title IL1StandardBridge\n */\ninterface IL1StandardBridge is IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n event ETHDepositInitiated(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n event ETHWithdrawalFinalized(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev Deposit an amount of the ETH to the caller's balance on L2.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETH(uint32 _l2Gas, bytes calldata _data) external payable;\n\n /**\n * @dev Deposit an amount of ETH to a recipient's balance on L2.\n * @param _to L2 address to credit the withdrawal to.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETHTo(\n address _to,\n uint32 _l2Gas,\n bytes calldata _data\n ) external payable;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ETH token. Since only the xDomainMessenger can call this function, it will never be called\n * before the withdrawal is finalized.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeETHWithdrawal(\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessenger {\n /**********\n * Events *\n **********/\n\n event SentMessage(\n address indexed target,\n address sender,\n bytes message,\n uint256 messageNonce,\n uint256 gasLimit\n );\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(\n address _target,\n bytes calldata _message,\n uint32 _gasLimit\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.9;\n\n/**\n * @title Lib_PredeployAddresses\n */\nlibrary Lib_PredeployAddresses {\n address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;\n address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;\n address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;\n address payable internal constant OVM_ETH = payable(0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000);\n address internal constant L2_CROSS_DOMAIN_MESSENGER =\n 0x4200000000000000000000000000000000000007;\n address internal constant LIB_ADDRESS_MANAGER = 0x4200000000000000000000000000000000000008;\n address internal constant PROXY_EOA = 0x4200000000000000000000000000000000000009;\n address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;\n address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;\n address internal constant L2_STANDARD_TOKEN_FACTORY =\n 0x4200000000000000000000000000000000000012;\n address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/ContextUpgradeable.sol\";\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n function __Ownable_init() internal onlyInitializing {\n __Ownable_init_unchained();\n }\n\n function __Ownable_init_unchained() internal onlyInitializing {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/errorsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.6.0) (crosschain/errors.sol)\n\npragma solidity ^0.8.4;\n\nerror NotCrossChainCall();\nerror InvalidCrossChainSender(address actual, address expected);\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (crosschain/optimism/LibOptimism.sol)\n\npragma solidity ^0.8.4;\n\nimport { ICrossDomainMessengerUpgradeable as Optimism_Bridge } from \"../../vendor/optimism/ICrossDomainMessengerUpgradeable.sol\";\nimport \"../errorsUpgradeable.sol\";\n\n/**\n * @dev Primitives for cross-chain aware contracts for https://www.optimism.io/[Optimism].\n * See the https://community.optimism.io/docs/developers/bridge/messaging/#accessing-msg-sender[documentation]\n * for the functionality used here.\n */\nlibrary LibOptimismUpgradeable {\n /**\n * @dev Returns whether the current function call is the result of a\n * cross-chain message relayed by `messenger`.\n */\n function isCrossChain(address messenger) internal view returns (bool) {\n return msg.sender == messenger;\n }\n\n /**\n * @dev Returns the address of the sender that triggered the current\n * cross-chain message through `messenger`.\n *\n * NOTE: {isCrossChain} should be checked before trying to recover the\n * sender, as it will revert with `NotCrossChainCall` if the current\n * function call is not the result of a cross-chain message.\n */\n function crossChainSender(address messenger) internal view returns (address) {\n if (!isCrossChain(messenger)) revert NotCrossChainCall();\n\n return Optimism_Bridge(messenger).xDomainMessageSender();\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/draft-IERC1822Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified\n * proxy whose upgrades are fully controlled by the current implementation.\n */\ninterface IERC1822ProxiableUpgradeable {\n /**\n * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation\n * address.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy.\n */\n function proxiableUUID() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/IERC1967Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n *\n * _Available since v4.8.3._\n */\ninterface IERC1967Upgradeable {\n /**\n * @dev Emitted when the implementation is upgraded.\n */\n event Upgraded(address indexed implementation);\n\n /**\n * @dev Emitted when the admin account has changed.\n */\n event AdminChanged(address previousAdmin, address newAdmin);\n\n /**\n * @dev Emitted when the beacon is changed.\n */\n event BeaconUpgraded(address indexed beacon);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/beacon/IBeaconUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeaconUpgradeable {\n /**\n * @dev Must return an address that can be used as a delegate call target.\n *\n * {BeaconProxy} will check that this address is a contract.\n */\n function implementation() external view returns (address);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../beacon/IBeaconUpgradeable.sol\";\nimport \"../../interfaces/IERC1967Upgradeable.sol\";\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../../utils/AddressUpgradeable.sol\";\nimport \"../../utils/StorageSlotUpgradeable.sol\";\nimport \"../utils/Initializable.sol\";\n\n/**\n * @dev This abstract contract provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.\n *\n * _Available since v4.1._\n */\nabstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {\n function __ERC1967Upgrade_init() internal onlyInitializing {\n }\n\n function __ERC1967Upgrade_init_unchained() internal onlyInitializing {\n }\n // This is the keccak-256 hash of \"eip1967.proxy.rollback\" subtracted by 1\n bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;\n\n /**\n * @dev Storage slot with the address of the current implementation.\n * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n /**\n * @dev Returns the current implementation address.\n */\n function _getImplementation() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 implementation slot.\n */\n function _setImplementation(address newImplementation) private {\n require(AddressUpgradeable.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n }\n\n /**\n * @dev Perform implementation upgrade\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeTo(address newImplementation) internal {\n _setImplementation(newImplementation);\n emit Upgraded(newImplementation);\n }\n\n /**\n * @dev Perform implementation upgrade with additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {\n _upgradeTo(newImplementation);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(newImplementation, data);\n }\n }\n\n /**\n * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {\n // Upgrades from old implementations will perform a rollback test. This test requires the new\n // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing\n // this special case will break upgrade paths from old UUPS implementation to new ones.\n if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {\n _setImplementation(newImplementation);\n } else {\n try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {\n require(slot == _IMPLEMENTATION_SLOT, \"ERC1967Upgrade: unsupported proxiableUUID\");\n } catch {\n revert(\"ERC1967Upgrade: new implementation is not UUPS\");\n }\n _upgradeToAndCall(newImplementation, data, forceCall);\n }\n }\n\n /**\n * @dev Storage slot with the admin of the contract.\n * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n /**\n * @dev Returns the current admin.\n */\n function _getAdmin() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 admin slot.\n */\n function _setAdmin(address newAdmin) private {\n require(newAdmin != address(0), \"ERC1967: new admin is the zero address\");\n StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;\n }\n\n /**\n * @dev Changes the admin of the proxy.\n *\n * Emits an {AdminChanged} event.\n */\n function _changeAdmin(address newAdmin) internal {\n emit AdminChanged(_getAdmin(), newAdmin);\n _setAdmin(newAdmin);\n }\n\n /**\n * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.\n */\n bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n /**\n * @dev Returns the current beacon.\n */\n function _getBeacon() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;\n }\n\n /**\n * @dev Stores a new beacon in the EIP1967 beacon slot.\n */\n function _setBeacon(address newBeacon) private {\n require(AddressUpgradeable.isContract(newBeacon), \"ERC1967: new beacon is not a contract\");\n require(\n AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),\n \"ERC1967: beacon implementation is not a contract\"\n );\n StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;\n }\n\n /**\n * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does\n * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).\n *\n * Emits a {BeaconUpgraded} event.\n */\n function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {\n _setBeacon(newBeacon);\n emit BeaconUpgraded(newBeacon);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);\n }\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../../utils/AddressUpgradeable.sol\";\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n * function initialize() initializer public {\n * __ERC20_init(\"MyToken\", \"MTK\");\n * }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n * function initializeV2() reinitializer(2) public {\n * __ERC20Permit_init(\"MyToken\");\n * }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n * _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n /**\n * @dev Indicates that the contract has been initialized.\n * @custom:oz-retyped-from bool\n */\n uint8 private _initialized;\n\n /**\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private _initializing;\n\n /**\n * @dev Triggered when the contract has been initialized or reinitialized.\n */\n event Initialized(uint8 version);\n\n /**\n * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n * `onlyInitializing` functions can be used to initialize parent contracts.\n *\n * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a\n * constructor.\n *\n * Emits an {Initialized} event.\n */\n modifier initializer() {\n bool isTopLevelCall = !_initializing;\n require(\n (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),\n \"Initializable: contract is already initialized\"\n );\n _initialized = 1;\n if (isTopLevelCall) {\n _initializing = true;\n }\n _;\n if (isTopLevelCall) {\n _initializing = false;\n emit Initialized(1);\n }\n }\n\n /**\n * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n * used to initialize parent contracts.\n *\n * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n * are added through upgrades and that require initialization.\n *\n * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n * cannot be nested. If one is invoked in the context of another, execution will revert.\n *\n * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n * a contract, executing them in the right order is up to the developer or operator.\n *\n * WARNING: setting the version to 255 will prevent any future reinitialization.\n *\n * Emits an {Initialized} event.\n */\n modifier reinitializer(uint8 version) {\n require(!_initializing && _initialized < version, \"Initializable: contract is already initialized\");\n _initialized = version;\n _initializing = true;\n _;\n _initializing = false;\n emit Initialized(version);\n }\n\n /**\n * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n * {initializer} and {reinitializer} modifiers, directly or indirectly.\n */\n modifier onlyInitializing() {\n require(_initializing, \"Initializable: contract is not initializing\");\n _;\n }\n\n /**\n * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n * through proxies.\n *\n * Emits an {Initialized} event the first time it is successfully executed.\n */\n function _disableInitializers() internal virtual {\n require(!_initializing, \"Initializable: contract is initializing\");\n if (_initialized != type(uint8).max) {\n _initialized = type(uint8).max;\n emit Initialized(type(uint8).max);\n }\n }\n\n /**\n * @dev Returns the highest version that has been initialized. See {reinitializer}.\n */\n function _getInitializedVersion() internal view returns (uint8) {\n return _initialized;\n }\n\n /**\n * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n */\n function _isInitializing() internal view returns (bool) {\n return _initializing;\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../ERC1967/ERC1967UpgradeUpgradeable.sol\";\nimport \"./Initializable.sol\";\n\n/**\n * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an\n * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.\n *\n * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is\n * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing\n * `UUPSUpgradeable` with a custom implementation of upgrades.\n *\n * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.\n *\n * _Available since v4.1._\n */\nabstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {\n function __UUPSUpgradeable_init() internal onlyInitializing {\n }\n\n function __UUPSUpgradeable_init_unchained() internal onlyInitializing {\n }\n /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment\n address private immutable __self = address(this);\n\n /**\n * @dev Check that the execution is being performed through a delegatecall call and that the execution context is\n * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case\n * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a\n * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to\n * fail.\n */\n modifier onlyProxy() {\n require(address(this) != __self, \"Function must be called through delegatecall\");\n require(_getImplementation() == __self, \"Function must be called through active proxy\");\n _;\n }\n\n /**\n * @dev Check that the execution is not being performed through a delegate call. This allows a function to be\n * callable on the implementing contract but not through proxies.\n */\n modifier notDelegated() {\n require(address(this) == __self, \"UUPSUpgradeable: must not be called through delegatecall\");\n _;\n }\n\n /**\n * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the\n * implementation. It is used to validate the implementation's compatibility when performing an upgrade.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.\n */\n function proxiableUUID() external view virtual override notDelegated returns (bytes32) {\n return _IMPLEMENTATION_SLOT;\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeTo(address newImplementation) public virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, new bytes(0), false);\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call\n * encoded in `data`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, data, true);\n }\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n *\n * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.\n *\n * ```solidity\n * function _authorizeUpgrade(address) internal override onlyOwner {}\n * ```\n */\n function _authorizeUpgrade(address newImplementation) internal virtual;\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n *\n * TIP: If you would like to learn more about reentrancy and alternative ways\n * to protect against it, check out our blog post\n * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].\n */\nabstract contract ReentrancyGuardUpgradeable is Initializable {\n // Booleans are more expensive than uint256 or any type that takes up a full\n // word because each write operation emits an extra SLOAD to first read the\n // slot's contents, replace the bits taken up by the boolean, and then write\n // back. This is the compiler's defense against contract upgrades and\n // pointer aliasing, and it cannot be disabled.\n\n // The values being non-zero value makes deployment a bit more expensive,\n // but in exchange the refund on every call to nonReentrant will be lower in\n // amount. Since refunds are capped to a percentage of the total\n // transaction's gas, it is best to keep them low in cases like this one, to\n // increase the likelihood of the full refund coming into effect.\n uint256 private constant _NOT_ENTERED = 1;\n uint256 private constant _ENTERED = 2;\n\n uint256 private _status;\n\n function __ReentrancyGuard_init() internal onlyInitializing {\n __ReentrancyGuard_init_unchained();\n }\n\n function __ReentrancyGuard_init_unchained() internal onlyInitializing {\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and making it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _nonReentrantBefore();\n _;\n _nonReentrantAfter();\n }\n\n function _nonReentrantBefore() private {\n // On the first call to nonReentrant, _status will be _NOT_ENTERED\n require(_status != _ENTERED, \"ReentrancyGuard: reentrant call\");\n\n // Any calls to nonReentrant after this point will fail\n _status = _ENTERED;\n }\n\n function _nonReentrantAfter() private {\n // By storing the original value once again, a refund is triggered (see\n // https://eips.ethereum.org/EIPS/eip-2200)\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Returns true if the reentrancy guard is currently set to \"entered\", which indicates there is a\n * `nonReentrant` function in the call stack.\n */\n function _reentrancyGuardEntered() internal view returns (bool) {\n return _status == _ENTERED;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20PermitUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20PermitUpgradeable {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20Upgradeable {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20Upgradeable.sol\";\nimport \"../extensions/IERC20PermitUpgradeable.sol\";\nimport \"../../../utils/AddressUpgradeable.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20Upgradeable {\n using AddressUpgradeable for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20PermitUpgradeable token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary AddressUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n function __Context_init() internal onlyInitializing {\n }\n\n function __Context_init_unchained() internal onlyInitializing {\n }\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../StringsUpgradeable.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSAUpgradeable {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", StringsUpgradeable.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/MathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary MathUpgradeable {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/SignedMathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMathUpgradeable {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StorageSlotUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n * function _getImplementation() internal view returns (address) {\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n * }\n *\n * function _setImplementation(address newImplementation) internal {\n * require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n * }\n * }\n * ```\n *\n * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._\n * _Available since v4.9 for `string`, `bytes`._\n */\nlibrary StorageSlotUpgradeable {\n struct AddressSlot {\n address value;\n }\n\n struct BooleanSlot {\n bool value;\n }\n\n struct Bytes32Slot {\n bytes32 value;\n }\n\n struct Uint256Slot {\n uint256 value;\n }\n\n struct StringSlot {\n string value;\n }\n\n struct BytesSlot {\n bytes value;\n }\n\n /**\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n */\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BooleanSlot` with member `value` located at `slot`.\n */\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.\n */\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Uint256Slot` with member `value` located at `slot`.\n */\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` with member `value` located at `slot`.\n */\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n */\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` with member `value` located at `slot`.\n */\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n */\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StringsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/MathUpgradeable.sol\";\nimport \"./math/SignedMathUpgradeable.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary StringsUpgradeable {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = MathUpgradeable.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMathUpgradeable.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, MathUpgradeable.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/vendor/optimism/ICrossDomainMessengerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (vendor/optimism/ICrossDomainMessenger.sol)\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessengerUpgradeable {\n /**********\n * Events *\n **********/\n\n event SentMessage(address indexed target, address sender, bytes message, uint256 messageNonce, uint256 gasLimit);\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(address _target, bytes calldata _message, uint32 _gasLimit) external;\n}\n" + }, + "@openzeppelin/contracts/access/Ownable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n" + }, + "@openzeppelin/contracts/interfaces/IERC1271.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC1271 standard signature validation method for\n * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].\n *\n * _Available since v4.1._\n */\ninterface IERC1271 {\n /**\n * @dev Should return whether the signature provided is valid for the provided data\n * @param hash Hash of the data to be signed\n * @param signature Signature byte array associated with _data\n */\n function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20Permit {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/IERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\nimport \"../extensions/IERC20Permit.sol\";\nimport \"../../../utils/Address.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using Address for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20 token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20Permit token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Address.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Context.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/ECDSA.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../Strings.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", Strings.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.2) (utils/cryptography/MerkleProof.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev These functions deal with verification of Merkle Tree proofs.\n *\n * The tree and the proofs can be generated using our\n * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].\n * You will find a quickstart guide in the readme.\n *\n * WARNING: You should avoid using leaf values that are 64 bytes long prior to\n * hashing, or use a hash function other than keccak256 for hashing leaves.\n * This is because the concatenation of a sorted pair of internal nodes in\n * the merkle tree could be reinterpreted as a leaf value.\n * OpenZeppelin's JavaScript library generates merkle trees that are safe\n * against this attack out of the box.\n */\nlibrary MerkleProof {\n /**\n * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree\n * defined by `root`. For this, a `proof` must be provided, containing\n * sibling hashes on the branch from the leaf to the root of the tree. Each\n * pair of leaves and each pair of pre-images are assumed to be sorted.\n */\n function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProof(proof, leaf) == root;\n }\n\n /**\n * @dev Calldata version of {verify}\n *\n * _Available since v4.7._\n */\n function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProofCalldata(proof, leaf) == root;\n }\n\n /**\n * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up\n * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt\n * hash matches the root of the tree. When processing the proof, the pairs\n * of leafs & pre-images are assumed to be sorted.\n *\n * _Available since v4.4._\n */\n function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Calldata version of {processProof}\n *\n * _Available since v4.7._\n */\n function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a merkle tree defined by\n * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerify(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProof(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Calldata version of {multiProofVerify}\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerifyCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProofCalldata(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction\n * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another\n * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false\n * respectively.\n *\n * CAUTION: Not all merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree\n * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the\n * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).\n *\n * _Available since v4.7._\n */\n function processMultiProof(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n /**\n * @dev Calldata version of {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function processMultiProofCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {\n return a < b ? _efficientHash(a, b) : _efficientHash(b, a);\n }\n\n function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, a)\n mstore(0x20, b)\n value := keccak256(0x00, 0x40)\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/SignatureChecker.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./ECDSA.sol\";\nimport \"../../interfaces/IERC1271.sol\";\n\n/**\n * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA\n * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets like\n * Argent and Gnosis Safe.\n *\n * _Available since v4.1._\n */\nlibrary SignatureChecker {\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the\n * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECDSA.recover`.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {\n (address recovered, ECDSA.RecoverError error) = ECDSA.tryRecover(hash, signature);\n return\n (error == ECDSA.RecoverError.NoError && recovered == signer) ||\n isValidERC1271SignatureNow(signer, hash, signature);\n }\n\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated\n * against the signer smart contract using ERC1271.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidERC1271SignatureNow(\n address signer,\n bytes32 hash,\n bytes memory signature\n ) internal view returns (bool) {\n (bool success, bytes memory result) = signer.staticcall(\n abi.encodeWithSelector(IERC1271.isValidSignature.selector, hash, signature)\n );\n return (success &&\n result.length >= 32 &&\n abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/Math.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary Math {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/SignedMath.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMath {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Strings.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/Math.sol\";\nimport \"./math/SignedMath.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = Math.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMath.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, Math.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: AGPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"./MerkleDistributorInterface.sol\";\n\n/**\n * Inspired by:\n * - https://github.com/pie-dao/vested-token-migration-app\n * - https://github.com/Uniswap/merkle-distributor\n * - https://github.com/balancer-labs/erc20-redeemable\n *\n * @title MerkleDistributor contract.\n * @notice Allows an owner to distribute any reward ERC20 to claimants according to Merkle roots. The owner can specify\n * multiple Merkle roots distributions with customized reward currencies.\n * @dev The Merkle trees are not validated in any way, so the system assumes the contract owner behaves honestly.\n */\ncontract MerkleDistributor is MerkleDistributorInterface, Ownable {\n using SafeERC20 for IERC20;\n\n // Windows are mapped to arbitrary indices.\n mapping(uint256 => Window) public merkleWindows;\n\n // Index of next created Merkle root.\n uint256 public nextCreatedIndex;\n\n // Track which accounts have claimed for each window index.\n // Note: uses a packed array of bools for gas optimization on tracking certain claims. Copied from Uniswap's contract.\n mapping(uint256 => mapping(uint256 => uint256)) private claimedBitMap;\n\n /****************************************\n * EVENTS\n ****************************************/\n event Claimed(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n event CreatedWindow(\n uint256 indexed windowIndex,\n uint256 rewardsDeposited,\n address indexed rewardToken,\n address owner\n );\n event WithdrawRewards(address indexed owner, uint256 amount, address indexed currency);\n event DeleteWindow(uint256 indexed windowIndex, address owner);\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Set merkle root for the next available window index and seed allocations.\n * @notice Callable only by owner of this contract. Caller must have approved this contract to transfer\n * `rewardsToDeposit` amount of `rewardToken` or this call will fail. Importantly, we assume that the\n * owner of this contract correctly chooses an amount `rewardsToDeposit` that is sufficient to cover all\n * claims within the `merkleRoot`.\n * @param rewardsToDeposit amount of rewards to deposit to seed this allocation.\n * @param rewardToken ERC20 reward token.\n * @param merkleRoot merkle root describing allocation.\n * @param ipfsHash hash of IPFS object, conveniently stored for clients\n */\n function setWindow(\n uint256 rewardsToDeposit,\n address rewardToken,\n bytes32 merkleRoot,\n string calldata ipfsHash\n ) external onlyOwner {\n uint256 indexToSet = nextCreatedIndex;\n nextCreatedIndex = indexToSet + 1;\n\n _setWindow(indexToSet, rewardsToDeposit, rewardToken, merkleRoot, ipfsHash);\n }\n\n /**\n * @notice Delete merkle root at window index.\n * @dev Callable only by owner. Likely to be followed by a withdrawRewards call to clear contract state.\n * @param windowIndex merkle root index to delete.\n */\n function deleteWindow(uint256 windowIndex) external onlyOwner {\n delete merkleWindows[windowIndex];\n emit DeleteWindow(windowIndex, msg.sender);\n }\n\n /**\n * @notice Emergency method that transfers rewards out of the contract if the contract was configured improperly.\n * @dev Callable only by owner.\n * @param rewardCurrency rewards to withdraw from contract.\n * @param amount amount of rewards to withdraw.\n */\n function withdrawRewards(IERC20 rewardCurrency, uint256 amount) external onlyOwner {\n rewardCurrency.safeTransfer(msg.sender, amount);\n emit WithdrawRewards(msg.sender, amount, address(rewardCurrency));\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev Optimistically tries to batch together consecutive claims for the same account and same\n * reward token to reduce gas. Therefore, the most gas-cost-optimal way to use this method\n * is to pass in an array of claims sorted by account and reward currency. It also reverts\n * when any of individual `_claim`'s `amount` exceeds `remainingAmount` for its window.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public virtual override {\n uint256 batchedAmount;\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n Claim memory _claim = claims[i];\n _verifyAndMarkClaimed(_claim);\n batchedAmount += _claim.amount;\n\n // If the next claim is NOT the same account or the same token (or this claim is the last one),\n // then disburse the `batchedAmount` to the current claim's account for the current claim's reward token.\n uint256 nextI = i + 1;\n IERC20 currentRewardToken = merkleWindows[_claim.windowIndex].rewardToken;\n if (\n nextI == claimCount ||\n // This claim is last claim.\n claims[nextI].account != _claim.account ||\n // Next claim account is different than current one.\n merkleWindows[claims[nextI].windowIndex].rewardToken != currentRewardToken\n // Next claim reward token is different than current one.\n ) {\n currentRewardToken.safeTransfer(_claim.account, batchedAmount);\n batchedAmount = 0;\n }\n }\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev If the `_claim`'s `amount`, `accountIndex`, and `account` do not exactly match the\n * values stored in the merkle root for the `_claim`'s `windowIndex` this method\n * will revert. It also reverts when `_claim`'s `amount` exceeds `remainingAmount` for the window.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public virtual override {\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(_claim.account, _claim.amount);\n }\n\n /**\n * @notice Returns True if the claim for `accountIndex` has already been completed for the Merkle root at\n * `windowIndex`.\n * @dev This method will only work as intended if all `accountIndex`'s are unique for a given `windowIndex`.\n * The onus is on the Owner of this contract to submit only valid Merkle roots.\n * @param windowIndex merkle root to check.\n * @param accountIndex account index to check within window index.\n * @return True if claim has been executed already, False otherwise.\n */\n function isClaimed(uint256 windowIndex, uint256 accountIndex) public view returns (bool) {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n uint256 claimedWord = claimedBitMap[windowIndex][claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Returns rewardToken set by admin for windowIndex.\n * @param windowIndex merkle root to check.\n * @return address Reward token address\n */\n function getRewardTokenForWindow(uint256 windowIndex) public view override returns (address) {\n return address(merkleWindows[windowIndex].rewardToken);\n }\n\n /**\n * @notice Returns True if leaf described by {account, amount, accountIndex} is stored in Merkle root at given\n * window index.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n * @return valid True if leaf exists.\n */\n function verifyClaim(Claim memory _claim) public view returns (bool valid) {\n bytes32 leaf = keccak256(abi.encodePacked(_claim.account, _claim.amount, _claim.accountIndex));\n return MerkleProof.verify(_claim.merkleProof, merkleWindows[_claim.windowIndex].merkleRoot, leaf);\n }\n\n /****************************\n * PRIVATE FUNCTIONS\n ****************************/\n\n // Mark claim as completed for `accountIndex` for Merkle root at `windowIndex`.\n function _setClaimed(uint256 windowIndex, uint256 accountIndex) private {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n claimedBitMap[windowIndex][claimedWordIndex] =\n claimedBitMap[windowIndex][claimedWordIndex] |\n (1 << claimedBitIndex);\n }\n\n // Store new Merkle root at `windowindex`. Pull `rewardsDeposited` from caller to seed distribution for this root.\n function _setWindow(\n uint256 windowIndex,\n uint256 rewardsDeposited,\n address rewardToken,\n bytes32 merkleRoot,\n string memory ipfsHash\n ) private {\n Window storage window = merkleWindows[windowIndex];\n window.merkleRoot = merkleRoot;\n window.remainingAmount = rewardsDeposited;\n window.rewardToken = IERC20(rewardToken);\n window.ipfsHash = ipfsHash;\n\n emit CreatedWindow(windowIndex, rewardsDeposited, rewardToken, msg.sender);\n\n window.rewardToken.safeTransferFrom(msg.sender, address(this), rewardsDeposited);\n }\n\n // Verify claim is valid and mark it as completed in this contract.\n function _verifyAndMarkClaimed(Claim memory _claim) internal {\n // Check claimed proof against merkle window at given index.\n require(verifyClaim(_claim), \"Incorrect merkle proof\");\n // Check the account has not yet claimed for this window.\n require(!isClaimed(_claim.windowIndex, _claim.accountIndex), \"Account has already claimed for this window\");\n\n // Proof is correct and claim has not occurred yet, mark claimed complete.\n _setClaimed(_claim.windowIndex, _claim.accountIndex);\n merkleWindows[_claim.windowIndex].remainingAmount -= _claim.amount;\n emit Claimed(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributorInterface.sol": { + "content": "// SPDX-License-Identifier: GPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in MerkleDistributor implementation that would be called by\n * a consuming external contract (such as the Across Protocol's AcceleratingDistributor).\n */\ninterface MerkleDistributorInterface {\n // A Window maps a Merkle root to a reward token address.\n struct Window {\n // Merkle root describing the distribution.\n bytes32 merkleRoot;\n // Remaining amount of deposited rewards that have not yet been claimed.\n uint256 remainingAmount;\n // Currency in which reward is processed.\n IERC20 rewardToken;\n // IPFS hash of the merkle tree. Can be used to independently fetch recipient proofs and tree. Note that the canonical\n // data type for storing an IPFS hash is a multihash which is the concatenation of \n // . We opted to store this in a string type to make it easier\n // for users to query the ipfs data without needing to reconstruct the multihash. to view the IPFS data simply\n // go to https://cloudflare-ipfs.com/ipfs/.\n string ipfsHash;\n }\n\n // Represents an account's claim for `amount` within the Merkle root located at the `windowIndex`.\n struct Claim {\n uint256 windowIndex;\n uint256 amount;\n uint256 accountIndex; // Used only for bitmap. Assumed to be unique for each claim.\n address account;\n bytes32[] merkleProof;\n }\n\n function claim(Claim memory _claim) external;\n\n function claimMulti(Claim[] memory claims) external;\n\n function getRewardTokenForWindow(uint256 windowIndex) external view returns (address);\n}\n" + }, + "contracts/Arbitrum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\ninterface StandardBridgeLike {\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external payable returns (bytes memory);\n}\n\n/**\n * @notice AVM specific SpokePool. Uses AVM cross-domain-enabled logic to implement admin only access to functions.\n */\ncontract Arbitrum_SpokePool is SpokePool {\n // Address of the Arbitrum L2 token gateway to send funds to L1.\n address public l2GatewayRouter;\n\n // Admin controlled mapping of arbitrum tokens to L1 counterpart. L1 counterpart addresses\n // are necessary params used when bridging tokens to L1.\n mapping(address => address) public whitelistedTokens;\n\n event ArbitrumTokensBridged(address indexed l1Token, address target, uint256 numberOfTokensBridged);\n event SetL2GatewayRouter(address indexed newL2GatewayRouter);\n event WhitelistedTokens(address indexed l2Token, address indexed l1Token);\n\n /**\n * @notice Construct the AVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _l2GatewayRouter Address of L2 token gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _l2GatewayRouter,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setL2GatewayRouter(_l2GatewayRouter);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ARBITRUM-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 gateway router. Callable only by admin.\n * @param newL2GatewayRouter New L2 gateway router.\n */\n function setL2GatewayRouter(address newL2GatewayRouter) public onlyAdmin nonReentrant {\n _setL2GatewayRouter(newL2GatewayRouter);\n }\n\n /**\n * @notice Add L2 -> L1 token mapping. Callable only by admin.\n * @param l2Token Arbitrum token.\n * @param l1Token Ethereum version of l2Token.\n */\n function whitelistToken(address l2Token, address l1Token) public onlyAdmin nonReentrant {\n _whitelistToken(l2Token, l1Token);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // Check that the Ethereum counterpart of the L2 token is stored on this contract.\n address ethereumTokenToBridge = whitelistedTokens[relayerRefundLeaf.l2TokenAddress];\n require(ethereumTokenToBridge != address(0), \"Uninitialized mainnet token\");\n //slither-disable-next-line unused-return\n StandardBridgeLike(l2GatewayRouter).outboundTransfer(\n ethereumTokenToBridge, // _l1Token. Address of the L1 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 hub pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n emit ArbitrumTokensBridged(address(0), hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setL2GatewayRouter(address _l2GatewayRouter) internal {\n l2GatewayRouter = _l2GatewayRouter;\n emit SetL2GatewayRouter(l2GatewayRouter);\n }\n\n function _whitelistToken(address _l2Token, address _l1Token) internal {\n whitelistedTokens[_l2Token] = _l1Token;\n emit WhitelistedTokens(_l2Token, _l1Token);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://developer.offchainlabs.com/docs/l1_l2_messages#address-aliasing for more information.\n // This cannot be pulled directly from Arbitrum contracts because their contracts are not 0.8.X compatible and\n // this operation takes advantage of overflows, whose behavior changed in 0.8.0.\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n // Allows overflows as explained above.\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n // Apply AVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + }, + "contracts/chain-adapters/Arbitrum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Arbitrum's L1 Inbox contract used to send messages to Arbitrum.\n */\ninterface ArbitrumL1InboxLike {\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @dev Caller must set msg.value equal to at least `maxSubmissionCost + maxGas * gasPriceBid`.\n * all msg.value will deposited to callValueRefundAddress on L2\n * @dev More details can be found here: https://developer.arbitrum.io/arbos/l1-to-l2-messaging\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function createRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed\n * funds come from the deposit alone, rather than falling back on the user's L2 balance\n * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).\n * createRetryableTicket method is the recommended standard.\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function unsafeCreateRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n}\n\n/**\n * @notice Layer 1 Gateway contract for bridging standard ERC20s to Arbitrum.\n */\ninterface ArbitrumL1ERC20GatewayLike {\n /**\n * @notice Deprecated in favor of outboundTransferCustomRefund but still used in custom bridges\n * like the DAI bridge.\n * @dev Refunded to aliased L2 address of sender if sender has code on L1, otherwise to to sender's EOA on L2.\n * @param _l1Token L1 address of ERC20\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice Deposit ERC20 token from Ethereum into Arbitrum.\n * @dev L2 address alias will not be applied to the following types of addresses on L1:\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * @param _l1Token L1 address of ERC20\n * @param _refundTo Account, or its L2 alias if it have code in L1, to be credited with excess gas refund in L2\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransferCustomRefund(\n address _l1Token,\n address _refundTo,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice get ERC20 gateway for token.\n * @param _token ERC20 address.\n * @return address of ERC20 gateway.\n */\n function getGateway(address _token) external view returns (address);\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Arbitrum.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public constant l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public constant l2GasPrice = 5e9; // 5 gWei\n\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n uint32 public constant RELAY_MESSAGE_L2_GAS_LIMIT = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(\n ArbitrumL1InboxLike _l1ArbitrumInbox,\n ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter,\n address _l2RefundL2Address\n ) {\n l1Inbox = _l1ArbitrumInbox;\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send cross-chain message to target on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param target Contract on Arbitrum that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_MESSAGE_L2_GAS_LIMIT);\n\n l1Inbox.createRetryableTicket{ value: requiredL1CallValue }(\n target, // destAddr destination L2 contract address\n 0, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n RELAY_MESSAGE_L2_GAS_LIMIT, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n message // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for Arbitrum.\n uint256 amount,\n address to\n ) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_TOKENS_L2_GAS_LIMIT);\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n // Note: Legacy routers don't have the outboundTransferCustomRefund method, so default to using\n // outboundTransfer(). Legacy routers are used for the following tokens that are currently enabled:\n // - DAI: the implementation of `outboundTransfer` at the current DAI custom gateway\n // (https://etherscan.io/address/0xD3B5b60020504bc3489D6949d545893982BA3011#writeContract) sets the\n // sender as the refund address so the aliased HubPool should receive excess funds. Implementation here:\n // https://github.com/makerdao/arbitrum-dai-bridge/blob/11a80385e2622968069c34d401b3d54a59060e87/contracts/l1/L1DaiGateway.sol#L109\n if (l1Token == 0x6B175474E89094C44Da98b954EedeAC495271d0F) {\n // This means that the excess ETH to pay for the L2 transaction will be sent to the aliased\n // contract address on L2, which we'd have to retrieve via a custom adapter, the Arbitrum_RescueAdapter.\n // To do so, in a single transaction: 1) setCrossChainContracts to Arbitrum_RescueAdapter, 2) relayMessage\n // with function data = abi.encode(amountToRescue), 3) setCrossChainContracts back to this adapter.\n l1ERC20GatewayRouter.outboundTransfer{ value: requiredL1CallValue }(\n l1Token,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n } else {\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue(uint32 l2GasLimit) public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance(uint32 l2GasLimit) internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue(l2GasLimit);\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"./Arbitrum_Adapter.sol\"; // Used to import `ArbitrumL1ERC20GatewayLike` and `ArbitrumL1InboxLike`\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Meant to copy the Arbitrum_Adapter exactly in how it sends L1 --> L2 messages but is designed only to be\n * used by the owner of the HubPool to retrieve ETH held by its aliased address on L2. This ETH builds up because\n * `relayTokens` calls `l1ERC20GatewayRouter.outboundTransfer` which does not allow the caller to specify an L2 refund\n * address the same way that `l1Inbox.createRetryableTicket` does. This means that the alias address of the caller, the\n * HubPool in this case, receives ETH on L2. This Adapter can be used to send messages to Arbitrum specifically to send\n * transactions as if called by the aliased HubPool address.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public immutable l2GasPrice = 5e9; // 5 gWei\n\n // Gas limit for immediate L2 execution attempt (can be estimated via NodeInterface.estimateRetryableTicket).\n // NodeInterface precompile interface exists at L2 address 0x00000000000000000000000000000000000000C8\n uint32 public immutable l2GasLimit = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n // L1 HubPool address aliased on L2: https://github.com/OffchainLabs/arbitrum/blob/master/docs/L1_L2_Messages.md#address-aliasing\n address public immutable aliasedL2HubPoolAddress = 0xd297fA914353c44B2e33EBE05F21846f1048CFeB;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n */\n constructor(ArbitrumL1InboxLike _l1ArbitrumInbox) {\n l1Inbox = _l1ArbitrumInbox;\n\n l2RefundL2Address = msg.sender;\n }\n\n /**\n * @notice Send cross-chain message to aliased hub pool address on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param message Data to send to aliased hub pool.\n */\n function relayMessage(address, bytes memory message) external payable override {\n uint256 valueToReturn = abi.decode(message, (uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // In the rescue ETH setup, we send the transaction to the refund address, we provide a call value equal to the\n // amount we want to rescue, and we specify an empty calldata, since it's a simple ETH transfer.\n // Note: we use the unsafe version of createRetryableTicket because it doesn't require the msg.sender to pass\n // in arbTxCallValue in addition to maxSubmissionCost + maxGas * gasPriceBid.\n l1Inbox.unsafeCreateRetryableTicket{ value: requiredL1CallValue }(\n l2RefundL2Address, // destAddr destination L2 contract address\n valueToReturn, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n l2GasLimit, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n \"\" // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(aliasedL2HubPoolAddress, \"\");\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"useless function\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_SendTokensAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport { ArbitrumL1ERC20GatewayLike } from \"./Arbitrum_Adapter.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to send funds from the Hub to a Spoke in the event that a spoke pool\n * received a duplicate root bundle relay, due to some replay issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_SendTokensAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n uint256 public immutable l2GasPrice = 5e9;\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n address public immutable l2RefundL2Address;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter, address _l2RefundL2Address) {\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send tokens to SpokePool. Enables HubPool admin to call relaySpokePoolAdminFunction that will trigger\n * this function.\n * @dev This performs similar logic to relayTokens in the normal Arbitrum_Adapter by sending tokens\n * the Arbitrum_SpokePool out of the HubPool.\n * @param message The encoded address of the ERC20 to send to the rescue address.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n (address l1Token, uint256 amount) = abi.decode(message, (address, uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n target,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n\n // Purposefully not emitting any events so as not to confuse off-chain monitors that track this event.\n // emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * RELAY_TOKENS_L2_GAS_LIMIT;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Base_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Base. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Base_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Base system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Base.\n * @param target Contract on Base that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Base.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Boba_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Boba. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Boba_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 2_000_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Boba system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Boba.\n * @param target Contract on Boba that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Boba.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/CrossDomainEnabled.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.0;\n\n/* Interface Imports */\nimport { ICrossDomainMessenger } from \"@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol\";\n\n/**\n * @title CrossDomainEnabled\n * @dev Helper contract for contracts performing cross-domain communications between L1 and Optimism.\n * @dev This modifies the eth-optimism/CrossDomainEnabled contract only by changing state variables to be\n * immutable for use in contracts like the Optimism_Adapter which use delegateCall().\n */\ncontract CrossDomainEnabled {\n // Messenger contract used to send and recieve messages from the other domain.\n address public immutable messenger;\n\n /**\n * @param _messenger Address of the CrossDomainMessenger on the current layer.\n */\n constructor(address _messenger) {\n messenger = _messenger;\n }\n\n /**\n * Enforces that the modified function is only callable by a specific cross-domain account.\n * @param _sourceDomainAccount The only account on the originating domain which is\n * authenticated to call this function.\n */\n modifier onlyFromCrossDomainAccount(address _sourceDomainAccount) {\n require(msg.sender == address(getCrossDomainMessenger()), \"invalid cross domain messenger\");\n\n require(\n getCrossDomainMessenger().xDomainMessageSender() == _sourceDomainAccount,\n \"invalid cross domain sender\"\n );\n\n _;\n }\n\n /**\n * Gets the messenger, usually from storage. This function is exposed in case a child contract\n * needs to override.\n * @return The address of the cross-domain messenger contract which should be used.\n */\n function getCrossDomainMessenger() internal virtual returns (ICrossDomainMessenger) {\n return ICrossDomainMessenger(messenger);\n }\n\n /**\n * Sends a message to an account on another domain\n * @param _crossDomainTarget The intended recipient on the destination domain\n * @param _message The data to send to the target (usually calldata to a function with\n * onlyFromCrossDomainAccount())\n * @param _gasLimit The gasLimit for the receipt of the message on the target domain.\n */\n function sendCrossDomainMessage(\n address _crossDomainTarget,\n uint32 _gasLimit,\n bytes calldata _message\n ) internal {\n // slither-disable-next-line reentrancy-events, reentrancy-benign\n getCrossDomainMessenger().sendMessage(_crossDomainTarget, _message, _gasLimit);\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Ethereum SpokePool.\n * @notice This contract should always be deployed on the same chain as the HubPool, as it acts as a pass-through\n * contract between HubPool and SpokePool on the same chain. Its named \"Ethereum_Adapter\" because a core assumption\n * is that the HubPool will be deployed on Ethereum, so this adapter will be used to communicate between HubPool\n * and the Ethereum_SpokePool.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n /**\n * @notice Send message to target on Ethereum.\n * @notice This function, and contract overall, is not useful in practice except that the HubPool\n * expects to interact with the SpokePool via an Adapter, so when communicating to the Ethereum_SpokePool, it must\n * send messages via this pass-through contract.\n * @param target Contract that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n _executeCall(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Send tokens to target.\n * @param l1Token L1 token to send.\n * @param l2Token Unused parameter in this contract.\n * @param amount Amount of L1 tokens to send.\n * @param to recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for ethereum since we are assuming that the HubPool is only deployed\n // on this network.\n uint256 amount,\n address to\n ) external payable override {\n IERC20(l1Token).safeTransfer(to, amount);\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n // Note: this snippet of code is copied from Governor.sol. Source: https://github.com/UMAprotocol/protocol/blob/5b37ea818a28479c01e458389a83c3e736306b17/packages/core/contracts/oracle/implementation/Governor.sol#L190-L207\n function _executeCall(address to, bytes memory data) private {\n // Note: this snippet of code is copied from Governor.sol and modified to not include any \"value\" field.\n\n bool success;\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let inputData := add(data, 0x20)\n let inputDataSize := mload(data)\n // Hardcode value to be 0 for relayed governance calls in order to avoid addressing complexity of bridging\n // value cross-chain.\n success := call(gas(), to, 0, inputData, inputDataSize, 0, 0)\n }\n require(success, \"execute call failed\");\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to rescue funds from a Hub in the event of a misconfiguration or\n * security issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n address public immutable rescueAddress;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rescueAddress Rescue address to send funds to.\n */\n constructor(address _rescueAddress) {\n rescueAddress = _rescueAddress;\n }\n\n /**\n * @notice Rescues the tokens from the calling contract.\n * @param message The encoded address of the ERC20 to send to the rescue addres.\n */\n function relayMessage(address, bytes memory message) external payable override {\n IERC20 tokenAddress = IERC20(abi.decode(message, (address)));\n\n // Transfer full balance of tokens to the rescue address.\n tokenAddress.safeTransfer(rescueAddress, tokenAddress.balanceOf(address(this)));\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n}\n" + }, + "contracts/chain-adapters/interfaces/AdapterInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Sends cross chain messages and tokens to contracts on a specific L2 network.\n * This interface is implemented by an adapter contract that is deployed on L1.\n */\n\ninterface AdapterInterface {\n event MessageRelayed(address target, bytes message);\n\n event TokensRelayed(address l1Token, address l2Token, uint256 amount, address to);\n\n /**\n * @notice Send message to `target` on L2.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param target L2 address to send message to.\n * @param message Message to send to `target`.\n */\n function relayMessage(address target, bytes calldata message) external payable;\n\n /**\n * @notice Send `amount` of `l1Token` to `to` on L2. `l2Token` is the L2 address equivalent of `l1Token`.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param l1Token L1 token to bridge.\n * @param l2Token L2 token to receive.\n * @param amount Amount of `l1Token` to bridge.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable;\n}\n" + }, + "contracts/chain-adapters/Optimism_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Synthetix custom bridge to Optimism.\n */\ninterface SynthetixBridgeToOptimism is IL1StandardBridge {\n /**\n * @notice Send tokens to Optimism.\n * @param to Address to send tokens to on L2.\n * @param amount Amount of tokens to send.\n */\n function depositTo(address to, uint256 amount) external;\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Optimism.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore it's only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Optimism_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n // Optimism has the ability to support \"custom\" bridges. These bridges are not supported by the canonical bridge\n // and so we need to store the address of the custom token and the associated bridge. In the event we want to\n // support a new token that is not supported by Optimism, we can add a new custom bridge for it and re-deploy the\n // adapter. A full list of custom optimism tokens and their associated bridges can be found here:\n // https://github.com/ethereum-optimism/ethereum-optimism.github.io/blob/master/optimism.tokenlist.json\n address public immutable dai = 0x6B175474E89094C44Da98b954EedeAC495271d0F;\n address public immutable daiOptimismBridge = 0x10E6593CDda8c58a1d0f14C5164B376352a55f2F;\n address public immutable snx = 0xC011a73ee8576Fb46F5E1c5751cA3B9Fe0af2a6F;\n address public immutable snxOptimismBridge = 0x39Ea01a0298C315d149a490E34B59Dbf2EC7e48F;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Optimism system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Optimism.\n * @param target Contract on Optimism that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Optimism.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n address bridgeToUse = address(l1StandardBridge);\n\n // Check if the L1 token requires a custom bridge. If so, use that bridge over the standard bridge.\n if (l1Token == dai) bridgeToUse = daiOptimismBridge; // 1. DAI\n if (l1Token == snx) bridgeToUse = snxOptimismBridge; // 2. SNX\n\n IERC20(l1Token).safeIncreaseAllowance(bridgeToUse, amount);\n if (l1Token == snx) SynthetixBridgeToOptimism(bridgeToUse).depositTo(to, amount);\n else IL1StandardBridge(bridgeToUse).depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Polygon_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Send tokens to Polygon.\n */\ninterface IRootChainManager {\n /**\n * @notice Send msg.value of ETH to Polygon\n * @param user Recipient of ETH on Polygon.\n */\n function depositEtherFor(address user) external payable;\n\n /**\n * @notice Send ERC20 tokens to Polygon.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param rootToken L1 Address of token to send.\n * @param depositData Data to pass to L2 including amount of tokens to send. Should be abi.encode(amount).\n */\n function depositFor(\n address user,\n address rootToken,\n bytes calldata depositData\n ) external;\n}\n\n/**\n * @notice Send arbitrary messages to Polygon.\n */\ninterface IFxStateSender {\n /**\n * @notice Send arbitrary message to Polygon.\n * @param _receiver Address on Polygon to receive message.\n * @param _data Message to send to `_receiver` on Polygon.\n */\n function sendMessageToChild(address _receiver, bytes calldata _data) external;\n}\n\n/**\n * @notice Similar to RootChainManager, but for Matic (Plasma) bridge.\n */\ninterface DepositManager {\n /**\n * @notice Send tokens to Polygon. Only used to send MATIC in this Polygon_Adapter.\n * @param token L1 token to send. Should be MATIC.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param amount Amount of `token` to send.\n */\n function depositERC20ForUser(\n address token,\n address user,\n uint256 amount\n ) external;\n}\n\n/**\n * @notice Sends cross chain messages Polygon L2 network.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Polygon_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n IRootChainManager public immutable rootChainManager;\n IFxStateSender public immutable fxStateSender;\n DepositManager public immutable depositManager;\n address public immutable erc20Predicate;\n address public immutable l1Matic;\n WETH9Interface public immutable l1Weth;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rootChainManager RootChainManager Polygon system contract to deposit tokens over the PoS bridge.\n * @param _fxStateSender FxStateSender Polygon system contract to send arbitrary messages to L2.\n * @param _depositManager DepositManager Polygon system contract to deposit tokens over the Plasma bridge (Matic).\n * @param _erc20Predicate ERC20Predicate Polygon system contract to approve when depositing to the PoS bridge.\n * @param _l1Matic matic address on l1.\n * @param _l1Weth WETH address on L1.\n */\n constructor(\n IRootChainManager _rootChainManager,\n IFxStateSender _fxStateSender,\n DepositManager _depositManager,\n address _erc20Predicate,\n address _l1Matic,\n WETH9Interface _l1Weth\n ) {\n rootChainManager = _rootChainManager;\n fxStateSender = _fxStateSender;\n depositManager = _depositManager;\n erc20Predicate = _erc20Predicate;\n l1Matic = _l1Matic;\n l1Weth = _l1Weth;\n }\n\n /**\n * @notice Send cross-chain message to target on Polygon.\n * @param target Contract on Polygon that will receive message.\n * @param message Data to send to target.\n */\n\n function relayMessage(address target, bytes calldata message) external payable override {\n fxStateSender.sendMessageToChild(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Polygon.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n rootChainManager.depositEtherFor{ value: amount }(to);\n } else if (l1Token == l1Matic) {\n IERC20(l1Token).safeIncreaseAllowance(address(depositManager), amount);\n depositManager.depositERC20ForUser(l1Token, to, amount);\n } else {\n IERC20(l1Token).safeIncreaseAllowance(erc20Predicate, amount);\n rootChainManager.depositFor(to, l1Token, abi.encode(amount));\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/ZkSync_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\ninterface ZkSyncInterface {\n // _contractL2: L2 address of the contract to be called.\n // _l2Value: Amount of ETH to pass with the call to L2; used as msg.value for the transaction.\n // _calldata: Calldata of the transaction call; encoded the same way as in Ethereum.\n // _l2GasLimit: Gas limit of the L2 transaction call.\n // _l2GasPerPubdataByteLimit: A constant representing how much gas is required to publish a byte of data from\n // L1 to L2. https://era.zksync.io/docs/api/js/utils.html#gas\n // _factoryDeps: Bytecodes array containing the bytecode of the contract being deployed.\n // If the contract is a factory contract, the array contains the bytecodes of the contracts it can deploy.\n // _refundRecipient: Address that receives the rest of the fee after the transaction execution.\n // If refundRecipient == 0, L2 msg.sender is used. Note: If the _refundRecipient is a smart contract,\n // then during the L1 to L2 transaction its address is aliased.\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash);\n\n // @notice Estimates the cost in Ether of requesting execution of an L2 transaction from L1\n // @param _l1GasPrice Effective gas price on L1 (priority fee + base fee)\n // @param _l2GasLimit Gas limit for the L2 transaction\n // @param _l2GasPerPubdataByteLimit Gas limit for the L2 transaction per byte of pubdata\n // @return The estimated L2 gas for the transaction to be paid\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256);\n}\n\ninterface ZkBridgeLike {\n // @dev: Use ZkSyncInterface.requestL2Transaction to bridge WETH as ETH to L2.\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash);\n}\n\n// Note: this contract just forwards the calls from the HubPool to ZkSync to avoid limits.\n// A modified ZKSync_Adapter should be deployed with this address swapped in for all zkSync addresses.\ncontract LimitBypassProxy is ZkSyncInterface, ZkBridgeLike {\n using SafeERC20 for IERC20;\n ZkSyncInterface public constant zkSync = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256) {\n return zkSync.l2TransactionBaseCost(_l1GasPrice, _l2GasLimit, _l2GasPerPubdataByteLimit);\n }\n\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash) {\n return\n zkSync.requestL2Transaction{ value: msg.value }(\n _contractL2,\n _l2Value,\n _calldata,\n _l2GasLimit,\n _l2GasPerPubdataByteLimit,\n _factoryDeps,\n _refundRecipient\n );\n }\n\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash) {\n IERC20(_l1Token).safeIncreaseAllowance(address(zkErc20Bridge), _amount);\n return\n zkErc20Bridge.deposit{ value: msg.value }(\n _l2Receiver,\n _l1Token,\n _amount,\n _l2TxGasLimit,\n _l2TxGasPerPubdataByte,\n _refundRecipient\n );\n }\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to ZkSync.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract ZkSync_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // We need to pay a base fee to the operator to include our L1 --> L2 transaction.\n // https://era.zksync.io/docs/dev/developer-guides/bridging/l1-l2.html#getting-the-base-cost\n\n // Generally, the following params are a bit hard to set and may change in the future once ZkSync\n // goes live. For now, we'll hardcode these and use aggressive values to ensure inclusion.\n\n // Limit on L2 gas to spend.\n uint256 public constant L2_GAS_LIMIT = 2_000_000;\n\n // How much gas is required to publish a byte of data from L1 to L2. 800 is the required value\n // as set here https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L226\n // Note, this value can change and will require an updated adapter.\n uint256 public constant L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT = 800;\n\n // This address receives any remaining fee after an L1 to L2 transaction completes.\n // If refund recipient = address(0) then L2 msg.sender is used, unless msg.sender is a contract then its address\n // gets aliased.\n address public immutable l2RefundAddress;\n\n // Hardcode the following ZkSync system contract addresses to save gas on construction. This adapter can be\n // redeployed in the event that the following addresses change.\n\n // Main contract used to send L1 --> L2 messages. Fetchable via `zks_getMainContract` method on JSON RPC.\n ZkSyncInterface public constant zkSyncMessageBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Contract used to send ETH to L2. Note: this is the same address as the main contract, but separated to allow\n // only this contract to be swapped (leaving the main zkSync contract to be used for messaging).\n ZkSyncInterface public constant zkSyncEthBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Bridges to send ERC20 and ETH to L2. Fetchable via `zks_getBridgeContracts` method on JSON RPC.\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n // Set l1Weth at construction time to make testing easier.\n WETH9Interface public immutable l1Weth;\n\n event ZkSyncMessageRelayed(bytes32 canonicalTxHash);\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _l2RefundAddress address that recieves excess gas refunds on L2.\n */\n constructor(WETH9Interface _l1Weth, address _l2RefundAddress) {\n l1Weth = _l1Weth;\n l2RefundAddress = _l2RefundAddress;\n }\n\n /**\n * @notice Send cross-chain message to target on ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message, or the message\n * will revert.\n * @param target Contract on L2 that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // Returns the hash of the requested L2 transaction. This hash can be used to follow the transaction status.\n bytes32 canonicalTxHash = zkSyncMessageBridge.requestL2Transaction{ value: txBaseCost }(\n target,\n // We pass no ETH with the call, otherwise we'd need to add to the txBaseCost this value.\n 0,\n message,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n\n emit MessageRelayed(target, message);\n emit ZkSyncMessageRelayed(canonicalTxHash);\n }\n\n /**\n * @notice Bridge tokens to ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message\n * or the message will revert.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused.\n uint256 amount,\n address to\n ) external payable override {\n // This could revert if the relay amount is over the ZkSync deposit\n // limit: https://github.com/matter-labs/era-contracts/blob/main/ethereum/contracts/common/AllowList.sol#L150\n // We should make sure that the limit is either set very high or we need to do logic\n // that splits the amount to deposit into multiple chunks. We can't have\n // this function revert or the HubPool will not be able to proceed to the\n // next bundle. See more here:\n // https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#deposit-limitation\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L230\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // If the l1Token is WETH then unwrap it to ETH then send the ETH to the standard bridge along with the base\n // cost. I've tried sending WETH over the erc20Bridge directly but we receive the wrong WETH\n // on the L2 side. So, we need to unwrap the WETH into ETH and then send.\n bytes32 txHash;\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n // We cannot call the standard ERC20 bridge because it disallows ETH deposits.\n txHash = zkSyncEthBridge.requestL2Transaction{ value: txBaseCost + amount }(\n to,\n amount,\n \"\",\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n } else {\n IERC20(l1Token).safeIncreaseAllowance(address(zkErc20Bridge), amount);\n txHash = zkErc20Bridge.deposit{ value: txBaseCost }(\n to,\n l1Token,\n amount,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n l2RefundAddress\n );\n }\n\n emit TokensRelayed(l1Token, l2Token, amount, to);\n emit ZkSyncMessageRelayed(txHash);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public view returns (uint256) {\n // - tx.gasprice returns effective_gas_price. It's also used by Mailbox contract to estimate L2GasPrice\n // so using tx.gasprice should always pass this check that msg.value >= baseCost + _l2Value\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L273\n // - priority_fee_per_gas = min(transaction.max_priority_fee_per_gas, transaction.max_fee_per_gas - block.base_fee_per_gas)\n // - effective_gas_price = priority_fee_per_gas + block.base_fee_per_gas\n return\n zkSyncMessageBridge.l2TransactionBaseCost(tx.gasprice, L2_GAS_LIMIT, L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT);\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/Ethereum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @notice Ethereum L1 specific SpokePool. Used on Ethereum L1 to facilitate L2->L1 transfers.\n */\ncontract Ethereum_SpokePool is SpokePool, OwnableUpgradeable {\n using SafeERC20Upgradeable for IERC20Upgradeable;\n\n /**\n * @notice Construct the Ethereum SpokePool.\n * @dev crossDomainAdmin is unused on this contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _hubPool, _hubPool, _wethAddress);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n // The SpokePool deployed to the same network as the HubPool must be owned by the HubPool.\n // A core assumption of this contract system is that the HubPool is deployed on Ethereum.\n function _requireAdminSender() internal override onlyOwner {}\n}\n" + }, + "contracts/external/interfaces/SuccinctInterfaces.sol": { + "content": "pragma solidity ^0.8.0;\n\n// These interfaces are a subset of the Succinct interfaces here: https://github.com/succinctlabs/telepathy-contracts.\n\n// This interface should be implemented by any contract wanting to receive messages sent over the Succinct bridge.\ninterface ITelepathyHandler {\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external returns (bytes4);\n}\n\n// This interface represents the contract that we call into to send messages over the Succinct AMB.\ninterface ITelepathyBroadcaster {\n function send(\n uint16 _recipientChainId,\n address _recipientAddress,\n bytes calldata _data\n ) external returns (bytes32);\n}\n" + }, + "contracts/external/interfaces/WETH9Interface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Interface for the WETH9 contract.\n */\ninterface WETH9Interface {\n /**\n * @notice Burn Wrapped Ether and receive native Ether.\n * @param wad Amount of WETH to unwrap and send to caller.\n */\n function withdraw(uint256 wad) external;\n\n /**\n * @notice Lock native Ether and mint Wrapped Ether ERC20\n * @dev msg.value is amount of Wrapped Ether to mint/Ether to lock.\n */\n function deposit() external payable;\n\n /**\n * @notice Get balance of WETH held by `guy`.\n * @param guy Address to get balance of.\n * @return wad Amount of WETH held by `guy`.\n */\n function balanceOf(address guy) external view returns (uint256 wad);\n\n /**\n * @notice Transfer `wad` of WETH from caller to `guy`.\n * @param guy Address to send WETH to.\n * @param wad Amount of WETH to send.\n * @return ok True if transfer succeeded.\n */\n function transfer(address guy, uint256 wad) external returns (bool);\n}\n" + }, + "contracts/interfaces/HubPoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in HubPool implementation.\n */\ninterface HubPoolInterface {\n // This leaf is meant to be decoded in the HubPool to rebalance tokens between HubPool and SpokePool.\n struct PoolRebalanceLeaf {\n // This is used to know which chain to send cross-chain transactions to (and which SpokePool to send to).\n uint256 chainId;\n // Total LP fee amount per token in this bundle, encompassing all associated bundled relays.\n uint256[] bundleLpFees;\n // Represents the amount to push to or pull from the SpokePool. If +, the pool pays the SpokePool. If negative\n // the SpokePool pays the HubPool. There can be arbitrarily complex rebalancing rules defined offchain. This\n // number is only nonzero when the rules indicate that a rebalancing action should occur. When a rebalance does\n // occur, runningBalances must be set to zero for this token and netSendAmounts should be set to the previous\n // runningBalances + relays - deposits in this bundle. If non-zero then it must be set on the SpokePool's\n // RelayerRefundLeaf amountToReturn as -1 * this value to show if funds are being sent from or to the SpokePool.\n int256[] netSendAmounts;\n // This is only here to be emitted in an event to track a running unpaid balance between the L2 pool and the L1\n // pool. A positive number indicates that the HubPool owes the SpokePool funds. A negative number indicates that\n // the SpokePool owes the HubPool funds. See the comment above for the dynamics of this and netSendAmounts.\n int256[] runningBalances;\n // Used by data worker to mark which leaves should relay roots to SpokePools, and to otherwise organize leaves.\n // For example, each leaf should contain all the rebalance information for a single chain, but in the case where\n // the list of l1Tokens is very large such that they all can't fit into a single leaf that can be executed under\n // the block gas limit, then the data worker can use this groupIndex to organize them. Any leaves with\n // a groupIndex equal to 0 will relay roots to the SpokePool, so the data worker should ensure that only one\n // leaf for a specific chainId should have a groupIndex equal to 0.\n uint256 groupIndex;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint8 leafId;\n // The bundleLpFees, netSendAmounts, and runningBalances are required to be the same length. They are parallel\n // arrays for the given chainId and should be ordered by the l1Tokens field. All whitelisted tokens with nonzero\n // relays on this chain in this bundle in the order of whitelisting.\n address[] l1Tokens;\n }\n\n // A data worker can optimistically store several merkle roots on this contract by staking a bond and calling\n // proposeRootBundle. By staking a bond, the data worker is alleging that the merkle roots all contain valid leaves\n // that can be executed later to:\n // - Send funds from this contract to a SpokePool or vice versa\n // - Send funds from a SpokePool to Relayer as a refund for a relayed deposit\n // - Send funds from a SpokePool to a deposit recipient to fulfill a \"slow\" relay\n // Anyone can dispute this struct if the merkle roots contain invalid leaves before the\n // challengePeriodEndTimestamp. Once the expiration timestamp is passed, executeRootBundle to execute a leaf\n // from the poolRebalanceRoot on this contract and it will simultaneously publish the relayerRefundRoot and\n // slowRelayRoot to a SpokePool. The latter two roots, once published to the SpokePool, contain\n // leaves that can be executed on the SpokePool to pay relayers or recipients.\n struct RootBundle {\n // Contains leaves instructing this contract to send funds to SpokePools.\n bytes32 poolRebalanceRoot;\n // Relayer refund merkle root to be published to a SpokePool.\n bytes32 relayerRefundRoot;\n // Slow relay merkle root to be published to a SpokePool.\n bytes32 slowRelayRoot;\n // This is a 1D bitmap, with max size of 256 elements, limiting us to 256 chainsIds.\n uint256 claimedBitMap;\n // Proposer of this root bundle.\n address proposer;\n // Number of pool rebalance leaves to execute in the poolRebalanceRoot. After this number\n // of leaves are executed, a new root bundle can be proposed\n uint8 unclaimedPoolRebalanceLeafCount;\n // When root bundle challenge period passes and this root bundle becomes executable.\n uint32 challengePeriodEndTimestamp;\n }\n\n // Each whitelisted L1 token has an associated pooledToken struct that contains all information used to track the\n // cumulative LP positions and if this token is enabled for deposits.\n struct PooledToken {\n // LP token given to LPs of a specific L1 token.\n address lpToken;\n // True if accepting new LP's.\n bool isEnabled;\n // Timestamp of last LP fee update.\n uint32 lastLpFeeUpdate;\n // Number of LP funds sent via pool rebalances to SpokePools and are expected to be sent\n // back later.\n int256 utilizedReserves;\n // Number of LP funds held in contract less utilized reserves.\n uint256 liquidReserves;\n // Number of LP funds reserved to pay out to LPs as fees.\n uint256 undistributedLpFees;\n }\n\n // Helper contracts to facilitate cross chain actions between HubPool and SpokePool for a specific network.\n struct CrossChainContract {\n address adapter;\n address spokePool;\n }\n\n function setPaused(bool pause) external;\n\n function emergencyDeleteProposal() external;\n\n function relaySpokePoolAdminFunction(uint256 chainId, bytes memory functionData) external;\n\n function setProtocolFeeCapture(address newProtocolFeeCaptureAddress, uint256 newProtocolFeeCapturePct) external;\n\n function setBond(IERC20 newBondToken, uint256 newBondAmount) external;\n\n function setLiveness(uint32 newLiveness) external;\n\n function setIdentifier(bytes32 newIdentifier) external;\n\n function setCrossChainContracts(\n uint256 l2ChainId,\n address adapter,\n address spokePool\n ) external;\n\n function enableL1TokenForLiquidityProvision(address l1Token) external;\n\n function disableL1TokenForLiquidityProvision(address l1Token) external;\n\n function addLiquidity(address l1Token, uint256 l1TokenAmount) external payable;\n\n function removeLiquidity(\n address l1Token,\n uint256 lpTokenAmount,\n bool sendEth\n ) external;\n\n function exchangeRateCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationPostRelay(address l1Token, uint256 relayedAmount) external returns (uint256);\n\n function sync(address l1Token) external;\n\n function proposeRootBundle(\n uint256[] memory bundleEvaluationBlockNumbers,\n uint8 poolRebalanceLeafCount,\n bytes32 poolRebalanceRoot,\n bytes32 relayerRefundRoot,\n bytes32 slowRelayRoot\n ) external;\n\n function executeRootBundle(\n uint256 chainId,\n uint256 groupIndex,\n uint256[] memory bundleLpFees,\n int256[] memory netSendAmounts,\n int256[] memory runningBalances,\n uint8 leafId,\n address[] memory l1Tokens,\n bytes32[] memory proof\n ) external;\n\n function disputeRootBundle() external;\n\n function claimProtocolFeesCaptured(address l1Token) external;\n\n function setPoolRebalanceRoute(\n uint256 destinationChainId,\n address l1Token,\n address destinationToken\n ) external;\n\n function setDepositRoute(\n uint256 originChainId,\n uint256 destinationChainId,\n address originToken,\n bool depositsEnabled\n ) external;\n\n function poolRebalanceRoute(uint256 destinationChainId, address l1Token)\n external\n view\n returns (address destinationToken);\n\n function loadEthForL2Calls() external payable;\n}\n" + }, + "contracts/interfaces/SpokePoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Contains common data structures and functions used by all SpokePool implementations.\n */\ninterface SpokePoolInterface {\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\n struct RelayerRefundLeaf {\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\n // is negative. This is just the negative of this value.\n uint256 amountToReturn;\n // Used to verify that this is being executed on the correct destination chainId.\n uint256 chainId;\n // This array designates how much each of those addresses should be refunded.\n uint256[] refundAmounts;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint32 leafId;\n // The associated L2TokenAddress that these claims apply to.\n address l2TokenAddress;\n // Must be same length as refundAmounts and designates each address that must be refunded.\n address[] refundAddresses;\n }\n\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\n // chain validator can choose when to refund slow relayers.\n struct RelayData {\n // The address that made the deposit on the origin chain.\n address depositor;\n // The recipient address on the destination chain.\n address recipient;\n // The corresponding token address on the destination chain.\n address destinationToken;\n // The total relay amount before fees are taken out.\n uint256 amount;\n // Origin chain id.\n uint256 originChainId;\n // Destination chain id.\n uint256 destinationChainId;\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\n // and the HubPool's utilization.\n int64 realizedLpFeePct;\n // The relayer fee percentage specified in the deposit.\n int64 relayerFeePct;\n // The id uniquely identifying this deposit on the origin chain.\n uint32 depositId;\n // Data that is forwarded to the recipient.\n bytes message;\n }\n\n struct SlowFill {\n RelayData relayData;\n int256 payoutAdjustmentPct;\n }\n\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\n // by \"data workers\" via inclusion proofs to execute leaves in the roots.\n struct RootBundle {\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\n bytes32 slowRelayRoot;\n // Merkle root of relayer refunds for successful relays.\n bytes32 relayerRefundRoot;\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\n // 256x(2^248) leaves per root.\n mapping(uint256 => uint256) claimedBitmap;\n }\n\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\n\n function setHubPool(address newHubPool) external;\n\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enable\n ) external;\n\n function pauseDeposits(bool pause) external;\n\n function pauseFills(bool pause) external;\n\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\n\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\n\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\n\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) external;\n\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) external;\n\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) external;\n\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) external;\n\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) external;\n\n function chainId() external view returns (uint256);\n}\n" + }, + "contracts/merkle-distributor/AcrossMerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @title Extended MerkleDistributor contract.\n * @notice Adds additional constraints governing who can claim leaves from merkle windows.\n */\ncontract AcrossMerkleDistributor is MerkleDistributor {\n using SafeERC20 for IERC20;\n\n // Addresses that can claim on user's behalf.\n mapping(address => bool) public whitelistedClaimers;\n\n /****************************************\n * EVENTS\n ****************************************/\n event WhitelistedClaimer(address indexed claimer, bool indexed whitelist);\n event ClaimFor(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Updates whitelisted claimer status.\n * @dev Callable only by owner.\n * @param newContract Reset claimer contract to this address.\n * @param whitelist True to whitelist claimer, False otherwise.\n */\n function whitelistClaimer(address newContract, bool whitelist) external onlyOwner {\n whitelistedClaimers[newContract] = whitelist;\n emit WhitelistedClaimer(newContract, whitelist);\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev All claim recipients must be equal to msg.sender.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public override {\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n require(claims[i].account == msg.sender, \"invalid claimer\");\n }\n super.claimMulti(claims);\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev Claim recipient must be equal to msg.sender.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public override {\n require(_claim.account == msg.sender, \"invalid claimer\");\n super.claim(_claim);\n }\n\n /**\n * @notice Executes merkle leaf claim on behaf of user. This can only be called by a trusted\n * claimer address. This function is designed to be called atomically with other transactions\n * that ultimately return the claimed amount to the rightful recipient. For example,\n * AcceleratingDistributor could call this function and then stake atomically on behalf of the user.\n * @dev Caller must be in whitelistedClaimers struct set to \"true\".\n * @param _claim leaf to claim.\n */\n\n function claimFor(Claim memory _claim) public {\n require(whitelistedClaimers[msg.sender], \"unwhitelisted claimer\");\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(msg.sender, _claim.amount);\n emit ClaimFor(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "contracts/MerkleLib.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./interfaces/HubPoolInterface.sol\";\n\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\n\n/**\n * @notice Library to help with merkle roots, proofs, and claims.\n */\nlibrary MerkleLib {\n /**\n * @notice Verifies that a repayment is contained within a merkle root.\n * @param root the merkle root.\n * @param rebalance the rebalance struct.\n * @param proof the merkle proof.\n * @return bool to signal if the pool rebalance proof correctly shows inclusion of the rebalance within the tree.\n */\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(rebalance)));\n }\n\n /**\n * @notice Verifies that a relayer refund is contained within a merkle root.\n * @param root the merkle root.\n * @param refund the refund struct.\n * @param proof the merkle proof.\n * @return bool to signal if the relayer refund proof correctly shows inclusion of the refund within the tree.\n */\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(refund)));\n }\n\n /**\n * @notice Verifies that a distribution is contained within a merkle root.\n * @param root the merkle root.\n * @param slowRelayFulfillment the relayData fulfillment struct.\n * @param proof the merkle proof.\n * @return bool to signal if the slow relay's proof correctly shows inclusion of the slow relay within the tree.\n */\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowRelayFulfillment,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(slowRelayFulfillment)));\n }\n\n // The following functions are primarily copied from\n // https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol with minor changes.\n\n /**\n * @notice Tests whether a claim is contained within a claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to check in the bitmap.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal view returns (bool) {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n uint256 claimedWord = claimedBitMap[claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to mark in the bitmap.\n */\n function setClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n claimedBitMap[claimedWordIndex] = claimedBitMap[claimedWordIndex] | (1 << claimedBitIndex);\n }\n\n /**\n * @notice Tests whether a claim is contained within a 1D claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 value, encoding a 1D bitmap.\n * @param index the index to check in the bitmap. Uint8 type enforces that index can't be > 255.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (bool) {\n uint256 mask = (1 << index);\n return claimedBitMap & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap. Uint8 type enforces that index\n * can't be > 255.\n * @param index the index to mark in the bitmap.\n * @return uint256 representing the modified input claimedBitMap with the index set to true.\n */\n function setClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (uint256) {\n return claimedBitMap | (1 << index);\n }\n}\n" + }, + "contracts/Ovm_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol\";\nimport \"@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol\";\n\n// https://github.com/Synthetixio/synthetix/blob/5ca27785fad8237fb0710eac01421cafbbd69647/contracts/SynthetixBridgeToBase.sol#L50\ninterface SynthetixBridgeToBase {\n function withdrawTo(address to, uint256 amount) external;\n}\n\n// https://github.com/ethereum-optimism/optimism/blob/bf51c4935261634120f31827c3910aa631f6bf9c/packages/contracts-bedrock/contracts/L2/L2StandardBridge.sol\ninterface IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable;\n}\n\n/**\n * @notice OVM specific SpokePool. Uses OVM cross-domain-enabled logic to implement admin only access to functions. * Optimism and Boba each implement this spoke pool and set their chain specific contract addresses for l2Eth and l2Weth.\n */\ncontract Ovm_SpokePool is SpokePool {\n // \"l1Gas\" parameter used in call to bridge tokens from this contract back to L1 via IL2ERC20Bridge. Currently\n // unused by bridge but included for future compatibility.\n uint32 public l1Gas;\n\n // ETH is an ERC20 on OVM.\n address public l2Eth;\n\n // Address of the Optimism L2 messenger.\n address public messenger;\n\n // Address of custom bridge used to bridge Synthetix-related assets like SNX.\n address private constant SYNTHETIX_BRIDGE = 0x136b1EC699c62b0606854056f02dC7Bb80482d63;\n\n // Address of SNX ERC20\n address private constant SNX = 0x8700dAec35aF8Ff88c16BdF0418774CB3D7599B4;\n\n // Stores alternative token bridges to use for L2 tokens that don't go over the standard bridge. This is needed\n // to support non-standard ERC20 tokens on Optimism, such as DIA and SNX which both use custom bridges.\n mapping(address => address) public tokenBridges;\n\n event OptimismTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged, uint256 l1Gas);\n event SetL1Gas(uint32 indexed newL1Gas);\n event SetL2TokenBridge(address indexed l2Token, address indexed tokenBridge);\n\n /**\n * @notice Construct the OVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n */\n function __OvmSpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _l2Eth,\n address _wrappedNativeToken\n ) public onlyInitializing {\n l1Gas = 5_000_000;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n messenger = Lib_PredeployAddresses.L2_CROSS_DOMAIN_MESSENGER;\n //slither-disable-next-line missing-zero-check\n l2Eth = _l2Eth;\n }\n\n /*******************************************\n * OPTIMISM-SPECIFIC ADMIN FUNCTIONS *\n *******************************************/\n\n /**\n * @notice Change L1 gas limit. Callable only by admin.\n * @param newl1Gas New L1 gas limit to set.\n */\n function setL1GasLimit(uint32 newl1Gas) public onlyAdmin nonReentrant {\n l1Gas = newl1Gas;\n emit SetL1Gas(newl1Gas);\n }\n\n /**\n * @notice Set bridge contract for L2 token used to withdraw back to L1.\n * @dev If this mapping isn't set for an L2 token, then the standard bridge will be used to bridge this token.\n * @param tokenBridge Address of token bridge\n */\n function setTokenBridge(address l2Token, address tokenBridge) public onlyAdmin nonReentrant {\n tokenBridges[l2Token] = tokenBridge;\n emit SetL2TokenBridge(l2Token, tokenBridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. Its not sufficient to execute\n // this logic inside a fallback method that executes when this contract receives ETH because ETH is an ERC20\n // on the OVM.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // If the token being bridged is WETH then we need to first unwrap it to ETH and then send ETH over the\n // canonical bridge. On Optimism, this is address 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n relayerRefundLeaf.l2TokenAddress = l2Eth; // Set the l2TokenAddress to ETH.\n IL2ERC20Bridge(Lib_PredeployAddresses.L2_STANDARD_BRIDGE).withdrawTo{\n value: relayerRefundLeaf.amountToReturn\n }(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n }\n // Handle custom SNX bridge which doesn't conform to the standard bridge interface.\n else if (relayerRefundLeaf.l2TokenAddress == SNX)\n SynthetixBridgeToBase(SYNTHETIX_BRIDGE).withdrawTo(\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn // _amount.\n );\n else\n IL2ERC20Bridge(\n tokenBridges[relayerRefundLeaf.l2TokenAddress] == address(0)\n ? Lib_PredeployAddresses.L2_STANDARD_BRIDGE\n : tokenBridges[relayerRefundLeaf.l2TokenAddress]\n ).withdrawTo(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n\n emit OptimismTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn, l1Gas);\n }\n\n // Apply OVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal view override {\n require(\n LibOptimismUpgradeable.crossChainSender(messenger) == crossDomainAdmin,\n \"OVM_XCHAIN: wrong sender of cross-domain message\"\n );\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./MerkleLib.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./upgradeable/MultiCallerUpgradeable.sol\";\nimport \"./upgradeable/EIP712CrossChainUpgradeable.sol\";\nimport \"./upgradeable/AddressLibUpgradeable.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/math/SignedMath.sol\";\n\n// This interface is expected to be implemented by any contract that expects to recieve messages from the SpokePool.\ninterface AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external;\n}\n\n/**\n * @title SpokePool\n * @notice Base contract deployed on source and destination chains enabling depositors to transfer assets from source to\n * destination. Deposit orders are fulfilled by off-chain relayers who also interact with this contract. Deposited\n * tokens are locked on the source chain and relayers send the recipient the desired token currency and amount\n * on the destination chain. Locked source chain tokens are later sent over the canonical token bridge to L1 HubPool.\n * Relayers are refunded with destination tokens out of this contract after another off-chain actor, a \"data worker\",\n * submits a proof that the relayer correctly submitted a relay on this SpokePool.\n */\nabstract contract SpokePool is\n SpokePoolInterface,\n UUPSUpgradeable,\n ReentrancyGuardUpgradeable,\n MultiCallerUpgradeable,\n EIP712CrossChainUpgradeable\n{\n using SafeERC20Upgradeable for IERC20Upgradeable;\n using AddressLibUpgradeable for address;\n\n // Address of the L1 contract that acts as the owner of this SpokePool. This should normally be set to the HubPool\n // address. The crossDomainAdmin address is unused when the SpokePool is deployed to the same chain as the HubPool.\n address public crossDomainAdmin;\n\n // Address of the L1 contract that will send tokens to and receive tokens from this contract to fund relayer\n // refunds and slow relays.\n address public hubPool;\n\n // Address of wrappedNativeToken contract for this network. If an origin token matches this, then the caller can\n // optionally instruct this contract to wrap native tokens when depositing (ie ETH->WETH or MATIC->WMATIC).\n WETH9Interface public wrappedNativeToken;\n\n // Any deposit quote times greater than or less than this value to the current contract time is blocked. Forces\n // caller to use an approximately \"current\" realized fee. Defaults to 1 hour.\n uint32 public depositQuoteTimeBuffer;\n\n // Count of deposits is used to construct a unique deposit identifier for this spoke pool.\n uint32 public numberOfDeposits;\n\n // Whether deposits and fills are disabled.\n bool public pausedFills;\n bool public pausedDeposits;\n\n // This contract can store as many root bundles as the HubPool chooses to publish here.\n RootBundle[] public rootBundles;\n\n // Origin token to destination token routings can be turned on or off, which can enable or disable deposits.\n mapping(address => mapping(uint256 => bool)) public enabledDepositRoutes;\n\n // Each relay is associated with the hash of parameters that uniquely identify the original deposit and a relay\n // attempt for that deposit. The relay itself is just represented as the amount filled so far. The total amount to\n // relay, the fees, and the agents are all parameters included in the hash key.\n mapping(bytes32 => uint256) public relayFills;\n\n // This keeps track of the worst-case liabilities due to fills.\n // It is never reset. Users should only rely on it to determine the worst-case increase in liabilities between\n // two points. This is used to provide frontrunning protection to ensure the relayer's assumptions about the state\n // upon which their expected repayments are based will not change before their transaction is mined.\n mapping(address => uint256) public fillCounter;\n\n // This keeps track of the total running deposits for each token. This allows depositors to protect themselves from\n // frontrunning that might change their worst-case quote.\n mapping(address => uint256) public depositCounter;\n\n // This tracks the number of identical refunds that have been requested.\n // The intention is to allow an off-chain system to know when this could be a duplicate and ensure that the other\n // requests are known and accounted for.\n mapping(bytes32 => uint256) public refundsRequested;\n\n uint256 public constant MAX_TRANSFER_SIZE = 1e36;\n\n // Note: this needs to be larger than the max transfer size to ensure that all slow fills are fillable, even if\n // their fees are negative.\n // It's important that it isn't too large, however, as it should be multipliable by ~2e18 without overflowing.\n // 1e40 * 2e18 = 2e58 << 2^255 ~= 5e76\n uint256 public constant SLOW_FILL_MAX_TOKENS_TO_SEND = 1e40;\n\n // Set max payout adjustment to something\n\n bytes32 public constant UPDATE_DEPOSIT_DETAILS_HASH =\n keccak256(\n \"UpdateDepositDetails(uint32 depositId,uint256 originChainId,int64 updatedRelayerFeePct,address updatedRecipient,bytes updatedMessage)\"\n );\n\n /****************************************\n * EVENTS *\n ****************************************/\n event SetXDomainAdmin(address indexed newAdmin);\n event SetHubPool(address indexed newHubPool);\n event EnabledDepositRoute(address indexed originToken, uint256 indexed destinationChainId, bool enabled);\n event SetDepositQuoteTimeBuffer(uint32 newBuffer);\n event FundsDeposited(\n uint256 amount,\n uint256 originChainId,\n uint256 indexed destinationChainId,\n int64 relayerFeePct,\n uint32 indexed depositId,\n uint32 quoteTimestamp,\n address originToken,\n address recipient,\n address indexed depositor,\n bytes message\n );\n event RequestedSpeedUpDeposit(\n int64 newRelayerFeePct,\n uint32 indexed depositId,\n address indexed depositor,\n address updatedRecipient,\n bytes updatedMessage,\n bytes depositorSignature\n );\n event FilledRelay(\n uint256 amount,\n uint256 totalFilledAmount,\n uint256 fillAmount,\n uint256 repaymentChainId,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 relayerFeePct,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n address destinationToken,\n address relayer,\n address indexed depositor,\n address recipient,\n bytes message,\n RelayExecutionInfo updatableRelayData\n );\n event RefundRequested(\n address indexed relayer,\n address refundToken,\n uint256 amount,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n uint256 fillBlock,\n uint256 previousIdenticalRequests\n );\n event RelayedRootBundle(\n uint32 indexed rootBundleId,\n bytes32 indexed relayerRefundRoot,\n bytes32 indexed slowRelayRoot\n );\n event ExecutedRelayerRefundRoot(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint256[] refundAmounts,\n uint32 indexed rootBundleId,\n uint32 indexed leafId,\n address l2TokenAddress,\n address[] refundAddresses,\n address caller\n );\n event TokensBridged(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint32 indexed leafId,\n address indexed l2TokenAddress,\n address caller\n );\n event EmergencyDeleteRootBundle(uint256 indexed rootBundleId);\n event PausedDeposits(bool isPaused);\n event PausedFills(bool isPaused);\n\n /**\n * @notice Represents data used to fill a deposit.\n * @param relay Relay containing original data linked to deposit. Contains fields that can be\n * overridden by other parameters in the RelayExecution struct.\n * @param relayHash Hash of the relay data.\n * @param updatedRelayerFeePct Actual relayer fee pct to use for this relay.\n * @param updatedRecipient Actual recipient to use for this relay.\n * @param updatedMessage Actual message to use for this relay.\n * @param repaymentChainId Chain ID of the network that the relayer will receive refunds on.\n * @param maxTokensToSend Max number of tokens to pull from relayer.\n * @param maxCount Max count to protect the relayer from frontrunning.\n * @param slowFill Whether this is a slow fill.\n * @param payoutAdjustmentPct Adjustment to the payout amount. Can be used to increase or decrease the payout to\n * allow for rewards or penalties. Used in slow fills.\n */\n struct RelayExecution {\n RelayData relay;\n bytes32 relayHash;\n int64 updatedRelayerFeePct;\n address updatedRecipient;\n bytes updatedMessage;\n uint256 repaymentChainId;\n uint256 maxTokensToSend;\n uint256 maxCount;\n bool slowFill;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * @notice Packs together information to include in FilledRelay event.\n * @dev This struct is emitted as opposed to its constituent parameters due to the limit on number of\n * parameters in an event.\n * @param recipient Recipient of the relayed funds.\n * @param message Message included in the relay.\n * @param relayerFeePct Relayer fee pct used for this relay.\n * @param isSlowRelay Whether this is a slow relay.\n * @param payoutAdjustmentPct Adjustment to the payout amount.\n */\n struct RelayExecutionInfo {\n address recipient;\n bytes message;\n int64 relayerFeePct;\n bool isSlowRelay;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * Do not leave an implementation contract uninitialized. An uninitialized implementation contract can be\n * taken over by an attacker, which may impact the proxy. To prevent the implementation contract from being\n * used, you should invoke the _disableInitializers function in the constructor to automatically lock it when\n * it is deployed:\n */\n /// @custom:oz-upgrades-unsafe-allow constructor\n constructor() {\n _disableInitializers();\n }\n\n /**\n * @notice Construct the base SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeTokenAddress wrappedNativeToken address for this network to set.\n */\n function __SpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeTokenAddress\n ) public onlyInitializing {\n numberOfDeposits = _initialDepositId;\n __EIP712_init(\"ACROSS-V2\", \"1.0.0\");\n __UUPSUpgradeable_init();\n __ReentrancyGuard_init();\n depositQuoteTimeBuffer = 3600;\n _setCrossDomainAdmin(_crossDomainAdmin);\n _setHubPool(_hubPool);\n wrappedNativeToken = WETH9Interface(_wrappedNativeTokenAddress);\n }\n\n /****************************************\n * MODIFIERS *\n ****************************************/\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n * @dev This should be set to cross domain admin for specific SpokePool.\n */\n modifier onlyAdmin() {\n _requireAdminSender();\n _;\n }\n\n modifier unpausedDeposits() {\n require(!pausedDeposits, \"Paused deposits\");\n _;\n }\n\n modifier unpausedFills() {\n require(!pausedFills, \"Paused fills\");\n _;\n }\n\n /**************************************\n * ADMIN FUNCTIONS *\n **************************************/\n\n // Allows cross domain admin to upgrade UUPS proxy implementation.\n function _authorizeUpgrade(address newImplementation) internal override onlyAdmin {}\n\n /**\n * @notice Pauses deposit-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects `deposit()` but not `speedUpDeposit()`, so that existing deposits can be sped up and still\n * relayed.\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseDeposits(bool pause) public override onlyAdmin nonReentrant {\n pausedDeposits = pause;\n emit PausedDeposits(pause);\n }\n\n /**\n * @notice Pauses fill-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects fillRelayWithUpdatedDeposit() and fillRelay().\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseFills(bool pause) public override onlyAdmin nonReentrant {\n pausedFills = pause;\n emit PausedFills(pause);\n }\n\n /**\n * @notice Change cross domain admin address. Callable by admin only.\n * @param newCrossDomainAdmin New cross domain admin.\n */\n function setCrossDomainAdmin(address newCrossDomainAdmin) public override onlyAdmin nonReentrant {\n _setCrossDomainAdmin(newCrossDomainAdmin);\n }\n\n /**\n * @notice Change L1 hub pool address. Callable by admin only.\n * @param newHubPool New hub pool.\n */\n function setHubPool(address newHubPool) public override onlyAdmin nonReentrant {\n _setHubPool(newHubPool);\n }\n\n /**\n * @notice Enable/Disable an origin token => destination chain ID route for deposits. Callable by admin only.\n * @param originToken Token that depositor can deposit to this contract.\n * @param destinationChainId Chain ID for where depositor wants to receive funds.\n * @param enabled True to enable deposits, False otherwise.\n */\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enabled\n ) public override onlyAdmin nonReentrant {\n enabledDepositRoutes[originToken][destinationChainId] = enabled;\n emit EnabledDepositRoute(originToken, destinationChainId, enabled);\n }\n\n /**\n * @notice Change allowance for deposit quote time to differ from current block time. Callable by admin only.\n * @param newDepositQuoteTimeBuffer New quote time buffer.\n */\n function setDepositQuoteTimeBuffer(uint32 newDepositQuoteTimeBuffer) public override onlyAdmin nonReentrant {\n depositQuoteTimeBuffer = newDepositQuoteTimeBuffer;\n emit SetDepositQuoteTimeBuffer(newDepositQuoteTimeBuffer);\n }\n\n /**\n * @notice This method stores a new root bundle in this contract that can be executed to refund relayers, fulfill\n * slow relays, and send funds back to the HubPool on L1. This method can only be called by the admin and is\n * designed to be called as part of a cross-chain message from the HubPool's executeRootBundle method.\n * @param relayerRefundRoot Merkle root containing relayer refund leaves that can be individually executed via\n * executeRelayerRefundLeaf().\n * @param slowRelayRoot Merkle root containing slow relay fulfillment leaves that can be individually executed via\n * executeSlowRelayLeaf().\n */\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) public override onlyAdmin nonReentrant {\n uint32 rootBundleId = uint32(rootBundles.length);\n RootBundle storage rootBundle = rootBundles.push();\n rootBundle.relayerRefundRoot = relayerRefundRoot;\n rootBundle.slowRelayRoot = slowRelayRoot;\n emit RelayedRootBundle(rootBundleId, relayerRefundRoot, slowRelayRoot);\n }\n\n /**\n * @notice This method is intended to only be used in emergencies where a bad root bundle has reached the\n * SpokePool.\n * @param rootBundleId Index of the root bundle that needs to be deleted. Note: this is intentionally a uint256\n * to ensure that a small input range doesn't limit which indices this method is able to reach.\n */\n function emergencyDeleteRootBundle(uint256 rootBundleId) public override onlyAdmin nonReentrant {\n // Deleting a struct containing a mapping does not delete the mapping in Solidity, therefore the bitmap's\n // data will still remain potentially leading to vulnerabilities down the line. The way around this would\n // be to iterate through every key in the mapping and resetting the value to 0, but this seems expensive and\n // would require a new list in storage to keep track of keys.\n //slither-disable-next-line mapping-deletion\n delete rootBundles[rootBundleId];\n emit EmergencyDeleteRootBundle(rootBundleId);\n }\n\n /**************************************\n * DEPOSITOR FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by user to bridge funds from origin to destination chain. Depositor will effectively lock\n * tokens in this contract and receive a destination token on the destination chain. The origin => destination\n * token mapping is stored on the L1 HubPool.\n * @notice The caller must first approve this contract to spend amount of originToken.\n * @notice The originToken => destinationChainId must be enabled.\n * @notice This method is payable because the caller is able to deposit native token if the originToken is\n * wrappedNativeToken and this function will handle wrapping the native token to wrappedNativeToken.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) public payable override nonReentrant unpausedDeposits {\n // Check that deposit route is enabled.\n require(enabledDepositRoutes[originToken][destinationChainId], \"Disabled route\");\n\n // We limit the relay fees to prevent the user spending all their funds on fees.\n require(SignedMath.abs(relayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n require(depositCounter[originToken] <= maxCount, \"Above max count\");\n\n // Require that quoteTimestamp has a maximum age so that depositors pay an LP fee based on recent HubPool usage.\n // It is assumed that cross-chain timestamps are normally loosely in-sync, but clock drift can occur. If the\n // SpokePool time stalls or lags significantly, it is still possible to make deposits by setting quoteTimestamp\n // within the configured buffer. The owner should pause deposits if this is undesirable. This will underflow if\n // quoteTimestamp is more than depositQuoteTimeBuffer; this is safe but will throw an unintuitive error.\n\n // slither-disable-next-line timestamp\n require(getCurrentTime() - quoteTimestamp <= depositQuoteTimeBuffer, \"invalid quoteTimestamp\");\n\n // Increment count of deposits so that deposit ID for this spoke pool is unique.\n uint32 newDepositId = numberOfDeposits++;\n depositCounter[originToken] += amount;\n\n // If the address of the origin token is a wrappedNativeToken contract and there is a msg.value with the\n // transaction then the user is sending ETH. In this case, the ETH should be deposited to wrappedNativeToken.\n if (originToken == address(wrappedNativeToken) && msg.value > 0) {\n require(msg.value == amount, \"msg.value must match amount\");\n wrappedNativeToken.deposit{ value: msg.value }();\n // Else, it is a normal ERC20. In this case pull the token from the user's wallet as per normal.\n // Note: this includes the case where the L2 user has WETH (already wrapped ETH) and wants to bridge them.\n // In this case the msg.value will be set to 0, indicating a \"normal\" ERC20 bridging action.\n } else IERC20Upgradeable(originToken).safeTransferFrom(msg.sender, address(this), amount);\n\n emit FundsDeposited(\n amount,\n chainId(),\n destinationChainId,\n relayerFeePct,\n newDepositId,\n quoteTimestamp,\n originToken,\n recipient,\n msg.sender,\n message\n );\n }\n\n /**\n * @notice This is a simple wrapper for deposit() that sets the quoteTimestamp to the current SpokePool timestamp.\n * @notice This function is intended for multisig depositors who can accept some LP fee uncertainty in order to lift\n * the quoteTimestamp buffer constraint.\n * @dev Re-orgs may produce invalid fills if the quoteTimestamp moves across a change in HubPool utilisation.\n * @dev The existing function modifiers are already enforced by deposit(), so no additional modifiers are imposed.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) public payable {\n deposit(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n uint32(getCurrentTime()),\n message,\n maxCount\n );\n }\n\n /**\n * @notice Convenience method that depositor can use to signal to relayer to use updated fee.\n * @notice Relayer should only use events emitted by this function to submit fills with updated fees, otherwise they\n * risk their fills getting disputed for being invalid, for example if the depositor never actually signed the\n * update fee message.\n * @notice This function will revert if the depositor did not sign a message containing the updated fee for the\n * deposit ID stored in this contract. If the deposit ID is for another contract, or the depositor address is\n * incorrect, or the updated fee is incorrect, then the signature will not match and this function will revert.\n * @notice This function is not subject to a deposit pause on the off chance that deposits sent before all deposits\n * are paused have very low fees and the user wants to entice a relayer to fill them with a higher fee.\n * @param depositor Signer of the update fee message who originally submitted the deposit. If the deposit doesn't\n * exist, then the relayer will not be able to fill any relay, so the caller should validate that the depositor\n * did in fact submit a relay.\n * @param updatedRelayerFeePct New relayer fee that relayers can use.\n * @param depositId Deposit to update fee for that originated in this contract.\n * @param updatedRecipient New recipient address that should receive the tokens.\n * @param updatedMessage New message that should be provided to the recipient.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n */\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) public override nonReentrant {\n require(SignedMath.abs(updatedRelayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n chainId(),\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n\n // Assuming the above checks passed, a relayer can take the signature and the updated relayer fee information\n // from the following event to submit a fill with an updated fee %.\n emit RequestedSpeedUpDeposit(\n updatedRelayerFeePct,\n depositId,\n depositor,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n }\n\n /**************************************\n * RELAYER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by relayer to fulfill part of a deposit by sending destination tokens to the recipient.\n * Relayer is expected to pass in unique identifying information for deposit that they want to fulfill, and this\n * relay submission will be validated by off-chain data workers who can dispute this relay if any part is invalid.\n * If the relay is valid, then the relayer will be refunded on their desired repayment chain. If relay is invalid,\n * then relayer will not receive any refund.\n * @notice All of the deposit data can be found via on-chain events from the origin SpokePool, except for the\n * realizedLpFeePct which is a function of the HubPool's utilization at the deposit quote time. This fee %\n * is deterministic based on the quote time, so the relayer should just compute it using the canonical algorithm\n * as described in a UMIP linked to the HubPool's identifier.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Fee % to keep as relayer, specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Message to send to recipient along with tokens.\n * @param maxCount Max count to protect the relayer from frontrunning.\n */\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) public nonReentrant unpausedFills {\n // Each relay attempt is mapped to the hash of data uniquely identifying it, which includes the deposit data\n // such as the origin chain ID and the deposit ID, and the data in a relay attempt such as who the recipient\n // is, which chain and currency the recipient wants to receive funds on, and the relay fees.\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: relayerFeePct,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Called by relayer to execute same logic as calling fillRelay except that relayer is using an updated\n * relayer fee %. The fee % must have been emitted in a message cryptographically signed by the depositor.\n * @notice By design, the depositor probably emitted the message with the updated fee by calling speedUpDeposit().\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param updatedRelayerFeePct New fee % to keep as relayer also specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Original message that was sent along with this deposit.\n * @param updatedMessage Modified message that the depositor signed when updating parameters.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n * @param maxCount Max fill count to protect the relayer from frontrunning.\n */\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) public override nonReentrant unpausedFills {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: updatedRelayerFeePct,\n updatedRecipient: updatedRecipient,\n updatedMessage: updatedMessage,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Caller signals to the system that they want a refund on this chain, which they set as the\n * `repaymentChainId` on the original fillRelay() call on the `destinationChainId`. An observer should be\n * be able to 1-to-1 match the emitted RefundRequested event with the FilledRelay event on the `destinationChainId`.\n * @dev This function could be used to artificially inflate the `fillCounter`, allowing the caller to \"frontrun\"\n * and cancel pending fills in the mempool. This would in the worst case censor fills at the cost of the caller's\n * gas costs. We don't view this as a major issue as the fill can be resubmitted and obtain the same incentive,\n * since incentives are based on validated refunds and would ignore these censoring attempts. This is no\n * different from calling `fillRelay` and setting msg.sender = recipient.\n * @dev Caller needs to pass in `fillBlock` that the FilledRelay event was emitted on the `destinationChainId`.\n * This is to make it hard to request a refund before a fill has been mined and to make lookups of the original\n * fill as simple as possible.\n * @param refundToken This chain's token equivalent for original fill destination token.\n * @param amount Original deposit amount.\n * @param originChainId Original origin chain ID.\n * @param destinationChainId Original destination chain ID.\n * @param realizedLpFeePct Original realized LP fee %.\n * @param depositId Original deposit ID.\n * @param maxCount Max count to protect the refund recipient from frontrunning.\n */\n function requestRefund(\n address refundToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 depositId,\n uint256 fillBlock,\n uint256 maxCount\n ) external nonReentrant {\n // Prevent unrealistic amounts from increasing fill counter too high.\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[refundToken] <= maxCount, \"Above max count\");\n\n // Track duplicate refund requests.\n bytes32 refundHash = keccak256(\n abi.encode(\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock\n )\n );\n\n // Track duplicate requests so that an offchain actor knows if an identical request has already been made.\n // If so, it can check to ensure that that request was thrown out as invalid before honoring the duplicate.\n // In particular, this is meant to handle odd cases where an initial request is invalidated based on\n // timing, but can be validated by a later, identical request.\n uint256 previousIdenticalRequests = refundsRequested[refundHash]++;\n\n // Refund will take tokens out of this pool, increment the fill counter. This function should only be\n // called if a relayer from destinationChainId wants to take a refund on this chain, a different chain.\n // This type of repayment should only be possible for full fills, so the starting fill amount should\n // always be 0. Also, just like in _fillRelay we should revert if the first fill pre fees rounds to 0,\n // and in this case `amount` == `fillAmountPreFees`.\n require(amount > 0, \"Amount must be > 0\");\n _updateCountFromFill(\n 0,\n true, // The refund is being requested here, so it is local.\n amount,\n realizedLpFeePct,\n refundToken,\n false // Slow fills should never match with a Refund. This should be enforced by off-chain bundle builders.\n );\n\n emit RefundRequested(\n // Set caller as relayer. If caller is not relayer from destination chain that originally sent\n // fill, then off-chain validator should discard this refund attempt.\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock,\n previousIdenticalRequests\n );\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Executes a slow relay leaf stored as part of a root bundle. Will send the full amount remaining in the\n * relay to the recipient, less fees.\n * @dev This function assumes that the relay's destination chain ID is the current chain ID, which prevents\n * the caller from executing a slow relay intended for another chain on this chain.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param rootBundleId Unique ID of root bundle containing slow relay root that this leaf is contained in.\n * @param message Message to send to the recipient if the recipient is a contract.\n * @param payoutAdjustment Adjustment to the payout amount. Can be used to increase or decrease the payout to allow\n * for rewards or penalties.\n * @param proof Inclusion proof for this leaf in slow relay root in root bundle.\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n amount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Executes a relayer refund leaf stored as part of a root bundle. Will send the relayer the amount they\n * sent to the recipient plus a relayer fee.\n * @param rootBundleId Unique ID of root bundle containing relayer refund root that this leaf is contained in.\n * @param relayerRefundLeaf Contains all data necessary to reconstruct leaf contained in root bundle and to\n * refund relayer. This data structure is explained in detail in the SpokePoolInterface.\n * @param proof Inclusion proof for this leaf in relayer refund root in root bundle.\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * VIEW FUNCTIONS *\n **************************************/\n\n /**\n * @notice Returns chain ID for this network.\n * @dev Some L2s like ZKSync don't support the CHAIN_ID opcode so we allow the implementer to override this.\n */\n function chainId() public view virtual override returns (uint256) {\n return block.chainid;\n }\n\n /**\n * @notice Gets the current time.\n * @return uint for the current timestamp.\n */\n function getCurrentTime() public view virtual returns (uint256) {\n return block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Verifies inclusion proof of leaf in root, sends relayer their refund, and sends to HubPool any rebalance\n // transfers.\n function _executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) internal {\n // Check integrity of leaf structure:\n require(relayerRefundLeaf.chainId == chainId(), \"Invalid chainId\");\n require(relayerRefundLeaf.refundAddresses.length == relayerRefundLeaf.refundAmounts.length, \"invalid leaf\");\n\n RootBundle storage rootBundle = rootBundles[rootBundleId];\n\n // Check that inclusionProof proves that relayerRefundLeaf is contained within the relayer refund root.\n // Note: This should revert if the relayerRefundRoot is uninitialized.\n require(MerkleLib.verifyRelayerRefund(rootBundle.relayerRefundRoot, relayerRefundLeaf, proof), \"Bad Proof\");\n\n // Verify the leafId in the leaf has not yet been claimed.\n require(!MerkleLib.isClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId), \"Already claimed\");\n\n // Set leaf as claimed in bitmap. This is passed by reference to the storage rootBundle.\n MerkleLib.setClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId);\n\n // Send each relayer refund address the associated refundAmount for the L2 token address.\n // Note: Even if the L2 token is not enabled on this spoke pool, we should still refund relayers.\n uint256 length = relayerRefundLeaf.refundAmounts.length;\n for (uint256 i = 0; i < length; ) {\n uint256 amount = relayerRefundLeaf.refundAmounts[i];\n if (amount > 0)\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(\n relayerRefundLeaf.refundAddresses[i],\n amount\n );\n\n // OK because we assume refund array length won't be > types(uint256).max.\n // Based on the stress test results in /test/gas-analytics/SpokePool.RelayerRefundLeaf.ts, the UMIP should\n // limit the refund count in valid proposals to be ~800 so any RelayerRefundLeaves with > 800 refunds should\n // not make it to this stage.\n\n unchecked {\n ++i;\n }\n }\n\n // If leaf's amountToReturn is positive, then send L2 --> L1 message to bridge tokens back via\n // chain-specific bridging method.\n if (relayerRefundLeaf.amountToReturn > 0) {\n _bridgeTokensToHubPool(relayerRefundLeaf);\n\n emit TokensBridged(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n msg.sender\n );\n }\n\n emit ExecutedRelayerRefundRoot(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.refundAmounts,\n rootBundleId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n relayerRefundLeaf.refundAddresses,\n msg.sender\n );\n }\n\n // Verifies inclusion proof of leaf in root and sends recipient remainder of relay. Marks relay as filled.\n function _executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustmentPct,\n bytes32[] memory proof\n ) internal {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: destinationChainId,\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: 0,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: 0,\n maxTokensToSend: SLOW_FILL_MAX_TOKENS_TO_SEND,\n slowFill: true,\n payoutAdjustmentPct: payoutAdjustmentPct,\n maxCount: type(uint256).max\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifySlowFill(relayExecution, rootBundleId, proof);\n\n // Note: use relayAmount as the max amount to send, so the relay is always completely filled by the contract's\n // funds in all cases. As this is a slow relay we set the relayerFeePct to 0. This effectively refunds the\n // relayer component of the relayerFee thereby only charging the depositor the LpFee.\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n\n // Note: Set repayment chain ID to 0 to indicate that there is no repayment to be made. The off-chain data\n // worker can use repaymentChainId=0 as a signal to ignore such relays for refunds. Also, set the relayerFeePct\n // to 0 as slow relays do not pay the caller of this method (depositor is refunded this fee).\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n function _setCrossDomainAdmin(address newCrossDomainAdmin) internal {\n require(newCrossDomainAdmin != address(0), \"Bad bridge router address\");\n crossDomainAdmin = newCrossDomainAdmin;\n emit SetXDomainAdmin(newCrossDomainAdmin);\n }\n\n function _setHubPool(address newHubPool) internal {\n require(newHubPool != address(0), \"Bad hub pool address\");\n hubPool = newHubPool;\n emit SetHubPool(newHubPool);\n }\n\n // Should be overriden by implementing contract depending on how L2 handles sending tokens to L1.\n function _bridgeTokensToHubPool(SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf) internal virtual;\n\n function _verifyUpdateDepositMessage(\n address depositor,\n uint32 depositId,\n uint256 originChainId,\n int64 updatedRelayerFeePct,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) internal view {\n // A depositor can request to modify an un-relayed deposit by signing a hash containing the updated\n // details and information uniquely identifying the deposit to relay. This information ensures\n // that this signature cannot be re-used for other deposits.\n // Note: We use the EIP-712 (https://eips.ethereum.org/EIPS/eip-712) standard for hashing and signing typed data.\n // Specifically, we use the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n // `eth_signedTypedDataV4` in MetaMask (https://docs.metamask.io/guide/signing-data.html).\n bytes32 expectedTypedDataV4Hash = _hashTypedDataV4(\n // EIP-712 compliant hash struct: https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct\n keccak256(\n abi.encode(\n UPDATE_DEPOSIT_DETAILS_HASH,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n keccak256(updatedMessage)\n )\n ),\n // By passing in the origin chain id, we enable the verification of the signature on a different chain\n originChainId\n );\n _verifyDepositorSignature(depositor, expectedTypedDataV4Hash, depositorSignature);\n }\n\n // This function is isolated and made virtual to allow different L2's to implement chain specific recovery of\n // signers from signatures because some L2s might not support ecrecover. To be safe, consider always reverting\n // this function for L2s where ecrecover is different from how it works on Ethereum, otherwise there is the\n // potential to forge a signature from the depositor using a different private key than the original depositor's.\n function _verifyDepositorSignature(\n address depositor,\n bytes32 ethSignedMessageHash,\n bytes memory depositorSignature\n ) internal view virtual {\n // Note:\n // - We don't need to worry about reentrancy from a contract deployed at the depositor address since the method\n // `SignatureChecker.isValidSignatureNow` is a view method. Re-entrancy can happen, but it cannot affect state.\n // - EIP-1271 signatures are supported. This means that a signature valid now, may not be valid later and vice-versa.\n // - For an EIP-1271 signature to work, the depositor contract address must map to a deployed contract on the destination\n // chain that can validate the signature.\n // - Regular signatures from an EOA are also supported.\n bool isValid = SignatureChecker.isValidSignatureNow(depositor, ethSignedMessageHash, depositorSignature);\n require(isValid, \"invalid signature\");\n }\n\n function _verifySlowFill(\n RelayExecution memory relayExecution,\n uint32 rootBundleId,\n bytes32[] memory proof\n ) internal view {\n SlowFill memory slowFill = SlowFill({\n relayData: relayExecution.relay,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n require(\n MerkleLib.verifySlowRelayFulfillment(rootBundles[rootBundleId].slowRelayRoot, slowFill, proof),\n \"Invalid slow relay proof\"\n );\n }\n\n function _computeAmountPreFees(uint256 amount, int64 feesPct) private pure returns (uint256) {\n return (1e18 * amount) / uint256((int256(1e18) - feesPct));\n }\n\n function _computeAmountPostFees(uint256 amount, int256 feesPct) private pure returns (uint256) {\n return (amount * uint256(int256(1e18) - feesPct)) / 1e18;\n }\n\n function _getRelayHash(SpokePoolInterface.RelayData memory relayData) private pure returns (bytes32) {\n return keccak256(abi.encode(relayData));\n }\n\n // Unwraps ETH and does a transfer to a recipient address. If the recipient is a smart contract then sends wrappedNativeToken.\n function _unwrapwrappedNativeTokenTo(address payable to, uint256 amount) internal {\n if (address(to).isContract()) {\n IERC20Upgradeable(address(wrappedNativeToken)).safeTransfer(to, amount);\n } else {\n wrappedNativeToken.withdraw(amount);\n AddressLibUpgradeable.sendValue(to, amount);\n }\n }\n\n /**\n * @notice Caller specifies the max amount of tokens to send to user. Based on this amount and the amount of the\n * relay remaining (as stored in the relayFills mapping), pull the amount of tokens from the caller\n * and send to the recipient.\n * @dev relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n * numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n * fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n * @dev Caller must approve this contract to transfer up to maxTokensToSend of the relayData.destinationToken.\n * The amount to be sent might end up less if there is insufficient relay amount remaining to be sent.\n */\n function _fillRelay(RelayExecution memory relayExecution) internal returns (uint256 fillAmountPreFees) {\n RelayData memory relayData = relayExecution.relay;\n // We limit the relay fees to prevent the user spending all their funds on fees. Note that 0.5e18 (i.e. 50%)\n // fees are just magic numbers. The important point is to prevent the total fee from being 100%, otherwise\n // computing the amount pre fees runs into divide-by-0 issues.\n require(\n SignedMath.abs(relayExecution.updatedRelayerFeePct) < 0.5e18 &&\n SignedMath.abs(relayData.realizedLpFeePct) < 0.5e18,\n \"invalid fees\"\n );\n\n require(relayData.amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // Check that the relay has not already been completely filled. Note that the relays mapping will point to\n // the amount filled so far for a particular relayHash, so this will start at 0 and increment with each fill.\n require(relayFills[relayExecution.relayHash] < relayData.amount, \"relay filled\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[relayData.destinationToken] <= relayExecution.maxCount, \"Above max count\");\n\n // Derive the amount of the relay filled if the caller wants to send exactly maxTokensToSend tokens to\n // the recipient. For example, if the user wants to send 10 tokens to the recipient, the full relay amount\n // is 100, and the fee %'s total 5%, then this computation would return ~10.5, meaning that to fill 10.5/100\n // of the full relay size, the caller would need to send 10 tokens to the user.\n // This is equivalent to the amount to be sent by the relayer before fees have been taken out.\n fillAmountPreFees = _computeAmountPreFees(\n relayExecution.maxTokensToSend,\n (relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct)\n );\n // If fill amount minus fees, which is possible with small fill amounts and negative fees, then\n // revert.\n require(fillAmountPreFees > 0, \"fill amount pre fees is 0\");\n\n // If user's specified max amount to send is greater than the amount of the relay remaining pre-fees,\n // we'll pull exactly enough tokens to complete the relay.\n uint256 amountRemainingInRelay = relayData.amount - relayFills[relayExecution.relayHash];\n if (amountRemainingInRelay < fillAmountPreFees) {\n fillAmountPreFees = amountRemainingInRelay;\n }\n\n // Apply post-fees computation to amount that relayer will send to user. Rounding errors are possible\n // when computing fillAmountPreFees and then amountToSend, and we just want to enforce that\n // the error added to amountToSend is consistently applied to partial and full fills.\n uint256 amountToSend = _computeAmountPostFees(\n fillAmountPreFees,\n relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct\n );\n\n // This can only happen in a slow fill, where the contract is funding the relay.\n if (relayExecution.payoutAdjustmentPct != 0) {\n // If payoutAdjustmentPct is positive, then the recipient will receive more than the amount they\n // were originally expecting. If it is negative, then the recipient will receive less.\n // -1e18 is -100%. Because we cannot pay out negative values, that is the minimum.\n require(relayExecution.payoutAdjustmentPct >= -1e18, \"payoutAdjustmentPct too small\");\n\n // Allow the payout adjustment to go up to 1000% (i.e. 11x).\n // This is a sanity check to ensure the payouts do not grow too large via some sort of issue in bundle\n // construction.\n require(relayExecution.payoutAdjustmentPct <= 100e18, \"payoutAdjustmentPct too large\");\n\n // Note: since _computeAmountPostFees is typically intended for fees, the signage must be reversed.\n amountToSend = _computeAmountPostFees(amountToSend, -relayExecution.payoutAdjustmentPct);\n\n // Note: this error should never happen, since the maxTokensToSend is expected to be set much higher than\n // the amount, but it is here as a sanity check.\n require(amountToSend <= relayExecution.maxTokensToSend, \"Somehow hit maxTokensToSend!\");\n }\n\n // Since the first partial fill is used to update the fill counter for the entire refund amount, we don't have\n // a simple way to handle the case where follow-up partial fills take repayment on different chains. We'd\n // need a way to decrement the fill counter in this case (or increase deposit counter) to ensure that users\n // have adequate frontrunning protections.\n // Instead of adding complexity, we require that all partial fills set repayment chain equal to destination chain.\n // Note: .slowFill is checked because slow fills set repaymentChainId to 0.\n bool localRepayment = relayExecution.repaymentChainId == relayExecution.relay.destinationChainId;\n require(\n localRepayment || relayExecution.relay.amount == fillAmountPreFees || relayExecution.slowFill,\n \"invalid repayment chain\"\n );\n\n // Update fill counter.\n _updateCountFromFill(\n relayFills[relayExecution.relayHash],\n localRepayment,\n relayData.amount,\n relayData.realizedLpFeePct,\n relayData.destinationToken,\n relayExecution.slowFill\n );\n\n // relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n // numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n // fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n relayFills[relayExecution.relayHash] += fillAmountPreFees;\n\n // If relayer and receiver are the same address, there is no need to do any transfer, as it would result in no\n // net movement of funds.\n // Note: this is important because it means that relayers can intentionally self-relay in a capital efficient\n // way (no need to have funds on the destination).\n // If this is a slow fill, we can't exit early since we still need to send funds out of this contract\n // since there is no \"relayer\".\n if (msg.sender == relayExecution.updatedRecipient && !relayExecution.slowFill) return fillAmountPreFees;\n\n // If relay token is wrappedNativeToken then unwrap and send native token.\n if (relayData.destinationToken == address(wrappedNativeToken)) {\n // Note: useContractFunds is True if we want to send funds to the recipient directly out of this contract,\n // otherwise we expect the caller to send funds to the recipient. If useContractFunds is True and the\n // recipient wants wrappedNativeToken, then we can assume that wrappedNativeToken is already in the\n // contract, otherwise we'll need the user to send wrappedNativeToken to this contract. Regardless, we'll\n // need to unwrap it to native token before sending to the user.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(msg.sender, address(this), amountToSend);\n _unwrapwrappedNativeTokenTo(payable(relayExecution.updatedRecipient), amountToSend);\n // Else, this is a normal ERC20 token. Send to recipient.\n } else {\n // Note: Similar to note above, send token directly from the contract to the user in the slow relay case.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(\n msg.sender,\n relayExecution.updatedRecipient,\n amountToSend\n );\n else\n IERC20Upgradeable(relayData.destinationToken).safeTransfer(\n relayExecution.updatedRecipient,\n amountToSend\n );\n }\n\n if (relayExecution.updatedRecipient.isContract() && relayExecution.updatedMessage.length > 0) {\n AcrossMessageHandler(relayExecution.updatedRecipient).handleAcrossMessage(\n relayData.destinationToken,\n amountToSend,\n relayFills[relayExecution.relayHash] >= relayData.amount,\n msg.sender,\n relayExecution.updatedMessage\n );\n }\n }\n\n function _updateCountFromFill(\n uint256 startingFillAmount,\n bool localRepayment,\n uint256 totalFillAmount,\n int64 realizedLPFeePct,\n address token,\n bool useContractFunds\n ) internal {\n // If this is a slow fill, a first partial fill with repayment on another chain, or a partial fill has already happened, do nothing, as these\n // should not impact the count. Initial 0-fills will not reach this part of the code.\n if (useContractFunds || startingFillAmount > 0 || !localRepayment) return;\n fillCounter[token] += _computeAmountPostFees(totalFillAmount, realizedLPFeePct);\n }\n\n function _emitFillRelay(RelayExecution memory relayExecution, uint256 fillAmountPreFees) internal {\n RelayExecutionInfo memory relayExecutionInfo = RelayExecutionInfo({\n relayerFeePct: relayExecution.updatedRelayerFeePct,\n recipient: relayExecution.updatedRecipient,\n message: relayExecution.updatedMessage,\n isSlowRelay: relayExecution.slowFill,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n emit FilledRelay(\n relayExecution.relay.amount,\n relayFills[relayExecution.relayHash],\n fillAmountPreFees,\n relayExecution.repaymentChainId,\n relayExecution.relay.originChainId,\n relayExecution.relay.destinationChainId,\n relayExecution.relay.relayerFeePct,\n relayExecution.relay.realizedLpFeePct,\n relayExecution.relay.depositId,\n relayExecution.relay.destinationToken,\n msg.sender,\n relayExecution.relay.depositor,\n relayExecution.relay.recipient,\n relayExecution.relay.message,\n relayExecutionInfo\n );\n }\n\n // Implementing contract needs to override this to ensure that only the appropriate cross chain admin can execute\n // certain admin functions. For L2 contracts, the cross chain admin refers to some L1 address or contract, and for\n // L1, this would just be the same admin of the HubPool.\n function _requireAdminSender() internal virtual;\n\n // Added to enable the this contract to receive native token (ETH). Used when unwrapping wrappedNativeToken.\n receive() external payable {}\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePoolVerifier.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/utils/Address.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\n */\ncontract SpokePoolVerifier {\n using Address for address;\n\n /**\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n SpokePoolInterface spokePool,\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable {\n require(msg.value == amount, \"msg.value != amount\");\n require(address(spokePool).isContract(), \"spokePool is not a contract\");\n spokePool.deposit{ value: msg.value }(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n quoteTimestamp,\n message,\n maxCount\n );\n }\n}\n" + }, + "contracts/Succinct_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/SuccinctInterfaces.sol\";\n\n/**\n * @notice Succinct Spoke pool.\n */\ncontract Succinct_SpokePool is SpokePool, ITelepathyHandler {\n // Address of the succinct AMB contract.\n address public succinctTargetAmb;\n\n // Chain where HubPool is deployed that is linked to this SpokePool.\n uint16 public hubChainId;\n\n // Warning: this variable should _never_ be touched outside of this contract. It is intentionally set to be\n // private. Leaving it set to true can permanently disable admin calls.\n bool private adminCallValidated;\n\n event SetSuccinctTargetAmb(address indexed newSuccinctTargetAmb);\n event ReceivedMessageFromL1(address indexed caller, address indexed rootMessageSender);\n\n // Note: validating calls this way ensures that strange calls coming from the succinctTargetAmb won't be\n // misinterpreted. Put differently, just checking that msg.sender == succinctTargetAmb is not sufficient.\n // All calls that have admin privileges must be fired from within the handleTelepathy method that's gone\n // through validation where the sender is checked and the sender from the other chain is also validated.\n // This modifier sets the adminCallValidated variable so this condition can be checked in _requireAdminSender().\n modifier validateInternalCalls() {\n // Make sure adminCallValidated is set to True only once at beginning of processMessageFromRoot, which prevents\n // processMessageFromRoot from being re-entered.\n require(!adminCallValidated, \"adminCallValidated already set\");\n\n // This sets a variable indicating that we're now inside a validated call.\n // Note: this is used by other methods to ensure that this call has been validated by this method and is not\n // spoofed.\n adminCallValidated = true;\n\n _;\n\n // Reset adminCallValidated to false to disallow admin calls after this method exits.\n adminCallValidated = false;\n }\n\n /**\n * @notice Construct the Succinct SpokePool.\n * @param _hubChainId Chain ID of the chain where the HubPool is deployed.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeToken Address of the wrapped native token.\n */\n function initialize(\n uint16 _hubChainId,\n address _succinctTargetAmb,\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeToken\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n succinctTargetAmb = _succinctTargetAmb;\n hubChainId = _hubChainId;\n }\n\n /**\n * @notice Admin can reset the succinct contract address.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n */\n function setSuccinctTargetAmb(address _succinctTargetAmb) external onlyAdmin {\n succinctTargetAmb = _succinctTargetAmb;\n emit SetSuccinctTargetAmb(_succinctTargetAmb);\n }\n\n /**\n * @notice This will be called by Succinct AMB on this network to relay a message sent from the HubPool.\n * @param _sourceChainId Chain ID of the chain where the message originated.\n * @param _senderAddress Address of the sender on the chain where the message originated.\n * @param _data Data to be received and executed on this contract.\n */\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external override validateInternalCalls returns (bytes4) {\n // Validate msg.sender as succinct, the x-chain sender as being the hubPool (the admin) and the source chain as\n // 1 (mainnet).\n require(msg.sender == succinctTargetAmb, \"caller not succinct AMB\");\n require(_senderAddress == hubPool, \"sender not hubPool\");\n require(_sourceChainId == hubChainId, \"source chain not hub chain\");\n\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, ) = address(this).delegatecall(_data);\n require(success, \"delegatecall failed\");\n\n emit ReceivedMessageFromL1(msg.sender, _senderAddress);\n return ITelepathyHandler.handleTelepathy.selector;\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory) internal override {\n // This method is a no-op. If the chain intends to include bridging functionality, this must be overriden.\n // If not, leaving this unimplemented means this method may be triggered, but the result will be that no\n // balance is transferred.\n }\n\n // Check that the handleTelepathy method has validated the method to ensure the sender is authenticated.\n function _requireAdminSender() internal view override {\n require(adminCallValidated, \"Admin call not validated\");\n }\n}\n" + }, + "contracts/test/AcrossMessageHandlerMock.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\n\ncontract AcrossMessageHandlerMock is AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external override {}\n}\n" + }, + "contracts/test/MerkleLibTest.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../MerkleLib.sol\";\nimport \"../interfaces/HubPoolInterface.sol\";\nimport \"../interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice Contract to test the MerkleLib.\n */\ncontract MerkleLibTest {\n mapping(uint256 => uint256) public claimedBitMap;\n\n uint256 public claimedBitMap1D;\n\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyPoolRebalance(root, rebalance, proof);\n }\n\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyRelayerRefund(root, refund, proof);\n }\n\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowFill,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifySlowRelayFulfillment(root, slowFill, proof);\n }\n\n function isClaimed(uint256 index) public view returns (bool) {\n return MerkleLib.isClaimed(claimedBitMap, index);\n }\n\n function setClaimed(uint256 index) public {\n MerkleLib.setClaimed(claimedBitMap, index);\n }\n\n function isClaimed1D(uint8 index) public view returns (bool) {\n return MerkleLib.isClaimed1D(claimedBitMap1D, index);\n }\n\n function setClaimed1D(uint8 index) public {\n claimedBitMap1D = MerkleLib.setClaimed1D(claimedBitMap1D, index);\n }\n}\n" + }, + "contracts/test/MockBedrockStandardBridge.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../Ovm_SpokePool.sol\";\n\n// Provides payable withdrawTo interface introduced on Bedrock\ncontract MockBedrockL2StandardBridge is IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable {\n // do nothing\n }\n}\n" + }, + "contracts/test/MockSpokePool.sol": { + "content": "//SPDX-License-Identifier: Unlicense\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @title MockSpokePool\n * @notice Implements abstract contract for testing.\n */\ncontract MockSpokePool is SpokePool, OwnableUpgradeable {\n uint256 private chainId_;\n uint256 private currentTime;\n\n function initialize(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n currentTime = block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n function setCurrentTime(uint256 time) external {\n currentTime = time;\n }\n\n function getCurrentTime() public view override returns (uint256) {\n return currentTime;\n }\n\n // solhint-disable-next-line no-empty-blocks\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {}\n\n function _requireAdminSender() internal override onlyOwner {} // solhint-disable-line no-empty-blocks\n\n function chainId() public view override(SpokePool) returns (uint256) {\n // If chainId_ is set then return it, else do nothing and return the parent chainId().\n return chainId_ == 0 ? super.chainId() : chainId_;\n }\n\n function setChainId(uint256 _chainId) public {\n chainId_ = _chainId;\n }\n}\n" + }, + "contracts/upgradeable/AddressLibUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @title AddressUpgradeable\n * @dev Collection of functions related to the address type\n * @notice Logic is 100% copied from \"@openzeppelin/contracts-upgradeable/contracts/utils/AddressUpgradeable.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\nlibrary AddressLibUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "contracts/upgradeable/EIP712CrossChainUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol\";\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.\n *\n * This contract is based on OpenZeppelin's implementation:\n * https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/utils/cryptography/EIP712Upgradeable.sol\n *\n * NOTE: Modified version that allows to build a domain separator that relies on a different chain id than the chain this\n * contract is deployed to. An example use case we want to support is:\n * - User A signs a message on chain with id = 1\n * - User B executes a method by verifying user A's EIP-712 compliant signature on a chain with id != 1\n */\nabstract contract EIP712CrossChainUpgradeable is Initializable {\n /* solhint-disable var-name-mixedcase */\n bytes32 private _HASHED_NAME;\n bytes32 private _HASHED_VERSION;\n bytes32 private constant _TYPE_HASH = keccak256(\"EIP712Domain(string name,string version,uint256 chainId)\");\n\n /* solhint-enable var-name-mixedcase */\n\n /**\n * @dev Initializes the domain separator and parameter caches.\n *\n * The meaning of `name` and `version` is specified in\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:\n *\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n * - `version`: the current major version of the signing domain.\n *\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n * contract upgrade].\n */\n function __EIP712_init(string memory name, string memory version) internal onlyInitializing {\n __EIP712_init_unchained(name, version);\n }\n\n function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {\n bytes32 hashedName = keccak256(bytes(name));\n bytes32 hashedVersion = keccak256(bytes(version));\n _HASHED_NAME = hashedName;\n _HASHED_VERSION = hashedVersion;\n }\n\n /**\n * @dev Returns the domain separator depending on the `originChainId`.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 EIP-712-compliant domain separator.\n */\n function _domainSeparatorV4(uint256 originChainId) internal view returns (bytes32) {\n return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, originChainId));\n }\n\n /**\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n * function returns the hash of the fully encoded EIP712 message for this domain.\n *\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n *\n * ```solidity\n * bytes32 structHash = keccak256(abi.encode(\n * keccak256(\"Mail(address to,string contents)\"),\n * mailTo,\n * keccak256(bytes(mailContents))\n * ));\n * bytes32 digest = _hashTypedDataV4(structHash, originChainId);\n * address signer = ECDSA.recover(digest, signature);\n * ```\n * @param structHash Hashed struct as defined in https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 Hash digest that is recoverable via `EDCSA.recover`.\n */\n function _hashTypedDataV4(bytes32 structHash, uint256 originChainId) internal view virtual returns (bytes32) {\n return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(originChainId), structHash);\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/upgradeable/MultiCallerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @title MultiCallerUpgradeable\n * @notice Logic is 100% copied from \"@uma/core/contracts/common/implementation/MultiCaller.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\ncontract MultiCallerUpgradeable {\n function multicall(bytes[] calldata data) external returns (bytes[] memory results) {\n results = new bytes[](data.length);\n\n //slither-disable-start calls-loop\n for (uint256 i = 0; i < data.length; i++) {\n // Typically, implementation contracts used in the upgradeable proxy pattern shouldn't call `delegatecall`\n // because it could allow a malicious actor to call this implementation contract directly (rather than\n // through a proxy contract) and then selfdestruct() the contract, thereby freezing the upgradeable\n // proxy. However, since we're only delegatecall-ing into this contract, then we can consider this\n // use of delegatecall() safe.\n\n //slither-disable-start low-level-calls\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory result) = address(this).delegatecall(data[i]);\n //slither-disable-end low-level-calls\n\n if (!success) {\n // Next 5 lines from https://ethereum.stackexchange.com/a/83577\n if (result.length < 68) revert();\n //slither-disable-next-line assembly\n assembly {\n result := add(result, 0x04)\n }\n revert(abi.decode(result, (string)));\n }\n\n results[i] = result;\n }\n //slither-disable-end calls-loop\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/ZkSync_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\n// https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/zksync/contracts/bridge/L2ERC20Bridge.sol#L104\ninterface ZkBridgeLike {\n function withdraw(\n address _l1Receiver,\n address _l2Token,\n uint256 _amount\n ) external;\n}\n\ninterface IL2ETH {\n function withdraw(address _l1Receiver) external payable;\n}\n\n/**\n * @notice ZkSync specific SpokePool, intended to be compiled with `@matterlabs/hardhat-zksync-solc`.\n * @dev Resources for compiling and deploying contracts with hardhat: https://era.zksync.io/docs/tools/hardhat/hardhat-zksync-solc.html\n */\ncontract ZkSync_SpokePool is SpokePool {\n // On Ethereum, avoiding constructor parameters and putting them into constants reduces some of the gas cost\n // upon contract deployment. On zkSync the opposite is true: deploying the same bytecode for contracts,\n // while changing only constructor parameters can lead to substantial fee savings. So, the following params\n // are all set by passing in constructor params where possible.\n\n // ETH on ZkSync implements a subset of the ERC-20 interface, with additional built-in support to bridge to L1.\n address public l2Eth;\n\n // Bridge used to withdraw ERC20's to L1\n ZkBridgeLike public zkErc20Bridge;\n\n event SetZkBridge(address indexed erc20Bridge, address indexed oldErc20Bridge);\n event ZkSyncTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged);\n\n /**\n * @notice Construct the ZkSync SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _zkErc20Bridge Address of L2 ERC20 gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n ZkBridgeLike _zkErc20Bridge,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n l2Eth = 0x000000000000000000000000000000000000800A;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setZkBridge(_zkErc20Bridge);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ZKSYNC-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 token bridge addresses. Callable only by admin.\n * @param _zkErc20Bridge New address of L2 ERC20 gateway.\n */\n function setZkBridge(ZkBridgeLike _zkErc20Bridge) public onlyAdmin nonReentrant {\n _setZkBridge(_zkErc20Bridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. This may not be neccessary\n // if ETH on ZkSync is treated as ETH and the fallback() function is triggered when this contract receives\n // ETH. We will have to test this but this function for now allows the contract to safely convert all of its\n // held ETH into WETH at the cost of higher gas costs.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // SpokePool is expected to receive ETH from the L1 HubPool and currently, withdrawing ETH directly\n // over the ERC20 Bridge is blocked at the contract level. Therefore, we need to unwrap it before withdrawing.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n // To withdraw tokens, we actually call 'withdraw' on the L2 eth token itself.\n IL2ETH(l2Eth).withdraw{ value: relayerRefundLeaf.amountToReturn }(hubPool);\n } else {\n zkErc20Bridge.withdraw(hubPool, relayerRefundLeaf.l2TokenAddress, relayerRefundLeaf.amountToReturn);\n }\n emit ZkSyncTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setZkBridge(ZkBridgeLike _zkErc20Bridge) internal {\n address oldErc20Bridge = address(zkErc20Bridge);\n zkErc20Bridge = _zkErc20Bridge;\n emit SetZkBridge(address(_zkErc20Bridge), oldErc20Bridge);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#mailboxfacet for more information.\n // Another source: https://github.com/matter-labs/era-contracts/blob/41c25aa16d182f757c3fed1463c78a81896f65e6/ethereum/contracts/vendor/AddressAliasHelper.sol#L28\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + } + }, + "settings": { + "optimizer": { + "enabled": true, + "runs": 1000000 + }, + "viaIR": true, + "outputSelection": { + "*": { + "*": [ + "abi", + "evm.bytecode", + "evm.deployedBytecode", + "evm.methodIdentifiers", + "metadata", + "devdoc", + "userdoc", + "storageLayout", + "evm.gasEstimates" + ], + "": ["ast"] + } + }, + "metadata": { + "useLiteralContent": true + } + } +} diff --git a/deployments/polygon/SpokePoolVerifier.json b/deployments/polygon/SpokePoolVerifier.json new file mode 100644 index 000000000..635194505 --- /dev/null +++ b/deployments/polygon/SpokePoolVerifier.json @@ -0,0 +1,131 @@ +{ + "address": "0x269727F088F16E1Aea52Cf5a97B1CD41DAA3f02D", + "abi": [ + { + "inputs": [ + { + "internalType": "contract SpokePoolInterface", + "name": "spokePool", + "type": "address" + }, + { + "internalType": "address", + "name": "recipient", + "type": "address" + }, + { + "internalType": "address", + "name": "originToken", + "type": "address" + }, + { + "internalType": "uint256", + "name": "amount", + "type": "uint256" + }, + { + "internalType": "uint256", + "name": "destinationChainId", + "type": "uint256" + }, + { + "internalType": "int64", + "name": "relayerFeePct", + "type": "int64" + }, + { + "internalType": "uint32", + "name": "quoteTimestamp", + "type": "uint32" + }, + { + "internalType": "bytes", + "name": "message", + "type": "bytes" + }, + { + "internalType": "uint256", + "name": "maxCount", + "type": "uint256" + } + ], + "name": "deposit", + "outputs": [], + "stateMutability": "payable", + "type": "function" + } + ], + "transactionHash": "0x829da84713cc80bf07224d6689c0a0eb537aeab26448a6db6eedffc6bf1074f0", + "receipt": { + "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", + "from": "0x9A8f92a830A5cB89a3816e3D267CB7791c16b04D", + "contractAddress": null, + "transactionIndex": 13, + "gasUsed": "259943", + "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000800000000000000000000000000000800000000000000000000100000000000100000000000000000000000000000000000000000000000080000000040000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000004000000000000000840001000000000000000000000000000000100000000000000001000000000000000000000000000000000000000000000000000000100000", + "blockHash": "0xf127e029fe4a5ef194cf74648aff91e415ffe4311d650b15aeda13b7ae2a0732", + "transactionHash": "0x829da84713cc80bf07224d6689c0a0eb537aeab26448a6db6eedffc6bf1074f0", + "logs": [ + { + "transactionIndex": 13, + "blockNumber": 48324598, + "transactionHash": "0x829da84713cc80bf07224d6689c0a0eb537aeab26448a6db6eedffc6bf1074f0", + "address": "0x0000000000000000000000000000000000001010", + "topics": [ + "0x4dfe1bbbcf077ddc3e01291eea2d5c70c2b422b415d95645b9adcfd678cb1d63", + "0x0000000000000000000000000000000000000000000000000000000000001010", + "0x0000000000000000000000009a8f92a830a5cb89a3816e3d267cb7791c16b04d", + "0x000000000000000000000000b95d435df3f8b2a8d8b9c2b7c8766c9ae6ed8cc9" + ], + "data": "0x000000000000000000000000000000000000000000000000002f14259637c30600000000000000000000000000000000000000000000000417aefef2e764dbf400000000000000000000000000000000000000000000000399e5d88c2e275899000000000000000000000000000000000000000000000004177feacd512d18ee0000000000000000000000000000000000000000000000039a14ecb1c45f1b9f", + "logIndex": 56, + "blockHash": "0xf127e029fe4a5ef194cf74648aff91e415ffe4311d650b15aeda13b7ae2a0732" + } + ], + "blockNumber": 48324598, + "cumulativeGasUsed": "2469046", + "status": 1, + "byzantium": true + }, + "args": [], + "numDeployments": 1, + "solcInputHash": "ddd636e0d4b16feb9b78418745aefa13", + "metadata": "{\"compiler\":{\"version\":\"0.8.18+commit.87f61d96\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"contract SpokePoolInterface\",\"name\":\"spokePool\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"originToken\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"},{\"internalType\":\"uint256\",\"name\":\"destinationChainId\",\"type\":\"uint256\"},{\"internalType\":\"int64\",\"name\":\"relayerFeePct\",\"type\":\"int64\"},{\"internalType\":\"uint32\",\"name\":\"quoteTimestamp\",\"type\":\"uint32\"},{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"uint256\",\"name\":\"maxCount\",\"type\":\"uint256\"}],\"name\":\"deposit\",\"outputs\":[],\"stateMutability\":\"payable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\",\"kind\":\"dev\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"details\":\"Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.\",\"params\":{\"amount\":\"Amount of tokens to deposit. Will be amount of tokens to receive less fees.\",\"destinationChainId\":\"Denotes network where user will receive funds from SpokePool by a relayer.\",\"maxCount\":\"used to protect the depositor from frontrunning to guarantee their quote remains valid.\",\"message\":\"Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\",\"originToken\":\"Token to lock into this contract to initiate deposit.\",\"quoteTimestamp\":\"Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.\",\"recipient\":\"Address to receive funds at on destination chain.\",\"relayerFeePct\":\"% of deposit amount taken out to incentivize a fast relayer.\",\"spokePool\":\"Address of the SpokePool contract that the user is intending to call.\"}}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)\":{\"notice\":\"Passthrough function to `deposit()` on the SpokePool contract.\"}},\"notice\":\"SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"contracts/SpokePoolVerifier.sol\":\"SpokePoolVerifier\"},\"evmVersion\":\"paris\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":true},\"optimizer\":{\"enabled\":true,\"runs\":1000000},\"remappings\":[],\"viaIR\":true},\"sources\":{\"@openzeppelin/contracts/utils/Address.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\\n\\npragma solidity ^0.8.1;\\n\\n/**\\n * @dev Collection of functions related to the address type\\n */\\nlibrary Address {\\n /**\\n * @dev Returns true if `account` is a contract.\\n *\\n * [IMPORTANT]\\n * ====\\n * It is unsafe to assume that an address for which this function returns\\n * false is an externally-owned account (EOA) and not a contract.\\n *\\n * Among others, `isContract` will return false for the following\\n * types of addresses:\\n *\\n * - an externally-owned account\\n * - a contract in construction\\n * - an address where a contract will be created\\n * - an address where a contract lived, but was destroyed\\n *\\n * Furthermore, `isContract` will also return true if the target contract within\\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\\n * which only has an effect at the end of a transaction.\\n * ====\\n *\\n * [IMPORTANT]\\n * ====\\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\\n *\\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\\n * constructor.\\n * ====\\n */\\n function isContract(address account) internal view returns (bool) {\\n // This method relies on extcodesize/address.code.length, which returns 0\\n // for contracts in construction, since the code is only stored at the end\\n // of the constructor execution.\\n\\n return account.code.length > 0;\\n }\\n\\n /**\\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\\n * `recipient`, forwarding all available gas and reverting on errors.\\n *\\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\\n * imposed by `transfer`, making them unable to receive funds via\\n * `transfer`. {sendValue} removes this limitation.\\n *\\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\\n *\\n * IMPORTANT: because control is transferred to `recipient`, care must be\\n * taken to not create reentrancy vulnerabilities. Consider using\\n * {ReentrancyGuard} or the\\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\\n */\\n function sendValue(address payable recipient, uint256 amount) internal {\\n require(address(this).balance >= amount, \\\"Address: insufficient balance\\\");\\n\\n (bool success, ) = recipient.call{value: amount}(\\\"\\\");\\n require(success, \\\"Address: unable to send value, recipient may have reverted\\\");\\n }\\n\\n /**\\n * @dev Performs a Solidity function call using a low level `call`. A\\n * plain `call` is an unsafe replacement for a function call: use this\\n * function instead.\\n *\\n * If `target` reverts with a revert reason, it is bubbled up by this\\n * function (like regular Solidity function calls).\\n *\\n * Returns the raw returned data. To convert to the expected return value,\\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\\n *\\n * Requirements:\\n *\\n * - `target` must be a contract.\\n * - calling `target` with `data` must not revert.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, \\\"Address: low-level call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\\n * `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, 0, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but also transferring `value` wei to `target`.\\n *\\n * Requirements:\\n *\\n * - the calling contract must have an ETH balance of at least `value`.\\n * - the called Solidity function must be `payable`.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\\n return functionCallWithValue(target, data, value, \\\"Address: low-level call with value failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\\n * with `errorMessage` as a fallback revert reason when `target` reverts.\\n *\\n * _Available since v3.1._\\n */\\n function functionCallWithValue(\\n address target,\\n bytes memory data,\\n uint256 value,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n require(address(this).balance >= value, \\\"Address: insufficient balance for call\\\");\\n (bool success, bytes memory returndata) = target.call{value: value}(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\\n return functionStaticCall(target, data, \\\"Address: low-level static call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a static call.\\n *\\n * _Available since v3.3._\\n */\\n function functionStaticCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.staticcall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\\n return functionDelegateCall(target, data, \\\"Address: low-level delegate call failed\\\");\\n }\\n\\n /**\\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\\n * but performing a delegate call.\\n *\\n * _Available since v3.4._\\n */\\n function functionDelegateCall(\\n address target,\\n bytes memory data,\\n string memory errorMessage\\n ) internal returns (bytes memory) {\\n (bool success, bytes memory returndata) = target.delegatecall(data);\\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\\n *\\n * _Available since v4.8._\\n */\\n function verifyCallResultFromTarget(\\n address target,\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal view returns (bytes memory) {\\n if (success) {\\n if (returndata.length == 0) {\\n // only check isContract if the call was successful and the return data is empty\\n // otherwise we already know that it was a contract\\n require(isContract(target), \\\"Address: call to non-contract\\\");\\n }\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n /**\\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\\n * revert reason or using the provided one.\\n *\\n * _Available since v4.3._\\n */\\n function verifyCallResult(\\n bool success,\\n bytes memory returndata,\\n string memory errorMessage\\n ) internal pure returns (bytes memory) {\\n if (success) {\\n return returndata;\\n } else {\\n _revert(returndata, errorMessage);\\n }\\n }\\n\\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\\n // Look for revert reason and bubble it up if present\\n if (returndata.length > 0) {\\n // The easiest way to bubble the revert reason is using memory via assembly\\n /// @solidity memory-safe-assembly\\n assembly {\\n let returndata_size := mload(returndata)\\n revert(add(32, returndata), returndata_size)\\n }\\n } else {\\n revert(errorMessage);\\n }\\n }\\n}\\n\",\"keccak256\":\"0x006dd67219697fe68d7fbfdea512e7c4cb64a43565ed86171d67e844982da6fa\",\"license\":\"MIT\"},\"contracts/SpokePoolVerifier.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\nimport \\\"@openzeppelin/contracts/utils/Address.sol\\\";\\nimport \\\"./interfaces/SpokePoolInterface.sol\\\";\\n\\n/**\\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\\n */\\ncontract SpokePoolVerifier {\\n using Address for address;\\n\\n /**\\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\\n * @param recipient Address to receive funds at on destination chain.\\n * @param originToken Token to lock into this contract to initiate deposit.\\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\\n * to LP pool on HubPool.\\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\\n */\\n function deposit(\\n SpokePoolInterface spokePool,\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable {\\n require(msg.value == amount, \\\"msg.value != amount\\\");\\n require(address(spokePool).isContract(), \\\"spokePool is not a contract\\\");\\n spokePool.deposit{ value: msg.value }(\\n recipient,\\n originToken,\\n amount,\\n destinationChainId,\\n relayerFeePct,\\n quoteTimestamp,\\n message,\\n maxCount\\n );\\n }\\n}\\n\",\"keccak256\":\"0x307def15b466a7b358bd8429d1e0602bc623d7c03aa07b78552e551625196c29\",\"license\":\"BUSL-1.1\"},\"contracts/interfaces/SpokePoolInterface.sol\":{\"content\":\"// SPDX-License-Identifier: BUSL-1.1\\npragma solidity ^0.8.0;\\n\\n/**\\n * @notice Contains common data structures and functions used by all SpokePool implementations.\\n */\\ninterface SpokePoolInterface {\\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\\n struct RelayerRefundLeaf {\\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\\n // is negative. This is just the negative of this value.\\n uint256 amountToReturn;\\n // Used to verify that this is being executed on the correct destination chainId.\\n uint256 chainId;\\n // This array designates how much each of those addresses should be refunded.\\n uint256[] refundAmounts;\\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\\n uint32 leafId;\\n // The associated L2TokenAddress that these claims apply to.\\n address l2TokenAddress;\\n // Must be same length as refundAmounts and designates each address that must be refunded.\\n address[] refundAddresses;\\n }\\n\\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\\n // chain validator can choose when to refund slow relayers.\\n struct RelayData {\\n // The address that made the deposit on the origin chain.\\n address depositor;\\n // The recipient address on the destination chain.\\n address recipient;\\n // The corresponding token address on the destination chain.\\n address destinationToken;\\n // The total relay amount before fees are taken out.\\n uint256 amount;\\n // Origin chain id.\\n uint256 originChainId;\\n // Destination chain id.\\n uint256 destinationChainId;\\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\\n // and the HubPool's utilization.\\n int64 realizedLpFeePct;\\n // The relayer fee percentage specified in the deposit.\\n int64 relayerFeePct;\\n // The id uniquely identifying this deposit on the origin chain.\\n uint32 depositId;\\n // Data that is forwarded to the recipient.\\n bytes message;\\n }\\n\\n struct SlowFill {\\n RelayData relayData;\\n int256 payoutAdjustmentPct;\\n }\\n\\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\\n // by \\\"data workers\\\" via inclusion proofs to execute leaves in the roots.\\n struct RootBundle {\\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\\n bytes32 slowRelayRoot;\\n // Merkle root of relayer refunds for successful relays.\\n bytes32 relayerRefundRoot;\\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\\n // 256x(2^248) leaves per root.\\n mapping(uint256 => uint256) claimedBitmap;\\n }\\n\\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\\n\\n function setHubPool(address newHubPool) external;\\n\\n function setEnableRoute(\\n address originToken,\\n uint256 destinationChainId,\\n bool enable\\n ) external;\\n\\n function pauseDeposits(bool pause) external;\\n\\n function pauseFills(bool pause) external;\\n\\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\\n\\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\\n\\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\\n\\n function deposit(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n uint32 quoteTimestamp,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function depositNow(\\n address recipient,\\n address originToken,\\n uint256 amount,\\n uint256 destinationChainId,\\n int64 relayerFeePct,\\n bytes memory message,\\n uint256 maxCount\\n ) external payable;\\n\\n function speedUpDeposit(\\n address depositor,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n address updatedRecipient,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature\\n ) external;\\n\\n function fillRelay(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n uint256 maxCount\\n ) external;\\n\\n function fillRelayWithUpdatedDeposit(\\n address depositor,\\n address recipient,\\n address updatedRecipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 maxTokensToSend,\\n uint256 repaymentChainId,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n int64 updatedRelayerFeePct,\\n uint32 depositId,\\n bytes memory message,\\n bytes memory updatedMessage,\\n bytes memory depositorSignature,\\n uint256 maxCount\\n ) external;\\n\\n function executeSlowRelayLeaf(\\n address depositor,\\n address recipient,\\n address destinationToken,\\n uint256 amount,\\n uint256 originChainId,\\n int64 realizedLpFeePct,\\n int64 relayerFeePct,\\n uint32 depositId,\\n uint32 rootBundleId,\\n bytes memory message,\\n int256 payoutAdjustment,\\n bytes32[] memory proof\\n ) external;\\n\\n function executeRelayerRefundLeaf(\\n uint32 rootBundleId,\\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\\n bytes32[] memory proof\\n ) external;\\n\\n function chainId() external view returns (uint256);\\n}\\n\",\"keccak256\":\"0x8ca5e32ee496553c1055954283747b6725356548dc35f5aad565e5cf37bf6449\",\"license\":\"BUSL-1.1\"}},\"version\":1}", + "bytecode": "0x60808060405234610016576103c3908161001c8239f35b600080fdfe608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "deployedBytecode": "0x608060048036101561001057600080fd5b600091823560e01c63e0db3fcf1461002757600080fd5b6101207ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc36011261038957813573ffffffffffffffffffffffffffffffffffffffff908181168091036103855760249182359181831680930361038157604435918216809203610381576064359460a435928360070b80940361037d5760c4359663ffffffff88168098036103795760e4359767ffffffffffffffff95868a11610375573660238b01121561037557898b01359287841161034a577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09485603f81601f880116011687019b8c8a89821091111761031e578e9060409d8e52868952368d888301011161031a57868d97602098899301838c0137890101528134036102be57873b1561026257873b1561025e579b989593918d979593918c519d8e987f1186ec33000000000000000000000000000000000000000000000000000000008a528c8a01528c89015260448801526084356064880152608487015260a486015261010060c4860152825190610104938285880152875b83811061024157505050849291601f849261012494898683870101523560e48501520116810103019134905af18015610237576101fb578580f35b841161020d5750505238808080808580f35b604185917f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b84513d88823e3d90fd5b81810183015197810161012401979097528d97508c9682016101c0565b8d80fd5b5060648c601b8c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f73706f6b65506f6f6c206973206e6f74206120636f6e747261637400000000006044820152fd5b5060648c60138c878f51937f08c379a00000000000000000000000000000000000000000000000000000000085528401528201527f6d73672e76616c756520213d20616d6f756e74000000000000000000000000006044820152fd5b5080fd5b508a8e60418f7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b898d60418e7f4e487b7100000000000000000000000000000000000000000000000000000000835252fd5b8b80fd5b8980fd5b8880fd5b8680fd5b8480fd5b8280fdfea2646970667358221220fe313dd010e3aac8603c847d2fd84c8d4a95364db43b887b61b615152b259cdf64736f6c63430008120033", + "devdoc": { + "details": "This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains. Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2", + "kind": "dev", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "details": "Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address they intended to call does not exist on this chain. Because this contract can be deployed at the same address everywhere callers should be protected even if the transaction is submitted to an unintended network. This contract should only be used for native token deposits, as this problem only exists for native tokens.", + "params": { + "amount": "Amount of tokens to deposit. Will be amount of tokens to receive less fees.", + "destinationChainId": "Denotes network where user will receive funds from SpokePool by a relayer.", + "maxCount": "used to protect the depositor from frontrunning to guarantee their quote remains valid.", + "message": "Arbitrary data that can be used to pass additional information to the recipient along with the tokens. Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.", + "originToken": "Token to lock into this contract to initiate deposit.", + "quoteTimestamp": "Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid to LP pool on HubPool.", + "recipient": "Address to receive funds at on destination chain.", + "relayerFeePct": "% of deposit amount taken out to incentivize a fast relayer.", + "spokePool": "Address of the SpokePool contract that the user is intending to call." + } + } + }, + "version": 1 + }, + "userdoc": { + "kind": "user", + "methods": { + "deposit(address,address,address,uint256,uint256,int64,uint32,bytes,uint256)": { + "notice": "Passthrough function to `deposit()` on the SpokePool contract." + } + }, + "notice": "SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.", + "version": 1 + }, + "storageLayout": { + "storage": [], + "types": null + } +} diff --git a/deployments/polygon/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json b/deployments/polygon/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json new file mode 100644 index 000000000..abf783f9a --- /dev/null +++ b/deployments/polygon/solcInputs/ddd636e0d4b16feb9b78418745aefa13.json @@ -0,0 +1,247 @@ +{ + "language": "Solidity", + "sources": { + "@eth-optimism/contracts/L1/messaging/IL1ERC20Bridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title IL1ERC20Bridge\n */\ninterface IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n\n event ERC20DepositInitiated(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n event ERC20WithdrawalFinalized(\n address indexed _l1Token,\n address indexed _l2Token,\n address indexed _from,\n address _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev get the address of the corresponding L2 bridge contract.\n * @return Address of the corresponding L2 bridge contract.\n */\n function l2TokenBridge() external returns (address);\n\n /**\n * @dev deposit an amount of the ERC20 to the caller's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _amount Amount of the ERC20 to deposit\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20(\n address _l1Token,\n address _l2Token,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /**\n * @dev deposit an amount of ERC20 to a recipient's balance on L2.\n * @param _l1Token Address of the L1 ERC20 we are depositing\n * @param _l2Token Address of the L1 respective L2 ERC20\n * @param _to L2 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositERC20To(\n address _l1Token,\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _l2Gas,\n bytes calldata _data\n ) external;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ERC20 token.\n * This call will fail if the initialized withdrawal from L2 has not been finalized.\n *\n * @param _l1Token Address of L1 token to finalizeWithdrawal for.\n * @param _l2Token Address of L2 token where withdrawal was initiated.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Data provided by the sender on L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeERC20Withdrawal(\n address _l1Token,\n address _l2Token,\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\nimport \"./IL1ERC20Bridge.sol\";\n\n/**\n * @title IL1StandardBridge\n */\ninterface IL1StandardBridge is IL1ERC20Bridge {\n /**********\n * Events *\n **********/\n event ETHDepositInitiated(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n event ETHWithdrawalFinalized(\n address indexed _from,\n address indexed _to,\n uint256 _amount,\n bytes _data\n );\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * @dev Deposit an amount of the ETH to the caller's balance on L2.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETH(uint32 _l2Gas, bytes calldata _data) external payable;\n\n /**\n * @dev Deposit an amount of ETH to a recipient's balance on L2.\n * @param _to L2 address to credit the withdrawal to.\n * @param _l2Gas Gas limit required to complete the deposit on L2.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function depositETHTo(\n address _to,\n uint32 _l2Gas,\n bytes calldata _data\n ) external payable;\n\n /*************************\n * Cross-chain Functions *\n *************************/\n\n /**\n * @dev Complete a withdrawal from L2 to L1, and credit funds to the recipient's balance of the\n * L1 ETH token. Since only the xDomainMessenger can call this function, it will never be called\n * before the withdrawal is finalized.\n * @param _from L2 address initiating the transfer.\n * @param _to L1 address to credit the withdrawal to.\n * @param _amount Amount of the ERC20 to deposit.\n * @param _data Optional data to forward to L2. This data is provided\n * solely as a convenience for external contracts. Aside from enforcing a maximum\n * length, these contracts provide no guarantees about its content.\n */\n function finalizeETHWithdrawal(\n address _from,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessenger {\n /**********\n * Events *\n **********/\n\n event SentMessage(\n address indexed target,\n address sender,\n bytes message,\n uint256 messageNonce,\n uint256 gasLimit\n );\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(\n address _target,\n bytes calldata _message,\n uint32 _gasLimit\n ) external;\n}\n" + }, + "@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.9;\n\n/**\n * @title Lib_PredeployAddresses\n */\nlibrary Lib_PredeployAddresses {\n address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;\n address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;\n address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;\n address payable internal constant OVM_ETH = payable(0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000);\n address internal constant L2_CROSS_DOMAIN_MESSENGER =\n 0x4200000000000000000000000000000000000007;\n address internal constant LIB_ADDRESS_MANAGER = 0x4200000000000000000000000000000000000008;\n address internal constant PROXY_EOA = 0x4200000000000000000000000000000000000009;\n address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;\n address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;\n address internal constant L2_STANDARD_TOKEN_FACTORY =\n 0x4200000000000000000000000000000000000012;\n address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/ContextUpgradeable.sol\";\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n function __Ownable_init() internal onlyInitializing {\n __Ownable_init_unchained();\n }\n\n function __Ownable_init_unchained() internal onlyInitializing {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/errorsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.6.0) (crosschain/errors.sol)\n\npragma solidity ^0.8.4;\n\nerror NotCrossChainCall();\nerror InvalidCrossChainSender(address actual, address expected);\n" + }, + "@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (crosschain/optimism/LibOptimism.sol)\n\npragma solidity ^0.8.4;\n\nimport { ICrossDomainMessengerUpgradeable as Optimism_Bridge } from \"../../vendor/optimism/ICrossDomainMessengerUpgradeable.sol\";\nimport \"../errorsUpgradeable.sol\";\n\n/**\n * @dev Primitives for cross-chain aware contracts for https://www.optimism.io/[Optimism].\n * See the https://community.optimism.io/docs/developers/bridge/messaging/#accessing-msg-sender[documentation]\n * for the functionality used here.\n */\nlibrary LibOptimismUpgradeable {\n /**\n * @dev Returns whether the current function call is the result of a\n * cross-chain message relayed by `messenger`.\n */\n function isCrossChain(address messenger) internal view returns (bool) {\n return msg.sender == messenger;\n }\n\n /**\n * @dev Returns the address of the sender that triggered the current\n * cross-chain message through `messenger`.\n *\n * NOTE: {isCrossChain} should be checked before trying to recover the\n * sender, as it will revert with `NotCrossChainCall` if the current\n * function call is not the result of a cross-chain message.\n */\n function crossChainSender(address messenger) internal view returns (address) {\n if (!isCrossChain(messenger)) revert NotCrossChainCall();\n\n return Optimism_Bridge(messenger).xDomainMessageSender();\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/draft-IERC1822Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified\n * proxy whose upgrades are fully controlled by the current implementation.\n */\ninterface IERC1822ProxiableUpgradeable {\n /**\n * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation\n * address.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy.\n */\n function proxiableUUID() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/interfaces/IERC1967Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n *\n * _Available since v4.8.3._\n */\ninterface IERC1967Upgradeable {\n /**\n * @dev Emitted when the implementation is upgraded.\n */\n event Upgraded(address indexed implementation);\n\n /**\n * @dev Emitted when the admin account has changed.\n */\n event AdminChanged(address previousAdmin, address newAdmin);\n\n /**\n * @dev Emitted when the beacon is changed.\n */\n event BeaconUpgraded(address indexed beacon);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/beacon/IBeaconUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeaconUpgradeable {\n /**\n * @dev Must return an address that can be used as a delegate call target.\n *\n * {BeaconProxy} will check that this address is a contract.\n */\n function implementation() external view returns (address);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../beacon/IBeaconUpgradeable.sol\";\nimport \"../../interfaces/IERC1967Upgradeable.sol\";\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../../utils/AddressUpgradeable.sol\";\nimport \"../../utils/StorageSlotUpgradeable.sol\";\nimport \"../utils/Initializable.sol\";\n\n/**\n * @dev This abstract contract provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.\n *\n * _Available since v4.1._\n */\nabstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {\n function __ERC1967Upgrade_init() internal onlyInitializing {\n }\n\n function __ERC1967Upgrade_init_unchained() internal onlyInitializing {\n }\n // This is the keccak-256 hash of \"eip1967.proxy.rollback\" subtracted by 1\n bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;\n\n /**\n * @dev Storage slot with the address of the current implementation.\n * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n /**\n * @dev Returns the current implementation address.\n */\n function _getImplementation() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 implementation slot.\n */\n function _setImplementation(address newImplementation) private {\n require(AddressUpgradeable.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n }\n\n /**\n * @dev Perform implementation upgrade\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeTo(address newImplementation) internal {\n _setImplementation(newImplementation);\n emit Upgraded(newImplementation);\n }\n\n /**\n * @dev Perform implementation upgrade with additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {\n _upgradeTo(newImplementation);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(newImplementation, data);\n }\n }\n\n /**\n * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.\n *\n * Emits an {Upgraded} event.\n */\n function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {\n // Upgrades from old implementations will perform a rollback test. This test requires the new\n // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing\n // this special case will break upgrade paths from old UUPS implementation to new ones.\n if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {\n _setImplementation(newImplementation);\n } else {\n try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {\n require(slot == _IMPLEMENTATION_SLOT, \"ERC1967Upgrade: unsupported proxiableUUID\");\n } catch {\n revert(\"ERC1967Upgrade: new implementation is not UUPS\");\n }\n _upgradeToAndCall(newImplementation, data, forceCall);\n }\n }\n\n /**\n * @dev Storage slot with the admin of the contract.\n * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1, and is\n * validated in the constructor.\n */\n bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n /**\n * @dev Returns the current admin.\n */\n function _getAdmin() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;\n }\n\n /**\n * @dev Stores a new address in the EIP1967 admin slot.\n */\n function _setAdmin(address newAdmin) private {\n require(newAdmin != address(0), \"ERC1967: new admin is the zero address\");\n StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;\n }\n\n /**\n * @dev Changes the admin of the proxy.\n *\n * Emits an {AdminChanged} event.\n */\n function _changeAdmin(address newAdmin) internal {\n emit AdminChanged(_getAdmin(), newAdmin);\n _setAdmin(newAdmin);\n }\n\n /**\n * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.\n */\n bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n /**\n * @dev Returns the current beacon.\n */\n function _getBeacon() internal view returns (address) {\n return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;\n }\n\n /**\n * @dev Stores a new beacon in the EIP1967 beacon slot.\n */\n function _setBeacon(address newBeacon) private {\n require(AddressUpgradeable.isContract(newBeacon), \"ERC1967: new beacon is not a contract\");\n require(\n AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),\n \"ERC1967: beacon implementation is not a contract\"\n );\n StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;\n }\n\n /**\n * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does\n * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).\n *\n * Emits a {BeaconUpgraded} event.\n */\n function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {\n _setBeacon(newBeacon);\n emit BeaconUpgraded(newBeacon);\n if (data.length > 0 || forceCall) {\n AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);\n }\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.2;\n\nimport \"../../utils/AddressUpgradeable.sol\";\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n * function initialize() initializer public {\n * __ERC20_init(\"MyToken\", \"MTK\");\n * }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n * function initializeV2() reinitializer(2) public {\n * __ERC20Permit_init(\"MyToken\");\n * }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n * _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n /**\n * @dev Indicates that the contract has been initialized.\n * @custom:oz-retyped-from bool\n */\n uint8 private _initialized;\n\n /**\n * @dev Indicates that the contract is in the process of being initialized.\n */\n bool private _initializing;\n\n /**\n * @dev Triggered when the contract has been initialized or reinitialized.\n */\n event Initialized(uint8 version);\n\n /**\n * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n * `onlyInitializing` functions can be used to initialize parent contracts.\n *\n * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a\n * constructor.\n *\n * Emits an {Initialized} event.\n */\n modifier initializer() {\n bool isTopLevelCall = !_initializing;\n require(\n (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),\n \"Initializable: contract is already initialized\"\n );\n _initialized = 1;\n if (isTopLevelCall) {\n _initializing = true;\n }\n _;\n if (isTopLevelCall) {\n _initializing = false;\n emit Initialized(1);\n }\n }\n\n /**\n * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n * used to initialize parent contracts.\n *\n * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n * are added through upgrades and that require initialization.\n *\n * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n * cannot be nested. If one is invoked in the context of another, execution will revert.\n *\n * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n * a contract, executing them in the right order is up to the developer or operator.\n *\n * WARNING: setting the version to 255 will prevent any future reinitialization.\n *\n * Emits an {Initialized} event.\n */\n modifier reinitializer(uint8 version) {\n require(!_initializing && _initialized < version, \"Initializable: contract is already initialized\");\n _initialized = version;\n _initializing = true;\n _;\n _initializing = false;\n emit Initialized(version);\n }\n\n /**\n * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n * {initializer} and {reinitializer} modifiers, directly or indirectly.\n */\n modifier onlyInitializing() {\n require(_initializing, \"Initializable: contract is not initializing\");\n _;\n }\n\n /**\n * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n * through proxies.\n *\n * Emits an {Initialized} event the first time it is successfully executed.\n */\n function _disableInitializers() internal virtual {\n require(!_initializing, \"Initializable: contract is initializing\");\n if (_initialized != type(uint8).max) {\n _initialized = type(uint8).max;\n emit Initialized(type(uint8).max);\n }\n }\n\n /**\n * @dev Returns the highest version that has been initialized. See {reinitializer}.\n */\n function _getInitializedVersion() internal view returns (uint8) {\n return _initialized;\n }\n\n /**\n * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n */\n function _isInitializing() internal view returns (bool) {\n return _initializing;\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../../interfaces/draft-IERC1822Upgradeable.sol\";\nimport \"../ERC1967/ERC1967UpgradeUpgradeable.sol\";\nimport \"./Initializable.sol\";\n\n/**\n * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an\n * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.\n *\n * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is\n * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing\n * `UUPSUpgradeable` with a custom implementation of upgrades.\n *\n * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.\n *\n * _Available since v4.1._\n */\nabstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {\n function __UUPSUpgradeable_init() internal onlyInitializing {\n }\n\n function __UUPSUpgradeable_init_unchained() internal onlyInitializing {\n }\n /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment\n address private immutable __self = address(this);\n\n /**\n * @dev Check that the execution is being performed through a delegatecall call and that the execution context is\n * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case\n * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a\n * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to\n * fail.\n */\n modifier onlyProxy() {\n require(address(this) != __self, \"Function must be called through delegatecall\");\n require(_getImplementation() == __self, \"Function must be called through active proxy\");\n _;\n }\n\n /**\n * @dev Check that the execution is not being performed through a delegate call. This allows a function to be\n * callable on the implementing contract but not through proxies.\n */\n modifier notDelegated() {\n require(address(this) == __self, \"UUPSUpgradeable: must not be called through delegatecall\");\n _;\n }\n\n /**\n * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the\n * implementation. It is used to validate the implementation's compatibility when performing an upgrade.\n *\n * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks\n * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this\n * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.\n */\n function proxiableUUID() external view virtual override notDelegated returns (bytes32) {\n return _IMPLEMENTATION_SLOT;\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeTo(address newImplementation) public virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, new bytes(0), false);\n }\n\n /**\n * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call\n * encoded in `data`.\n *\n * Calls {_authorizeUpgrade}.\n *\n * Emits an {Upgraded} event.\n *\n * @custom:oz-upgrades-unsafe-allow-reachable delegatecall\n */\n function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {\n _authorizeUpgrade(newImplementation);\n _upgradeToAndCallUUPS(newImplementation, data, true);\n }\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n *\n * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.\n *\n * ```solidity\n * function _authorizeUpgrade(address) internal override onlyOwner {}\n * ```\n */\n function _authorizeUpgrade(address newImplementation) internal virtual;\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n *\n * TIP: If you would like to learn more about reentrancy and alternative ways\n * to protect against it, check out our blog post\n * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].\n */\nabstract contract ReentrancyGuardUpgradeable is Initializable {\n // Booleans are more expensive than uint256 or any type that takes up a full\n // word because each write operation emits an extra SLOAD to first read the\n // slot's contents, replace the bits taken up by the boolean, and then write\n // back. This is the compiler's defense against contract upgrades and\n // pointer aliasing, and it cannot be disabled.\n\n // The values being non-zero value makes deployment a bit more expensive,\n // but in exchange the refund on every call to nonReentrant will be lower in\n // amount. Since refunds are capped to a percentage of the total\n // transaction's gas, it is best to keep them low in cases like this one, to\n // increase the likelihood of the full refund coming into effect.\n uint256 private constant _NOT_ENTERED = 1;\n uint256 private constant _ENTERED = 2;\n\n uint256 private _status;\n\n function __ReentrancyGuard_init() internal onlyInitializing {\n __ReentrancyGuard_init_unchained();\n }\n\n function __ReentrancyGuard_init_unchained() internal onlyInitializing {\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and making it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _nonReentrantBefore();\n _;\n _nonReentrantAfter();\n }\n\n function _nonReentrantBefore() private {\n // On the first call to nonReentrant, _status will be _NOT_ENTERED\n require(_status != _ENTERED, \"ReentrancyGuard: reentrant call\");\n\n // Any calls to nonReentrant after this point will fail\n _status = _ENTERED;\n }\n\n function _nonReentrantAfter() private {\n // By storing the original value once again, a refund is triggered (see\n // https://eips.ethereum.org/EIPS/eip-2200)\n _status = _NOT_ENTERED;\n }\n\n /**\n * @dev Returns true if the reentrancy guard is currently set to \"entered\", which indicates there is a\n * `nonReentrant` function in the call stack.\n */\n function _reentrancyGuardEntered() internal view returns (bool) {\n return _status == _ENTERED;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[49] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20PermitUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20PermitUpgradeable {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20Upgradeable {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20Upgradeable.sol\";\nimport \"../extensions/IERC20PermitUpgradeable.sol\";\nimport \"../../../utils/AddressUpgradeable.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20Upgradeable {\n using AddressUpgradeable for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20PermitUpgradeable token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary AddressUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\nimport \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n function __Context_init() internal onlyInitializing {\n }\n\n function __Context_init_unchained() internal onlyInitializing {\n }\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n\n /**\n * @dev This empty reserved space is put in place to allow future versions to add new\n * variables without shifting down storage in the inheritance chain.\n * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps\n */\n uint256[50] private __gap;\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../StringsUpgradeable.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSAUpgradeable {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", StringsUpgradeable.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/MathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary MathUpgradeable {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/math/SignedMathUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMathUpgradeable {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StorageSlotUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n * function _getImplementation() internal view returns (address) {\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n * }\n *\n * function _setImplementation(address newImplementation) internal {\n * require(Address.isContract(newImplementation), \"ERC1967: new implementation is not a contract\");\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n * }\n * }\n * ```\n *\n * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._\n * _Available since v4.9 for `string`, `bytes`._\n */\nlibrary StorageSlotUpgradeable {\n struct AddressSlot {\n address value;\n }\n\n struct BooleanSlot {\n bool value;\n }\n\n struct Bytes32Slot {\n bytes32 value;\n }\n\n struct Uint256Slot {\n uint256 value;\n }\n\n struct StringSlot {\n string value;\n }\n\n struct BytesSlot {\n bytes value;\n }\n\n /**\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n */\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BooleanSlot` with member `value` located at `slot`.\n */\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.\n */\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `Uint256Slot` with member `value` located at `slot`.\n */\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` with member `value` located at `slot`.\n */\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n */\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` with member `value` located at `slot`.\n */\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := slot\n }\n }\n\n /**\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n */\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n /// @solidity memory-safe-assembly\n assembly {\n r.slot := store.slot\n }\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/utils/StringsUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/MathUpgradeable.sol\";\nimport \"./math/SignedMathUpgradeable.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary StringsUpgradeable {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = MathUpgradeable.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMathUpgradeable.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, MathUpgradeable.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@openzeppelin/contracts-upgradeable/vendor/optimism/ICrossDomainMessengerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (vendor/optimism/ICrossDomainMessenger.sol)\npragma solidity >0.5.0 <0.9.0;\n\n/**\n * @title ICrossDomainMessenger\n */\ninterface ICrossDomainMessengerUpgradeable {\n /**********\n * Events *\n **********/\n\n event SentMessage(address indexed target, address sender, bytes message, uint256 messageNonce, uint256 gasLimit);\n event RelayedMessage(bytes32 indexed msgHash);\n event FailedRelayedMessage(bytes32 indexed msgHash);\n\n /*************\n * Variables *\n *************/\n\n function xDomainMessageSender() external view returns (address);\n\n /********************\n * Public Functions *\n ********************/\n\n /**\n * Sends a cross domain message to the target messenger.\n * @param _target Target contract address.\n * @param _message Message to send to the target.\n * @param _gasLimit Gas limit for the provided message.\n */\n function sendMessage(address _target, bytes calldata _message, uint32 _gasLimit) external;\n}\n" + }, + "@openzeppelin/contracts/access/Ownable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby disabling any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n" + }, + "@openzeppelin/contracts/interfaces/IERC1271.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC1271 standard signature validation method for\n * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].\n *\n * _Available since v4.1._\n */\ninterface IERC1271 {\n /**\n * @dev Should return whether the signature provided is valid for the provided data\n * @param hash Hash of the data to be signed\n * @param signature Signature byte array associated with _data\n */\n function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\ninterface IERC20Permit {\n /**\n * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n * given ``owner``'s signed approval.\n *\n * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n * ordering also apply here.\n *\n * Emits an {Approval} event.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `deadline` must be a timestamp in the future.\n * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n * over the EIP712-formatted function arguments.\n * - the signature must use ``owner``'s current nonce (see {nonces}).\n *\n * For more information on the signature format, see the\n * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n * section].\n */\n function permit(\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) external;\n\n /**\n * @dev Returns the current nonce for `owner`. This value must be\n * included whenever a signature is generated for {permit}.\n *\n * Every successful call to {permit} increases ``owner``'s nonce by one. This\n * prevents a signature from being used multiple times.\n */\n function nonces(address owner) external view returns (uint256);\n\n /**\n * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n */\n // solhint-disable-next-line func-name-mixedcase\n function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/IERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `to`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address to, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `from` to `to` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address from, address to, uint256 amount) external returns (bool);\n}\n" + }, + "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../IERC20.sol\";\nimport \"../extensions/IERC20Permit.sol\";\nimport \"../../../utils/Address.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using Address for address;\n\n /**\n * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n /**\n * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n */\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n require(\n (value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n /**\n * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 oldAllowance = token.allowance(address(this), spender);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));\n }\n\n /**\n * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful.\n */\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n unchecked {\n uint256 oldAllowance = token.allowance(address(this), spender);\n require(oldAllowance >= value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));\n }\n }\n\n /**\n * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n * to be set to zero before setting it to a non-zero value, such as USDT.\n */\n function forceApprove(IERC20 token, address spender, uint256 value) internal {\n bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);\n\n if (!_callOptionalReturnBool(token, approvalCall)) {\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));\n _callOptionalReturn(token, approvalCall);\n }\n }\n\n /**\n * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.\n * Revert on invalid signature.\n */\n function safePermit(\n IERC20Permit token,\n address owner,\n address spender,\n uint256 value,\n uint256 deadline,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal {\n uint256 nonceBefore = token.nonces(owner);\n token.permit(owner, spender, value, deadline, v, r, s);\n uint256 nonceAfter = token.nonces(owner);\n require(nonceAfter == nonceBefore + 1, \"SafeERC20: permit did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n require(returndata.length == 0 || abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n *\n * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.\n */\n function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false\n // and not revert is the subcall reverts.\n\n (bool success, bytes memory returndata) = address(token).call(data);\n return\n success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Address.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{value: amount}(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{value: value}(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Context.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/ECDSA.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"../Strings.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV // Deprecated in v4.8\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature 's' value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) >> 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\")\n mstore(0x1c, hash)\n message := keccak256(0x00, 0x3c)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", Strings.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {\n /// @solidity memory-safe-assembly\n assembly {\n let ptr := mload(0x40)\n mstore(ptr, \"\\x19\\x01\")\n mstore(add(ptr, 0x02), domainSeparator)\n mstore(add(ptr, 0x22), structHash)\n data := keccak256(ptr, 0x42)\n }\n }\n\n /**\n * @dev Returns an Ethereum Signed Data with intended validator, created from a\n * `validator` and `data` according to the version 0 of EIP-191.\n *\n * See {recover}.\n */\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x00\", validator, data));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.2) (utils/cryptography/MerkleProof.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev These functions deal with verification of Merkle Tree proofs.\n *\n * The tree and the proofs can be generated using our\n * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].\n * You will find a quickstart guide in the readme.\n *\n * WARNING: You should avoid using leaf values that are 64 bytes long prior to\n * hashing, or use a hash function other than keccak256 for hashing leaves.\n * This is because the concatenation of a sorted pair of internal nodes in\n * the merkle tree could be reinterpreted as a leaf value.\n * OpenZeppelin's JavaScript library generates merkle trees that are safe\n * against this attack out of the box.\n */\nlibrary MerkleProof {\n /**\n * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree\n * defined by `root`. For this, a `proof` must be provided, containing\n * sibling hashes on the branch from the leaf to the root of the tree. Each\n * pair of leaves and each pair of pre-images are assumed to be sorted.\n */\n function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProof(proof, leaf) == root;\n }\n\n /**\n * @dev Calldata version of {verify}\n *\n * _Available since v4.7._\n */\n function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {\n return processProofCalldata(proof, leaf) == root;\n }\n\n /**\n * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up\n * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt\n * hash matches the root of the tree. When processing the proof, the pairs\n * of leafs & pre-images are assumed to be sorted.\n *\n * _Available since v4.4._\n */\n function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Calldata version of {processProof}\n *\n * _Available since v4.7._\n */\n function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i < proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a merkle tree defined by\n * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerify(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProof(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Calldata version of {multiProofVerify}\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function multiProofVerifyCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProofCalldata(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction\n * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another\n * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false\n * respectively.\n *\n * CAUTION: Not all merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree\n * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the\n * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).\n *\n * _Available since v4.7._\n */\n function processMultiProof(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n /**\n * @dev Calldata version of {processMultiProof}.\n *\n * CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.\n *\n * _Available since v4.7._\n */\n function processMultiProofCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 proofLen = proof.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proofLen - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value from the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i < totalHashes; i++) {\n bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i]\n ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])\n : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes > 0) {\n require(proofPos == proofLen, \"MerkleProof: invalid multiproof\");\n unchecked {\n return hashes[totalHashes - 1];\n }\n } else if (leavesLen > 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {\n return a < b ? _efficientHash(a, b) : _efficientHash(b, a);\n }\n\n function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, a)\n mstore(0x20, b)\n value := keccak256(0x00, 0x40)\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/SignatureChecker.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./ECDSA.sol\";\nimport \"../../interfaces/IERC1271.sol\";\n\n/**\n * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA\n * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets like\n * Argent and Gnosis Safe.\n *\n * _Available since v4.1._\n */\nlibrary SignatureChecker {\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the\n * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECDSA.recover`.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {\n (address recovered, ECDSA.RecoverError error) = ECDSA.tryRecover(hash, signature);\n return\n (error == ECDSA.RecoverError.NoError && recovered == signer) ||\n isValidERC1271SignatureNow(signer, hash, signature);\n }\n\n /**\n * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated\n * against the signer smart contract using ERC1271.\n *\n * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus\n * change through time. It could return true at block N and false at block N+1 (or the opposite).\n */\n function isValidERC1271SignatureNow(\n address signer,\n bytes32 hash,\n bytes memory signature\n ) internal view returns (bool) {\n (bool success, bytes memory result) = signer.staticcall(\n abi.encodeWithSelector(IERC1271.isValidSignature.selector, hash, signature)\n );\n return (success &&\n result.length >= 32 &&\n abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/Math.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary Math {\n enum Rounding {\n Down, // Toward negative infinity\n Up, // Toward infinity\n Zero // Toward zero\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two numbers. The result is rounded towards\n * zero.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow.\n return (a & b) + (a ^ b) / 2;\n }\n\n /**\n * @dev Returns the ceiling of the division of two numbers.\n *\n * This differs from standard division with `/` in that it rounds up instead\n * of rounding down.\n */\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b - 1) / b can overflow on addition, so we distribute.\n return a == 0 ? 0 : (a - 1) / b + 1;\n }\n\n /**\n * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0\n * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)\n * with further edits by Uniswap Labs also under MIT license.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n unchecked {\n // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use\n // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n // variables such that product = prod1 * 2^256 + prod0.\n uint256 prod0; // Least significant 256 bits of the product\n uint256 prod1; // Most significant 256 bits of the product\n assembly {\n let mm := mulmod(x, y, not(0))\n prod0 := mul(x, y)\n prod1 := sub(sub(mm, prod0), lt(mm, prod0))\n }\n\n // Handle non-overflow cases, 256 by 256 division.\n if (prod1 == 0) {\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n // The surrounding unchecked block does not change this fact.\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n return prod0 / denominator;\n }\n\n // Make sure the result is less than 2^256. Also prevents denominator == 0.\n require(denominator > prod1, \"Math: mulDiv overflow\");\n\n ///////////////////////////////////////////////\n // 512 by 256 division.\n ///////////////////////////////////////////////\n\n // Make division exact by subtracting the remainder from [prod1 prod0].\n uint256 remainder;\n assembly {\n // Compute remainder using mulmod.\n remainder := mulmod(x, y, denominator)\n\n // Subtract 256 bit number from 512 bit number.\n prod1 := sub(prod1, gt(remainder, prod0))\n prod0 := sub(prod0, remainder)\n }\n\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.\n // See https://cs.stackexchange.com/q/138556/92363.\n\n // Does not overflow because the denominator cannot be zero at this stage in the function.\n uint256 twos = denominator & (~denominator + 1);\n assembly {\n // Divide denominator by twos.\n denominator := div(denominator, twos)\n\n // Divide [prod1 prod0] by twos.\n prod0 := div(prod0, twos)\n\n // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.\n twos := add(div(sub(0, twos), twos), 1)\n }\n\n // Shift in bits from prod1 into prod0.\n prod0 |= prod1 * twos;\n\n // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such\n // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for\n // four bits. That is, denominator * inv = 1 mod 2^4.\n uint256 inverse = (3 * denominator) ^ 2;\n\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works\n // in modular arithmetic, doubling the correct bits in each step.\n inverse *= 2 - denominator * inverse; // inverse mod 2^8\n inverse *= 2 - denominator * inverse; // inverse mod 2^16\n inverse *= 2 - denominator * inverse; // inverse mod 2^32\n inverse *= 2 - denominator * inverse; // inverse mod 2^64\n inverse *= 2 - denominator * inverse; // inverse mod 2^128\n inverse *= 2 - denominator * inverse; // inverse mod 2^256\n\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is\n // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1\n // is no longer required.\n result = prod0 * inverse;\n return result;\n }\n }\n\n /**\n * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.\n */\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n uint256 result = mulDiv(x, y, denominator);\n if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {\n result += 1;\n }\n return result;\n }\n\n /**\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.\n *\n * Inspired by Henry S. Warren, Jr.'s \"Hacker's Delight\" (Chapter 11).\n */\n function sqrt(uint256 a) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n\n // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.\n //\n // We know that the \"msb\" (most significant bit) of our target number `a` is a power of 2 such that we have\n // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.\n //\n // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`\n // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`\n // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`\n //\n // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.\n uint256 result = 1 << (log2(a) >> 1);\n\n // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,\n // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at\n // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision\n // into the expected uint128 result.\n unchecked {\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n result = (result + a / result) >> 1;\n return min(result, a / result);\n }\n }\n\n /**\n * @notice Calculates sqrt(a), following the selected rounding direction.\n */\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = sqrt(a);\n return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 2, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 128;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 64;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 32;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 16;\n }\n if (value >> 8 > 0) {\n value >>= 8;\n result += 8;\n }\n if (value >> 4 > 0) {\n value >>= 4;\n result += 4;\n }\n if (value >> 2 > 0) {\n value >>= 2;\n result += 2;\n }\n if (value >> 1 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log2(value);\n return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 10, rounded down, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >= 10 ** 64) {\n value /= 10 ** 64;\n result += 64;\n }\n if (value >= 10 ** 32) {\n value /= 10 ** 32;\n result += 32;\n }\n if (value >= 10 ** 16) {\n value /= 10 ** 16;\n result += 16;\n }\n if (value >= 10 ** 8) {\n value /= 10 ** 8;\n result += 8;\n }\n if (value >= 10 ** 4) {\n value /= 10 ** 4;\n result += 4;\n }\n if (value >= 10 ** 2) {\n value /= 10 ** 2;\n result += 2;\n }\n if (value >= 10 ** 1) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log10(value);\n return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);\n }\n }\n\n /**\n * @dev Return the log in base 256, rounded down, of a positive value.\n * Returns 0 if given 0.\n *\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n */\n function log256(uint256 value) internal pure returns (uint256) {\n uint256 result = 0;\n unchecked {\n if (value >> 128 > 0) {\n value >>= 128;\n result += 16;\n }\n if (value >> 64 > 0) {\n value >>= 64;\n result += 8;\n }\n if (value >> 32 > 0) {\n value >>= 32;\n result += 4;\n }\n if (value >> 16 > 0) {\n value >>= 16;\n result += 2;\n }\n if (value >> 8 > 0) {\n result += 1;\n }\n }\n return result;\n }\n\n /**\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n * Returns 0 if given 0.\n */\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n unchecked {\n uint256 result = log256(value);\n return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/math/SignedMath.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMath {\n /**\n * @dev Returns the largest of two signed numbers.\n */\n function max(int256 a, int256 b) internal pure returns (int256) {\n return a > b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two signed numbers.\n */\n function min(int256 a, int256 b) internal pure returns (int256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Returns the average of two signed numbers without overflow.\n * The result is rounded towards zero.\n */\n function average(int256 a, int256 b) internal pure returns (int256) {\n // Formula from the book \"Hacker's Delight\"\n int256 x = (a & b) + ((a ^ b) >> 1);\n return x + (int256(uint256(x) >> 255) & (a ^ b));\n }\n\n /**\n * @dev Returns the absolute unsigned value of a signed value.\n */\n function abs(int256 n) internal pure returns (uint256) {\n unchecked {\n // must be unchecked in order to support `n = type(int256).min`\n return uint256(n >= 0 ? n : -n);\n }\n }\n}\n" + }, + "@openzeppelin/contracts/utils/Strings.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./math/Math.sol\";\nimport \"./math/SignedMath.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n unchecked {\n uint256 length = Math.log10(value) + 1;\n string memory buffer = new string(length);\n uint256 ptr;\n /// @solidity memory-safe-assembly\n assembly {\n ptr := add(buffer, add(32, length))\n }\n while (true) {\n ptr--;\n /// @solidity memory-safe-assembly\n assembly {\n mstore8(ptr, byte(mod(value, 10), _SYMBOLS))\n }\n value /= 10;\n if (value == 0) break;\n }\n return buffer;\n }\n }\n\n /**\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\n */\n function toString(int256 value) internal pure returns (string memory) {\n return string(abi.encodePacked(value < 0 ? \"-\" : \"\", toString(SignedMath.abs(value))));\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n unchecked {\n return toHexString(value, Math.log256(value) + 1);\n }\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i > 1; --i) {\n buffer[i] = _SYMBOLS[value & 0xf];\n value >>= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n\n /**\n * @dev Returns true if the two strings are equal.\n */\n function equal(string memory a, string memory b) internal pure returns (bool) {\n return keccak256(bytes(a)) == keccak256(bytes(b));\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: AGPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\nimport \"@openzeppelin/contracts/access/Ownable.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"./MerkleDistributorInterface.sol\";\n\n/**\n * Inspired by:\n * - https://github.com/pie-dao/vested-token-migration-app\n * - https://github.com/Uniswap/merkle-distributor\n * - https://github.com/balancer-labs/erc20-redeemable\n *\n * @title MerkleDistributor contract.\n * @notice Allows an owner to distribute any reward ERC20 to claimants according to Merkle roots. The owner can specify\n * multiple Merkle roots distributions with customized reward currencies.\n * @dev The Merkle trees are not validated in any way, so the system assumes the contract owner behaves honestly.\n */\ncontract MerkleDistributor is MerkleDistributorInterface, Ownable {\n using SafeERC20 for IERC20;\n\n // Windows are mapped to arbitrary indices.\n mapping(uint256 => Window) public merkleWindows;\n\n // Index of next created Merkle root.\n uint256 public nextCreatedIndex;\n\n // Track which accounts have claimed for each window index.\n // Note: uses a packed array of bools for gas optimization on tracking certain claims. Copied from Uniswap's contract.\n mapping(uint256 => mapping(uint256 => uint256)) private claimedBitMap;\n\n /****************************************\n * EVENTS\n ****************************************/\n event Claimed(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n event CreatedWindow(\n uint256 indexed windowIndex,\n uint256 rewardsDeposited,\n address indexed rewardToken,\n address owner\n );\n event WithdrawRewards(address indexed owner, uint256 amount, address indexed currency);\n event DeleteWindow(uint256 indexed windowIndex, address owner);\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Set merkle root for the next available window index and seed allocations.\n * @notice Callable only by owner of this contract. Caller must have approved this contract to transfer\n * `rewardsToDeposit` amount of `rewardToken` or this call will fail. Importantly, we assume that the\n * owner of this contract correctly chooses an amount `rewardsToDeposit` that is sufficient to cover all\n * claims within the `merkleRoot`.\n * @param rewardsToDeposit amount of rewards to deposit to seed this allocation.\n * @param rewardToken ERC20 reward token.\n * @param merkleRoot merkle root describing allocation.\n * @param ipfsHash hash of IPFS object, conveniently stored for clients\n */\n function setWindow(\n uint256 rewardsToDeposit,\n address rewardToken,\n bytes32 merkleRoot,\n string calldata ipfsHash\n ) external onlyOwner {\n uint256 indexToSet = nextCreatedIndex;\n nextCreatedIndex = indexToSet + 1;\n\n _setWindow(indexToSet, rewardsToDeposit, rewardToken, merkleRoot, ipfsHash);\n }\n\n /**\n * @notice Delete merkle root at window index.\n * @dev Callable only by owner. Likely to be followed by a withdrawRewards call to clear contract state.\n * @param windowIndex merkle root index to delete.\n */\n function deleteWindow(uint256 windowIndex) external onlyOwner {\n delete merkleWindows[windowIndex];\n emit DeleteWindow(windowIndex, msg.sender);\n }\n\n /**\n * @notice Emergency method that transfers rewards out of the contract if the contract was configured improperly.\n * @dev Callable only by owner.\n * @param rewardCurrency rewards to withdraw from contract.\n * @param amount amount of rewards to withdraw.\n */\n function withdrawRewards(IERC20 rewardCurrency, uint256 amount) external onlyOwner {\n rewardCurrency.safeTransfer(msg.sender, amount);\n emit WithdrawRewards(msg.sender, amount, address(rewardCurrency));\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev Optimistically tries to batch together consecutive claims for the same account and same\n * reward token to reduce gas. Therefore, the most gas-cost-optimal way to use this method\n * is to pass in an array of claims sorted by account and reward currency. It also reverts\n * when any of individual `_claim`'s `amount` exceeds `remainingAmount` for its window.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public virtual override {\n uint256 batchedAmount;\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n Claim memory _claim = claims[i];\n _verifyAndMarkClaimed(_claim);\n batchedAmount += _claim.amount;\n\n // If the next claim is NOT the same account or the same token (or this claim is the last one),\n // then disburse the `batchedAmount` to the current claim's account for the current claim's reward token.\n uint256 nextI = i + 1;\n IERC20 currentRewardToken = merkleWindows[_claim.windowIndex].rewardToken;\n if (\n nextI == claimCount ||\n // This claim is last claim.\n claims[nextI].account != _claim.account ||\n // Next claim account is different than current one.\n merkleWindows[claims[nextI].windowIndex].rewardToken != currentRewardToken\n // Next claim reward token is different than current one.\n ) {\n currentRewardToken.safeTransfer(_claim.account, batchedAmount);\n batchedAmount = 0;\n }\n }\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev If the `_claim`'s `amount`, `accountIndex`, and `account` do not exactly match the\n * values stored in the merkle root for the `_claim`'s `windowIndex` this method\n * will revert. It also reverts when `_claim`'s `amount` exceeds `remainingAmount` for the window.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public virtual override {\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(_claim.account, _claim.amount);\n }\n\n /**\n * @notice Returns True if the claim for `accountIndex` has already been completed for the Merkle root at\n * `windowIndex`.\n * @dev This method will only work as intended if all `accountIndex`'s are unique for a given `windowIndex`.\n * The onus is on the Owner of this contract to submit only valid Merkle roots.\n * @param windowIndex merkle root to check.\n * @param accountIndex account index to check within window index.\n * @return True if claim has been executed already, False otherwise.\n */\n function isClaimed(uint256 windowIndex, uint256 accountIndex) public view returns (bool) {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n uint256 claimedWord = claimedBitMap[windowIndex][claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Returns rewardToken set by admin for windowIndex.\n * @param windowIndex merkle root to check.\n * @return address Reward token address\n */\n function getRewardTokenForWindow(uint256 windowIndex) public view override returns (address) {\n return address(merkleWindows[windowIndex].rewardToken);\n }\n\n /**\n * @notice Returns True if leaf described by {account, amount, accountIndex} is stored in Merkle root at given\n * window index.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n * @return valid True if leaf exists.\n */\n function verifyClaim(Claim memory _claim) public view returns (bool valid) {\n bytes32 leaf = keccak256(abi.encodePacked(_claim.account, _claim.amount, _claim.accountIndex));\n return MerkleProof.verify(_claim.merkleProof, merkleWindows[_claim.windowIndex].merkleRoot, leaf);\n }\n\n /****************************\n * PRIVATE FUNCTIONS\n ****************************/\n\n // Mark claim as completed for `accountIndex` for Merkle root at `windowIndex`.\n function _setClaimed(uint256 windowIndex, uint256 accountIndex) private {\n uint256 claimedWordIndex = accountIndex / 256;\n uint256 claimedBitIndex = accountIndex % 256;\n claimedBitMap[windowIndex][claimedWordIndex] =\n claimedBitMap[windowIndex][claimedWordIndex] |\n (1 << claimedBitIndex);\n }\n\n // Store new Merkle root at `windowindex`. Pull `rewardsDeposited` from caller to seed distribution for this root.\n function _setWindow(\n uint256 windowIndex,\n uint256 rewardsDeposited,\n address rewardToken,\n bytes32 merkleRoot,\n string memory ipfsHash\n ) private {\n Window storage window = merkleWindows[windowIndex];\n window.merkleRoot = merkleRoot;\n window.remainingAmount = rewardsDeposited;\n window.rewardToken = IERC20(rewardToken);\n window.ipfsHash = ipfsHash;\n\n emit CreatedWindow(windowIndex, rewardsDeposited, rewardToken, msg.sender);\n\n window.rewardToken.safeTransferFrom(msg.sender, address(this), rewardsDeposited);\n }\n\n // Verify claim is valid and mark it as completed in this contract.\n function _verifyAndMarkClaimed(Claim memory _claim) internal {\n // Check claimed proof against merkle window at given index.\n require(verifyClaim(_claim), \"Incorrect merkle proof\");\n // Check the account has not yet claimed for this window.\n require(!isClaimed(_claim.windowIndex, _claim.accountIndex), \"Account has already claimed for this window\");\n\n // Proof is correct and claim has not occurred yet, mark claimed complete.\n _setClaimed(_claim.windowIndex, _claim.accountIndex);\n merkleWindows[_claim.windowIndex].remainingAmount -= _claim.amount;\n emit Claimed(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "@uma/core/contracts/merkle-distributor/implementation/MerkleDistributorInterface.sol": { + "content": "// SPDX-License-Identifier: GPL-3.0-only\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in MerkleDistributor implementation that would be called by\n * a consuming external contract (such as the Across Protocol's AcceleratingDistributor).\n */\ninterface MerkleDistributorInterface {\n // A Window maps a Merkle root to a reward token address.\n struct Window {\n // Merkle root describing the distribution.\n bytes32 merkleRoot;\n // Remaining amount of deposited rewards that have not yet been claimed.\n uint256 remainingAmount;\n // Currency in which reward is processed.\n IERC20 rewardToken;\n // IPFS hash of the merkle tree. Can be used to independently fetch recipient proofs and tree. Note that the canonical\n // data type for storing an IPFS hash is a multihash which is the concatenation of \n // . We opted to store this in a string type to make it easier\n // for users to query the ipfs data without needing to reconstruct the multihash. to view the IPFS data simply\n // go to https://cloudflare-ipfs.com/ipfs/.\n string ipfsHash;\n }\n\n // Represents an account's claim for `amount` within the Merkle root located at the `windowIndex`.\n struct Claim {\n uint256 windowIndex;\n uint256 amount;\n uint256 accountIndex; // Used only for bitmap. Assumed to be unique for each claim.\n address account;\n bytes32[] merkleProof;\n }\n\n function claim(Claim memory _claim) external;\n\n function claimMulti(Claim[] memory claims) external;\n\n function getRewardTokenForWindow(uint256 windowIndex) external view returns (address);\n}\n" + }, + "contracts/Arbitrum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\ninterface StandardBridgeLike {\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n bytes calldata _data\n ) external payable returns (bytes memory);\n}\n\n/**\n * @notice AVM specific SpokePool. Uses AVM cross-domain-enabled logic to implement admin only access to functions.\n */\ncontract Arbitrum_SpokePool is SpokePool {\n // Address of the Arbitrum L2 token gateway to send funds to L1.\n address public l2GatewayRouter;\n\n // Admin controlled mapping of arbitrum tokens to L1 counterpart. L1 counterpart addresses\n // are necessary params used when bridging tokens to L1.\n mapping(address => address) public whitelistedTokens;\n\n event ArbitrumTokensBridged(address indexed l1Token, address target, uint256 numberOfTokensBridged);\n event SetL2GatewayRouter(address indexed newL2GatewayRouter);\n event WhitelistedTokens(address indexed l2Token, address indexed l1Token);\n\n /**\n * @notice Construct the AVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _l2GatewayRouter Address of L2 token gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _l2GatewayRouter,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setL2GatewayRouter(_l2GatewayRouter);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ARBITRUM-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 gateway router. Callable only by admin.\n * @param newL2GatewayRouter New L2 gateway router.\n */\n function setL2GatewayRouter(address newL2GatewayRouter) public onlyAdmin nonReentrant {\n _setL2GatewayRouter(newL2GatewayRouter);\n }\n\n /**\n * @notice Add L2 -> L1 token mapping. Callable only by admin.\n * @param l2Token Arbitrum token.\n * @param l1Token Ethereum version of l2Token.\n */\n function whitelistToken(address l2Token, address l1Token) public onlyAdmin nonReentrant {\n _whitelistToken(l2Token, l1Token);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // Check that the Ethereum counterpart of the L2 token is stored on this contract.\n address ethereumTokenToBridge = whitelistedTokens[relayerRefundLeaf.l2TokenAddress];\n require(ethereumTokenToBridge != address(0), \"Uninitialized mainnet token\");\n //slither-disable-next-line unused-return\n StandardBridgeLike(l2GatewayRouter).outboundTransfer(\n ethereumTokenToBridge, // _l1Token. Address of the L1 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 hub pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n emit ArbitrumTokensBridged(address(0), hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setL2GatewayRouter(address _l2GatewayRouter) internal {\n l2GatewayRouter = _l2GatewayRouter;\n emit SetL2GatewayRouter(l2GatewayRouter);\n }\n\n function _whitelistToken(address _l2Token, address _l1Token) internal {\n whitelistedTokens[_l2Token] = _l1Token;\n emit WhitelistedTokens(_l2Token, _l1Token);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://developer.offchainlabs.com/docs/l1_l2_messages#address-aliasing for more information.\n // This cannot be pulled directly from Arbitrum contracts because their contracts are not 0.8.X compatible and\n // this operation takes advantage of overflows, whose behavior changed in 0.8.0.\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n // Allows overflows as explained above.\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n // Apply AVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + }, + "contracts/chain-adapters/Arbitrum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Arbitrum's L1 Inbox contract used to send messages to Arbitrum.\n */\ninterface ArbitrumL1InboxLike {\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @dev Caller must set msg.value equal to at least `maxSubmissionCost + maxGas * gasPriceBid`.\n * all msg.value will deposited to callValueRefundAddress on L2\n * @dev More details can be found here: https://developer.arbitrum.io/arbos/l1-to-l2-messaging\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function createRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n\n /**\n * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts\n * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed\n * funds come from the deposit alone, rather than falling back on the user's L2 balance\n * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).\n * createRetryableTicket method is the recommended standard.\n * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error\n * @param to destination L2 contract address\n * @param l2CallValue call value for retryable L2 message\n * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee\n * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance\n * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)\n * @param data ABI encoded data of L2 message\n * @return unique message number of the retryable transaction\n */\n function unsafeCreateRetryableTicket(\n address to,\n uint256 l2CallValue,\n uint256 maxSubmissionCost,\n address excessFeeRefundAddress,\n address callValueRefundAddress,\n uint256 gasLimit,\n uint256 maxFeePerGas,\n bytes calldata data\n ) external payable returns (uint256);\n}\n\n/**\n * @notice Layer 1 Gateway contract for bridging standard ERC20s to Arbitrum.\n */\ninterface ArbitrumL1ERC20GatewayLike {\n /**\n * @notice Deprecated in favor of outboundTransferCustomRefund but still used in custom bridges\n * like the DAI bridge.\n * @dev Refunded to aliased L2 address of sender if sender has code on L1, otherwise to to sender's EOA on L2.\n * @param _l1Token L1 address of ERC20\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransfer(\n address _l1Token,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice Deposit ERC20 token from Ethereum into Arbitrum.\n * @dev L2 address alias will not be applied to the following types of addresses on L1:\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * @param _l1Token L1 address of ERC20\n * @param _refundTo Account, or its L2 alias if it have code in L1, to be credited with excess gas refund in L2\n * @param _to Account to be credited with the tokens in the L2 (can be the user's L2 account or a contract),\n * not subject to L2 aliasing. This account, or its L2 alias if it have code in L1, will also be able to\n * cancel the retryable ticket and receive callvalue refund\n * @param _amount Token Amount\n * @param _maxGas Max gas deducted from user's L2 balance to cover L2 execution\n * @param _gasPriceBid Gas price for L2 execution\n * @param _data encoded data from router and user\n * @return res abi encoded inbox sequence number\n */\n function outboundTransferCustomRefund(\n address _l1Token,\n address _refundTo,\n address _to,\n uint256 _amount,\n uint256 _maxGas,\n uint256 _gasPriceBid,\n bytes calldata _data\n ) external payable returns (bytes memory);\n\n /**\n * @notice get ERC20 gateway for token.\n * @param _token ERC20 address.\n * @return address of ERC20 gateway.\n */\n function getGateway(address _token) external view returns (address);\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Arbitrum.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public constant l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public constant l2GasPrice = 5e9; // 5 gWei\n\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n uint32 public constant RELAY_MESSAGE_L2_GAS_LIMIT = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(\n ArbitrumL1InboxLike _l1ArbitrumInbox,\n ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter,\n address _l2RefundL2Address\n ) {\n l1Inbox = _l1ArbitrumInbox;\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send cross-chain message to target on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param target Contract on Arbitrum that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_MESSAGE_L2_GAS_LIMIT);\n\n l1Inbox.createRetryableTicket{ value: requiredL1CallValue }(\n target, // destAddr destination L2 contract address\n 0, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n RELAY_MESSAGE_L2_GAS_LIMIT, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n message // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for Arbitrum.\n uint256 amount,\n address to\n ) external payable override {\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance(RELAY_TOKENS_L2_GAS_LIMIT);\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n // Note: Legacy routers don't have the outboundTransferCustomRefund method, so default to using\n // outboundTransfer(). Legacy routers are used for the following tokens that are currently enabled:\n // - DAI: the implementation of `outboundTransfer` at the current DAI custom gateway\n // (https://etherscan.io/address/0xD3B5b60020504bc3489D6949d545893982BA3011#writeContract) sets the\n // sender as the refund address so the aliased HubPool should receive excess funds. Implementation here:\n // https://github.com/makerdao/arbitrum-dai-bridge/blob/11a80385e2622968069c34d401b3d54a59060e87/contracts/l1/L1DaiGateway.sol#L109\n if (l1Token == 0x6B175474E89094C44Da98b954EedeAC495271d0F) {\n // This means that the excess ETH to pay for the L2 transaction will be sent to the aliased\n // contract address on L2, which we'd have to retrieve via a custom adapter, the Arbitrum_RescueAdapter.\n // To do so, in a single transaction: 1) setCrossChainContracts to Arbitrum_RescueAdapter, 2) relayMessage\n // with function data = abi.encode(amountToRescue), 3) setCrossChainContracts back to this adapter.\n l1ERC20GatewayRouter.outboundTransfer{ value: requiredL1CallValue }(\n l1Token,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n } else {\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n to,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue(uint32 l2GasLimit) public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance(uint32 l2GasLimit) internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue(l2GasLimit);\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"./Arbitrum_Adapter.sol\"; // Used to import `ArbitrumL1ERC20GatewayLike` and `ArbitrumL1InboxLike`\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Meant to copy the Arbitrum_Adapter exactly in how it sends L1 --> L2 messages but is designed only to be\n * used by the owner of the HubPool to retrieve ETH held by its aliased address on L2. This ETH builds up because\n * `relayTokens` calls `l1ERC20GatewayRouter.outboundTransfer` which does not allow the caller to specify an L2 refund\n * address the same way that `l1Inbox.createRetryableTicket` does. This means that the alias address of the caller, the\n * HubPool in this case, receives ETH on L2. This Adapter can be used to send messages to Arbitrum specifically to send\n * transactions as if called by the aliased HubPool address.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // Amount of ETH allocated to pay for the base submission fee. The base submission fee is a parameter unique to\n // retryable transactions; the user is charged the base submission fee to cover the storage costs of keeping their\n // ticket’s calldata in the retry buffer. (current base submission fee is queryable via\n // ArbRetryableTx.getSubmissionPrice). ArbRetryableTicket precompile interface exists at L2 address\n // 0x000000000000000000000000000000000000006E.\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n\n // L2 Gas price bid for immediate L2 execution attempt (queryable via standard eth*gasPrice RPC)\n uint256 public immutable l2GasPrice = 5e9; // 5 gWei\n\n // Gas limit for immediate L2 execution attempt (can be estimated via NodeInterface.estimateRetryableTicket).\n // NodeInterface precompile interface exists at L2 address 0x00000000000000000000000000000000000000C8\n uint32 public immutable l2GasLimit = 2_000_000;\n\n // This address on L2 receives extra ETH that is left over after relaying a message via the inbox.\n address public immutable l2RefundL2Address;\n\n // L1 HubPool address aliased on L2: https://github.com/OffchainLabs/arbitrum/blob/master/docs/L1_L2_Messages.md#address-aliasing\n address public immutable aliasedL2HubPoolAddress = 0xd297fA914353c44B2e33EBE05F21846f1048CFeB;\n\n ArbitrumL1InboxLike public immutable l1Inbox;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ArbitrumInbox Inbox helper contract to send messages to Arbitrum.\n */\n constructor(ArbitrumL1InboxLike _l1ArbitrumInbox) {\n l1Inbox = _l1ArbitrumInbox;\n\n l2RefundL2Address = msg.sender;\n }\n\n /**\n * @notice Send cross-chain message to aliased hub pool address on Arbitrum.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message via the Inbox\n * successfully, or the message will get stuck.\n * @param message Data to send to aliased hub pool.\n */\n function relayMessage(address, bytes memory message) external payable override {\n uint256 valueToReturn = abi.decode(message, (uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // In the rescue ETH setup, we send the transaction to the refund address, we provide a call value equal to the\n // amount we want to rescue, and we specify an empty calldata, since it's a simple ETH transfer.\n // Note: we use the unsafe version of createRetryableTicket because it doesn't require the msg.sender to pass\n // in arbTxCallValue in addition to maxSubmissionCost + maxGas * gasPriceBid.\n l1Inbox.unsafeCreateRetryableTicket{ value: requiredL1CallValue }(\n l2RefundL2Address, // destAddr destination L2 contract address\n valueToReturn, // l2CallValue call value for retryable L2 message\n l2MaxSubmissionCost, // maxSubmissionCost Max gas deducted from user's L2 balance to cover base fee\n l2RefundL2Address, // excessFeeRefundAddress maxgas * gasprice - execution cost gets credited here on L2\n l2RefundL2Address, // callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled\n l2GasLimit, // maxGas Max gas deducted from user's L2 balance to cover L2 execution\n l2GasPrice, // gasPriceBid price bid for L2 execution\n \"\" // data ABI encoded data of L2 message\n );\n\n emit MessageRelayed(aliasedL2HubPoolAddress, \"\");\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"useless function\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * l2GasLimit;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Arbitrum_SendTokensAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport { ArbitrumL1ERC20GatewayLike } from \"./Arbitrum_Adapter.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to send funds from the Hub to a Spoke in the event that a spoke pool\n * received a duplicate root bundle relay, due to some replay issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Arbitrum_SendTokensAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n uint256 public immutable l2MaxSubmissionCost = 0.01e18;\n uint256 public immutable l2GasPrice = 5e9;\n uint32 public constant RELAY_TOKENS_L2_GAS_LIMIT = 300_000;\n\n ArbitrumL1ERC20GatewayLike public immutable l1ERC20GatewayRouter;\n address public immutable l2RefundL2Address;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1ERC20GatewayRouter ERC20 gateway router contract to send tokens to Arbitrum.\n * @param _l2RefundL2Address L2 address to receive gas refunds on after a message is relayed.\n */\n constructor(ArbitrumL1ERC20GatewayLike _l1ERC20GatewayRouter, address _l2RefundL2Address) {\n l1ERC20GatewayRouter = _l1ERC20GatewayRouter;\n l2RefundL2Address = _l2RefundL2Address;\n }\n\n /**\n * @notice Send tokens to SpokePool. Enables HubPool admin to call relaySpokePoolAdminFunction that will trigger\n * this function.\n * @dev This performs similar logic to relayTokens in the normal Arbitrum_Adapter by sending tokens\n * the Arbitrum_SpokePool out of the HubPool.\n * @param message The encoded address of the ERC20 to send to the rescue address.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n (address l1Token, uint256 amount) = abi.decode(message, (address, uint256));\n\n uint256 requiredL1CallValue = _contractHasSufficientEthBalance();\n\n // Approve the gateway, not the router, to spend the hub pool's balance. The gateway, which is different\n // per L1 token, will temporarily escrow the tokens to be bridged and pull them from this contract.\n address erc20Gateway = l1ERC20GatewayRouter.getGateway(l1Token);\n IERC20(l1Token).safeIncreaseAllowance(erc20Gateway, amount);\n\n // `outboundTransfer` expects that the caller includes a bytes message as the last param that includes the\n // maxSubmissionCost to use when creating an L2 retryable ticket: https://github.com/OffchainLabs/arbitrum/blob/e98d14873dd77513b569771f47b5e05b72402c5e/packages/arb-bridge-peripherals/contracts/tokenbridge/ethereum/gateway/L1GatewayRouter.sol#L232\n bytes memory data = abi.encode(l2MaxSubmissionCost, \"\");\n\n l1ERC20GatewayRouter.outboundTransferCustomRefund{ value: requiredL1CallValue }(\n l1Token,\n l2RefundL2Address,\n target,\n amount,\n RELAY_TOKENS_L2_GAS_LIMIT,\n l2GasPrice,\n data\n );\n\n // Purposefully not emitting any events so as not to confuse off-chain monitors that track this event.\n // emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n\n /**\n * @notice Returns required amount of ETH to send a message via the Inbox.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public pure returns (uint256) {\n return l2MaxSubmissionCost + l2GasPrice * RELAY_TOKENS_L2_GAS_LIMIT;\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/chain-adapters/Base_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Base. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Base_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Base system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Base.\n * @param target Contract on Base that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Base.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Boba_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Boba. This is a modified version of the Optimism adapter\n * that excludes the custom bridging logic.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Boba_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 2_000_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Boba system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Boba.\n * @param target Contract on Boba that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Boba.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n IL1StandardBridge _l1StandardBridge = l1StandardBridge;\n\n IERC20(l1Token).safeIncreaseAllowance(address(_l1StandardBridge), amount);\n _l1StandardBridge.depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/CrossDomainEnabled.sol": { + "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.0;\n\n/* Interface Imports */\nimport { ICrossDomainMessenger } from \"@eth-optimism/contracts/libraries/bridge/ICrossDomainMessenger.sol\";\n\n/**\n * @title CrossDomainEnabled\n * @dev Helper contract for contracts performing cross-domain communications between L1 and Optimism.\n * @dev This modifies the eth-optimism/CrossDomainEnabled contract only by changing state variables to be\n * immutable for use in contracts like the Optimism_Adapter which use delegateCall().\n */\ncontract CrossDomainEnabled {\n // Messenger contract used to send and recieve messages from the other domain.\n address public immutable messenger;\n\n /**\n * @param _messenger Address of the CrossDomainMessenger on the current layer.\n */\n constructor(address _messenger) {\n messenger = _messenger;\n }\n\n /**\n * Enforces that the modified function is only callable by a specific cross-domain account.\n * @param _sourceDomainAccount The only account on the originating domain which is\n * authenticated to call this function.\n */\n modifier onlyFromCrossDomainAccount(address _sourceDomainAccount) {\n require(msg.sender == address(getCrossDomainMessenger()), \"invalid cross domain messenger\");\n\n require(\n getCrossDomainMessenger().xDomainMessageSender() == _sourceDomainAccount,\n \"invalid cross domain sender\"\n );\n\n _;\n }\n\n /**\n * Gets the messenger, usually from storage. This function is exposed in case a child contract\n * needs to override.\n * @return The address of the cross-domain messenger contract which should be used.\n */\n function getCrossDomainMessenger() internal virtual returns (ICrossDomainMessenger) {\n return ICrossDomainMessenger(messenger);\n }\n\n /**\n * Sends a message to an account on another domain\n * @param _crossDomainTarget The intended recipient on the destination domain\n * @param _message The data to send to the target (usually calldata to a function with\n * onlyFromCrossDomainAccount())\n * @param _gasLimit The gasLimit for the receipt of the message on the target domain.\n */\n function sendCrossDomainMessage(\n address _crossDomainTarget,\n uint32 _gasLimit,\n bytes calldata _message\n ) internal {\n // slither-disable-next-line reentrancy-events, reentrancy-benign\n getCrossDomainMessenger().sendMessage(_crossDomainTarget, _message, _gasLimit);\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Contract containing logic to send messages from L1 to Ethereum SpokePool.\n * @notice This contract should always be deployed on the same chain as the HubPool, as it acts as a pass-through\n * contract between HubPool and SpokePool on the same chain. Its named \"Ethereum_Adapter\" because a core assumption\n * is that the HubPool will be deployed on Ethereum, so this adapter will be used to communicate between HubPool\n * and the Ethereum_SpokePool.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n /**\n * @notice Send message to target on Ethereum.\n * @notice This function, and contract overall, is not useful in practice except that the HubPool\n * expects to interact with the SpokePool via an Adapter, so when communicating to the Ethereum_SpokePool, it must\n * send messages via this pass-through contract.\n * @param target Contract that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n _executeCall(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Send tokens to target.\n * @param l1Token L1 token to send.\n * @param l2Token Unused parameter in this contract.\n * @param amount Amount of L1 tokens to send.\n * @param to recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused for ethereum since we are assuming that the HubPool is only deployed\n // on this network.\n uint256 amount,\n address to\n ) external payable override {\n IERC20(l1Token).safeTransfer(to, amount);\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n\n // Note: this snippet of code is copied from Governor.sol. Source: https://github.com/UMAprotocol/protocol/blob/5b37ea818a28479c01e458389a83c3e736306b17/packages/core/contracts/oracle/implementation/Governor.sol#L190-L207\n function _executeCall(address to, bytes memory data) private {\n // Note: this snippet of code is copied from Governor.sol and modified to not include any \"value\" field.\n\n bool success;\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let inputData := add(data, 0x20)\n let inputDataSize := mload(data)\n // Hardcode value to be 0 for relayed governance calls in order to avoid addressing complexity of bridging\n // value cross-chain.\n success := call(gas(), to, 0, inputData, inputDataSize, 0, 0)\n }\n require(success, \"execute call failed\");\n }\n}\n" + }, + "contracts/chain-adapters/Ethereum_RescueAdapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice This adapter is built for emergencies to rescue funds from a Hub in the event of a misconfiguration or\n * security issue.\n */\n// solhint-disable-next-line contract-name-camelcase\ncontract Ethereum_RescueAdapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n address public immutable rescueAddress;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rescueAddress Rescue address to send funds to.\n */\n constructor(address _rescueAddress) {\n rescueAddress = _rescueAddress;\n }\n\n /**\n * @notice Rescues the tokens from the calling contract.\n * @param message The encoded address of the ERC20 to send to the rescue addres.\n */\n function relayMessage(address, bytes memory message) external payable override {\n IERC20 tokenAddress = IERC20(abi.decode(message, (address)));\n\n // Transfer full balance of tokens to the rescue address.\n tokenAddress.safeTransfer(rescueAddress, tokenAddress.balanceOf(address(this)));\n }\n\n /**\n * @notice Should never be called.\n */\n function relayTokens(\n address,\n address,\n uint256,\n address\n ) external payable override {\n revert(\"relayTokens disabled\");\n }\n}\n" + }, + "contracts/chain-adapters/interfaces/AdapterInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Sends cross chain messages and tokens to contracts on a specific L2 network.\n * This interface is implemented by an adapter contract that is deployed on L1.\n */\n\ninterface AdapterInterface {\n event MessageRelayed(address target, bytes message);\n\n event TokensRelayed(address l1Token, address l2Token, uint256 amount, address to);\n\n /**\n * @notice Send message to `target` on L2.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param target L2 address to send message to.\n * @param message Message to send to `target`.\n */\n function relayMessage(address target, bytes calldata message) external payable;\n\n /**\n * @notice Send `amount` of `l1Token` to `to` on L2. `l2Token` is the L2 address equivalent of `l1Token`.\n * @dev This method is marked payable because relaying the message might require a fee\n * to be paid by the sender to forward the message to L2. However, it will not send msg.value\n * to the target contract on L2.\n * @param l1Token L1 token to bridge.\n * @param l2Token L2 token to receive.\n * @param amount Amount of `l1Token` to bridge.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable;\n}\n" + }, + "contracts/chain-adapters/Optimism_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\n// @dev Use local modified CrossDomainEnabled contract instead of one exported by eth-optimism because we need\n// this contract's state variables to be `immutable` because of the delegateCall call.\nimport \"./CrossDomainEnabled.sol\";\nimport \"@eth-optimism/contracts/L1/messaging/IL1StandardBridge.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Interface for Synthetix custom bridge to Optimism.\n */\ninterface SynthetixBridgeToOptimism is IL1StandardBridge {\n /**\n * @notice Send tokens to Optimism.\n * @param to Address to send tokens to on L2.\n * @param amount Amount of tokens to send.\n */\n function depositTo(address to, uint256 amount) external;\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to Optimism.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore it's only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Optimism_Adapter is CrossDomainEnabled, AdapterInterface {\n using SafeERC20 for IERC20;\n uint32 public immutable l2GasLimit = 200_000;\n\n WETH9Interface public immutable l1Weth;\n\n IL1StandardBridge public immutable l1StandardBridge;\n\n // Optimism has the ability to support \"custom\" bridges. These bridges are not supported by the canonical bridge\n // and so we need to store the address of the custom token and the associated bridge. In the event we want to\n // support a new token that is not supported by Optimism, we can add a new custom bridge for it and re-deploy the\n // adapter. A full list of custom optimism tokens and their associated bridges can be found here:\n // https://github.com/ethereum-optimism/ethereum-optimism.github.io/blob/master/optimism.tokenlist.json\n address public immutable dai = 0x6B175474E89094C44Da98b954EedeAC495271d0F;\n address public immutable daiOptimismBridge = 0x10E6593CDda8c58a1d0f14C5164B376352a55f2F;\n address public immutable snx = 0xC011a73ee8576Fb46F5E1c5751cA3B9Fe0af2a6F;\n address public immutable snxOptimismBridge = 0x39Ea01a0298C315d149a490E34B59Dbf2EC7e48F;\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _crossDomainMessenger XDomainMessenger Optimism system contract.\n * @param _l1StandardBridge Standard bridge contract.\n */\n constructor(\n WETH9Interface _l1Weth,\n address _crossDomainMessenger,\n IL1StandardBridge _l1StandardBridge\n ) CrossDomainEnabled(_crossDomainMessenger) {\n l1Weth = _l1Weth;\n l1StandardBridge = _l1StandardBridge;\n }\n\n /**\n * @notice Send cross-chain message to target on Optimism.\n * @param target Contract on Optimism that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes calldata message) external payable override {\n sendCrossDomainMessage(target, uint32(l2GasLimit), message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Optimism.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n l1StandardBridge.depositETHTo{ value: amount }(to, l2GasLimit, \"\");\n } else {\n address bridgeToUse = address(l1StandardBridge);\n\n // Check if the L1 token requires a custom bridge. If so, use that bridge over the standard bridge.\n if (l1Token == dai) bridgeToUse = daiOptimismBridge; // 1. DAI\n if (l1Token == snx) bridgeToUse = snxOptimismBridge; // 2. SNX\n\n IERC20(l1Token).safeIncreaseAllowance(bridgeToUse, amount);\n if (l1Token == snx) SynthetixBridgeToOptimism(bridgeToUse).depositTo(to, amount);\n else IL1StandardBridge(bridgeToUse).depositERC20To(l1Token, l2Token, to, amount, l2GasLimit, \"\");\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/Polygon_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\n/**\n * @notice Send tokens to Polygon.\n */\ninterface IRootChainManager {\n /**\n * @notice Send msg.value of ETH to Polygon\n * @param user Recipient of ETH on Polygon.\n */\n function depositEtherFor(address user) external payable;\n\n /**\n * @notice Send ERC20 tokens to Polygon.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param rootToken L1 Address of token to send.\n * @param depositData Data to pass to L2 including amount of tokens to send. Should be abi.encode(amount).\n */\n function depositFor(\n address user,\n address rootToken,\n bytes calldata depositData\n ) external;\n}\n\n/**\n * @notice Send arbitrary messages to Polygon.\n */\ninterface IFxStateSender {\n /**\n * @notice Send arbitrary message to Polygon.\n * @param _receiver Address on Polygon to receive message.\n * @param _data Message to send to `_receiver` on Polygon.\n */\n function sendMessageToChild(address _receiver, bytes calldata _data) external;\n}\n\n/**\n * @notice Similar to RootChainManager, but for Matic (Plasma) bridge.\n */\ninterface DepositManager {\n /**\n * @notice Send tokens to Polygon. Only used to send MATIC in this Polygon_Adapter.\n * @param token L1 token to send. Should be MATIC.\n * @param user Recipient of L2 equivalent tokens on Polygon.\n * @param amount Amount of `token` to send.\n */\n function depositERC20ForUser(\n address token,\n address user,\n uint256 amount\n ) external;\n}\n\n/**\n * @notice Sends cross chain messages Polygon L2 network.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract Polygon_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n IRootChainManager public immutable rootChainManager;\n IFxStateSender public immutable fxStateSender;\n DepositManager public immutable depositManager;\n address public immutable erc20Predicate;\n address public immutable l1Matic;\n WETH9Interface public immutable l1Weth;\n\n /**\n * @notice Constructs new Adapter.\n * @param _rootChainManager RootChainManager Polygon system contract to deposit tokens over the PoS bridge.\n * @param _fxStateSender FxStateSender Polygon system contract to send arbitrary messages to L2.\n * @param _depositManager DepositManager Polygon system contract to deposit tokens over the Plasma bridge (Matic).\n * @param _erc20Predicate ERC20Predicate Polygon system contract to approve when depositing to the PoS bridge.\n * @param _l1Matic matic address on l1.\n * @param _l1Weth WETH address on L1.\n */\n constructor(\n IRootChainManager _rootChainManager,\n IFxStateSender _fxStateSender,\n DepositManager _depositManager,\n address _erc20Predicate,\n address _l1Matic,\n WETH9Interface _l1Weth\n ) {\n rootChainManager = _rootChainManager;\n fxStateSender = _fxStateSender;\n depositManager = _depositManager;\n erc20Predicate = _erc20Predicate;\n l1Matic = _l1Matic;\n l1Weth = _l1Weth;\n }\n\n /**\n * @notice Send cross-chain message to target on Polygon.\n * @param target Contract on Polygon that will receive message.\n * @param message Data to send to target.\n */\n\n function relayMessage(address target, bytes calldata message) external payable override {\n fxStateSender.sendMessageToChild(target, message);\n emit MessageRelayed(target, message);\n }\n\n /**\n * @notice Bridge tokens to Polygon.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token,\n uint256 amount,\n address to\n ) external payable override {\n // If the l1Token is weth then unwrap it to ETH then send the ETH to the standard bridge.\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n rootChainManager.depositEtherFor{ value: amount }(to);\n } else if (l1Token == l1Matic) {\n IERC20(l1Token).safeIncreaseAllowance(address(depositManager), amount);\n depositManager.depositERC20ForUser(l1Token, to, amount);\n } else {\n IERC20(l1Token).safeIncreaseAllowance(erc20Predicate, amount);\n rootChainManager.depositFor(to, l1Token, abi.encode(amount));\n }\n emit TokensRelayed(l1Token, l2Token, amount, to);\n }\n}\n" + }, + "contracts/chain-adapters/ZkSync_Adapter.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/AdapterInterface.sol\";\nimport \"../external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\n\ninterface ZkSyncInterface {\n // _contractL2: L2 address of the contract to be called.\n // _l2Value: Amount of ETH to pass with the call to L2; used as msg.value for the transaction.\n // _calldata: Calldata of the transaction call; encoded the same way as in Ethereum.\n // _l2GasLimit: Gas limit of the L2 transaction call.\n // _l2GasPerPubdataByteLimit: A constant representing how much gas is required to publish a byte of data from\n // L1 to L2. https://era.zksync.io/docs/api/js/utils.html#gas\n // _factoryDeps: Bytecodes array containing the bytecode of the contract being deployed.\n // If the contract is a factory contract, the array contains the bytecodes of the contracts it can deploy.\n // _refundRecipient: Address that receives the rest of the fee after the transaction execution.\n // If refundRecipient == 0, L2 msg.sender is used. Note: If the _refundRecipient is a smart contract,\n // then during the L1 to L2 transaction its address is aliased.\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash);\n\n // @notice Estimates the cost in Ether of requesting execution of an L2 transaction from L1\n // @param _l1GasPrice Effective gas price on L1 (priority fee + base fee)\n // @param _l2GasLimit Gas limit for the L2 transaction\n // @param _l2GasPerPubdataByteLimit Gas limit for the L2 transaction per byte of pubdata\n // @return The estimated L2 gas for the transaction to be paid\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256);\n}\n\ninterface ZkBridgeLike {\n // @dev: Use ZkSyncInterface.requestL2Transaction to bridge WETH as ETH to L2.\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash);\n}\n\n// Note: this contract just forwards the calls from the HubPool to ZkSync to avoid limits.\n// A modified ZKSync_Adapter should be deployed with this address swapped in for all zkSync addresses.\ncontract LimitBypassProxy is ZkSyncInterface, ZkBridgeLike {\n using SafeERC20 for IERC20;\n ZkSyncInterface public constant zkSync = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n function l2TransactionBaseCost(\n uint256 _l1GasPrice,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit\n ) external view returns (uint256) {\n return zkSync.l2TransactionBaseCost(_l1GasPrice, _l2GasLimit, _l2GasPerPubdataByteLimit);\n }\n\n function requestL2Transaction(\n address _contractL2,\n uint256 _l2Value,\n bytes calldata _calldata,\n uint256 _l2GasLimit,\n uint256 _l2GasPerPubdataByteLimit,\n bytes[] calldata _factoryDeps,\n address _refundRecipient\n ) external payable returns (bytes32 canonicalTxHash) {\n return\n zkSync.requestL2Transaction{ value: msg.value }(\n _contractL2,\n _l2Value,\n _calldata,\n _l2GasLimit,\n _l2GasPerPubdataByteLimit,\n _factoryDeps,\n _refundRecipient\n );\n }\n\n function deposit(\n address _l2Receiver,\n address _l1Token,\n uint256 _amount,\n uint256 _l2TxGasLimit,\n uint256 _l2TxGasPerPubdataByte,\n address _refundRecipient\n ) external payable returns (bytes32 txHash) {\n IERC20(_l1Token).safeIncreaseAllowance(address(zkErc20Bridge), _amount);\n return\n zkErc20Bridge.deposit{ value: msg.value }(\n _l2Receiver,\n _l1Token,\n _amount,\n _l2TxGasLimit,\n _l2TxGasPerPubdataByte,\n _refundRecipient\n );\n }\n}\n\n/**\n * @notice Contract containing logic to send messages from L1 to ZkSync.\n * @dev Public functions calling external contracts do not guard against reentrancy because they are expected to be\n * called via delegatecall, which will execute this contract's logic within the context of the originating contract.\n * For example, the HubPool will delegatecall these functions, therefore its only necessary that the HubPool's methods\n * that call this contract's logic guard against reentrancy.\n */\n\n// solhint-disable-next-line contract-name-camelcase\ncontract ZkSync_Adapter is AdapterInterface {\n using SafeERC20 for IERC20;\n\n // We need to pay a base fee to the operator to include our L1 --> L2 transaction.\n // https://era.zksync.io/docs/dev/developer-guides/bridging/l1-l2.html#getting-the-base-cost\n\n // Generally, the following params are a bit hard to set and may change in the future once ZkSync\n // goes live. For now, we'll hardcode these and use aggressive values to ensure inclusion.\n\n // Limit on L2 gas to spend.\n uint256 public constant L2_GAS_LIMIT = 2_000_000;\n\n // How much gas is required to publish a byte of data from L1 to L2. 800 is the required value\n // as set here https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L226\n // Note, this value can change and will require an updated adapter.\n uint256 public constant L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT = 800;\n\n // This address receives any remaining fee after an L1 to L2 transaction completes.\n // If refund recipient = address(0) then L2 msg.sender is used, unless msg.sender is a contract then its address\n // gets aliased.\n address public immutable l2RefundAddress;\n\n // Hardcode the following ZkSync system contract addresses to save gas on construction. This adapter can be\n // redeployed in the event that the following addresses change.\n\n // Main contract used to send L1 --> L2 messages. Fetchable via `zks_getMainContract` method on JSON RPC.\n ZkSyncInterface public constant zkSyncMessageBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Contract used to send ETH to L2. Note: this is the same address as the main contract, but separated to allow\n // only this contract to be swapped (leaving the main zkSync contract to be used for messaging).\n ZkSyncInterface public constant zkSyncEthBridge = ZkSyncInterface(0x32400084C286CF3E17e7B677ea9583e60a000324);\n\n // Bridges to send ERC20 and ETH to L2. Fetchable via `zks_getBridgeContracts` method on JSON RPC.\n ZkBridgeLike public constant zkErc20Bridge = ZkBridgeLike(0x57891966931Eb4Bb6FB81430E6cE0A03AAbDe063);\n\n // Set l1Weth at construction time to make testing easier.\n WETH9Interface public immutable l1Weth;\n\n event ZkSyncMessageRelayed(bytes32 canonicalTxHash);\n\n /**\n * @notice Constructs new Adapter.\n * @param _l1Weth WETH address on L1.\n * @param _l2RefundAddress address that recieves excess gas refunds on L2.\n */\n constructor(WETH9Interface _l1Weth, address _l2RefundAddress) {\n l1Weth = _l1Weth;\n l2RefundAddress = _l2RefundAddress;\n }\n\n /**\n * @notice Send cross-chain message to target on ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message, or the message\n * will revert.\n * @param target Contract on L2 that will receive message.\n * @param message Data to send to target.\n */\n function relayMessage(address target, bytes memory message) external payable override {\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // Returns the hash of the requested L2 transaction. This hash can be used to follow the transaction status.\n bytes32 canonicalTxHash = zkSyncMessageBridge.requestL2Transaction{ value: txBaseCost }(\n target,\n // We pass no ETH with the call, otherwise we'd need to add to the txBaseCost this value.\n 0,\n message,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n\n emit MessageRelayed(target, message);\n emit ZkSyncMessageRelayed(canonicalTxHash);\n }\n\n /**\n * @notice Bridge tokens to ZkSync.\n * @notice This contract must hold at least getL1CallValue() amount of ETH to send a message\n * or the message will revert.\n * @param l1Token L1 token to deposit.\n * @param l2Token L2 token to receive.\n * @param amount Amount of L1 tokens to deposit and L2 tokens to receive.\n * @param to Bridge recipient.\n */\n function relayTokens(\n address l1Token,\n address l2Token, // l2Token is unused.\n uint256 amount,\n address to\n ) external payable override {\n // This could revert if the relay amount is over the ZkSync deposit\n // limit: https://github.com/matter-labs/era-contracts/blob/main/ethereum/contracts/common/AllowList.sol#L150\n // We should make sure that the limit is either set very high or we need to do logic\n // that splits the amount to deposit into multiple chunks. We can't have\n // this function revert or the HubPool will not be able to proceed to the\n // next bundle. See more here:\n // https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#deposit-limitation\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L230\n uint256 txBaseCost = _contractHasSufficientEthBalance();\n\n // If the l1Token is WETH then unwrap it to ETH then send the ETH to the standard bridge along with the base\n // cost. I've tried sending WETH over the erc20Bridge directly but we receive the wrong WETH\n // on the L2 side. So, we need to unwrap the WETH into ETH and then send.\n bytes32 txHash;\n if (l1Token == address(l1Weth)) {\n l1Weth.withdraw(amount);\n // We cannot call the standard ERC20 bridge because it disallows ETH deposits.\n txHash = zkSyncEthBridge.requestL2Transaction{ value: txBaseCost + amount }(\n to,\n amount,\n \"\",\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n new bytes[](0),\n l2RefundAddress\n );\n } else {\n IERC20(l1Token).safeIncreaseAllowance(address(zkErc20Bridge), amount);\n txHash = zkErc20Bridge.deposit{ value: txBaseCost }(\n to,\n l1Token,\n amount,\n L2_GAS_LIMIT,\n L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT,\n l2RefundAddress\n );\n }\n\n emit TokensRelayed(l1Token, l2Token, amount, to);\n emit ZkSyncMessageRelayed(txHash);\n }\n\n /**\n * @notice Returns required amount of ETH to send a message.\n * @return amount of ETH that this contract needs to hold in order for relayMessage to succeed.\n */\n function getL1CallValue() public view returns (uint256) {\n // - tx.gasprice returns effective_gas_price. It's also used by Mailbox contract to estimate L2GasPrice\n // so using tx.gasprice should always pass this check that msg.value >= baseCost + _l2Value\n // https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/ethereum/contracts/zksync/facets/Mailbox.sol#L273\n // - priority_fee_per_gas = min(transaction.max_priority_fee_per_gas, transaction.max_fee_per_gas - block.base_fee_per_gas)\n // - effective_gas_price = priority_fee_per_gas + block.base_fee_per_gas\n return\n zkSyncMessageBridge.l2TransactionBaseCost(tx.gasprice, L2_GAS_LIMIT, L1_GAS_TO_L2_GAS_PER_PUB_DATA_LIMIT);\n }\n\n function _contractHasSufficientEthBalance() internal view returns (uint256 requiredL1CallValue) {\n requiredL1CallValue = getL1CallValue();\n require(address(this).balance >= requiredL1CallValue, \"Insufficient ETH balance\");\n }\n}\n" + }, + "contracts/Ethereum_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @notice Ethereum L1 specific SpokePool. Used on Ethereum L1 to facilitate L2->L1 transfers.\n */\ncontract Ethereum_SpokePool is SpokePool, OwnableUpgradeable {\n using SafeERC20Upgradeable for IERC20Upgradeable;\n\n /**\n * @notice Construct the Ethereum SpokePool.\n * @dev crossDomainAdmin is unused on this contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _hubPool, _hubPool, _wethAddress);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n // The SpokePool deployed to the same network as the HubPool must be owned by the HubPool.\n // A core assumption of this contract system is that the HubPool is deployed on Ethereum.\n function _requireAdminSender() internal override onlyOwner {}\n}\n" + }, + "contracts/external/interfaces/SuccinctInterfaces.sol": { + "content": "pragma solidity ^0.8.0;\n\n// These interfaces are a subset of the Succinct interfaces here: https://github.com/succinctlabs/telepathy-contracts.\n\n// This interface should be implemented by any contract wanting to receive messages sent over the Succinct bridge.\ninterface ITelepathyHandler {\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external returns (bytes4);\n}\n\n// This interface represents the contract that we call into to send messages over the Succinct AMB.\ninterface ITelepathyBroadcaster {\n function send(\n uint16 _recipientChainId,\n address _recipientAddress,\n bytes calldata _data\n ) external returns (bytes32);\n}\n" + }, + "contracts/external/interfaces/WETH9Interface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Interface for the WETH9 contract.\n */\ninterface WETH9Interface {\n /**\n * @notice Burn Wrapped Ether and receive native Ether.\n * @param wad Amount of WETH to unwrap and send to caller.\n */\n function withdraw(uint256 wad) external;\n\n /**\n * @notice Lock native Ether and mint Wrapped Ether ERC20\n * @dev msg.value is amount of Wrapped Ether to mint/Ether to lock.\n */\n function deposit() external payable;\n\n /**\n * @notice Get balance of WETH held by `guy`.\n * @param guy Address to get balance of.\n * @return wad Amount of WETH held by `guy`.\n */\n function balanceOf(address guy) external view returns (uint256 wad);\n\n /**\n * @notice Transfer `wad` of WETH from caller to `guy`.\n * @param guy Address to send WETH to.\n * @param wad Amount of WETH to send.\n * @return ok True if transfer succeeded.\n */\n function transfer(address guy, uint256 wad) external returns (bool);\n}\n" + }, + "contracts/interfaces/HubPoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @notice Concise list of functions in HubPool implementation.\n */\ninterface HubPoolInterface {\n // This leaf is meant to be decoded in the HubPool to rebalance tokens between HubPool and SpokePool.\n struct PoolRebalanceLeaf {\n // This is used to know which chain to send cross-chain transactions to (and which SpokePool to send to).\n uint256 chainId;\n // Total LP fee amount per token in this bundle, encompassing all associated bundled relays.\n uint256[] bundleLpFees;\n // Represents the amount to push to or pull from the SpokePool. If +, the pool pays the SpokePool. If negative\n // the SpokePool pays the HubPool. There can be arbitrarily complex rebalancing rules defined offchain. This\n // number is only nonzero when the rules indicate that a rebalancing action should occur. When a rebalance does\n // occur, runningBalances must be set to zero for this token and netSendAmounts should be set to the previous\n // runningBalances + relays - deposits in this bundle. If non-zero then it must be set on the SpokePool's\n // RelayerRefundLeaf amountToReturn as -1 * this value to show if funds are being sent from or to the SpokePool.\n int256[] netSendAmounts;\n // This is only here to be emitted in an event to track a running unpaid balance between the L2 pool and the L1\n // pool. A positive number indicates that the HubPool owes the SpokePool funds. A negative number indicates that\n // the SpokePool owes the HubPool funds. See the comment above for the dynamics of this and netSendAmounts.\n int256[] runningBalances;\n // Used by data worker to mark which leaves should relay roots to SpokePools, and to otherwise organize leaves.\n // For example, each leaf should contain all the rebalance information for a single chain, but in the case where\n // the list of l1Tokens is very large such that they all can't fit into a single leaf that can be executed under\n // the block gas limit, then the data worker can use this groupIndex to organize them. Any leaves with\n // a groupIndex equal to 0 will relay roots to the SpokePool, so the data worker should ensure that only one\n // leaf for a specific chainId should have a groupIndex equal to 0.\n uint256 groupIndex;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint8 leafId;\n // The bundleLpFees, netSendAmounts, and runningBalances are required to be the same length. They are parallel\n // arrays for the given chainId and should be ordered by the l1Tokens field. All whitelisted tokens with nonzero\n // relays on this chain in this bundle in the order of whitelisting.\n address[] l1Tokens;\n }\n\n // A data worker can optimistically store several merkle roots on this contract by staking a bond and calling\n // proposeRootBundle. By staking a bond, the data worker is alleging that the merkle roots all contain valid leaves\n // that can be executed later to:\n // - Send funds from this contract to a SpokePool or vice versa\n // - Send funds from a SpokePool to Relayer as a refund for a relayed deposit\n // - Send funds from a SpokePool to a deposit recipient to fulfill a \"slow\" relay\n // Anyone can dispute this struct if the merkle roots contain invalid leaves before the\n // challengePeriodEndTimestamp. Once the expiration timestamp is passed, executeRootBundle to execute a leaf\n // from the poolRebalanceRoot on this contract and it will simultaneously publish the relayerRefundRoot and\n // slowRelayRoot to a SpokePool. The latter two roots, once published to the SpokePool, contain\n // leaves that can be executed on the SpokePool to pay relayers or recipients.\n struct RootBundle {\n // Contains leaves instructing this contract to send funds to SpokePools.\n bytes32 poolRebalanceRoot;\n // Relayer refund merkle root to be published to a SpokePool.\n bytes32 relayerRefundRoot;\n // Slow relay merkle root to be published to a SpokePool.\n bytes32 slowRelayRoot;\n // This is a 1D bitmap, with max size of 256 elements, limiting us to 256 chainsIds.\n uint256 claimedBitMap;\n // Proposer of this root bundle.\n address proposer;\n // Number of pool rebalance leaves to execute in the poolRebalanceRoot. After this number\n // of leaves are executed, a new root bundle can be proposed\n uint8 unclaimedPoolRebalanceLeafCount;\n // When root bundle challenge period passes and this root bundle becomes executable.\n uint32 challengePeriodEndTimestamp;\n }\n\n // Each whitelisted L1 token has an associated pooledToken struct that contains all information used to track the\n // cumulative LP positions and if this token is enabled for deposits.\n struct PooledToken {\n // LP token given to LPs of a specific L1 token.\n address lpToken;\n // True if accepting new LP's.\n bool isEnabled;\n // Timestamp of last LP fee update.\n uint32 lastLpFeeUpdate;\n // Number of LP funds sent via pool rebalances to SpokePools and are expected to be sent\n // back later.\n int256 utilizedReserves;\n // Number of LP funds held in contract less utilized reserves.\n uint256 liquidReserves;\n // Number of LP funds reserved to pay out to LPs as fees.\n uint256 undistributedLpFees;\n }\n\n // Helper contracts to facilitate cross chain actions between HubPool and SpokePool for a specific network.\n struct CrossChainContract {\n address adapter;\n address spokePool;\n }\n\n function setPaused(bool pause) external;\n\n function emergencyDeleteProposal() external;\n\n function relaySpokePoolAdminFunction(uint256 chainId, bytes memory functionData) external;\n\n function setProtocolFeeCapture(address newProtocolFeeCaptureAddress, uint256 newProtocolFeeCapturePct) external;\n\n function setBond(IERC20 newBondToken, uint256 newBondAmount) external;\n\n function setLiveness(uint32 newLiveness) external;\n\n function setIdentifier(bytes32 newIdentifier) external;\n\n function setCrossChainContracts(\n uint256 l2ChainId,\n address adapter,\n address spokePool\n ) external;\n\n function enableL1TokenForLiquidityProvision(address l1Token) external;\n\n function disableL1TokenForLiquidityProvision(address l1Token) external;\n\n function addLiquidity(address l1Token, uint256 l1TokenAmount) external payable;\n\n function removeLiquidity(\n address l1Token,\n uint256 lpTokenAmount,\n bool sendEth\n ) external;\n\n function exchangeRateCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationCurrent(address l1Token) external returns (uint256);\n\n function liquidityUtilizationPostRelay(address l1Token, uint256 relayedAmount) external returns (uint256);\n\n function sync(address l1Token) external;\n\n function proposeRootBundle(\n uint256[] memory bundleEvaluationBlockNumbers,\n uint8 poolRebalanceLeafCount,\n bytes32 poolRebalanceRoot,\n bytes32 relayerRefundRoot,\n bytes32 slowRelayRoot\n ) external;\n\n function executeRootBundle(\n uint256 chainId,\n uint256 groupIndex,\n uint256[] memory bundleLpFees,\n int256[] memory netSendAmounts,\n int256[] memory runningBalances,\n uint8 leafId,\n address[] memory l1Tokens,\n bytes32[] memory proof\n ) external;\n\n function disputeRootBundle() external;\n\n function claimProtocolFeesCaptured(address l1Token) external;\n\n function setPoolRebalanceRoute(\n uint256 destinationChainId,\n address l1Token,\n address destinationToken\n ) external;\n\n function setDepositRoute(\n uint256 originChainId,\n uint256 destinationChainId,\n address originToken,\n bool depositsEnabled\n ) external;\n\n function poolRebalanceRoute(uint256 destinationChainId, address l1Token)\n external\n view\n returns (address destinationToken);\n\n function loadEthForL2Calls() external payable;\n}\n" + }, + "contracts/interfaces/SpokePoolInterface.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @notice Contains common data structures and functions used by all SpokePool implementations.\n */\ninterface SpokePoolInterface {\n // This leaf is meant to be decoded in the SpokePool to pay out successful relayers.\n struct RelayerRefundLeaf {\n // This is the amount to return to the HubPool. This occurs when there is a PoolRebalanceLeaf netSendAmount that\n // is negative. This is just the negative of this value.\n uint256 amountToReturn;\n // Used to verify that this is being executed on the correct destination chainId.\n uint256 chainId;\n // This array designates how much each of those addresses should be refunded.\n uint256[] refundAmounts;\n // Used as the index in the bitmap to track whether this leaf has been executed or not.\n uint32 leafId;\n // The associated L2TokenAddress that these claims apply to.\n address l2TokenAddress;\n // Must be same length as refundAmounts and designates each address that must be refunded.\n address[] refundAddresses;\n }\n\n // This struct represents the data to fully specify a relay. If any portion of this data differs, the relay is\n // considered to be completely distinct. Only one relay for a particular depositId, chainId pair should be\n // considered valid and repaid. This data is hashed and inserted into the slow relay merkle root so that an off\n // chain validator can choose when to refund slow relayers.\n struct RelayData {\n // The address that made the deposit on the origin chain.\n address depositor;\n // The recipient address on the destination chain.\n address recipient;\n // The corresponding token address on the destination chain.\n address destinationToken;\n // The total relay amount before fees are taken out.\n uint256 amount;\n // Origin chain id.\n uint256 originChainId;\n // Destination chain id.\n uint256 destinationChainId;\n // The LP Fee percentage computed by the relayer based on the deposit's quote timestamp\n // and the HubPool's utilization.\n int64 realizedLpFeePct;\n // The relayer fee percentage specified in the deposit.\n int64 relayerFeePct;\n // The id uniquely identifying this deposit on the origin chain.\n uint32 depositId;\n // Data that is forwarded to the recipient.\n bytes message;\n }\n\n struct SlowFill {\n RelayData relayData;\n int256 payoutAdjustmentPct;\n }\n\n // Stores collection of merkle roots that can be published to this contract from the HubPool, which are referenced\n // by \"data workers\" via inclusion proofs to execute leaves in the roots.\n struct RootBundle {\n // Merkle root of slow relays that were not fully filled and whose recipient is still owed funds from the LP pool.\n bytes32 slowRelayRoot;\n // Merkle root of relayer refunds for successful relays.\n bytes32 relayerRefundRoot;\n // This is a 2D bitmap tracking which leaves in the relayer refund root have been claimed, with max size of\n // 256x(2^248) leaves per root.\n mapping(uint256 => uint256) claimedBitmap;\n }\n\n function setCrossDomainAdmin(address newCrossDomainAdmin) external;\n\n function setHubPool(address newHubPool) external;\n\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enable\n ) external;\n\n function pauseDeposits(bool pause) external;\n\n function pauseFills(bool pause) external;\n\n function setDepositQuoteTimeBuffer(uint32 buffer) external;\n\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) external;\n\n function emergencyDeleteRootBundle(uint256 rootBundleId) external;\n\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) external payable;\n\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) external;\n\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) external;\n\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) external;\n\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) external;\n\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) external;\n\n function chainId() external view returns (uint256);\n}\n" + }, + "contracts/merkle-distributor/AcrossMerkleDistributor.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@uma/core/contracts/merkle-distributor/implementation/MerkleDistributor.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @title Extended MerkleDistributor contract.\n * @notice Adds additional constraints governing who can claim leaves from merkle windows.\n */\ncontract AcrossMerkleDistributor is MerkleDistributor {\n using SafeERC20 for IERC20;\n\n // Addresses that can claim on user's behalf.\n mapping(address => bool) public whitelistedClaimers;\n\n /****************************************\n * EVENTS\n ****************************************/\n event WhitelistedClaimer(address indexed claimer, bool indexed whitelist);\n event ClaimFor(\n address indexed caller,\n uint256 windowIndex,\n address indexed account,\n uint256 accountIndex,\n uint256 amount,\n address indexed rewardToken\n );\n\n /****************************\n * ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Updates whitelisted claimer status.\n * @dev Callable only by owner.\n * @param newContract Reset claimer contract to this address.\n * @param whitelist True to whitelist claimer, False otherwise.\n */\n function whitelistClaimer(address newContract, bool whitelist) external onlyOwner {\n whitelistedClaimers[newContract] = whitelist;\n emit WhitelistedClaimer(newContract, whitelist);\n }\n\n /****************************\n * NON-ADMIN FUNCTIONS\n ****************************/\n\n /**\n * @notice Batch claims to reduce gas versus individual submitting all claims. Method will fail\n * if any individual claims within the batch would fail.\n * @dev All claim recipients must be equal to msg.sender.\n * @param claims array of claims to claim.\n */\n function claimMulti(Claim[] memory claims) public override {\n uint256 claimCount = claims.length;\n for (uint256 i = 0; i < claimCount; i++) {\n require(claims[i].account == msg.sender, \"invalid claimer\");\n }\n super.claimMulti(claims);\n }\n\n /**\n * @notice Claim amount of reward tokens for account, as described by Claim input object.\n * @dev Claim recipient must be equal to msg.sender.\n * @param _claim claim object describing amount, accountIndex, account, window index, and merkle proof.\n */\n function claim(Claim memory _claim) public override {\n require(_claim.account == msg.sender, \"invalid claimer\");\n super.claim(_claim);\n }\n\n /**\n * @notice Executes merkle leaf claim on behaf of user. This can only be called by a trusted\n * claimer address. This function is designed to be called atomically with other transactions\n * that ultimately return the claimed amount to the rightful recipient. For example,\n * AcceleratingDistributor could call this function and then stake atomically on behalf of the user.\n * @dev Caller must be in whitelistedClaimers struct set to \"true\".\n * @param _claim leaf to claim.\n */\n\n function claimFor(Claim memory _claim) public {\n require(whitelistedClaimers[msg.sender], \"unwhitelisted claimer\");\n _verifyAndMarkClaimed(_claim);\n merkleWindows[_claim.windowIndex].rewardToken.safeTransfer(msg.sender, _claim.amount);\n emit ClaimFor(\n msg.sender,\n _claim.windowIndex,\n _claim.account,\n _claim.accountIndex,\n _claim.amount,\n address(merkleWindows[_claim.windowIndex].rewardToken)\n );\n }\n}\n" + }, + "contracts/MerkleLib.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./interfaces/HubPoolInterface.sol\";\n\nimport \"@openzeppelin/contracts/utils/cryptography/MerkleProof.sol\";\n\n/**\n * @notice Library to help with merkle roots, proofs, and claims.\n */\nlibrary MerkleLib {\n /**\n * @notice Verifies that a repayment is contained within a merkle root.\n * @param root the merkle root.\n * @param rebalance the rebalance struct.\n * @param proof the merkle proof.\n * @return bool to signal if the pool rebalance proof correctly shows inclusion of the rebalance within the tree.\n */\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(rebalance)));\n }\n\n /**\n * @notice Verifies that a relayer refund is contained within a merkle root.\n * @param root the merkle root.\n * @param refund the refund struct.\n * @param proof the merkle proof.\n * @return bool to signal if the relayer refund proof correctly shows inclusion of the refund within the tree.\n */\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(refund)));\n }\n\n /**\n * @notice Verifies that a distribution is contained within a merkle root.\n * @param root the merkle root.\n * @param slowRelayFulfillment the relayData fulfillment struct.\n * @param proof the merkle proof.\n * @return bool to signal if the slow relay's proof correctly shows inclusion of the slow relay within the tree.\n */\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowRelayFulfillment,\n bytes32[] memory proof\n ) internal pure returns (bool) {\n return MerkleProof.verify(proof, root, keccak256(abi.encode(slowRelayFulfillment)));\n }\n\n // The following functions are primarily copied from\n // https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol with minor changes.\n\n /**\n * @notice Tests whether a claim is contained within a claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to check in the bitmap.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal view returns (bool) {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n uint256 claimedWord = claimedBitMap[claimedWordIndex];\n uint256 mask = (1 << claimedBitIndex);\n return claimedWord & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap.\n * @param index the index to mark in the bitmap.\n */\n function setClaimed(mapping(uint256 => uint256) storage claimedBitMap, uint256 index) internal {\n uint256 claimedWordIndex = index / 256;\n uint256 claimedBitIndex = index % 256;\n claimedBitMap[claimedWordIndex] = claimedBitMap[claimedWordIndex] | (1 << claimedBitIndex);\n }\n\n /**\n * @notice Tests whether a claim is contained within a 1D claimedBitMap mapping.\n * @param claimedBitMap a simple uint256 value, encoding a 1D bitmap.\n * @param index the index to check in the bitmap. Uint8 type enforces that index can't be > 255.\n * @return bool indicating if the index within the claimedBitMap has been marked as claimed.\n */\n function isClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (bool) {\n uint256 mask = (1 << index);\n return claimedBitMap & mask == mask;\n }\n\n /**\n * @notice Marks an index in a claimedBitMap as claimed.\n * @param claimedBitMap a simple uint256 mapping in storage used as a bitmap. Uint8 type enforces that index\n * can't be > 255.\n * @param index the index to mark in the bitmap.\n * @return uint256 representing the modified input claimedBitMap with the index set to true.\n */\n function setClaimed1D(uint256 claimedBitMap, uint8 index) internal pure returns (uint256) {\n return claimedBitMap | (1 << index);\n }\n}\n" + }, + "contracts/Ovm_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/crosschain/optimism/LibOptimismUpgradeable.sol\";\nimport \"@eth-optimism/contracts/libraries/constants/Lib_PredeployAddresses.sol\";\n\n// https://github.com/Synthetixio/synthetix/blob/5ca27785fad8237fb0710eac01421cafbbd69647/contracts/SynthetixBridgeToBase.sol#L50\ninterface SynthetixBridgeToBase {\n function withdrawTo(address to, uint256 amount) external;\n}\n\n// https://github.com/ethereum-optimism/optimism/blob/bf51c4935261634120f31827c3910aa631f6bf9c/packages/contracts-bedrock/contracts/L2/L2StandardBridge.sol\ninterface IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable;\n}\n\n/**\n * @notice OVM specific SpokePool. Uses OVM cross-domain-enabled logic to implement admin only access to functions. * Optimism and Boba each implement this spoke pool and set their chain specific contract addresses for l2Eth and l2Weth.\n */\ncontract Ovm_SpokePool is SpokePool {\n // \"l1Gas\" parameter used in call to bridge tokens from this contract back to L1 via IL2ERC20Bridge. Currently\n // unused by bridge but included for future compatibility.\n uint32 public l1Gas;\n\n // ETH is an ERC20 on OVM.\n address public l2Eth;\n\n // Address of the Optimism L2 messenger.\n address public messenger;\n\n // Address of custom bridge used to bridge Synthetix-related assets like SNX.\n address private constant SYNTHETIX_BRIDGE = 0x136b1EC699c62b0606854056f02dC7Bb80482d63;\n\n // Address of SNX ERC20\n address private constant SNX = 0x8700dAec35aF8Ff88c16BdF0418774CB3D7599B4;\n\n // Stores alternative token bridges to use for L2 tokens that don't go over the standard bridge. This is needed\n // to support non-standard ERC20 tokens on Optimism, such as DIA and SNX which both use custom bridges.\n mapping(address => address) public tokenBridges;\n\n event OptimismTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged, uint256 l1Gas);\n event SetL1Gas(uint32 indexed newL1Gas);\n event SetL2TokenBridge(address indexed l2Token, address indexed tokenBridge);\n\n /**\n * @notice Construct the OVM SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n */\n function __OvmSpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _l2Eth,\n address _wrappedNativeToken\n ) public onlyInitializing {\n l1Gas = 5_000_000;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n messenger = Lib_PredeployAddresses.L2_CROSS_DOMAIN_MESSENGER;\n //slither-disable-next-line missing-zero-check\n l2Eth = _l2Eth;\n }\n\n /*******************************************\n * OPTIMISM-SPECIFIC ADMIN FUNCTIONS *\n *******************************************/\n\n /**\n * @notice Change L1 gas limit. Callable only by admin.\n * @param newl1Gas New L1 gas limit to set.\n */\n function setL1GasLimit(uint32 newl1Gas) public onlyAdmin nonReentrant {\n l1Gas = newl1Gas;\n emit SetL1Gas(newl1Gas);\n }\n\n /**\n * @notice Set bridge contract for L2 token used to withdraw back to L1.\n * @dev If this mapping isn't set for an L2 token, then the standard bridge will be used to bridge this token.\n * @param tokenBridge Address of token bridge\n */\n function setTokenBridge(address l2Token, address tokenBridge) public onlyAdmin nonReentrant {\n tokenBridges[l2Token] = tokenBridge;\n emit SetL2TokenBridge(l2Token, tokenBridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. Its not sufficient to execute\n // this logic inside a fallback method that executes when this contract receives ETH because ETH is an ERC20\n // on the OVM.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // If the token being bridged is WETH then we need to first unwrap it to ETH and then send ETH over the\n // canonical bridge. On Optimism, this is address 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n relayerRefundLeaf.l2TokenAddress = l2Eth; // Set the l2TokenAddress to ETH.\n IL2ERC20Bridge(Lib_PredeployAddresses.L2_STANDARD_BRIDGE).withdrawTo{\n value: relayerRefundLeaf.amountToReturn\n }(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n }\n // Handle custom SNX bridge which doesn't conform to the standard bridge interface.\n else if (relayerRefundLeaf.l2TokenAddress == SNX)\n SynthetixBridgeToBase(SYNTHETIX_BRIDGE).withdrawTo(\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn // _amount.\n );\n else\n IL2ERC20Bridge(\n tokenBridges[relayerRefundLeaf.l2TokenAddress] == address(0)\n ? Lib_PredeployAddresses.L2_STANDARD_BRIDGE\n : tokenBridges[relayerRefundLeaf.l2TokenAddress]\n ).withdrawTo(\n relayerRefundLeaf.l2TokenAddress, // _l2Token. Address of the L2 token to bridge over.\n hubPool, // _to. Withdraw, over the bridge, to the l1 pool contract.\n relayerRefundLeaf.amountToReturn, // _amount.\n l1Gas, // _l1Gas. Unused, but included for potential forward compatibility considerations\n \"\" // _data. We don't need to send any data for the bridging action.\n );\n\n emit OptimismTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn, l1Gas);\n }\n\n // Apply OVM-specific transformation to cross domain admin address on L1.\n function _requireAdminSender() internal view override {\n require(\n LibOptimismUpgradeable.crossChainSender(messenger) == crossDomainAdmin,\n \"OVM_XCHAIN: wrong sender of cross-domain message\"\n );\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./MerkleLib.sol\";\nimport \"./external/interfaces/WETH9Interface.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\nimport \"./upgradeable/MultiCallerUpgradeable.sol\";\nimport \"./upgradeable/EIP712CrossChainUpgradeable.sol\";\nimport \"./upgradeable/AddressLibUpgradeable.sol\";\n\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol\";\nimport \"@openzeppelin/contracts/utils/math/SignedMath.sol\";\n\n// This interface is expected to be implemented by any contract that expects to recieve messages from the SpokePool.\ninterface AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external;\n}\n\n/**\n * @title SpokePool\n * @notice Base contract deployed on source and destination chains enabling depositors to transfer assets from source to\n * destination. Deposit orders are fulfilled by off-chain relayers who also interact with this contract. Deposited\n * tokens are locked on the source chain and relayers send the recipient the desired token currency and amount\n * on the destination chain. Locked source chain tokens are later sent over the canonical token bridge to L1 HubPool.\n * Relayers are refunded with destination tokens out of this contract after another off-chain actor, a \"data worker\",\n * submits a proof that the relayer correctly submitted a relay on this SpokePool.\n */\nabstract contract SpokePool is\n SpokePoolInterface,\n UUPSUpgradeable,\n ReentrancyGuardUpgradeable,\n MultiCallerUpgradeable,\n EIP712CrossChainUpgradeable\n{\n using SafeERC20Upgradeable for IERC20Upgradeable;\n using AddressLibUpgradeable for address;\n\n // Address of the L1 contract that acts as the owner of this SpokePool. This should normally be set to the HubPool\n // address. The crossDomainAdmin address is unused when the SpokePool is deployed to the same chain as the HubPool.\n address public crossDomainAdmin;\n\n // Address of the L1 contract that will send tokens to and receive tokens from this contract to fund relayer\n // refunds and slow relays.\n address public hubPool;\n\n // Address of wrappedNativeToken contract for this network. If an origin token matches this, then the caller can\n // optionally instruct this contract to wrap native tokens when depositing (ie ETH->WETH or MATIC->WMATIC).\n WETH9Interface public wrappedNativeToken;\n\n // Any deposit quote times greater than or less than this value to the current contract time is blocked. Forces\n // caller to use an approximately \"current\" realized fee. Defaults to 1 hour.\n uint32 public depositQuoteTimeBuffer;\n\n // Count of deposits is used to construct a unique deposit identifier for this spoke pool.\n uint32 public numberOfDeposits;\n\n // Whether deposits and fills are disabled.\n bool public pausedFills;\n bool public pausedDeposits;\n\n // This contract can store as many root bundles as the HubPool chooses to publish here.\n RootBundle[] public rootBundles;\n\n // Origin token to destination token routings can be turned on or off, which can enable or disable deposits.\n mapping(address => mapping(uint256 => bool)) public enabledDepositRoutes;\n\n // Each relay is associated with the hash of parameters that uniquely identify the original deposit and a relay\n // attempt for that deposit. The relay itself is just represented as the amount filled so far. The total amount to\n // relay, the fees, and the agents are all parameters included in the hash key.\n mapping(bytes32 => uint256) public relayFills;\n\n // This keeps track of the worst-case liabilities due to fills.\n // It is never reset. Users should only rely on it to determine the worst-case increase in liabilities between\n // two points. This is used to provide frontrunning protection to ensure the relayer's assumptions about the state\n // upon which their expected repayments are based will not change before their transaction is mined.\n mapping(address => uint256) public fillCounter;\n\n // This keeps track of the total running deposits for each token. This allows depositors to protect themselves from\n // frontrunning that might change their worst-case quote.\n mapping(address => uint256) public depositCounter;\n\n // This tracks the number of identical refunds that have been requested.\n // The intention is to allow an off-chain system to know when this could be a duplicate and ensure that the other\n // requests are known and accounted for.\n mapping(bytes32 => uint256) public refundsRequested;\n\n uint256 public constant MAX_TRANSFER_SIZE = 1e36;\n\n // Note: this needs to be larger than the max transfer size to ensure that all slow fills are fillable, even if\n // their fees are negative.\n // It's important that it isn't too large, however, as it should be multipliable by ~2e18 without overflowing.\n // 1e40 * 2e18 = 2e58 << 2^255 ~= 5e76\n uint256 public constant SLOW_FILL_MAX_TOKENS_TO_SEND = 1e40;\n\n // Set max payout adjustment to something\n\n bytes32 public constant UPDATE_DEPOSIT_DETAILS_HASH =\n keccak256(\n \"UpdateDepositDetails(uint32 depositId,uint256 originChainId,int64 updatedRelayerFeePct,address updatedRecipient,bytes updatedMessage)\"\n );\n\n /****************************************\n * EVENTS *\n ****************************************/\n event SetXDomainAdmin(address indexed newAdmin);\n event SetHubPool(address indexed newHubPool);\n event EnabledDepositRoute(address indexed originToken, uint256 indexed destinationChainId, bool enabled);\n event SetDepositQuoteTimeBuffer(uint32 newBuffer);\n event FundsDeposited(\n uint256 amount,\n uint256 originChainId,\n uint256 indexed destinationChainId,\n int64 relayerFeePct,\n uint32 indexed depositId,\n uint32 quoteTimestamp,\n address originToken,\n address recipient,\n address indexed depositor,\n bytes message\n );\n event RequestedSpeedUpDeposit(\n int64 newRelayerFeePct,\n uint32 indexed depositId,\n address indexed depositor,\n address updatedRecipient,\n bytes updatedMessage,\n bytes depositorSignature\n );\n event FilledRelay(\n uint256 amount,\n uint256 totalFilledAmount,\n uint256 fillAmount,\n uint256 repaymentChainId,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 relayerFeePct,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n address destinationToken,\n address relayer,\n address indexed depositor,\n address recipient,\n bytes message,\n RelayExecutionInfo updatableRelayData\n );\n event RefundRequested(\n address indexed relayer,\n address refundToken,\n uint256 amount,\n uint256 indexed originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 indexed depositId,\n uint256 fillBlock,\n uint256 previousIdenticalRequests\n );\n event RelayedRootBundle(\n uint32 indexed rootBundleId,\n bytes32 indexed relayerRefundRoot,\n bytes32 indexed slowRelayRoot\n );\n event ExecutedRelayerRefundRoot(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint256[] refundAmounts,\n uint32 indexed rootBundleId,\n uint32 indexed leafId,\n address l2TokenAddress,\n address[] refundAddresses,\n address caller\n );\n event TokensBridged(\n uint256 amountToReturn,\n uint256 indexed chainId,\n uint32 indexed leafId,\n address indexed l2TokenAddress,\n address caller\n );\n event EmergencyDeleteRootBundle(uint256 indexed rootBundleId);\n event PausedDeposits(bool isPaused);\n event PausedFills(bool isPaused);\n\n /**\n * @notice Represents data used to fill a deposit.\n * @param relay Relay containing original data linked to deposit. Contains fields that can be\n * overridden by other parameters in the RelayExecution struct.\n * @param relayHash Hash of the relay data.\n * @param updatedRelayerFeePct Actual relayer fee pct to use for this relay.\n * @param updatedRecipient Actual recipient to use for this relay.\n * @param updatedMessage Actual message to use for this relay.\n * @param repaymentChainId Chain ID of the network that the relayer will receive refunds on.\n * @param maxTokensToSend Max number of tokens to pull from relayer.\n * @param maxCount Max count to protect the relayer from frontrunning.\n * @param slowFill Whether this is a slow fill.\n * @param payoutAdjustmentPct Adjustment to the payout amount. Can be used to increase or decrease the payout to\n * allow for rewards or penalties. Used in slow fills.\n */\n struct RelayExecution {\n RelayData relay;\n bytes32 relayHash;\n int64 updatedRelayerFeePct;\n address updatedRecipient;\n bytes updatedMessage;\n uint256 repaymentChainId;\n uint256 maxTokensToSend;\n uint256 maxCount;\n bool slowFill;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * @notice Packs together information to include in FilledRelay event.\n * @dev This struct is emitted as opposed to its constituent parameters due to the limit on number of\n * parameters in an event.\n * @param recipient Recipient of the relayed funds.\n * @param message Message included in the relay.\n * @param relayerFeePct Relayer fee pct used for this relay.\n * @param isSlowRelay Whether this is a slow relay.\n * @param payoutAdjustmentPct Adjustment to the payout amount.\n */\n struct RelayExecutionInfo {\n address recipient;\n bytes message;\n int64 relayerFeePct;\n bool isSlowRelay;\n int256 payoutAdjustmentPct;\n }\n\n /**\n * Do not leave an implementation contract uninitialized. An uninitialized implementation contract can be\n * taken over by an attacker, which may impact the proxy. To prevent the implementation contract from being\n * used, you should invoke the _disableInitializers function in the constructor to automatically lock it when\n * it is deployed:\n */\n /// @custom:oz-upgrades-unsafe-allow constructor\n constructor() {\n _disableInitializers();\n }\n\n /**\n * @notice Construct the base SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeTokenAddress wrappedNativeToken address for this network to set.\n */\n function __SpokePool_init(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeTokenAddress\n ) public onlyInitializing {\n numberOfDeposits = _initialDepositId;\n __EIP712_init(\"ACROSS-V2\", \"1.0.0\");\n __UUPSUpgradeable_init();\n __ReentrancyGuard_init();\n depositQuoteTimeBuffer = 3600;\n _setCrossDomainAdmin(_crossDomainAdmin);\n _setHubPool(_hubPool);\n wrappedNativeToken = WETH9Interface(_wrappedNativeTokenAddress);\n }\n\n /****************************************\n * MODIFIERS *\n ****************************************/\n\n /**\n * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by\n * {upgradeTo} and {upgradeToAndCall}.\n * @dev This should be set to cross domain admin for specific SpokePool.\n */\n modifier onlyAdmin() {\n _requireAdminSender();\n _;\n }\n\n modifier unpausedDeposits() {\n require(!pausedDeposits, \"Paused deposits\");\n _;\n }\n\n modifier unpausedFills() {\n require(!pausedFills, \"Paused fills\");\n _;\n }\n\n /**************************************\n * ADMIN FUNCTIONS *\n **************************************/\n\n // Allows cross domain admin to upgrade UUPS proxy implementation.\n function _authorizeUpgrade(address newImplementation) internal override onlyAdmin {}\n\n /**\n * @notice Pauses deposit-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects `deposit()` but not `speedUpDeposit()`, so that existing deposits can be sped up and still\n * relayed.\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseDeposits(bool pause) public override onlyAdmin nonReentrant {\n pausedDeposits = pause;\n emit PausedDeposits(pause);\n }\n\n /**\n * @notice Pauses fill-related functions. This is intended to be used if this contract is deprecated or when\n * something goes awry.\n * @dev Affects fillRelayWithUpdatedDeposit() and fillRelay().\n * @param pause true if the call is meant to pause the system, false if the call is meant to unpause it.\n */\n function pauseFills(bool pause) public override onlyAdmin nonReentrant {\n pausedFills = pause;\n emit PausedFills(pause);\n }\n\n /**\n * @notice Change cross domain admin address. Callable by admin only.\n * @param newCrossDomainAdmin New cross domain admin.\n */\n function setCrossDomainAdmin(address newCrossDomainAdmin) public override onlyAdmin nonReentrant {\n _setCrossDomainAdmin(newCrossDomainAdmin);\n }\n\n /**\n * @notice Change L1 hub pool address. Callable by admin only.\n * @param newHubPool New hub pool.\n */\n function setHubPool(address newHubPool) public override onlyAdmin nonReentrant {\n _setHubPool(newHubPool);\n }\n\n /**\n * @notice Enable/Disable an origin token => destination chain ID route for deposits. Callable by admin only.\n * @param originToken Token that depositor can deposit to this contract.\n * @param destinationChainId Chain ID for where depositor wants to receive funds.\n * @param enabled True to enable deposits, False otherwise.\n */\n function setEnableRoute(\n address originToken,\n uint256 destinationChainId,\n bool enabled\n ) public override onlyAdmin nonReentrant {\n enabledDepositRoutes[originToken][destinationChainId] = enabled;\n emit EnabledDepositRoute(originToken, destinationChainId, enabled);\n }\n\n /**\n * @notice Change allowance for deposit quote time to differ from current block time. Callable by admin only.\n * @param newDepositQuoteTimeBuffer New quote time buffer.\n */\n function setDepositQuoteTimeBuffer(uint32 newDepositQuoteTimeBuffer) public override onlyAdmin nonReentrant {\n depositQuoteTimeBuffer = newDepositQuoteTimeBuffer;\n emit SetDepositQuoteTimeBuffer(newDepositQuoteTimeBuffer);\n }\n\n /**\n * @notice This method stores a new root bundle in this contract that can be executed to refund relayers, fulfill\n * slow relays, and send funds back to the HubPool on L1. This method can only be called by the admin and is\n * designed to be called as part of a cross-chain message from the HubPool's executeRootBundle method.\n * @param relayerRefundRoot Merkle root containing relayer refund leaves that can be individually executed via\n * executeRelayerRefundLeaf().\n * @param slowRelayRoot Merkle root containing slow relay fulfillment leaves that can be individually executed via\n * executeSlowRelayLeaf().\n */\n function relayRootBundle(bytes32 relayerRefundRoot, bytes32 slowRelayRoot) public override onlyAdmin nonReentrant {\n uint32 rootBundleId = uint32(rootBundles.length);\n RootBundle storage rootBundle = rootBundles.push();\n rootBundle.relayerRefundRoot = relayerRefundRoot;\n rootBundle.slowRelayRoot = slowRelayRoot;\n emit RelayedRootBundle(rootBundleId, relayerRefundRoot, slowRelayRoot);\n }\n\n /**\n * @notice This method is intended to only be used in emergencies where a bad root bundle has reached the\n * SpokePool.\n * @param rootBundleId Index of the root bundle that needs to be deleted. Note: this is intentionally a uint256\n * to ensure that a small input range doesn't limit which indices this method is able to reach.\n */\n function emergencyDeleteRootBundle(uint256 rootBundleId) public override onlyAdmin nonReentrant {\n // Deleting a struct containing a mapping does not delete the mapping in Solidity, therefore the bitmap's\n // data will still remain potentially leading to vulnerabilities down the line. The way around this would\n // be to iterate through every key in the mapping and resetting the value to 0, but this seems expensive and\n // would require a new list in storage to keep track of keys.\n //slither-disable-next-line mapping-deletion\n delete rootBundles[rootBundleId];\n emit EmergencyDeleteRootBundle(rootBundleId);\n }\n\n /**************************************\n * DEPOSITOR FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by user to bridge funds from origin to destination chain. Depositor will effectively lock\n * tokens in this contract and receive a destination token on the destination chain. The origin => destination\n * token mapping is stored on the L1 HubPool.\n * @notice The caller must first approve this contract to spend amount of originToken.\n * @notice The originToken => destinationChainId must be enabled.\n * @notice This method is payable because the caller is able to deposit native token if the originToken is\n * wrappedNativeToken and this function will handle wrapping the native token to wrappedNativeToken.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) public payable override nonReentrant unpausedDeposits {\n // Check that deposit route is enabled.\n require(enabledDepositRoutes[originToken][destinationChainId], \"Disabled route\");\n\n // We limit the relay fees to prevent the user spending all their funds on fees.\n require(SignedMath.abs(relayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n require(depositCounter[originToken] <= maxCount, \"Above max count\");\n\n // Require that quoteTimestamp has a maximum age so that depositors pay an LP fee based on recent HubPool usage.\n // It is assumed that cross-chain timestamps are normally loosely in-sync, but clock drift can occur. If the\n // SpokePool time stalls or lags significantly, it is still possible to make deposits by setting quoteTimestamp\n // within the configured buffer. The owner should pause deposits if this is undesirable. This will underflow if\n // quoteTimestamp is more than depositQuoteTimeBuffer; this is safe but will throw an unintuitive error.\n\n // slither-disable-next-line timestamp\n require(getCurrentTime() - quoteTimestamp <= depositQuoteTimeBuffer, \"invalid quoteTimestamp\");\n\n // Increment count of deposits so that deposit ID for this spoke pool is unique.\n uint32 newDepositId = numberOfDeposits++;\n depositCounter[originToken] += amount;\n\n // If the address of the origin token is a wrappedNativeToken contract and there is a msg.value with the\n // transaction then the user is sending ETH. In this case, the ETH should be deposited to wrappedNativeToken.\n if (originToken == address(wrappedNativeToken) && msg.value > 0) {\n require(msg.value == amount, \"msg.value must match amount\");\n wrappedNativeToken.deposit{ value: msg.value }();\n // Else, it is a normal ERC20. In this case pull the token from the user's wallet as per normal.\n // Note: this includes the case where the L2 user has WETH (already wrapped ETH) and wants to bridge them.\n // In this case the msg.value will be set to 0, indicating a \"normal\" ERC20 bridging action.\n } else IERC20Upgradeable(originToken).safeTransferFrom(msg.sender, address(this), amount);\n\n emit FundsDeposited(\n amount,\n chainId(),\n destinationChainId,\n relayerFeePct,\n newDepositId,\n quoteTimestamp,\n originToken,\n recipient,\n msg.sender,\n message\n );\n }\n\n /**\n * @notice This is a simple wrapper for deposit() that sets the quoteTimestamp to the current SpokePool timestamp.\n * @notice This function is intended for multisig depositors who can accept some LP fee uncertainty in order to lift\n * the quoteTimestamp buffer constraint.\n * @dev Re-orgs may produce invalid fills if the quoteTimestamp moves across a change in HubPool utilisation.\n * @dev The existing function modifiers are already enforced by deposit(), so no additional modifiers are imposed.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function depositNow(\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n bytes memory message,\n uint256 maxCount\n ) public payable {\n deposit(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n uint32(getCurrentTime()),\n message,\n maxCount\n );\n }\n\n /**\n * @notice Convenience method that depositor can use to signal to relayer to use updated fee.\n * @notice Relayer should only use events emitted by this function to submit fills with updated fees, otherwise they\n * risk their fills getting disputed for being invalid, for example if the depositor never actually signed the\n * update fee message.\n * @notice This function will revert if the depositor did not sign a message containing the updated fee for the\n * deposit ID stored in this contract. If the deposit ID is for another contract, or the depositor address is\n * incorrect, or the updated fee is incorrect, then the signature will not match and this function will revert.\n * @notice This function is not subject to a deposit pause on the off chance that deposits sent before all deposits\n * are paused have very low fees and the user wants to entice a relayer to fill them with a higher fee.\n * @param depositor Signer of the update fee message who originally submitted the deposit. If the deposit doesn't\n * exist, then the relayer will not be able to fill any relay, so the caller should validate that the depositor\n * did in fact submit a relay.\n * @param updatedRelayerFeePct New relayer fee that relayers can use.\n * @param depositId Deposit to update fee for that originated in this contract.\n * @param updatedRecipient New recipient address that should receive the tokens.\n * @param updatedMessage New message that should be provided to the recipient.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n */\n function speedUpDeposit(\n address depositor,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) public override nonReentrant {\n require(SignedMath.abs(updatedRelayerFeePct) < 0.5e18, \"Invalid relayer fee\");\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n chainId(),\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n\n // Assuming the above checks passed, a relayer can take the signature and the updated relayer fee information\n // from the following event to submit a fill with an updated fee %.\n emit RequestedSpeedUpDeposit(\n updatedRelayerFeePct,\n depositId,\n depositor,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n }\n\n /**************************************\n * RELAYER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Called by relayer to fulfill part of a deposit by sending destination tokens to the recipient.\n * Relayer is expected to pass in unique identifying information for deposit that they want to fulfill, and this\n * relay submission will be validated by off-chain data workers who can dispute this relay if any part is invalid.\n * If the relay is valid, then the relayer will be refunded on their desired repayment chain. If relay is invalid,\n * then relayer will not receive any refund.\n * @notice All of the deposit data can be found via on-chain events from the origin SpokePool, except for the\n * realizedLpFeePct which is a function of the HubPool's utilization at the deposit quote time. This fee %\n * is deterministic based on the quote time, so the relayer should just compute it using the canonical algorithm\n * as described in a UMIP linked to the HubPool's identifier.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Fee % to keep as relayer, specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Message to send to recipient along with tokens.\n * @param maxCount Max count to protect the relayer from frontrunning.\n */\n function fillRelay(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n bytes memory message,\n uint256 maxCount\n ) public nonReentrant unpausedFills {\n // Each relay attempt is mapped to the hash of data uniquely identifying it, which includes the deposit data\n // such as the origin chain ID and the deposit ID, and the data in a relay attempt such as who the recipient\n // is, which chain and currency the recipient wants to receive funds on, and the relay fees.\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: relayerFeePct,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Called by relayer to execute same logic as calling fillRelay except that relayer is using an updated\n * relayer fee %. The fee % must have been emitted in a message cryptographically signed by the depositor.\n * @notice By design, the depositor probably emitted the message with the updated fee by calling speedUpDeposit().\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param maxTokensToSend Max amount of tokens to send recipient. If higher than amount, then caller will\n * send recipient the full relay amount.\n * @param repaymentChainId Chain of SpokePool where relayer wants to be refunded after the challenge window has\n * passed.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param updatedRelayerFeePct New fee % to keep as relayer also specified by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param message Original message that was sent along with this deposit.\n * @param updatedMessage Modified message that the depositor signed when updating parameters.\n * @param depositorSignature Signed message containing the depositor address, this contract chain ID, the updated\n * relayer fee %, and the deposit ID. This signature is produced by signing a hash of data according to the\n * EIP-712 standard. See more in the _verifyUpdateRelayerFeeMessage() comments.\n * @param maxCount Max fill count to protect the relayer from frontrunning.\n */\n function fillRelayWithUpdatedDeposit(\n address depositor,\n address recipient,\n address updatedRecipient,\n address destinationToken,\n uint256 amount,\n uint256 maxTokensToSend,\n uint256 repaymentChainId,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n int64 updatedRelayerFeePct,\n uint32 depositId,\n bytes memory message,\n bytes memory updatedMessage,\n bytes memory depositorSignature,\n uint256 maxCount\n ) public override nonReentrant unpausedFills {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: chainId(),\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: updatedRelayerFeePct,\n updatedRecipient: updatedRecipient,\n updatedMessage: updatedMessage,\n repaymentChainId: repaymentChainId,\n maxTokensToSend: maxTokensToSend,\n slowFill: false,\n payoutAdjustmentPct: 0,\n maxCount: maxCount\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifyUpdateDepositMessage(\n depositor,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n updatedMessage,\n depositorSignature\n );\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n /**\n * @notice Caller signals to the system that they want a refund on this chain, which they set as the\n * `repaymentChainId` on the original fillRelay() call on the `destinationChainId`. An observer should be\n * be able to 1-to-1 match the emitted RefundRequested event with the FilledRelay event on the `destinationChainId`.\n * @dev This function could be used to artificially inflate the `fillCounter`, allowing the caller to \"frontrun\"\n * and cancel pending fills in the mempool. This would in the worst case censor fills at the cost of the caller's\n * gas costs. We don't view this as a major issue as the fill can be resubmitted and obtain the same incentive,\n * since incentives are based on validated refunds and would ignore these censoring attempts. This is no\n * different from calling `fillRelay` and setting msg.sender = recipient.\n * @dev Caller needs to pass in `fillBlock` that the FilledRelay event was emitted on the `destinationChainId`.\n * This is to make it hard to request a refund before a fill has been mined and to make lookups of the original\n * fill as simple as possible.\n * @param refundToken This chain's token equivalent for original fill destination token.\n * @param amount Original deposit amount.\n * @param originChainId Original origin chain ID.\n * @param destinationChainId Original destination chain ID.\n * @param realizedLpFeePct Original realized LP fee %.\n * @param depositId Original deposit ID.\n * @param maxCount Max count to protect the refund recipient from frontrunning.\n */\n function requestRefund(\n address refundToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n uint32 depositId,\n uint256 fillBlock,\n uint256 maxCount\n ) external nonReentrant {\n // Prevent unrealistic amounts from increasing fill counter too high.\n require(amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[refundToken] <= maxCount, \"Above max count\");\n\n // Track duplicate refund requests.\n bytes32 refundHash = keccak256(\n abi.encode(\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock\n )\n );\n\n // Track duplicate requests so that an offchain actor knows if an identical request has already been made.\n // If so, it can check to ensure that that request was thrown out as invalid before honoring the duplicate.\n // In particular, this is meant to handle odd cases where an initial request is invalidated based on\n // timing, but can be validated by a later, identical request.\n uint256 previousIdenticalRequests = refundsRequested[refundHash]++;\n\n // Refund will take tokens out of this pool, increment the fill counter. This function should only be\n // called if a relayer from destinationChainId wants to take a refund on this chain, a different chain.\n // This type of repayment should only be possible for full fills, so the starting fill amount should\n // always be 0. Also, just like in _fillRelay we should revert if the first fill pre fees rounds to 0,\n // and in this case `amount` == `fillAmountPreFees`.\n require(amount > 0, \"Amount must be > 0\");\n _updateCountFromFill(\n 0,\n true, // The refund is being requested here, so it is local.\n amount,\n realizedLpFeePct,\n refundToken,\n false // Slow fills should never match with a Refund. This should be enforced by off-chain bundle builders.\n );\n\n emit RefundRequested(\n // Set caller as relayer. If caller is not relayer from destination chain that originally sent\n // fill, then off-chain validator should discard this refund attempt.\n msg.sender,\n refundToken,\n amount,\n originChainId,\n destinationChainId,\n realizedLpFeePct,\n depositId,\n fillBlock,\n previousIdenticalRequests\n );\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Executes a slow relay leaf stored as part of a root bundle. Will send the full amount remaining in the\n * relay to the recipient, less fees.\n * @dev This function assumes that the relay's destination chain ID is the current chain ID, which prevents\n * the caller from executing a slow relay intended for another chain on this chain.\n * @param depositor Depositor on origin chain who set this chain as the destination chain.\n * @param recipient Specified recipient on this chain.\n * @param destinationToken Token to send to recipient. Should be mapped to the origin token, origin chain ID\n * and this chain ID via a mapping on the HubPool.\n * @param amount Full size of the deposit.\n * @param originChainId Chain of SpokePool where deposit originated.\n * @param realizedLpFeePct Fee % based on L1 HubPool utilization at deposit quote time. Deterministic based on\n * quote time.\n * @param relayerFeePct Original fee % to keep as relayer set by depositor.\n * @param depositId Unique deposit ID on origin spoke pool.\n * @param rootBundleId Unique ID of root bundle containing slow relay root that this leaf is contained in.\n * @param message Message to send to the recipient if the recipient is a contract.\n * @param payoutAdjustment Adjustment to the payout amount. Can be used to increase or decrease the payout to allow\n * for rewards or penalties.\n * @param proof Inclusion proof for this leaf in slow relay root in root bundle.\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n amount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Executes a relayer refund leaf stored as part of a root bundle. Will send the relayer the amount they\n * sent to the recipient plus a relayer fee.\n * @param rootBundleId Unique ID of root bundle containing relayer refund root that this leaf is contained in.\n * @param relayerRefundLeaf Contains all data necessary to reconstruct leaf contained in root bundle and to\n * refund relayer. This data structure is explained in detail in the SpokePoolInterface.\n * @param proof Inclusion proof for this leaf in relayer refund root in root bundle.\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public virtual override nonReentrant {\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * VIEW FUNCTIONS *\n **************************************/\n\n /**\n * @notice Returns chain ID for this network.\n * @dev Some L2s like ZKSync don't support the CHAIN_ID opcode so we allow the implementer to override this.\n */\n function chainId() public view virtual override returns (uint256) {\n return block.chainid;\n }\n\n /**\n * @notice Gets the current time.\n * @return uint for the current timestamp.\n */\n function getCurrentTime() public view virtual returns (uint256) {\n return block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Verifies inclusion proof of leaf in root, sends relayer their refund, and sends to HubPool any rebalance\n // transfers.\n function _executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) internal {\n // Check integrity of leaf structure:\n require(relayerRefundLeaf.chainId == chainId(), \"Invalid chainId\");\n require(relayerRefundLeaf.refundAddresses.length == relayerRefundLeaf.refundAmounts.length, \"invalid leaf\");\n\n RootBundle storage rootBundle = rootBundles[rootBundleId];\n\n // Check that inclusionProof proves that relayerRefundLeaf is contained within the relayer refund root.\n // Note: This should revert if the relayerRefundRoot is uninitialized.\n require(MerkleLib.verifyRelayerRefund(rootBundle.relayerRefundRoot, relayerRefundLeaf, proof), \"Bad Proof\");\n\n // Verify the leafId in the leaf has not yet been claimed.\n require(!MerkleLib.isClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId), \"Already claimed\");\n\n // Set leaf as claimed in bitmap. This is passed by reference to the storage rootBundle.\n MerkleLib.setClaimed(rootBundle.claimedBitmap, relayerRefundLeaf.leafId);\n\n // Send each relayer refund address the associated refundAmount for the L2 token address.\n // Note: Even if the L2 token is not enabled on this spoke pool, we should still refund relayers.\n uint256 length = relayerRefundLeaf.refundAmounts.length;\n for (uint256 i = 0; i < length; ) {\n uint256 amount = relayerRefundLeaf.refundAmounts[i];\n if (amount > 0)\n IERC20Upgradeable(relayerRefundLeaf.l2TokenAddress).safeTransfer(\n relayerRefundLeaf.refundAddresses[i],\n amount\n );\n\n // OK because we assume refund array length won't be > types(uint256).max.\n // Based on the stress test results in /test/gas-analytics/SpokePool.RelayerRefundLeaf.ts, the UMIP should\n // limit the refund count in valid proposals to be ~800 so any RelayerRefundLeaves with > 800 refunds should\n // not make it to this stage.\n\n unchecked {\n ++i;\n }\n }\n\n // If leaf's amountToReturn is positive, then send L2 --> L1 message to bridge tokens back via\n // chain-specific bridging method.\n if (relayerRefundLeaf.amountToReturn > 0) {\n _bridgeTokensToHubPool(relayerRefundLeaf);\n\n emit TokensBridged(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n msg.sender\n );\n }\n\n emit ExecutedRelayerRefundRoot(\n relayerRefundLeaf.amountToReturn,\n relayerRefundLeaf.chainId,\n relayerRefundLeaf.refundAmounts,\n rootBundleId,\n relayerRefundLeaf.leafId,\n relayerRefundLeaf.l2TokenAddress,\n relayerRefundLeaf.refundAddresses,\n msg.sender\n );\n }\n\n // Verifies inclusion proof of leaf in root and sends recipient remainder of relay. Marks relay as filled.\n function _executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 amount,\n uint256 originChainId,\n uint256 destinationChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustmentPct,\n bytes32[] memory proof\n ) internal {\n RelayExecution memory relayExecution = RelayExecution({\n relay: SpokePoolInterface.RelayData({\n depositor: depositor,\n recipient: recipient,\n destinationToken: destinationToken,\n amount: amount,\n realizedLpFeePct: realizedLpFeePct,\n relayerFeePct: relayerFeePct,\n depositId: depositId,\n originChainId: originChainId,\n destinationChainId: destinationChainId,\n message: message\n }),\n relayHash: bytes32(0),\n updatedRelayerFeePct: 0,\n updatedRecipient: recipient,\n updatedMessage: message,\n repaymentChainId: 0,\n maxTokensToSend: SLOW_FILL_MAX_TOKENS_TO_SEND,\n slowFill: true,\n payoutAdjustmentPct: payoutAdjustmentPct,\n maxCount: type(uint256).max\n });\n relayExecution.relayHash = _getRelayHash(relayExecution.relay);\n\n _verifySlowFill(relayExecution, rootBundleId, proof);\n\n // Note: use relayAmount as the max amount to send, so the relay is always completely filled by the contract's\n // funds in all cases. As this is a slow relay we set the relayerFeePct to 0. This effectively refunds the\n // relayer component of the relayerFee thereby only charging the depositor the LpFee.\n uint256 fillAmountPreFees = _fillRelay(relayExecution);\n\n // Note: Set repayment chain ID to 0 to indicate that there is no repayment to be made. The off-chain data\n // worker can use repaymentChainId=0 as a signal to ignore such relays for refunds. Also, set the relayerFeePct\n // to 0 as slow relays do not pay the caller of this method (depositor is refunded this fee).\n _emitFillRelay(relayExecution, fillAmountPreFees);\n }\n\n function _setCrossDomainAdmin(address newCrossDomainAdmin) internal {\n require(newCrossDomainAdmin != address(0), \"Bad bridge router address\");\n crossDomainAdmin = newCrossDomainAdmin;\n emit SetXDomainAdmin(newCrossDomainAdmin);\n }\n\n function _setHubPool(address newHubPool) internal {\n require(newHubPool != address(0), \"Bad hub pool address\");\n hubPool = newHubPool;\n emit SetHubPool(newHubPool);\n }\n\n // Should be overriden by implementing contract depending on how L2 handles sending tokens to L1.\n function _bridgeTokensToHubPool(SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf) internal virtual;\n\n function _verifyUpdateDepositMessage(\n address depositor,\n uint32 depositId,\n uint256 originChainId,\n int64 updatedRelayerFeePct,\n address updatedRecipient,\n bytes memory updatedMessage,\n bytes memory depositorSignature\n ) internal view {\n // A depositor can request to modify an un-relayed deposit by signing a hash containing the updated\n // details and information uniquely identifying the deposit to relay. This information ensures\n // that this signature cannot be re-used for other deposits.\n // Note: We use the EIP-712 (https://eips.ethereum.org/EIPS/eip-712) standard for hashing and signing typed data.\n // Specifically, we use the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n // `eth_signedTypedDataV4` in MetaMask (https://docs.metamask.io/guide/signing-data.html).\n bytes32 expectedTypedDataV4Hash = _hashTypedDataV4(\n // EIP-712 compliant hash struct: https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct\n keccak256(\n abi.encode(\n UPDATE_DEPOSIT_DETAILS_HASH,\n depositId,\n originChainId,\n updatedRelayerFeePct,\n updatedRecipient,\n keccak256(updatedMessage)\n )\n ),\n // By passing in the origin chain id, we enable the verification of the signature on a different chain\n originChainId\n );\n _verifyDepositorSignature(depositor, expectedTypedDataV4Hash, depositorSignature);\n }\n\n // This function is isolated and made virtual to allow different L2's to implement chain specific recovery of\n // signers from signatures because some L2s might not support ecrecover. To be safe, consider always reverting\n // this function for L2s where ecrecover is different from how it works on Ethereum, otherwise there is the\n // potential to forge a signature from the depositor using a different private key than the original depositor's.\n function _verifyDepositorSignature(\n address depositor,\n bytes32 ethSignedMessageHash,\n bytes memory depositorSignature\n ) internal view virtual {\n // Note:\n // - We don't need to worry about reentrancy from a contract deployed at the depositor address since the method\n // `SignatureChecker.isValidSignatureNow` is a view method. Re-entrancy can happen, but it cannot affect state.\n // - EIP-1271 signatures are supported. This means that a signature valid now, may not be valid later and vice-versa.\n // - For an EIP-1271 signature to work, the depositor contract address must map to a deployed contract on the destination\n // chain that can validate the signature.\n // - Regular signatures from an EOA are also supported.\n bool isValid = SignatureChecker.isValidSignatureNow(depositor, ethSignedMessageHash, depositorSignature);\n require(isValid, \"invalid signature\");\n }\n\n function _verifySlowFill(\n RelayExecution memory relayExecution,\n uint32 rootBundleId,\n bytes32[] memory proof\n ) internal view {\n SlowFill memory slowFill = SlowFill({\n relayData: relayExecution.relay,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n require(\n MerkleLib.verifySlowRelayFulfillment(rootBundles[rootBundleId].slowRelayRoot, slowFill, proof),\n \"Invalid slow relay proof\"\n );\n }\n\n function _computeAmountPreFees(uint256 amount, int64 feesPct) private pure returns (uint256) {\n return (1e18 * amount) / uint256((int256(1e18) - feesPct));\n }\n\n function _computeAmountPostFees(uint256 amount, int256 feesPct) private pure returns (uint256) {\n return (amount * uint256(int256(1e18) - feesPct)) / 1e18;\n }\n\n function _getRelayHash(SpokePoolInterface.RelayData memory relayData) private pure returns (bytes32) {\n return keccak256(abi.encode(relayData));\n }\n\n // Unwraps ETH and does a transfer to a recipient address. If the recipient is a smart contract then sends wrappedNativeToken.\n function _unwrapwrappedNativeTokenTo(address payable to, uint256 amount) internal {\n if (address(to).isContract()) {\n IERC20Upgradeable(address(wrappedNativeToken)).safeTransfer(to, amount);\n } else {\n wrappedNativeToken.withdraw(amount);\n AddressLibUpgradeable.sendValue(to, amount);\n }\n }\n\n /**\n * @notice Caller specifies the max amount of tokens to send to user. Based on this amount and the amount of the\n * relay remaining (as stored in the relayFills mapping), pull the amount of tokens from the caller\n * and send to the recipient.\n * @dev relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n * numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n * fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n * @dev Caller must approve this contract to transfer up to maxTokensToSend of the relayData.destinationToken.\n * The amount to be sent might end up less if there is insufficient relay amount remaining to be sent.\n */\n function _fillRelay(RelayExecution memory relayExecution) internal returns (uint256 fillAmountPreFees) {\n RelayData memory relayData = relayExecution.relay;\n // We limit the relay fees to prevent the user spending all their funds on fees. Note that 0.5e18 (i.e. 50%)\n // fees are just magic numbers. The important point is to prevent the total fee from being 100%, otherwise\n // computing the amount pre fees runs into divide-by-0 issues.\n require(\n SignedMath.abs(relayExecution.updatedRelayerFeePct) < 0.5e18 &&\n SignedMath.abs(relayData.realizedLpFeePct) < 0.5e18,\n \"invalid fees\"\n );\n\n require(relayData.amount <= MAX_TRANSFER_SIZE, \"Amount too large\");\n\n // Check that the relay has not already been completely filled. Note that the relays mapping will point to\n // the amount filled so far for a particular relayHash, so this will start at 0 and increment with each fill.\n require(relayFills[relayExecution.relayHash] < relayData.amount, \"relay filled\");\n\n // This allows the caller to add in frontrunning protection for quote validity.\n require(fillCounter[relayData.destinationToken] <= relayExecution.maxCount, \"Above max count\");\n\n // Derive the amount of the relay filled if the caller wants to send exactly maxTokensToSend tokens to\n // the recipient. For example, if the user wants to send 10 tokens to the recipient, the full relay amount\n // is 100, and the fee %'s total 5%, then this computation would return ~10.5, meaning that to fill 10.5/100\n // of the full relay size, the caller would need to send 10 tokens to the user.\n // This is equivalent to the amount to be sent by the relayer before fees have been taken out.\n fillAmountPreFees = _computeAmountPreFees(\n relayExecution.maxTokensToSend,\n (relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct)\n );\n // If fill amount minus fees, which is possible with small fill amounts and negative fees, then\n // revert.\n require(fillAmountPreFees > 0, \"fill amount pre fees is 0\");\n\n // If user's specified max amount to send is greater than the amount of the relay remaining pre-fees,\n // we'll pull exactly enough tokens to complete the relay.\n uint256 amountRemainingInRelay = relayData.amount - relayFills[relayExecution.relayHash];\n if (amountRemainingInRelay < fillAmountPreFees) {\n fillAmountPreFees = amountRemainingInRelay;\n }\n\n // Apply post-fees computation to amount that relayer will send to user. Rounding errors are possible\n // when computing fillAmountPreFees and then amountToSend, and we just want to enforce that\n // the error added to amountToSend is consistently applied to partial and full fills.\n uint256 amountToSend = _computeAmountPostFees(\n fillAmountPreFees,\n relayData.realizedLpFeePct + relayExecution.updatedRelayerFeePct\n );\n\n // This can only happen in a slow fill, where the contract is funding the relay.\n if (relayExecution.payoutAdjustmentPct != 0) {\n // If payoutAdjustmentPct is positive, then the recipient will receive more than the amount they\n // were originally expecting. If it is negative, then the recipient will receive less.\n // -1e18 is -100%. Because we cannot pay out negative values, that is the minimum.\n require(relayExecution.payoutAdjustmentPct >= -1e18, \"payoutAdjustmentPct too small\");\n\n // Allow the payout adjustment to go up to 1000% (i.e. 11x).\n // This is a sanity check to ensure the payouts do not grow too large via some sort of issue in bundle\n // construction.\n require(relayExecution.payoutAdjustmentPct <= 100e18, \"payoutAdjustmentPct too large\");\n\n // Note: since _computeAmountPostFees is typically intended for fees, the signage must be reversed.\n amountToSend = _computeAmountPostFees(amountToSend, -relayExecution.payoutAdjustmentPct);\n\n // Note: this error should never happen, since the maxTokensToSend is expected to be set much higher than\n // the amount, but it is here as a sanity check.\n require(amountToSend <= relayExecution.maxTokensToSend, \"Somehow hit maxTokensToSend!\");\n }\n\n // Since the first partial fill is used to update the fill counter for the entire refund amount, we don't have\n // a simple way to handle the case where follow-up partial fills take repayment on different chains. We'd\n // need a way to decrement the fill counter in this case (or increase deposit counter) to ensure that users\n // have adequate frontrunning protections.\n // Instead of adding complexity, we require that all partial fills set repayment chain equal to destination chain.\n // Note: .slowFill is checked because slow fills set repaymentChainId to 0.\n bool localRepayment = relayExecution.repaymentChainId == relayExecution.relay.destinationChainId;\n require(\n localRepayment || relayExecution.relay.amount == fillAmountPreFees || relayExecution.slowFill,\n \"invalid repayment chain\"\n );\n\n // Update fill counter.\n _updateCountFromFill(\n relayFills[relayExecution.relayHash],\n localRepayment,\n relayData.amount,\n relayData.realizedLpFeePct,\n relayData.destinationToken,\n relayExecution.slowFill\n );\n\n // relayFills keeps track of pre-fee fill amounts as a convenience to relayers who want to specify round\n // numbers for the maxTokensToSend parameter or convenient numbers like 100 (i.e. relayers who will fully\n // fill any relay up to 100 tokens, and partial fill with 100 tokens for larger relays).\n relayFills[relayExecution.relayHash] += fillAmountPreFees;\n\n // If relayer and receiver are the same address, there is no need to do any transfer, as it would result in no\n // net movement of funds.\n // Note: this is important because it means that relayers can intentionally self-relay in a capital efficient\n // way (no need to have funds on the destination).\n // If this is a slow fill, we can't exit early since we still need to send funds out of this contract\n // since there is no \"relayer\".\n if (msg.sender == relayExecution.updatedRecipient && !relayExecution.slowFill) return fillAmountPreFees;\n\n // If relay token is wrappedNativeToken then unwrap and send native token.\n if (relayData.destinationToken == address(wrappedNativeToken)) {\n // Note: useContractFunds is True if we want to send funds to the recipient directly out of this contract,\n // otherwise we expect the caller to send funds to the recipient. If useContractFunds is True and the\n // recipient wants wrappedNativeToken, then we can assume that wrappedNativeToken is already in the\n // contract, otherwise we'll need the user to send wrappedNativeToken to this contract. Regardless, we'll\n // need to unwrap it to native token before sending to the user.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(msg.sender, address(this), amountToSend);\n _unwrapwrappedNativeTokenTo(payable(relayExecution.updatedRecipient), amountToSend);\n // Else, this is a normal ERC20 token. Send to recipient.\n } else {\n // Note: Similar to note above, send token directly from the contract to the user in the slow relay case.\n if (!relayExecution.slowFill)\n IERC20Upgradeable(relayData.destinationToken).safeTransferFrom(\n msg.sender,\n relayExecution.updatedRecipient,\n amountToSend\n );\n else\n IERC20Upgradeable(relayData.destinationToken).safeTransfer(\n relayExecution.updatedRecipient,\n amountToSend\n );\n }\n\n if (relayExecution.updatedRecipient.isContract() && relayExecution.updatedMessage.length > 0) {\n AcrossMessageHandler(relayExecution.updatedRecipient).handleAcrossMessage(\n relayData.destinationToken,\n amountToSend,\n relayFills[relayExecution.relayHash] >= relayData.amount,\n msg.sender,\n relayExecution.updatedMessage\n );\n }\n }\n\n function _updateCountFromFill(\n uint256 startingFillAmount,\n bool localRepayment,\n uint256 totalFillAmount,\n int64 realizedLPFeePct,\n address token,\n bool useContractFunds\n ) internal {\n // If this is a slow fill, a first partial fill with repayment on another chain, or a partial fill has already happened, do nothing, as these\n // should not impact the count. Initial 0-fills will not reach this part of the code.\n if (useContractFunds || startingFillAmount > 0 || !localRepayment) return;\n fillCounter[token] += _computeAmountPostFees(totalFillAmount, realizedLPFeePct);\n }\n\n function _emitFillRelay(RelayExecution memory relayExecution, uint256 fillAmountPreFees) internal {\n RelayExecutionInfo memory relayExecutionInfo = RelayExecutionInfo({\n relayerFeePct: relayExecution.updatedRelayerFeePct,\n recipient: relayExecution.updatedRecipient,\n message: relayExecution.updatedMessage,\n isSlowRelay: relayExecution.slowFill,\n payoutAdjustmentPct: relayExecution.payoutAdjustmentPct\n });\n\n emit FilledRelay(\n relayExecution.relay.amount,\n relayFills[relayExecution.relayHash],\n fillAmountPreFees,\n relayExecution.repaymentChainId,\n relayExecution.relay.originChainId,\n relayExecution.relay.destinationChainId,\n relayExecution.relay.relayerFeePct,\n relayExecution.relay.realizedLpFeePct,\n relayExecution.relay.depositId,\n relayExecution.relay.destinationToken,\n msg.sender,\n relayExecution.relay.depositor,\n relayExecution.relay.recipient,\n relayExecution.relay.message,\n relayExecutionInfo\n );\n }\n\n // Implementing contract needs to override this to ensure that only the appropriate cross chain admin can execute\n // certain admin functions. For L2 contracts, the cross chain admin refers to some L1 address or contract, and for\n // L1, this would just be the same admin of the HubPool.\n function _requireAdminSender() internal virtual;\n\n // Added to enable the this contract to receive native token (ETH). Used when unwrapping wrappedNativeToken.\n receive() external payable {}\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/SpokePoolVerifier.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts/utils/Address.sol\";\nimport \"./interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice SpokePoolVerifier is a contract that verifies that the SpokePool exists on this chain before sending ETH to it.\n * @dev This contract must be deployed via Create2 to the same address on all chains. That way, an errant transaction sent\n * to the wrong chain will be blocked by this contract rather than hitting a dead address. This means that this contract\n * will not work to protect chains, like zkSync, where Create2 address derivations don't match other chains.\n * Source: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2\n */\ncontract SpokePoolVerifier {\n using Address for address;\n\n /**\n * @notice Passthrough function to `deposit()` on the SpokePool contract.\n * @dev Protects the caller from losing their ETH (or other native token) by reverting if the SpokePool address\n * they intended to call does not exist on this chain. Because this contract can be deployed at the same address\n * everywhere callers should be protected even if the transaction is submitted to an unintended network.\n * This contract should only be used for native token deposits, as this problem only exists for native tokens.\n * @param spokePool Address of the SpokePool contract that the user is intending to call.\n * @param recipient Address to receive funds at on destination chain.\n * @param originToken Token to lock into this contract to initiate deposit.\n * @param amount Amount of tokens to deposit. Will be amount of tokens to receive less fees.\n * @param destinationChainId Denotes network where user will receive funds from SpokePool by a relayer.\n * @param relayerFeePct % of deposit amount taken out to incentivize a fast relayer.\n * @param quoteTimestamp Timestamp used by relayers to compute this deposit's realizedLPFeePct which is paid\n * to LP pool on HubPool.\n * @param message Arbitrary data that can be used to pass additional information to the recipient along with the tokens.\n * Note: this is intended to be used to pass along instructions for how a contract should use or allocate the tokens.\n * @param maxCount used to protect the depositor from frontrunning to guarantee their quote remains valid.\n */\n function deposit(\n SpokePoolInterface spokePool,\n address recipient,\n address originToken,\n uint256 amount,\n uint256 destinationChainId,\n int64 relayerFeePct,\n uint32 quoteTimestamp,\n bytes memory message,\n uint256 maxCount\n ) external payable {\n require(msg.value == amount, \"msg.value != amount\");\n require(address(spokePool).isContract(), \"spokePool is not a contract\");\n spokePool.deposit{ value: msg.value }(\n recipient,\n originToken,\n amount,\n destinationChainId,\n relayerFeePct,\n quoteTimestamp,\n message,\n maxCount\n );\n }\n}\n" + }, + "contracts/Succinct_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\nimport \"./external/interfaces/SuccinctInterfaces.sol\";\n\n/**\n * @notice Succinct Spoke pool.\n */\ncontract Succinct_SpokePool is SpokePool, ITelepathyHandler {\n // Address of the succinct AMB contract.\n address public succinctTargetAmb;\n\n // Chain where HubPool is deployed that is linked to this SpokePool.\n uint16 public hubChainId;\n\n // Warning: this variable should _never_ be touched outside of this contract. It is intentionally set to be\n // private. Leaving it set to true can permanently disable admin calls.\n bool private adminCallValidated;\n\n event SetSuccinctTargetAmb(address indexed newSuccinctTargetAmb);\n event ReceivedMessageFromL1(address indexed caller, address indexed rootMessageSender);\n\n // Note: validating calls this way ensures that strange calls coming from the succinctTargetAmb won't be\n // misinterpreted. Put differently, just checking that msg.sender == succinctTargetAmb is not sufficient.\n // All calls that have admin privileges must be fired from within the handleTelepathy method that's gone\n // through validation where the sender is checked and the sender from the other chain is also validated.\n // This modifier sets the adminCallValidated variable so this condition can be checked in _requireAdminSender().\n modifier validateInternalCalls() {\n // Make sure adminCallValidated is set to True only once at beginning of processMessageFromRoot, which prevents\n // processMessageFromRoot from being re-entered.\n require(!adminCallValidated, \"adminCallValidated already set\");\n\n // This sets a variable indicating that we're now inside a validated call.\n // Note: this is used by other methods to ensure that this call has been validated by this method and is not\n // spoofed.\n adminCallValidated = true;\n\n _;\n\n // Reset adminCallValidated to false to disallow admin calls after this method exits.\n adminCallValidated = false;\n }\n\n /**\n * @notice Construct the Succinct SpokePool.\n * @param _hubChainId Chain ID of the chain where the HubPool is deployed.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wrappedNativeToken Address of the wrapped native token.\n */\n function initialize(\n uint16 _hubChainId,\n address _succinctTargetAmb,\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wrappedNativeToken\n ) public initializer {\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wrappedNativeToken);\n succinctTargetAmb = _succinctTargetAmb;\n hubChainId = _hubChainId;\n }\n\n /**\n * @notice Admin can reset the succinct contract address.\n * @param _succinctTargetAmb Address of the succinct AMB contract.\n */\n function setSuccinctTargetAmb(address _succinctTargetAmb) external onlyAdmin {\n succinctTargetAmb = _succinctTargetAmb;\n emit SetSuccinctTargetAmb(_succinctTargetAmb);\n }\n\n /**\n * @notice This will be called by Succinct AMB on this network to relay a message sent from the HubPool.\n * @param _sourceChainId Chain ID of the chain where the message originated.\n * @param _senderAddress Address of the sender on the chain where the message originated.\n * @param _data Data to be received and executed on this contract.\n */\n function handleTelepathy(\n uint16 _sourceChainId,\n address _senderAddress,\n bytes memory _data\n ) external override validateInternalCalls returns (bytes4) {\n // Validate msg.sender as succinct, the x-chain sender as being the hubPool (the admin) and the source chain as\n // 1 (mainnet).\n require(msg.sender == succinctTargetAmb, \"caller not succinct AMB\");\n require(_senderAddress == hubPool, \"sender not hubPool\");\n require(_sourceChainId == hubChainId, \"source chain not hub chain\");\n\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, ) = address(this).delegatecall(_data);\n require(success, \"delegatecall failed\");\n\n emit ReceivedMessageFromL1(msg.sender, _senderAddress);\n return ITelepathyHandler.handleTelepathy.selector;\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory) internal override {\n // This method is a no-op. If the chain intends to include bridging functionality, this must be overriden.\n // If not, leaving this unimplemented means this method may be triggered, but the result will be that no\n // balance is transferred.\n }\n\n // Check that the handleTelepathy method has validated the method to ensure the sender is authenticated.\n function _requireAdminSender() internal view override {\n require(adminCallValidated, \"Admin call not validated\");\n }\n}\n" + }, + "contracts/test/AcrossMessageHandlerMock.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\n\ncontract AcrossMessageHandlerMock is AcrossMessageHandler {\n function handleAcrossMessage(\n address tokenSent,\n uint256 amount,\n bool fillCompleted,\n address relayer,\n bytes memory message\n ) external override {}\n}\n" + }, + "contracts/test/MerkleLibTest.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../MerkleLib.sol\";\nimport \"../interfaces/HubPoolInterface.sol\";\nimport \"../interfaces/SpokePoolInterface.sol\";\n\n/**\n * @notice Contract to test the MerkleLib.\n */\ncontract MerkleLibTest {\n mapping(uint256 => uint256) public claimedBitMap;\n\n uint256 public claimedBitMap1D;\n\n function verifyPoolRebalance(\n bytes32 root,\n HubPoolInterface.PoolRebalanceLeaf memory rebalance,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyPoolRebalance(root, rebalance, proof);\n }\n\n function verifyRelayerRefund(\n bytes32 root,\n SpokePoolInterface.RelayerRefundLeaf memory refund,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifyRelayerRefund(root, refund, proof);\n }\n\n function verifySlowRelayFulfillment(\n bytes32 root,\n SpokePoolInterface.SlowFill memory slowFill,\n bytes32[] memory proof\n ) public pure returns (bool) {\n return MerkleLib.verifySlowRelayFulfillment(root, slowFill, proof);\n }\n\n function isClaimed(uint256 index) public view returns (bool) {\n return MerkleLib.isClaimed(claimedBitMap, index);\n }\n\n function setClaimed(uint256 index) public {\n MerkleLib.setClaimed(claimedBitMap, index);\n }\n\n function isClaimed1D(uint8 index) public view returns (bool) {\n return MerkleLib.isClaimed1D(claimedBitMap1D, index);\n }\n\n function setClaimed1D(uint8 index) public {\n claimedBitMap1D = MerkleLib.setClaimed1D(claimedBitMap1D, index);\n }\n}\n" + }, + "contracts/test/MockBedrockStandardBridge.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"../Ovm_SpokePool.sol\";\n\n// Provides payable withdrawTo interface introduced on Bedrock\ncontract MockBedrockL2StandardBridge is IL2ERC20Bridge {\n function withdrawTo(\n address _l2Token,\n address _to,\n uint256 _amount,\n uint32 _minGasLimit,\n bytes calldata _extraData\n ) external payable {\n // do nothing\n }\n}\n" + }, + "contracts/test/MockSpokePool.sol": { + "content": "//SPDX-License-Identifier: Unlicense\npragma solidity ^0.8.0;\n\nimport \"../SpokePool.sol\";\nimport \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\n\n/**\n * @title MockSpokePool\n * @notice Implements abstract contract for testing.\n */\ncontract MockSpokePool is SpokePool, OwnableUpgradeable {\n uint256 private chainId_;\n uint256 private currentTime;\n\n function initialize(\n uint32 _initialDepositId,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n __Ownable_init();\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n currentTime = block.timestamp; // solhint-disable-line not-rely-on-time\n }\n\n function setCurrentTime(uint256 time) external {\n currentTime = time;\n }\n\n function getCurrentTime() public view override returns (uint256) {\n return currentTime;\n }\n\n // solhint-disable-next-line no-empty-blocks\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {}\n\n function _requireAdminSender() internal override onlyOwner {} // solhint-disable-line no-empty-blocks\n\n function chainId() public view override(SpokePool) returns (uint256) {\n // If chainId_ is set then return it, else do nothing and return the parent chainId().\n return chainId_ == 0 ? super.chainId() : chainId_;\n }\n\n function setChainId(uint256 _chainId) public {\n chainId_ = _chainId;\n }\n}\n" + }, + "contracts/upgradeable/AddressLibUpgradeable.sol": { + "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)\n\npragma solidity ^0.8.1;\n\n/**\n * @title AddressUpgradeable\n * @dev Collection of functions related to the address type\n * @notice Logic is 100% copied from \"@openzeppelin/contracts-upgradeable/contracts/utils/AddressUpgradeable.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\nlibrary AddressLibUpgradeable {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n *\n * Furthermore, `isContract` will also return true if the target contract within\n * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,\n * which only has an effect at the end of a transaction.\n * ====\n *\n * [IMPORTANT]\n * ====\n * You shouldn't rely on `isContract` to protect against flash loan attacks!\n *\n * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets\n * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract\n * constructor.\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize/address.code.length, which returns 0\n // for contracts in construction, since the code is only stored at the end\n // of the constructor execution.\n\n return account.code.length > 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance >= amount, \"Address: insufficient balance\");\n\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain `call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value\n ) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(\n address target,\n bytes memory data,\n uint256 value,\n string memory errorMessage\n ) internal returns (bytes memory) {\n require(address(this).balance >= value, \"Address: insufficient balance for call\");\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n (bool success, bytes memory returndata) = target.staticcall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(\n address target,\n bytes memory data,\n string memory errorMessage\n ) internal returns (bytes memory) {\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return verifyCallResultFromTarget(target, success, returndata, errorMessage);\n }\n\n /**\n * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling\n * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.\n *\n * _Available since v4.8._\n */\n function verifyCallResultFromTarget(\n address target,\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal view returns (bytes memory) {\n if (success) {\n if (returndata.length == 0) {\n // only check isContract if the call was successful and the return data is empty\n // otherwise we already know that it was a contract\n require(isContract(target), \"Address: call to non-contract\");\n }\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n /**\n * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the\n * revert reason or using the provided one.\n *\n * _Available since v4.3._\n */\n function verifyCallResult(\n bool success,\n bytes memory returndata,\n string memory errorMessage\n ) internal pure returns (bytes memory) {\n if (success) {\n return returndata;\n } else {\n _revert(returndata, errorMessage);\n }\n }\n\n function _revert(bytes memory returndata, string memory errorMessage) private pure {\n // Look for revert reason and bubble it up if present\n if (returndata.length > 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n /// @solidity memory-safe-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n}\n" + }, + "contracts/upgradeable/EIP712CrossChainUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol\";\nimport \"@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol\";\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.\n *\n * This contract is based on OpenZeppelin's implementation:\n * https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/utils/cryptography/EIP712Upgradeable.sol\n *\n * NOTE: Modified version that allows to build a domain separator that relies on a different chain id than the chain this\n * contract is deployed to. An example use case we want to support is:\n * - User A signs a message on chain with id = 1\n * - User B executes a method by verifying user A's EIP-712 compliant signature on a chain with id != 1\n */\nabstract contract EIP712CrossChainUpgradeable is Initializable {\n /* solhint-disable var-name-mixedcase */\n bytes32 private _HASHED_NAME;\n bytes32 private _HASHED_VERSION;\n bytes32 private constant _TYPE_HASH = keccak256(\"EIP712Domain(string name,string version,uint256 chainId)\");\n\n /* solhint-enable var-name-mixedcase */\n\n /**\n * @dev Initializes the domain separator and parameter caches.\n *\n * The meaning of `name` and `version` is specified in\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:\n *\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n * - `version`: the current major version of the signing domain.\n *\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n * contract upgrade].\n */\n function __EIP712_init(string memory name, string memory version) internal onlyInitializing {\n __EIP712_init_unchained(name, version);\n }\n\n function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {\n bytes32 hashedName = keccak256(bytes(name));\n bytes32 hashedVersion = keccak256(bytes(version));\n _HASHED_NAME = hashedName;\n _HASHED_VERSION = hashedVersion;\n }\n\n /**\n * @dev Returns the domain separator depending on the `originChainId`.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 EIP-712-compliant domain separator.\n */\n function _domainSeparatorV4(uint256 originChainId) internal view returns (bytes32) {\n return keccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, originChainId));\n }\n\n /**\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n * function returns the hash of the fully encoded EIP712 message for this domain.\n *\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n *\n * ```solidity\n * bytes32 structHash = keccak256(abi.encode(\n * keccak256(\"Mail(address to,string contents)\"),\n * mailTo,\n * keccak256(bytes(mailContents))\n * ));\n * bytes32 digest = _hashTypedDataV4(structHash, originChainId);\n * address signer = ECDSA.recover(digest, signature);\n * ```\n * @param structHash Hashed struct as defined in https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.\n * @param originChainId Chain id of network where message originates from.\n * @return bytes32 Hash digest that is recoverable via `EDCSA.recover`.\n */\n function _hashTypedDataV4(bytes32 structHash, uint256 originChainId) internal view virtual returns (bytes32) {\n return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(originChainId), structHash);\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure it's always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/upgradeable/MultiCallerUpgradeable.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\n/**\n * @title MultiCallerUpgradeable\n * @notice Logic is 100% copied from \"@uma/core/contracts/common/implementation/MultiCaller.sol\" but one\n * comment is added to clarify why we allow delegatecall() in this contract, which is typically unsafe for use in\n * upgradeable implementation contracts.\n * @dev See https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#delegatecall-selfdestruct for more details.\n */\ncontract MultiCallerUpgradeable {\n function multicall(bytes[] calldata data) external returns (bytes[] memory results) {\n results = new bytes[](data.length);\n\n //slither-disable-start calls-loop\n for (uint256 i = 0; i < data.length; i++) {\n // Typically, implementation contracts used in the upgradeable proxy pattern shouldn't call `delegatecall`\n // because it could allow a malicious actor to call this implementation contract directly (rather than\n // through a proxy contract) and then selfdestruct() the contract, thereby freezing the upgradeable\n // proxy. However, since we're only delegatecall-ing into this contract, then we can consider this\n // use of delegatecall() safe.\n\n //slither-disable-start low-level-calls\n /// @custom:oz-upgrades-unsafe-allow delegatecall\n (bool success, bytes memory result) = address(this).delegatecall(data[i]);\n //slither-disable-end low-level-calls\n\n if (!success) {\n // Next 5 lines from https://ethereum.stackexchange.com/a/83577\n if (result.length < 68) revert();\n //slither-disable-next-line assembly\n assembly {\n result := add(result, 0x04)\n }\n revert(abi.decode(result, (string)));\n }\n\n results[i] = result;\n }\n //slither-disable-end calls-loop\n }\n\n // Reserve storage slots for future versions of this base contract to add state variables without\n // affecting the storage layout of child contracts. Decrement the size of __gap whenever state variables\n // are added. This is at bottom of contract to make sure its always at the end of storage.\n uint256[1000] private __gap;\n}\n" + }, + "contracts/ZkSync_SpokePool.sol": { + "content": "// SPDX-License-Identifier: BUSL-1.1\npragma solidity ^0.8.0;\n\nimport \"./SpokePool.sol\";\n\n// https://github.com/matter-labs/era-contracts/blob/6391c0d7bf6184d7f6718060e3991ba6f0efe4a7/zksync/contracts/bridge/L2ERC20Bridge.sol#L104\ninterface ZkBridgeLike {\n function withdraw(\n address _l1Receiver,\n address _l2Token,\n uint256 _amount\n ) external;\n}\n\ninterface IL2ETH {\n function withdraw(address _l1Receiver) external payable;\n}\n\n/**\n * @notice ZkSync specific SpokePool, intended to be compiled with `@matterlabs/hardhat-zksync-solc`.\n * @dev Resources for compiling and deploying contracts with hardhat: https://era.zksync.io/docs/tools/hardhat/hardhat-zksync-solc.html\n */\ncontract ZkSync_SpokePool is SpokePool {\n // On Ethereum, avoiding constructor parameters and putting them into constants reduces some of the gas cost\n // upon contract deployment. On zkSync the opposite is true: deploying the same bytecode for contracts,\n // while changing only constructor parameters can lead to substantial fee savings. So, the following params\n // are all set by passing in constructor params where possible.\n\n // ETH on ZkSync implements a subset of the ERC-20 interface, with additional built-in support to bridge to L1.\n address public l2Eth;\n\n // Bridge used to withdraw ERC20's to L1\n ZkBridgeLike public zkErc20Bridge;\n\n event SetZkBridge(address indexed erc20Bridge, address indexed oldErc20Bridge);\n event ZkSyncTokensBridged(address indexed l2Token, address target, uint256 numberOfTokensBridged);\n\n /**\n * @notice Construct the ZkSync SpokePool.\n * @param _initialDepositId Starting deposit ID. Set to 0 unless this is a re-deployment in order to mitigate\n * relay hash collisions.\n * @param _zkErc20Bridge Address of L2 ERC20 gateway. Can be reset by admin.\n * @param _crossDomainAdmin Cross domain admin to set. Can be changed by admin.\n * @param _hubPool Hub pool address to set. Can be changed by admin.\n * @param _wethAddress Weth address for this network to set.\n */\n function initialize(\n uint32 _initialDepositId,\n ZkBridgeLike _zkErc20Bridge,\n address _crossDomainAdmin,\n address _hubPool,\n address _wethAddress\n ) public initializer {\n l2Eth = 0x000000000000000000000000000000000000800A;\n __SpokePool_init(_initialDepositId, _crossDomainAdmin, _hubPool, _wethAddress);\n _setZkBridge(_zkErc20Bridge);\n }\n\n modifier onlyFromCrossDomainAdmin() {\n require(msg.sender == _applyL1ToL2Alias(crossDomainAdmin), \"ONLY_COUNTERPART_GATEWAY\");\n _;\n }\n\n /********************************************************\n * ZKSYNC-SPECIFIC CROSS-CHAIN ADMIN FUNCTIONS *\n ********************************************************/\n\n /**\n * @notice Change L2 token bridge addresses. Callable only by admin.\n * @param _zkErc20Bridge New address of L2 ERC20 gateway.\n */\n function setZkBridge(ZkBridgeLike _zkErc20Bridge) public onlyAdmin nonReentrant {\n _setZkBridge(_zkErc20Bridge);\n }\n\n /**************************************\n * DATA WORKER FUNCTIONS *\n **************************************/\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeSlowRelayLeaf(\n address depositor,\n address recipient,\n address destinationToken,\n uint256 totalRelayAmount,\n uint256 originChainId,\n int64 realizedLpFeePct,\n int64 relayerFeePct,\n uint32 depositId,\n uint32 rootBundleId,\n bytes memory message,\n int256 payoutAdjustment,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (destinationToken == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeSlowRelayLeaf(\n depositor,\n recipient,\n destinationToken,\n totalRelayAmount,\n originChainId,\n chainId(),\n realizedLpFeePct,\n relayerFeePct,\n depositId,\n rootBundleId,\n message,\n payoutAdjustment,\n proof\n );\n }\n\n /**\n * @notice Wraps any ETH into WETH before executing base function. This is necessary because SpokePool receives\n * ETH over the canonical token bridge instead of WETH.\n * @inheritdoc SpokePool\n */\n function executeRelayerRefundLeaf(\n uint32 rootBundleId,\n SpokePoolInterface.RelayerRefundLeaf memory relayerRefundLeaf,\n bytes32[] memory proof\n ) public override(SpokePool) nonReentrant {\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) _depositEthToWeth();\n\n _executeRelayerRefundLeaf(rootBundleId, relayerRefundLeaf, proof);\n }\n\n /**************************************\n * INTERNAL FUNCTIONS *\n **************************************/\n\n // Wrap any ETH owned by this contract so we can send expected L2 token to recipient. This is necessary because\n // this SpokePool will receive ETH from the canonical token bridge instead of WETH. This may not be neccessary\n // if ETH on ZkSync is treated as ETH and the fallback() function is triggered when this contract receives\n // ETH. We will have to test this but this function for now allows the contract to safely convert all of its\n // held ETH into WETH at the cost of higher gas costs.\n function _depositEthToWeth() internal {\n //slither-disable-next-line arbitrary-send-eth\n if (address(this).balance > 0) wrappedNativeToken.deposit{ value: address(this).balance }();\n }\n\n function _bridgeTokensToHubPool(RelayerRefundLeaf memory relayerRefundLeaf) internal override {\n // SpokePool is expected to receive ETH from the L1 HubPool and currently, withdrawing ETH directly\n // over the ERC20 Bridge is blocked at the contract level. Therefore, we need to unwrap it before withdrawing.\n if (relayerRefundLeaf.l2TokenAddress == address(wrappedNativeToken)) {\n WETH9Interface(relayerRefundLeaf.l2TokenAddress).withdraw(relayerRefundLeaf.amountToReturn); // Unwrap into ETH.\n // To withdraw tokens, we actually call 'withdraw' on the L2 eth token itself.\n IL2ETH(l2Eth).withdraw{ value: relayerRefundLeaf.amountToReturn }(hubPool);\n } else {\n zkErc20Bridge.withdraw(hubPool, relayerRefundLeaf.l2TokenAddress, relayerRefundLeaf.amountToReturn);\n }\n emit ZkSyncTokensBridged(relayerRefundLeaf.l2TokenAddress, hubPool, relayerRefundLeaf.amountToReturn);\n }\n\n function _setZkBridge(ZkBridgeLike _zkErc20Bridge) internal {\n address oldErc20Bridge = address(zkErc20Bridge);\n zkErc20Bridge = _zkErc20Bridge;\n emit SetZkBridge(address(_zkErc20Bridge), oldErc20Bridge);\n }\n\n // L1 addresses are transformed during l1->l2 calls.\n // See https://github.com/matter-labs/era-contracts/blob/main/docs/Overview.md#mailboxfacet for more information.\n // Another source: https://github.com/matter-labs/era-contracts/blob/41c25aa16d182f757c3fed1463c78a81896f65e6/ethereum/contracts/vendor/AddressAliasHelper.sol#L28\n function _applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {\n unchecked {\n l2Address = address(uint160(l1Address) + uint160(0x1111000000000000000000000000000000001111));\n }\n }\n\n function _requireAdminSender() internal override onlyFromCrossDomainAdmin {}\n}\n" + } + }, + "settings": { + "optimizer": { + "enabled": true, + "runs": 1000000 + }, + "viaIR": true, + "outputSelection": { + "*": { + "*": [ + "abi", + "evm.bytecode", + "evm.deployedBytecode", + "evm.methodIdentifiers", + "metadata", + "devdoc", + "userdoc", + "storageLayout", + "evm.gasEstimates" + ], + "": ["ast"] + } + }, + "metadata": { + "useLiteralContent": true + } + } +}