@ballkidz/defifa 0.0.10 → 0.0.12

package/ADMINISTRATION.md

@@ -9,9 +9,9 @@ Admin privileges and their scope in defifa-collection-deployer-v6.
 | **Game Creator** | Any EOA or contract that calls `DefifaDeployer.launchGameWith()` | Self-selected; permissionless |
 | **DefifaDeployer** (contract) | Singleton deployed at protocol setup | Immutable; owns all game JB projects and the governor |
 | **DefifaGovernor** (contract) | Singleton; `Ownable` by the DefifaDeployer | Ownership transferred from deployer at construction |
-| **DefifaHook** (per-game clone) | One clone per game; `Ownable` by the DefifaGovernor | Ownership transferred from deployer during `launchGameWith()` (line 567) |
+| **DefifaHook** (per-game clone) | One clone per game; `Ownable` by the DefifaGovernor | Ownership transferred from deployer during `launchGameWith()` |
 | **DefifaProjectOwner** | Optional proxy contract that holds the Defifa fee project NFT | Receives project NFT; grants `SET_SPLIT_GROUPS` to deployer |
-| **Scorecard Submitter** | Any address during SCORING phase | Permissionless (`submitScorecardFor`, DefifaGovernor line 413) |
+| **Scorecard Submitter** | Any address during SCORING phase | Permissionless (`submitScorecardFor`) |
 | **Attestor** | Any NFT holder with attestation weight | Must hold game NFTs; weight proportional to holdings per tier |
 | **Default Attestation Delegate** | Address set at game launch | Set via `DefifaLaunchProjectData.defaultAttestationDelegate` |
 | **Tier Delegate** | Any address delegated attestation units by an NFT holder | Set via `setTierDelegateTo` / `setTierDelegatesTo` during MINT phase only |
@@ -30,7 +30,7 @@ Admin privileges and their scope in defifa-collection-deployer-v6.
 
 | Function | Required Role | Permission Check | What It Does |
 |----------|--------------|-----------------|-------------|
-| `initializeGame()` | DefifaDeployer (owner) | `onlyOwner` (line 294) | Sets attestation start time and grace period for a game. Enforces minimum 1-day grace period. Called automatically during `launchGameWith()`. |
+| `initializeGame()` | DefifaDeployer (owner) | `onlyOwner` | Sets attestation start time and grace period for a game. Enforces minimum 1-day grace period. Called automatically during `launchGameWith()`. |
 | `submitScorecardFor()` | Anyone | Must be in SCORING phase; no ratified scorecard yet; no duplicate scorecard hash; weighted tiers must have nonzero supply | Submits a scorecard for attestation. Sets `attestationsBegin` and `gracePeriodEnds` timestamps. |
 | `attestToScorecardFrom()` | Any NFT holder | Must be in SCORING phase; scorecard must be ACTIVE or SUCCEEDED; caller cannot have already attested | Records attestation weight based on tier holdings at the scorecard's `attestationsBegin` timestamp. |
 | `ratifyScorecardFrom()` | Anyone | Scorecard must be in SUCCEEDED state (quorum met + grace period elapsed); no scorecard already ratified | Executes the scorecard via low-level call to `setTierCashOutWeightsTo` on the hook, then calls `fulfillCommitmentsOf`. |
@@ -39,20 +39,20 @@ Admin privileges and their scope in defifa-collection-deployer-v6.
 
 | Function | Required Role | Permission Check | What It Does |
 |----------|--------------|-----------------|-------------|
-| `initialize()` | DefifaDeployer | Reverts if `address(this) == codeOrigin` (line 484) or already initialized (`store != address(0)`, line 487) | One-time initialization of the cloned hook with game configuration, tiers, and tier names. Transfers ownership to caller. |
-| `setTierCashOutWeightsTo()` | DefifaGovernor (owner) | `onlyOwner` (line 703); must be in SCORING phase; weights not already set | Sets the cash-out weight distribution across tiers. Validates weights sum to `TOTAL_CASHOUT_WEIGHT` (1e18). Irreversible -- once set, `cashOutWeightIsSet` is permanently true. |
-| `setTierDelegateTo()` | Any NFT holder | Must be in MINT phase (line 730-732) | Delegates attestation units for a specific tier to another address. |
-| `setTierDelegatesTo()` | Any NFT holder | Must be in MINT phase (line 740-742); delegatee cannot be address(0) | Batch delegation of attestation units across multiple tiers. |
-| `mintReservesFor()` | Anyone | Reverts if `pauseMintPendingReserves` is set in ruleset metadata (line 537-539) | Mints reserved tokens to the tier's reserve beneficiary. Increments `_totalMintCost` so reserved recipients can claim fee tokens. |
-| `afterPayRecordedWith()` | JB Terminal | Caller must be a terminal of the project (line 436-439); `msg.value` must be 0 | Processes payment: validates currency, mints NFTs, sets up attestation delegation. |
-| `afterCashOutRecordedWith()` | JB Terminal | Caller must be a terminal of the project (line 610-613); `msg.value` must be 0 | Burns NFTs on cash-out, tracks redeemed amounts, distributes fee tokens during COMPLETE phase. |
+| `initialize()` | DefifaDeployer | Reverts if `address(this) == codeOrigin` or already initialized (`store != address(0)`) | One-time initialization of the cloned hook with game configuration, tiers, and tier names. Transfers ownership to caller. |
+| `setTierCashOutWeightsTo()` | DefifaGovernor (owner) | `onlyOwner`; must be in SCORING phase; weights not already set | Sets the cash-out weight distribution across tiers. Validates weights sum to `TOTAL_CASHOUT_WEIGHT` (1e18). Irreversible -- once set, `cashOutWeightIsSet` is permanently true. |
+| `setTierDelegateTo()` | Any NFT holder | Must be in MINT phase | Delegates attestation units for a specific tier to another address. |
+| `setTierDelegatesTo()` | Any NFT holder | Must be in MINT phase; delegatee cannot be address(0) | Batch delegation of attestation units across multiple tiers. |
+| `mintReservesFor()` | Anyone | Reverts if `pauseMintPendingReserves` is set in ruleset metadata | Mints reserved tokens to the tier's reserve beneficiary. Increments `_totalMintCost` so reserved recipients can claim fee tokens. |
+| `afterPayRecordedWith()` | JB Terminal | Caller must be a terminal of the project; `msg.value` must be 0 | Processes payment: validates currency, mints NFTs, sets up attestation delegation. |
+| `afterCashOutRecordedWith()` | JB Terminal | Caller must be a terminal of the project; `msg.value` must be 0 | Burns NFTs on cash-out, tracks redeemed amounts, distributes fee tokens during COMPLETE phase. |
 | `transferOwnership()` | Current owner | `onlyOwner` (inherited from Ownable) | Transfers hook ownership. Used once during deployment to transfer from deployer to governor. |
 
 ### DefifaProjectOwner
 
 | Function | Required Role | Permission Check | What It Does |
 |----------|--------------|-----------------|-------------|
-| `onERC721Received()` | JBProjects contract | `msg.sender` must be the JBProjects contract (line 47) | When the Defifa fee project NFT is transferred here, auto-grants `SET_SPLIT_GROUPS` permission to the DefifaDeployer. The project NFT is permanently locked -- cannot be recovered. |
+| `onERC721Received()` | JBProjects contract | `msg.sender` must be the JBProjects contract | When the Defifa fee project NFT is transferred here, auto-grants `SET_SPLIT_GROUPS` permission to the DefifaDeployer. The project NFT is permanently locked -- cannot be recovered. |
 
 ## Game Lifecycle Administration
 
@@ -77,6 +77,17 @@ COUNTDOWN --> MINT --> REFUND (optional) --> SCORING --> COMPLETE or NO_CONTEST
 4. The governor calls `setTierCashOutWeightsTo` on the hook via low-level call
 5. `fulfillCommitmentsOf` sends fee payouts (try-catch) and queues the final ruleset
 
+### Attestation Quorum Details
+
+The quorum threshold is 50% of the total attestation power across all tiers with nonzero mint supply. Attestation power per tier is proportional to the tier's minted supply at the `attestationsBegin` snapshot timestamp.
+
+**Edge cases:**
+- **Tiers with zero mints:** Tiers with `currentSupplyOfTier(tierId) == 0` are excluded from the quorum calculation. They have no attestation power and cannot influence scoring.
+- **All mints in a single tier:** If all participation concentrates in one tier, that tier's holders control the quorum. The 50% threshold still applies -- holders of 50% of that tier's supply can ratify a scorecard.
+- **Grace period:** After a scorecard reaches quorum (SUCCEEDED state), a grace period (`attestationsGracePeriod`, minimum 1 day) must elapse before ratification. This gives dissenters time to attest to a competing scorecard that could overtake the first.
+- **Competing scorecards:** Multiple scorecards can be submitted. Each tracks attestations independently. Only the first to be ratified (quorum met + grace period elapsed + `ratifyScorecardFrom()` called) takes effect. Once ratified, no other scorecard can be ratified for the same game.
+- **Scorecard timeout:** If `scorecardTimeout` is nonzero and elapses without ratification, the game enters NO_CONTEST state, enabling full refunds via `triggerNoContestFor()`.
+
 **No single entity controls scoring.** The process requires collective attestation from NFT holders across tiers.
 
 ## Immutable Configuration
@@ -91,7 +102,7 @@ The following are set at game creation and cannot be changed:
 | Payment token | `launchGameWith()` | Single token per game |
 | Fee structure | Constructor constants | `DEFIFA_FEE_DIVISOR = 20` (5%), `BASE_PROTOCOL_FEE_DIVISOR = 40` (2.5%) |
 | Attestation start time | `launchGameWith()` | Stored in governor via `initializeGame()` |
-| Attestation grace period | `launchGameWith()` | Minimum 1 day enforced (governor line 300) |
+| Attestation grace period | `launchGameWith()` | Minimum 1 day enforced in `initializeGame()` |
 | Default attestation delegate | `launchGameWith()` | Stored in hook |
 | `minParticipation` threshold | `launchGameWith()` | 0 = disabled |
 | `scorecardTimeout` | `launchGameWith()` | 0 = disabled |
@@ -116,11 +127,11 @@ What admins CANNOT do:
 
 6. **No one can change delegates after MINT phase.** `setTierDelegateTo` and `setTierDelegatesTo` both revert with `DefifaHook_DelegateChangesUnavailableInThisPhase` outside MINT.
 
-7. **No one can re-set cash-out weights.** The `cashOutWeightIsSet` flag is checked before setting (line 713) and the function reverts with `DefifaHook_CashoutWeightsAlreadySet`.
+7. **No one can re-set cash-out weights.** The `cashOutWeightIsSet` flag is checked before setting and the function reverts with `DefifaHook_CashoutWeightsAlreadySet`.
 
-8. **No one can re-ratify a scorecard.** The `ratifiedScorecardIdOf[gameId] != 0` check prevents double ratification (governor line 374).
+8. **No one can re-ratify a scorecard.** The `ratifiedScorecardIdOf[gameId] != 0` check prevents double ratification.
 
-9. **No one can fulfill commitments twice.** The `fulfilledCommitmentsOf[gameId] != 0` check (deployer line 304) prevents re-entry.
+9. **No one can fulfill commitments twice.** The `fulfilledCommitmentsOf[gameId] != 0` check prevents re-entry.
 
 10. **No one can recover the project NFT from DefifaProjectOwner.** Once transferred, the NFT is permanently locked.
 

package/ARCHITECTURE.md

@@ -14,10 +14,11 @@ src/
 ├── DefifaProjectOwner.sol      — Proxy owner for Defifa projects
 ├── DefifaTokenUriResolver.sol  — On-chain SVG metadata for game NFTs
 ├── enums/
-│   ├── DefifaGamePhase.sol     — MINT → REFUND → SCORING → COMPLETE
+│   ├── DefifaGamePhase.sol     — COUNTDOWN → MINT → REFUND → SCORING → COMPLETE → NO_CONTEST
 │   └── DefifaScorecardState.sol
 ├── interfaces/                 — IDefifaDeployer, IDefifaHook, IDefifaGovernor, etc.
 ├── libraries/
+│   ├── DefifaFontImporter.sol  — Font loading for on-chain SVG rendering
 │   └── DefifaHookLib.sol       — Game logic helpers
 └── structs/                    — Scorecards, attestations, tier params, delegations
 ```
@@ -43,8 +44,8 @@ SCORING Phase:
     → DefifaHook receives final cash-out weights per tier
 
 COMPLETE Phase:
-  → Winners → cash out NFTs at scored weights
-  → Deployer → fulfillCommitmentsOf() distributes fee tokens
+  → Deployer → fulfillCommitmentsOf() sends fee payouts and queues the final ruleset
+  → Winners → cash out NFTs at scored weights (see "Scored Weight Redemption" below)
 ```
 
 ### Governance Flow
@@ -60,6 +61,25 @@ Attestor → DefifaGovernor.attestToScorecard(proposalId)
   → DefifaHook.setScorecard() called
 ```
 
+### Scored Weight Redemption
+
+When a scorecard is ratified, `setTierCashOutWeightsTo` stores a weight per tier. Weights must sum to `TOTAL_CASHOUT_WEIGHT` (1e18). A tier with weight 0 means that outcome lost and holders get nothing.
+
+When a holder cashes out an NFT during the COMPLETE phase:
+
+1. **Per-token weight**: The tier's weight is divided equally among all tokens minted in that tier: `tokenWeight = tierWeight / tokensInTier`.
+2. **Cash out amount**: `amount = (surplus + totalAmountRedeemed) * tokenWeight / TOTAL_CASHOUT_WEIGHT`. The formula uses `surplus + totalAmountRedeemed` (the original pot size) so that early and late redeemers receive the same value.
+3. The token is burned and the holder receives their share of the treasury.
+
+Example: 100 ETH pot, 4 tiers, winning tier gets weight 500000000000000000 (50%). If that tier had 10 minted tokens, each token redeems for `100 * (500000000000000000 / 10) / 1e18 = 5 ETH`.
+
+### fulfillCommitmentsOf
+
+Called automatically when a scorecard is ratified (by `ratifyScorecardFrom`). It performs two actions:
+
+1. **Sends fee payouts**: Computes the fee portion of the pot based on the split percentages configured at game creation, then calls `sendPayoutsOf` to distribute fees to the protocol. If the payout fails, the fee stays in the pot and the function continues (try-catch ensures the final ruleset is always queued).
+2. **Queues the final ruleset**: Queues a new Juicebox ruleset with `pausePay: true` (no new payments), `cashOutTaxRate: 0` (no tax on cash-outs), and the data hook still active so scored weights are enforced. This transitions the game to its terminal state where only cash-outs remain.
+
 ## Extension Points
 
 | Point | Interface | Purpose |
@@ -80,3 +100,15 @@ Attestor → DefifaGovernor.attestToScorecard(proposalId)
 - `@openzeppelin/contracts` — Checkpoints, Ownable, Clones
 - `@prb/math` — mulDiv
 - `scripty.sol` — On-chain scripting for SVG
+
+## Design Decisions
+
+**Attestation-based governance over token-weighted voting.** Each tier gets equal max attestation power (`MAX_ATTESTATION_POWER_TIER = 1e9`) regardless of how many tokens it sold. A holder's power within a tier is proportional to their share of that tier's supply. This prevents a popular outcome (e.g., the favorite team) from dominating the scorecard simply by having more buyers. Every outcome's community has equal say in ratification.
+
+**Six distinct game phases.** The MINT, REFUND, SCORING, and COMPLETE phases enforce a strict lifecycle where each action is only valid in its phase. MINT allows buying in, REFUND provides a grace period for full refunds, SCORING locks the treasury while governance resolves, and COMPLETE enables scored cash-outs. The COUNTDOWN phase gates minting before the game starts, and NO_CONTEST acts as a fallback if no scorecard is ratified within the timeout. This phased approach prevents timing exploits (e.g., buying in after seeing results) and ensures the treasury is never drained during scoring.
+
+**Proxy owner pattern (DefifaProjectOwner).** Game projects are owned by `DefifaDeployer` itself (`launchProjectFor` sets `owner: address(this)`), which restricts game operations to the deployer's hardcoded logic -- no EOA can rug the game by migrating terminals, minting tokens, or changing controllers. Separately, `DefifaProjectOwner` permanently holds the Defifa fee project NFT (DEFIFA_PROJECT_ID) and grants only `SET_SPLIT_GROUPS` permission to the `DefifaDeployer`, so the deployer can set splits on the fee project as needed for fee distribution.
+
+**Weight-based redemption instead of per-tier pots.** Rather than splitting the treasury into separate pots per tier at scoring time, the system assigns each tier a weight out of `TOTAL_CASHOUT_WEIGHT` (1e18). Cash-outs compute their share of the entire surplus on the fly. This avoids complex accounting for partial redemptions and lets the bonding math work naturally as tokens are burned. Early and late redeemers within the same tier get the same per-token value because the formula uses `surplus + totalAmountRedeemed` as the denominator base.
+
+**Scorecard immutability after ratification.** Once a scorecard reaches quorum and is ratified, `cashOutWeightIsSet` is permanently set to `true` and no new weights can be written. Combined with the final ruleset that pauses payments, this guarantees the game's outcome is final and the treasury can only decrease through cash-outs.

package/AUDIT_INSTRUCTIONS.md

@@ -6,15 +6,15 @@ Prediction game platform built on Juicebox V6. Players buy NFT tiers representin
 
 ## Architecture
 
-Five contracts, one library. Total ~2,800 lines of production Solidity.
+Five contracts, one library. Total ~3,990 lines in `src/` (~3,320 in the six main files below).
 
 ```
-DefifaDeployer.sol       (906 lines)  -- Game factory. Owns all game JB projects. Manages lifecycle rulesets, fee splits, fulfillment, no-contest.
-DefifaHook.sol           (1082 lines) -- Pay/cashout hook. NFT minting, burning, attestation delegation, fee token distribution, cash-out weight logic.
-DefifaGovernor.sol       (514 lines)  -- Scorecard governance. Submit, attest, ratify scorecards. Singleton across all games.
-DefifaHookLib.sol        (368 lines)  -- Pure/view helpers. Weight validation, cash-out math, attestation computation, token claiming.
-DefifaProjectOwner.sol   (67 lines)   -- Permanent holder of the Defifa project NFT. Grants SET_SPLIT_GROUPS permission.
-DefifaTokenUriResolver.sol (313 lines) -- On-chain SVG metadata for game NFTs.
+DefifaDeployer.sol       (937 lines)  -- Game factory. Owns all game JB projects. Manages lifecycle rulesets, fee splits, fulfillment, no-contest.
+DefifaHook.sol           (1097 lines) -- Pay/cashout hook. NFT minting, burning, attestation delegation, fee token distribution, cash-out weight logic.
+DefifaGovernor.sol       (516 lines)  -- Scorecard governance. Submit, attest, ratify scorecards. Singleton across all games.
+DefifaHookLib.sol        (373 lines)  -- Pure/view helpers. Weight validation, cash-out math, attestation computation, token claiming.
+DefifaProjectOwner.sol   (86 lines)   -- Permanent holder of the Defifa project NFT. Grants SET_SPLIT_GROUPS permission.
+DefifaTokenUriResolver.sol (315 lines) -- On-chain SVG metadata for game NFTs.
 ```
 
 ### Contract Relationships
@@ -67,7 +67,7 @@ DefifaGovernor (singleton, shared across all games)
 
 ### Phase State Machine
 
-Phases are determined by Juicebox ruleset cycle numbers, safety mechanism checks, and scorecard ratification status. The state machine is in `DefifaDeployer.currentGamePhaseOf()` (line 221-257).
+Phases are determined by Juicebox ruleset cycle numbers, safety mechanism checks, and scorecard ratification status. The state machine is in `DefifaDeployer.currentGamePhaseOf()`.
 
 ```
 COUNTDOWN (cycleNumber == 0)
@@ -116,7 +116,7 @@ NO_CONTEST (safety mechanism triggered)
 1. Verify caller is a project terminal, currency matches `pricingCurrency`.
 2. Decode metadata: `(address _attestationDelegate, uint16[] _tierIdsToMint)`.
 3. Compute attestation units per unique tier via `DefifaHookLib.computeAttestationUnits()`.
-4. For each unique tier: set delegation if needed, transfer attestation units from address(0) to payer.
+4. For each unique tier: set delegation if needed, transfer attestation units from address(0) to beneficiary.
 5. Call `_mintAll()`: `store.recordMint()`, increment `_totalMintCost += amount`, mint ERC-721s.
 6. Revert if `leftoverAmount != 0` (exact pricing enforced, `DefifaHook_Overspending`).
 
@@ -265,15 +265,30 @@ Where `shareToBeneficiary = cumulativeMintPrice` of burned tokens and `outOfTota
 
 ## Priority Audit Areas
 
+### Entry Points for Review
+
+Start with the money: follow ETH from payment to cash-out.
+
+1. `DefifaHook._processPayment()` -- where tokens enter
+2. `DefifaHook.beforeCashOutRecordedWith()` -- reclaim calculation
+3. `DefifaHook.afterCashOutRecordedWith()` -- where tokens leave
+4. `DefifaDeployer.fulfillCommitmentsOf()` -- fee distribution
+5. `DefifaGovernor.ratifyScorecardFrom()` -- scorecard execution
+6. `DefifaHookLib.validateAndBuildWeights()` -- weight validation
+7. `DefifaHookLib.computeCashOutWeight()` -- per-token value
+8. `DefifaDeployer._buildSplits()` -- fee normalization
+9. `DefifaDeployer.currentGamePhaseOf()` -- phase state machine
+10. `DefifaDeployer.triggerNoContestFor()` -- no-contest safety valve
+
 ### P0 -- Critical (Fund Safety)
 
-1. **Cash-out weight arithmetic**: Verify `computeCashOutWeight()` and `computeCashOutCount()` in `DefifaHookLib` cannot overflow or return inflated values. The `_weight / _totalTokensForCashoutInTier` division is the core economic calculation. Confirm `tokensRedeemedFrom` tracking is correct: incremented ONLY during COMPLETE cash-outs (line 656), NOT during MINT/REFUND refunds.
+1. **Cash-out weight arithmetic**: Verify `computeCashOutWeight()` and `computeCashOutCount()` in `DefifaHookLib` cannot overflow or return inflated values. The `_weight / _totalTokensForCashoutInTier` division is the core economic calculation. Confirm `tokensRedeemedFrom` tracking is correct: incremented ONLY during COMPLETE cash-outs, NOT during MINT/REFUND refunds.
 
-2. **`_totalMintCost` integrity**: This variable is the denominator for fee token distribution. It is incremented on paid mint (`_mintAll`, line 869), reserved mint (`mintReservesFor`, line 571), and decremented on cash-out (`afterCashOutRecordedWith`, line 685). Verify no path exists where `_totalMintCost` underflows or becomes inconsistent with actual live token count.
+2. **`_totalMintCost` integrity**: This variable is the denominator for fee token distribution. It is incremented on paid mint (`_mintAll`), reserved mint (`mintReservesFor`), and decremented on cash-out (`afterCashOutRecordedWith`). Verify no path exists where `_totalMintCost` underflows or becomes inconsistent with actual live token count.
 
-3. **Fulfillment reentrancy guard**: `fulfilledCommitmentsOf[gameId]` is set to `max(feeAmount, 1)` BEFORE external calls to `sendPayoutsOf` and `queueRulesetsOf` (DefifaDeployer lines 325-382). Verify this guard prevents double fulfillment via reentrancy through the terminal.
+3. **Fulfillment reentrancy guard**: `fulfilledCommitmentsOf[gameId]` is set to `max(feeAmount, 1)` BEFORE external calls to `sendPayoutsOf` and `queueRulesetsOf`. Verify this guard prevents double fulfillment via reentrancy through the terminal.
 
-4. **Scorecard execution via low-level call**: `ratifyScorecardFrom` calls `_metadata.dataHook.call(_calldata)` (DefifaGovernor line 402). The `_calldata` is `abi.encodeWithSelector(setTierCashOutWeightsTo.selector, tierWeights)`. Verify that the hash-based proposal system prevents any calldata that does not match the submitted scorecard from being executed.
+4. **Scorecard execution via low-level call**: `ratifyScorecardFrom` calls `_metadata.dataHook.call(_calldata)`. The `_calldata` is `abi.encodeWithSelector(setTierCashOutWeightsTo.selector, tierWeights)`. Verify that the hash-based proposal system prevents any calldata that does not match the submitted scorecard from being executed.
 
 5. **Fee accounting during fulfillment**: `fulfillCommitmentsOf` computes `feeAmount = mulDiv(pot, _commitmentPercentOf[gameId], SPLITS_TOTAL_PERCENT)` and sends this amount as payouts via try-catch. On success, `fulfilledCommitmentsOf` retains the fee amount; on failure, it resets to sentinel (1) and the fee stays in the pot. Verify that `currentGamePotOf` correctly subtracts `fulfilledCommitmentsOf` and that the sentinel value (1 wei) does not cause meaningful accounting error.
 
@@ -283,19 +298,19 @@ Where `shareToBeneficiary = cumulativeMintPrice` of burned tokens and `outOfTota
 
 7. **Attestation snapshotting**: Attestation weight is computed at the `attestationsBegin` timestamp via `getPastTierAttestationUnitsOf()`. Verify that the `Checkpoints.Trace208.upperLookup()` correctly captures the state at that exact timestamp, and that minting or transferring NFTs after `attestationsBegin` does not retroactively affect attestation power.
 
-8. **Double attestation prevention**: `_attestations.hasAttested[msg.sender]` (DefifaGovernor line 354) prevents double voting. But verify that an attacker cannot attest, transfer NFTs to another address, and have that address attest with the same attestation power (the snapshot at `attestationsBegin` should prevent this, but verify the checkpoint resolution).
+8. **Double attestation prevention**: `_attestations.hasAttested[msg.sender]` prevents double voting. But verify that an attacker cannot attest, transfer NFTs to another address, and have that address attest with the same attestation power (the snapshot at `attestationsBegin` should prevent this, but verify the checkpoint resolution).
 
-9. **Grace period anchoring**: `gracePeriodEnds = attestationsBegin + attestationGracePeriod` (DefifaGovernor line 477). Verify that early scorecard submission (before `attestationStartTime`) correctly delays the grace period start, preventing instant ratification.
+9. **Grace period anchoring**: `gracePeriodEnds = attestationsBegin + attestationGracePeriod`. Verify that early scorecard submission (before `attestationStartTime`) correctly delays the grace period start, preventing instant ratification.
 
 ### P2 -- Medium (Access Control and State Transitions)
 
-10. **Hook ownership chain**: DefifaDeployer creates the hook clone, calls `initialize()`, then `transferOwnership(GOVERNOR)` (line 568). Verify that no window exists between `initialize()` and `transferOwnership()` where an attacker could call `setTierCashOutWeightsTo()` (requires `onlyOwner`).
+10. **Hook ownership chain**: DefifaDeployer creates the hook clone, calls `initialize()`, then `transferOwnership(GOVERNOR)`. Verify that no window exists between `initialize()` and `transferOwnership()` where an attacker could call `setTierCashOutWeightsTo()` (requires `onlyOwner`).
 
-11. **Phase check ordering in `currentGamePhaseOf()`**: The function checks `cashOutWeightIsSet` BEFORE `noContestTriggeredFor` (lines 233-236). Verify this ordering is correct: a ratified scorecard should always take priority over no-contest.
+11. **Phase check ordering in `currentGamePhaseOf()`**: The function checks `cashOutWeightIsSet` BEFORE `noContestTriggeredFor`. Verify this ordering is correct: a ratified scorecard should always take priority over no-contest.
 
-12. **Clone initialization guard**: `DefifaHook.initialize()` checks `address(this) == CODE_ORIGIN` (line 486, prevents initializing the implementation) and `address(store) != address(0)` (line 489, prevents re-initialization). Verify these guards are sufficient against proxy/clone attacks.
+12. **Clone initialization guard**: `DefifaHook.initialize()` checks `address(this) == CODE_ORIGIN` (prevents initializing the implementation) and `address(store) != address(0)` (prevents re-initialization). Verify these guards are sufficient against proxy/clone attacks.
 
-13. **Delegation lockdown**: `setTierDelegateTo` and `setTierDelegatesTo` require `MINT` phase (DefifaHook lines 740, 751). Verify that auto-delegation on transfer (`_transferTierAttestationUnits`, lines 1027-1031) correctly handles the case where a recipient already has a delegate set.
+13. **Delegation lockdown**: `setTierDelegateTo` and `setTierDelegatesTo` require `MINT` phase. Verify that auto-delegation on transfer (`_transferTierAttestationUnits`) correctly handles the case where a recipient already has a delegate set.
 
 ### P3 -- Low (Edge Cases and Rounding)
 
@@ -332,7 +347,7 @@ These properties should hold for all games in all states. The test suite validat
 - Attestation power is snapshotted at `attestationsBegin` (not live)
 - Quorum threshold: 50% of minted tiers' total max attestation power (live at call time)
 - Only one scorecard can be ratified per game
-- Minimum grace period: 1 day (enforced in `initializeGame`, line 303)
+- Minimum grace period: 1 day (enforced in `initializeGame`)
 
 ### Phase Transitions
 - A ratified scorecard (`cashOutWeightIsSet == true`) always produces COMPLETE, regardless of other conditions
@@ -349,7 +364,7 @@ These properties should hold for all games in all states. The test suite validat
 
 ## Testing
 
-### Test Files (14 files, ~100 test functions)
+### Test Files (16 files, ~172 test functions)
 
 | File | Focus |
 |------|-------|
@@ -360,11 +375,15 @@ These properties should hold for all games in all states. The test suite validat
 | `DefifaMintCostInvariant.t.sol` | Stateful fuzz: `_totalMintCost` invariant across random mints and refunds. |
 | `DefifaHookRegressions.t.sol` | Audit finding M-5: attestation unit conservation on transfer to undelegated recipients. |
 | `DefifaAuditLowGuards.t.sol` | Input validation: double initialization, uint48 overflow, zero-address delegation. |
-| `Fork.t.sol` | Mainnet fork tests: full lifecycle, edge cases, all revert conditions, scorecard state machine. ~50 tests. |
+| `Fork.t.sol` | Mainnet fork tests: full lifecycle, edge cases, all revert conditions, scorecard state machine. 69 tests. |
 | `regression/FulfillmentBlocksRatification.t.sol` | Fulfillment failure does not block ratification (try-catch behavior). |
 | `regression/GracePeriodBypass.t.sol` | Grace period extends from attestation start, not submission time. |
+| `DefifaAdversarialQuorum.t.sol` | Adversarial governance: late-buyer attestation power, delegation lockdown, double attestation, quorum manipulation, competing scorecards. 9 tests. |
+| `TestQALastMile.t.sol` | Edge cases: cash-out DoS during fulfillment window, game ID prediction race condition. 2 tests. |
+| `deployScript.t.sol` | Deploy script smoke test. |
 | `DefifaUSDC.t.sol` | ERC-20 (USDC) game variant. |
 | `SVG.t.sol` | Token URI resolver SVG rendering. |
+| `TestAuditGaps.sol` | Audit gap coverage: ERC-20 game mechanics (mint, refund, scoring, fee fulfillment, cash-out distribution, no-contest with ERC-20 tokens, pot reporting), multi-game governor isolation (independent project IDs, balances, NFT hooks, scorecard submission/attestation/ratification isolation, quorum independence, fulfilled commitments independence). 17 tests across 2 test contracts. |
 
 ### Running Tests
 
@@ -382,9 +401,9 @@ forge test --match-contract DefifaMintCostInvariant -vvv
 
 | Area | Current Coverage | Risk |
 |------|-----------------|------|
-| ERC-20 token games (non-ETH) | Single USDC test file | LOW |
+| ERC-20 token games (non-ETH) | Expanded: USDC test file + 8 ERC-20 tests in TestAuditGaps.sol (mint, refund, scoring, fee accounting, even distribution, no-contest, pot calculation) | LOW |
 | Games with >32 tiers | Fuzz caps at 12, one test at 32 | LOW |
-| Concurrent multi-game governor | Tests use single game per governor | MEDIUM |
+| Concurrent multi-game governor | Expanded: 9 multi-game isolation tests in TestAuditGaps.sol (independent IDs, balances, hooks, scorecard isolation, attestation power isolation, quorum, fulfilled commitments, full lifecycle) | LOW |
 | Adversarial token URI resolver | No malicious resolver test | LOW |
 | Clone address collision | No explicit collision test | LOW |
 
@@ -394,29 +413,92 @@ forge test --match-contract DefifaMintCostInvariant -vvv
 
 | Constant | Value | Location |
 |----------|-------|---------|
-| `TOTAL_CASHOUT_WEIGHT` | 1e18 | DefifaHookLib line 28 |
-| `MAX_ATTESTATION_POWER_TIER` | 1e9 | DefifaGovernor line 64 |
-| `DEFIFA_FEE_DIVISOR` | 20 (5%) | DefifaDeployer line 111 |
-| `BASE_PROTOCOL_FEE_DIVISOR` | 40 (2.5%) | DefifaDeployer line 107 |
-| `SPLITS_TOTAL_PERCENT` | 1e9 | JBConstants |
-| `initialSupply` per tier | 999,999,999 | DefifaDeployer line 491 |
-| Max tiers per game | 128 | DefifaHook `uint256[128]` (line 76) |
-| Min grace period | 1 day | DefifaGovernor line 303 |
-| Compiler | Solidity 0.8.26 | All files |
+| `TOTAL_CASHOUT_WEIGHT` | 1e18 | `DefifaHookLib` |
+| `MAX_ATTESTATION_POWER_TIER` | 1e9 | `DefifaGovernor` |
+| `DEFIFA_FEE_DIVISOR` | 20 (5%) | `DefifaDeployer` |
+| `BASE_PROTOCOL_FEE_DIVISOR` | 40 (2.5%) | `DefifaDeployer` |
+| `SPLITS_TOTAL_PERCENT` | 1e9 | `JBConstants` |
+| `initialSupply` per tier | 999,999,999 | `DefifaDeployer` |
+| Max tiers per game | 128 | `DefifaHook` (`uint256[128]`) |
+| Min grace period | 1 day | `DefifaGovernor` |
+| Compiler | Solidity 0.8.28 | All files |
 
 ---
 
-## Entry Points for Review
+## Anti-Patterns to Hunt
+
+| Pattern | Where | Why Dangerous |
+|---------|-------|---------------|
+| Low-level `.call()` with arbitrary calldata | `DefifaGovernor.ratifyScorecardFrom()` | Executes `_metadata.dataHook.call(_calldata)` -- if hash-based proposal verification is flawed, arbitrary calldata could be executed on the hook |
+| `unchecked` block around state mutation | `DefifaHook.afterCashOutRecordedWith()` | `++tokensRedeemedFrom[tierId]` in `unchecked` -- overflow of this counter would corrupt cash-out weight calculations for the tier |
+| Optimistic project ID prediction | `DefifaDeployer.launchGameWith()` | `gameId = PROJECTS.count() + 1` -- race condition with concurrent project creation. Mitigated by post-launch equality check, but `_opsOf[gameId]` is written before the check |
+| No reentrancy guard (no `ReentrancyGuard`) | All contracts | Relies on state ordering (storage writes before external calls) instead of explicit reentrancy locks. Any future refactor that reorders could introduce reentrancy |
+| `minTokensPaidOut: 0` on `sendPayoutsOf` | `DefifaDeployer.fulfillCommitmentsOf()` | Zero slippage protection -- MEV sandwich could extract value from the payout if the terminal swaps tokens |
+| Casting `address` to `uint32` for currency | `DefifaDeployer.fulfillCommitmentsOf()` | `uint32(uint160(_token))` truncates the address to 32 bits. Must match terminal's accounting context exactly or payout fails |
+| Clone initialization window | `DefifaDeployer.launchGameWith()` | Hook is initialized before `transferOwnership(GOVERNOR)`. Between `initialize()` (owner = deployer) and `transferOwnership()`, the hook's `onlyOwner` functions are callable by the deployer. Mitigated by atomic transaction |
+| `delegatecall` from library | `DefifaHookLib.claimTokensFor()` | Executes via `delegatecall` to the library -- `address(this)` is the hook's address, `safeTransfer` sends from the hook's balance. Incorrect library linkage could drain the hook |
+| Live supply in quorum calculation | `DefifaGovernor.quorum()` | Uses `currentSupplyOfTier()` (live, not snapshotted). If burns become possible during SCORING, quorum could be manipulated downward after attestations begin |
+| Integer division dust accumulation | `DefifaHookLib.computeCashOutWeight()` | `_weight / _totalTokensForCashoutInTier` rounds down. Dust (up to 1 wei per tier) is permanently locked. 128 tiers = max 128 wei locked per game |
+| `_totalMintCost` as fee token denominator | `DefifaHook._totalMintCost` internal variable | Incremented on mint, decremented on cash-out. If any path allows underflow (e.g., reserved mint followed by full refund), fee token claims revert or distribute incorrectly |
+| Try-catch swallowing failures silently | `DefifaDeployer.fulfillCommitmentsOf()` | `sendPayoutsOf` failure is caught and fee stays in pot. The sentinel value (1 wei) subtracted from pot in `currentGamePotOf` is an accounting approximation |
+| External call in view function | `DefifaTokenUriResolver.tokenUriOf()` | Calls `gamePotReporter.currentGamePotOf()`, `hook.cashOutWeightOf()`, and `hook.store().totalSupplyOf()`. A malicious URI resolver could cause excessive gas consumption in off-chain reads |
+| `block.timestamp` as scorecard ID component | `DefifaGovernor.submitScorecardFor()` | `attestationsBegin = uint48(block.timestamp + ...)` -- miner manipulation of timestamp (within 15s drift) could affect grace period boundaries |
 
-Start with the money: follow ETH from payment to cash-out.
+---
+
+## How to Report Findings
+
+### Finding Format
+
+Each finding should use this 7-point structure:
+
+1. **Title** -- One-line summary (e.g., "Quorum manipulation via token burns during SCORING phase")
+2. **Affected Contract(s)** -- List the specific contract(s) and function(s) involved
+3. **Description** -- Clear explanation of the vulnerability and its root cause
+4. **Trigger Sequence** -- Step-by-step reproduction instructions:
+   - Step 1: Deploy game with X configuration...
+   - Step 2: Attacker calls Y with Z parameters...
+   - Step 3: Observe unexpected state change...
+5. **Impact** -- Concrete consequences: funds at risk (in ETH/USD), governance bypass capability, denial-of-service scope, affected user count
+6. **Proof** -- Code snippet showing the vulnerable path, or a Foundry PoC test (`forge test --match-test testExploitName -vvvv`)
+7. **Fix** -- Suggested remediation with specific code changes
+
+### Severity Guide
+
+| Severity | Criteria | Examples |
+|----------|----------|---------|
+| **CRITICAL** | Direct, unconditional fund loss or theft. Exploitable by anyone without special permissions. | Draining the game pot, bypassing cash-out weight validation, minting unlimited tokens |
+| **HIGH** | Conditional fund loss requiring specific timing or state, or authorization/access-control bypass. | Scorecard ratification without quorum, fulfillment reentrancy, phase transition manipulation |
+| **MEDIUM** | State inconsistency, griefing, or economic damage bounded by dust amounts or requiring unlikely conditions. | Quorum drift from live supply, fee token dilution from reserved mints, rounding errors above documented bounds |
+| **LOW** | Cosmetic issues, gas inefficiencies, informational observations, or theoretical attacks with no practical exploit path. | Token URI gas consumption, unused return values, documentation inaccuracies |
+
+---
+
+## Previous Audit Findings
+
+No prior formal audit with finding IDs has been conducted for defifa-collection-deployer-v6. Known risks, trust assumptions, and economic edge cases are documented in [RISKS.md](./RISKS.md). The test suite (16 files, ~172 test functions) includes regression tests for specific issues discovered during development:
+
+- `DefifaHookRegressions.t.sol` -- Attestation unit conservation on transfer to undelegated recipients (M-5 equivalent)
+- `regression/AttestationDelegateBeneficiary.t.sol` -- Default attestation delegate is beneficiary, not payer (H-6)
+- `regression/FulfillmentBlocksRatification.t.sol` -- Fulfillment failure does not block ratification
+- `regression/GracePeriodBypass.t.sol` -- Grace period extends from attestation start, not submission time
+
+---
 
-1. `DefifaHook._processPayment()` (line 929) -- where tokens enter
-2. `DefifaHook.beforeCashOutRecordedWith()` (line 253) -- reclaim calculation
-3. `DefifaHook.afterCashOutRecordedWith()` (line 605) -- where tokens leave
-4. `DefifaDeployer.fulfillCommitmentsOf()` (line 296) -- fee distribution
-5. `DefifaGovernor.ratifyScorecardFrom()` (line 372) -- scorecard execution
-6. `DefifaHookLib.validateAndBuildWeights()` (line 35) -- weight validation
-7. `DefifaHookLib.computeCashOutWeight()` (line 95) -- per-token value
-8. `DefifaDeployer._buildSplits()` (line 826) -- fee normalization
-9. `DefifaDeployer.currentGamePhaseOf()` (line 221) -- phase state machine
-10. `DefifaDeployer.triggerNoContestFor()` (line 586) -- no-contest safety valve
+## Compiler and Version Info
+
+| Setting | Value | Source |
+|---------|-------|--------|
+| Solidity version | `0.8.28` | `foundry.toml` `solc` field; all `src/*.sol` files use `pragma solidity ^0.8.26` (library uses `0.8.28`) |
+| EVM target | `cancun` | `foundry.toml` `evm_version` field |
+| Optimizer | Enabled, 200 runs | `foundry.toml` `optimizer_runs = 200` |
+| Via IR | `true` | `foundry.toml` `via_ir = true` -- uses the Yul-based compilation pipeline |
+| Fuzz runs | 4096 | `foundry.toml` `[fuzz]` section |
+| Invariant runs | 1024, depth 100 | `foundry.toml` `[invariant]` section |
+| Invariant fail-on-revert | `false` | `foundry.toml` -- reverts do not fail invariant tests |
+| Framework | Foundry (forge) | Standard Foundry project layout |
+
+**Notes for auditors:**
+- `via_ir = true` enables the Yul intermediate representation pipeline, which can produce different optimization artifacts than the legacy pipeline. Stack-too-deep workarounds may mask complexity.
+- `optimizer_runs = 200` balances deployment cost vs. runtime gas. Low run counts favor deployment cost, which may produce less-optimized runtime bytecode.
+- `evm_version = cancun` enables Cancun opcodes (TSTORE/TLOAD, MCOPY, etc.). Verify the target deployment chain supports Cancun.

package/CHANGE_LOG.md

@@ -0,0 +1,107 @@
+# defifa-collection-deployer-v6 Changelog (v5 → v6)
+
+This document describes the changes between `defifa-collection-deployer` (v5) and `defifa-collection-deployer-v6` (v6). Defifa is an on-chain prediction game framework built on Juicebox where players mint NFTs representing outcomes, a governor ratifies scorecard distributions, and winners burn NFTs to claim proportional shares.
+
+## Summary
+
+- **V6 hook migration**: All 721 hook interactions updated from `nana-721-hook-v5` to `nana-721-hook-v6`, including the new tier splits system and `splitPercent` field in `JB721TierConfig`.
+- **Dependency modernization**: Core, permission IDs, address registry, and ownable dependencies all updated to v6. New ecosystem dependencies on `croptop-core-v6` and `revnet-core-v6`.
+- **Error naming standardized**: Error names changed from bare names (e.g., `InvalidCashoutWeights`) to contract-prefixed names (e.g., `DefifaHook_InvalidCashoutWeights`).
+- **Cash out hook spec gains `noop` field**: `beforeCashOutRecordedWith` now returns `noop=false` in all specifications, ensuring the terminal always calls the hook callback.
+- **Game lifecycle unchanged**: The core game phases (COUNTDOWN → MINT → REFUND → SCORING → COMPLETE) and governance model (50% quorum, scorecard ratification) remain identical.
+
+---
+
+## 1. Breaking Changes
+
+### 1.1 Dependency Updates
+
+| Dependency | v5 | v6 |
+|------------|----|----|
+| `@bananapus/core` | `v5` | `v6` |
+| `@bananapus/721-hook` | `v5` | `v6` |
+| `@bananapus/address-registry` | `v5` | `v6` |
+| `@bananapus/permission-ids` | `v5` | `v6` (new dependency) |
+| `@openzeppelin/contracts` | `^5.4.0` | `5.2.0` (pinned) |
+| `@croptop/core` | N/A | `v6` (new) |
+| `@rev-net/core` | N/A | `v6` (new) |
+
+### 1.2 Error Naming Convention
+
+All custom errors now use a contract-name prefix:
+
+| v5 | v6 |
+|----|----|
+| `InvalidCashoutWeights` | `DefifaHook_InvalidCashoutWeights` |
+| `InvalidPhase` | `DefifaHook_InvalidPhase` |
+| (and similar for all other errors) | Contract prefix added throughout |
+
+### 1.3 `JBCashOutHookSpecification` Gains `noop` Field
+
+The v6 `JBCashOutHookSpecification` struct has a `noop` boolean field. `DefifaHook.beforeCashOutRecordedWith` returns `noop=false` in all specifications, ensuring the terminal always invokes `afterCashOutRecordedWith` for game-phase-aware cashout processing.
+
+### 1.4 Solidity Version
+
+Compiler remains at `pragma solidity 0.8.23` (not bumped to 0.8.26 unlike most other v6 repos).
+
+### 1.5 721 Hook API Changes
+
+Inherited from `nana-721-hook-v6`:
+- `cashOutWeightOf()` and `totalCashOutWeight()` signatures simplified (removed `JBBeforeCashOutRecordedContext` parameter)
+- `pricingContext()` returns 2 values instead of 3
+- `JB721TierConfig` gained `splitPercent` and `splits` fields
+- `JB721TiersHookFlags` gained `issueTokensForSplits` field
+
+---
+
+## 2. Game Lifecycle (Unchanged)
+
+The core game phases remain identical between v5 and v6:
+
+```
+COUNTDOWN (ruleset 0) → MINT (ruleset 1) → REFUND (ruleset 2)
+    → SCORING (ruleset 3+) → COMPLETE (after ratification)
+```
+
+Safety mechanisms:
+- **NO_CONTEST**: Triggered if `minParticipation` not met or `scorecardTimeout` exceeded
+- **Scorecard governance**: 50% quorum, tier-delegated voting power with checkpointed snapshots
+- **Grace period**: Minimum 1 day for governance proposals
+
+---
+
+## 3. Architecture
+
+### 3.1 Key Contracts
+
+| Contract | Role |
+|----------|------|
+| `DefifaDeployer` | Game factory -- launches projects with phased rulesets, manages fulfillment |
+| `DefifaHook` | ERC-721 hook with game logic, attestation, per-tier cashout weights |
+| `DefifaGovernor` | Shared singleton for scorecard submission/attestation/ratification |
+| `DefifaProjectOwner` | Proxy that receives project NFT and grants deployer permissions |
+| `DefifaTokenUriResolver` | On-chain SVG metadata with dynamic game state |
+
+### 3.2 Deployment Pattern
+
+DefifaHook instances are deployed as minimal proxy clones via `Clones.cloneDeterministic()`:
+- Salt includes `msg.sender` + nonce (prevents cross-caller collision)
+- One-time `initialize()` call per clone
+- Owned by DefifaGovernor for scorecard weight setting
+
+---
+
+## 4. Migration Table
+
+| Aspect | v5 | v6 |
+|--------|----|----|
+| Core dependency | `@bananapus/core-v5` | `@bananapus/core-v6` |
+| 721 hook dependency | `@bananapus/721-hook-v5` | `@bananapus/721-hook-v6` |
+| Permission IDs | Not a direct dependency | `@bananapus/permission-ids-v6` |
+| Error naming | Bare names | Contract-prefixed names |
+| `JBCashOutHookSpecification` | No `noop` field | `noop=false` on all specs |
+| Solidity version | `0.8.23` | `0.8.23` (unchanged) |
+| Game lifecycle | COUNTDOWN->MINT->REFUND->SCORING->COMPLETE | Identical |
+| Governance model | 50% quorum, tier-delegated | Identical |
+
+> **Cross-repo impact**: Uses `nana-721-hook-v6` for all tier management and cashout weight distribution. The `nana-permission-ids-v6` ID shifts affect any hardcoded permission checks. Not yet included in `deploy-all-v6` deployment phases (awaiting source updates).

package/CRYPTO_ECON.md

@@ -829,7 +829,7 @@ where $n_{\text{min}} \geq 2$ (or better, a configurable parameter). Alternative
 
 **Severity: Significant.**
 
-The weight validation in `setTierCashOutWeightsTo` (`DefifaHook.sol:643`) uses a strict greater-than check:
+The weight validation in `setTierCashOutWeightsTo` (`DefifaHook.sol`) uses a strict greater-than check:
 
 ```solidity
 if (_cumulativeCashOutWeight > TOTAL_CASHOUT_WEIGHT) revert INVALID_CASHOUT_WEIGHTS();
@@ -892,7 +892,7 @@ if (gamePhaseReporter.currentGamePhaseOf(_gameId) != DefifaGamePhase.SCORING) {
 
 **Severity: Moderate.**
 
-In `fulfillCommitmentsOf` (`DefifaDeployer.sol:439–445`), the function calls `sendPayoutsOf` with `minTokensPaidOut` set to the full treasury balance:
+In `fulfillCommitmentsOf` (`DefifaDeployer.sol`), the function calls `sendPayoutsOf` with `minTokensPaidOut` set to the full treasury balance:
 
 ```solidity
 _terminal.sendPayoutsOf({