ETH Price: $1,666.43 (-3.48%)
Gas: 5 Gwei
 

Overview

ETH Balance

0 ETH

Eth Value

$0.00

Sponsored

Transaction Hash
Method
Block
From
To
Value
Transfer Ownersh...163271402023-01-03 15:25:35272 days 13 hrs ago1672759535IN
0x7D7B62...F46D811A
0 ETH0.0008528229.2955612
Approve First Ri...163271362023-01-03 15:24:47272 days 13 hrs ago1672759487IN
0x7D7B62...F46D811A
0 ETH0.0013295526.67599103
0x60e06040163271202023-01-03 15:21:35272 days 13 hrs ago1672759295IN
 Create: CoveragePool
0 ETH0.058949327.53816643

View more zero value Internal Transactions in Advanced View mode

Advanced mode:
Loading...
Loading

Contract Source Code Verified (Exact Match)

Contract Name:
CoveragePool

Compiler Version
v0.8.9+commit.e5eed63a

Optimization Enabled:
No with 200 runs

Other Settings:
default evmVersion
File 1 of 26 : CoveragePool.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

import "./interfaces/IAssetPoolUpgrade.sol";
import "./interfaces/ICollateralToken.sol";
import "./AssetPool.sol";
import "./CoveragePoolConstants.sol";
import "./GovernanceUtils.sol";

import "@openzeppelin/contracts/access/Ownable.sol";

/// @title Coverage Pool
/// @notice A contract that manages a single asset pool. Handles approving and
///         unapproving of risk managers and allows them to seize funds from the
///         asset pool if they are approved.
/// @dev Coverage pool contract is owned by the governance. Coverage pool is the
///      owner of the asset pool contract.
contract CoveragePool is Ownable {
    AssetPool public immutable assetPool;
    ICollateralToken public immutable collateralToken;
    UnderwriterToken public immutable underwriterToken;

    bool public firstRiskManagerApproved = false;

    // Currently approved risk managers
    mapping(address => bool) public approvedRiskManagers;
    // Timestamps of risk managers whose approvals have been initiated
    mapping(address => uint256) public riskManagerApprovalTimestamps;

    event RiskManagerApprovalStarted(address riskManager, uint256 timestamp);
    event RiskManagerApprovalCompleted(address riskManager, uint256 timestamp);
    event RiskManagerUnapproved(address riskManager, uint256 timestamp);

    /// @notice Reverts if called by a risk manager that is not approved
    modifier onlyApprovedRiskManager() {
        require(approvedRiskManagers[msg.sender], "Risk manager not approved");
        _;
    }

    constructor(AssetPool _assetPool) {
        assetPool = _assetPool;
        collateralToken = _assetPool.collateralToken();
        underwriterToken = _assetPool.underwriterToken();
    }

    /// @notice Approves the first risk manager
    /// @dev Can be called only by the contract owner. Can be called only once.
    ///      Does not require any further calls to any functions.
    /// @param riskManager Risk manager that will be approved
    function approveFirstRiskManager(address riskManager) external onlyOwner {
        require(
            !firstRiskManagerApproved,
            "The first risk manager was approved"
        );
        approvedRiskManagers[riskManager] = true;
        firstRiskManagerApproved = true;
    }

    /// @notice Begins risk manager approval process.
    /// @dev Can be called only by the contract owner and only when the first
    ///      risk manager is already approved. For a risk manager to be
    ///      approved, a call to `finalizeRiskManagerApproval` must follow
    ///      (after a governance delay).
    /// @param riskManager Risk manager that will be approved
    function beginRiskManagerApproval(address riskManager) external onlyOwner {
        require(
            firstRiskManagerApproved,
            "The first risk manager is not yet approved; Please use "
            "approveFirstRiskManager instead"
        );

        require(
            !approvedRiskManagers[riskManager],
            "Risk manager already approved"
        );

        /* solhint-disable-next-line not-rely-on-time */
        riskManagerApprovalTimestamps[riskManager] = block.timestamp;
        /* solhint-disable-next-line not-rely-on-time */
        emit RiskManagerApprovalStarted(riskManager, block.timestamp);
    }

    /// @notice Finalizes risk manager approval process.
    /// @dev Can be called only by the contract owner. Must be preceded with a
    ///      call to beginRiskManagerApproval and a governance delay must elapse.
    /// @param riskManager Risk manager that will be approved
    function finalizeRiskManagerApproval(address riskManager)
        external
        onlyOwner
    {
        require(
            riskManagerApprovalTimestamps[riskManager] > 0,
            "Risk manager approval not initiated"
        );
        require(
            /* solhint-disable-next-line not-rely-on-time */
            block.timestamp - riskManagerApprovalTimestamps[riskManager] >=
                assetPool.withdrawalGovernanceDelay(),
            "Risk manager governance delay has not elapsed"
        );
        approvedRiskManagers[riskManager] = true;
        /* solhint-disable-next-line not-rely-on-time */
        emit RiskManagerApprovalCompleted(riskManager, block.timestamp);
        delete riskManagerApprovalTimestamps[riskManager];
    }

    /// @notice Unapproves an already approved risk manager or cancels the
    ///         approval process of a risk manager (the latter happens if called
    ///         between `beginRiskManagerApproval` and `finalizeRiskManagerApproval`).
    ///         The change takes effect immediately.
    /// @dev Can be called only by the contract owner.
    /// @param riskManager Risk manager that will be unapproved
    function unapproveRiskManager(address riskManager) external onlyOwner {
        require(
            riskManagerApprovalTimestamps[riskManager] > 0 ||
                approvedRiskManagers[riskManager],
            "Risk manager is neither approved nor with a pending approval"
        );
        delete riskManagerApprovalTimestamps[riskManager];
        delete approvedRiskManagers[riskManager];
        /* solhint-disable-next-line not-rely-on-time */
        emit RiskManagerUnapproved(riskManager, block.timestamp);
    }

    /// @notice Approves upgradeability to the new asset pool.
    ///         Allows governance to set a new asset pool so the underwriters
    ///         can move their collateral tokens to a new asset pool without
    ///         having to wait for the withdrawal delay.
    /// @param _newAssetPool New asset pool
    function approveNewAssetPoolUpgrade(IAssetPoolUpgrade _newAssetPool)
        external
        onlyOwner
    {
        assetPool.approveNewAssetPoolUpgrade(_newAssetPool);
    }

    /// @notice Lets the governance to begin an update of withdrawal delay
    ///         parameter value. Withdrawal delay is the time it takes the
    ///         underwriter to withdraw their collateral and rewards from the
    ///         pool. This is the time that needs to pass between initiating and
    ///         completing the withdrawal. The change needs to be finalized with
    ///         a call to finalizeWithdrawalDelayUpdate after the required
    ///         governance delay passes. It is up to the governance to
    ///         decide what the withdrawal delay value should be but it should
    ///         be long enough so that the possibility of having free-riding
    ///         underwriters escaping from a potential coverage claim by
    ///         withdrawing their positions from the pool is negligible.
    /// @param newWithdrawalDelay The new value of withdrawal delay
    function beginWithdrawalDelayUpdate(uint256 newWithdrawalDelay)
        external
        onlyOwner
    {
        assetPool.beginWithdrawalDelayUpdate(newWithdrawalDelay);
    }

    /// @notice Lets the governance to finalize an update of withdrawal
    ///         delay parameter value. This call has to be preceded with
    ///         a call to beginWithdrawalDelayUpdate and the governance delay
    ///         has to pass.
    function finalizeWithdrawalDelayUpdate() external onlyOwner {
        assetPool.finalizeWithdrawalDelayUpdate();
    }

    /// @notice Lets the governance to begin an update of withdrawal timeout
    ///         parameter value. The withdrawal timeout is the time the
    ///         underwriter has - after the withdrawal delay passed - to
    ///         complete the withdrawal. The change needs to be finalized with
    ///         a call to finalizeWithdrawalTimeoutUpdate after the required
    ///         governance delay passes. It is up to the governance to
    ///         decide what the withdrawal timeout value should be but it should
    ///         be short enough so that the time of free-riding by being able to
    ///         immediately escape from the claim is minimal and long enough so
    ///         that honest underwriters have a possibility to finalize the
    ///         withdrawal. It is all about the right proportions with
    ///         a relation to withdrawal delay value.
    /// @param  newWithdrawalTimeout The new value of the withdrawal timeout
    function beginWithdrawalTimeoutUpdate(uint256 newWithdrawalTimeout)
        external
        onlyOwner
    {
        assetPool.beginWithdrawalTimeoutUpdate(newWithdrawalTimeout);
    }

    /// @notice Lets the governance to finalize an update of withdrawal
    ///         timeout parameter value. This call has to be preceded with
    ///         a call to beginWithdrawalTimeoutUpdate and the governance delay
    ///         has to pass.
    function finalizeWithdrawalTimeoutUpdate() external onlyOwner {
        assetPool.finalizeWithdrawalTimeoutUpdate();
    }

    /// @notice Seizes funds from the coverage pool and sends them to the
    ///         `recipient`.
    /// @dev `portionToSeize` value was multiplied by `FLOATING_POINT_DIVISOR`
    ///      for calculation precision purposes. Further calculations in this
    ///      function will need to take this divisor into account.
    /// @param recipient Address that will receive the pool's seized funds
    /// @param portionToSeize Portion of the pool to seize in the range (0, 1]
    ///        multiplied by `FLOATING_POINT_DIVISOR`
    function seizePortion(address recipient, uint256 portionToSeize)
        external
        onlyApprovedRiskManager
    {
        require(
            portionToSeize > 0 &&
                portionToSeize <= CoveragePoolConstants.FLOATING_POINT_DIVISOR,
            "Portion to seize is not within the range (0, 1]"
        );

        assetPool.claim(recipient, amountToSeize(portionToSeize));
    }

    /// @notice Seizes funds from the coverage pool and sends them to the
    ///         `recipient`.
    /// @param recipient Address that will receive the pool's seized funds
    /// @param amountToSeize Amount to be seized from the pool
    // slither-disable-next-line shadowing-local
    function seizeAmount(address recipient, uint256 amountToSeize)
        external
        onlyApprovedRiskManager
    {
        require(amountToSeize > 0, "Amount to seize must be >0");

        assetPool.claim(recipient, amountToSeize);
    }

    /// @notice Grants asset pool shares by minting a given amount of the
    ///         underwriter tokens for the recipient address. In result, the
    ///         recipient obtains part of the pool ownership without depositing
    ///         any collateral tokens. Shares are usually granted for notifiers
    ///         reporting about various contract state changes.
    /// @dev Can be called only by an approved risk manager.
    /// @param recipient Address of the underwriter tokens recipient
    /// @param covAmount Amount of the underwriter tokens which should be minted
    function grantAssetPoolShares(address recipient, uint256 covAmount)
        external
        onlyApprovedRiskManager
    {
        assetPool.grantShares(recipient, covAmount);
    }

    /// @notice Returns the time remaining until the risk manager approval
    ///         process can be finalized
    /// @param riskManager Risk manager in the process of approval
    /// @return Remaining time in seconds.
    function getRemainingRiskManagerApprovalTime(address riskManager)
        external
        view
        returns (uint256)
    {
        return
            GovernanceUtils.getRemainingChangeTime(
                riskManagerApprovalTimestamps[riskManager],
                assetPool.withdrawalGovernanceDelay()
            );
    }

    /// @notice Determine the prior number of DAO votes for the given coverage
    ///         pool underwriter.
    /// @param account The underwriter address to check
    /// @param blockNumber The block number to get the vote balance at
    /// @return The number of votes the underwriter had as of the given block
    function getPastVotes(address account, uint256 blockNumber)
        external
        view
        returns (uint96)
    {
        uint96 underwriterVotes = underwriterToken.getPastVotes(
            account,
            blockNumber
        );
        uint96 underwriterTokenSupply = underwriterToken.getPastTotalSupply(
            blockNumber
        );

        if (underwriterTokenSupply == 0) {
            return 0;
        }

        uint96 covPoolVotes = collateralToken.getPastVotes(
            address(assetPool),
            blockNumber
        );

        return
            uint96(
                (uint256(underwriterVotes) * covPoolVotes) /
                    underwriterTokenSupply
            );
    }

    /// @notice Calculates amount of tokens to be seized from the coverage pool.
    /// @param portionToSeize Portion of the pool to seize in the range (0, 1]
    ///        multiplied by FLOATING_POINT_DIVISOR
    function amountToSeize(uint256 portionToSeize)
        public
        view
        returns (uint256)
    {
        return
            (collateralToken.balanceOf(address(assetPool)) * portionToSeize) /
            CoveragePoolConstants.FLOATING_POINT_DIVISOR;
    }
}

File 2 of 26 : MathUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (utils/math/Math.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library MathUpgradeable {
    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a >= b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds up instead
     * of rounding down.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a / b + (a % b == 0 ? 0 : 1);
    }
}

File 3 of 26 : SafeCastUpgradeable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/math/SafeCast.sol)

pragma solidity ^0.8.0;

/**
 * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
 * checks.
 *
 * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
 * easily result in undesired exploitation or bugs, since developers usually
 * assume that overflows raise errors. `SafeCast` restores this intuition by
 * reverting the transaction when such an operation overflows.
 *
 * Using this library instead of the unchecked operations eliminates an entire
 * class of bugs, so it's recommended to use it always.
 *
 * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing
 * all math on `uint256` and `int256` and then downcasting.
 */
library SafeCastUpgradeable {
    /**
     * @dev Returns the downcasted uint224 from uint256, reverting on
     * overflow (when the input is greater than largest uint224).
     *
     * Counterpart to Solidity's `uint224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     */
    function toUint224(uint256 value) internal pure returns (uint224) {
        require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits");
        return uint224(value);
    }

    /**
     * @dev Returns the downcasted uint128 from uint256, reverting on
     * overflow (when the input is greater than largest uint128).
     *
     * Counterpart to Solidity's `uint128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     */
    function toUint128(uint256 value) internal pure returns (uint128) {
        require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits");
        return uint128(value);
    }

    /**
     * @dev Returns the downcasted uint96 from uint256, reverting on
     * overflow (when the input is greater than largest uint96).
     *
     * Counterpart to Solidity's `uint96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     */
    function toUint96(uint256 value) internal pure returns (uint96) {
        require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits");
        return uint96(value);
    }

    /**
     * @dev Returns the downcasted uint64 from uint256, reverting on
     * overflow (when the input is greater than largest uint64).
     *
     * Counterpart to Solidity's `uint64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     */
    function toUint64(uint256 value) internal pure returns (uint64) {
        require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits");
        return uint64(value);
    }

    /**
     * @dev Returns the downcasted uint32 from uint256, reverting on
     * overflow (when the input is greater than largest uint32).
     *
     * Counterpart to Solidity's `uint32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     */
    function toUint32(uint256 value) internal pure returns (uint32) {
        require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits");
        return uint32(value);
    }

    /**
     * @dev Returns the downcasted uint16 from uint256, reverting on
     * overflow (when the input is greater than largest uint16).
     *
     * Counterpart to Solidity's `uint16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     */
    function toUint16(uint256 value) internal pure returns (uint16) {
        require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits");
        return uint16(value);
    }

    /**
     * @dev Returns the downcasted uint8 from uint256, reverting on
     * overflow (when the input is greater than largest uint8).
     *
     * Counterpart to Solidity's `uint8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits.
     */
    function toUint8(uint256 value) internal pure returns (uint8) {
        require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits");
        return uint8(value);
    }

    /**
     * @dev Converts a signed int256 into an unsigned uint256.
     *
     * Requirements:
     *
     * - input must be greater than or equal to 0.
     */
    function toUint256(int256 value) internal pure returns (uint256) {
        require(value >= 0, "SafeCast: value must be positive");
        return uint256(value);
    }

    /**
     * @dev Returns the downcasted int128 from int256, reverting on
     * overflow (when the input is less than smallest int128 or
     * greater than largest int128).
     *
     * Counterpart to Solidity's `int128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     *
     * _Available since v3.1._
     */
    function toInt128(int256 value) internal pure returns (int128) {
        require(value >= type(int128).min && value <= type(int128).max, "SafeCast: value doesn't fit in 128 bits");
        return int128(value);
    }

    /**
     * @dev Returns the downcasted int64 from int256, reverting on
     * overflow (when the input is less than smallest int64 or
     * greater than largest int64).
     *
     * Counterpart to Solidity's `int64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     *
     * _Available since v3.1._
     */
    function toInt64(int256 value) internal pure returns (int64) {
        require(value >= type(int64).min && value <= type(int64).max, "SafeCast: value doesn't fit in 64 bits");
        return int64(value);
    }

    /**
     * @dev Returns the downcasted int32 from int256, reverting on
     * overflow (when the input is less than smallest int32 or
     * greater than largest int32).
     *
     * Counterpart to Solidity's `int32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     *
     * _Available since v3.1._
     */
    function toInt32(int256 value) internal pure returns (int32) {
        require(value >= type(int32).min && value <= type(int32).max, "SafeCast: value doesn't fit in 32 bits");
        return int32(value);
    }

    /**
     * @dev Returns the downcasted int16 from int256, reverting on
     * overflow (when the input is less than smallest int16 or
     * greater than largest int16).
     *
     * Counterpart to Solidity's `int16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     *
     * _Available since v3.1._
     */
    function toInt16(int256 value) internal pure returns (int16) {
        require(value >= type(int16).min && value <= type(int16).max, "SafeCast: value doesn't fit in 16 bits");
        return int16(value);
    }

    /**
     * @dev Returns the downcasted int8 from int256, reverting on
     * overflow (when the input is less than smallest int8 or
     * greater than largest int8).
     *
     * Counterpart to Solidity's `int8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits.
     *
     * _Available since v3.1._
     */
    function toInt8(int256 value) internal pure returns (int8) {
        require(value >= type(int8).min && value <= type(int8).max, "SafeCast: value doesn't fit in 8 bits");
        return int8(value);
    }

    /**
     * @dev Converts an unsigned uint256 into a signed int256.
     *
     * Requirements:
     *
     * - input must be less than or equal to maxInt256.
     */
    function toInt256(uint256 value) internal pure returns (int256) {
        // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
        require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256");
        return int256(value);
    }
}

File 4 of 26 : Ownable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)

pragma solidity ^0.8.0;

import "../utils/Context.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * By default, the owner account will be the one that deploys the contract. This
 * can later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
    address private _owner;

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the deployer as the initial owner.
     */
    constructor() {
        _transferOwnership(_msgSender());
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        require(owner() == _msgSender(), "Ownable: caller is not the owner");
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions anymore. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby removing any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        require(newOwner != address(0), "Ownable: new owner is the zero address");
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

File 5 of 26 : draft-IERC20Permit.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 */
interface IERC20Permit {
    /**
     * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
     * given ``owner``'s signed approval.
     *
     * IMPORTANT: The same issues {IERC20-approve} has related to transaction
     * ordering also apply here.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `deadline` must be a timestamp in the future.
     * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
     * over the EIP712-formatted function arguments.
     * - the signature must use ``owner``'s current nonce (see {nonces}).
     *
     * For more information on the signature format, see the
     * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
     * section].
     */
    function permit(
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /**
     * @dev Returns the current nonce for `owner`. This value must be
     * included whenever a signature is generated for {permit}.
     *
     * Every successful call to {permit} increases ``owner``'s nonce by one. This
     * prevents a signature from being used multiple times.
     */
    function nonces(address owner) external view returns (uint256);

    /**
     * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
     */
    // solhint-disable-next-line func-name-mixedcase
    function DOMAIN_SEPARATOR() external view returns (bytes32);
}

File 6 of 26 : IERC20Metadata.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity ^0.8.0;

import "../IERC20.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC20 standard.
 *
 * _Available since v4.1._
 */
interface IERC20Metadata is IERC20 {
    /**
     * @dev Returns the name of the token.
     */
    function name() external view returns (string memory);

    /**
     * @dev Returns the symbol of the token.
     */
    function symbol() external view returns (string memory);

    /**
     * @dev Returns the decimals places of the token.
     */
    function decimals() external view returns (uint8);
}

File 7 of 26 : IERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the amount of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the amount of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves `amount` tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 amount) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 amount) external returns (bool);

    /**
     * @dev Moves `amount` tokens from `from` to `to` using the
     * allowance mechanism. `amount` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(
        address from,
        address to,
        uint256 amount
    ) external returns (bool);
}

File 8 of 26 : SafeERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.0;

import "../IERC20.sol";
import "../extensions/draft-IERC20Permit.sol";
import "../../../utils/Address.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    using Address for address;

    function safeTransfer(
        IERC20 token,
        address to,
        uint256 value
    ) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
    }

    function safeTransferFrom(
        IERC20 token,
        address from,
        address to,
        uint256 value
    ) internal {
        _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
    }

    /**
     * @dev Deprecated. This function has issues similar to the ones found in
     * {IERC20-approve}, and its usage is discouraged.
     *
     * Whenever possible, use {safeIncreaseAllowance} and
     * {safeDecreaseAllowance} instead.
     */
    function safeApprove(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        // safeApprove should only be called when setting an initial allowance,
        // or when resetting it to zero. To increase and decrease it, use
        // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
        require(
            (value == 0) || (token.allowance(address(this), spender) == 0),
            "SafeERC20: approve from non-zero to non-zero allowance"
        );
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
    }

    function safeIncreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        uint256 newAllowance = token.allowance(address(this), spender) + value;
        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
    }

    function safeDecreaseAllowance(
        IERC20 token,
        address spender,
        uint256 value
    ) internal {
        unchecked {
            uint256 oldAllowance = token.allowance(address(this), spender);
            require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
            uint256 newAllowance = oldAllowance - value;
            _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
        }
    }

    function safePermit(
        IERC20Permit token,
        address owner,
        address spender,
        uint256 value,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal {
        uint256 nonceBefore = token.nonces(owner);
        token.permit(owner, spender, value, deadline, v, r, s);
        uint256 nonceAfter = token.nonces(owner);
        require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
        // the target address contains contract code and also asserts for success in the low-level call.

        bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
        if (returndata.length > 0) {
            // Return data is optional
            require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
        }
    }
}

File 9 of 26 : Address.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionDelegateCall(target, data, "Address: low-level delegate call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
     *
     * _Available since v4.8._
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        if (success) {
            if (returndata.length == 0) {
                // only check isContract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                require(isContract(target), "Address: call to non-contract");
            }
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason or using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    function _revert(bytes memory returndata, string memory errorMessage) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert(errorMessage);
        }
    }
}

File 10 of 26 : Context.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)

pragma solidity ^0.8.0;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }
}

File 11 of 26 : Math.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/Math.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    enum Rounding {
        Down, // Toward negative infinity
        Up, // Toward infinity
        Zero // Toward zero
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds up instead
     * of rounding down.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
     * with further edits by Uniswap Labs also under MIT license.
     */
    function mulDiv(
        uint256 x,
        uint256 y,
        uint256 denominator
    ) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod0 := mul(x, y)
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            require(denominator > prod1);

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
            // See https://cs.stackexchange.com/q/138556/92363.

            // Does not overflow because the denominator cannot be zero at this stage in the function.
            uint256 twos = denominator & (~denominator + 1);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
            // in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(
        uint256 x,
        uint256 y,
        uint256 denominator,
        Rounding rounding
    ) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // β†’ `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // β†’ `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2, rounded down, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10, rounded down, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10**64) {
                value /= 10**64;
                result += 64;
            }
            if (value >= 10**32) {
                value /= 10**32;
                result += 32;
            }
            if (value >= 10**16) {
                value /= 10**16;
                result += 16;
            }
            if (value >= 10**8) {
                value /= 10**8;
                result += 8;
            }
            if (value >= 10**4) {
                value /= 10**4;
                result += 4;
            }
            if (value >= 10**2) {
                value /= 10**2;
                result += 2;
            }
            if (value >= 10**1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (rounding == Rounding.Up && 10**result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256, rounded down, of a positive value.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (rounding == Rounding.Up && 1 << (result * 8) < value ? 1 : 0);
        }
    }
}

File 12 of 26 : SafeCast.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.

pragma solidity ^0.8.0;

/**
 * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
 * checks.
 *
 * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
 * easily result in undesired exploitation or bugs, since developers usually
 * assume that overflows raise errors. `SafeCast` restores this intuition by
 * reverting the transaction when such an operation overflows.
 *
 * Using this library instead of the unchecked operations eliminates an entire
 * class of bugs, so it's recommended to use it always.
 *
 * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing
 * all math on `uint256` and `int256` and then downcasting.
 */
library SafeCast {
    /**
     * @dev Returns the downcasted uint248 from uint256, reverting on
     * overflow (when the input is greater than largest uint248).
     *
     * Counterpart to Solidity's `uint248` operator.
     *
     * Requirements:
     *
     * - input must fit into 248 bits
     *
     * _Available since v4.7._
     */
    function toUint248(uint256 value) internal pure returns (uint248) {
        require(value <= type(uint248).max, "SafeCast: value doesn't fit in 248 bits");
        return uint248(value);
    }

    /**
     * @dev Returns the downcasted uint240 from uint256, reverting on
     * overflow (when the input is greater than largest uint240).
     *
     * Counterpart to Solidity's `uint240` operator.
     *
     * Requirements:
     *
     * - input must fit into 240 bits
     *
     * _Available since v4.7._
     */
    function toUint240(uint256 value) internal pure returns (uint240) {
        require(value <= type(uint240).max, "SafeCast: value doesn't fit in 240 bits");
        return uint240(value);
    }

    /**
     * @dev Returns the downcasted uint232 from uint256, reverting on
     * overflow (when the input is greater than largest uint232).
     *
     * Counterpart to Solidity's `uint232` operator.
     *
     * Requirements:
     *
     * - input must fit into 232 bits
     *
     * _Available since v4.7._
     */
    function toUint232(uint256 value) internal pure returns (uint232) {
        require(value <= type(uint232).max, "SafeCast: value doesn't fit in 232 bits");
        return uint232(value);
    }

    /**
     * @dev Returns the downcasted uint224 from uint256, reverting on
     * overflow (when the input is greater than largest uint224).
     *
     * Counterpart to Solidity's `uint224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     *
     * _Available since v4.2._
     */
    function toUint224(uint256 value) internal pure returns (uint224) {
        require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits");
        return uint224(value);
    }

    /**
     * @dev Returns the downcasted uint216 from uint256, reverting on
     * overflow (when the input is greater than largest uint216).
     *
     * Counterpart to Solidity's `uint216` operator.
     *
     * Requirements:
     *
     * - input must fit into 216 bits
     *
     * _Available since v4.7._
     */
    function toUint216(uint256 value) internal pure returns (uint216) {
        require(value <= type(uint216).max, "SafeCast: value doesn't fit in 216 bits");
        return uint216(value);
    }

    /**
     * @dev Returns the downcasted uint208 from uint256, reverting on
     * overflow (when the input is greater than largest uint208).
     *
     * Counterpart to Solidity's `uint208` operator.
     *
     * Requirements:
     *
     * - input must fit into 208 bits
     *
     * _Available since v4.7._
     */
    function toUint208(uint256 value) internal pure returns (uint208) {
        require(value <= type(uint208).max, "SafeCast: value doesn't fit in 208 bits");
        return uint208(value);
    }

    /**
     * @dev Returns the downcasted uint200 from uint256, reverting on
     * overflow (when the input is greater than largest uint200).
     *
     * Counterpart to Solidity's `uint200` operator.
     *
     * Requirements:
     *
     * - input must fit into 200 bits
     *
     * _Available since v4.7._
     */
    function toUint200(uint256 value) internal pure returns (uint200) {
        require(value <= type(uint200).max, "SafeCast: value doesn't fit in 200 bits");
        return uint200(value);
    }

    /**
     * @dev Returns the downcasted uint192 from uint256, reverting on
     * overflow (when the input is greater than largest uint192).
     *
     * Counterpart to Solidity's `uint192` operator.
     *
     * Requirements:
     *
     * - input must fit into 192 bits
     *
     * _Available since v4.7._
     */
    function toUint192(uint256 value) internal pure returns (uint192) {
        require(value <= type(uint192).max, "SafeCast: value doesn't fit in 192 bits");
        return uint192(value);
    }

    /**
     * @dev Returns the downcasted uint184 from uint256, reverting on
     * overflow (when the input is greater than largest uint184).
     *
     * Counterpart to Solidity's `uint184` operator.
     *
     * Requirements:
     *
     * - input must fit into 184 bits
     *
     * _Available since v4.7._
     */
    function toUint184(uint256 value) internal pure returns (uint184) {
        require(value <= type(uint184).max, "SafeCast: value doesn't fit in 184 bits");
        return uint184(value);
    }

    /**
     * @dev Returns the downcasted uint176 from uint256, reverting on
     * overflow (when the input is greater than largest uint176).
     *
     * Counterpart to Solidity's `uint176` operator.
     *
     * Requirements:
     *
     * - input must fit into 176 bits
     *
     * _Available since v4.7._
     */
    function toUint176(uint256 value) internal pure returns (uint176) {
        require(value <= type(uint176).max, "SafeCast: value doesn't fit in 176 bits");
        return uint176(value);
    }

    /**
     * @dev Returns the downcasted uint168 from uint256, reverting on
     * overflow (when the input is greater than largest uint168).
     *
     * Counterpart to Solidity's `uint168` operator.
     *
     * Requirements:
     *
     * - input must fit into 168 bits
     *
     * _Available since v4.7._
     */
    function toUint168(uint256 value) internal pure returns (uint168) {
        require(value <= type(uint168).max, "SafeCast: value doesn't fit in 168 bits");
        return uint168(value);
    }

    /**
     * @dev Returns the downcasted uint160 from uint256, reverting on
     * overflow (when the input is greater than largest uint160).
     *
     * Counterpart to Solidity's `uint160` operator.
     *
     * Requirements:
     *
     * - input must fit into 160 bits
     *
     * _Available since v4.7._
     */
    function toUint160(uint256 value) internal pure returns (uint160) {
        require(value <= type(uint160).max, "SafeCast: value doesn't fit in 160 bits");
        return uint160(value);
    }

    /**
     * @dev Returns the downcasted uint152 from uint256, reverting on
     * overflow (when the input is greater than largest uint152).
     *
     * Counterpart to Solidity's `uint152` operator.
     *
     * Requirements:
     *
     * - input must fit into 152 bits
     *
     * _Available since v4.7._
     */
    function toUint152(uint256 value) internal pure returns (uint152) {
        require(value <= type(uint152).max, "SafeCast: value doesn't fit in 152 bits");
        return uint152(value);
    }

    /**
     * @dev Returns the downcasted uint144 from uint256, reverting on
     * overflow (when the input is greater than largest uint144).
     *
     * Counterpart to Solidity's `uint144` operator.
     *
     * Requirements:
     *
     * - input must fit into 144 bits
     *
     * _Available since v4.7._
     */
    function toUint144(uint256 value) internal pure returns (uint144) {
        require(value <= type(uint144).max, "SafeCast: value doesn't fit in 144 bits");
        return uint144(value);
    }

    /**
     * @dev Returns the downcasted uint136 from uint256, reverting on
     * overflow (when the input is greater than largest uint136).
     *
     * Counterpart to Solidity's `uint136` operator.
     *
     * Requirements:
     *
     * - input must fit into 136 bits
     *
     * _Available since v4.7._
     */
    function toUint136(uint256 value) internal pure returns (uint136) {
        require(value <= type(uint136).max, "SafeCast: value doesn't fit in 136 bits");
        return uint136(value);
    }

    /**
     * @dev Returns the downcasted uint128 from uint256, reverting on
     * overflow (when the input is greater than largest uint128).
     *
     * Counterpart to Solidity's `uint128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     *
     * _Available since v2.5._
     */
    function toUint128(uint256 value) internal pure returns (uint128) {
        require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits");
        return uint128(value);
    }

    /**
     * @dev Returns the downcasted uint120 from uint256, reverting on
     * overflow (when the input is greater than largest uint120).
     *
     * Counterpart to Solidity's `uint120` operator.
     *
     * Requirements:
     *
     * - input must fit into 120 bits
     *
     * _Available since v4.7._
     */
    function toUint120(uint256 value) internal pure returns (uint120) {
        require(value <= type(uint120).max, "SafeCast: value doesn't fit in 120 bits");
        return uint120(value);
    }

    /**
     * @dev Returns the downcasted uint112 from uint256, reverting on
     * overflow (when the input is greater than largest uint112).
     *
     * Counterpart to Solidity's `uint112` operator.
     *
     * Requirements:
     *
     * - input must fit into 112 bits
     *
     * _Available since v4.7._
     */
    function toUint112(uint256 value) internal pure returns (uint112) {
        require(value <= type(uint112).max, "SafeCast: value doesn't fit in 112 bits");
        return uint112(value);
    }

    /**
     * @dev Returns the downcasted uint104 from uint256, reverting on
     * overflow (when the input is greater than largest uint104).
     *
     * Counterpart to Solidity's `uint104` operator.
     *
     * Requirements:
     *
     * - input must fit into 104 bits
     *
     * _Available since v4.7._
     */
    function toUint104(uint256 value) internal pure returns (uint104) {
        require(value <= type(uint104).max, "SafeCast: value doesn't fit in 104 bits");
        return uint104(value);
    }

    /**
     * @dev Returns the downcasted uint96 from uint256, reverting on
     * overflow (when the input is greater than largest uint96).
     *
     * Counterpart to Solidity's `uint96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     *
     * _Available since v4.2._
     */
    function toUint96(uint256 value) internal pure returns (uint96) {
        require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits");
        return uint96(value);
    }

    /**
     * @dev Returns the downcasted uint88 from uint256, reverting on
     * overflow (when the input is greater than largest uint88).
     *
     * Counterpart to Solidity's `uint88` operator.
     *
     * Requirements:
     *
     * - input must fit into 88 bits
     *
     * _Available since v4.7._
     */
    function toUint88(uint256 value) internal pure returns (uint88) {
        require(value <= type(uint88).max, "SafeCast: value doesn't fit in 88 bits");
        return uint88(value);
    }

    /**
     * @dev Returns the downcasted uint80 from uint256, reverting on
     * overflow (when the input is greater than largest uint80).
     *
     * Counterpart to Solidity's `uint80` operator.
     *
     * Requirements:
     *
     * - input must fit into 80 bits
     *
     * _Available since v4.7._
     */
    function toUint80(uint256 value) internal pure returns (uint80) {
        require(value <= type(uint80).max, "SafeCast: value doesn't fit in 80 bits");
        return uint80(value);
    }

    /**
     * @dev Returns the downcasted uint72 from uint256, reverting on
     * overflow (when the input is greater than largest uint72).
     *
     * Counterpart to Solidity's `uint72` operator.
     *
     * Requirements:
     *
     * - input must fit into 72 bits
     *
     * _Available since v4.7._
     */
    function toUint72(uint256 value) internal pure returns (uint72) {
        require(value <= type(uint72).max, "SafeCast: value doesn't fit in 72 bits");
        return uint72(value);
    }

    /**
     * @dev Returns the downcasted uint64 from uint256, reverting on
     * overflow (when the input is greater than largest uint64).
     *
     * Counterpart to Solidity's `uint64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     *
     * _Available since v2.5._
     */
    function toUint64(uint256 value) internal pure returns (uint64) {
        require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits");
        return uint64(value);
    }

    /**
     * @dev Returns the downcasted uint56 from uint256, reverting on
     * overflow (when the input is greater than largest uint56).
     *
     * Counterpart to Solidity's `uint56` operator.
     *
     * Requirements:
     *
     * - input must fit into 56 bits
     *
     * _Available since v4.7._
     */
    function toUint56(uint256 value) internal pure returns (uint56) {
        require(value <= type(uint56).max, "SafeCast: value doesn't fit in 56 bits");
        return uint56(value);
    }

    /**
     * @dev Returns the downcasted uint48 from uint256, reverting on
     * overflow (when the input is greater than largest uint48).
     *
     * Counterpart to Solidity's `uint48` operator.
     *
     * Requirements:
     *
     * - input must fit into 48 bits
     *
     * _Available since v4.7._
     */
    function toUint48(uint256 value) internal pure returns (uint48) {
        require(value <= type(uint48).max, "SafeCast: value doesn't fit in 48 bits");
        return uint48(value);
    }

    /**
     * @dev Returns the downcasted uint40 from uint256, reverting on
     * overflow (when the input is greater than largest uint40).
     *
     * Counterpart to Solidity's `uint40` operator.
     *
     * Requirements:
     *
     * - input must fit into 40 bits
     *
     * _Available since v4.7._
     */
    function toUint40(uint256 value) internal pure returns (uint40) {
        require(value <= type(uint40).max, "SafeCast: value doesn't fit in 40 bits");
        return uint40(value);
    }

    /**
     * @dev Returns the downcasted uint32 from uint256, reverting on
     * overflow (when the input is greater than largest uint32).
     *
     * Counterpart to Solidity's `uint32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     *
     * _Available since v2.5._
     */
    function toUint32(uint256 value) internal pure returns (uint32) {
        require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits");
        return uint32(value);
    }

    /**
     * @dev Returns the downcasted uint24 from uint256, reverting on
     * overflow (when the input is greater than largest uint24).
     *
     * Counterpart to Solidity's `uint24` operator.
     *
     * Requirements:
     *
     * - input must fit into 24 bits
     *
     * _Available since v4.7._
     */
    function toUint24(uint256 value) internal pure returns (uint24) {
        require(value <= type(uint24).max, "SafeCast: value doesn't fit in 24 bits");
        return uint24(value);
    }

    /**
     * @dev Returns the downcasted uint16 from uint256, reverting on
     * overflow (when the input is greater than largest uint16).
     *
     * Counterpart to Solidity's `uint16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     *
     * _Available since v2.5._
     */
    function toUint16(uint256 value) internal pure returns (uint16) {
        require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits");
        return uint16(value);
    }

    /**
     * @dev Returns the downcasted uint8 from uint256, reverting on
     * overflow (when the input is greater than largest uint8).
     *
     * Counterpart to Solidity's `uint8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits
     *
     * _Available since v2.5._
     */
    function toUint8(uint256 value) internal pure returns (uint8) {
        require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits");
        return uint8(value);
    }

    /**
     * @dev Converts a signed int256 into an unsigned uint256.
     *
     * Requirements:
     *
     * - input must be greater than or equal to 0.
     *
     * _Available since v3.0._
     */
    function toUint256(int256 value) internal pure returns (uint256) {
        require(value >= 0, "SafeCast: value must be positive");
        return uint256(value);
    }

    /**
     * @dev Returns the downcasted int248 from int256, reverting on
     * overflow (when the input is less than smallest int248 or
     * greater than largest int248).
     *
     * Counterpart to Solidity's `int248` operator.
     *
     * Requirements:
     *
     * - input must fit into 248 bits
     *
     * _Available since v4.7._
     */
    function toInt248(int256 value) internal pure returns (int248 downcasted) {
        downcasted = int248(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 248 bits");
    }

    /**
     * @dev Returns the downcasted int240 from int256, reverting on
     * overflow (when the input is less than smallest int240 or
     * greater than largest int240).
     *
     * Counterpart to Solidity's `int240` operator.
     *
     * Requirements:
     *
     * - input must fit into 240 bits
     *
     * _Available since v4.7._
     */
    function toInt240(int256 value) internal pure returns (int240 downcasted) {
        downcasted = int240(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 240 bits");
    }

    /**
     * @dev Returns the downcasted int232 from int256, reverting on
     * overflow (when the input is less than smallest int232 or
     * greater than largest int232).
     *
     * Counterpart to Solidity's `int232` operator.
     *
     * Requirements:
     *
     * - input must fit into 232 bits
     *
     * _Available since v4.7._
     */
    function toInt232(int256 value) internal pure returns (int232 downcasted) {
        downcasted = int232(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 232 bits");
    }

    /**
     * @dev Returns the downcasted int224 from int256, reverting on
     * overflow (when the input is less than smallest int224 or
     * greater than largest int224).
     *
     * Counterpart to Solidity's `int224` operator.
     *
     * Requirements:
     *
     * - input must fit into 224 bits
     *
     * _Available since v4.7._
     */
    function toInt224(int256 value) internal pure returns (int224 downcasted) {
        downcasted = int224(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 224 bits");
    }

    /**
     * @dev Returns the downcasted int216 from int256, reverting on
     * overflow (when the input is less than smallest int216 or
     * greater than largest int216).
     *
     * Counterpart to Solidity's `int216` operator.
     *
     * Requirements:
     *
     * - input must fit into 216 bits
     *
     * _Available since v4.7._
     */
    function toInt216(int256 value) internal pure returns (int216 downcasted) {
        downcasted = int216(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 216 bits");
    }

    /**
     * @dev Returns the downcasted int208 from int256, reverting on
     * overflow (when the input is less than smallest int208 or
     * greater than largest int208).
     *
     * Counterpart to Solidity's `int208` operator.
     *
     * Requirements:
     *
     * - input must fit into 208 bits
     *
     * _Available since v4.7._
     */
    function toInt208(int256 value) internal pure returns (int208 downcasted) {
        downcasted = int208(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 208 bits");
    }

    /**
     * @dev Returns the downcasted int200 from int256, reverting on
     * overflow (when the input is less than smallest int200 or
     * greater than largest int200).
     *
     * Counterpart to Solidity's `int200` operator.
     *
     * Requirements:
     *
     * - input must fit into 200 bits
     *
     * _Available since v4.7._
     */
    function toInt200(int256 value) internal pure returns (int200 downcasted) {
        downcasted = int200(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 200 bits");
    }

    /**
     * @dev Returns the downcasted int192 from int256, reverting on
     * overflow (when the input is less than smallest int192 or
     * greater than largest int192).
     *
     * Counterpart to Solidity's `int192` operator.
     *
     * Requirements:
     *
     * - input must fit into 192 bits
     *
     * _Available since v4.7._
     */
    function toInt192(int256 value) internal pure returns (int192 downcasted) {
        downcasted = int192(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 192 bits");
    }

    /**
     * @dev Returns the downcasted int184 from int256, reverting on
     * overflow (when the input is less than smallest int184 or
     * greater than largest int184).
     *
     * Counterpart to Solidity's `int184` operator.
     *
     * Requirements:
     *
     * - input must fit into 184 bits
     *
     * _Available since v4.7._
     */
    function toInt184(int256 value) internal pure returns (int184 downcasted) {
        downcasted = int184(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 184 bits");
    }

    /**
     * @dev Returns the downcasted int176 from int256, reverting on
     * overflow (when the input is less than smallest int176 or
     * greater than largest int176).
     *
     * Counterpart to Solidity's `int176` operator.
     *
     * Requirements:
     *
     * - input must fit into 176 bits
     *
     * _Available since v4.7._
     */
    function toInt176(int256 value) internal pure returns (int176 downcasted) {
        downcasted = int176(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 176 bits");
    }

    /**
     * @dev Returns the downcasted int168 from int256, reverting on
     * overflow (when the input is less than smallest int168 or
     * greater than largest int168).
     *
     * Counterpart to Solidity's `int168` operator.
     *
     * Requirements:
     *
     * - input must fit into 168 bits
     *
     * _Available since v4.7._
     */
    function toInt168(int256 value) internal pure returns (int168 downcasted) {
        downcasted = int168(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 168 bits");
    }

    /**
     * @dev Returns the downcasted int160 from int256, reverting on
     * overflow (when the input is less than smallest int160 or
     * greater than largest int160).
     *
     * Counterpart to Solidity's `int160` operator.
     *
     * Requirements:
     *
     * - input must fit into 160 bits
     *
     * _Available since v4.7._
     */
    function toInt160(int256 value) internal pure returns (int160 downcasted) {
        downcasted = int160(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 160 bits");
    }

    /**
     * @dev Returns the downcasted int152 from int256, reverting on
     * overflow (when the input is less than smallest int152 or
     * greater than largest int152).
     *
     * Counterpart to Solidity's `int152` operator.
     *
     * Requirements:
     *
     * - input must fit into 152 bits
     *
     * _Available since v4.7._
     */
    function toInt152(int256 value) internal pure returns (int152 downcasted) {
        downcasted = int152(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 152 bits");
    }

    /**
     * @dev Returns the downcasted int144 from int256, reverting on
     * overflow (when the input is less than smallest int144 or
     * greater than largest int144).
     *
     * Counterpart to Solidity's `int144` operator.
     *
     * Requirements:
     *
     * - input must fit into 144 bits
     *
     * _Available since v4.7._
     */
    function toInt144(int256 value) internal pure returns (int144 downcasted) {
        downcasted = int144(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 144 bits");
    }

    /**
     * @dev Returns the downcasted int136 from int256, reverting on
     * overflow (when the input is less than smallest int136 or
     * greater than largest int136).
     *
     * Counterpart to Solidity's `int136` operator.
     *
     * Requirements:
     *
     * - input must fit into 136 bits
     *
     * _Available since v4.7._
     */
    function toInt136(int256 value) internal pure returns (int136 downcasted) {
        downcasted = int136(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 136 bits");
    }

    /**
     * @dev Returns the downcasted int128 from int256, reverting on
     * overflow (when the input is less than smallest int128 or
     * greater than largest int128).
     *
     * Counterpart to Solidity's `int128` operator.
     *
     * Requirements:
     *
     * - input must fit into 128 bits
     *
     * _Available since v3.1._
     */
    function toInt128(int256 value) internal pure returns (int128 downcasted) {
        downcasted = int128(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 128 bits");
    }

    /**
     * @dev Returns the downcasted int120 from int256, reverting on
     * overflow (when the input is less than smallest int120 or
     * greater than largest int120).
     *
     * Counterpart to Solidity's `int120` operator.
     *
     * Requirements:
     *
     * - input must fit into 120 bits
     *
     * _Available since v4.7._
     */
    function toInt120(int256 value) internal pure returns (int120 downcasted) {
        downcasted = int120(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 120 bits");
    }

    /**
     * @dev Returns the downcasted int112 from int256, reverting on
     * overflow (when the input is less than smallest int112 or
     * greater than largest int112).
     *
     * Counterpart to Solidity's `int112` operator.
     *
     * Requirements:
     *
     * - input must fit into 112 bits
     *
     * _Available since v4.7._
     */
    function toInt112(int256 value) internal pure returns (int112 downcasted) {
        downcasted = int112(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 112 bits");
    }

    /**
     * @dev Returns the downcasted int104 from int256, reverting on
     * overflow (when the input is less than smallest int104 or
     * greater than largest int104).
     *
     * Counterpart to Solidity's `int104` operator.
     *
     * Requirements:
     *
     * - input must fit into 104 bits
     *
     * _Available since v4.7._
     */
    function toInt104(int256 value) internal pure returns (int104 downcasted) {
        downcasted = int104(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 104 bits");
    }

    /**
     * @dev Returns the downcasted int96 from int256, reverting on
     * overflow (when the input is less than smallest int96 or
     * greater than largest int96).
     *
     * Counterpart to Solidity's `int96` operator.
     *
     * Requirements:
     *
     * - input must fit into 96 bits
     *
     * _Available since v4.7._
     */
    function toInt96(int256 value) internal pure returns (int96 downcasted) {
        downcasted = int96(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 96 bits");
    }

    /**
     * @dev Returns the downcasted int88 from int256, reverting on
     * overflow (when the input is less than smallest int88 or
     * greater than largest int88).
     *
     * Counterpart to Solidity's `int88` operator.
     *
     * Requirements:
     *
     * - input must fit into 88 bits
     *
     * _Available since v4.7._
     */
    function toInt88(int256 value) internal pure returns (int88 downcasted) {
        downcasted = int88(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 88 bits");
    }

    /**
     * @dev Returns the downcasted int80 from int256, reverting on
     * overflow (when the input is less than smallest int80 or
     * greater than largest int80).
     *
     * Counterpart to Solidity's `int80` operator.
     *
     * Requirements:
     *
     * - input must fit into 80 bits
     *
     * _Available since v4.7._
     */
    function toInt80(int256 value) internal pure returns (int80 downcasted) {
        downcasted = int80(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 80 bits");
    }

    /**
     * @dev Returns the downcasted int72 from int256, reverting on
     * overflow (when the input is less than smallest int72 or
     * greater than largest int72).
     *
     * Counterpart to Solidity's `int72` operator.
     *
     * Requirements:
     *
     * - input must fit into 72 bits
     *
     * _Available since v4.7._
     */
    function toInt72(int256 value) internal pure returns (int72 downcasted) {
        downcasted = int72(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 72 bits");
    }

    /**
     * @dev Returns the downcasted int64 from int256, reverting on
     * overflow (when the input is less than smallest int64 or
     * greater than largest int64).
     *
     * Counterpart to Solidity's `int64` operator.
     *
     * Requirements:
     *
     * - input must fit into 64 bits
     *
     * _Available since v3.1._
     */
    function toInt64(int256 value) internal pure returns (int64 downcasted) {
        downcasted = int64(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 64 bits");
    }

    /**
     * @dev Returns the downcasted int56 from int256, reverting on
     * overflow (when the input is less than smallest int56 or
     * greater than largest int56).
     *
     * Counterpart to Solidity's `int56` operator.
     *
     * Requirements:
     *
     * - input must fit into 56 bits
     *
     * _Available since v4.7._
     */
    function toInt56(int256 value) internal pure returns (int56 downcasted) {
        downcasted = int56(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 56 bits");
    }

    /**
     * @dev Returns the downcasted int48 from int256, reverting on
     * overflow (when the input is less than smallest int48 or
     * greater than largest int48).
     *
     * Counterpart to Solidity's `int48` operator.
     *
     * Requirements:
     *
     * - input must fit into 48 bits
     *
     * _Available since v4.7._
     */
    function toInt48(int256 value) internal pure returns (int48 downcasted) {
        downcasted = int48(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 48 bits");
    }

    /**
     * @dev Returns the downcasted int40 from int256, reverting on
     * overflow (when the input is less than smallest int40 or
     * greater than largest int40).
     *
     * Counterpart to Solidity's `int40` operator.
     *
     * Requirements:
     *
     * - input must fit into 40 bits
     *
     * _Available since v4.7._
     */
    function toInt40(int256 value) internal pure returns (int40 downcasted) {
        downcasted = int40(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 40 bits");
    }

    /**
     * @dev Returns the downcasted int32 from int256, reverting on
     * overflow (when the input is less than smallest int32 or
     * greater than largest int32).
     *
     * Counterpart to Solidity's `int32` operator.
     *
     * Requirements:
     *
     * - input must fit into 32 bits
     *
     * _Available since v3.1._
     */
    function toInt32(int256 value) internal pure returns (int32 downcasted) {
        downcasted = int32(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 32 bits");
    }

    /**
     * @dev Returns the downcasted int24 from int256, reverting on
     * overflow (when the input is less than smallest int24 or
     * greater than largest int24).
     *
     * Counterpart to Solidity's `int24` operator.
     *
     * Requirements:
     *
     * - input must fit into 24 bits
     *
     * _Available since v4.7._
     */
    function toInt24(int256 value) internal pure returns (int24 downcasted) {
        downcasted = int24(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 24 bits");
    }

    /**
     * @dev Returns the downcasted int16 from int256, reverting on
     * overflow (when the input is less than smallest int16 or
     * greater than largest int16).
     *
     * Counterpart to Solidity's `int16` operator.
     *
     * Requirements:
     *
     * - input must fit into 16 bits
     *
     * _Available since v3.1._
     */
    function toInt16(int256 value) internal pure returns (int16 downcasted) {
        downcasted = int16(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 16 bits");
    }

    /**
     * @dev Returns the downcasted int8 from int256, reverting on
     * overflow (when the input is less than smallest int8 or
     * greater than largest int8).
     *
     * Counterpart to Solidity's `int8` operator.
     *
     * Requirements:
     *
     * - input must fit into 8 bits
     *
     * _Available since v3.1._
     */
    function toInt8(int256 value) internal pure returns (int8 downcasted) {
        downcasted = int8(value);
        require(downcasted == value, "SafeCast: value doesn't fit in 8 bits");
    }

    /**
     * @dev Converts an unsigned uint256 into a signed int256.
     *
     * Requirements:
     *
     * - input must be less than or equal to maxInt256.
     *
     * _Available since v3.0._
     */
    function toInt256(uint256 value) internal pure returns (int256) {
        // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
        require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256");
        return int256(value);
    }
}

File 13 of 26 : ERC20WithPermit.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.4;

import "@openzeppelin/contracts/access/Ownable.sol";

import "./IERC20WithPermit.sol";
import "./IReceiveApproval.sol";

/// @title  ERC20WithPermit
/// @notice Burnable ERC20 token with EIP2612 permit functionality. User can
///         authorize a transfer of their token with a signature conforming
///         EIP712 standard instead of an on-chain transaction from their
///         address. Anyone can submit this signature on the user's behalf by
///         calling the permit function, as specified in EIP2612 standard,
///         paying gas fees, and possibly performing other actions in the same
///         transaction.
contract ERC20WithPermit is IERC20WithPermit, Ownable {
    /// @notice The amount of tokens owned by the given account.
    mapping(address => uint256) public override balanceOf;

    /// @notice The remaining number of tokens that spender will be
    ///         allowed to spend on behalf of owner through `transferFrom` and
    ///         `burnFrom`. This is zero by default.
    mapping(address => mapping(address => uint256)) public override allowance;

    /// @notice Returns the current nonce for EIP2612 permission for the
    ///         provided token owner for a replay protection. Used to construct
    ///         EIP2612 signature provided to `permit` function.
    mapping(address => uint256) public override nonce;

    uint256 public immutable cachedChainId;
    bytes32 public immutable cachedDomainSeparator;

    /// @notice Returns EIP2612 Permit message hash. Used to construct EIP2612
    ///         signature provided to `permit` function.
    bytes32 public constant override PERMIT_TYPEHASH =
        keccak256(
            "Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
        );

    /// @notice The amount of tokens in existence.
    uint256 public override totalSupply;

    /// @notice The name of the token.
    string public override name;

    /// @notice The symbol of the token.
    string public override symbol;

    /// @notice The decimals places of the token.
    uint8 public constant override decimals = 18;

    constructor(string memory _name, string memory _symbol) {
        name = _name;
        symbol = _symbol;

        cachedChainId = block.chainid;
        cachedDomainSeparator = buildDomainSeparator();
    }

    /// @notice Moves `amount` tokens from the caller's account to `recipient`.
    /// @return True if the operation succeeded, reverts otherwise.
    /// @dev Requirements:
    ///       - `recipient` cannot be the zero address,
    ///       - the caller must have a balance of at least `amount`.
    function transfer(address recipient, uint256 amount)
        external
        override
        returns (bool)
    {
        _transfer(msg.sender, recipient, amount);
        return true;
    }

    /// @notice Moves `amount` tokens from `spender` to `recipient` using the
    ///         allowance mechanism. `amount` is then deducted from the caller's
    ///         allowance unless the allowance was made for `type(uint256).max`.
    /// @return True if the operation succeeded, reverts otherwise.
    /// @dev Requirements:
    ///      - `spender` and `recipient` cannot be the zero address,
    ///      - `spender` must have a balance of at least `amount`,
    ///      - the caller must have allowance for `spender`'s tokens of at least
    ///        `amount`.
    function transferFrom(
        address spender,
        address recipient,
        uint256 amount
    ) external override returns (bool) {
        uint256 currentAllowance = allowance[spender][msg.sender];
        if (currentAllowance != type(uint256).max) {
            require(
                currentAllowance >= amount,
                "Transfer amount exceeds allowance"
            );
            _approve(spender, msg.sender, currentAllowance - amount);
        }
        _transfer(spender, recipient, amount);
        return true;
    }

    /// @notice EIP2612 approval made with secp256k1 signature.
    ///         Users can authorize a transfer of their tokens with a signature
    ///         conforming EIP712 standard, rather than an on-chain transaction
    ///         from their address. Anyone can submit this signature on the
    ///         user's behalf by calling the permit function, paying gas fees,
    ///         and possibly performing other actions in the same transaction.
    /// @dev    The deadline argument can be set to `type(uint256).max to create
    ///         permits that effectively never expire.  If the `amount` is set
    ///         to `type(uint256).max` then `transferFrom` and `burnFrom` will
    ///         not reduce an allowance.
    function permit(
        address owner,
        address spender,
        uint256 amount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external override {
        /* solhint-disable-next-line not-rely-on-time */
        require(deadline >= block.timestamp, "Permission expired");

        // Validate `s` and `v` values for a malleability concern described in EIP2.
        // Only signatures with `s` value in the lower half of the secp256k1
        // curve's order and `v` value of 27 or 28 are considered valid.
        require(
            uint256(s) <=
                0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,
            "Invalid signature 's' value"
        );
        require(v == 27 || v == 28, "Invalid signature 'v' value");

        bytes32 digest = keccak256(
            abi.encodePacked(
                "\x19\x01",
                DOMAIN_SEPARATOR(),
                keccak256(
                    abi.encode(
                        PERMIT_TYPEHASH,
                        owner,
                        spender,
                        amount,
                        nonce[owner]++,
                        deadline
                    )
                )
            )
        );
        address recoveredAddress = ecrecover(digest, v, r, s);
        require(
            recoveredAddress != address(0) && recoveredAddress == owner,
            "Invalid signature"
        );
        _approve(owner, spender, amount);
    }

    /// @notice Creates `amount` tokens and assigns them to `account`,
    ///         increasing the total supply.
    /// @dev Requirements:
    ///      - `recipient` cannot be the zero address.
    function mint(address recipient, uint256 amount) external onlyOwner {
        require(recipient != address(0), "Mint to the zero address");

        beforeTokenTransfer(address(0), recipient, amount);

        totalSupply += amount;
        balanceOf[recipient] += amount;
        emit Transfer(address(0), recipient, amount);
    }

    /// @notice Destroys `amount` tokens from the caller.
    /// @dev Requirements:
    ///       - the caller must have a balance of at least `amount`.
    function burn(uint256 amount) external override {
        _burn(msg.sender, amount);
    }

    /// @notice Destroys `amount` of tokens from `account` using the allowance
    ///         mechanism. `amount` is then deducted from the caller's allowance
    ///         unless the allowance was made for `type(uint256).max`.
    /// @dev Requirements:
    ///      - `account` must have a balance of at least `amount`,
    ///      - the caller must have allowance for `account`'s tokens of at least
    ///        `amount`.
    function burnFrom(address account, uint256 amount) external override {
        uint256 currentAllowance = allowance[account][msg.sender];
        if (currentAllowance != type(uint256).max) {
            require(
                currentAllowance >= amount,
                "Burn amount exceeds allowance"
            );
            _approve(account, msg.sender, currentAllowance - amount);
        }
        _burn(account, amount);
    }

    /// @notice Calls `receiveApproval` function on spender previously approving
    ///         the spender to withdraw from the caller multiple times, up to
    ///         the `amount` amount. If this function is called again, it
    ///         overwrites the current allowance with `amount`. Reverts if the
    ///         approval reverted or if `receiveApproval` call on the spender
    ///         reverted.
    /// @return True if both approval and `receiveApproval` calls succeeded.
    /// @dev If the `amount` is set to `type(uint256).max` then
    ///      `transferFrom` and `burnFrom` will not reduce an allowance.
    function approveAndCall(
        address spender,
        uint256 amount,
        bytes memory extraData
    ) external override returns (bool) {
        if (approve(spender, amount)) {
            IReceiveApproval(spender).receiveApproval(
                msg.sender,
                amount,
                address(this),
                extraData
            );
            return true;
        }
        return false;
    }

    /// @notice Sets `amount` as the allowance of `spender` over the caller's
    ///         tokens.
    /// @return True if the operation succeeded.
    /// @dev If the `amount` is set to `type(uint256).max` then
    ///      `transferFrom` and `burnFrom` will not reduce an allowance.
    ///      Beware that changing an allowance with this method brings the risk
    ///      that someone may use both the old and the new allowance by
    ///      unfortunate transaction ordering. One possible solution to mitigate
    ///      this race condition is to first reduce the spender's allowance to 0
    ///      and set the desired value afterwards:
    ///      https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
    function approve(address spender, uint256 amount)
        public
        override
        returns (bool)
    {
        _approve(msg.sender, spender, amount);
        return true;
    }

    /// @notice Returns hash of EIP712 Domain struct with the token name as
    ///         a signing domain and token contract as a verifying contract.
    ///         Used to construct EIP2612 signature provided to `permit`
    ///         function.
    /* solhint-disable-next-line func-name-mixedcase */
    function DOMAIN_SEPARATOR() public view override returns (bytes32) {
        // As explained in EIP-2612, if the DOMAIN_SEPARATOR contains the
        // chainId and is defined at contract deployment instead of
        // reconstructed for every signature, there is a risk of possible replay
        // attacks between chains in the event of a future chain split.
        // To address this issue, we check the cached chain ID against the
        // current one and in case they are different, we build domain separator
        // from scratch.
        if (block.chainid == cachedChainId) {
            return cachedDomainSeparator;
        } else {
            return buildDomainSeparator();
        }
    }

    /// @dev Hook that is called before any transfer of tokens. This includes
    ///      minting and burning.
    ///
    /// Calling conditions:
    /// - when `from` and `to` are both non-zero, `amount` of `from`'s tokens
    ///   will be to transferred to `to`.
    /// - when `from` is zero, `amount` tokens will be minted for `to`.
    /// - when `to` is zero, `amount` of ``from``'s tokens will be burned.
    /// - `from` and `to` are never both zero.
    // slither-disable-next-line dead-code
    function beforeTokenTransfer(
        address from,
        address to,
        uint256 amount
    ) internal virtual {}

    function _burn(address account, uint256 amount) internal {
        uint256 currentBalance = balanceOf[account];
        require(currentBalance >= amount, "Burn amount exceeds balance");

        beforeTokenTransfer(account, address(0), amount);

        balanceOf[account] = currentBalance - amount;
        totalSupply -= amount;
        emit Transfer(account, address(0), amount);
    }

    function _transfer(
        address spender,
        address recipient,
        uint256 amount
    ) private {
        require(spender != address(0), "Transfer from the zero address");
        require(recipient != address(0), "Transfer to the zero address");
        require(recipient != address(this), "Transfer to the token address");

        beforeTokenTransfer(spender, recipient, amount);

        uint256 spenderBalance = balanceOf[spender];
        require(spenderBalance >= amount, "Transfer amount exceeds balance");
        balanceOf[spender] = spenderBalance - amount;
        balanceOf[recipient] += amount;
        emit Transfer(spender, recipient, amount);
    }

    function _approve(
        address owner,
        address spender,
        uint256 amount
    ) private {
        require(owner != address(0), "Approve from the zero address");
        require(spender != address(0), "Approve to the zero address");
        allowance[owner][spender] = amount;
        emit Approval(owner, spender, amount);
    }

    function buildDomainSeparator() private view returns (bytes32) {
        return
            keccak256(
                abi.encode(
                    keccak256(
                        "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
                    ),
                    keccak256(bytes(name)),
                    keccak256(bytes("1")),
                    block.chainid,
                    address(this)
                )
            );
    }
}

File 14 of 26 : IApproveAndCall.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.4;

/// @notice An interface that should be implemented by tokens supporting
///         `approveAndCall`/`receiveApproval` pattern.
interface IApproveAndCall {
    /// @notice Executes `receiveApproval` function on spender as specified in
    ///         `IReceiveApproval` interface. Approves spender to withdraw from
    ///         the caller multiple times, up to the `amount`. If this
    ///         function is called again, it overwrites the current allowance
    ///         with `amount`. Reverts if the approval reverted or if
    ///         `receiveApproval` call on the spender reverted.
    function approveAndCall(
        address spender,
        uint256 amount,
        bytes memory extraData
    ) external returns (bool);
}

File 15 of 26 : IERC20WithPermit.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.4;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";

import "./IApproveAndCall.sol";

/// @title  IERC20WithPermit
/// @notice Burnable ERC20 token with EIP2612 permit functionality. User can
///         authorize a transfer of their token with a signature conforming
///         EIP712 standard instead of an on-chain transaction from their
///         address. Anyone can submit this signature on the user's behalf by
///         calling the permit function, as specified in EIP2612 standard,
///         paying gas fees, and possibly performing other actions in the same
///         transaction.
interface IERC20WithPermit is IERC20, IERC20Metadata, IApproveAndCall {
    /// @notice EIP2612 approval made with secp256k1 signature.
    ///         Users can authorize a transfer of their tokens with a signature
    ///         conforming EIP712 standard, rather than an on-chain transaction
    ///         from their address. Anyone can submit this signature on the
    ///         user's behalf by calling the permit function, paying gas fees,
    ///         and possibly performing other actions in the same transaction.
    /// @dev    The deadline argument can be set to `type(uint256).max to create
    ///         permits that effectively never expire.
    function permit(
        address owner,
        address spender,
        uint256 amount,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external;

    /// @notice Destroys `amount` tokens from the caller.
    function burn(uint256 amount) external;

    /// @notice Destroys `amount` of tokens from `account`, deducting the amount
    ///         from caller's allowance.
    function burnFrom(address account, uint256 amount) external;

    /// @notice Returns hash of EIP712 Domain struct with the token name as
    ///         a signing domain and token contract as a verifying contract.
    ///         Used to construct EIP2612 signature provided to `permit`
    ///         function.
    /* solhint-disable-next-line func-name-mixedcase */
    function DOMAIN_SEPARATOR() external view returns (bytes32);

    /// @notice Returns the current nonce for EIP2612 permission for the
    ///         provided token owner for a replay protection. Used to construct
    ///         EIP2612 signature provided to `permit` function.
    function nonce(address owner) external view returns (uint256);

    /// @notice Returns EIP2612 Permit message hash. Used to construct EIP2612
    ///         signature provided to `permit` function.
    /* solhint-disable-next-line func-name-mixedcase */
    function PERMIT_TYPEHASH() external pure returns (bytes32);
}

File 16 of 26 : IReceiveApproval.sol
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.4;

/// @notice An interface that should be implemented by contracts supporting
///         `approveAndCall`/`receiveApproval` pattern.
interface IReceiveApproval {
    /// @notice Receives approval to spend tokens. Called as a result of
    ///         `approveAndCall` call on the token.
    function receiveApproval(
        address from,
        uint256 amount,
        address token,
        bytes calldata extraData
    ) external;
}

File 17 of 26 : Checkpoints.sol
// SPDX-License-Identifier: GPL-3.0-or-later

// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ

pragma solidity 0.8.9;

import "./IVotesHistory.sol";
import "@openzeppelin/contracts-upgradeable/utils/math/MathUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol";

/// @title Checkpoints
/// @dev Abstract contract to support checkpoints for Compound-like voting and
///      delegation. This implementation supports token supply up to 2^96 - 1.
///      This contract keeps a history (checkpoints) of each account's vote
///      power. Vote power can be delegated either by calling the {delegate}
///      function directly, or by providing a signature to be used with
///      {delegateBySig}. Voting power can be publicly queried through
///      {getVotes} and {getPastVotes}.
///      NOTE: Extracted from OpenZeppelin ERCVotes.sol.
/// @dev This contract is upgrade-safe.
abstract contract Checkpoints is IVotesHistory {
    struct Checkpoint {
        uint32 fromBlock;
        uint96 votes;
    }

    // slither-disable-next-line uninitialized-state
    mapping(address => address) internal _delegates;
    mapping(address => uint128[]) internal _checkpoints;
    uint128[] internal _totalSupplyCheckpoints;

    // Reserved storage space in case we need to add more variables,
    // since there are upgradeable contracts that inherit from this one.
    // See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
    // slither-disable-next-line unused-state
    uint256[47] private __gap;

    /// @notice Emitted when an account changes their delegate.
    event DelegateChanged(
        address indexed delegator,
        address indexed fromDelegate,
        address indexed toDelegate
    );

    /// @notice Emitted when a balance or delegate change results in changes
    ///         to an account's voting power.
    event DelegateVotesChanged(
        address indexed delegate,
        uint256 previousBalance,
        uint256 newBalance
    );

    function checkpoints(address account, uint32 pos)
        public
        view
        virtual
        returns (Checkpoint memory checkpoint)
    {
        (uint32 fromBlock, uint96 votes) = decodeCheckpoint(
            _checkpoints[account][pos]
        );
        checkpoint = Checkpoint(fromBlock, votes);
    }

    /// @notice Get number of checkpoints for `account`.
    function numCheckpoints(address account)
        public
        view
        virtual
        returns (uint32)
    {
        return SafeCastUpgradeable.toUint32(_checkpoints[account].length);
    }

    /// @notice Get the address `account` is currently delegating to.
    function delegates(address account) public view virtual returns (address) {
        return _delegates[account];
    }

    /// @notice Gets the current votes balance for `account`.
    /// @param account The address to get votes balance
    /// @return The number of current votes for `account`
    function getVotes(address account) public view returns (uint96) {
        uint256 pos = _checkpoints[account].length;
        return pos == 0 ? 0 : decodeValue(_checkpoints[account][pos - 1]);
    }

    /// @notice Determine the prior number of votes for an account as of
    ///         a block number.
    /// @dev Block number must be a finalized block or else this function will
    ///      revert to prevent misinformation.
    /// @param account The address of the account to check
    /// @param blockNumber The block number to get the vote balance at
    /// @return The number of votes the account had as of the given block
    function getPastVotes(address account, uint256 blockNumber)
        public
        view
        returns (uint96)
    {
        return lookupCheckpoint(_checkpoints[account], blockNumber);
    }

    /// @notice Retrieve the `totalSupply` at the end of `blockNumber`.
    ///         Note, this value is the sum of all balances, but it is NOT the
    ///         sum of all the delegated votes!
    /// @param blockNumber The block number to get the total supply at
    /// @dev `blockNumber` must have been already mined
    function getPastTotalSupply(uint256 blockNumber)
        public
        view
        returns (uint96)
    {
        return lookupCheckpoint(_totalSupplyCheckpoints, blockNumber);
    }

    /// @notice Change delegation for `delegator` to `delegatee`.
    // slither-disable-next-line dead-code
    function delegate(address delegator, address delegatee) internal virtual;

    /// @notice Moves voting power from one delegate to another
    /// @param src Address of old delegate
    /// @param dst Address of new delegate
    /// @param amount Voting power amount to transfer between delegates
    function moveVotingPower(
        address src,
        address dst,
        uint256 amount
    ) internal {
        if (src != dst && amount > 0) {
            if (src != address(0)) {
                // https://github.com/crytic/slither/issues/960
                // slither-disable-next-line variable-scope
                (uint256 oldWeight, uint256 newWeight) = writeCheckpoint(
                    _checkpoints[src],
                    subtract,
                    amount
                );
                emit DelegateVotesChanged(src, oldWeight, newWeight);
            }

            if (dst != address(0)) {
                // https://github.com/crytic/slither/issues/959
                // slither-disable-next-line uninitialized-local
                (uint256 oldWeight, uint256 newWeight) = writeCheckpoint(
                    _checkpoints[dst],
                    add,
                    amount
                );
                emit DelegateVotesChanged(dst, oldWeight, newWeight);
            }
        }
    }

    /// @notice Writes a new checkpoint based on operating last stored value
    ///         with a `delta`. Usually, said operation is the `add` or
    ///         `subtract` functions from this contract, but more complex
    ///         functions can be passed as parameters.
    /// @param ckpts The checkpoints array to use
    /// @param op The function to apply over the last value and the `delta`
    /// @param delta Variation with respect to last stored value to be used
    ///              for new checkpoint
    function writeCheckpoint(
        uint128[] storage ckpts,
        function(uint256, uint256) view returns (uint256) op,
        uint256 delta
    ) internal returns (uint256 oldWeight, uint256 newWeight) {
        uint256 pos = ckpts.length;
        oldWeight = pos == 0 ? 0 : decodeValue(ckpts[pos - 1]);
        newWeight = op(oldWeight, delta);

        if (pos > 0) {
            uint32 fromBlock = decodeBlockNumber(ckpts[pos - 1]);
            // slither-disable-next-line incorrect-equality
            if (fromBlock == block.number) {
                ckpts[pos - 1] = encodeCheckpoint(
                    fromBlock,
                    SafeCastUpgradeable.toUint96(newWeight)
                );
                return (oldWeight, newWeight);
            }
        }

        ckpts.push(
            encodeCheckpoint(
                SafeCastUpgradeable.toUint32(block.number),
                SafeCastUpgradeable.toUint96(newWeight)
            )
        );
    }

    /// @notice Lookup a value in a list of (sorted) checkpoints.
    /// @param ckpts The checkpoints array to use
    /// @param blockNumber Block number when we want to get the checkpoint at
    function lookupCheckpoint(uint128[] storage ckpts, uint256 blockNumber)
        internal
        view
        returns (uint96)
    {
        // We run a binary search to look for the earliest checkpoint taken
        // after `blockNumber`. During the loop, the index of the wanted
        // checkpoint remains in the range [low-1, high). With each iteration,
        // either `low` or `high` is moved towards the middle of the range to
        // maintain the invariant.
        // - If the middle checkpoint is after `blockNumber`,
        //   we look in [low, mid)
        // - If the middle checkpoint is before or equal to `blockNumber`,
        //   we look in [mid+1, high)
        // Once we reach a single value (when low == high), we've found the
        // right checkpoint at the index high-1, if not out of bounds (in that
        // case we're looking too far in the past and the result is 0).
        // Note that if the latest checkpoint available is exactly for
        // `blockNumber`, we end up with an index that is past the end of the
        // array, so we technically don't find a checkpoint after
        // `blockNumber`, but it works out the same.
        require(blockNumber < block.number, "Block not yet determined");

        uint256 high = ckpts.length;
        uint256 low = 0;
        while (low < high) {
            uint256 mid = MathUpgradeable.average(low, high);
            uint32 midBlock = decodeBlockNumber(ckpts[mid]);
            if (midBlock > blockNumber) {
                high = mid;
            } else {
                low = mid + 1;
            }
        }

        return high == 0 ? 0 : decodeValue(ckpts[high - 1]);
    }

    /// @notice Maximum token supply. Defaults to `type(uint96).max` (2^96 - 1)
    // slither-disable-next-line dead-code
    function maxSupply() internal view virtual returns (uint96) {
        return type(uint96).max;
    }

    /// @notice Encodes a `blockNumber` and `value` into a single `uint128`
    ///         checkpoint.
    /// @dev `blockNumber` is stored in the first 32 bits, while `value` in the
    ///      remaining 96 bits.
    function encodeCheckpoint(uint32 blockNumber, uint96 value)
        internal
        pure
        returns (uint128)
    {
        return (uint128(blockNumber) << 96) | uint128(value);
    }

    /// @notice Decodes a block number from a `uint128` `checkpoint`.
    function decodeBlockNumber(uint128 checkpoint)
        internal
        pure
        returns (uint32)
    {
        return uint32(bytes4(bytes16(checkpoint)));
    }

    /// @notice Decodes a voting value from a `uint128` `checkpoint`.
    function decodeValue(uint128 checkpoint) internal pure returns (uint96) {
        return uint96(checkpoint);
    }

    /// @notice Decodes a block number and voting value from a `uint128`
    ///         `checkpoint`.
    function decodeCheckpoint(uint128 checkpoint)
        internal
        pure
        returns (uint32 blockNumber, uint96 value)
    {
        blockNumber = decodeBlockNumber(checkpoint);
        value = decodeValue(checkpoint);
    }

    // slither-disable-next-line dead-code
    function add(uint256 a, uint256 b) internal pure returns (uint256) {
        return a + b;
    }

    // slither-disable-next-line dead-code
    function subtract(uint256 a, uint256 b) internal pure returns (uint256) {
        return a - b;
    }
}

File 18 of 26 : IVotesHistory.sol
// SPDX-License-Identifier: GPL-3.0-or-later

// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
// β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ
//               β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ    β–β–ˆβ–ˆβ–ˆβ–ˆβ–Œ

pragma solidity 0.8.9;

interface IVotesHistory {
    function getPastVotes(address account, uint256 blockNumber)
        external
        view
        returns (uint96);

    function getPastTotalSupply(uint256 blockNumber)
        external
        view
        returns (uint96);
}

File 19 of 26 : AssetPool.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

import "./interfaces/IAssetPool.sol";
import "./interfaces/IAssetPoolUpgrade.sol";
import "./interfaces/ICollateralToken.sol";
import "./RewardsPool.sol";
import "./UnderwriterToken.sol";
import "./GovernanceUtils.sol";

import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

/// @title Asset Pool
/// @notice Asset pool is a component of a Coverage Pool. Asset Pool
///         accepts a single ERC20 token as collateral, and returns an
///         underwriter token. For example, an asset pool might accept deposits
///         in KEEP in return for covKEEP underwriter tokens. Underwriter tokens
///         represent an ownership share in the underlying collateral of the
///         Asset Pool. Asset Pool accepts no more than 2^96-1 collateral tokens
///         as a deposit. It means that the total supply of the collateral token
///         can not be greater than 2^96-1 or, if that supply is greater, it is
///         acceptable that not all tokens can be deposited into the pool.
contract AssetPool is Ownable, IAssetPool {
    using SafeERC20 for ICollateralToken;
    using SafeERC20 for UnderwriterToken;

    ICollateralToken public immutable collateralToken;
    UnderwriterToken public immutable underwriterToken;

    RewardsPool public immutable rewardsPool;

    IAssetPoolUpgrade public newAssetPool;

    /// @notice The time it takes the underwriter to withdraw their collateral
    ///         and rewards from the pool. This is the time that needs to pass
    ///         between initiating and completing the withdrawal. During that
    ///         time, underwriter is still earning rewards and their share of
    ///         the pool is still a subject of a possible coverage claim.
    uint256 public withdrawalDelay = 21 days;
    uint256 public newWithdrawalDelay;
    uint256 public withdrawalDelayChangeInitiated;

    /// @notice The time the underwriter has after the withdrawal delay passed
    ///         to complete the withdrawal. During that time, underwriter is
    ///         still earning rewards and their share of the pool is still
    ///         a subject of a possible coverage claim.
    ///         After the withdrawal timeout elapses, tokens stay in the pool
    ///         and the underwriter has to initiate the withdrawal again and
    ///         wait for the full withdrawal delay to complete the withdrawal.
    uint256 public withdrawalTimeout = 2 days;
    uint256 public newWithdrawalTimeout;
    uint256 public withdrawalTimeoutChangeInitiated;

    mapping(address => uint256) public withdrawalInitiatedTimestamp;
    mapping(address => uint256) public pendingWithdrawal;

    event Deposited(
        address indexed underwriter,
        uint256 amount,
        uint256 covAmount
    );

    event CoverageClaimed(
        address indexed recipient,
        uint256 amount,
        uint256 timestamp
    );

    event WithdrawalInitiated(
        address indexed underwriter,
        uint256 covAmount,
        uint256 timestamp
    );
    event WithdrawalCompleted(
        address indexed underwriter,
        uint256 amount,
        uint256 covAmount,
        uint256 timestamp
    );

    event ApprovedAssetPoolUpgrade(address newAssetPool);
    event CancelledAssetPoolUpgrade(address cancelledAssetPool);
    event AssetPoolUpgraded(
        address indexed underwriter,
        uint256 collateralAmount,
        uint256 covAmount,
        uint256 timestamp
    );

    event WithdrawalDelayUpdateStarted(
        uint256 withdrawalDelay,
        uint256 timestamp
    );
    event WithdrawalDelayUpdated(uint256 withdrawalDelay);
    event WithdrawalTimeoutUpdateStarted(
        uint256 withdrawalTimeout,
        uint256 timestamp
    );
    event WithdrawalTimeoutUpdated(uint256 withdrawalTimeout);

    /// @notice Reverts if the withdrawal governance delay has not passed yet or
    ///         if the change was not yet initiated.
    /// @param changeInitiatedTimestamp The timestamp at which the change has
    ///        been initiated
    modifier onlyAfterWithdrawalGovernanceDelay(
        uint256 changeInitiatedTimestamp
    ) {
        require(changeInitiatedTimestamp > 0, "Change not initiated");
        require(
            /* solhint-disable-next-line not-rely-on-time */
            block.timestamp - changeInitiatedTimestamp >=
                withdrawalGovernanceDelay(),
            "Governance delay has not elapsed"
        );
        _;
    }

    constructor(
        ICollateralToken _collateralToken,
        UnderwriterToken _underwriterToken,
        address rewardsManager
    ) {
        collateralToken = _collateralToken;
        underwriterToken = _underwriterToken;

        rewardsPool = new RewardsPool(
            _collateralToken,
            address(this),
            rewardsManager
        );

        initGovernance(_collateralToken);
    }

    /// @dev Overwrite to empty if collateral token used by the AssetPool
    ///      does not support DAO checkpoints. Used for tests with KEEP token.
    function initGovernance(ICollateralToken _collateralToken)
        internal
        virtual
    {
        _collateralToken.delegate(address(this));
    }

    /// @notice Accepts the given amount of collateral token as a deposit and
    ///         mints underwriter tokens representing pool's ownership. The
    ///         amount locked in the pool after accepting this deposit must
    ///         be smaller or equal to 2^96-1; otherwise, the function reverts.
    ///         Optional data in extraData may include a minimal amount of
    ///         underwriter tokens expected to be minted for a depositor. There
    ///         are cases when an amount of minted tokens matters for a
    ///         depositor, as tokens might be used in third party exchanges.
    /// @dev This function is a shortcut for approve + deposit.
    function receiveApproval(
        address from,
        uint256 amount,
        address token,
        bytes calldata extraData
    ) external {
        require(
            amount + totalValue() <= type(uint96).max,
            "Pool capacity exceeded"
        );
        require(msg.sender == token, "Only token caller allowed");
        require(
            token == address(collateralToken),
            "Unsupported collateral token"
        );

        uint256 toMint = _calculateTokensToMint(amount);
        if (extraData.length != 0) {
            require(extraData.length == 32, "Unexpected data length");
            uint256 minAmountToMint = abi.decode(extraData, (uint256));
            require(
                minAmountToMint <= toMint,
                "Amount to mint is smaller than the required minimum"
            );
        }

        _deposit(from, amount, toMint);
    }

    /// @notice Accepts the given amount of collateral token as a deposit and
    ///         mints underwriter tokens representing pool's ownership. The
    ///         amount locked in the pool after accepting this deposit must
    ///         be smaller or equal to 2^96-1; otherwise, the function reverts.
    /// @dev Before calling this function, collateral token needs to have the
    ///      required amount accepted to transfer to the asset pool.
    /// @param amountToDeposit Collateral tokens amount that a user deposits to
    ///                        the asset pool; must be smaller or equal to
    ///                        2^96-1
    /// @return The amount of minted underwriter tokens
    function deposit(uint256 amountToDeposit)
        external
        override
        returns (uint256)
    {
        require(
            amountToDeposit + totalValue() <= type(uint96).max,
            "Pool capacity exceeded"
        );
        uint256 toMint = _calculateTokensToMint(amountToDeposit);
        _deposit(msg.sender, amountToDeposit, toMint);
        return toMint;
    }

    /// @notice Accepts the given amount of collateral token as a deposit and
    ///         mints at least a minAmountToMint underwriter tokens representing
    ///         pool's ownership. The amount locked in the pool after accepting
    ///         this deposit must be smaller or equal to 2^96-1; otherwise, the
    ///         function reverts.
    /// @dev Before calling this function, collateral token needs to have the
    ///      required amount accepted to transfer to the asset pool.
    /// @param amountToDeposit Collateral tokens amount that a user deposits to
    ///                        the asset pool; must be smaller or equal
    ///                        to 2^96-1
    /// @param minAmountToMint Underwriter minimal tokens amount that a user
    ///                        expects to receive in exchange for the deposited
    ///                        collateral tokens
    /// @return The amount of minted underwriter tokens
    function depositWithMin(uint256 amountToDeposit, uint256 minAmountToMint)
        external
        override
        returns (uint256)
    {
        require(
            amountToDeposit + totalValue() <= type(uint96).max,
            "Pool capacity exceeded"
        );
        uint256 toMint = _calculateTokensToMint(amountToDeposit);

        require(
            minAmountToMint <= toMint,
            "Amount to mint is smaller than the required minimum"
        );

        _deposit(msg.sender, amountToDeposit, toMint);
        return toMint;
    }

    /// @notice Initiates the withdrawal of collateral and rewards from the
    ///         pool. Must be followed with completeWithdrawal call after the
    ///         withdrawal delay passes. Accepts the amount of underwriter
    ///         tokens representing the share of the pool that should be
    ///         withdrawn. Can be called multiple times increasing the pool share
    ///         to withdraw and resetting the withdrawal initiated timestamp for
    ///         each call. Can be called with 0 covAmount to reset the
    ///         withdrawal initiated timestamp if the underwriter has a pending
    ///         withdrawal. In practice 0 covAmount should be used only to
    ///         initiate the withdrawal again in case one did not complete the
    ///         withdrawal before the withdrawal timeout elapsed.
    /// @dev Before calling this function, underwriter token needs to have the
    ///      required amount accepted to transfer to the asset pool.
    function initiateWithdrawal(uint256 covAmount) external override {
        uint256 pending = pendingWithdrawal[msg.sender];
        require(
            covAmount > 0 || pending > 0,
            "Underwriter token amount must be greater than 0"
        );

        pending += covAmount;
        pendingWithdrawal[msg.sender] = pending;
        /* solhint-disable not-rely-on-time */
        withdrawalInitiatedTimestamp[msg.sender] = block.timestamp;

        emit WithdrawalInitiated(msg.sender, pending, block.timestamp);
        /* solhint-enable not-rely-on-time */

        if (covAmount > 0) {
            underwriterToken.safeTransferFrom(
                msg.sender,
                address(this),
                covAmount
            );
        }
    }

    /// @notice Completes the previously initiated withdrawal for the
    ///         underwriter. Anyone can complete the withdrawal for the
    ///         underwriter. The withdrawal has to be completed before the
    ///         withdrawal timeout elapses. Otherwise, the withdrawal has to
    ///         be initiated again and the underwriter has to wait for the
    ///         entire withdrawal delay again before being able to complete
    ///         the withdrawal.
    /// @return The amount of collateral withdrawn
    function completeWithdrawal(address underwriter)
        external
        override
        returns (uint256)
    {
        /* solhint-disable not-rely-on-time */
        uint256 initiatedAt = withdrawalInitiatedTimestamp[underwriter];
        require(initiatedAt > 0, "No withdrawal initiated for the underwriter");

        uint256 withdrawalDelayEndTimestamp = initiatedAt + withdrawalDelay;
        require(
            withdrawalDelayEndTimestamp < block.timestamp,
            "Withdrawal delay has not elapsed"
        );

        require(
            withdrawalDelayEndTimestamp + withdrawalTimeout >= block.timestamp,
            "Withdrawal timeout elapsed"
        );

        uint256 covAmount = pendingWithdrawal[underwriter];
        uint256 covSupply = underwriterToken.totalSupply();
        delete withdrawalInitiatedTimestamp[underwriter];
        delete pendingWithdrawal[underwriter];

        // slither-disable-next-line reentrancy-events
        rewardsPool.withdraw();

        uint256 collateralBalance = collateralToken.balanceOf(address(this));

        uint256 amountToWithdraw = (covAmount * collateralBalance) / covSupply;

        emit WithdrawalCompleted(
            underwriter,
            amountToWithdraw,
            covAmount,
            block.timestamp
        );
        collateralToken.safeTransfer(underwriter, amountToWithdraw);

        /* solhint-enable not-rely-on-time */
        underwriterToken.burn(covAmount);

        return amountToWithdraw;
    }

    /// @notice Transfers collateral tokens to a new Asset Pool which previously
    ///         was approved by the governance. Upgrade does not have to obey
    ///         withdrawal delay.
    ///         Old underwriter tokens are burned in favor of new tokens minted
    ///         in a new Asset Pool. New tokens are sent directly to the
    ///         underwriter from a new Asset Pool.
    /// @param covAmount Amount of underwriter tokens used to calculate collateral
    ///                  tokens which are transferred to a new asset pool
    /// @param _newAssetPool New Asset Pool address to check validity with the one
    ///                      that was approved by the governance
    function upgradeToNewAssetPool(uint256 covAmount, address _newAssetPool)
        external
    {
        /* solhint-disable not-rely-on-time */
        require(
            address(newAssetPool) != address(0),
            "New asset pool must be assigned"
        );

        require(
            address(newAssetPool) == _newAssetPool,
            "Addresses of a new asset pool must match"
        );

        require(
            covAmount > 0,
            "Underwriter token amount must be greater than 0"
        );

        uint256 covSupply = underwriterToken.totalSupply();

        // slither-disable-next-line reentrancy-events
        rewardsPool.withdraw();

        uint256 collateralBalance = collateralToken.balanceOf(address(this));

        uint256 collateralToTransfer = (covAmount * collateralBalance) /
            covSupply;

        collateralToken.safeApprove(
            address(newAssetPool),
            collateralToTransfer
        );
        // old underwriter tokens are burned in favor of new minted in a new
        // asset pool
        underwriterToken.burnFrom(msg.sender, covAmount);
        // collateralToTransfer will be sent to a new AssetPool and new
        // underwriter tokens will be minted and transferred back to the underwriter
        newAssetPool.depositFor(msg.sender, collateralToTransfer);

        emit AssetPoolUpgraded(
            msg.sender,
            collateralToTransfer,
            covAmount,
            block.timestamp
        );
    }

    /// @notice Allows governance to set a new asset pool so the underwriters
    ///         can move their collateral tokens to a new asset pool without
    ///         having to wait for the withdrawal delay.
    function approveNewAssetPoolUpgrade(IAssetPoolUpgrade _newAssetPool)
        external
        onlyOwner
    {
        require(
            address(_newAssetPool) != address(0),
            "New asset pool can't be zero address"
        );

        newAssetPool = _newAssetPool;

        emit ApprovedAssetPoolUpgrade(address(_newAssetPool));
    }

    /// @notice Allows governance to cancel already approved new asset pool
    ///         in case of some misconfiguration.
    function cancelNewAssetPoolUpgrade() external onlyOwner {
        emit CancelledAssetPoolUpgrade(address(newAssetPool));

        newAssetPool = IAssetPoolUpgrade(address(0));
    }

    /// @notice Allows the coverage pool to demand coverage from the asset hold
    ///         by this pool and send it to the provided recipient address.
    function claim(address recipient, uint256 amount) external onlyOwner {
        emit CoverageClaimed(recipient, amount, block.timestamp);
        rewardsPool.withdraw();
        require(
            amount <= collateralToken.balanceOf(address(this)),
            "Amount to seize exceeds the pool balance"
        );
        collateralToken.safeTransfer(recipient, amount);
    }

    /// @notice Lets the contract owner to begin an update of withdrawal delay
    ///         parameter value. Withdrawal delay is the time it takes the
    ///         underwriter to withdraw their collateral and rewards from the
    ///         pool. This is the time that needs to pass between initiating and
    ///         completing the withdrawal. The change needs to be finalized with
    ///         a call to finalizeWithdrawalDelayUpdate after the required
    ///         governance delay passes. It is up to the contract owner to
    ///         decide what the withdrawal delay value should be but it should
    ///         be long enough so that the possibility of having free-riding
    ///         underwriters escaping from a potential coverage claim by
    ///         withdrawing their positions from the pool is negligible.
    /// @param _newWithdrawalDelay The new value of withdrawal delay
    function beginWithdrawalDelayUpdate(uint256 _newWithdrawalDelay)
        external
        onlyOwner
    {
        newWithdrawalDelay = _newWithdrawalDelay;
        withdrawalDelayChangeInitiated = block.timestamp;
        emit WithdrawalDelayUpdateStarted(_newWithdrawalDelay, block.timestamp);
    }

    /// @notice Lets the contract owner to finalize an update of withdrawal
    ///         delay parameter value. This call has to be preceded with
    ///         a call to beginWithdrawalDelayUpdate and the governance delay
    ///         has to pass.
    function finalizeWithdrawalDelayUpdate()
        external
        onlyOwner
        onlyAfterWithdrawalGovernanceDelay(withdrawalDelayChangeInitiated)
    {
        withdrawalDelay = newWithdrawalDelay;
        emit WithdrawalDelayUpdated(withdrawalDelay);
        newWithdrawalDelay = 0;
        withdrawalDelayChangeInitiated = 0;
    }

    /// @notice Lets the contract owner to begin an update of withdrawal timeout
    ///         parameter value. The withdrawal timeout is the time the
    ///         underwriter has - after the withdrawal delay passed - to
    ///         complete the withdrawal. The change needs to be finalized with
    ///         a call to finalizeWithdrawalTimeoutUpdate after the required
    ///         governance delay passes. It is up to the contract owner to
    ///         decide what the withdrawal timeout value should be but it should
    ///         be short enough so that the time of free-riding by being able to
    ///         immediately escape from the claim is minimal and long enough so
    ///         that honest underwriters have a possibility to finalize the
    ///         withdrawal. It is all about the right proportions with
    ///         a relation to withdrawal delay value.
    /// @param  _newWithdrawalTimeout The new value of the withdrawal timeout
    function beginWithdrawalTimeoutUpdate(uint256 _newWithdrawalTimeout)
        external
        onlyOwner
    {
        newWithdrawalTimeout = _newWithdrawalTimeout;
        withdrawalTimeoutChangeInitiated = block.timestamp;
        emit WithdrawalTimeoutUpdateStarted(
            _newWithdrawalTimeout,
            block.timestamp
        );
    }

    /// @notice Lets the contract owner to finalize an update of withdrawal
    ///         timeout parameter value. This call has to be preceded with
    ///         a call to beginWithdrawalTimeoutUpdate and the governance delay
    ///         has to pass.
    function finalizeWithdrawalTimeoutUpdate()
        external
        onlyOwner
        onlyAfterWithdrawalGovernanceDelay(withdrawalTimeoutChangeInitiated)
    {
        withdrawalTimeout = newWithdrawalTimeout;
        emit WithdrawalTimeoutUpdated(withdrawalTimeout);
        newWithdrawalTimeout = 0;
        withdrawalTimeoutChangeInitiated = 0;
    }

    /// @notice Grants pool shares by minting a given amount of the underwriter
    ///         tokens for the recipient address. In result, the recipient
    ///         obtains part of the pool ownership without depositing any
    ///         collateral tokens. Shares are usually granted for notifiers
    ///         reporting about various contract state changes.
    /// @dev Can be called only by the contract owner.
    /// @param recipient Address of the underwriter tokens recipient
    /// @param covAmount Amount of the underwriter tokens which should be minted
    function grantShares(address recipient, uint256 covAmount)
        external
        onlyOwner
    {
        rewardsPool.withdraw();
        underwriterToken.mint(recipient, covAmount);
    }

    /// @notice Returns the remaining time that has to pass before the contract
    ///         owner will be able to finalize withdrawal delay update.
    ///         Bear in mind the contract owner may decide to wait longer and
    ///         this value is just an absolute minimum.
    /// @return The time left until withdrawal delay update can be finalized
    function getRemainingWithdrawalDelayUpdateTime()
        external
        view
        returns (uint256)
    {
        return
            GovernanceUtils.getRemainingChangeTime(
                withdrawalDelayChangeInitiated,
                withdrawalGovernanceDelay()
            );
    }

    /// @notice Returns the remaining time that has to pass before the contract
    ///         owner will be able to finalize withdrawal timeout update.
    ///         Bear in mind the contract owner may decide to wait longer and
    ///         this value is just an absolute minimum.
    /// @return The time left until withdrawal timeout update can be finalized
    function getRemainingWithdrawalTimeoutUpdateTime()
        external
        view
        returns (uint256)
    {
        return
            GovernanceUtils.getRemainingChangeTime(
                withdrawalTimeoutChangeInitiated,
                withdrawalGovernanceDelay()
            );
    }

    /// @notice Returns the current collateral token balance of the asset pool
    ///         plus the reward amount (in collateral token) earned by the asset
    ///         pool and not yet withdrawn to the asset pool.
    /// @return The total value of asset pool in collateral token.
    function totalValue() public view returns (uint256) {
        return collateralToken.balanceOf(address(this)) + rewardsPool.earned();
    }

    /// @notice The time it takes to initiate and complete the withdrawal from
    ///         the pool plus 2 days to make a decision. This governance delay
    ///         should be used for all changes directly affecting underwriter
    ///         positions. This time is a minimum and the governance may choose
    ///         to wait longer before finalizing the update.
    /// @return The withdrawal governance delay in seconds
    function withdrawalGovernanceDelay() public view returns (uint256) {
        return withdrawalDelay + withdrawalTimeout + 2 days;
    }

    /// @dev Calculates underwriter tokens to mint.
    function _calculateTokensToMint(uint256 amountToDeposit)
        internal
        returns (uint256)
    {
        rewardsPool.withdraw();

        uint256 covSupply = underwriterToken.totalSupply();
        uint256 collateralBalance = collateralToken.balanceOf(address(this));

        if (covSupply == 0) {
            return amountToDeposit;
        }

        return (amountToDeposit * covSupply) / collateralBalance;
    }

    function _deposit(
        address depositor,
        uint256 amountToDeposit,
        uint256 amountToMint
    ) internal {
        require(depositor != address(this), "Self-deposit not allowed");

        require(
            amountToMint > 0,
            "Minted tokens amount must be greater than 0"
        );

        emit Deposited(depositor, amountToDeposit, amountToMint);

        underwriterToken.mint(depositor, amountToMint);
        collateralToken.safeTransferFrom(
            depositor,
            address(this),
            amountToDeposit
        );
    }
}

File 20 of 26 : CoveragePoolConstants.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

library CoveragePoolConstants {
    // This divisor is for precision purposes only. We use this divisor around
    // auction related code to get the precise values without rounding it down
    // when dealing with floating numbers.
    uint256 public constant FLOATING_POINT_DIVISOR = 1e18;
}

File 21 of 26 : GovernanceUtils.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

library GovernanceUtils {
    /// @notice Gets the time remaining until the governable parameter update
    ///         can be committed.
    /// @param changeTimestamp Timestamp indicating the beginning of the change.
    /// @param delay Governance delay.
    /// @return Remaining time in seconds.
    function getRemainingChangeTime(uint256 changeTimestamp, uint256 delay)
        internal
        view
        returns (uint256)
    {
        require(changeTimestamp > 0, "Change not initiated");
        /* solhint-disable-next-line not-rely-on-time */
        uint256 elapsed = block.timestamp - changeTimestamp;
        if (elapsed >= delay) {
            return 0;
        } else {
            return delay - elapsed;
        }
    }
}

File 22 of 26 : IAssetPool.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

/// @title Asset Pool interface
/// @notice Asset Pool accepts a single ERC20 token as collateral, and returns
///         an underwriter token. For example, an asset pool might accept deposits
///         in KEEP in return for covKEEP underwriter tokens. Underwriter tokens
///         represent an ownership share in the underlying collateral of the
///         Asset Pool.
interface IAssetPool {
    /// @notice Accepts the given amount of collateral token as a deposit and
    ///         mints underwriter tokens representing pool's ownership.
    /// @dev Before calling this function, collateral token needs to have the
    ///      required amount accepted to transfer to the asset pool.
    /// @return The amount of minted underwriter tokens
    function deposit(uint256 amount) external returns (uint256);

    /// @notice Accepts the given amount of collateral token as a deposit and
    ///         mints at least a minAmountToMint underwriter tokens representing
    ///         pool's ownership.
    /// @dev Before calling this function, collateral token needs to have the
    ///      required amount accepted to transfer to the asset pool.
    /// @return The amount of minted underwriter tokens
    function depositWithMin(uint256 amountToDeposit, uint256 minAmountToMint)
        external
        returns (uint256);

    /// @notice Initiates the withdrawal of collateral and rewards from the pool.
    /// @dev Before calling this function, underwriter token needs to have the
    ///      required amount accepted to transfer to the asset pool.
    function initiateWithdrawal(uint256 covAmount) external;

    /// @notice Completes the previously initiated withdrawal for the
    ///         underwriter.
    /// @return The amount of collateral withdrawn
    function completeWithdrawal(address underwriter) external returns (uint256);
}

File 23 of 26 : IAssetPoolUpgrade.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

/// @title Asset Pool upgrade interface
/// @notice Interface that has to be implemented by an Asset Pool accepting
///         upgrades from another asset pool.
interface IAssetPoolUpgrade {
    /// @notice Accepts the given underwriter with collateral tokens amount as a
    ///         deposit. In exchange new underwriter tokens will be calculated,
    ///         minted and then transferred back to the underwriter.
    function depositFor(address underwriter, uint256 amount) external;
}

File 24 of 26 : ICollateralToken.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";

/// @title Collateral Token interface
/// @notice ERC-20 token which is accepted by the pool as collateral and used
///         as a deposit token by underwriters. Collateral token positions of
///         underwriters can be affected when the Risk Manager claims coverage.
///         Collateral token needs to support DAO checkpoints and let to
///         retrieve past number of votes for the given address so that
///         Coverage Pool underwriters can participate in token holder DAO.
/// @dev See @threshold-network/solidity-contracts/contracts/governance/Checkpoints.sol
interface ICollateralToken is IERC20 {
    /// @notice Delegate DAO votes from `msg.sender` to `delegatee`.
    /// @param delegatee The address to delegate votes to
    function delegate(address delegatee) external;

    /// @notice Determine the prior number of DAO votes for an account as of
    ///         a block number.
    /// @param account The address of the account to check
    /// @param blockNumber The block number to get the vote balance at
    /// @return The number of votes the account had as of the given block
    function getPastVotes(address account, uint256 blockNumber)
        external
        view
        returns (uint96);
}

File 25 of 26 : RewardsPool.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

/// @title Rewards Pool
/// @notice RewardsPool accepts a single reward token and releases it to the
///         AssetPool over time in one week reward intervals. The owner of this
///         contract is the reward distribution address funding it with reward
///         tokens.
contract RewardsPool is Ownable {
    using SafeERC20 for IERC20;

    uint256 public constant DURATION = 7 days;

    IERC20 public immutable rewardToken;
    address public immutable assetPool;

    // timestamp of the current reward interval end or the timestamp of the
    // last interval end in case a new reward interval has not been allocated
    uint256 public intervalFinish = 0;
    // rate per second with which reward tokens are unlocked
    uint256 public rewardRate = 0;
    // amount of rewards accumulated and not yet withdrawn from the previous
    // reward interval(s)
    uint256 public rewardAccumulated = 0;
    // the last time information in this contract was updated
    uint256 public lastUpdateTime = 0;

    event RewardToppedUp(uint256 amount);
    event RewardWithdrawn(uint256 amount);

    constructor(
        IERC20 _rewardToken,
        address _assetPool,
        address owner
    ) {
        rewardToken = _rewardToken;
        // slither-disable-next-line missing-zero-check
        assetPool = _assetPool;
        transferOwnership(owner);
    }

    /// @notice Transfers the provided reward amount into RewardsPool and
    ///         creates a new, one-week reward interval starting from now.
    ///         Reward tokens from the previous reward interval that unlocked
    ///         over the time will be available for withdrawal immediately.
    ///         Reward tokens from the previous interval that has not been yet
    ///         unlocked, are added to the new interval being created.
    /// @dev This function can be called only by the owner given that it creates
    ///      a new interval with one week length, starting from now.
    function topUpReward(uint256 reward) external onlyOwner {
        rewardAccumulated = earned();

        /* solhint-disable not-rely-on-time */
        if (block.timestamp >= intervalFinish) {
            // see https://github.com/crytic/slither/issues/844
            // slither-disable-next-line divide-before-multiply
            rewardRate = reward / DURATION;
        } else {
            uint256 remaining = intervalFinish - block.timestamp;
            uint256 leftover = remaining * rewardRate;
            rewardRate = (reward + leftover) / DURATION;
        }
        intervalFinish = block.timestamp + DURATION;
        lastUpdateTime = block.timestamp;
        /* solhint-enable avoid-low-level-calls */

        emit RewardToppedUp(reward);
        rewardToken.safeTransferFrom(msg.sender, address(this), reward);
    }

    /// @notice Withdraws all unlocked reward tokens to the AssetPool.
    function withdraw() external {
        uint256 amount = earned();
        rewardAccumulated = 0;
        lastUpdateTime = lastTimeRewardApplicable();
        emit RewardWithdrawn(amount);
        rewardToken.safeTransfer(assetPool, amount);
    }

    /// @notice Returns the amount of earned and not yet withdrawn reward
    /// tokens.
    function earned() public view returns (uint256) {
        return
            rewardAccumulated +
            ((lastTimeRewardApplicable() - lastUpdateTime) * rewardRate);
    }

    /// @notice Returns the timestamp at which a reward was last time applicable.
    ///         When reward interval is pending, returns current block's
    ///         timestamp. If the last reward interval ended and no other reward
    ///         interval had been allocated, returns the last reward interval's
    ///         end timestamp.
    function lastTimeRewardApplicable() public view returns (uint256) {
        return Math.min(block.timestamp, intervalFinish);
    }
}

File 26 of 26 : UnderwriterToken.sol
// β–“β–“β–Œ β–“β–“ ▐▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–„
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–Œβ–β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//   β–“β–“β–“β–“β–“β–“    β–“β–“β–“β–“β–“β–“β–“β–€    ▐▓▓▓▓▓▓    ▐▓▓▓▓▓   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–„β–„β–“β–“β–“β–“β–“β–“β–“β–€      ▐▓▓▓▓▓▓▄▄▄▄         β–“β–“β–“β–“β–“β–“β–„β–„β–„β–„         β–β–“β–“β–“β–“β–“β–Œ   ▐▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–€        ▐▓▓▓▓▓▓▓▓▓▓         β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
//   β–“β–“β–“β–“β–“β–“β–€β–€β–“β–“β–“β–“β–“β–“β–„       ▐▓▓▓▓▓▓▀▀▀▀         β–“β–“β–“β–“β–“β–“β–€β–€β–€β–€         ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
//   β–“β–“β–“β–“β–“β–“   β–€β–“β–“β–“β–“β–“β–“β–„     ▐▓▓▓▓▓▓     β–“β–“β–“β–“β–“   β–“β–“β–“β–“β–“β–“     β–“β–“β–“β–“β–“   β–β–“β–“β–“β–“β–“β–Œ
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–ˆβ–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
// β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“  β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“
//
//                           Trust math, not hardware.

// SPDX-License-Identifier: MIT

pragma solidity 0.8.9;

import "@openzeppelin/contracts/utils/math/SafeCast.sol";
import "@thesis/solidity-contracts/contracts/token/ERC20WithPermit.sol";
import "@threshold-network/solidity-contracts/contracts/governance/Checkpoints.sol";

/// @title  UnderwriterToken
/// @notice Underwriter tokens represent an ownership share in the underlying
///         collateral of the asset-specific pool. Underwriter tokens are minted
///         when a user deposits ERC20 tokens into asset-specific pool and they
///         are burned when a user exits the position. Underwriter tokens
///         natively support meta transactions. Users can authorize a transfer
///         of their underwriter tokens with a signature conforming EIP712
///         standard instead of an on-chain transaction from their address.
///         Anyone can submit this signature on the user's behalf by calling the
///         permit function, as specified in EIP2612 standard, paying gas fees,
///         and possibly performing other actions in the same transaction.
// slither-disable-next-line missing-inheritance
contract UnderwriterToken is ERC20WithPermit, Checkpoints {
    /// @notice The EIP-712 typehash for the delegation struct used by
    ///         `delegateBySig`.
    bytes32 public constant DELEGATION_TYPEHASH =
        keccak256(
            "Delegation(address delegatee,uint256 nonce,uint256 deadline)"
        );

    constructor(string memory _name, string memory _symbol)
        ERC20WithPermit(_name, _symbol)
    {}

    /// @notice Delegates votes from signatory to `delegatee`
    /// @param delegatee The address to delegate votes to
    /// @param deadline The time at which to expire the signature
    /// @param v The recovery byte of the signature
    /// @param r Half of the ECDSA signature pair
    /// @param s Half of the ECDSA signature pair
    function delegateBySig(
        address signatory,
        address delegatee,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external {
        /* solhint-disable-next-line not-rely-on-time */
        require(deadline >= block.timestamp, "Delegation expired");

        // Validate `s` and `v` values for a malleability concern described in EIP2.
        // Only signatures with `s` value in the lower half of the secp256k1
        // curve's order and `v` value of 27 or 28 are considered valid.
        require(
            uint256(s) <=
                0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,
            "Invalid signature 's' value"
        );
        require(v == 27 || v == 28, "Invalid signature 'v' value");

        bytes32 digest = keccak256(
            abi.encodePacked(
                "\x19\x01",
                DOMAIN_SEPARATOR(),
                keccak256(
                    abi.encode(
                        DELEGATION_TYPEHASH,
                        delegatee,
                        nonce[signatory]++,
                        deadline
                    )
                )
            )
        );

        address recoveredAddress = ecrecover(digest, v, r, s);
        require(
            recoveredAddress != address(0) && recoveredAddress == signatory,
            "Invalid signature"
        );

        return delegate(signatory, delegatee);
    }

    /// @notice Delegate votes from `msg.sender` to `delegatee`.
    /// @param delegatee The address to delegate votes to
    function delegate(address delegatee) public virtual {
        return delegate(msg.sender, delegatee);
    }

    /// @notice Moves voting power when tokens are minted, burned or transferred.
    /// @dev Overrides the empty function from the parent contract.
    /// @param from The address that loses tokens and voting power
    /// @param to The address that gains tokens and voting power
    /// @param amount The amount of tokens and voting power that is transferred
    // slither-disable-next-line dead-code
    function beforeTokenTransfer(
        address from,
        address to,
        uint256 amount
    ) internal override {
        // When minting:
        if (from == address(0)) {
            // Does not allow to mint more than uint96 can fit. Otherwise, the
            // Checkpoint might not fit the balance.
            require(
                totalSupply + amount <= maxSupply(),
                "Maximum total supply exceeded"
            );
            writeCheckpoint(_totalSupplyCheckpoints, add, amount);
        }

        // When burning:
        if (to == address(0)) {
            writeCheckpoint(_totalSupplyCheckpoints, subtract, amount);
        }

        moveVotingPower(delegates(from), delegates(to), amount);
    }

    /// @notice Delegate votes from `delegator` to `delegatee`.
    /// @param delegator The address to delegate votes from
    /// @param delegatee The address to delegate votes to
    function delegate(address delegator, address delegatee) internal override {
        address currentDelegate = delegates(delegator);
        uint96 delegatorBalance = SafeCast.toUint96(balanceOf[delegator]);
        _delegates[delegator] = delegatee;

        emit DelegateChanged(delegator, currentDelegate, delegatee);

        moveVotingPower(currentDelegate, delegatee, delegatorBalance);
    }
}

Settings
{
  "optimizer": {
    "enabled": false,
    "runs": 200
  },
  "outputSelection": {
    "*": {
      "*": [
        "evm.bytecode",
        "evm.deployedBytecode",
        "devdoc",
        "userdoc",
        "metadata",
        "abi"
      ]
    }
  },
  "metadata": {
    "useLiteralContent": true
  },
  "libraries": {}
}

Contract Security Audit

Contract ABI

[{"inputs":[{"internalType":"contract AssetPool","name":"_assetPool","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"riskManager","type":"address"},{"indexed":false,"internalType":"uint256","name":"timestamp","type":"uint256"}],"name":"RiskManagerApprovalCompleted","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"riskManager","type":"address"},{"indexed":false,"internalType":"uint256","name":"timestamp","type":"uint256"}],"name":"RiskManagerApprovalStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"riskManager","type":"address"},{"indexed":false,"internalType":"uint256","name":"timestamp","type":"uint256"}],"name":"RiskManagerUnapproved","type":"event"},{"inputs":[{"internalType":"uint256","name":"portionToSeize","type":"uint256"}],"name":"amountToSeize","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"riskManager","type":"address"}],"name":"approveFirstRiskManager","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"contract IAssetPoolUpgrade","name":"_newAssetPool","type":"address"}],"name":"approveNewAssetPoolUpgrade","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"approvedRiskManagers","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"assetPool","outputs":[{"internalType":"contract AssetPool","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"riskManager","type":"address"}],"name":"beginRiskManagerApproval","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"newWithdrawalDelay","type":"uint256"}],"name":"beginWithdrawalDelayUpdate","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"newWithdrawalTimeout","type":"uint256"}],"name":"beginWithdrawalTimeoutUpdate","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"collateralToken","outputs":[{"internalType":"contract ICollateralToken","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"riskManager","type":"address"}],"name":"finalizeRiskManagerApproval","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"finalizeWithdrawalDelayUpdate","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"finalizeWithdrawalTimeoutUpdate","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"firstRiskManagerApproved","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"account","type":"address"},{"internalType":"uint256","name":"blockNumber","type":"uint256"}],"name":"getPastVotes","outputs":[{"internalType":"uint96","name":"","type":"uint96"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"riskManager","type":"address"}],"name":"getRemainingRiskManagerApprovalTime","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"covAmount","type":"uint256"}],"name":"grantAssetPoolShares","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"renounceOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"riskManagerApprovalTimestamps","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"amountToSeize","type":"uint256"}],"name":"seizeAmount","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"portionToSeize","type":"uint256"}],"name":"seizePortion","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"riskManager","type":"address"}],"name":"unapproveRiskManager","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"underwriterToken","outputs":[{"internalType":"contract UnderwriterToken","name":"","type":"address"}],"stateMutability":"view","type":"function"}]

60e060405260008060146101000a81548160ff0219169083151502179055503480156200002b57600080fd5b5060405162002a4238038062002a42833981810160405281019062000051919062000360565b62000071620000656200021660201b60201c565b6200021e60201b60201c565b8073ffffffffffffffffffffffffffffffffffffffff1660808173ffffffffffffffffffffffffffffffffffffffff16815250508073ffffffffffffffffffffffffffffffffffffffff1663b2016bd46040518163ffffffff1660e01b815260040160206040518083038186803b158015620000ec57600080fd5b505afa15801562000101573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190620001279190620003d7565b73ffffffffffffffffffffffffffffffffffffffff1660a08173ffffffffffffffffffffffffffffffffffffffff16815250508073ffffffffffffffffffffffffffffffffffffffff1663cc5398046040518163ffffffff1660e01b815260040160206040518083038186803b158015620001a157600080fd5b505afa158015620001b6573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190620001dc91906200044e565b73ffffffffffffffffffffffffffffffffffffffff1660c08173ffffffffffffffffffffffffffffffffffffffff16815250505062000480565b600033905090565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff169050816000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508173ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a35050565b600080fd5b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b60006200031482620002e7565b9050919050565b6000620003288262000307565b9050919050565b6200033a816200031b565b81146200034657600080fd5b50565b6000815190506200035a816200032f565b92915050565b600060208284031215620003795762000378620002e2565b5b6000620003898482850162000349565b91505092915050565b60006200039f8262000307565b9050919050565b620003b18162000392565b8114620003bd57600080fd5b50565b600081519050620003d181620003a6565b92915050565b600060208284031215620003f057620003ef620002e2565b5b60006200040084828501620003c0565b91505092915050565b6000620004168262000307565b9050919050565b620004288162000409565b81146200043457600080fd5b50565b60008151905062000448816200041d565b92915050565b600060208284031215620004675762000466620002e2565b5b6000620004778482850162000437565b91505092915050565b60805160a05160c05161252262000520600039600081816108e40152818161099301526115b2015260008181610a6201528181610c7701526112ca015260008181610452015281816104dc01528181610566015281816106800152818161071101528181610a9e01528181610bc101528181610cb301528181610d6301528181610ee80152818161100b0152818161123c01526113bd01526125226000f3fe608060405234801561001057600080fd5b50600436106101585760003560e01c806376b6a1af116100c3578063c753e5801161007c578063c753e58014610363578063cc5398041461037f578063ccfbf30a1461039d578063e1e92fcf146103cd578063efec39a0146103fd578063f2fde38b1461041957610158565b806376b6a1af146102b757806384e1c564146102d35780638da5cb5b146102ef5780639ac9e7e51461030d578063b2016bd414610329578063bdceb0e21461034757610158565b806333f29dd01161011557806333f29dd0146101e55780633a46b1a814610201578063465b43e6146102315780635d6f5ddb1461026157806369da62f414610291578063715018a6146102ad57610158565b80630647cada1461015d578063092b7eb51461017b57806315245857146101855780632828fdb11461018f5780632b9d0579146101ab5780632ec939f9146101c7575b600080fd5b610165610435565b604051610172919061193d565b60405180910390f35b610183610448565b005b61018d6104d2565b005b6101a960048036038101906101a49190611993565b61055c565b005b6101c560048036038101906101c09190611a1e565b6105f2565b005b6101cf61070f565b6040516101dc9190611abd565b60405180910390f35b6101ff60048036038101906101fa9190611ad8565b610733565b005b61021b60048036038101906102169190611a1e565b6108df565b6040516102289190611b2c565b60405180910390f35b61024b60048036038101906102469190611ad8565b610b7a565b6040516102589190611b56565b60405180910390f35b61027b60048036038101906102769190611993565b610c69565b6040516102889190611b56565b60405180910390f35b6102ab60048036038101906102a69190611baf565b610d59565b005b6102b5610def565b005b6102d160048036038101906102cc9190611a1e565b610e03565b005b6102ed60048036038101906102e89190611ad8565b610f7f565b005b6102f7611209565b6040516103049190611beb565b60405180910390f35b61032760048036038101906103229190611993565b611232565b005b6103316112c8565b60405161033e9190611c27565b60405180910390f35b610361600480360381019061035c9190611a1e565b6112ec565b005b61037d60048036038101906103789190611ad8565b61144c565b005b6103876115b0565b6040516103949190611c63565b60405180910390f35b6103b760048036038101906103b29190611ad8565b6115d4565b6040516103c4919061193d565b60405180910390f35b6103e760048036038101906103e29190611ad8565b6115f4565b6040516103f49190611b56565b60405180910390f35b61041760048036038101906104129190611ad8565b61160c565b005b610433600480360381019061042e9190611ad8565b6116d9565b005b600060149054906101000a900460ff1681565b61045061175d565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663092b7eb56040518163ffffffff1660e01b8152600401600060405180830381600087803b1580156104b857600080fd5b505af11580156104cc573d6000803e3d6000fd5b50505050565b6104da61175d565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663152458576040518163ffffffff1660e01b8152600401600060405180830381600087803b15801561054257600080fd5b505af1158015610556573d6000803e3d6000fd5b50505050565b61056461175d565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16632828fdb1826040518263ffffffff1660e01b81526004016105bd9190611b56565b600060405180830381600087803b1580156105d757600080fd5b505af11580156105eb573d6000803e3d6000fd5b5050505050565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff1661067e576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161067590611cdb565b60405180910390fd5b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663ff603d2283836040518363ffffffff1660e01b81526004016106d9929190611cfb565b600060405180830381600087803b1580156106f357600080fd5b505af1158015610707573d6000803e3d6000fd5b505050505050565b7f000000000000000000000000000000000000000000000000000000000000000081565b61073b61175d565b6000600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205411806107d25750600160008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff165b610811576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161080890611d96565b60405180910390fd5b600260008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009055600160008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81549060ff02191690557f9bf9ec07f4d3e134e1a799a215cf4c47dbf1c427fe348f3c0d3994ef1c2e295781426040516108d4929190611cfb565b60405180910390a150565b6000807f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16633a46b1a885856040518363ffffffff1660e01b815260040161093d929190611cfb565b60206040518083038186803b15801561095557600080fd5b505afa158015610969573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061098d9190611de2565b905060007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16638e539e8c856040518263ffffffff1660e01b81526004016109ea9190611b56565b60206040518083038186803b158015610a0257600080fd5b505afa158015610a16573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a3a9190611de2565b90506000816bffffffffffffffffffffffff161415610a5e57600092505050610b74565b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16633a46b1a87f0000000000000000000000000000000000000000000000000000000000000000876040518363ffffffff1660e01b8152600401610adb929190611cfb565b60206040518083038186803b158015610af357600080fd5b505afa158015610b07573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610b2b9190611de2565b9050816bffffffffffffffffffffffff16816bffffffffffffffffffffffff16846bffffffffffffffffffffffff16610b649190611e3e565b610b6e9190611ec7565b93505050505b92915050565b6000610c62600260008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020547f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16632d2545e76040518163ffffffff1660e01b815260040160206040518083038186803b158015610c2557600080fd5b505afa158015610c39573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610c5d9190611f0d565b6117db565b9050919050565b6000670de0b6b3a7640000827f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff166370a082317f00000000000000000000000000000000000000000000000000000000000000006040518263ffffffff1660e01b8152600401610cee9190611beb565b60206040518083038186803b158015610d0657600080fd5b505afa158015610d1a573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610d3e9190611f0d565b610d489190611e3e565b610d529190611ec7565b9050919050565b610d6161175d565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff166369da62f4826040518263ffffffff1660e01b8152600401610dba9190611f5b565b600060405180830381600087803b158015610dd457600080fd5b505af1158015610de8573d6000803e3d6000fd5b5050505050565b610df761175d565b610e016000611856565b565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff16610e8f576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610e8690611cdb565b60405180910390fd5b600081118015610ea75750670de0b6b3a76400008111155b610ee6576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610edd90611fe8565b60405180910390fd5b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663aad3ec9683610f2c84610c69565b6040518363ffffffff1660e01b8152600401610f49929190611cfb565b600060405180830381600087803b158015610f6357600080fd5b505af1158015610f77573d6000803e3d6000fd5b505050505050565b610f8761175d565b6000600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205411611009576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016110009061207a565b60405180910390fd5b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16632d2545e76040518163ffffffff1660e01b815260040160206040518083038186803b15801561106f57600080fd5b505afa158015611083573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906110a79190611f0d565b600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054426110f2919061209a565b1015611133576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161112a90612140565b60405180910390fd5b60018060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81548160ff0219169083151502179055507f8499a35b7f2bbd8a5de334eed2665f0f7ea74bf1c4785bb3fb2c6a9b97fe1c5481426040516111bb929190611cfb565b60405180910390a1600260008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000905550565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b61123a61175d565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16639ac9e7e5826040518263ffffffff1660e01b81526004016112939190611b56565b600060405180830381600087803b1580156112ad57600080fd5b505af11580156112c1573d6000803e3d6000fd5b5050505050565b7f000000000000000000000000000000000000000000000000000000000000000081565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff16611378576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161136f90611cdb565b60405180910390fd5b600081116113bb576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016113b2906121ac565b60405180910390fd5b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663aad3ec9683836040518363ffffffff1660e01b8152600401611416929190611cfb565b600060405180830381600087803b15801561143057600080fd5b505af1158015611444573d6000803e3d6000fd5b505050505050565b61145461175d565b600060149054906101000a900460ff166114a3576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161149a90612264565b60405180910390fd5b600160008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff1615611530576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611527906122d0565b60405180910390fd5b42600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507f981f6bdfdbe336d34d32ee17135d9517e6a5ffb574159f7ceaf02b3e2ed255b281426040516115a5929190611cfb565b60405180910390a150565b7f000000000000000000000000000000000000000000000000000000000000000081565b60016020528060005260406000206000915054906101000a900460ff1681565b60026020528060005260406000206000915090505481565b61161461175d565b600060149054906101000a900460ff1615611664576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161165b90612362565b60405180910390fd5b60018060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81548160ff0219169083151502179055506001600060146101000a81548160ff02191690831515021790555050565b6116e161175d565b600073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415611751576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611748906123f4565b60405180910390fd5b61175a81611856565b50565b61176561191a565b73ffffffffffffffffffffffffffffffffffffffff16611783611209565b73ffffffffffffffffffffffffffffffffffffffff16146117d9576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016117d090612460565b60405180910390fd5b565b600080831161181f576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611816906124cc565b60405180910390fd5b6000834261182d919061209a565b9050828110611840576000915050611850565b808361184c919061209a565b9150505b92915050565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff169050816000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508173ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a35050565b600033905090565b60008115159050919050565b61193781611922565b82525050565b6000602082019050611952600083018461192e565b92915050565b600080fd5b6000819050919050565b6119708161195d565b811461197b57600080fd5b50565b60008135905061198d81611967565b92915050565b6000602082840312156119a9576119a8611958565b5b60006119b78482850161197e565b91505092915050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b60006119eb826119c0565b9050919050565b6119fb816119e0565b8114611a0657600080fd5b50565b600081359050611a18816119f2565b92915050565b60008060408385031215611a3557611a34611958565b5b6000611a4385828601611a09565b9250506020611a548582860161197e565b9150509250929050565b6000819050919050565b6000611a83611a7e611a79846119c0565b611a5e565b6119c0565b9050919050565b6000611a9582611a68565b9050919050565b6000611aa782611a8a565b9050919050565b611ab781611a9c565b82525050565b6000602082019050611ad26000830184611aae565b92915050565b600060208284031215611aee57611aed611958565b5b6000611afc84828501611a09565b91505092915050565b60006bffffffffffffffffffffffff82169050919050565b611b2681611b05565b82525050565b6000602082019050611b416000830184611b1d565b92915050565b611b508161195d565b82525050565b6000602082019050611b6b6000830184611b47565b92915050565b6000611b7c826119e0565b9050919050565b611b8c81611b71565b8114611b9757600080fd5b50565b600081359050611ba981611b83565b92915050565b600060208284031215611bc557611bc4611958565b5b6000611bd384828501611b9a565b91505092915050565b611be5816119e0565b82525050565b6000602082019050611c006000830184611bdc565b92915050565b6000611c1182611a8a565b9050919050565b611c2181611c06565b82525050565b6000602082019050611c3c6000830184611c18565b92915050565b6000611c4d82611a8a565b9050919050565b611c5d81611c42565b82525050565b6000602082019050611c786000830184611c54565b92915050565b600082825260208201905092915050565b7f5269736b206d616e61676572206e6f7420617070726f76656400000000000000600082015250565b6000611cc5601983611c7e565b9150611cd082611c8f565b602082019050919050565b60006020820190508181036000830152611cf481611cb8565b9050919050565b6000604082019050611d106000830185611bdc565b611d1d6020830184611b47565b9392505050565b7f5269736b206d616e61676572206973206e65697468657220617070726f76656460008201527f206e6f72207769746820612070656e64696e6720617070726f76616c00000000602082015250565b6000611d80603c83611c7e565b9150611d8b82611d24565b604082019050919050565b60006020820190508181036000830152611daf81611d73565b9050919050565b611dbf81611b05565b8114611dca57600080fd5b50565b600081519050611ddc81611db6565b92915050565b600060208284031215611df857611df7611958565b5b6000611e0684828501611dcd565b91505092915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b6000611e498261195d565b9150611e548361195d565b9250817fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0483118215151615611e8d57611e8c611e0f565b5b828202905092915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601260045260246000fd5b6000611ed28261195d565b9150611edd8361195d565b925082611eed57611eec611e98565b5b828204905092915050565b600081519050611f0781611967565b92915050565b600060208284031215611f2357611f22611958565b5b6000611f3184828501611ef8565b91505092915050565b6000611f4582611a8a565b9050919050565b611f5581611f3a565b82525050565b6000602082019050611f706000830184611f4c565b92915050565b7f506f7274696f6e20746f207365697a65206973206e6f742077697468696e207460008201527f68652072616e67652028302c20315d0000000000000000000000000000000000602082015250565b6000611fd2602f83611c7e565b9150611fdd82611f76565b604082019050919050565b6000602082019050818103600083015261200181611fc5565b9050919050565b7f5269736b206d616e6167657220617070726f76616c206e6f7420696e6974696160008201527f7465640000000000000000000000000000000000000000000000000000000000602082015250565b6000612064602383611c7e565b915061206f82612008565b604082019050919050565b6000602082019050818103600083015261209381612057565b9050919050565b60006120a58261195d565b91506120b08361195d565b9250828210156120c3576120c2611e0f565b5b828203905092915050565b7f5269736b206d616e6167657220676f7665726e616e63652064656c617920686160008201527f73206e6f7420656c617073656400000000000000000000000000000000000000602082015250565b600061212a602d83611c7e565b9150612135826120ce565b604082019050919050565b600060208201905081810360008301526121598161211d565b9050919050565b7f416d6f756e7420746f207365697a65206d757374206265203e30000000000000600082015250565b6000612196601a83611c7e565b91506121a182612160565b602082019050919050565b600060208201905081810360008301526121c581612189565b9050919050565b7f546865206669727374207269736b206d616e61676572206973206e6f7420796560008201527f7420617070726f7665643b20506c656173652075736520617070726f7665466960208201527f7273745269736b4d616e6167657220696e737465616400000000000000000000604082015250565b600061224e605683611c7e565b9150612259826121cc565b606082019050919050565b6000602082019050818103600083015261227d81612241565b9050919050565b7f5269736b206d616e6167657220616c726561647920617070726f766564000000600082015250565b60006122ba601d83611c7e565b91506122c582612284565b602082019050919050565b600060208201905081810360008301526122e9816122ad565b9050919050565b7f546865206669727374207269736b206d616e616765722077617320617070726f60008201527f7665640000000000000000000000000000000000000000000000000000000000602082015250565b600061234c602383611c7e565b9150612357826122f0565b604082019050919050565b6000602082019050818103600083015261237b8161233f565b9050919050565b7f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160008201527f6464726573730000000000000000000000000000000000000000000000000000602082015250565b60006123de602683611c7e565b91506123e982612382565b604082019050919050565b6000602082019050818103600083015261240d816123d1565b9050919050565b7f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572600082015250565b600061244a602083611c7e565b915061245582612414565b602082019050919050565b600060208201905081810360008301526124798161243d565b9050919050565b7f4368616e6765206e6f7420696e69746961746564000000000000000000000000600082015250565b60006124b6601483611c7e565b91506124c182612480565b602082019050919050565b600060208201905081810360008301526124e5816124a9565b905091905056fea2646970667358221220ec205cb71546993cf5a2a6b6040e8c2992a7fa4c20445f6280393e2db7e83c8864736f6c6343000809003300000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d

Deployed Bytecode

0x608060405234801561001057600080fd5b50600436106101585760003560e01c806376b6a1af116100c3578063c753e5801161007c578063c753e58014610363578063cc5398041461037f578063ccfbf30a1461039d578063e1e92fcf146103cd578063efec39a0146103fd578063f2fde38b1461041957610158565b806376b6a1af146102b757806384e1c564146102d35780638da5cb5b146102ef5780639ac9e7e51461030d578063b2016bd414610329578063bdceb0e21461034757610158565b806333f29dd01161011557806333f29dd0146101e55780633a46b1a814610201578063465b43e6146102315780635d6f5ddb1461026157806369da62f414610291578063715018a6146102ad57610158565b80630647cada1461015d578063092b7eb51461017b57806315245857146101855780632828fdb11461018f5780632b9d0579146101ab5780632ec939f9146101c7575b600080fd5b610165610435565b604051610172919061193d565b60405180910390f35b610183610448565b005b61018d6104d2565b005b6101a960048036038101906101a49190611993565b61055c565b005b6101c560048036038101906101c09190611a1e565b6105f2565b005b6101cf61070f565b6040516101dc9190611abd565b60405180910390f35b6101ff60048036038101906101fa9190611ad8565b610733565b005b61021b60048036038101906102169190611a1e565b6108df565b6040516102289190611b2c565b60405180910390f35b61024b60048036038101906102469190611ad8565b610b7a565b6040516102589190611b56565b60405180910390f35b61027b60048036038101906102769190611993565b610c69565b6040516102889190611b56565b60405180910390f35b6102ab60048036038101906102a69190611baf565b610d59565b005b6102b5610def565b005b6102d160048036038101906102cc9190611a1e565b610e03565b005b6102ed60048036038101906102e89190611ad8565b610f7f565b005b6102f7611209565b6040516103049190611beb565b60405180910390f35b61032760048036038101906103229190611993565b611232565b005b6103316112c8565b60405161033e9190611c27565b60405180910390f35b610361600480360381019061035c9190611a1e565b6112ec565b005b61037d60048036038101906103789190611ad8565b61144c565b005b6103876115b0565b6040516103949190611c63565b60405180910390f35b6103b760048036038101906103b29190611ad8565b6115d4565b6040516103c4919061193d565b60405180910390f35b6103e760048036038101906103e29190611ad8565b6115f4565b6040516103f49190611b56565b60405180910390f35b61041760048036038101906104129190611ad8565b61160c565b005b610433600480360381019061042e9190611ad8565b6116d9565b005b600060149054906101000a900460ff1681565b61045061175d565b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff1663092b7eb56040518163ffffffff1660e01b8152600401600060405180830381600087803b1580156104b857600080fd5b505af11580156104cc573d6000803e3d6000fd5b50505050565b6104da61175d565b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff1663152458576040518163ffffffff1660e01b8152600401600060405180830381600087803b15801561054257600080fd5b505af1158015610556573d6000803e3d6000fd5b50505050565b61056461175d565b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff16632828fdb1826040518263ffffffff1660e01b81526004016105bd9190611b56565b600060405180830381600087803b1580156105d757600080fd5b505af11580156105eb573d6000803e3d6000fd5b5050505050565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff1661067e576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161067590611cdb565b60405180910390fd5b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff1663ff603d2283836040518363ffffffff1660e01b81526004016106d9929190611cfb565b600060405180830381600087803b1580156106f357600080fd5b505af1158015610707573d6000803e3d6000fd5b505050505050565b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d81565b61073b61175d565b6000600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205411806107d25750600160008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff165b610811576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161080890611d96565b60405180910390fd5b600260008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009055600160008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81549060ff02191690557f9bf9ec07f4d3e134e1a799a215cf4c47dbf1c427fe348f3c0d3994ef1c2e295781426040516108d4929190611cfb565b60405180910390a150565b6000807f000000000000000000000000007854fdcc9c6f748b435e63745599fb1a0df84373ffffffffffffffffffffffffffffffffffffffff16633a46b1a885856040518363ffffffff1660e01b815260040161093d929190611cfb565b60206040518083038186803b15801561095557600080fd5b505afa158015610969573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061098d9190611de2565b905060007f000000000000000000000000007854fdcc9c6f748b435e63745599fb1a0df84373ffffffffffffffffffffffffffffffffffffffff16638e539e8c856040518263ffffffff1660e01b81526004016109ea9190611b56565b60206040518083038186803b158015610a0257600080fd5b505afa158015610a16573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a3a9190611de2565b90506000816bffffffffffffffffffffffff161415610a5e57600092505050610b74565b60007f000000000000000000000000cdf7028ceab81fa0c6971208e83fa7872994bee573ffffffffffffffffffffffffffffffffffffffff16633a46b1a87f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d876040518363ffffffff1660e01b8152600401610adb929190611cfb565b60206040518083038186803b158015610af357600080fd5b505afa158015610b07573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610b2b9190611de2565b9050816bffffffffffffffffffffffff16816bffffffffffffffffffffffff16846bffffffffffffffffffffffff16610b649190611e3e565b610b6e9190611ec7565b93505050505b92915050565b6000610c62600260008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020547f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff16632d2545e76040518163ffffffff1660e01b815260040160206040518083038186803b158015610c2557600080fd5b505afa158015610c39573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610c5d9190611f0d565b6117db565b9050919050565b6000670de0b6b3a7640000827f000000000000000000000000cdf7028ceab81fa0c6971208e83fa7872994bee573ffffffffffffffffffffffffffffffffffffffff166370a082317f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d6040518263ffffffff1660e01b8152600401610cee9190611beb565b60206040518083038186803b158015610d0657600080fd5b505afa158015610d1a573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610d3e9190611f0d565b610d489190611e3e565b610d529190611ec7565b9050919050565b610d6161175d565b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff166369da62f4826040518263ffffffff1660e01b8152600401610dba9190611f5b565b600060405180830381600087803b158015610dd457600080fd5b505af1158015610de8573d6000803e3d6000fd5b5050505050565b610df761175d565b610e016000611856565b565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff16610e8f576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610e8690611cdb565b60405180910390fd5b600081118015610ea75750670de0b6b3a76400008111155b610ee6576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610edd90611fe8565b60405180910390fd5b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff1663aad3ec9683610f2c84610c69565b6040518363ffffffff1660e01b8152600401610f49929190611cfb565b600060405180830381600087803b158015610f6357600080fd5b505af1158015610f77573d6000803e3d6000fd5b505050505050565b610f8761175d565b6000600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205411611009576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016110009061207a565b60405180910390fd5b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff16632d2545e76040518163ffffffff1660e01b815260040160206040518083038186803b15801561106f57600080fd5b505afa158015611083573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906110a79190611f0d565b600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054426110f2919061209a565b1015611133576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161112a90612140565b60405180910390fd5b60018060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81548160ff0219169083151502179055507f8499a35b7f2bbd8a5de334eed2665f0f7ea74bf1c4785bb3fb2c6a9b97fe1c5481426040516111bb929190611cfb565b60405180910390a1600260008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000905550565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b61123a61175d565b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff16639ac9e7e5826040518263ffffffff1660e01b81526004016112939190611b56565b600060405180830381600087803b1580156112ad57600080fd5b505af11580156112c1573d6000803e3d6000fd5b5050505050565b7f000000000000000000000000cdf7028ceab81fa0c6971208e83fa7872994bee581565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff16611378576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161136f90611cdb565b60405180910390fd5b600081116113bb576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016113b2906121ac565b60405180910390fd5b7f00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d73ffffffffffffffffffffffffffffffffffffffff1663aad3ec9683836040518363ffffffff1660e01b8152600401611416929190611cfb565b600060405180830381600087803b15801561143057600080fd5b505af1158015611444573d6000803e3d6000fd5b505050505050565b61145461175d565b600060149054906101000a900460ff166114a3576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161149a90612264565b60405180910390fd5b600160008273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff1615611530576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611527906122d0565b60405180910390fd5b42600260008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055507f981f6bdfdbe336d34d32ee17135d9517e6a5ffb574159f7ceaf02b3e2ed255b281426040516115a5929190611cfb565b60405180910390a150565b7f000000000000000000000000007854fdcc9c6f748b435e63745599fb1a0df84381565b60016020528060005260406000206000915054906101000a900460ff1681565b60026020528060005260406000206000915090505481565b61161461175d565b600060149054906101000a900460ff1615611664576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161165b90612362565b60405180910390fd5b60018060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81548160ff0219169083151502179055506001600060146101000a81548160ff02191690831515021790555050565b6116e161175d565b600073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415611751576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611748906123f4565b60405180910390fd5b61175a81611856565b50565b61176561191a565b73ffffffffffffffffffffffffffffffffffffffff16611783611209565b73ffffffffffffffffffffffffffffffffffffffff16146117d9576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016117d090612460565b60405180910390fd5b565b600080831161181f576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611816906124cc565b60405180910390fd5b6000834261182d919061209a565b9050828110611840576000915050611850565b808361184c919061209a565b9150505b92915050565b60008060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff169050816000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508173ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a35050565b600033905090565b60008115159050919050565b61193781611922565b82525050565b6000602082019050611952600083018461192e565b92915050565b600080fd5b6000819050919050565b6119708161195d565b811461197b57600080fd5b50565b60008135905061198d81611967565b92915050565b6000602082840312156119a9576119a8611958565b5b60006119b78482850161197e565b91505092915050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b60006119eb826119c0565b9050919050565b6119fb816119e0565b8114611a0657600080fd5b50565b600081359050611a18816119f2565b92915050565b60008060408385031215611a3557611a34611958565b5b6000611a4385828601611a09565b9250506020611a548582860161197e565b9150509250929050565b6000819050919050565b6000611a83611a7e611a79846119c0565b611a5e565b6119c0565b9050919050565b6000611a9582611a68565b9050919050565b6000611aa782611a8a565b9050919050565b611ab781611a9c565b82525050565b6000602082019050611ad26000830184611aae565b92915050565b600060208284031215611aee57611aed611958565b5b6000611afc84828501611a09565b91505092915050565b60006bffffffffffffffffffffffff82169050919050565b611b2681611b05565b82525050565b6000602082019050611b416000830184611b1d565b92915050565b611b508161195d565b82525050565b6000602082019050611b6b6000830184611b47565b92915050565b6000611b7c826119e0565b9050919050565b611b8c81611b71565b8114611b9757600080fd5b50565b600081359050611ba981611b83565b92915050565b600060208284031215611bc557611bc4611958565b5b6000611bd384828501611b9a565b91505092915050565b611be5816119e0565b82525050565b6000602082019050611c006000830184611bdc565b92915050565b6000611c1182611a8a565b9050919050565b611c2181611c06565b82525050565b6000602082019050611c3c6000830184611c18565b92915050565b6000611c4d82611a8a565b9050919050565b611c5d81611c42565b82525050565b6000602082019050611c786000830184611c54565b92915050565b600082825260208201905092915050565b7f5269736b206d616e61676572206e6f7420617070726f76656400000000000000600082015250565b6000611cc5601983611c7e565b9150611cd082611c8f565b602082019050919050565b60006020820190508181036000830152611cf481611cb8565b9050919050565b6000604082019050611d106000830185611bdc565b611d1d6020830184611b47565b9392505050565b7f5269736b206d616e61676572206973206e65697468657220617070726f76656460008201527f206e6f72207769746820612070656e64696e6720617070726f76616c00000000602082015250565b6000611d80603c83611c7e565b9150611d8b82611d24565b604082019050919050565b60006020820190508181036000830152611daf81611d73565b9050919050565b611dbf81611b05565b8114611dca57600080fd5b50565b600081519050611ddc81611db6565b92915050565b600060208284031215611df857611df7611958565b5b6000611e0684828501611dcd565b91505092915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b6000611e498261195d565b9150611e548361195d565b9250817fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0483118215151615611e8d57611e8c611e0f565b5b828202905092915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601260045260246000fd5b6000611ed28261195d565b9150611edd8361195d565b925082611eed57611eec611e98565b5b828204905092915050565b600081519050611f0781611967565b92915050565b600060208284031215611f2357611f22611958565b5b6000611f3184828501611ef8565b91505092915050565b6000611f4582611a8a565b9050919050565b611f5581611f3a565b82525050565b6000602082019050611f706000830184611f4c565b92915050565b7f506f7274696f6e20746f207365697a65206973206e6f742077697468696e207460008201527f68652072616e67652028302c20315d0000000000000000000000000000000000602082015250565b6000611fd2602f83611c7e565b9150611fdd82611f76565b604082019050919050565b6000602082019050818103600083015261200181611fc5565b9050919050565b7f5269736b206d616e6167657220617070726f76616c206e6f7420696e6974696160008201527f7465640000000000000000000000000000000000000000000000000000000000602082015250565b6000612064602383611c7e565b915061206f82612008565b604082019050919050565b6000602082019050818103600083015261209381612057565b9050919050565b60006120a58261195d565b91506120b08361195d565b9250828210156120c3576120c2611e0f565b5b828203905092915050565b7f5269736b206d616e6167657220676f7665726e616e63652064656c617920686160008201527f73206e6f7420656c617073656400000000000000000000000000000000000000602082015250565b600061212a602d83611c7e565b9150612135826120ce565b604082019050919050565b600060208201905081810360008301526121598161211d565b9050919050565b7f416d6f756e7420746f207365697a65206d757374206265203e30000000000000600082015250565b6000612196601a83611c7e565b91506121a182612160565b602082019050919050565b600060208201905081810360008301526121c581612189565b9050919050565b7f546865206669727374207269736b206d616e61676572206973206e6f7420796560008201527f7420617070726f7665643b20506c656173652075736520617070726f7665466960208201527f7273745269736b4d616e6167657220696e737465616400000000000000000000604082015250565b600061224e605683611c7e565b9150612259826121cc565b606082019050919050565b6000602082019050818103600083015261227d81612241565b9050919050565b7f5269736b206d616e6167657220616c726561647920617070726f766564000000600082015250565b60006122ba601d83611c7e565b91506122c582612284565b602082019050919050565b600060208201905081810360008301526122e9816122ad565b9050919050565b7f546865206669727374207269736b206d616e616765722077617320617070726f60008201527f7665640000000000000000000000000000000000000000000000000000000000602082015250565b600061234c602383611c7e565b9150612357826122f0565b604082019050919050565b6000602082019050818103600083015261237b8161233f565b9050919050565b7f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160008201527f6464726573730000000000000000000000000000000000000000000000000000602082015250565b60006123de602683611c7e565b91506123e982612382565b604082019050919050565b6000602082019050818103600083015261240d816123d1565b9050919050565b7f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572600082015250565b600061244a602083611c7e565b915061245582612414565b602082019050919050565b600060208201905081810360008301526124798161243d565b9050919050565b7f4368616e6765206e6f7420696e69746961746564000000000000000000000000600082015250565b60006124b6601483611c7e565b91506124c182612480565b602082019050919050565b600060208201905081810360008301526124e5816124a9565b905091905056fea2646970667358221220ec205cb71546993cf5a2a6b6040e8c2992a7fa4c20445f6280393e2db7e83c8864736f6c63430008090033

Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)

00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d

-----Decoded View---------------
Arg [0] : _assetPool (address): 0x21b86FDC93F23fD52022A283828dF8E808D28D5D

-----Encoded View---------------
1 Constructor Arguments found :
Arg [0] : 00000000000000000000000021b86fdc93f23fd52022a283828df8e808d28d5d


Block Transaction Difficulty Gas Used Reward
View All Blocks Produced

Block Uncle Number Difficulty Gas Used Reward
View All Uncles
Loading...
Loading
Loading...
Loading
Make sure to use the "Vote Down" button for any spammy posts, and the "Vote Up" for interesting conversations.

Validator Index Block Amount
View All Withdrawals

Txn Hash Block Value Eth2 PubKey Valid
View All Deposits
[ Download: CSV Export  ]

A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.