@enclave-e3/contracts 0.1.4 → 0.1.6

package/artifacts/build-info/solc-0_8_28-5150b9e6b6cf4df4986fccba97bea37a16fdfebc.json

@@ -0,0 +1,311 @@
+{
+  "_format": "hh3-sol-build-info-1",
+  "id": "solc-0_8_28-5150b9e6b6cf4df4986fccba97bea37a16fdfebc",
+  "solcVersion": "0.8.28",
+  "solcLongVersion": "0.8.28+commit.7893614a",
+  "userSourceNameMap": {
+    "contracts/Enclave.sol": "project/contracts/Enclave.sol",
+    "contracts/interfaces/IBondingRegistry.sol": "project/contracts/interfaces/IBondingRegistry.sol",
+    "contracts/interfaces/ICiphernodeRegistry.sol": "project/contracts/interfaces/ICiphernodeRegistry.sol",
+    "contracts/interfaces/IComputeProvider.sol": "project/contracts/interfaces/IComputeProvider.sol",
+    "contracts/interfaces/IDecryptionVerifier.sol": "project/contracts/interfaces/IDecryptionVerifier.sol",
+    "contracts/interfaces/IE3.sol": "project/contracts/interfaces/IE3.sol",
+    "contracts/interfaces/IE3Program.sol": "project/contracts/interfaces/IE3Program.sol",
+    "contracts/interfaces/IEnclave.sol": "project/contracts/interfaces/IEnclave.sol",
+    "contracts/interfaces/ISlashVerifier.sol": "project/contracts/interfaces/ISlashVerifier.sol",
+    "contracts/interfaces/ISlashingManager.sol": "project/contracts/interfaces/ISlashingManager.sol",
+    "contracts/lib/ExitQueueLib.sol": "project/contracts/lib/ExitQueueLib.sol",
+    "contracts/registry/BondingRegistry.sol": "project/contracts/registry/BondingRegistry.sol",
+    "contracts/registry/CiphernodeRegistryOwnable.sol": "project/contracts/registry/CiphernodeRegistryOwnable.sol",
+    "contracts/slashing/SlashingManager.sol": "project/contracts/slashing/SlashingManager.sol",
+    "contracts/test/MockCiphernodeRegistry.sol": "project/contracts/test/MockCiphernodeRegistry.sol",
+    "contracts/test/MockComputeProvider.sol": "project/contracts/test/MockComputeProvider.sol",
+    "contracts/test/MockDecryptionVerifier.sol": "project/contracts/test/MockDecryptionVerifier.sol",
+    "contracts/test/MockE3Program.sol": "project/contracts/test/MockE3Program.sol",
+    "contracts/test/MockSlashingVerifier.sol": "project/contracts/test/MockSlashingVerifier.sol",
+    "contracts/test/MockStableToken.sol": "project/contracts/test/MockStableToken.sol",
+    "contracts/token/EnclaveTicketToken.sol": "project/contracts/token/EnclaveTicketToken.sol",
+    "contracts/token/EnclaveToken.sol": "project/contracts/token/EnclaveToken.sol",
+    "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol": "npm/@openzeppelin/contracts@5.3.0/proxy/transparent/ProxyAdmin.sol",
+    "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol": "npm/@openzeppelin/contracts@5.3.0/proxy/transparent/TransparentUpgradeableProxy.sol",
+    "poseidon-solidity/PoseidonT3.sol": "npm/poseidon-solidity@0.0.5/PoseidonT3.sol"
+  },
+  "input": {
+    "language": "Solidity",
+    "settings": {
+      "evmVersion": "cancun",
+      "metadata": {
+        "bytecodeHash": "none"
+      },
+      "optimizer": {
+        "enabled": true,
+        "runs": 800
+      },
+      "outputSelection": {
+        "*": {
+          "": [
+            "ast"
+          ],
+          "*": [
+            "abi",
+            "evm.bytecode",
+            "evm.deployedBytecode",
+            "evm.methodIdentifiers",
+            "metadata"
+          ]
+        }
+      },
+      "remappings": [
+        "npm/@zk-kit/lean-imt.sol@2.0.1/:poseidon-solidity/=npm/poseidon-solidity@0.0.5/",
+        "project/:@openzeppelin/contracts-upgradeable/=npm/@openzeppelin/contracts-upgradeable@5.4.0/",
+        "project/:@openzeppelin/contracts-upgradeable/=npm/@openzeppelin/contracts-upgradeable@5.4.0/",
+        "project/:@openzeppelin/contracts-upgradeable/=npm/@openzeppelin/contracts-upgradeable@5.4.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@openzeppelin/contracts/=npm/@openzeppelin/contracts@5.3.0/",
+        "project/:@zk-kit/lean-imt.sol/=npm/@zk-kit/lean-imt.sol@2.0.1/"
+      ]
+    },
+    "sources": {
+      "npm/@openzeppelin/contracts-upgradeable@5.4.0/access/OwnableUpgradeable.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)\n\npragma solidity ^0.8.20;\n\nimport {ContextUpgradeable} from \"../utils/ContextUpgradeable.sol\";\nimport {Initializable} from \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * The initial owner is set to the address provided by the deployer. This can\n * later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {\n    /// @custom:storage-location erc7201:openzeppelin.storage.Ownable\n    struct OwnableStorage {\n        address _owner;\n    }\n\n    // keccak256(abi.encode(uint256(keccak256(\"openzeppelin.storage.Ownable\")) - 1)) & ~bytes32(uint256(0xff))\n    bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;\n\n    function _getOwnableStorage() private pure returns (OwnableStorage storage $) {\n        assembly {\n            $.slot := OwnableStorageLocation\n        }\n    }\n\n    /**\n     * @dev The caller account is not authorized to perform an operation.\n     */\n    error OwnableUnauthorizedAccount(address account);\n\n    /**\n     * @dev The owner is not a valid owner account. (eg. `address(0)`)\n     */\n    error OwnableInvalidOwner(address owner);\n\n    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n    /**\n     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.\n     */\n    function __Ownable_init(address initialOwner) internal onlyInitializing {\n        __Ownable_init_unchained(initialOwner);\n    }\n\n    function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {\n        if (initialOwner == address(0)) {\n            revert OwnableInvalidOwner(address(0));\n        }\n        _transferOwnership(initialOwner);\n    }\n\n    /**\n     * @dev Throws if called by any account other than the owner.\n     */\n    modifier onlyOwner() {\n        _checkOwner();\n        _;\n    }\n\n    /**\n     * @dev Returns the address of the current owner.\n     */\n    function owner() public view virtual returns (address) {\n        OwnableStorage storage $ = _getOwnableStorage();\n        return $._owner;\n    }\n\n    /**\n     * @dev Throws if the sender is not the owner.\n     */\n    function _checkOwner() internal view virtual {\n        if (owner() != _msgSender()) {\n            revert OwnableUnauthorizedAccount(_msgSender());\n        }\n    }\n\n    /**\n     * @dev Leaves the contract without owner. It will not be possible to call\n     * `onlyOwner` functions. Can only be called by the current owner.\n     *\n     * NOTE: Renouncing ownership will leave the contract without an owner,\n     * thereby disabling any functionality that is only available to the owner.\n     */\n    function renounceOwnership() public virtual onlyOwner {\n        _transferOwnership(address(0));\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Can only be called by the current owner.\n     */\n    function transferOwnership(address newOwner) public virtual onlyOwner {\n        if (newOwner == address(0)) {\n            revert OwnableInvalidOwner(address(0));\n        }\n        _transferOwnership(newOwner);\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Internal function without access restriction.\n     */\n    function _transferOwnership(address newOwner) internal virtual {\n        OwnableStorage storage $ = _getOwnableStorage();\n        address oldOwner = $._owner;\n        $._owner = newOwner;\n        emit OwnershipTransferred(oldOwner, newOwner);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts-upgradeable@5.4.0/proxy/utils/Initializable.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed\n * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an\n * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer\n * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.\n *\n * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be\n * reused. This mechanism prevents re-execution of each \"step\" but allows the creation of new initialization steps in\n * case an upgrade adds a module that needs to be initialized.\n *\n * For example:\n *\n * [.hljs-theme-light.nopadding]\n * ```solidity\n * contract MyToken is ERC20Upgradeable {\n *     function initialize() initializer public {\n *         __ERC20_init(\"MyToken\", \"MTK\");\n *     }\n * }\n *\n * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {\n *     function initializeV2() reinitializer(2) public {\n *         __ERC20Permit_init(\"MyToken\");\n *     }\n * }\n * ```\n *\n * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as\n * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.\n *\n * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure\n * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.\n *\n * [CAUTION]\n * ====\n * Avoid leaving a contract uninitialized.\n *\n * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation\n * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke\n * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:\n *\n * [.hljs-theme-light.nopadding]\n * ```\n * /// @custom:oz-upgrades-unsafe-allow constructor\n * constructor() {\n *     _disableInitializers();\n * }\n * ```\n * ====\n */\nabstract contract Initializable {\n    /**\n     * @dev Storage of the initializable contract.\n     *\n     * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions\n     * when using with upgradeable contracts.\n     *\n     * @custom:storage-location erc7201:openzeppelin.storage.Initializable\n     */\n    struct InitializableStorage {\n        /**\n         * @dev Indicates that the contract has been initialized.\n         */\n        uint64 _initialized;\n        /**\n         * @dev Indicates that the contract is in the process of being initialized.\n         */\n        bool _initializing;\n    }\n\n    // keccak256(abi.encode(uint256(keccak256(\"openzeppelin.storage.Initializable\")) - 1)) & ~bytes32(uint256(0xff))\n    bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;\n\n    /**\n     * @dev The contract is already initialized.\n     */\n    error InvalidInitialization();\n\n    /**\n     * @dev The contract is not initializing.\n     */\n    error NotInitializing();\n\n    /**\n     * @dev Triggered when the contract has been initialized or reinitialized.\n     */\n    event Initialized(uint64 version);\n\n    /**\n     * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,\n     * `onlyInitializing` functions can be used to initialize parent contracts.\n     *\n     * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any\n     * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in\n     * production.\n     *\n     * Emits an {Initialized} event.\n     */\n    modifier initializer() {\n        // solhint-disable-next-line var-name-mixedcase\n        InitializableStorage storage $ = _getInitializableStorage();\n\n        // Cache values to avoid duplicated sloads\n        bool isTopLevelCall = !$._initializing;\n        uint64 initialized = $._initialized;\n\n        // Allowed calls:\n        // - initialSetup: the contract is not in the initializing state and no previous version was\n        //                 initialized\n        // - construction: the contract is initialized at version 1 (no reinitialization) and the\n        //                 current contract is just being deployed\n        bool initialSetup = initialized == 0 && isTopLevelCall;\n        bool construction = initialized == 1 && address(this).code.length == 0;\n\n        if (!initialSetup && !construction) {\n            revert InvalidInitialization();\n        }\n        $._initialized = 1;\n        if (isTopLevelCall) {\n            $._initializing = true;\n        }\n        _;\n        if (isTopLevelCall) {\n            $._initializing = false;\n            emit Initialized(1);\n        }\n    }\n\n    /**\n     * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the\n     * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be\n     * used to initialize parent contracts.\n     *\n     * A reinitializer may be used after the original initialization step. This is essential to configure modules that\n     * are added through upgrades and that require initialization.\n     *\n     * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`\n     * cannot be nested. If one is invoked in the context of another, execution will revert.\n     *\n     * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in\n     * a contract, executing them in the right order is up to the developer or operator.\n     *\n     * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.\n     *\n     * Emits an {Initialized} event.\n     */\n    modifier reinitializer(uint64 version) {\n        // solhint-disable-next-line var-name-mixedcase\n        InitializableStorage storage $ = _getInitializableStorage();\n\n        if ($._initializing || $._initialized >= version) {\n            revert InvalidInitialization();\n        }\n        $._initialized = version;\n        $._initializing = true;\n        _;\n        $._initializing = false;\n        emit Initialized(version);\n    }\n\n    /**\n     * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the\n     * {initializer} and {reinitializer} modifiers, directly or indirectly.\n     */\n    modifier onlyInitializing() {\n        _checkInitializing();\n        _;\n    }\n\n    /**\n     * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.\n     */\n    function _checkInitializing() internal view virtual {\n        if (!_isInitializing()) {\n            revert NotInitializing();\n        }\n    }\n\n    /**\n     * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.\n     * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized\n     * to any version. It is recommended to use this to lock implementation contracts that are designed to be called\n     * through proxies.\n     *\n     * Emits an {Initialized} event the first time it is successfully executed.\n     */\n    function _disableInitializers() internal virtual {\n        // solhint-disable-next-line var-name-mixedcase\n        InitializableStorage storage $ = _getInitializableStorage();\n\n        if ($._initializing) {\n            revert InvalidInitialization();\n        }\n        if ($._initialized != type(uint64).max) {\n            $._initialized = type(uint64).max;\n            emit Initialized(type(uint64).max);\n        }\n    }\n\n    /**\n     * @dev Returns the highest version that has been initialized. See {reinitializer}.\n     */\n    function _getInitializedVersion() internal view returns (uint64) {\n        return _getInitializableStorage()._initialized;\n    }\n\n    /**\n     * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.\n     */\n    function _isInitializing() internal view returns (bool) {\n        return _getInitializableStorage()._initializing;\n    }\n\n    /**\n     * @dev Pointer to storage slot. Allows integrators to override it with a custom storage location.\n     *\n     * NOTE: Consider following the ERC-7201 formula to derive storage locations.\n     */\n    function _initializableStorageSlot() internal pure virtual returns (bytes32) {\n        return INITIALIZABLE_STORAGE;\n    }\n\n    /**\n     * @dev Returns a pointer to the storage namespace.\n     */\n    // solhint-disable-next-line var-name-mixedcase\n    function _getInitializableStorage() private pure returns (InitializableStorage storage $) {\n        bytes32 slot = _initializableStorageSlot();\n        assembly {\n            $.slot := slot\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts-upgradeable@5.4.0/utils/ContextUpgradeable.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)\n\npragma solidity ^0.8.20;\nimport {Initializable} from \"../proxy/utils/Initializable.sol\";\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract ContextUpgradeable is Initializable {\n    function __Context_init() internal onlyInitializing {\n    }\n\n    function __Context_init_unchained() internal onlyInitializing {\n    }\n    function _msgSender() internal view virtual returns (address) {\n        return msg.sender;\n    }\n\n    function _msgData() internal view virtual returns (bytes calldata) {\n        return msg.data;\n    }\n\n    function _contextSuffixLength() internal view virtual returns (uint256) {\n        return 0;\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/access/AccessControl.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (access/AccessControl.sol)\n\npragma solidity ^0.8.20;\n\nimport {IAccessControl} from \"./IAccessControl.sol\";\nimport {Context} from \"../utils/Context.sol\";\nimport {ERC165} from \"../utils/introspection/ERC165.sol\";\n\n/**\n * @dev Contract module that allows children to implement role-based access\n * control mechanisms. This is a lightweight version that doesn't allow enumerating role\n * members except through off-chain means by accessing the contract event logs. Some\n * applications may benefit from on-chain enumerability, for those cases see\n * {AccessControlEnumerable}.\n *\n * Roles are referred to by their `bytes32` identifier. These should be exposed\n * in the external API and be unique. The best way to achieve this is by\n * using `public constant` hash digests:\n *\n * ```solidity\n * bytes32 public constant MY_ROLE = keccak256(\"MY_ROLE\");\n * ```\n *\n * Roles can be used to represent a set of permissions. To restrict access to a\n * function call, use {hasRole}:\n *\n * ```solidity\n * function foo() public {\n *     require(hasRole(MY_ROLE, msg.sender));\n *     ...\n * }\n * ```\n *\n * Roles can be granted and revoked dynamically via the {grantRole} and\n * {revokeRole} functions. Each role has an associated admin role, and only\n * accounts that have a role's admin role can call {grantRole} and {revokeRole}.\n *\n * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means\n * that only accounts with this role will be able to grant or revoke other\n * roles. More complex role relationships can be created by using\n * {_setRoleAdmin}.\n *\n * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to\n * grant and revoke this role. Extra precautions should be taken to secure\n * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}\n * to enforce additional security measures for this role.\n */\nabstract contract AccessControl is Context, IAccessControl, ERC165 {\n    struct RoleData {\n        mapping(address account => bool) hasRole;\n        bytes32 adminRole;\n    }\n\n    mapping(bytes32 role => RoleData) private _roles;\n\n    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;\n\n    /**\n     * @dev Modifier that checks that an account has a specific role. Reverts\n     * with an {AccessControlUnauthorizedAccount} error including the required role.\n     */\n    modifier onlyRole(bytes32 role) {\n        _checkRole(role);\n        _;\n    }\n\n    /**\n     * @dev See {IERC165-supportsInterface}.\n     */\n    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {\n        return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);\n    }\n\n    /**\n     * @dev Returns `true` if `account` has been granted `role`.\n     */\n    function hasRole(bytes32 role, address account) public view virtual returns (bool) {\n        return _roles[role].hasRole[account];\n    }\n\n    /**\n     * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`\n     * is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.\n     */\n    function _checkRole(bytes32 role) internal view virtual {\n        _checkRole(role, _msgSender());\n    }\n\n    /**\n     * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`\n     * is missing `role`.\n     */\n    function _checkRole(bytes32 role, address account) internal view virtual {\n        if (!hasRole(role, account)) {\n            revert AccessControlUnauthorizedAccount(account, role);\n        }\n    }\n\n    /**\n     * @dev Returns the admin role that controls `role`. See {grantRole} and\n     * {revokeRole}.\n     *\n     * To change a role's admin, use {_setRoleAdmin}.\n     */\n    function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {\n        return _roles[role].adminRole;\n    }\n\n    /**\n     * @dev Grants `role` to `account`.\n     *\n     * If `account` had not been already granted `role`, emits a {RoleGranted}\n     * event.\n     *\n     * Requirements:\n     *\n     * - the caller must have ``role``'s admin role.\n     *\n     * May emit a {RoleGranted} event.\n     */\n    function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {\n        _grantRole(role, account);\n    }\n\n    /**\n     * @dev Revokes `role` from `account`.\n     *\n     * If `account` had been granted `role`, emits a {RoleRevoked} event.\n     *\n     * Requirements:\n     *\n     * - the caller must have ``role``'s admin role.\n     *\n     * May emit a {RoleRevoked} event.\n     */\n    function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {\n        _revokeRole(role, account);\n    }\n\n    /**\n     * @dev Revokes `role` from the calling account.\n     *\n     * Roles are often managed via {grantRole} and {revokeRole}: this function's\n     * purpose is to provide a mechanism for accounts to lose their privileges\n     * if they are compromised (such as when a trusted device is misplaced).\n     *\n     * If the calling account had been revoked `role`, emits a {RoleRevoked}\n     * event.\n     *\n     * Requirements:\n     *\n     * - the caller must be `callerConfirmation`.\n     *\n     * May emit a {RoleRevoked} event.\n     */\n    function renounceRole(bytes32 role, address callerConfirmation) public virtual {\n        if (callerConfirmation != _msgSender()) {\n            revert AccessControlBadConfirmation();\n        }\n\n        _revokeRole(role, callerConfirmation);\n    }\n\n    /**\n     * @dev Sets `adminRole` as ``role``'s admin role.\n     *\n     * Emits a {RoleAdminChanged} event.\n     */\n    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {\n        bytes32 previousAdminRole = getRoleAdmin(role);\n        _roles[role].adminRole = adminRole;\n        emit RoleAdminChanged(role, previousAdminRole, adminRole);\n    }\n\n    /**\n     * @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.\n     *\n     * Internal function without access restriction.\n     *\n     * May emit a {RoleGranted} event.\n     */\n    function _grantRole(bytes32 role, address account) internal virtual returns (bool) {\n        if (!hasRole(role, account)) {\n            _roles[role].hasRole[account] = true;\n            emit RoleGranted(role, account, _msgSender());\n            return true;\n        } else {\n            return false;\n        }\n    }\n\n    /**\n     * @dev Attempts to revoke `role` from `account` and returns a boolean indicating if `role` was revoked.\n     *\n     * Internal function without access restriction.\n     *\n     * May emit a {RoleRevoked} event.\n     */\n    function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {\n        if (hasRole(role, account)) {\n            _roles[role].hasRole[account] = false;\n            emit RoleRevoked(role, account, _msgSender());\n            return true;\n        } else {\n            return false;\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/access/IAccessControl.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (access/IAccessControl.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev External interface of AccessControl declared to support ERC-165 detection.\n */\ninterface IAccessControl {\n    /**\n     * @dev The `account` is missing a role.\n     */\n    error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);\n\n    /**\n     * @dev The caller of a function is not the expected one.\n     *\n     * NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.\n     */\n    error AccessControlBadConfirmation();\n\n    /**\n     * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`\n     *\n     * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite\n     * {RoleAdminChanged} not being emitted to signal this.\n     */\n    event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);\n\n    /**\n     * @dev Emitted when `account` is granted `role`.\n     *\n     * `sender` is the account that originated the contract call. This account bears the admin role (for the granted role).\n     * Expected in cases where the role was granted using the internal {AccessControl-_grantRole}.\n     */\n    event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);\n\n    /**\n     * @dev Emitted when `account` is revoked `role`.\n     *\n     * `sender` is the account that originated the contract call:\n     *   - if using `revokeRole`, it is the admin role bearer\n     *   - if using `renounceRole`, it is the role bearer (i.e. `account`)\n     */\n    event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);\n\n    /**\n     * @dev Returns `true` if `account` has been granted `role`.\n     */\n    function hasRole(bytes32 role, address account) external view returns (bool);\n\n    /**\n     * @dev Returns the admin role that controls `role`. See {grantRole} and\n     * {revokeRole}.\n     *\n     * To change a role's admin, use {AccessControl-_setRoleAdmin}.\n     */\n    function getRoleAdmin(bytes32 role) external view returns (bytes32);\n\n    /**\n     * @dev Grants `role` to `account`.\n     *\n     * If `account` had not been already granted `role`, emits a {RoleGranted}\n     * event.\n     *\n     * Requirements:\n     *\n     * - the caller must have ``role``'s admin role.\n     */\n    function grantRole(bytes32 role, address account) external;\n\n    /**\n     * @dev Revokes `role` from `account`.\n     *\n     * If `account` had been granted `role`, emits a {RoleRevoked} event.\n     *\n     * Requirements:\n     *\n     * - the caller must have ``role``'s admin role.\n     */\n    function revokeRole(bytes32 role, address account) external;\n\n    /**\n     * @dev Revokes `role` from the calling account.\n     *\n     * Roles are often managed via {grantRole} and {revokeRole}: this function's\n     * purpose is to provide a mechanism for accounts to lose their privileges\n     * if they are compromised (such as when a trusted device is misplaced).\n     *\n     * If the calling account had been granted `role`, emits a {RoleRevoked}\n     * event.\n     *\n     * Requirements:\n     *\n     * - the caller must be `callerConfirmation`.\n     */\n    function renounceRole(bytes32 role, address callerConfirmation) external;\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/access/Ownable.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)\n\npragma solidity ^0.8.20;\n\nimport {Context} from \"../utils/Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * The initial owner is set to the address provided by the deployer. This can\n * later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n    address private _owner;\n\n    /**\n     * @dev The caller account is not authorized to perform an operation.\n     */\n    error OwnableUnauthorizedAccount(address account);\n\n    /**\n     * @dev The owner is not a valid owner account. (eg. `address(0)`)\n     */\n    error OwnableInvalidOwner(address owner);\n\n    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n    /**\n     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.\n     */\n    constructor(address initialOwner) {\n        if (initialOwner == address(0)) {\n            revert OwnableInvalidOwner(address(0));\n        }\n        _transferOwnership(initialOwner);\n    }\n\n    /**\n     * @dev Throws if called by any account other than the owner.\n     */\n    modifier onlyOwner() {\n        _checkOwner();\n        _;\n    }\n\n    /**\n     * @dev Returns the address of the current owner.\n     */\n    function owner() public view virtual returns (address) {\n        return _owner;\n    }\n\n    /**\n     * @dev Throws if the sender is not the owner.\n     */\n    function _checkOwner() internal view virtual {\n        if (owner() != _msgSender()) {\n            revert OwnableUnauthorizedAccount(_msgSender());\n        }\n    }\n\n    /**\n     * @dev Leaves the contract without owner. It will not be possible to call\n     * `onlyOwner` functions. Can only be called by the current owner.\n     *\n     * NOTE: Renouncing ownership will leave the contract without an owner,\n     * thereby disabling any functionality that is only available to the owner.\n     */\n    function renounceOwnership() public virtual onlyOwner {\n        _transferOwnership(address(0));\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Can only be called by the current owner.\n     */\n    function transferOwnership(address newOwner) public virtual onlyOwner {\n        if (newOwner == address(0)) {\n            revert OwnableInvalidOwner(address(0));\n        }\n        _transferOwnership(newOwner);\n    }\n\n    /**\n     * @dev Transfers ownership of the contract to a new account (`newOwner`).\n     * Internal function without access restriction.\n     */\n    function _transferOwnership(address newOwner) internal virtual {\n        address oldOwner = _owner;\n        _owner = newOwner;\n        emit OwnershipTransferred(oldOwner, newOwner);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/governance/utils/IVotes.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (governance/utils/IVotes.sol)\npragma solidity ^0.8.20;\n\n/**\n * @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts.\n */\ninterface IVotes {\n    /**\n     * @dev The signature used has expired.\n     */\n    error VotesExpiredSignature(uint256 expiry);\n\n    /**\n     * @dev Emitted when an account changes their delegate.\n     */\n    event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);\n\n    /**\n     * @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of voting units.\n     */\n    event DelegateVotesChanged(address indexed delegate, uint256 previousVotes, uint256 newVotes);\n\n    /**\n     * @dev Returns the current amount of votes that `account` has.\n     */\n    function getVotes(address account) external view returns (uint256);\n\n    /**\n     * @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is\n     * configured to use block numbers, this will return the value at the end of the corresponding block.\n     */\n    function getPastVotes(address account, uint256 timepoint) external view returns (uint256);\n\n    /**\n     * @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is\n     * configured to use block numbers, this will return the value at the end of the corresponding block.\n     *\n     * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.\n     * Votes that have not been delegated are still part of total supply, even though they would not participate in a\n     * vote.\n     */\n    function getPastTotalSupply(uint256 timepoint) external view returns (uint256);\n\n    /**\n     * @dev Returns the delegate that `account` has chosen.\n     */\n    function delegates(address account) external view returns (address);\n\n    /**\n     * @dev Delegates votes from the sender to `delegatee`.\n     */\n    function delegate(address delegatee) external;\n\n    /**\n     * @dev Delegates votes from signer to `delegatee`.\n     */\n    function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) external;\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/governance/utils/Votes.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.2.0) (governance/utils/Votes.sol)\npragma solidity ^0.8.20;\n\nimport {IERC5805} from \"../../interfaces/IERC5805.sol\";\nimport {Context} from \"../../utils/Context.sol\";\nimport {Nonces} from \"../../utils/Nonces.sol\";\nimport {EIP712} from \"../../utils/cryptography/EIP712.sol\";\nimport {Checkpoints} from \"../../utils/structs/Checkpoints.sol\";\nimport {SafeCast} from \"../../utils/math/SafeCast.sol\";\nimport {ECDSA} from \"../../utils/cryptography/ECDSA.sol\";\nimport {Time} from \"../../utils/types/Time.sol\";\n\n/**\n * @dev This is a base abstract contract that tracks voting units, which are a measure of voting power that can be\n * transferred, and provides a system of vote delegation, where an account can delegate its voting units to a sort of\n * \"representative\" that will pool delegated voting units from different accounts and can then use it to vote in\n * decisions. In fact, voting units _must_ be delegated in order to count as actual votes, and an account has to\n * delegate those votes to itself if it wishes to participate in decisions and does not have a trusted representative.\n *\n * This contract is often combined with a token contract such that voting units correspond to token units. For an\n * example, see {ERC721Votes}.\n *\n * The full history of delegate votes is tracked on-chain so that governance protocols can consider votes as distributed\n * at a particular block number to protect against flash loans and double voting. The opt-in delegate system makes the\n * cost of this history tracking optional.\n *\n * When using this module the derived contract must implement {_getVotingUnits} (for example, make it return\n * {ERC721-balanceOf}), and can use {_transferVotingUnits} to track a change in the distribution of those units (in the\n * previous example, it would be included in {ERC721-_update}).\n */\nabstract contract Votes is Context, EIP712, Nonces, IERC5805 {\n    using Checkpoints for Checkpoints.Trace208;\n\n    bytes32 private constant DELEGATION_TYPEHASH =\n        keccak256(\"Delegation(address delegatee,uint256 nonce,uint256 expiry)\");\n\n    mapping(address account => address) private _delegatee;\n\n    mapping(address delegatee => Checkpoints.Trace208) private _delegateCheckpoints;\n\n    Checkpoints.Trace208 private _totalCheckpoints;\n\n    /**\n     * @dev The clock was incorrectly modified.\n     */\n    error ERC6372InconsistentClock();\n\n    /**\n     * @dev Lookup to future votes is not available.\n     */\n    error ERC5805FutureLookup(uint256 timepoint, uint48 clock);\n\n    /**\n     * @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based\n     * checkpoints (and voting), in which case {CLOCK_MODE} should be overridden as well to match.\n     */\n    function clock() public view virtual returns (uint48) {\n        return Time.blockNumber();\n    }\n\n    /**\n     * @dev Machine-readable description of the clock as specified in ERC-6372.\n     */\n    // solhint-disable-next-line func-name-mixedcase\n    function CLOCK_MODE() public view virtual returns (string memory) {\n        // Check that the clock was not modified\n        if (clock() != Time.blockNumber()) {\n            revert ERC6372InconsistentClock();\n        }\n        return \"mode=blocknumber&from=default\";\n    }\n\n    /**\n     * @dev Validate that a timepoint is in the past, and return it as a uint48.\n     */\n    function _validateTimepoint(uint256 timepoint) internal view returns (uint48) {\n        uint48 currentTimepoint = clock();\n        if (timepoint >= currentTimepoint) revert ERC5805FutureLookup(timepoint, currentTimepoint);\n        return SafeCast.toUint48(timepoint);\n    }\n\n    /**\n     * @dev Returns the current amount of votes that `account` has.\n     */\n    function getVotes(address account) public view virtual returns (uint256) {\n        return _delegateCheckpoints[account].latest();\n    }\n\n    /**\n     * @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is\n     * configured to use block numbers, this will return the value at the end of the corresponding block.\n     *\n     * Requirements:\n     *\n     * - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.\n     */\n    function getPastVotes(address account, uint256 timepoint) public view virtual returns (uint256) {\n        return _delegateCheckpoints[account].upperLookupRecent(_validateTimepoint(timepoint));\n    }\n\n    /**\n     * @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is\n     * configured to use block numbers, this will return the value at the end of the corresponding block.\n     *\n     * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.\n     * Votes that have not been delegated are still part of total supply, even though they would not participate in a\n     * vote.\n     *\n     * Requirements:\n     *\n     * - `timepoint` must be in the past. If operating using block numbers, the block must be already mined.\n     */\n    function getPastTotalSupply(uint256 timepoint) public view virtual returns (uint256) {\n        return _totalCheckpoints.upperLookupRecent(_validateTimepoint(timepoint));\n    }\n\n    /**\n     * @dev Returns the current total supply of votes.\n     */\n    function _getTotalSupply() internal view virtual returns (uint256) {\n        return _totalCheckpoints.latest();\n    }\n\n    /**\n     * @dev Returns the delegate that `account` has chosen.\n     */\n    function delegates(address account) public view virtual returns (address) {\n        return _delegatee[account];\n    }\n\n    /**\n     * @dev Delegates votes from the sender to `delegatee`.\n     */\n    function delegate(address delegatee) public virtual {\n        address account = _msgSender();\n        _delegate(account, delegatee);\n    }\n\n    /**\n     * @dev Delegates votes from signer to `delegatee`.\n     */\n    function delegateBySig(\n        address delegatee,\n        uint256 nonce,\n        uint256 expiry,\n        uint8 v,\n        bytes32 r,\n        bytes32 s\n    ) public virtual {\n        if (block.timestamp > expiry) {\n            revert VotesExpiredSignature(expiry);\n        }\n        address signer = ECDSA.recover(\n            _hashTypedDataV4(keccak256(abi.encode(DELEGATION_TYPEHASH, delegatee, nonce, expiry))),\n            v,\n            r,\n            s\n        );\n        _useCheckedNonce(signer, nonce);\n        _delegate(signer, delegatee);\n    }\n\n    /**\n     * @dev Delegate all of `account`'s voting units to `delegatee`.\n     *\n     * Emits events {IVotes-DelegateChanged} and {IVotes-DelegateVotesChanged}.\n     */\n    function _delegate(address account, address delegatee) internal virtual {\n        address oldDelegate = delegates(account);\n        _delegatee[account] = delegatee;\n\n        emit DelegateChanged(account, oldDelegate, delegatee);\n        _moveDelegateVotes(oldDelegate, delegatee, _getVotingUnits(account));\n    }\n\n    /**\n     * @dev Transfers, mints, or burns voting units. To register a mint, `from` should be zero. To register a burn, `to`\n     * should be zero. Total supply of voting units will be adjusted with mints and burns.\n     */\n    function _transferVotingUnits(address from, address to, uint256 amount) internal virtual {\n        if (from == address(0)) {\n            _push(_totalCheckpoints, _add, SafeCast.toUint208(amount));\n        }\n        if (to == address(0)) {\n            _push(_totalCheckpoints, _subtract, SafeCast.toUint208(amount));\n        }\n        _moveDelegateVotes(delegates(from), delegates(to), amount);\n    }\n\n    /**\n     * @dev Moves delegated votes from one delegate to another.\n     */\n    function _moveDelegateVotes(address from, address to, uint256 amount) internal virtual {\n        if (from != to && amount > 0) {\n            if (from != address(0)) {\n                (uint256 oldValue, uint256 newValue) = _push(\n                    _delegateCheckpoints[from],\n                    _subtract,\n                    SafeCast.toUint208(amount)\n                );\n                emit DelegateVotesChanged(from, oldValue, newValue);\n            }\n            if (to != address(0)) {\n                (uint256 oldValue, uint256 newValue) = _push(\n                    _delegateCheckpoints[to],\n                    _add,\n                    SafeCast.toUint208(amount)\n                );\n                emit DelegateVotesChanged(to, oldValue, newValue);\n            }\n        }\n    }\n\n    /**\n     * @dev Get number of checkpoints for `account`.\n     */\n    function _numCheckpoints(address account) internal view virtual returns (uint32) {\n        return SafeCast.toUint32(_delegateCheckpoints[account].length());\n    }\n\n    /**\n     * @dev Get the `pos`-th checkpoint for `account`.\n     */\n    function _checkpoints(\n        address account,\n        uint32 pos\n    ) internal view virtual returns (Checkpoints.Checkpoint208 memory) {\n        return _delegateCheckpoints[account].at(pos);\n    }\n\n    function _push(\n        Checkpoints.Trace208 storage store,\n        function(uint208, uint208) view returns (uint208) op,\n        uint208 delta\n    ) private returns (uint208 oldValue, uint208 newValue) {\n        return store.push(clock(), op(store.latest(), delta));\n    }\n\n    function _add(uint208 a, uint208 b) private pure returns (uint208) {\n        return a + b;\n    }\n\n    function _subtract(uint208 a, uint208 b) private pure returns (uint208) {\n        return a - b;\n    }\n\n    /**\n     * @dev Must return the voting units held by an account.\n     */\n    function _getVotingUnits(address) internal view virtual returns (uint256);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/draft-IERC6093.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/draft-IERC6093.sol)\npragma solidity ^0.8.20;\n\n/**\n * @dev Standard ERC-20 Errors\n * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-20 tokens.\n */\ninterface IERC20Errors {\n    /**\n     * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.\n     * @param sender Address whose tokens are being transferred.\n     * @param balance Current balance for the interacting account.\n     * @param needed Minimum amount required to perform a transfer.\n     */\n    error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);\n\n    /**\n     * @dev Indicates a failure with the token `sender`. Used in transfers.\n     * @param sender Address whose tokens are being transferred.\n     */\n    error ERC20InvalidSender(address sender);\n\n    /**\n     * @dev Indicates a failure with the token `receiver`. Used in transfers.\n     * @param receiver Address to which tokens are being transferred.\n     */\n    error ERC20InvalidReceiver(address receiver);\n\n    /**\n     * @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.\n     * @param spender Address that may be allowed to operate on tokens without being their owner.\n     * @param allowance Amount of tokens a `spender` is allowed to operate with.\n     * @param needed Minimum amount required to perform a transfer.\n     */\n    error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);\n\n    /**\n     * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.\n     * @param approver Address initiating an approval operation.\n     */\n    error ERC20InvalidApprover(address approver);\n\n    /**\n     * @dev Indicates a failure with the `spender` to be approved. Used in approvals.\n     * @param spender Address that may be allowed to operate on tokens without being their owner.\n     */\n    error ERC20InvalidSpender(address spender);\n}\n\n/**\n * @dev Standard ERC-721 Errors\n * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-721 tokens.\n */\ninterface IERC721Errors {\n    /**\n     * @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in ERC-20.\n     * Used in balance queries.\n     * @param owner Address of the current owner of a token.\n     */\n    error ERC721InvalidOwner(address owner);\n\n    /**\n     * @dev Indicates a `tokenId` whose `owner` is the zero address.\n     * @param tokenId Identifier number of a token.\n     */\n    error ERC721NonexistentToken(uint256 tokenId);\n\n    /**\n     * @dev Indicates an error related to the ownership over a particular token. Used in transfers.\n     * @param sender Address whose tokens are being transferred.\n     * @param tokenId Identifier number of a token.\n     * @param owner Address of the current owner of a token.\n     */\n    error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);\n\n    /**\n     * @dev Indicates a failure with the token `sender`. Used in transfers.\n     * @param sender Address whose tokens are being transferred.\n     */\n    error ERC721InvalidSender(address sender);\n\n    /**\n     * @dev Indicates a failure with the token `receiver`. Used in transfers.\n     * @param receiver Address to which tokens are being transferred.\n     */\n    error ERC721InvalidReceiver(address receiver);\n\n    /**\n     * @dev Indicates a failure with the `operator`’s approval. Used in transfers.\n     * @param operator Address that may be allowed to operate on tokens without being their owner.\n     * @param tokenId Identifier number of a token.\n     */\n    error ERC721InsufficientApproval(address operator, uint256 tokenId);\n\n    /**\n     * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.\n     * @param approver Address initiating an approval operation.\n     */\n    error ERC721InvalidApprover(address approver);\n\n    /**\n     * @dev Indicates a failure with the `operator` to be approved. Used in approvals.\n     * @param operator Address that may be allowed to operate on tokens without being their owner.\n     */\n    error ERC721InvalidOperator(address operator);\n}\n\n/**\n * @dev Standard ERC-1155 Errors\n * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-1155 tokens.\n */\ninterface IERC1155Errors {\n    /**\n     * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.\n     * @param sender Address whose tokens are being transferred.\n     * @param balance Current balance for the interacting account.\n     * @param needed Minimum amount required to perform a transfer.\n     * @param tokenId Identifier number of a token.\n     */\n    error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);\n\n    /**\n     * @dev Indicates a failure with the token `sender`. Used in transfers.\n     * @param sender Address whose tokens are being transferred.\n     */\n    error ERC1155InvalidSender(address sender);\n\n    /**\n     * @dev Indicates a failure with the token `receiver`. Used in transfers.\n     * @param receiver Address to which tokens are being transferred.\n     */\n    error ERC1155InvalidReceiver(address receiver);\n\n    /**\n     * @dev Indicates a failure with the `operator`’s approval. Used in transfers.\n     * @param operator Address that may be allowed to operate on tokens without being their owner.\n     * @param owner Address of the current owner of a token.\n     */\n    error ERC1155MissingApprovalForAll(address operator, address owner);\n\n    /**\n     * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.\n     * @param approver Address initiating an approval operation.\n     */\n    error ERC1155InvalidApprover(address approver);\n\n    /**\n     * @dev Indicates a failure with the `operator` to be approved. Used in approvals.\n     * @param operator Address that may be allowed to operate on tokens without being their owner.\n     */\n    error ERC1155InvalidOperator(address operator);\n\n    /**\n     * @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.\n     * Used in batch transfers.\n     * @param idsLength Length of the array of token identifiers\n     * @param valuesLength Length of the array of token amounts\n     */\n    error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC1363.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC1363.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20} from \"./IERC20.sol\";\nimport {IERC165} from \"./IERC165.sol\";\n\n/**\n * @title IERC1363\n * @dev Interface of the ERC-1363 standard as defined in the https://eips.ethereum.org/EIPS/eip-1363[ERC-1363].\n *\n * Defines an extension interface for ERC-20 tokens that supports executing code on a recipient contract\n * after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single transaction.\n */\ninterface IERC1363 is IERC20, IERC165 {\n    /*\n     * Note: the ERC-165 identifier for this interface is 0xb0202a11.\n     * 0xb0202a11 ===\n     *   bytes4(keccak256('transferAndCall(address,uint256)')) ^\n     *   bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^\n     *   bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^\n     *   bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^\n     *   bytes4(keccak256('approveAndCall(address,uint256)')) ^\n     *   bytes4(keccak256('approveAndCall(address,uint256,bytes)'))\n     */\n\n    /**\n     * @dev Moves a `value` amount of tokens from the caller's account to `to`\n     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.\n     * @param to The address which you want to transfer to.\n     * @param value The amount of tokens to be transferred.\n     * @return A boolean value indicating whether the operation succeeded unless throwing.\n     */\n    function transferAndCall(address to, uint256 value) external returns (bool);\n\n    /**\n     * @dev Moves a `value` amount of tokens from the caller's account to `to`\n     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.\n     * @param to The address which you want to transfer to.\n     * @param value The amount of tokens to be transferred.\n     * @param data Additional data with no specified format, sent in call to `to`.\n     * @return A boolean value indicating whether the operation succeeded unless throwing.\n     */\n    function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool);\n\n    /**\n     * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism\n     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.\n     * @param from The address which you want to send tokens from.\n     * @param to The address which you want to transfer to.\n     * @param value The amount of tokens to be transferred.\n     * @return A boolean value indicating whether the operation succeeded unless throwing.\n     */\n    function transferFromAndCall(address from, address to, uint256 value) external returns (bool);\n\n    /**\n     * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism\n     * and then calls {IERC1363Receiver-onTransferReceived} on `to`.\n     * @param from The address which you want to send tokens from.\n     * @param to The address which you want to transfer to.\n     * @param value The amount of tokens to be transferred.\n     * @param data Additional data with no specified format, sent in call to `to`.\n     * @return A boolean value indicating whether the operation succeeded unless throwing.\n     */\n    function transferFromAndCall(address from, address to, uint256 value, bytes calldata data) external returns (bool);\n\n    /**\n     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the\n     * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.\n     * @param spender The address which will spend the funds.\n     * @param value The amount of tokens to be spent.\n     * @return A boolean value indicating whether the operation succeeded unless throwing.\n     */\n    function approveAndCall(address spender, uint256 value) external returns (bool);\n\n    /**\n     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the\n     * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.\n     * @param spender The address which will spend the funds.\n     * @param value The amount of tokens to be spent.\n     * @param data Additional data with no specified format, sent in call to `spender`.\n     * @return A boolean value indicating whether the operation succeeded unless throwing.\n     */\n    function approveAndCall(address spender, uint256 value, bytes calldata data) external returns (bool);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC165.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC165} from \"../utils/introspection/IERC165.sol\";\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC1967.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1967.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.\n */\ninterface IERC1967 {\n    /**\n     * @dev Emitted when the implementation is upgraded.\n     */\n    event Upgraded(address indexed implementation);\n\n    /**\n     * @dev Emitted when the admin account has changed.\n     */\n    event AdminChanged(address previousAdmin, address newAdmin);\n\n    /**\n     * @dev Emitted when the beacon is changed.\n     */\n    event BeaconUpgraded(address indexed beacon);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC20.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC20.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20} from \"../token/ERC20/IERC20.sol\";\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC5267.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5267.sol)\n\npragma solidity ^0.8.20;\n\ninterface IERC5267 {\n    /**\n     * @dev MAY be emitted to signal that the domain could have changed.\n     */\n    event EIP712DomainChanged();\n\n    /**\n     * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712\n     * signature.\n     */\n    function eip712Domain()\n        external\n        view\n        returns (\n            bytes1 fields,\n            string memory name,\n            string memory version,\n            uint256 chainId,\n            address verifyingContract,\n            bytes32 salt,\n            uint256[] memory extensions\n        );\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC5805.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5805.sol)\n\npragma solidity ^0.8.20;\n\nimport {IVotes} from \"../governance/utils/IVotes.sol\";\nimport {IERC6372} from \"./IERC6372.sol\";\n\ninterface IERC5805 is IERC6372, IVotes {}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/interfaces/IERC6372.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC6372.sol)\n\npragma solidity ^0.8.20;\n\ninterface IERC6372 {\n    /**\n     * @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based checkpoints (and voting).\n     */\n    function clock() external view returns (uint48);\n\n    /**\n     * @dev Description of the clock\n     */\n    // solhint-disable-next-line func-name-mixedcase\n    function CLOCK_MODE() external view returns (string memory);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/proxy/beacon/IBeacon.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev This is the interface that {BeaconProxy} expects of its beacon.\n */\ninterface IBeacon {\n    /**\n     * @dev Must return an address that can be used as a delegate call target.\n     *\n     * {UpgradeableBeacon} will check that this address is a contract.\n     */\n    function implementation() external view returns (address);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/proxy/ERC1967/ERC1967Proxy.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Proxy.sol)\n\npragma solidity ^0.8.22;\n\nimport {Proxy} from \"../Proxy.sol\";\nimport {ERC1967Utils} from \"./ERC1967Utils.sol\";\n\n/**\n * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an\n * implementation address that can be changed. This address is stored in storage in the location specified by\n * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967], so that it doesn't conflict with the storage layout of the\n * implementation behind the proxy.\n */\ncontract ERC1967Proxy is Proxy {\n    /**\n     * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.\n     *\n     * If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an\n     * encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.\n     *\n     * Requirements:\n     *\n     * - If `data` is empty, `msg.value` must be zero.\n     */\n    constructor(address implementation, bytes memory _data) payable {\n        ERC1967Utils.upgradeToAndCall(implementation, _data);\n    }\n\n    /**\n     * @dev Returns the current implementation address.\n     *\n     * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using\n     * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.\n     * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`\n     */\n    function _implementation() internal view virtual override returns (address) {\n        return ERC1967Utils.getImplementation();\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/proxy/ERC1967/ERC1967Utils.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Utils.sol)\n\npragma solidity ^0.8.22;\n\nimport {IBeacon} from \"../beacon/IBeacon.sol\";\nimport {IERC1967} from \"../../interfaces/IERC1967.sol\";\nimport {Address} from \"../../utils/Address.sol\";\nimport {StorageSlot} from \"../../utils/StorageSlot.sol\";\n\n/**\n * @dev This library provides getters and event emitting update functions for\n * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] slots.\n */\nlibrary ERC1967Utils {\n    /**\n     * @dev Storage slot with the address of the current implementation.\n     * This is the keccak-256 hash of \"eip1967.proxy.implementation\" subtracted by 1.\n     */\n    // solhint-disable-next-line private-vars-leading-underscore\n    bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n\n    /**\n     * @dev The `implementation` of the proxy is invalid.\n     */\n    error ERC1967InvalidImplementation(address implementation);\n\n    /**\n     * @dev The `admin` of the proxy is invalid.\n     */\n    error ERC1967InvalidAdmin(address admin);\n\n    /**\n     * @dev The `beacon` of the proxy is invalid.\n     */\n    error ERC1967InvalidBeacon(address beacon);\n\n    /**\n     * @dev An upgrade function sees `msg.value > 0` that may be lost.\n     */\n    error ERC1967NonPayable();\n\n    /**\n     * @dev Returns the current implementation address.\n     */\n    function getImplementation() internal view returns (address) {\n        return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;\n    }\n\n    /**\n     * @dev Stores a new address in the ERC-1967 implementation slot.\n     */\n    function _setImplementation(address newImplementation) private {\n        if (newImplementation.code.length == 0) {\n            revert ERC1967InvalidImplementation(newImplementation);\n        }\n        StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;\n    }\n\n    /**\n     * @dev Performs implementation upgrade with additional setup call if data is nonempty.\n     * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected\n     * to avoid stuck value in the contract.\n     *\n     * Emits an {IERC1967-Upgraded} event.\n     */\n    function upgradeToAndCall(address newImplementation, bytes memory data) internal {\n        _setImplementation(newImplementation);\n        emit IERC1967.Upgraded(newImplementation);\n\n        if (data.length > 0) {\n            Address.functionDelegateCall(newImplementation, data);\n        } else {\n            _checkNonPayable();\n        }\n    }\n\n    /**\n     * @dev Storage slot with the admin of the contract.\n     * This is the keccak-256 hash of \"eip1967.proxy.admin\" subtracted by 1.\n     */\n    // solhint-disable-next-line private-vars-leading-underscore\n    bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;\n\n    /**\n     * @dev Returns the current admin.\n     *\n     * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using\n     * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.\n     * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`\n     */\n    function getAdmin() internal view returns (address) {\n        return StorageSlot.getAddressSlot(ADMIN_SLOT).value;\n    }\n\n    /**\n     * @dev Stores a new address in the ERC-1967 admin slot.\n     */\n    function _setAdmin(address newAdmin) private {\n        if (newAdmin == address(0)) {\n            revert ERC1967InvalidAdmin(address(0));\n        }\n        StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;\n    }\n\n    /**\n     * @dev Changes the admin of the proxy.\n     *\n     * Emits an {IERC1967-AdminChanged} event.\n     */\n    function changeAdmin(address newAdmin) internal {\n        emit IERC1967.AdminChanged(getAdmin(), newAdmin);\n        _setAdmin(newAdmin);\n    }\n\n    /**\n     * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.\n     * This is the keccak-256 hash of \"eip1967.proxy.beacon\" subtracted by 1.\n     */\n    // solhint-disable-next-line private-vars-leading-underscore\n    bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;\n\n    /**\n     * @dev Returns the current beacon.\n     */\n    function getBeacon() internal view returns (address) {\n        return StorageSlot.getAddressSlot(BEACON_SLOT).value;\n    }\n\n    /**\n     * @dev Stores a new beacon in the ERC-1967 beacon slot.\n     */\n    function _setBeacon(address newBeacon) private {\n        if (newBeacon.code.length == 0) {\n            revert ERC1967InvalidBeacon(newBeacon);\n        }\n\n        StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;\n\n        address beaconImplementation = IBeacon(newBeacon).implementation();\n        if (beaconImplementation.code.length == 0) {\n            revert ERC1967InvalidImplementation(beaconImplementation);\n        }\n    }\n\n    /**\n     * @dev Change the beacon and trigger a setup call if data is nonempty.\n     * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected\n     * to avoid stuck value in the contract.\n     *\n     * Emits an {IERC1967-BeaconUpgraded} event.\n     *\n     * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since\n     * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for\n     * efficiency.\n     */\n    function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {\n        _setBeacon(newBeacon);\n        emit IERC1967.BeaconUpgraded(newBeacon);\n\n        if (data.length > 0) {\n            Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);\n        } else {\n            _checkNonPayable();\n        }\n    }\n\n    /**\n     * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract\n     * if an upgrade doesn't perform an initialization call.\n     */\n    function _checkNonPayable() private {\n        if (msg.value > 0) {\n            revert ERC1967NonPayable();\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/proxy/Proxy.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM\n * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to\n * be specified by overriding the virtual {_implementation} function.\n *\n * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a\n * different contract through the {_delegate} function.\n *\n * The success and return data of the delegated call will be returned back to the caller of the proxy.\n */\nabstract contract Proxy {\n    /**\n     * @dev Delegates the current call to `implementation`.\n     *\n     * This function does not return to its internal call site, it will return directly to the external caller.\n     */\n    function _delegate(address implementation) internal virtual {\n        assembly {\n            // Copy msg.data. We take full control of memory in this inline assembly\n            // block because it will not return to Solidity code. We overwrite the\n            // Solidity scratch pad at memory position 0.\n            calldatacopy(0, 0, calldatasize())\n\n            // Call the implementation.\n            // out and outsize are 0 because we don't know the size yet.\n            let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)\n\n            // Copy the returned data.\n            returndatacopy(0, 0, returndatasize())\n\n            switch result\n            // delegatecall returns 0 on error.\n            case 0 {\n                revert(0, returndatasize())\n            }\n            default {\n                return(0, returndatasize())\n            }\n        }\n    }\n\n    /**\n     * @dev This is a virtual function that should be overridden so it returns the address to which the fallback\n     * function and {_fallback} should delegate.\n     */\n    function _implementation() internal view virtual returns (address);\n\n    /**\n     * @dev Delegates the current call to the address returned by `_implementation()`.\n     *\n     * This function does not return to its internal call site, it will return directly to the external caller.\n     */\n    function _fallback() internal virtual {\n        _delegate(_implementation());\n    }\n\n    /**\n     * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other\n     * function in the contract matches the call data.\n     */\n    fallback() external payable virtual {\n        _fallback();\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/proxy/transparent/ProxyAdmin.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.2.0) (proxy/transparent/ProxyAdmin.sol)\n\npragma solidity ^0.8.22;\n\nimport {ITransparentUpgradeableProxy} from \"./TransparentUpgradeableProxy.sol\";\nimport {Ownable} from \"../../access/Ownable.sol\";\n\n/**\n * @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an\n * explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}.\n */\ncontract ProxyAdmin is Ownable {\n    /**\n     * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgrade(address,address)`\n     * and `upgradeAndCall(address,address,bytes)` are present, and `upgrade` must be used if no function should be called,\n     * while `upgradeAndCall` will invoke the `receive` function if the third argument is the empty byte string.\n     * If the getter returns `\"5.0.0\"`, only `upgradeAndCall(address,address,bytes)` is present, and the third argument must\n     * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function\n     * during an upgrade.\n     */\n    string public constant UPGRADE_INTERFACE_VERSION = \"5.0.0\";\n\n    /**\n     * @dev Sets the initial owner who can perform upgrades.\n     */\n    constructor(address initialOwner) Ownable(initialOwner) {}\n\n    /**\n     * @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation.\n     * See {TransparentUpgradeableProxy-_dispatchUpgradeToAndCall}.\n     *\n     * Requirements:\n     *\n     * - This contract must be the admin of `proxy`.\n     * - If `data` is empty, `msg.value` must be zero.\n     */\n    function upgradeAndCall(\n        ITransparentUpgradeableProxy proxy,\n        address implementation,\n        bytes memory data\n    ) public payable virtual onlyOwner {\n        proxy.upgradeToAndCall{value: msg.value}(implementation, data);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/proxy/transparent/TransparentUpgradeableProxy.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.2.0) (proxy/transparent/TransparentUpgradeableProxy.sol)\n\npragma solidity ^0.8.22;\n\nimport {ERC1967Utils} from \"../ERC1967/ERC1967Utils.sol\";\nimport {ERC1967Proxy} from \"../ERC1967/ERC1967Proxy.sol\";\nimport {IERC1967} from \"../../interfaces/IERC1967.sol\";\nimport {ProxyAdmin} from \"./ProxyAdmin.sol\";\n\n/**\n * @dev Interface for {TransparentUpgradeableProxy}. In order to implement transparency, {TransparentUpgradeableProxy}\n * does not implement this interface directly, and its upgradeability mechanism is implemented by an internal dispatch\n * mechanism. The compiler is unaware that these functions are implemented by {TransparentUpgradeableProxy} and will not\n * include them in the ABI so this interface must be used to interact with it.\n */\ninterface ITransparentUpgradeableProxy is IERC1967 {\n    /// @dev See {UUPSUpgradeable-upgradeToAndCall}\n    function upgradeToAndCall(address newImplementation, bytes calldata data) external payable;\n}\n\n/**\n * @dev This contract implements a proxy that is upgradeable through an associated {ProxyAdmin} instance.\n *\n * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector\n * clashing], which can potentially be used in an attack, this contract uses the\n * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two\n * things that go hand in hand:\n *\n * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if\n * that call matches the {ITransparentUpgradeableProxy-upgradeToAndCall} function exposed by the proxy itself.\n * 2. If the admin calls the proxy, it can call the `upgradeToAndCall` function but any other call won't be forwarded to\n * the implementation. If the admin tries to call a function on the implementation it will fail with an error indicating\n * the proxy admin cannot fallback to the target implementation.\n *\n * These properties mean that the admin account can only be used for upgrading the proxy, so it's best if it's a\n * dedicated account that is not used for anything else. This will avoid headaches due to sudden errors when trying to\n * call a function from the proxy implementation. For this reason, the proxy deploys an instance of {ProxyAdmin} and\n * allows upgrades only if they come through it. You should think of the `ProxyAdmin` instance as the administrative\n * interface of the proxy, including the ability to change who can trigger upgrades by transferring ownership.\n *\n * NOTE: The real interface of this proxy is that defined in `ITransparentUpgradeableProxy`. This contract does not\n * inherit from that interface, and instead `upgradeToAndCall` is implicitly implemented using a custom dispatch\n * mechanism in `_fallback`. Consequently, the compiler will not produce an ABI for this contract. This is necessary to\n * fully implement transparency without decoding reverts caused by selector clashes between the proxy and the\n * implementation.\n *\n * NOTE: This proxy does not inherit from {Context} deliberately. The {ProxyAdmin} of this contract won't send a\n * meta-transaction in any way, and any other meta-transaction setup should be made in the implementation contract.\n *\n * IMPORTANT: This contract avoids unnecessary storage reads by setting the admin only during construction as an\n * immutable variable, preventing any changes thereafter. However, the admin slot defined in ERC-1967 can still be\n * overwritten by the implementation logic pointed to by this proxy. In such cases, the contract may end up in an\n * undesirable state where the admin slot is different from the actual admin. Relying on the value of the admin slot\n * is generally fine if the implementation is trusted.\n *\n * WARNING: It is not recommended to extend this contract to add additional external functions. If you do so, the\n * compiler will not check that there are no selector conflicts, due to the note above. A selector clash between any new\n * function and the functions declared in {ITransparentUpgradeableProxy} will be resolved in favor of the new one. This\n * could render the `upgradeToAndCall` function inaccessible, preventing upgradeability and compromising transparency.\n */\ncontract TransparentUpgradeableProxy is ERC1967Proxy {\n    // An immutable address for the admin to avoid unnecessary SLOADs before each call\n    // at the expense of removing the ability to change the admin once it's set.\n    // This is acceptable if the admin is always a ProxyAdmin instance or similar contract\n    // with its own ability to transfer the permissions to another account.\n    address private immutable _admin;\n\n    /**\n     * @dev The proxy caller is the current admin, and can't fallback to the proxy target.\n     */\n    error ProxyDeniedAdminAccess();\n\n    /**\n     * @dev Initializes an upgradeable proxy managed by an instance of a {ProxyAdmin} with an `initialOwner`,\n     * backed by the implementation at `_logic`, and optionally initialized with `_data` as explained in\n     * {ERC1967Proxy-constructor}.\n     */\n    constructor(address _logic, address initialOwner, bytes memory _data) payable ERC1967Proxy(_logic, _data) {\n        _admin = address(new ProxyAdmin(initialOwner));\n        // Set the storage value and emit an event for ERC-1967 compatibility\n        ERC1967Utils.changeAdmin(_proxyAdmin());\n    }\n\n    /**\n     * @dev Returns the admin of this proxy.\n     */\n    function _proxyAdmin() internal view virtual returns (address) {\n        return _admin;\n    }\n\n    /**\n     * @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior.\n     */\n    function _fallback() internal virtual override {\n        if (msg.sender == _proxyAdmin()) {\n            if (msg.sig != ITransparentUpgradeableProxy.upgradeToAndCall.selector) {\n                revert ProxyDeniedAdminAccess();\n            } else {\n                _dispatchUpgradeToAndCall();\n            }\n        } else {\n            super._fallback();\n        }\n    }\n\n    /**\n     * @dev Upgrade the implementation of the proxy. See {ERC1967Utils-upgradeToAndCall}.\n     *\n     * Requirements:\n     *\n     * - If `data` is empty, `msg.value` must be zero.\n     */\n    function _dispatchUpgradeToAndCall() private {\n        (address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes));\n        ERC1967Utils.upgradeToAndCall(newImplementation, data);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/ERC20.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/ERC20.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20} from \"./IERC20.sol\";\nimport {IERC20Metadata} from \"./extensions/IERC20Metadata.sol\";\nimport {Context} from \"../../utils/Context.sol\";\nimport {IERC20Errors} from \"../../interfaces/draft-IERC6093.sol\";\n\n/**\n * @dev Implementation of the {IERC20} interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using {_mint}.\n *\n * TIP: For a detailed writeup see our guide\n * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How\n * to implement supply mechanisms].\n *\n * The default value of {decimals} is 18. To change this, you should override\n * this function so it returns a different value.\n *\n * We have followed general OpenZeppelin Contracts guidelines: functions revert\n * instead returning `false` on failure. This behavior is nonetheless\n * conventional and does not conflict with the expectations of ERC-20\n * applications.\n */\nabstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {\n    mapping(address account => uint256) private _balances;\n\n    mapping(address account => mapping(address spender => uint256)) private _allowances;\n\n    uint256 private _totalSupply;\n\n    string private _name;\n    string private _symbol;\n\n    /**\n     * @dev Sets the values for {name} and {symbol}.\n     *\n     * Both values are immutable: they can only be set once during construction.\n     */\n    constructor(string memory name_, string memory symbol_) {\n        _name = name_;\n        _symbol = symbol_;\n    }\n\n    /**\n     * @dev Returns the name of the token.\n     */\n    function name() public view virtual returns (string memory) {\n        return _name;\n    }\n\n    /**\n     * @dev Returns the symbol of the token, usually a shorter version of the\n     * name.\n     */\n    function symbol() public view virtual returns (string memory) {\n        return _symbol;\n    }\n\n    /**\n     * @dev Returns the number of decimals used to get its user representation.\n     * For example, if `decimals` equals `2`, a balance of `505` tokens should\n     * be displayed to a user as `5.05` (`505 / 10 ** 2`).\n     *\n     * Tokens usually opt for a value of 18, imitating the relationship between\n     * Ether and Wei. This is the default value returned by this function, unless\n     * it's overridden.\n     *\n     * NOTE: This information is only used for _display_ purposes: it in\n     * no way affects any of the arithmetic of the contract, including\n     * {IERC20-balanceOf} and {IERC20-transfer}.\n     */\n    function decimals() public view virtual returns (uint8) {\n        return 18;\n    }\n\n    /**\n     * @dev See {IERC20-totalSupply}.\n     */\n    function totalSupply() public view virtual returns (uint256) {\n        return _totalSupply;\n    }\n\n    /**\n     * @dev See {IERC20-balanceOf}.\n     */\n    function balanceOf(address account) public view virtual returns (uint256) {\n        return _balances[account];\n    }\n\n    /**\n     * @dev See {IERC20-transfer}.\n     *\n     * Requirements:\n     *\n     * - `to` cannot be the zero address.\n     * - the caller must have a balance of at least `value`.\n     */\n    function transfer(address to, uint256 value) public virtual returns (bool) {\n        address owner = _msgSender();\n        _transfer(owner, to, value);\n        return true;\n    }\n\n    /**\n     * @dev See {IERC20-allowance}.\n     */\n    function allowance(address owner, address spender) public view virtual returns (uint256) {\n        return _allowances[owner][spender];\n    }\n\n    /**\n     * @dev See {IERC20-approve}.\n     *\n     * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on\n     * `transferFrom`. This is semantically equivalent to an infinite approval.\n     *\n     * Requirements:\n     *\n     * - `spender` cannot be the zero address.\n     */\n    function approve(address spender, uint256 value) public virtual returns (bool) {\n        address owner = _msgSender();\n        _approve(owner, spender, value);\n        return true;\n    }\n\n    /**\n     * @dev See {IERC20-transferFrom}.\n     *\n     * Skips emitting an {Approval} event indicating an allowance update. This is not\n     * required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].\n     *\n     * NOTE: Does not update the allowance if the current allowance\n     * is the maximum `uint256`.\n     *\n     * Requirements:\n     *\n     * - `from` and `to` cannot be the zero address.\n     * - `from` must have a balance of at least `value`.\n     * - the caller must have allowance for ``from``'s tokens of at least\n     * `value`.\n     */\n    function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {\n        address spender = _msgSender();\n        _spendAllowance(from, spender, value);\n        _transfer(from, to, value);\n        return true;\n    }\n\n    /**\n     * @dev Moves a `value` amount of tokens from `from` to `to`.\n     *\n     * This internal function is equivalent to {transfer}, and can be used to\n     * e.g. implement automatic token fees, slashing mechanisms, etc.\n     *\n     * Emits a {Transfer} event.\n     *\n     * NOTE: This function is not virtual, {_update} should be overridden instead.\n     */\n    function _transfer(address from, address to, uint256 value) internal {\n        if (from == address(0)) {\n            revert ERC20InvalidSender(address(0));\n        }\n        if (to == address(0)) {\n            revert ERC20InvalidReceiver(address(0));\n        }\n        _update(from, to, value);\n    }\n\n    /**\n     * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`\n     * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding\n     * this function.\n     *\n     * Emits a {Transfer} event.\n     */\n    function _update(address from, address to, uint256 value) internal virtual {\n        if (from == address(0)) {\n            // Overflow check required: The rest of the code assumes that totalSupply never overflows\n            _totalSupply += value;\n        } else {\n            uint256 fromBalance = _balances[from];\n            if (fromBalance < value) {\n                revert ERC20InsufficientBalance(from, fromBalance, value);\n            }\n            unchecked {\n                // Overflow not possible: value <= fromBalance <= totalSupply.\n                _balances[from] = fromBalance - value;\n            }\n        }\n\n        if (to == address(0)) {\n            unchecked {\n                // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.\n                _totalSupply -= value;\n            }\n        } else {\n            unchecked {\n                // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.\n                _balances[to] += value;\n            }\n        }\n\n        emit Transfer(from, to, value);\n    }\n\n    /**\n     * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).\n     * Relies on the `_update` mechanism\n     *\n     * Emits a {Transfer} event with `from` set to the zero address.\n     *\n     * NOTE: This function is not virtual, {_update} should be overridden instead.\n     */\n    function _mint(address account, uint256 value) internal {\n        if (account == address(0)) {\n            revert ERC20InvalidReceiver(address(0));\n        }\n        _update(address(0), account, value);\n    }\n\n    /**\n     * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.\n     * Relies on the `_update` mechanism.\n     *\n     * Emits a {Transfer} event with `to` set to the zero address.\n     *\n     * NOTE: This function is not virtual, {_update} should be overridden instead\n     */\n    function _burn(address account, uint256 value) internal {\n        if (account == address(0)) {\n            revert ERC20InvalidSender(address(0));\n        }\n        _update(account, address(0), value);\n    }\n\n    /**\n     * @dev Sets `value` as the allowance of `spender` over the `owner`'s tokens.\n     *\n     * This internal function is equivalent to `approve`, and can be used to\n     * e.g. set automatic allowances for certain subsystems, etc.\n     *\n     * Emits an {Approval} event.\n     *\n     * Requirements:\n     *\n     * - `owner` cannot be the zero address.\n     * - `spender` cannot be the zero address.\n     *\n     * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.\n     */\n    function _approve(address owner, address spender, uint256 value) internal {\n        _approve(owner, spender, value, true);\n    }\n\n    /**\n     * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.\n     *\n     * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by\n     * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any\n     * `Approval` event during `transferFrom` operations.\n     *\n     * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to\n     * true using the following override:\n     *\n     * ```solidity\n     * function _approve(address owner, address spender, uint256 value, bool) internal virtual override {\n     *     super._approve(owner, spender, value, true);\n     * }\n     * ```\n     *\n     * Requirements are the same as {_approve}.\n     */\n    function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {\n        if (owner == address(0)) {\n            revert ERC20InvalidApprover(address(0));\n        }\n        if (spender == address(0)) {\n            revert ERC20InvalidSpender(address(0));\n        }\n        _allowances[owner][spender] = value;\n        if (emitEvent) {\n            emit Approval(owner, spender, value);\n        }\n    }\n\n    /**\n     * @dev Updates `owner`'s allowance for `spender` based on spent `value`.\n     *\n     * Does not update the allowance value in case of infinite allowance.\n     * Revert if not enough allowance is available.\n     *\n     * Does not emit an {Approval} event.\n     */\n    function _spendAllowance(address owner, address spender, uint256 value) internal virtual {\n        uint256 currentAllowance = allowance(owner, spender);\n        if (currentAllowance < type(uint256).max) {\n            if (currentAllowance < value) {\n                revert ERC20InsufficientAllowance(spender, currentAllowance, value);\n            }\n            unchecked {\n                _approve(owner, spender, currentAllowance - value, false);\n            }\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/extensions/ERC20Permit.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC20Permit.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20Permit} from \"./IERC20Permit.sol\";\nimport {ERC20} from \"../ERC20.sol\";\nimport {ECDSA} from \"../../../utils/cryptography/ECDSA.sol\";\nimport {EIP712} from \"../../../utils/cryptography/EIP712.sol\";\nimport {Nonces} from \"../../../utils/Nonces.sol\";\n\n/**\n * @dev Implementation of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n */\nabstract contract ERC20Permit is ERC20, IERC20Permit, EIP712, Nonces {\n    bytes32 private constant PERMIT_TYPEHASH =\n        keccak256(\"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)\");\n\n    /**\n     * @dev Permit deadline has expired.\n     */\n    error ERC2612ExpiredSignature(uint256 deadline);\n\n    /**\n     * @dev Mismatched signature.\n     */\n    error ERC2612InvalidSigner(address signer, address owner);\n\n    /**\n     * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `\"1\"`.\n     *\n     * It's a good idea to use the same `name` that is defined as the ERC-20 token name.\n     */\n    constructor(string memory name) EIP712(name, \"1\") {}\n\n    /**\n     * @inheritdoc IERC20Permit\n     */\n    function permit(\n        address owner,\n        address spender,\n        uint256 value,\n        uint256 deadline,\n        uint8 v,\n        bytes32 r,\n        bytes32 s\n    ) public virtual {\n        if (block.timestamp > deadline) {\n            revert ERC2612ExpiredSignature(deadline);\n        }\n\n        bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));\n\n        bytes32 hash = _hashTypedDataV4(structHash);\n\n        address signer = ECDSA.recover(hash, v, r, s);\n        if (signer != owner) {\n            revert ERC2612InvalidSigner(signer, owner);\n        }\n\n        _approve(owner, spender, value);\n    }\n\n    /**\n     * @inheritdoc IERC20Permit\n     */\n    function nonces(address owner) public view virtual override(IERC20Permit, Nonces) returns (uint256) {\n        return super.nonces(owner);\n    }\n\n    /**\n     * @inheritdoc IERC20Permit\n     */\n    // solhint-disable-next-line func-name-mixedcase\n    function DOMAIN_SEPARATOR() external view virtual returns (bytes32) {\n        return _domainSeparatorV4();\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/extensions/ERC20Votes.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC20Votes.sol)\n\npragma solidity ^0.8.20;\n\nimport {ERC20} from \"../ERC20.sol\";\nimport {Votes} from \"../../../governance/utils/Votes.sol\";\nimport {Checkpoints} from \"../../../utils/structs/Checkpoints.sol\";\n\n/**\n * @dev Extension of ERC-20 to support Compound-like voting and delegation. This version is more generic than Compound's,\n * and supports token supply up to 2^208^ - 1, while COMP is limited to 2^96^ - 1.\n *\n * NOTE: This contract does not provide interface compatibility with Compound's COMP token.\n *\n * This extension keeps a history (checkpoints) of each account's vote power. Vote power can be delegated either\n * by calling the {Votes-delegate} function directly, or by providing a signature to be used with {Votes-delegateBySig}. Voting\n * power can be queried through the public accessors {Votes-getVotes} and {Votes-getPastVotes}.\n *\n * By default, token balance does not account for voting power. This makes transfers cheaper. The downside is that it\n * requires users to delegate to themselves in order to activate checkpoints and have their voting power tracked.\n */\nabstract contract ERC20Votes is ERC20, Votes {\n    /**\n     * @dev Total supply cap has been exceeded, introducing a risk of votes overflowing.\n     */\n    error ERC20ExceededSafeSupply(uint256 increasedSupply, uint256 cap);\n\n    /**\n     * @dev Maximum token supply. Defaults to `type(uint208).max` (2^208^ - 1).\n     *\n     * This maximum is enforced in {_update}. It limits the total supply of the token, which is otherwise a uint256,\n     * so that checkpoints can be stored in the Trace208 structure used by {Votes}. Increasing this value will not\n     * remove the underlying limitation, and will cause {_update} to fail because of a math overflow in\n     * {Votes-_transferVotingUnits}. An override could be used to further restrict the total supply (to a lower value) if\n     * additional logic requires it. When resolving override conflicts on this function, the minimum should be\n     * returned.\n     */\n    function _maxSupply() internal view virtual returns (uint256) {\n        return type(uint208).max;\n    }\n\n    /**\n     * @dev Move voting power when tokens are transferred.\n     *\n     * Emits a {IVotes-DelegateVotesChanged} event.\n     */\n    function _update(address from, address to, uint256 value) internal virtual override {\n        super._update(from, to, value);\n        if (from == address(0)) {\n            uint256 supply = totalSupply();\n            uint256 cap = _maxSupply();\n            if (supply > cap) {\n                revert ERC20ExceededSafeSupply(supply, cap);\n            }\n        }\n        _transferVotingUnits(from, to, value);\n    }\n\n    /**\n     * @dev Returns the voting units of an `account`.\n     *\n     * WARNING: Overriding this function may compromise the internal vote accounting.\n     * `ERC20Votes` assumes tokens map to voting units 1:1 and this is not easy to change.\n     */\n    function _getVotingUnits(address account) internal view virtual override returns (uint256) {\n        return balanceOf(account);\n    }\n\n    /**\n     * @dev Get number of checkpoints for `account`.\n     */\n    function numCheckpoints(address account) public view virtual returns (uint32) {\n        return _numCheckpoints(account);\n    }\n\n    /**\n     * @dev Get the `pos`-th checkpoint for `account`.\n     */\n    function checkpoints(address account, uint32 pos) public view virtual returns (Checkpoints.Checkpoint208 memory) {\n        return _checkpoints(account, pos);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/extensions/ERC20Wrapper.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC20Wrapper.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20, IERC20Metadata, ERC20} from \"../ERC20.sol\";\nimport {SafeERC20} from \"../utils/SafeERC20.sol\";\n\n/**\n * @dev Extension of the ERC-20 token contract to support token wrapping.\n *\n * Users can deposit and withdraw \"underlying tokens\" and receive a matching number of \"wrapped tokens\". This is useful\n * in conjunction with other modules. For example, combining this wrapping mechanism with {ERC20Votes} will allow the\n * wrapping of an existing \"basic\" ERC-20 into a governance token.\n *\n * WARNING: Any mechanism in which the underlying token changes the {balanceOf} of an account without an explicit transfer\n * may desynchronize this contract's supply and its underlying balance. Please exercise caution when wrapping tokens that\n * may undercollateralize the wrapper (i.e. wrapper's total supply is higher than its underlying balance). See {_recover}\n * for recovering value accrued to the wrapper.\n */\nabstract contract ERC20Wrapper is ERC20 {\n    IERC20 private immutable _underlying;\n\n    /**\n     * @dev The underlying token couldn't be wrapped.\n     */\n    error ERC20InvalidUnderlying(address token);\n\n    constructor(IERC20 underlyingToken) {\n        if (underlyingToken == this) {\n            revert ERC20InvalidUnderlying(address(this));\n        }\n        _underlying = underlyingToken;\n    }\n\n    /**\n     * @dev See {ERC20-decimals}.\n     */\n    function decimals() public view virtual override returns (uint8) {\n        try IERC20Metadata(address(_underlying)).decimals() returns (uint8 value) {\n            return value;\n        } catch {\n            return super.decimals();\n        }\n    }\n\n    /**\n     * @dev Returns the address of the underlying ERC-20 token that is being wrapped.\n     */\n    function underlying() public view returns (IERC20) {\n        return _underlying;\n    }\n\n    /**\n     * @dev Allow a user to deposit underlying tokens and mint the corresponding number of wrapped tokens.\n     */\n    function depositFor(address account, uint256 value) public virtual returns (bool) {\n        address sender = _msgSender();\n        if (sender == address(this)) {\n            revert ERC20InvalidSender(address(this));\n        }\n        if (account == address(this)) {\n            revert ERC20InvalidReceiver(account);\n        }\n        SafeERC20.safeTransferFrom(_underlying, sender, address(this), value);\n        _mint(account, value);\n        return true;\n    }\n\n    /**\n     * @dev Allow a user to burn a number of wrapped tokens and withdraw the corresponding number of underlying tokens.\n     */\n    function withdrawTo(address account, uint256 value) public virtual returns (bool) {\n        if (account == address(this)) {\n            revert ERC20InvalidReceiver(account);\n        }\n        _burn(_msgSender(), value);\n        SafeERC20.safeTransfer(_underlying, account, value);\n        return true;\n    }\n\n    /**\n     * @dev Mint wrapped token to cover any underlyingTokens that would have been transferred by mistake or acquired from\n     * rebasing mechanisms. Internal function that can be exposed with access control if desired.\n     */\n    function _recover(address account) internal virtual returns (uint256) {\n        uint256 value = _underlying.balanceOf(address(this)) - totalSupply();\n        _mint(account, value);\n        return value;\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/extensions/IERC20Metadata.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Metadata.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20} from \"../IERC20.sol\";\n\n/**\n * @dev Interface for the optional metadata functions from the ERC-20 standard.\n */\ninterface IERC20Metadata is IERC20 {\n    /**\n     * @dev Returns the name of the token.\n     */\n    function name() external view returns (string memory);\n\n    /**\n     * @dev Returns the symbol of the token.\n     */\n    function symbol() external view returns (string memory);\n\n    /**\n     * @dev Returns the decimals places of the token.\n     */\n    function decimals() external view returns (uint8);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/extensions/IERC20Permit.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Permit.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Interface of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in\n * https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].\n *\n * Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by\n * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't\n * need to send a transaction, and thus is not required to hold Ether at all.\n *\n * ==== Security Considerations\n *\n * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature\n * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be\n * considered as an intention to spend the allowance in any specific way. The second is that because permits have\n * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should\n * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be\n * generally recommended is:\n *\n * ```solidity\n * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {\n *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}\n *     doThing(..., value);\n * }\n *\n * function doThing(..., uint256 value) public {\n *     token.safeTransferFrom(msg.sender, address(this), value);\n *     ...\n * }\n * ```\n *\n * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of\n * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also\n * {SafeERC20-safeTransferFrom}).\n *\n * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so\n * contracts should have entry points that don't rely on permit.\n */\ninterface IERC20Permit {\n    /**\n     * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,\n     * given ``owner``'s signed approval.\n     *\n     * IMPORTANT: The same issues {IERC20-approve} has related to transaction\n     * ordering also apply here.\n     *\n     * Emits an {Approval} event.\n     *\n     * Requirements:\n     *\n     * - `spender` cannot be the zero address.\n     * - `deadline` must be a timestamp in the future.\n     * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`\n     * over the EIP712-formatted function arguments.\n     * - the signature must use ``owner``'s current nonce (see {nonces}).\n     *\n     * For more information on the signature format, see the\n     * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP\n     * section].\n     *\n     * CAUTION: See Security Considerations above.\n     */\n    function permit(\n        address owner,\n        address spender,\n        uint256 value,\n        uint256 deadline,\n        uint8 v,\n        bytes32 r,\n        bytes32 s\n    ) external;\n\n    /**\n     * @dev Returns the current nonce for `owner`. This value must be\n     * included whenever a signature is generated for {permit}.\n     *\n     * Every successful call to {permit} increases ``owner``'s nonce by one. This\n     * prevents a signature from being used multiple times.\n     */\n    function nonces(address owner) external view returns (uint256);\n\n    /**\n     * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.\n     */\n    // solhint-disable-next-line func-name-mixedcase\n    function DOMAIN_SEPARATOR() external view returns (bytes32);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/IERC20.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/IERC20.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Interface of the ERC-20 standard as defined in the ERC.\n */\ninterface IERC20 {\n    /**\n     * @dev Emitted when `value` tokens are moved from one account (`from`) to\n     * another (`to`).\n     *\n     * Note that `value` may be zero.\n     */\n    event Transfer(address indexed from, address indexed to, uint256 value);\n\n    /**\n     * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n     * a call to {approve}. `value` is the new allowance.\n     */\n    event Approval(address indexed owner, address indexed spender, uint256 value);\n\n    /**\n     * @dev Returns the value of tokens in existence.\n     */\n    function totalSupply() external view returns (uint256);\n\n    /**\n     * @dev Returns the value of tokens owned by `account`.\n     */\n    function balanceOf(address account) external view returns (uint256);\n\n    /**\n     * @dev Moves a `value` amount of tokens from the caller's account to `to`.\n     *\n     * Returns a boolean value indicating whether the operation succeeded.\n     *\n     * Emits a {Transfer} event.\n     */\n    function transfer(address to, uint256 value) external returns (bool);\n\n    /**\n     * @dev Returns the remaining number of tokens that `spender` will be\n     * allowed to spend on behalf of `owner` through {transferFrom}. This is\n     * zero by default.\n     *\n     * This value changes when {approve} or {transferFrom} are called.\n     */\n    function allowance(address owner, address spender) external view returns (uint256);\n\n    /**\n     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the\n     * caller's tokens.\n     *\n     * Returns a boolean value indicating whether the operation succeeded.\n     *\n     * IMPORTANT: Beware that changing an allowance with this method brings the risk\n     * that someone may use both the old and the new allowance by unfortunate\n     * transaction ordering. One possible solution to mitigate this race\n     * condition is to first reduce the spender's allowance to 0 and set the\n     * desired value afterwards:\n     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n     *\n     * Emits an {Approval} event.\n     */\n    function approve(address spender, uint256 value) external returns (bool);\n\n    /**\n     * @dev Moves a `value` amount of tokens from `from` to `to` using the\n     * allowance mechanism. `value` is then deducted from the caller's\n     * allowance.\n     *\n     * Returns a boolean value indicating whether the operation succeeded.\n     *\n     * Emits a {Transfer} event.\n     */\n    function transferFrom(address from, address to, uint256 value) external returns (bool);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/token/ERC20/utils/SafeERC20.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/utils/SafeERC20.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC20} from \"../IERC20.sol\";\nimport {IERC1363} from \"../../../interfaces/IERC1363.sol\";\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC-20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n    /**\n     * @dev An operation with an ERC-20 token failed.\n     */\n    error SafeERC20FailedOperation(address token);\n\n    /**\n     * @dev Indicates a failed `decreaseAllowance` request.\n     */\n    error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);\n\n    /**\n     * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,\n     * non-reverting calls are assumed to be successful.\n     */\n    function safeTransfer(IERC20 token, address to, uint256 value) internal {\n        _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));\n    }\n\n    /**\n     * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the\n     * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.\n     */\n    function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n        _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));\n    }\n\n    /**\n     * @dev Variant of {safeTransfer} that returns a bool instead of reverting if the operation is not successful.\n     */\n    function trySafeTransfer(IERC20 token, address to, uint256 value) internal returns (bool) {\n        return _callOptionalReturnBool(token, abi.encodeCall(token.transfer, (to, value)));\n    }\n\n    /**\n     * @dev Variant of {safeTransferFrom} that returns a bool instead of reverting if the operation is not successful.\n     */\n    function trySafeTransferFrom(IERC20 token, address from, address to, uint256 value) internal returns (bool) {\n        return _callOptionalReturnBool(token, abi.encodeCall(token.transferFrom, (from, to, value)));\n    }\n\n    /**\n     * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,\n     * non-reverting calls are assumed to be successful.\n     *\n     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the \"client\"\n     * smart contract uses ERC-7674 to set temporary allowances, then the \"client\" smart contract should avoid using\n     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract\n     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.\n     */\n    function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n        uint256 oldAllowance = token.allowance(address(this), spender);\n        forceApprove(token, spender, oldAllowance + value);\n    }\n\n    /**\n     * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no\n     * value, non-reverting calls are assumed to be successful.\n     *\n     * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the \"client\"\n     * smart contract uses ERC-7674 to set temporary allowances, then the \"client\" smart contract should avoid using\n     * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract\n     * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.\n     */\n    function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {\n        unchecked {\n            uint256 currentAllowance = token.allowance(address(this), spender);\n            if (currentAllowance < requestedDecrease) {\n                revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);\n            }\n            forceApprove(token, spender, currentAllowance - requestedDecrease);\n        }\n    }\n\n    /**\n     * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,\n     * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval\n     * to be set to zero before setting it to a non-zero value, such as USDT.\n     *\n     * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function\n     * only sets the \"standard\" allowance. Any temporary allowance will remain active, in addition to the value being\n     * set here.\n     */\n    function forceApprove(IERC20 token, address spender, uint256 value) internal {\n        bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));\n\n        if (!_callOptionalReturnBool(token, approvalCall)) {\n            _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));\n            _callOptionalReturn(token, approvalCall);\n        }\n    }\n\n    /**\n     * @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no\n     * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when\n     * targeting contracts.\n     *\n     * Reverts if the returned value is other than `true`.\n     */\n    function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {\n        if (to.code.length == 0) {\n            safeTransfer(token, to, value);\n        } else if (!token.transferAndCall(to, value, data)) {\n            revert SafeERC20FailedOperation(address(token));\n        }\n    }\n\n    /**\n     * @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target\n     * has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when\n     * targeting contracts.\n     *\n     * Reverts if the returned value is other than `true`.\n     */\n    function transferFromAndCallRelaxed(\n        IERC1363 token,\n        address from,\n        address to,\n        uint256 value,\n        bytes memory data\n    ) internal {\n        if (to.code.length == 0) {\n            safeTransferFrom(token, from, to, value);\n        } else if (!token.transferFromAndCall(from, to, value, data)) {\n            revert SafeERC20FailedOperation(address(token));\n        }\n    }\n\n    /**\n     * @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no\n     * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when\n     * targeting contracts.\n     *\n     * NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.\n     * Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}\n     * once without retrying, and relies on the returned value to be true.\n     *\n     * Reverts if the returned value is other than `true`.\n     */\n    function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {\n        if (to.code.length == 0) {\n            forceApprove(token, to, value);\n        } else if (!token.approveAndCall(to, value, data)) {\n            revert SafeERC20FailedOperation(address(token));\n        }\n    }\n\n    /**\n     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n     * on the return value: the return value is optional (but if data is returned, it must not be false).\n     * @param token The token targeted by the call.\n     * @param data The call data (encoded using abi.encode or one of its variants).\n     *\n     * This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.\n     */\n    function _callOptionalReturn(IERC20 token, bytes memory data) private {\n        uint256 returnSize;\n        uint256 returnValue;\n        assembly (\"memory-safe\") {\n            let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)\n            // bubble errors\n            if iszero(success) {\n                let ptr := mload(0x40)\n                returndatacopy(ptr, 0, returndatasize())\n                revert(ptr, returndatasize())\n            }\n            returnSize := returndatasize()\n            returnValue := mload(0)\n        }\n\n        if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {\n            revert SafeERC20FailedOperation(address(token));\n        }\n    }\n\n    /**\n     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n     * on the return value: the return value is optional (but if data is returned, it must not be false).\n     * @param token The token targeted by the call.\n     * @param data The call data (encoded using abi.encode or one of its variants).\n     *\n     * This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.\n     */\n    function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {\n        bool success;\n        uint256 returnSize;\n        uint256 returnValue;\n        assembly (\"memory-safe\") {\n            success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)\n            returnSize := returndatasize()\n            returnValue := mload(0)\n        }\n        return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/Address.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.2.0) (utils/Address.sol)\n\npragma solidity ^0.8.20;\n\nimport {Errors} from \"./Errors.sol\";\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n    /**\n     * @dev There's no code at `target` (it is not a contract).\n     */\n    error AddressEmptyCode(address target);\n\n    /**\n     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n     * `recipient`, forwarding all available gas and reverting on errors.\n     *\n     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n     * of certain opcodes, possibly making contracts go over the 2300 gas limit\n     * imposed by `transfer`, making them unable to receive funds via\n     * `transfer`. {sendValue} removes this limitation.\n     *\n     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n     *\n     * IMPORTANT: because control is transferred to `recipient`, care must be\n     * taken to not create reentrancy vulnerabilities. Consider using\n     * {ReentrancyGuard} or the\n     * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n     */\n    function sendValue(address payable recipient, uint256 amount) internal {\n        if (address(this).balance < amount) {\n            revert Errors.InsufficientBalance(address(this).balance, amount);\n        }\n\n        (bool success, bytes memory returndata) = recipient.call{value: amount}(\"\");\n        if (!success) {\n            _revert(returndata);\n        }\n    }\n\n    /**\n     * @dev Performs a Solidity function call using a low level `call`. A\n     * plain `call` is an unsafe replacement for a function call: use this\n     * function instead.\n     *\n     * If `target` reverts with a revert reason or custom error, it is bubbled\n     * up by this function (like regular Solidity function calls). However, if\n     * the call reverted with no returned reason, this function reverts with a\n     * {Errors.FailedCall} error.\n     *\n     * Returns the raw returned data. To convert to the expected return value,\n     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n     *\n     * Requirements:\n     *\n     * - `target` must be a contract.\n     * - calling `target` with `data` must not revert.\n     */\n    function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n        return functionCallWithValue(target, data, 0);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but also transferring `value` wei to `target`.\n     *\n     * Requirements:\n     *\n     * - the calling contract must have an ETH balance of at least `value`.\n     * - the called Solidity function must be `payable`.\n     */\n    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n        if (address(this).balance < value) {\n            revert Errors.InsufficientBalance(address(this).balance, value);\n        }\n        (bool success, bytes memory returndata) = target.call{value: value}(data);\n        return verifyCallResultFromTarget(target, success, returndata);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but performing a static call.\n     */\n    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n        (bool success, bytes memory returndata) = target.staticcall(data);\n        return verifyCallResultFromTarget(target, success, returndata);\n    }\n\n    /**\n     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n     * but performing a delegate call.\n     */\n    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n        (bool success, bytes memory returndata) = target.delegatecall(data);\n        return verifyCallResultFromTarget(target, success, returndata);\n    }\n\n    /**\n     * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target\n     * was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case\n     * of an unsuccessful call.\n     */\n    function verifyCallResultFromTarget(\n        address target,\n        bool success,\n        bytes memory returndata\n    ) internal view returns (bytes memory) {\n        if (!success) {\n            _revert(returndata);\n        } else {\n            // only check if target is a contract if the call was successful and the return data is empty\n            // otherwise we already know that it was a contract\n            if (returndata.length == 0 && target.code.length == 0) {\n                revert AddressEmptyCode(target);\n            }\n            return returndata;\n        }\n    }\n\n    /**\n     * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the\n     * revert reason or with a default {Errors.FailedCall} error.\n     */\n    function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {\n        if (!success) {\n            _revert(returndata);\n        } else {\n            return returndata;\n        }\n    }\n\n    /**\n     * @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.\n     */\n    function _revert(bytes memory returndata) private pure {\n        // Look for revert reason and bubble it up if present\n        if (returndata.length > 0) {\n            // The easiest way to bubble the revert reason is using memory via assembly\n            assembly (\"memory-safe\") {\n                let returndata_size := mload(returndata)\n                revert(add(32, returndata), returndata_size)\n            }\n        } else {\n            revert Errors.FailedCall();\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/Context.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n    function _msgSender() internal view virtual returns (address) {\n        return msg.sender;\n    }\n\n    function _msgData() internal view virtual returns (bytes calldata) {\n        return msg.data;\n    }\n\n    function _contextSuffixLength() internal view virtual returns (uint256) {\n        return 0;\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/cryptography/ECDSA.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n    enum RecoverError {\n        NoError,\n        InvalidSignature,\n        InvalidSignatureLength,\n        InvalidSignatureS\n    }\n\n    /**\n     * @dev The signature derives the `address(0)`.\n     */\n    error ECDSAInvalidSignature();\n\n    /**\n     * @dev The signature has an invalid length.\n     */\n    error ECDSAInvalidSignatureLength(uint256 length);\n\n    /**\n     * @dev The signature has an S value that is in the upper half order.\n     */\n    error ECDSAInvalidSignatureS(bytes32 s);\n\n    /**\n     * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not\n     * return address(0) without also returning an error description. Errors are documented using an enum (error type)\n     * and a bytes32 providing additional information about the error.\n     *\n     * If no error is returned, then the address can be used for verification purposes.\n     *\n     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:\n     * this function rejects them by requiring the `s` value to be in the lower\n     * half order, and the `v` value to be either 27 or 28.\n     *\n     * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n     * verification to be secure: it is possible to craft signatures that\n     * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n     * this is by receiving a hash of the original message (which may otherwise\n     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.\n     *\n     * Documentation for signature generation:\n     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n     */\n    function tryRecover(\n        bytes32 hash,\n        bytes memory signature\n    ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\n        if (signature.length == 65) {\n            bytes32 r;\n            bytes32 s;\n            uint8 v;\n            // ecrecover takes the signature parameters, and the only way to get them\n            // currently is to use assembly.\n            assembly (\"memory-safe\") {\n                r := mload(add(signature, 0x20))\n                s := mload(add(signature, 0x40))\n                v := byte(0, mload(add(signature, 0x60)))\n            }\n            return tryRecover(hash, v, r, s);\n        } else {\n            return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));\n        }\n    }\n\n    /**\n     * @dev Returns the address that signed a hashed message (`hash`) with\n     * `signature`. This address can then be used for verification purposes.\n     *\n     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:\n     * this function rejects them by requiring the `s` value to be in the lower\n     * half order, and the `v` value to be either 27 or 28.\n     *\n     * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n     * verification to be secure: it is possible to craft signatures that\n     * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n     * this is by receiving a hash of the original message (which may otherwise\n     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.\n     */\n    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);\n        _throwError(error, errorArg);\n        return recovered;\n    }\n\n    /**\n     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n     *\n     * See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]\n     */\n    function tryRecover(\n        bytes32 hash,\n        bytes32 r,\n        bytes32 vs\n    ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\n        unchecked {\n            bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n            // We do not check for an overflow here since the shift operation results in 0 or 1.\n            uint8 v = uint8((uint256(vs) >> 255) + 27);\n            return tryRecover(hash, v, r, s);\n        }\n    }\n\n    /**\n     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n     */\n    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\n        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);\n        _throwError(error, errorArg);\n        return recovered;\n    }\n\n    /**\n     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n     * `r` and `s` signature fields separately.\n     */\n    function tryRecover(\n        bytes32 hash,\n        uint8 v,\n        bytes32 r,\n        bytes32 s\n    ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\n        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n        // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n        //\n        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n        // these malleable signatures as well.\n        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n            return (address(0), RecoverError.InvalidSignatureS, s);\n        }\n\n        // If the signature is valid (and not malleable), return the signer address\n        address signer = ecrecover(hash, v, r, s);\n        if (signer == address(0)) {\n            return (address(0), RecoverError.InvalidSignature, bytes32(0));\n        }\n\n        return (signer, RecoverError.NoError, bytes32(0));\n    }\n\n    /**\n     * @dev Overload of {ECDSA-recover} that receives the `v`,\n     * `r` and `s` signature fields separately.\n     */\n    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);\n        _throwError(error, errorArg);\n        return recovered;\n    }\n\n    /**\n     * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.\n     */\n    function _throwError(RecoverError error, bytes32 errorArg) private pure {\n        if (error == RecoverError.NoError) {\n            return; // no error: do nothing\n        } else if (error == RecoverError.InvalidSignature) {\n            revert ECDSAInvalidSignature();\n        } else if (error == RecoverError.InvalidSignatureLength) {\n            revert ECDSAInvalidSignatureLength(uint256(errorArg));\n        } else if (error == RecoverError.InvalidSignatureS) {\n            revert ECDSAInvalidSignatureS(errorArg);\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/cryptography/EIP712.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (utils/cryptography/EIP712.sol)\n\npragma solidity ^0.8.20;\n\nimport {MessageHashUtils} from \"./MessageHashUtils.sol\";\nimport {ShortStrings, ShortString} from \"../ShortStrings.sol\";\nimport {IERC5267} from \"../../interfaces/IERC5267.sol\";\n\n/**\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP-712] is a standard for hashing and signing of typed structured data.\n *\n * The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose\n * encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract\n * does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to\n * produce the hash of their typed data using a combination of `abi.encode` and `keccak256`.\n *\n * This contract implements the EIP-712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding\n * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA\n * ({_hashTypedDataV4}).\n *\n * The implementation of the domain separator was designed to be as efficient as possible while still properly updating\n * the chain id to protect against replay attacks on an eventual fork of the chain.\n *\n * NOTE: This contract implements the version of the encoding known as \"v4\", as implemented by the JSON RPC method\n * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].\n *\n * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain\n * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the\n * separator from the immutable values, which is cheaper than accessing a cached version in cold storage.\n *\n * @custom:oz-upgrades-unsafe-allow state-variable-immutable\n */\nabstract contract EIP712 is IERC5267 {\n    using ShortStrings for *;\n\n    bytes32 private constant TYPE_HASH =\n        keccak256(\"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\");\n\n    // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to\n    // invalidate the cached domain separator if the chain id changes.\n    bytes32 private immutable _cachedDomainSeparator;\n    uint256 private immutable _cachedChainId;\n    address private immutable _cachedThis;\n\n    bytes32 private immutable _hashedName;\n    bytes32 private immutable _hashedVersion;\n\n    ShortString private immutable _name;\n    ShortString private immutable _version;\n    // slither-disable-next-line constable-states\n    string private _nameFallback;\n    // slither-disable-next-line constable-states\n    string private _versionFallback;\n\n    /**\n     * @dev Initializes the domain separator and parameter caches.\n     *\n     * The meaning of `name` and `version` is specified in\n     * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP-712]:\n     *\n     * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\n     * - `version`: the current major version of the signing domain.\n     *\n     * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\n     * contract upgrade].\n     */\n    constructor(string memory name, string memory version) {\n        _name = name.toShortStringWithFallback(_nameFallback);\n        _version = version.toShortStringWithFallback(_versionFallback);\n        _hashedName = keccak256(bytes(name));\n        _hashedVersion = keccak256(bytes(version));\n\n        _cachedChainId = block.chainid;\n        _cachedDomainSeparator = _buildDomainSeparator();\n        _cachedThis = address(this);\n    }\n\n    /**\n     * @dev Returns the domain separator for the current chain.\n     */\n    function _domainSeparatorV4() internal view returns (bytes32) {\n        if (address(this) == _cachedThis && block.chainid == _cachedChainId) {\n            return _cachedDomainSeparator;\n        } else {\n            return _buildDomainSeparator();\n        }\n    }\n\n    function _buildDomainSeparator() private view returns (bytes32) {\n        return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));\n    }\n\n    /**\n     * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\n     * function returns the hash of the fully encoded EIP712 message for this domain.\n     *\n     * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\n     *\n     * ```solidity\n     * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(\n     *     keccak256(\"Mail(address to,string contents)\"),\n     *     mailTo,\n     *     keccak256(bytes(mailContents))\n     * )));\n     * address signer = ECDSA.recover(digest, signature);\n     * ```\n     */\n    function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {\n        return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash);\n    }\n\n    /**\n     * @inheritdoc IERC5267\n     */\n    function eip712Domain()\n        public\n        view\n        virtual\n        returns (\n            bytes1 fields,\n            string memory name,\n            string memory version,\n            uint256 chainId,\n            address verifyingContract,\n            bytes32 salt,\n            uint256[] memory extensions\n        )\n    {\n        return (\n            hex\"0f\", // 01111\n            _EIP712Name(),\n            _EIP712Version(),\n            block.chainid,\n            address(this),\n            bytes32(0),\n            new uint256[](0)\n        );\n    }\n\n    /**\n     * @dev The name parameter for the EIP712 domain.\n     *\n     * NOTE: By default this function reads _name which is an immutable value.\n     * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).\n     */\n    // solhint-disable-next-line func-name-mixedcase\n    function _EIP712Name() internal view returns (string memory) {\n        return _name.toStringWithFallback(_nameFallback);\n    }\n\n    /**\n     * @dev The version parameter for the EIP712 domain.\n     *\n     * NOTE: By default this function reads _version which is an immutable value.\n     * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).\n     */\n    // solhint-disable-next-line func-name-mixedcase\n    function _EIP712Version() internal view returns (string memory) {\n        return _version.toStringWithFallback(_versionFallback);\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/cryptography/MessageHashUtils.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (utils/cryptography/MessageHashUtils.sol)\n\npragma solidity ^0.8.20;\n\nimport {Strings} from \"../Strings.sol\";\n\n/**\n * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.\n *\n * The library provides methods for generating a hash of a message that conforms to the\n * https://eips.ethereum.org/EIPS/eip-191[ERC-191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]\n * specifications.\n */\nlibrary MessageHashUtils {\n    /**\n     * @dev Returns the keccak256 digest of an ERC-191 signed data with version\n     * `0x45` (`personal_sign` messages).\n     *\n     * The digest is calculated by prefixing a bytes32 `messageHash` with\n     * `\"\\x19Ethereum Signed Message:\\n32\"` and hashing the result. It corresponds with the\n     * hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.\n     *\n     * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with\n     * keccak256, although any bytes32 value can be safely used because the final digest will\n     * be re-hashed.\n     *\n     * See {ECDSA-recover}.\n     */\n    function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {\n        assembly (\"memory-safe\") {\n            mstore(0x00, \"\\x19Ethereum Signed Message:\\n32\") // 32 is the bytes-length of messageHash\n            mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix\n            digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)\n        }\n    }\n\n    /**\n     * @dev Returns the keccak256 digest of an ERC-191 signed data with version\n     * `0x45` (`personal_sign` messages).\n     *\n     * The digest is calculated by prefixing an arbitrary `message` with\n     * `\"\\x19Ethereum Signed Message:\\n\" + len(message)` and hashing the result. It corresponds with the\n     * hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.\n     *\n     * See {ECDSA-recover}.\n     */\n    function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {\n        return\n            keccak256(bytes.concat(\"\\x19Ethereum Signed Message:\\n\", bytes(Strings.toString(message.length)), message));\n    }\n\n    /**\n     * @dev Returns the keccak256 digest of an ERC-191 signed data with version\n     * `0x00` (data with intended validator).\n     *\n     * The digest is calculated by prefixing an arbitrary `data` with `\"\\x19\\x00\"` and the intended\n     * `validator` address. Then hashing the result.\n     *\n     * See {ECDSA-recover}.\n     */\n    function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\n        return keccak256(abi.encodePacked(hex\"19_00\", validator, data));\n    }\n\n    /**\n     * @dev Variant of {toDataWithIntendedValidatorHash-address-bytes} optimized for cases where `data` is a bytes32.\n     */\n    function toDataWithIntendedValidatorHash(\n        address validator,\n        bytes32 messageHash\n    ) internal pure returns (bytes32 digest) {\n        assembly (\"memory-safe\") {\n            mstore(0x00, hex\"19_00\")\n            mstore(0x02, shl(96, validator))\n            mstore(0x16, messageHash)\n            digest := keccak256(0x00, 0x36)\n        }\n    }\n\n    /**\n     * @dev Returns the keccak256 digest of an EIP-712 typed data (ERC-191 version `0x01`).\n     *\n     * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with\n     * `\\x19\\x01` and hashing the result. It corresponds to the hash signed by the\n     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.\n     *\n     * See {ECDSA-recover}.\n     */\n    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {\n        assembly (\"memory-safe\") {\n            let ptr := mload(0x40)\n            mstore(ptr, hex\"19_01\")\n            mstore(add(ptr, 0x02), domainSeparator)\n            mstore(add(ptr, 0x22), structHash)\n            digest := keccak256(ptr, 0x42)\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/Errors.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/Errors.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Collection of common custom errors used in multiple contracts\n *\n * IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.\n * It is recommended to avoid relying on the error API for critical functionality.\n *\n * _Available since v5.1._\n */\nlibrary Errors {\n    /**\n     * @dev The ETH balance of the account is not enough to perform the operation.\n     */\n    error InsufficientBalance(uint256 balance, uint256 needed);\n\n    /**\n     * @dev A call to an address target failed. The target may have reverted.\n     */\n    error FailedCall();\n\n    /**\n     * @dev The deployment failed.\n     */\n    error FailedDeployment();\n\n    /**\n     * @dev A necessary precompile is missing.\n     */\n    error MissingPrecompile(address);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/introspection/ERC165.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/ERC165.sol)\n\npragma solidity ^0.8.20;\n\nimport {IERC165} from \"./IERC165.sol\";\n\n/**\n * @dev Implementation of the {IERC165} interface.\n *\n * Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check\n * for the additional interface id that will be supported. For example:\n *\n * ```solidity\n * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {\n *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);\n * }\n * ```\n */\nabstract contract ERC165 is IERC165 {\n    /**\n     * @dev See {IERC165-supportsInterface}.\n     */\n    function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {\n        return interfaceId == type(IERC165).interfaceId;\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/introspection/IERC165.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/IERC165.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Interface of the ERC-165 standard, as defined in the\n * https://eips.ethereum.org/EIPS/eip-165[ERC].\n *\n * Implementers can declare support of contract interfaces, which can then be\n * queried by others ({ERC165Checker}).\n *\n * For an implementation, see {ERC165}.\n */\ninterface IERC165 {\n    /**\n     * @dev Returns true if this contract implements the interface defined by\n     * `interfaceId`. See the corresponding\n     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]\n     * to learn more about how these ids are created.\n     *\n     * This function call must use less than 30 000 gas.\n     */\n    function supportsInterface(bytes4 interfaceId) external view returns (bool);\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/math/Math.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (utils/math/Math.sol)\n\npragma solidity ^0.8.20;\n\nimport {Panic} from \"../Panic.sol\";\nimport {SafeCast} from \"./SafeCast.sol\";\n\n/**\n * @dev Standard math utilities missing in the Solidity language.\n */\nlibrary Math {\n    enum Rounding {\n        Floor, // Toward negative infinity\n        Ceil, // Toward positive infinity\n        Trunc, // Toward zero\n        Expand // Away from zero\n    }\n\n    /**\n     * @dev Return the 512-bit addition of two uint256.\n     *\n     * The result is stored in two 256 variables such that sum = high * 2²⁵⁶ + low.\n     */\n    function add512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {\n        assembly (\"memory-safe\") {\n            low := add(a, b)\n            high := lt(low, a)\n        }\n    }\n\n    /**\n     * @dev Return the 512-bit multiplication of two uint256.\n     *\n     * The result is stored in two 256 variables such that product = high * 2²⁵⁶ + low.\n     */\n    function mul512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {\n        // 512-bit multiply [high low] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use\n        // the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\n        // variables such that product = high * 2²⁵⁶ + low.\n        assembly (\"memory-safe\") {\n            let mm := mulmod(a, b, not(0))\n            low := mul(a, b)\n            high := sub(sub(mm, low), lt(mm, low))\n        }\n    }\n\n    /**\n     * @dev Returns the addition of two unsigned integers, with a success flag (no overflow).\n     */\n    function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\n        unchecked {\n            uint256 c = a + b;\n            success = c >= a;\n            result = c * SafeCast.toUint(success);\n        }\n    }\n\n    /**\n     * @dev Returns the subtraction of two unsigned integers, with a success flag (no overflow).\n     */\n    function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\n        unchecked {\n            uint256 c = a - b;\n            success = c <= a;\n            result = c * SafeCast.toUint(success);\n        }\n    }\n\n    /**\n     * @dev Returns the multiplication of two unsigned integers, with a success flag (no overflow).\n     */\n    function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\n        unchecked {\n            uint256 c = a * b;\n            assembly (\"memory-safe\") {\n                // Only true when the multiplication doesn't overflow\n                // (c / a == b) || (a == 0)\n                success := or(eq(div(c, a), b), iszero(a))\n            }\n            // equivalent to: success ? c : 0\n            result = c * SafeCast.toUint(success);\n        }\n    }\n\n    /**\n     * @dev Returns the division of two unsigned integers, with a success flag (no division by zero).\n     */\n    function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\n        unchecked {\n            success = b > 0;\n            assembly (\"memory-safe\") {\n                // The `DIV` opcode returns zero when the denominator is 0.\n                result := div(a, b)\n            }\n        }\n    }\n\n    /**\n     * @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).\n     */\n    function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\n        unchecked {\n            success = b > 0;\n            assembly (\"memory-safe\") {\n                // The `MOD` opcode returns zero when the denominator is 0.\n                result := mod(a, b)\n            }\n        }\n    }\n\n    /**\n     * @dev Unsigned saturating addition, bounds to `2²⁵⁶ - 1` instead of overflowing.\n     */\n    function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {\n        (bool success, uint256 result) = tryAdd(a, b);\n        return ternary(success, result, type(uint256).max);\n    }\n\n    /**\n     * @dev Unsigned saturating subtraction, bounds to zero instead of overflowing.\n     */\n    function saturatingSub(uint256 a, uint256 b) internal pure returns (uint256) {\n        (, uint256 result) = trySub(a, b);\n        return result;\n    }\n\n    /**\n     * @dev Unsigned saturating multiplication, bounds to `2²⁵⁶ - 1` instead of overflowing.\n     */\n    function saturatingMul(uint256 a, uint256 b) internal pure returns (uint256) {\n        (bool success, uint256 result) = tryMul(a, b);\n        return ternary(success, result, type(uint256).max);\n    }\n\n    /**\n     * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.\n     *\n     * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.\n     * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute\n     * one branch when needed, making this function more expensive.\n     */\n    function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {\n        unchecked {\n            // branchless ternary works because:\n            // b ^ (a ^ b) == a\n            // b ^ 0 == b\n            return b ^ ((a ^ b) * SafeCast.toUint(condition));\n        }\n    }\n\n    /**\n     * @dev Returns the largest of two numbers.\n     */\n    function max(uint256 a, uint256 b) internal pure returns (uint256) {\n        return ternary(a > b, a, b);\n    }\n\n    /**\n     * @dev Returns the smallest of two numbers.\n     */\n    function min(uint256 a, uint256 b) internal pure returns (uint256) {\n        return ternary(a < b, a, b);\n    }\n\n    /**\n     * @dev Returns the average of two numbers. The result is rounded towards\n     * zero.\n     */\n    function average(uint256 a, uint256 b) internal pure returns (uint256) {\n        // (a + b) / 2 can overflow.\n        return (a & b) + (a ^ b) / 2;\n    }\n\n    /**\n     * @dev Returns the ceiling of the division of two numbers.\n     *\n     * This differs from standard division with `/` in that it rounds towards infinity instead\n     * of rounding towards zero.\n     */\n    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\n        if (b == 0) {\n            // Guarantee the same behavior as in a regular Solidity division.\n            Panic.panic(Panic.DIVISION_BY_ZERO);\n        }\n\n        // The following calculation ensures accurate ceiling division without overflow.\n        // Since a is non-zero, (a - 1) / b will not overflow.\n        // The largest possible result occurs when (a - 1) / b is type(uint256).max,\n        // but the largest value we can obtain is type(uint256).max - 1, which happens\n        // when a = type(uint256).max and b = 1.\n        unchecked {\n            return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);\n        }\n    }\n\n    /**\n     * @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or\n     * denominator == 0.\n     *\n     * Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by\n     * Uniswap Labs also under MIT license.\n     */\n    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\n        unchecked {\n            (uint256 high, uint256 low) = mul512(x, y);\n\n            // Handle non-overflow cases, 256 by 256 division.\n            if (high == 0) {\n                // Solidity will revert if denominator == 0, unlike the div opcode on its own.\n                // The surrounding unchecked block does not change this fact.\n                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\n                return low / denominator;\n            }\n\n            // Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.\n            if (denominator <= high) {\n                Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));\n            }\n\n            ///////////////////////////////////////////////\n            // 512 by 256 division.\n            ///////////////////////////////////////////////\n\n            // Make division exact by subtracting the remainder from [high low].\n            uint256 remainder;\n            assembly (\"memory-safe\") {\n                // Compute remainder using mulmod.\n                remainder := mulmod(x, y, denominator)\n\n                // Subtract 256 bit number from 512 bit number.\n                high := sub(high, gt(remainder, low))\n                low := sub(low, remainder)\n            }\n\n            // Factor powers of two out of denominator and compute largest power of two divisor of denominator.\n            // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.\n\n            uint256 twos = denominator & (0 - denominator);\n            assembly (\"memory-safe\") {\n                // Divide denominator by twos.\n                denominator := div(denominator, twos)\n\n                // Divide [high low] by twos.\n                low := div(low, twos)\n\n                // Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.\n                twos := add(div(sub(0, twos), twos), 1)\n            }\n\n            // Shift in bits from high into low.\n            low |= high * twos;\n\n            // Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such\n            // that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for\n            // four bits. That is, denominator * inv ≡ 1 mod 2⁴.\n            uint256 inverse = (3 * denominator) ^ 2;\n\n            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also\n            // works in modular arithmetic, doubling the correct bits in each step.\n            inverse *= 2 - denominator * inverse; // inverse mod 2⁸\n            inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶\n            inverse *= 2 - denominator * inverse; // inverse mod 2³²\n            inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴\n            inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸\n            inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶\n\n            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\n            // This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is\n            // less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and high\n            // is no longer required.\n            result = low * inverse;\n            return result;\n        }\n    }\n\n    /**\n     * @dev Calculates x * y / denominator with full precision, following the selected rounding direction.\n     */\n    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\n        return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);\n    }\n\n    /**\n     * @dev Calculates floor(x * y >> n) with full precision. Throws if result overflows a uint256.\n     */\n    function mulShr(uint256 x, uint256 y, uint8 n) internal pure returns (uint256 result) {\n        unchecked {\n            (uint256 high, uint256 low) = mul512(x, y);\n            if (high >= 1 << n) {\n                Panic.panic(Panic.UNDER_OVERFLOW);\n            }\n            return (high << (256 - n)) | (low >> n);\n        }\n    }\n\n    /**\n     * @dev Calculates x * y >> n with full precision, following the selected rounding direction.\n     */\n    function mulShr(uint256 x, uint256 y, uint8 n, Rounding rounding) internal pure returns (uint256) {\n        return mulShr(x, y, n) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, 1 << n) > 0);\n    }\n\n    /**\n     * @dev Calculate the modular multiplicative inverse of a number in Z/nZ.\n     *\n     * If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.\n     * If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.\n     *\n     * If the input value is not inversible, 0 is returned.\n     *\n     * NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the\n     * inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.\n     */\n    function invMod(uint256 a, uint256 n) internal pure returns (uint256) {\n        unchecked {\n            if (n == 0) return 0;\n\n            // The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)\n            // Used to compute integers x and y such that: ax + ny = gcd(a, n).\n            // When the gcd is 1, then the inverse of a modulo n exists and it's x.\n            // ax + ny = 1\n            // ax = 1 + (-y)n\n            // ax ≡ 1 (mod n) # x is the inverse of a modulo n\n\n            // If the remainder is 0 the gcd is n right away.\n            uint256 remainder = a % n;\n            uint256 gcd = n;\n\n            // Therefore the initial coefficients are:\n            // ax + ny = gcd(a, n) = n\n            // 0a + 1n = n\n            int256 x = 0;\n            int256 y = 1;\n\n            while (remainder != 0) {\n                uint256 quotient = gcd / remainder;\n\n                (gcd, remainder) = (\n                    // The old remainder is the next gcd to try.\n                    remainder,\n                    // Compute the next remainder.\n                    // Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd\n                    // where gcd is at most n (capped to type(uint256).max)\n                    gcd - remainder * quotient\n                );\n\n                (x, y) = (\n                    // Increment the coefficient of a.\n                    y,\n                    // Decrement the coefficient of n.\n                    // Can overflow, but the result is casted to uint256 so that the\n                    // next value of y is \"wrapped around\" to a value between 0 and n - 1.\n                    x - y * int256(quotient)\n                );\n            }\n\n            if (gcd != 1) return 0; // No inverse exists.\n            return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.\n        }\n    }\n\n    /**\n     * @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.\n     *\n     * From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is\n     * prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that\n     * `a**(p-2)` is the modular multiplicative inverse of a in Fp.\n     *\n     * NOTE: this function does NOT check that `p` is a prime greater than `2`.\n     */\n    function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {\n        unchecked {\n            return Math.modExp(a, p - 2, p);\n        }\n    }\n\n    /**\n     * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)\n     *\n     * Requirements:\n     * - modulus can't be zero\n     * - underlying staticcall to precompile must succeed\n     *\n     * IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make\n     * sure the chain you're using it on supports the precompiled contract for modular exponentiation\n     * at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,\n     * the underlying function will succeed given the lack of a revert, but the result may be incorrectly\n     * interpreted as 0.\n     */\n    function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {\n        (bool success, uint256 result) = tryModExp(b, e, m);\n        if (!success) {\n            Panic.panic(Panic.DIVISION_BY_ZERO);\n        }\n        return result;\n    }\n\n    /**\n     * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).\n     * It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying\n     * to operate modulo 0 or if the underlying precompile reverted.\n     *\n     * IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain\n     * you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in\n     * https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack\n     * of a revert, but the result may be incorrectly interpreted as 0.\n     */\n    function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {\n        if (m == 0) return (false, 0);\n        assembly (\"memory-safe\") {\n            let ptr := mload(0x40)\n            // | Offset    | Content    | Content (Hex)                                                      |\n            // |-----------|------------|--------------------------------------------------------------------|\n            // | 0x00:0x1f | size of b  | 0x0000000000000000000000000000000000000000000000000000000000000020 |\n            // | 0x20:0x3f | size of e  | 0x0000000000000000000000000000000000000000000000000000000000000020 |\n            // | 0x40:0x5f | size of m  | 0x0000000000000000000000000000000000000000000000000000000000000020 |\n            // | 0x60:0x7f | value of b | 0x<.............................................................b> |\n            // | 0x80:0x9f | value of e | 0x<.............................................................e> |\n            // | 0xa0:0xbf | value of m | 0x<.............................................................m> |\n            mstore(ptr, 0x20)\n            mstore(add(ptr, 0x20), 0x20)\n            mstore(add(ptr, 0x40), 0x20)\n            mstore(add(ptr, 0x60), b)\n            mstore(add(ptr, 0x80), e)\n            mstore(add(ptr, 0xa0), m)\n\n            // Given the result < m, it's guaranteed to fit in 32 bytes,\n            // so we can use the memory scratch space located at offset 0.\n            success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)\n            result := mload(0x00)\n        }\n    }\n\n    /**\n     * @dev Variant of {modExp} that supports inputs of arbitrary length.\n     */\n    function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {\n        (bool success, bytes memory result) = tryModExp(b, e, m);\n        if (!success) {\n            Panic.panic(Panic.DIVISION_BY_ZERO);\n        }\n        return result;\n    }\n\n    /**\n     * @dev Variant of {tryModExp} that supports inputs of arbitrary length.\n     */\n    function tryModExp(\n        bytes memory b,\n        bytes memory e,\n        bytes memory m\n    ) internal view returns (bool success, bytes memory result) {\n        if (_zeroBytes(m)) return (false, new bytes(0));\n\n        uint256 mLen = m.length;\n\n        // Encode call args in result and move the free memory pointer\n        result = abi.encodePacked(b.length, e.length, mLen, b, e, m);\n\n        assembly (\"memory-safe\") {\n            let dataPtr := add(result, 0x20)\n            // Write result on top of args to avoid allocating extra memory.\n            success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)\n            // Overwrite the length.\n            // result.length > returndatasize() is guaranteed because returndatasize() == m.length\n            mstore(result, mLen)\n            // Set the memory pointer after the returned data.\n            mstore(0x40, add(dataPtr, mLen))\n        }\n    }\n\n    /**\n     * @dev Returns whether the provided byte array is zero.\n     */\n    function _zeroBytes(bytes memory byteArray) private pure returns (bool) {\n        for (uint256 i = 0; i < byteArray.length; ++i) {\n            if (byteArray[i] != 0) {\n                return false;\n            }\n        }\n        return true;\n    }\n\n    /**\n     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded\n     * towards zero.\n     *\n     * This method is based on Newton's method for computing square roots; the algorithm is restricted to only\n     * using integer operations.\n     */\n    function sqrt(uint256 a) internal pure returns (uint256) {\n        unchecked {\n            // Take care of easy edge cases when a == 0 or a == 1\n            if (a <= 1) {\n                return a;\n            }\n\n            // In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a\n            // sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between\n            // the current value as `ε_n = | x_n - sqrt(a) |`.\n            //\n            // For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root\n            // of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is\n            // bigger than any uint256.\n            //\n            // By noticing that\n            // `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`\n            // we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar\n            // to the msb function.\n            uint256 aa = a;\n            uint256 xn = 1;\n\n            if (aa >= (1 << 128)) {\n                aa >>= 128;\n                xn <<= 64;\n            }\n            if (aa >= (1 << 64)) {\n                aa >>= 64;\n                xn <<= 32;\n            }\n            if (aa >= (1 << 32)) {\n                aa >>= 32;\n                xn <<= 16;\n            }\n            if (aa >= (1 << 16)) {\n                aa >>= 16;\n                xn <<= 8;\n            }\n            if (aa >= (1 << 8)) {\n                aa >>= 8;\n                xn <<= 4;\n            }\n            if (aa >= (1 << 4)) {\n                aa >>= 4;\n                xn <<= 2;\n            }\n            if (aa >= (1 << 2)) {\n                xn <<= 1;\n            }\n\n            // We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).\n            //\n            // We can refine our estimation by noticing that the middle of that interval minimizes the error.\n            // If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).\n            // This is going to be our x_0 (and ε_0)\n            xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)\n\n            // From here, Newton's method give us:\n            // x_{n+1} = (x_n + a / x_n) / 2\n            //\n            // One should note that:\n            // x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a\n            //              = ((x_n² + a) / (2 * x_n))² - a\n            //              = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a\n            //              = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)\n            //              = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)\n            //              = (x_n² - a)² / (2 * x_n)²\n            //              = ((x_n² - a) / (2 * x_n))²\n            //              ≥ 0\n            // Which proves that for all n ≥ 1, sqrt(a) ≤ x_n\n            //\n            // This gives us the proof of quadratic convergence of the sequence:\n            // ε_{n+1} = | x_{n+1} - sqrt(a) |\n            //         = | (x_n + a / x_n) / 2 - sqrt(a) |\n            //         = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |\n            //         = | (x_n - sqrt(a))² / (2 * x_n) |\n            //         = | ε_n² / (2 * x_n) |\n            //         = ε_n² / | (2 * x_n) |\n            //\n            // For the first iteration, we have a special case where x_0 is known:\n            // ε_1 = ε_0² / | (2 * x_0) |\n            //     ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))\n            //     ≤ 2**(2*e-4) / (3 * 2**(e-1))\n            //     ≤ 2**(e-3) / 3\n            //     ≤ 2**(e-3-log2(3))\n            //     ≤ 2**(e-4.5)\n            //\n            // For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:\n            // ε_{n+1} = ε_n² / | (2 * x_n) |\n            //         ≤ (2**(e-k))² / (2 * 2**(e-1))\n            //         ≤ 2**(2*e-2*k) / 2**e\n            //         ≤ 2**(e-2*k)\n            xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5)  -- special case, see above\n            xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9)    -- general case with k = 4.5\n            xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18)   -- general case with k = 9\n            xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36)   -- general case with k = 18\n            xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72)   -- general case with k = 36\n            xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144)  -- general case with k = 72\n\n            // Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision\n            // ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either\n            // sqrt(a) or sqrt(a) + 1.\n            return xn - SafeCast.toUint(xn > a / xn);\n        }\n    }\n\n    /**\n     * @dev Calculates sqrt(a), following the selected rounding direction.\n     */\n    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\n        unchecked {\n            uint256 result = sqrt(a);\n            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);\n        }\n    }\n\n    /**\n     * @dev Return the log in base 2 of a positive value rounded towards zero.\n     * Returns 0 if given 0.\n     */\n    function log2(uint256 x) internal pure returns (uint256 r) {\n        // If value has upper 128 bits set, log2 result is at least 128\n        r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;\n        // If upper 64 bits of 128-bit half set, add 64 to result\n        r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;\n        // If upper 32 bits of 64-bit half set, add 32 to result\n        r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;\n        // If upper 16 bits of 32-bit half set, add 16 to result\n        r |= SafeCast.toUint((x >> r) > 0xffff) << 4;\n        // If upper 8 bits of 16-bit half set, add 8 to result\n        r |= SafeCast.toUint((x >> r) > 0xff) << 3;\n        // If upper 4 bits of 8-bit half set, add 4 to result\n        r |= SafeCast.toUint((x >> r) > 0xf) << 2;\n\n        // Shifts value right by the current result and use it as an index into this lookup table:\n        //\n        // | x (4 bits) |  index  | table[index] = MSB position |\n        // |------------|---------|-----------------------------|\n        // |    0000    |    0    |        table[0] = 0         |\n        // |    0001    |    1    |        table[1] = 0         |\n        // |    0010    |    2    |        table[2] = 1         |\n        // |    0011    |    3    |        table[3] = 1         |\n        // |    0100    |    4    |        table[4] = 2         |\n        // |    0101    |    5    |        table[5] = 2         |\n        // |    0110    |    6    |        table[6] = 2         |\n        // |    0111    |    7    |        table[7] = 2         |\n        // |    1000    |    8    |        table[8] = 3         |\n        // |    1001    |    9    |        table[9] = 3         |\n        // |    1010    |   10    |        table[10] = 3        |\n        // |    1011    |   11    |        table[11] = 3        |\n        // |    1100    |   12    |        table[12] = 3        |\n        // |    1101    |   13    |        table[13] = 3        |\n        // |    1110    |   14    |        table[14] = 3        |\n        // |    1111    |   15    |        table[15] = 3        |\n        //\n        // The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the last 16 bytes.\n        assembly (\"memory-safe\") {\n            r := or(r, byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000))\n        }\n    }\n\n    /**\n     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\n     * Returns 0 if given 0.\n     */\n    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\n        unchecked {\n            uint256 result = log2(value);\n            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);\n        }\n    }\n\n    /**\n     * @dev Return the log in base 10 of a positive value rounded towards zero.\n     * Returns 0 if given 0.\n     */\n    function log10(uint256 value) internal pure returns (uint256) {\n        uint256 result = 0;\n        unchecked {\n            if (value >= 10 ** 64) {\n                value /= 10 ** 64;\n                result += 64;\n            }\n            if (value >= 10 ** 32) {\n                value /= 10 ** 32;\n                result += 32;\n            }\n            if (value >= 10 ** 16) {\n                value /= 10 ** 16;\n                result += 16;\n            }\n            if (value >= 10 ** 8) {\n                value /= 10 ** 8;\n                result += 8;\n            }\n            if (value >= 10 ** 4) {\n                value /= 10 ** 4;\n                result += 4;\n            }\n            if (value >= 10 ** 2) {\n                value /= 10 ** 2;\n                result += 2;\n            }\n            if (value >= 10 ** 1) {\n                result += 1;\n            }\n        }\n        return result;\n    }\n\n    /**\n     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\n     * Returns 0 if given 0.\n     */\n    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\n        unchecked {\n            uint256 result = log10(value);\n            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);\n        }\n    }\n\n    /**\n     * @dev Return the log in base 256 of a positive value rounded towards zero.\n     * Returns 0 if given 0.\n     *\n     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\n     */\n    function log256(uint256 x) internal pure returns (uint256 r) {\n        // If value has upper 128 bits set, log2 result is at least 128\n        r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;\n        // If upper 64 bits of 128-bit half set, add 64 to result\n        r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;\n        // If upper 32 bits of 64-bit half set, add 32 to result\n        r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;\n        // If upper 16 bits of 32-bit half set, add 16 to result\n        r |= SafeCast.toUint((x >> r) > 0xffff) << 4;\n        // Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8\n        return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);\n    }\n\n    /**\n     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\n     * Returns 0 if given 0.\n     */\n    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\n        unchecked {\n            uint256 result = log256(value);\n            return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);\n        }\n    }\n\n    /**\n     * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.\n     */\n    function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {\n        return uint8(rounding) % 2 == 1;\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/math/SafeCast.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SafeCast.sol)\n// This file was procedurally generated from scripts/generate/templates/SafeCast.js.\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow\n * checks.\n *\n * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can\n * easily result in undesired exploitation or bugs, since developers usually\n * assume that overflows raise errors. `SafeCast` restores this intuition by\n * reverting the transaction when such an operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeCast {\n    /**\n     * @dev Value doesn't fit in an uint of `bits` size.\n     */\n    error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);\n\n    /**\n     * @dev An int value doesn't fit in an uint of `bits` size.\n     */\n    error SafeCastOverflowedIntToUint(int256 value);\n\n    /**\n     * @dev Value doesn't fit in an int of `bits` size.\n     */\n    error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);\n\n    /**\n     * @dev An uint value doesn't fit in an int of `bits` size.\n     */\n    error SafeCastOverflowedUintToInt(uint256 value);\n\n    /**\n     * @dev Returns the downcasted uint248 from uint256, reverting on\n     * overflow (when the input is greater than largest uint248).\n     *\n     * Counterpart to Solidity's `uint248` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 248 bits\n     */\n    function toUint248(uint256 value) internal pure returns (uint248) {\n        if (value > type(uint248).max) {\n            revert SafeCastOverflowedUintDowncast(248, value);\n        }\n        return uint248(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint240 from uint256, reverting on\n     * overflow (when the input is greater than largest uint240).\n     *\n     * Counterpart to Solidity's `uint240` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 240 bits\n     */\n    function toUint240(uint256 value) internal pure returns (uint240) {\n        if (value > type(uint240).max) {\n            revert SafeCastOverflowedUintDowncast(240, value);\n        }\n        return uint240(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint232 from uint256, reverting on\n     * overflow (when the input is greater than largest uint232).\n     *\n     * Counterpart to Solidity's `uint232` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 232 bits\n     */\n    function toUint232(uint256 value) internal pure returns (uint232) {\n        if (value > type(uint232).max) {\n            revert SafeCastOverflowedUintDowncast(232, value);\n        }\n        return uint232(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint224 from uint256, reverting on\n     * overflow (when the input is greater than largest uint224).\n     *\n     * Counterpart to Solidity's `uint224` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 224 bits\n     */\n    function toUint224(uint256 value) internal pure returns (uint224) {\n        if (value > type(uint224).max) {\n            revert SafeCastOverflowedUintDowncast(224, value);\n        }\n        return uint224(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint216 from uint256, reverting on\n     * overflow (when the input is greater than largest uint216).\n     *\n     * Counterpart to Solidity's `uint216` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 216 bits\n     */\n    function toUint216(uint256 value) internal pure returns (uint216) {\n        if (value > type(uint216).max) {\n            revert SafeCastOverflowedUintDowncast(216, value);\n        }\n        return uint216(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint208 from uint256, reverting on\n     * overflow (when the input is greater than largest uint208).\n     *\n     * Counterpart to Solidity's `uint208` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 208 bits\n     */\n    function toUint208(uint256 value) internal pure returns (uint208) {\n        if (value > type(uint208).max) {\n            revert SafeCastOverflowedUintDowncast(208, value);\n        }\n        return uint208(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint200 from uint256, reverting on\n     * overflow (when the input is greater than largest uint200).\n     *\n     * Counterpart to Solidity's `uint200` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 200 bits\n     */\n    function toUint200(uint256 value) internal pure returns (uint200) {\n        if (value > type(uint200).max) {\n            revert SafeCastOverflowedUintDowncast(200, value);\n        }\n        return uint200(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint192 from uint256, reverting on\n     * overflow (when the input is greater than largest uint192).\n     *\n     * Counterpart to Solidity's `uint192` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 192 bits\n     */\n    function toUint192(uint256 value) internal pure returns (uint192) {\n        if (value > type(uint192).max) {\n            revert SafeCastOverflowedUintDowncast(192, value);\n        }\n        return uint192(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint184 from uint256, reverting on\n     * overflow (when the input is greater than largest uint184).\n     *\n     * Counterpart to Solidity's `uint184` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 184 bits\n     */\n    function toUint184(uint256 value) internal pure returns (uint184) {\n        if (value > type(uint184).max) {\n            revert SafeCastOverflowedUintDowncast(184, value);\n        }\n        return uint184(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint176 from uint256, reverting on\n     * overflow (when the input is greater than largest uint176).\n     *\n     * Counterpart to Solidity's `uint176` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 176 bits\n     */\n    function toUint176(uint256 value) internal pure returns (uint176) {\n        if (value > type(uint176).max) {\n            revert SafeCastOverflowedUintDowncast(176, value);\n        }\n        return uint176(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint168 from uint256, reverting on\n     * overflow (when the input is greater than largest uint168).\n     *\n     * Counterpart to Solidity's `uint168` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 168 bits\n     */\n    function toUint168(uint256 value) internal pure returns (uint168) {\n        if (value > type(uint168).max) {\n            revert SafeCastOverflowedUintDowncast(168, value);\n        }\n        return uint168(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint160 from uint256, reverting on\n     * overflow (when the input is greater than largest uint160).\n     *\n     * Counterpart to Solidity's `uint160` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 160 bits\n     */\n    function toUint160(uint256 value) internal pure returns (uint160) {\n        if (value > type(uint160).max) {\n            revert SafeCastOverflowedUintDowncast(160, value);\n        }\n        return uint160(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint152 from uint256, reverting on\n     * overflow (when the input is greater than largest uint152).\n     *\n     * Counterpart to Solidity's `uint152` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 152 bits\n     */\n    function toUint152(uint256 value) internal pure returns (uint152) {\n        if (value > type(uint152).max) {\n            revert SafeCastOverflowedUintDowncast(152, value);\n        }\n        return uint152(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint144 from uint256, reverting on\n     * overflow (when the input is greater than largest uint144).\n     *\n     * Counterpart to Solidity's `uint144` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 144 bits\n     */\n    function toUint144(uint256 value) internal pure returns (uint144) {\n        if (value > type(uint144).max) {\n            revert SafeCastOverflowedUintDowncast(144, value);\n        }\n        return uint144(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint136 from uint256, reverting on\n     * overflow (when the input is greater than largest uint136).\n     *\n     * Counterpart to Solidity's `uint136` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 136 bits\n     */\n    function toUint136(uint256 value) internal pure returns (uint136) {\n        if (value > type(uint136).max) {\n            revert SafeCastOverflowedUintDowncast(136, value);\n        }\n        return uint136(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint128 from uint256, reverting on\n     * overflow (when the input is greater than largest uint128).\n     *\n     * Counterpart to Solidity's `uint128` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 128 bits\n     */\n    function toUint128(uint256 value) internal pure returns (uint128) {\n        if (value > type(uint128).max) {\n            revert SafeCastOverflowedUintDowncast(128, value);\n        }\n        return uint128(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint120 from uint256, reverting on\n     * overflow (when the input is greater than largest uint120).\n     *\n     * Counterpart to Solidity's `uint120` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 120 bits\n     */\n    function toUint120(uint256 value) internal pure returns (uint120) {\n        if (value > type(uint120).max) {\n            revert SafeCastOverflowedUintDowncast(120, value);\n        }\n        return uint120(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint112 from uint256, reverting on\n     * overflow (when the input is greater than largest uint112).\n     *\n     * Counterpart to Solidity's `uint112` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 112 bits\n     */\n    function toUint112(uint256 value) internal pure returns (uint112) {\n        if (value > type(uint112).max) {\n            revert SafeCastOverflowedUintDowncast(112, value);\n        }\n        return uint112(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint104 from uint256, reverting on\n     * overflow (when the input is greater than largest uint104).\n     *\n     * Counterpart to Solidity's `uint104` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 104 bits\n     */\n    function toUint104(uint256 value) internal pure returns (uint104) {\n        if (value > type(uint104).max) {\n            revert SafeCastOverflowedUintDowncast(104, value);\n        }\n        return uint104(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint96 from uint256, reverting on\n     * overflow (when the input is greater than largest uint96).\n     *\n     * Counterpart to Solidity's `uint96` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 96 bits\n     */\n    function toUint96(uint256 value) internal pure returns (uint96) {\n        if (value > type(uint96).max) {\n            revert SafeCastOverflowedUintDowncast(96, value);\n        }\n        return uint96(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint88 from uint256, reverting on\n     * overflow (when the input is greater than largest uint88).\n     *\n     * Counterpart to Solidity's `uint88` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 88 bits\n     */\n    function toUint88(uint256 value) internal pure returns (uint88) {\n        if (value > type(uint88).max) {\n            revert SafeCastOverflowedUintDowncast(88, value);\n        }\n        return uint88(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint80 from uint256, reverting on\n     * overflow (when the input is greater than largest uint80).\n     *\n     * Counterpart to Solidity's `uint80` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 80 bits\n     */\n    function toUint80(uint256 value) internal pure returns (uint80) {\n        if (value > type(uint80).max) {\n            revert SafeCastOverflowedUintDowncast(80, value);\n        }\n        return uint80(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint72 from uint256, reverting on\n     * overflow (when the input is greater than largest uint72).\n     *\n     * Counterpart to Solidity's `uint72` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 72 bits\n     */\n    function toUint72(uint256 value) internal pure returns (uint72) {\n        if (value > type(uint72).max) {\n            revert SafeCastOverflowedUintDowncast(72, value);\n        }\n        return uint72(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint64 from uint256, reverting on\n     * overflow (when the input is greater than largest uint64).\n     *\n     * Counterpart to Solidity's `uint64` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 64 bits\n     */\n    function toUint64(uint256 value) internal pure returns (uint64) {\n        if (value > type(uint64).max) {\n            revert SafeCastOverflowedUintDowncast(64, value);\n        }\n        return uint64(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint56 from uint256, reverting on\n     * overflow (when the input is greater than largest uint56).\n     *\n     * Counterpart to Solidity's `uint56` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 56 bits\n     */\n    function toUint56(uint256 value) internal pure returns (uint56) {\n        if (value > type(uint56).max) {\n            revert SafeCastOverflowedUintDowncast(56, value);\n        }\n        return uint56(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint48 from uint256, reverting on\n     * overflow (when the input is greater than largest uint48).\n     *\n     * Counterpart to Solidity's `uint48` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 48 bits\n     */\n    function toUint48(uint256 value) internal pure returns (uint48) {\n        if (value > type(uint48).max) {\n            revert SafeCastOverflowedUintDowncast(48, value);\n        }\n        return uint48(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint40 from uint256, reverting on\n     * overflow (when the input is greater than largest uint40).\n     *\n     * Counterpart to Solidity's `uint40` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 40 bits\n     */\n    function toUint40(uint256 value) internal pure returns (uint40) {\n        if (value > type(uint40).max) {\n            revert SafeCastOverflowedUintDowncast(40, value);\n        }\n        return uint40(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint32 from uint256, reverting on\n     * overflow (when the input is greater than largest uint32).\n     *\n     * Counterpart to Solidity's `uint32` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 32 bits\n     */\n    function toUint32(uint256 value) internal pure returns (uint32) {\n        if (value > type(uint32).max) {\n            revert SafeCastOverflowedUintDowncast(32, value);\n        }\n        return uint32(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint24 from uint256, reverting on\n     * overflow (when the input is greater than largest uint24).\n     *\n     * Counterpart to Solidity's `uint24` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 24 bits\n     */\n    function toUint24(uint256 value) internal pure returns (uint24) {\n        if (value > type(uint24).max) {\n            revert SafeCastOverflowedUintDowncast(24, value);\n        }\n        return uint24(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint16 from uint256, reverting on\n     * overflow (when the input is greater than largest uint16).\n     *\n     * Counterpart to Solidity's `uint16` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 16 bits\n     */\n    function toUint16(uint256 value) internal pure returns (uint16) {\n        if (value > type(uint16).max) {\n            revert SafeCastOverflowedUintDowncast(16, value);\n        }\n        return uint16(value);\n    }\n\n    /**\n     * @dev Returns the downcasted uint8 from uint256, reverting on\n     * overflow (when the input is greater than largest uint8).\n     *\n     * Counterpart to Solidity's `uint8` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 8 bits\n     */\n    function toUint8(uint256 value) internal pure returns (uint8) {\n        if (value > type(uint8).max) {\n            revert SafeCastOverflowedUintDowncast(8, value);\n        }\n        return uint8(value);\n    }\n\n    /**\n     * @dev Converts a signed int256 into an unsigned uint256.\n     *\n     * Requirements:\n     *\n     * - input must be greater than or equal to 0.\n     */\n    function toUint256(int256 value) internal pure returns (uint256) {\n        if (value < 0) {\n            revert SafeCastOverflowedIntToUint(value);\n        }\n        return uint256(value);\n    }\n\n    /**\n     * @dev Returns the downcasted int248 from int256, reverting on\n     * overflow (when the input is less than smallest int248 or\n     * greater than largest int248).\n     *\n     * Counterpart to Solidity's `int248` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 248 bits\n     */\n    function toInt248(int256 value) internal pure returns (int248 downcasted) {\n        downcasted = int248(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(248, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int240 from int256, reverting on\n     * overflow (when the input is less than smallest int240 or\n     * greater than largest int240).\n     *\n     * Counterpart to Solidity's `int240` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 240 bits\n     */\n    function toInt240(int256 value) internal pure returns (int240 downcasted) {\n        downcasted = int240(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(240, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int232 from int256, reverting on\n     * overflow (when the input is less than smallest int232 or\n     * greater than largest int232).\n     *\n     * Counterpart to Solidity's `int232` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 232 bits\n     */\n    function toInt232(int256 value) internal pure returns (int232 downcasted) {\n        downcasted = int232(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(232, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int224 from int256, reverting on\n     * overflow (when the input is less than smallest int224 or\n     * greater than largest int224).\n     *\n     * Counterpart to Solidity's `int224` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 224 bits\n     */\n    function toInt224(int256 value) internal pure returns (int224 downcasted) {\n        downcasted = int224(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(224, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int216 from int256, reverting on\n     * overflow (when the input is less than smallest int216 or\n     * greater than largest int216).\n     *\n     * Counterpart to Solidity's `int216` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 216 bits\n     */\n    function toInt216(int256 value) internal pure returns (int216 downcasted) {\n        downcasted = int216(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(216, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int208 from int256, reverting on\n     * overflow (when the input is less than smallest int208 or\n     * greater than largest int208).\n     *\n     * Counterpart to Solidity's `int208` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 208 bits\n     */\n    function toInt208(int256 value) internal pure returns (int208 downcasted) {\n        downcasted = int208(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(208, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int200 from int256, reverting on\n     * overflow (when the input is less than smallest int200 or\n     * greater than largest int200).\n     *\n     * Counterpart to Solidity's `int200` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 200 bits\n     */\n    function toInt200(int256 value) internal pure returns (int200 downcasted) {\n        downcasted = int200(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(200, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int192 from int256, reverting on\n     * overflow (when the input is less than smallest int192 or\n     * greater than largest int192).\n     *\n     * Counterpart to Solidity's `int192` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 192 bits\n     */\n    function toInt192(int256 value) internal pure returns (int192 downcasted) {\n        downcasted = int192(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(192, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int184 from int256, reverting on\n     * overflow (when the input is less than smallest int184 or\n     * greater than largest int184).\n     *\n     * Counterpart to Solidity's `int184` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 184 bits\n     */\n    function toInt184(int256 value) internal pure returns (int184 downcasted) {\n        downcasted = int184(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(184, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int176 from int256, reverting on\n     * overflow (when the input is less than smallest int176 or\n     * greater than largest int176).\n     *\n     * Counterpart to Solidity's `int176` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 176 bits\n     */\n    function toInt176(int256 value) internal pure returns (int176 downcasted) {\n        downcasted = int176(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(176, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int168 from int256, reverting on\n     * overflow (when the input is less than smallest int168 or\n     * greater than largest int168).\n     *\n     * Counterpart to Solidity's `int168` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 168 bits\n     */\n    function toInt168(int256 value) internal pure returns (int168 downcasted) {\n        downcasted = int168(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(168, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int160 from int256, reverting on\n     * overflow (when the input is less than smallest int160 or\n     * greater than largest int160).\n     *\n     * Counterpart to Solidity's `int160` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 160 bits\n     */\n    function toInt160(int256 value) internal pure returns (int160 downcasted) {\n        downcasted = int160(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(160, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int152 from int256, reverting on\n     * overflow (when the input is less than smallest int152 or\n     * greater than largest int152).\n     *\n     * Counterpart to Solidity's `int152` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 152 bits\n     */\n    function toInt152(int256 value) internal pure returns (int152 downcasted) {\n        downcasted = int152(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(152, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int144 from int256, reverting on\n     * overflow (when the input is less than smallest int144 or\n     * greater than largest int144).\n     *\n     * Counterpart to Solidity's `int144` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 144 bits\n     */\n    function toInt144(int256 value) internal pure returns (int144 downcasted) {\n        downcasted = int144(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(144, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int136 from int256, reverting on\n     * overflow (when the input is less than smallest int136 or\n     * greater than largest int136).\n     *\n     * Counterpart to Solidity's `int136` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 136 bits\n     */\n    function toInt136(int256 value) internal pure returns (int136 downcasted) {\n        downcasted = int136(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(136, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int128 from int256, reverting on\n     * overflow (when the input is less than smallest int128 or\n     * greater than largest int128).\n     *\n     * Counterpart to Solidity's `int128` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 128 bits\n     */\n    function toInt128(int256 value) internal pure returns (int128 downcasted) {\n        downcasted = int128(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(128, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int120 from int256, reverting on\n     * overflow (when the input is less than smallest int120 or\n     * greater than largest int120).\n     *\n     * Counterpart to Solidity's `int120` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 120 bits\n     */\n    function toInt120(int256 value) internal pure returns (int120 downcasted) {\n        downcasted = int120(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(120, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int112 from int256, reverting on\n     * overflow (when the input is less than smallest int112 or\n     * greater than largest int112).\n     *\n     * Counterpart to Solidity's `int112` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 112 bits\n     */\n    function toInt112(int256 value) internal pure returns (int112 downcasted) {\n        downcasted = int112(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(112, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int104 from int256, reverting on\n     * overflow (when the input is less than smallest int104 or\n     * greater than largest int104).\n     *\n     * Counterpart to Solidity's `int104` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 104 bits\n     */\n    function toInt104(int256 value) internal pure returns (int104 downcasted) {\n        downcasted = int104(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(104, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int96 from int256, reverting on\n     * overflow (when the input is less than smallest int96 or\n     * greater than largest int96).\n     *\n     * Counterpart to Solidity's `int96` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 96 bits\n     */\n    function toInt96(int256 value) internal pure returns (int96 downcasted) {\n        downcasted = int96(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(96, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int88 from int256, reverting on\n     * overflow (when the input is less than smallest int88 or\n     * greater than largest int88).\n     *\n     * Counterpart to Solidity's `int88` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 88 bits\n     */\n    function toInt88(int256 value) internal pure returns (int88 downcasted) {\n        downcasted = int88(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(88, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int80 from int256, reverting on\n     * overflow (when the input is less than smallest int80 or\n     * greater than largest int80).\n     *\n     * Counterpart to Solidity's `int80` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 80 bits\n     */\n    function toInt80(int256 value) internal pure returns (int80 downcasted) {\n        downcasted = int80(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(80, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int72 from int256, reverting on\n     * overflow (when the input is less than smallest int72 or\n     * greater than largest int72).\n     *\n     * Counterpart to Solidity's `int72` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 72 bits\n     */\n    function toInt72(int256 value) internal pure returns (int72 downcasted) {\n        downcasted = int72(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(72, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int64 from int256, reverting on\n     * overflow (when the input is less than smallest int64 or\n     * greater than largest int64).\n     *\n     * Counterpart to Solidity's `int64` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 64 bits\n     */\n    function toInt64(int256 value) internal pure returns (int64 downcasted) {\n        downcasted = int64(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(64, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int56 from int256, reverting on\n     * overflow (when the input is less than smallest int56 or\n     * greater than largest int56).\n     *\n     * Counterpart to Solidity's `int56` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 56 bits\n     */\n    function toInt56(int256 value) internal pure returns (int56 downcasted) {\n        downcasted = int56(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(56, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int48 from int256, reverting on\n     * overflow (when the input is less than smallest int48 or\n     * greater than largest int48).\n     *\n     * Counterpart to Solidity's `int48` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 48 bits\n     */\n    function toInt48(int256 value) internal pure returns (int48 downcasted) {\n        downcasted = int48(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(48, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int40 from int256, reverting on\n     * overflow (when the input is less than smallest int40 or\n     * greater than largest int40).\n     *\n     * Counterpart to Solidity's `int40` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 40 bits\n     */\n    function toInt40(int256 value) internal pure returns (int40 downcasted) {\n        downcasted = int40(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(40, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int32 from int256, reverting on\n     * overflow (when the input is less than smallest int32 or\n     * greater than largest int32).\n     *\n     * Counterpart to Solidity's `int32` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 32 bits\n     */\n    function toInt32(int256 value) internal pure returns (int32 downcasted) {\n        downcasted = int32(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(32, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int24 from int256, reverting on\n     * overflow (when the input is less than smallest int24 or\n     * greater than largest int24).\n     *\n     * Counterpart to Solidity's `int24` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 24 bits\n     */\n    function toInt24(int256 value) internal pure returns (int24 downcasted) {\n        downcasted = int24(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(24, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int16 from int256, reverting on\n     * overflow (when the input is less than smallest int16 or\n     * greater than largest int16).\n     *\n     * Counterpart to Solidity's `int16` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 16 bits\n     */\n    function toInt16(int256 value) internal pure returns (int16 downcasted) {\n        downcasted = int16(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(16, value);\n        }\n    }\n\n    /**\n     * @dev Returns the downcasted int8 from int256, reverting on\n     * overflow (when the input is less than smallest int8 or\n     * greater than largest int8).\n     *\n     * Counterpart to Solidity's `int8` operator.\n     *\n     * Requirements:\n     *\n     * - input must fit into 8 bits\n     */\n    function toInt8(int256 value) internal pure returns (int8 downcasted) {\n        downcasted = int8(value);\n        if (downcasted != value) {\n            revert SafeCastOverflowedIntDowncast(8, value);\n        }\n    }\n\n    /**\n     * @dev Converts an unsigned uint256 into a signed int256.\n     *\n     * Requirements:\n     *\n     * - input must be less than or equal to maxInt256.\n     */\n    function toInt256(uint256 value) internal pure returns (int256) {\n        // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive\n        if (value > uint256(type(int256).max)) {\n            revert SafeCastOverflowedUintToInt(value);\n        }\n        return int256(value);\n    }\n\n    /**\n     * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.\n     */\n    function toUint(bool b) internal pure returns (uint256 u) {\n        assembly (\"memory-safe\") {\n            u := iszero(iszero(b))\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/math/SignedMath.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SignedMath.sol)\n\npragma solidity ^0.8.20;\n\nimport {SafeCast} from \"./SafeCast.sol\";\n\n/**\n * @dev Standard signed math utilities missing in the Solidity language.\n */\nlibrary SignedMath {\n    /**\n     * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.\n     *\n     * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.\n     * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute\n     * one branch when needed, making this function more expensive.\n     */\n    function ternary(bool condition, int256 a, int256 b) internal pure returns (int256) {\n        unchecked {\n            // branchless ternary works because:\n            // b ^ (a ^ b) == a\n            // b ^ 0 == b\n            return b ^ ((a ^ b) * int256(SafeCast.toUint(condition)));\n        }\n    }\n\n    /**\n     * @dev Returns the largest of two signed numbers.\n     */\n    function max(int256 a, int256 b) internal pure returns (int256) {\n        return ternary(a > b, a, b);\n    }\n\n    /**\n     * @dev Returns the smallest of two signed numbers.\n     */\n    function min(int256 a, int256 b) internal pure returns (int256) {\n        return ternary(a < b, a, b);\n    }\n\n    /**\n     * @dev Returns the average of two signed numbers without overflow.\n     * The result is rounded towards zero.\n     */\n    function average(int256 a, int256 b) internal pure returns (int256) {\n        // Formula from the book \"Hacker's Delight\"\n        int256 x = (a & b) + ((a ^ b) >> 1);\n        return x + (int256(uint256(x) >> 255) & (a ^ b));\n    }\n\n    /**\n     * @dev Returns the absolute unsigned value of a signed value.\n     */\n    function abs(int256 n) internal pure returns (uint256) {\n        unchecked {\n            // Formula from the \"Bit Twiddling Hacks\" by Sean Eron Anderson.\n            // Since `n` is a signed integer, the generated bytecode will use the SAR opcode to perform the right shift,\n            // taking advantage of the most significant (or \"sign\" bit) in two's complement representation.\n            // This opcode adds new most significant bits set to the value of the previous most significant bit. As a result,\n            // the mask will either be `bytes32(0)` (if n is positive) or `~bytes32(0)` (if n is negative).\n            int256 mask = n >> 255;\n\n            // A `bytes32(0)` mask leaves the input unchanged, while a `~bytes32(0)` mask complements it.\n            return uint256((n + mask) ^ mask);\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/Nonces.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.0.0) (utils/Nonces.sol)\npragma solidity ^0.8.20;\n\n/**\n * @dev Provides tracking nonces for addresses. Nonces will only increment.\n */\nabstract contract Nonces {\n    /**\n     * @dev The nonce used for an `account` is not the expected current nonce.\n     */\n    error InvalidAccountNonce(address account, uint256 currentNonce);\n\n    mapping(address account => uint256) private _nonces;\n\n    /**\n     * @dev Returns the next unused nonce for an address.\n     */\n    function nonces(address owner) public view virtual returns (uint256) {\n        return _nonces[owner];\n    }\n\n    /**\n     * @dev Consumes a nonce.\n     *\n     * Returns the current value and increments nonce.\n     */\n    function _useNonce(address owner) internal virtual returns (uint256) {\n        // For each account, the nonce has an initial value of 0, can only be incremented by one, and cannot be\n        // decremented or reset. This guarantees that the nonce never overflows.\n        unchecked {\n            // It is important to do x++ and not ++x here.\n            return _nonces[owner]++;\n        }\n    }\n\n    /**\n     * @dev Same as {_useNonce} but checking that `nonce` is the next valid for `owner`.\n     */\n    function _useCheckedNonce(address owner, uint256 nonce) internal virtual {\n        uint256 current = _useNonce(owner);\n        if (nonce != current) {\n            revert InvalidAccountNonce(owner, current);\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/Panic.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Helper library for emitting standardized panic codes.\n *\n * ```solidity\n * contract Example {\n *      using Panic for uint256;\n *\n *      // Use any of the declared internal constants\n *      function foo() { Panic.GENERIC.panic(); }\n *\n *      // Alternatively\n *      function foo() { Panic.panic(Panic.GENERIC); }\n * }\n * ```\n *\n * Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].\n *\n * _Available since v5.1._\n */\n// slither-disable-next-line unused-state\nlibrary Panic {\n    /// @dev generic / unspecified error\n    uint256 internal constant GENERIC = 0x00;\n    /// @dev used by the assert() builtin\n    uint256 internal constant ASSERT = 0x01;\n    /// @dev arithmetic underflow or overflow\n    uint256 internal constant UNDER_OVERFLOW = 0x11;\n    /// @dev division or modulo by zero\n    uint256 internal constant DIVISION_BY_ZERO = 0x12;\n    /// @dev enum conversion error\n    uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;\n    /// @dev invalid encoding in storage\n    uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;\n    /// @dev empty array pop\n    uint256 internal constant EMPTY_ARRAY_POP = 0x31;\n    /// @dev array out of bounds access\n    uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;\n    /// @dev resource error (too large allocation or too large array)\n    uint256 internal constant RESOURCE_ERROR = 0x41;\n    /// @dev calling invalid internal function\n    uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;\n\n    /// @dev Reverts with a panic code. Recommended to use with\n    /// the internal constants with predefined codes.\n    function panic(uint256 code) internal pure {\n        assembly (\"memory-safe\") {\n            mstore(0x00, 0x4e487b71)\n            mstore(0x20, code)\n            revert(0x1c, 0x24)\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/ShortStrings.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (utils/ShortStrings.sol)\n\npragma solidity ^0.8.20;\n\nimport {StorageSlot} from \"./StorageSlot.sol\";\n\n// | string  | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   |\n// | length  | 0x                                                              BB |\ntype ShortString is bytes32;\n\n/**\n * @dev This library provides functions to convert short memory strings\n * into a `ShortString` type that can be used as an immutable variable.\n *\n * Strings of arbitrary length can be optimized using this library if\n * they are short enough (up to 31 bytes) by packing them with their\n * length (1 byte) in a single EVM word (32 bytes). Additionally, a\n * fallback mechanism can be used for every other case.\n *\n * Usage example:\n *\n * ```solidity\n * contract Named {\n *     using ShortStrings for *;\n *\n *     ShortString private immutable _name;\n *     string private _nameFallback;\n *\n *     constructor(string memory contractName) {\n *         _name = contractName.toShortStringWithFallback(_nameFallback);\n *     }\n *\n *     function name() external view returns (string memory) {\n *         return _name.toStringWithFallback(_nameFallback);\n *     }\n * }\n * ```\n */\nlibrary ShortStrings {\n    // Used as an identifier for strings longer than 31 bytes.\n    bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;\n\n    error StringTooLong(string str);\n    error InvalidShortString();\n\n    /**\n     * @dev Encode a string of at most 31 chars into a `ShortString`.\n     *\n     * This will trigger a `StringTooLong` error is the input string is too long.\n     */\n    function toShortString(string memory str) internal pure returns (ShortString) {\n        bytes memory bstr = bytes(str);\n        if (bstr.length > 31) {\n            revert StringTooLong(str);\n        }\n        return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));\n    }\n\n    /**\n     * @dev Decode a `ShortString` back to a \"normal\" string.\n     */\n    function toString(ShortString sstr) internal pure returns (string memory) {\n        uint256 len = byteLength(sstr);\n        // using `new string(len)` would work locally but is not memory safe.\n        string memory str = new string(32);\n        assembly (\"memory-safe\") {\n            mstore(str, len)\n            mstore(add(str, 0x20), sstr)\n        }\n        return str;\n    }\n\n    /**\n     * @dev Return the length of a `ShortString`.\n     */\n    function byteLength(ShortString sstr) internal pure returns (uint256) {\n        uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;\n        if (result > 31) {\n            revert InvalidShortString();\n        }\n        return result;\n    }\n\n    /**\n     * @dev Encode a string into a `ShortString`, or write it to storage if it is too long.\n     */\n    function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {\n        if (bytes(value).length < 32) {\n            return toShortString(value);\n        } else {\n            StorageSlot.getStringSlot(store).value = value;\n            return ShortString.wrap(FALLBACK_SENTINEL);\n        }\n    }\n\n    /**\n     * @dev Decode a string that was encoded to `ShortString` or written to storage using {toShortStringWithFallback}.\n     */\n    function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {\n        if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {\n            return toString(value);\n        } else {\n            return store;\n        }\n    }\n\n    /**\n     * @dev Return the length of a string that was encoded to `ShortString` or written to storage using\n     * {toShortStringWithFallback}.\n     *\n     * WARNING: This will return the \"byte length\" of the string. This may not reflect the actual length in terms of\n     * actual characters as the UTF-8 encoding of a single character can span over multiple bytes.\n     */\n    function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {\n        if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {\n            return byteLength(value);\n        } else {\n            return bytes(store).length;\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/StorageSlot.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\n\npragma solidity ^0.8.20;\n\n/**\n * @dev Library for reading and writing primitive types to specific storage slots.\n *\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\n * This library helps with reading and writing to such slots without the need for inline assembly.\n *\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\n *\n * Example usage to set ERC-1967 implementation slot:\n * ```solidity\n * contract ERC1967 {\n *     // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.\n *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\n *\n *     function _getImplementation() internal view returns (address) {\n *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\n *     }\n *\n *     function _setImplementation(address newImplementation) internal {\n *         require(newImplementation.code.length > 0);\n *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\n *     }\n * }\n * ```\n *\n * TIP: Consider using this library along with {SlotDerivation}.\n */\nlibrary StorageSlot {\n    struct AddressSlot {\n        address value;\n    }\n\n    struct BooleanSlot {\n        bool value;\n    }\n\n    struct Bytes32Slot {\n        bytes32 value;\n    }\n\n    struct Uint256Slot {\n        uint256 value;\n    }\n\n    struct Int256Slot {\n        int256 value;\n    }\n\n    struct StringSlot {\n        string value;\n    }\n\n    struct BytesSlot {\n        bytes value;\n    }\n\n    /**\n     * @dev Returns an `AddressSlot` with member `value` located at `slot`.\n     */\n    function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns a `BooleanSlot` with member `value` located at `slot`.\n     */\n    function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns a `Bytes32Slot` with member `value` located at `slot`.\n     */\n    function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns a `Uint256Slot` with member `value` located at `slot`.\n     */\n    function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns a `Int256Slot` with member `value` located at `slot`.\n     */\n    function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns a `StringSlot` with member `value` located at `slot`.\n     */\n    function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\n     */\n    function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := store.slot\n        }\n    }\n\n    /**\n     * @dev Returns a `BytesSlot` with member `value` located at `slot`.\n     */\n    function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := slot\n        }\n    }\n\n    /**\n     * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\n     */\n    function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\n        assembly (\"memory-safe\") {\n            r.slot := store.slot\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/Strings.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (utils/Strings.sol)\n\npragma solidity ^0.8.20;\n\nimport {Math} from \"./math/Math.sol\";\nimport {SafeCast} from \"./math/SafeCast.sol\";\nimport {SignedMath} from \"./math/SignedMath.sol\";\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n    using SafeCast for *;\n\n    bytes16 private constant HEX_DIGITS = \"0123456789abcdef\";\n    uint8 private constant ADDRESS_LENGTH = 20;\n    uint256 private constant SPECIAL_CHARS_LOOKUP =\n        (1 << 0x08) | // backspace\n            (1 << 0x09) | // tab\n            (1 << 0x0a) | // newline\n            (1 << 0x0c) | // form feed\n            (1 << 0x0d) | // carriage return\n            (1 << 0x22) | // double quote\n            (1 << 0x5c); // backslash\n\n    /**\n     * @dev The `value` string doesn't fit in the specified `length`.\n     */\n    error StringsInsufficientHexLength(uint256 value, uint256 length);\n\n    /**\n     * @dev The string being parsed contains characters that are not in scope of the given base.\n     */\n    error StringsInvalidChar();\n\n    /**\n     * @dev The string being parsed is not a properly formatted address.\n     */\n    error StringsInvalidAddressFormat();\n\n    /**\n     * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n     */\n    function toString(uint256 value) internal pure returns (string memory) {\n        unchecked {\n            uint256 length = Math.log10(value) + 1;\n            string memory buffer = new string(length);\n            uint256 ptr;\n            assembly (\"memory-safe\") {\n                ptr := add(buffer, add(32, length))\n            }\n            while (true) {\n                ptr--;\n                assembly (\"memory-safe\") {\n                    mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))\n                }\n                value /= 10;\n                if (value == 0) break;\n            }\n            return buffer;\n        }\n    }\n\n    /**\n     * @dev Converts a `int256` to its ASCII `string` decimal representation.\n     */\n    function toStringSigned(int256 value) internal pure returns (string memory) {\n        return string.concat(value < 0 ? \"-\" : \"\", toString(SignedMath.abs(value)));\n    }\n\n    /**\n     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n     */\n    function toHexString(uint256 value) internal pure returns (string memory) {\n        unchecked {\n            return toHexString(value, Math.log256(value) + 1);\n        }\n    }\n\n    /**\n     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n     */\n    function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n        uint256 localValue = value;\n        bytes memory buffer = new bytes(2 * length + 2);\n        buffer[0] = \"0\";\n        buffer[1] = \"x\";\n        for (uint256 i = 2 * length + 1; i > 1; --i) {\n            buffer[i] = HEX_DIGITS[localValue & 0xf];\n            localValue >>= 4;\n        }\n        if (localValue != 0) {\n            revert StringsInsufficientHexLength(value, length);\n        }\n        return string(buffer);\n    }\n\n    /**\n     * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal\n     * representation.\n     */\n    function toHexString(address addr) internal pure returns (string memory) {\n        return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);\n    }\n\n    /**\n     * @dev Converts an `address` with fixed length of 20 bytes to its checksummed ASCII `string` hexadecimal\n     * representation, according to EIP-55.\n     */\n    function toChecksumHexString(address addr) internal pure returns (string memory) {\n        bytes memory buffer = bytes(toHexString(addr));\n\n        // hash the hex part of buffer (skip length + 2 bytes, length 40)\n        uint256 hashValue;\n        assembly (\"memory-safe\") {\n            hashValue := shr(96, keccak256(add(buffer, 0x22), 40))\n        }\n\n        for (uint256 i = 41; i > 1; --i) {\n            // possible values for buffer[i] are 48 (0) to 57 (9) and 97 (a) to 102 (f)\n            if (hashValue & 0xf > 7 && uint8(buffer[i]) > 96) {\n                // case shift by xoring with 0x20\n                buffer[i] ^= 0x20;\n            }\n            hashValue >>= 4;\n        }\n        return string(buffer);\n    }\n\n    /**\n     * @dev Returns true if the two strings are equal.\n     */\n    function equal(string memory a, string memory b) internal pure returns (bool) {\n        return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));\n    }\n\n    /**\n     * @dev Parse a decimal string and returns the value as a `uint256`.\n     *\n     * Requirements:\n     * - The string must be formatted as `[0-9]*`\n     * - The result must fit into an `uint256` type\n     */\n    function parseUint(string memory input) internal pure returns (uint256) {\n        return parseUint(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseUint-string} that parses a substring of `input` located between position `begin` (included) and\n     * `end` (excluded).\n     *\n     * Requirements:\n     * - The substring must be formatted as `[0-9]*`\n     * - The result must fit into an `uint256` type\n     */\n    function parseUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {\n        (bool success, uint256 value) = tryParseUint(input, begin, end);\n        if (!success) revert StringsInvalidChar();\n        return value;\n    }\n\n    /**\n     * @dev Variant of {parseUint-string} that returns false if the parsing fails because of an invalid character.\n     *\n     * NOTE: This function will revert if the result does not fit in a `uint256`.\n     */\n    function tryParseUint(string memory input) internal pure returns (bool success, uint256 value) {\n        return _tryParseUintUncheckedBounds(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseUint-string-uint256-uint256} that returns false if the parsing fails because of an invalid\n     * character.\n     *\n     * NOTE: This function will revert if the result does not fit in a `uint256`.\n     */\n    function tryParseUint(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) internal pure returns (bool success, uint256 value) {\n        if (end > bytes(input).length || begin > end) return (false, 0);\n        return _tryParseUintUncheckedBounds(input, begin, end);\n    }\n\n    /**\n     * @dev Implementation of {tryParseUint-string-uint256-uint256} that does not check bounds. Caller should make sure that\n     * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\n     */\n    function _tryParseUintUncheckedBounds(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) private pure returns (bool success, uint256 value) {\n        bytes memory buffer = bytes(input);\n\n        uint256 result = 0;\n        for (uint256 i = begin; i < end; ++i) {\n            uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));\n            if (chr > 9) return (false, 0);\n            result *= 10;\n            result += chr;\n        }\n        return (true, result);\n    }\n\n    /**\n     * @dev Parse a decimal string and returns the value as a `int256`.\n     *\n     * Requirements:\n     * - The string must be formatted as `[-+]?[0-9]*`\n     * - The result must fit in an `int256` type.\n     */\n    function parseInt(string memory input) internal pure returns (int256) {\n        return parseInt(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseInt-string} that parses a substring of `input` located between position `begin` (included) and\n     * `end` (excluded).\n     *\n     * Requirements:\n     * - The substring must be formatted as `[-+]?[0-9]*`\n     * - The result must fit in an `int256` type.\n     */\n    function parseInt(string memory input, uint256 begin, uint256 end) internal pure returns (int256) {\n        (bool success, int256 value) = tryParseInt(input, begin, end);\n        if (!success) revert StringsInvalidChar();\n        return value;\n    }\n\n    /**\n     * @dev Variant of {parseInt-string} that returns false if the parsing fails because of an invalid character or if\n     * the result does not fit in a `int256`.\n     *\n     * NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.\n     */\n    function tryParseInt(string memory input) internal pure returns (bool success, int256 value) {\n        return _tryParseIntUncheckedBounds(input, 0, bytes(input).length);\n    }\n\n    uint256 private constant ABS_MIN_INT256 = 2 ** 255;\n\n    /**\n     * @dev Variant of {parseInt-string-uint256-uint256} that returns false if the parsing fails because of an invalid\n     * character or if the result does not fit in a `int256`.\n     *\n     * NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.\n     */\n    function tryParseInt(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) internal pure returns (bool success, int256 value) {\n        if (end > bytes(input).length || begin > end) return (false, 0);\n        return _tryParseIntUncheckedBounds(input, begin, end);\n    }\n\n    /**\n     * @dev Implementation of {tryParseInt-string-uint256-uint256} that does not check bounds. Caller should make sure that\n     * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\n     */\n    function _tryParseIntUncheckedBounds(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) private pure returns (bool success, int256 value) {\n        bytes memory buffer = bytes(input);\n\n        // Check presence of a negative sign.\n        bytes1 sign = begin == end ? bytes1(0) : bytes1(_unsafeReadBytesOffset(buffer, begin)); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\n        bool positiveSign = sign == bytes1(\"+\");\n        bool negativeSign = sign == bytes1(\"-\");\n        uint256 offset = (positiveSign || negativeSign).toUint();\n\n        (bool absSuccess, uint256 absValue) = tryParseUint(input, begin + offset, end);\n\n        if (absSuccess && absValue < ABS_MIN_INT256) {\n            return (true, negativeSign ? -int256(absValue) : int256(absValue));\n        } else if (absSuccess && negativeSign && absValue == ABS_MIN_INT256) {\n            return (true, type(int256).min);\n        } else return (false, 0);\n    }\n\n    /**\n     * @dev Parse a hexadecimal string (with or without \"0x\" prefix), and returns the value as a `uint256`.\n     *\n     * Requirements:\n     * - The string must be formatted as `(0x)?[0-9a-fA-F]*`\n     * - The result must fit in an `uint256` type.\n     */\n    function parseHexUint(string memory input) internal pure returns (uint256) {\n        return parseHexUint(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseHexUint-string} that parses a substring of `input` located between position `begin` (included) and\n     * `end` (excluded).\n     *\n     * Requirements:\n     * - The substring must be formatted as `(0x)?[0-9a-fA-F]*`\n     * - The result must fit in an `uint256` type.\n     */\n    function parseHexUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {\n        (bool success, uint256 value) = tryParseHexUint(input, begin, end);\n        if (!success) revert StringsInvalidChar();\n        return value;\n    }\n\n    /**\n     * @dev Variant of {parseHexUint-string} that returns false if the parsing fails because of an invalid character.\n     *\n     * NOTE: This function will revert if the result does not fit in a `uint256`.\n     */\n    function tryParseHexUint(string memory input) internal pure returns (bool success, uint256 value) {\n        return _tryParseHexUintUncheckedBounds(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseHexUint-string-uint256-uint256} that returns false if the parsing fails because of an\n     * invalid character.\n     *\n     * NOTE: This function will revert if the result does not fit in a `uint256`.\n     */\n    function tryParseHexUint(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) internal pure returns (bool success, uint256 value) {\n        if (end > bytes(input).length || begin > end) return (false, 0);\n        return _tryParseHexUintUncheckedBounds(input, begin, end);\n    }\n\n    /**\n     * @dev Implementation of {tryParseHexUint-string-uint256-uint256} that does not check bounds. Caller should make sure that\n     * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\n     */\n    function _tryParseHexUintUncheckedBounds(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) private pure returns (bool success, uint256 value) {\n        bytes memory buffer = bytes(input);\n\n        // skip 0x prefix if present\n        bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(buffer, begin)) == bytes2(\"0x\"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\n        uint256 offset = hasPrefix.toUint() * 2;\n\n        uint256 result = 0;\n        for (uint256 i = begin + offset; i < end; ++i) {\n            uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));\n            if (chr > 15) return (false, 0);\n            result *= 16;\n            unchecked {\n                // Multiplying by 16 is equivalent to a shift of 4 bits (with additional overflow check).\n                // This guarantees that adding a value < 16 will not cause an overflow, hence the unchecked.\n                result += chr;\n            }\n        }\n        return (true, result);\n    }\n\n    /**\n     * @dev Parse a hexadecimal string (with or without \"0x\" prefix), and returns the value as an `address`.\n     *\n     * Requirements:\n     * - The string must be formatted as `(0x)?[0-9a-fA-F]{40}`\n     */\n    function parseAddress(string memory input) internal pure returns (address) {\n        return parseAddress(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseAddress-string} that parses a substring of `input` located between position `begin` (included) and\n     * `end` (excluded).\n     *\n     * Requirements:\n     * - The substring must be formatted as `(0x)?[0-9a-fA-F]{40}`\n     */\n    function parseAddress(string memory input, uint256 begin, uint256 end) internal pure returns (address) {\n        (bool success, address value) = tryParseAddress(input, begin, end);\n        if (!success) revert StringsInvalidAddressFormat();\n        return value;\n    }\n\n    /**\n     * @dev Variant of {parseAddress-string} that returns false if the parsing fails because the input is not a properly\n     * formatted address. See {parseAddress-string} requirements.\n     */\n    function tryParseAddress(string memory input) internal pure returns (bool success, address value) {\n        return tryParseAddress(input, 0, bytes(input).length);\n    }\n\n    /**\n     * @dev Variant of {parseAddress-string-uint256-uint256} that returns false if the parsing fails because input is not a properly\n     * formatted address. See {parseAddress-string-uint256-uint256} requirements.\n     */\n    function tryParseAddress(\n        string memory input,\n        uint256 begin,\n        uint256 end\n    ) internal pure returns (bool success, address value) {\n        if (end > bytes(input).length || begin > end) return (false, address(0));\n\n        bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(bytes(input), begin)) == bytes2(\"0x\"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\n        uint256 expectedLength = 40 + hasPrefix.toUint() * 2;\n\n        // check that input is the correct length\n        if (end - begin == expectedLength) {\n            // length guarantees that this does not overflow, and value is at most type(uint160).max\n            (bool s, uint256 v) = _tryParseHexUintUncheckedBounds(input, begin, end);\n            return (s, address(uint160(v)));\n        } else {\n            return (false, address(0));\n        }\n    }\n\n    function _tryParseChr(bytes1 chr) private pure returns (uint8) {\n        uint8 value = uint8(chr);\n\n        // Try to parse `chr`:\n        // - Case 1: [0-9]\n        // - Case 2: [a-f]\n        // - Case 3: [A-F]\n        // - otherwise not supported\n        unchecked {\n            if (value > 47 && value < 58) value -= 48;\n            else if (value > 96 && value < 103) value -= 87;\n            else if (value > 64 && value < 71) value -= 55;\n            else return type(uint8).max;\n        }\n\n        return value;\n    }\n\n    /**\n     * @dev Escape special characters in JSON strings. This can be useful to prevent JSON injection in NFT metadata.\n     *\n     * WARNING: This function should only be used in double quoted JSON strings. Single quotes are not escaped.\n     *\n     * NOTE: This function escapes all unicode characters, and not just the ones in ranges defined in section 2.5 of\n     * RFC-4627 (U+0000 to U+001F, U+0022 and U+005C). ECMAScript's `JSON.parse` does recover escaped unicode\n     * characters that are not in this range, but other tooling may provide different results.\n     */\n    function escapeJSON(string memory input) internal pure returns (string memory) {\n        bytes memory buffer = bytes(input);\n        bytes memory output = new bytes(2 * buffer.length); // worst case scenario\n        uint256 outputLength = 0;\n\n        for (uint256 i; i < buffer.length; ++i) {\n            bytes1 char = bytes1(_unsafeReadBytesOffset(buffer, i));\n            if (((SPECIAL_CHARS_LOOKUP & (1 << uint8(char))) != 0)) {\n                output[outputLength++] = \"\\\\\";\n                if (char == 0x08) output[outputLength++] = \"b\";\n                else if (char == 0x09) output[outputLength++] = \"t\";\n                else if (char == 0x0a) output[outputLength++] = \"n\";\n                else if (char == 0x0c) output[outputLength++] = \"f\";\n                else if (char == 0x0d) output[outputLength++] = \"r\";\n                else if (char == 0x5c) output[outputLength++] = \"\\\\\";\n                else if (char == 0x22) {\n                    // solhint-disable-next-line quotes\n                    output[outputLength++] = '\"';\n                }\n            } else {\n                output[outputLength++] = char;\n            }\n        }\n        // write the actual length and deallocate unused memory\n        assembly (\"memory-safe\") {\n            mstore(output, outputLength)\n            mstore(0x40, add(output, shl(5, shr(5, add(outputLength, 63)))))\n        }\n\n        return string(output);\n    }\n\n    /**\n     * @dev Reads a bytes32 from a bytes array without bounds checking.\n     *\n     * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\n     * assembly block as such would prevent some optimizations.\n     */\n    function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {\n        // This is not memory safe in the general case, but all calls to this private function are within bounds.\n        assembly (\"memory-safe\") {\n            value := mload(add(buffer, add(0x20, offset)))\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/structs/Checkpoints.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.3.0) (utils/structs/Checkpoints.sol)\n// This file was procedurally generated from scripts/generate/templates/Checkpoints.js.\n\npragma solidity ^0.8.20;\n\nimport {Math} from \"../math/Math.sol\";\n\n/**\n * @dev This library defines the `Trace*` struct, for checkpointing values as they change at different points in\n * time, and later looking up past values by block number. See {Votes} as an example.\n *\n * To create a history of checkpoints define a variable type `Checkpoints.Trace*` in your contract, and store a new\n * checkpoint for the current transaction block using the {push} function.\n */\nlibrary Checkpoints {\n    /**\n     * @dev A value was attempted to be inserted on a past checkpoint.\n     */\n    error CheckpointUnorderedInsertion();\n\n    struct Trace224 {\n        Checkpoint224[] _checkpoints;\n    }\n\n    struct Checkpoint224 {\n        uint32 _key;\n        uint224 _value;\n    }\n\n    /**\n     * @dev Pushes a (`key`, `value`) pair into a Trace224 so that it is stored as the checkpoint.\n     *\n     * Returns previous value and new value.\n     *\n     * IMPORTANT: Never accept `key` as a user input, since an arbitrary `type(uint32).max` key set will disable the\n     * library.\n     */\n    function push(\n        Trace224 storage self,\n        uint32 key,\n        uint224 value\n    ) internal returns (uint224 oldValue, uint224 newValue) {\n        return _insert(self._checkpoints, key, value);\n    }\n\n    /**\n     * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if\n     * there is none.\n     */\n    function lowerLookup(Trace224 storage self, uint32 key) internal view returns (uint224) {\n        uint256 len = self._checkpoints.length;\n        uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len);\n        return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value;\n    }\n\n    /**\n     * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero\n     * if there is none.\n     */\n    function upperLookup(Trace224 storage self, uint32 key) internal view returns (uint224) {\n        uint256 len = self._checkpoints.length;\n        uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len);\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero\n     * if there is none.\n     *\n     * NOTE: This is a variant of {upperLookup} that is optimised to find \"recent\" checkpoint (checkpoints with high\n     * keys).\n     */\n    function upperLookupRecent(Trace224 storage self, uint32 key) internal view returns (uint224) {\n        uint256 len = self._checkpoints.length;\n\n        uint256 low = 0;\n        uint256 high = len;\n\n        if (len > 5) {\n            uint256 mid = len - Math.sqrt(len);\n            if (key < _unsafeAccess(self._checkpoints, mid)._key) {\n                high = mid;\n            } else {\n                low = mid + 1;\n            }\n        }\n\n        uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high);\n\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints.\n     */\n    function latest(Trace224 storage self) internal view returns (uint224) {\n        uint256 pos = self._checkpoints.length;\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value\n     * in the most recent checkpoint.\n     */\n    function latestCheckpoint(Trace224 storage self) internal view returns (bool exists, uint32 _key, uint224 _value) {\n        uint256 pos = self._checkpoints.length;\n        if (pos == 0) {\n            return (false, 0, 0);\n        } else {\n            Checkpoint224 storage ckpt = _unsafeAccess(self._checkpoints, pos - 1);\n            return (true, ckpt._key, ckpt._value);\n        }\n    }\n\n    /**\n     * @dev Returns the number of checkpoints.\n     */\n    function length(Trace224 storage self) internal view returns (uint256) {\n        return self._checkpoints.length;\n    }\n\n    /**\n     * @dev Returns checkpoint at given position.\n     */\n    function at(Trace224 storage self, uint32 pos) internal view returns (Checkpoint224 memory) {\n        return self._checkpoints[pos];\n    }\n\n    /**\n     * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint,\n     * or by updating the last one.\n     */\n    function _insert(\n        Checkpoint224[] storage self,\n        uint32 key,\n        uint224 value\n    ) private returns (uint224 oldValue, uint224 newValue) {\n        uint256 pos = self.length;\n\n        if (pos > 0) {\n            Checkpoint224 storage last = _unsafeAccess(self, pos - 1);\n            uint32 lastKey = last._key;\n            uint224 lastValue = last._value;\n\n            // Checkpoint keys must be non-decreasing.\n            if (lastKey > key) {\n                revert CheckpointUnorderedInsertion();\n            }\n\n            // Update or push new checkpoint\n            if (lastKey == key) {\n                last._value = value;\n            } else {\n                self.push(Checkpoint224({_key: key, _value: value}));\n            }\n            return (lastValue, value);\n        } else {\n            self.push(Checkpoint224({_key: key, _value: value}));\n            return (0, value);\n        }\n    }\n\n    /**\n     * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or `high`\n     * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive\n     * `high`.\n     *\n     * WARNING: `high` should not be greater than the array's length.\n     */\n    function _upperBinaryLookup(\n        Checkpoint224[] storage self,\n        uint32 key,\n        uint256 low,\n        uint256 high\n    ) private view returns (uint256) {\n        while (low < high) {\n            uint256 mid = Math.average(low, high);\n            if (_unsafeAccess(self, mid)._key > key) {\n                high = mid;\n            } else {\n                low = mid + 1;\n            }\n        }\n        return high;\n    }\n\n    /**\n     * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or `high`\n     * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive\n     * `high`.\n     *\n     * WARNING: `high` should not be greater than the array's length.\n     */\n    function _lowerBinaryLookup(\n        Checkpoint224[] storage self,\n        uint32 key,\n        uint256 low,\n        uint256 high\n    ) private view returns (uint256) {\n        while (low < high) {\n            uint256 mid = Math.average(low, high);\n            if (_unsafeAccess(self, mid)._key < key) {\n                low = mid + 1;\n            } else {\n                high = mid;\n            }\n        }\n        return high;\n    }\n\n    /**\n     * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.\n     */\n    function _unsafeAccess(\n        Checkpoint224[] storage self,\n        uint256 pos\n    ) private pure returns (Checkpoint224 storage result) {\n        assembly {\n            mstore(0, self.slot)\n            result.slot := add(keccak256(0, 0x20), pos)\n        }\n    }\n\n    struct Trace208 {\n        Checkpoint208[] _checkpoints;\n    }\n\n    struct Checkpoint208 {\n        uint48 _key;\n        uint208 _value;\n    }\n\n    /**\n     * @dev Pushes a (`key`, `value`) pair into a Trace208 so that it is stored as the checkpoint.\n     *\n     * Returns previous value and new value.\n     *\n     * IMPORTANT: Never accept `key` as a user input, since an arbitrary `type(uint48).max` key set will disable the\n     * library.\n     */\n    function push(\n        Trace208 storage self,\n        uint48 key,\n        uint208 value\n    ) internal returns (uint208 oldValue, uint208 newValue) {\n        return _insert(self._checkpoints, key, value);\n    }\n\n    /**\n     * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if\n     * there is none.\n     */\n    function lowerLookup(Trace208 storage self, uint48 key) internal view returns (uint208) {\n        uint256 len = self._checkpoints.length;\n        uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len);\n        return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value;\n    }\n\n    /**\n     * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero\n     * if there is none.\n     */\n    function upperLookup(Trace208 storage self, uint48 key) internal view returns (uint208) {\n        uint256 len = self._checkpoints.length;\n        uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len);\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero\n     * if there is none.\n     *\n     * NOTE: This is a variant of {upperLookup} that is optimised to find \"recent\" checkpoint (checkpoints with high\n     * keys).\n     */\n    function upperLookupRecent(Trace208 storage self, uint48 key) internal view returns (uint208) {\n        uint256 len = self._checkpoints.length;\n\n        uint256 low = 0;\n        uint256 high = len;\n\n        if (len > 5) {\n            uint256 mid = len - Math.sqrt(len);\n            if (key < _unsafeAccess(self._checkpoints, mid)._key) {\n                high = mid;\n            } else {\n                low = mid + 1;\n            }\n        }\n\n        uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high);\n\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints.\n     */\n    function latest(Trace208 storage self) internal view returns (uint208) {\n        uint256 pos = self._checkpoints.length;\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value\n     * in the most recent checkpoint.\n     */\n    function latestCheckpoint(Trace208 storage self) internal view returns (bool exists, uint48 _key, uint208 _value) {\n        uint256 pos = self._checkpoints.length;\n        if (pos == 0) {\n            return (false, 0, 0);\n        } else {\n            Checkpoint208 storage ckpt = _unsafeAccess(self._checkpoints, pos - 1);\n            return (true, ckpt._key, ckpt._value);\n        }\n    }\n\n    /**\n     * @dev Returns the number of checkpoints.\n     */\n    function length(Trace208 storage self) internal view returns (uint256) {\n        return self._checkpoints.length;\n    }\n\n    /**\n     * @dev Returns checkpoint at given position.\n     */\n    function at(Trace208 storage self, uint32 pos) internal view returns (Checkpoint208 memory) {\n        return self._checkpoints[pos];\n    }\n\n    /**\n     * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint,\n     * or by updating the last one.\n     */\n    function _insert(\n        Checkpoint208[] storage self,\n        uint48 key,\n        uint208 value\n    ) private returns (uint208 oldValue, uint208 newValue) {\n        uint256 pos = self.length;\n\n        if (pos > 0) {\n            Checkpoint208 storage last = _unsafeAccess(self, pos - 1);\n            uint48 lastKey = last._key;\n            uint208 lastValue = last._value;\n\n            // Checkpoint keys must be non-decreasing.\n            if (lastKey > key) {\n                revert CheckpointUnorderedInsertion();\n            }\n\n            // Update or push new checkpoint\n            if (lastKey == key) {\n                last._value = value;\n            } else {\n                self.push(Checkpoint208({_key: key, _value: value}));\n            }\n            return (lastValue, value);\n        } else {\n            self.push(Checkpoint208({_key: key, _value: value}));\n            return (0, value);\n        }\n    }\n\n    /**\n     * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or `high`\n     * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive\n     * `high`.\n     *\n     * WARNING: `high` should not be greater than the array's length.\n     */\n    function _upperBinaryLookup(\n        Checkpoint208[] storage self,\n        uint48 key,\n        uint256 low,\n        uint256 high\n    ) private view returns (uint256) {\n        while (low < high) {\n            uint256 mid = Math.average(low, high);\n            if (_unsafeAccess(self, mid)._key > key) {\n                high = mid;\n            } else {\n                low = mid + 1;\n            }\n        }\n        return high;\n    }\n\n    /**\n     * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or `high`\n     * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive\n     * `high`.\n     *\n     * WARNING: `high` should not be greater than the array's length.\n     */\n    function _lowerBinaryLookup(\n        Checkpoint208[] storage self,\n        uint48 key,\n        uint256 low,\n        uint256 high\n    ) private view returns (uint256) {\n        while (low < high) {\n            uint256 mid = Math.average(low, high);\n            if (_unsafeAccess(self, mid)._key < key) {\n                low = mid + 1;\n            } else {\n                high = mid;\n            }\n        }\n        return high;\n    }\n\n    /**\n     * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.\n     */\n    function _unsafeAccess(\n        Checkpoint208[] storage self,\n        uint256 pos\n    ) private pure returns (Checkpoint208 storage result) {\n        assembly {\n            mstore(0, self.slot)\n            result.slot := add(keccak256(0, 0x20), pos)\n        }\n    }\n\n    struct Trace160 {\n        Checkpoint160[] _checkpoints;\n    }\n\n    struct Checkpoint160 {\n        uint96 _key;\n        uint160 _value;\n    }\n\n    /**\n     * @dev Pushes a (`key`, `value`) pair into a Trace160 so that it is stored as the checkpoint.\n     *\n     * Returns previous value and new value.\n     *\n     * IMPORTANT: Never accept `key` as a user input, since an arbitrary `type(uint96).max` key set will disable the\n     * library.\n     */\n    function push(\n        Trace160 storage self,\n        uint96 key,\n        uint160 value\n    ) internal returns (uint160 oldValue, uint160 newValue) {\n        return _insert(self._checkpoints, key, value);\n    }\n\n    /**\n     * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if\n     * there is none.\n     */\n    function lowerLookup(Trace160 storage self, uint96 key) internal view returns (uint160) {\n        uint256 len = self._checkpoints.length;\n        uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len);\n        return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value;\n    }\n\n    /**\n     * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero\n     * if there is none.\n     */\n    function upperLookup(Trace160 storage self, uint96 key) internal view returns (uint160) {\n        uint256 len = self._checkpoints.length;\n        uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len);\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero\n     * if there is none.\n     *\n     * NOTE: This is a variant of {upperLookup} that is optimised to find \"recent\" checkpoint (checkpoints with high\n     * keys).\n     */\n    function upperLookupRecent(Trace160 storage self, uint96 key) internal view returns (uint160) {\n        uint256 len = self._checkpoints.length;\n\n        uint256 low = 0;\n        uint256 high = len;\n\n        if (len > 5) {\n            uint256 mid = len - Math.sqrt(len);\n            if (key < _unsafeAccess(self._checkpoints, mid)._key) {\n                high = mid;\n            } else {\n                low = mid + 1;\n            }\n        }\n\n        uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high);\n\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints.\n     */\n    function latest(Trace160 storage self) internal view returns (uint160) {\n        uint256 pos = self._checkpoints.length;\n        return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;\n    }\n\n    /**\n     * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value\n     * in the most recent checkpoint.\n     */\n    function latestCheckpoint(Trace160 storage self) internal view returns (bool exists, uint96 _key, uint160 _value) {\n        uint256 pos = self._checkpoints.length;\n        if (pos == 0) {\n            return (false, 0, 0);\n        } else {\n            Checkpoint160 storage ckpt = _unsafeAccess(self._checkpoints, pos - 1);\n            return (true, ckpt._key, ckpt._value);\n        }\n    }\n\n    /**\n     * @dev Returns the number of checkpoints.\n     */\n    function length(Trace160 storage self) internal view returns (uint256) {\n        return self._checkpoints.length;\n    }\n\n    /**\n     * @dev Returns checkpoint at given position.\n     */\n    function at(Trace160 storage self, uint32 pos) internal view returns (Checkpoint160 memory) {\n        return self._checkpoints[pos];\n    }\n\n    /**\n     * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint,\n     * or by updating the last one.\n     */\n    function _insert(\n        Checkpoint160[] storage self,\n        uint96 key,\n        uint160 value\n    ) private returns (uint160 oldValue, uint160 newValue) {\n        uint256 pos = self.length;\n\n        if (pos > 0) {\n            Checkpoint160 storage last = _unsafeAccess(self, pos - 1);\n            uint96 lastKey = last._key;\n            uint160 lastValue = last._value;\n\n            // Checkpoint keys must be non-decreasing.\n            if (lastKey > key) {\n                revert CheckpointUnorderedInsertion();\n            }\n\n            // Update or push new checkpoint\n            if (lastKey == key) {\n                last._value = value;\n            } else {\n                self.push(Checkpoint160({_key: key, _value: value}));\n            }\n            return (lastValue, value);\n        } else {\n            self.push(Checkpoint160({_key: key, _value: value}));\n            return (0, value);\n        }\n    }\n\n    /**\n     * @dev Return the index of the first (oldest) checkpoint with key strictly bigger than the search key, or `high`\n     * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive\n     * `high`.\n     *\n     * WARNING: `high` should not be greater than the array's length.\n     */\n    function _upperBinaryLookup(\n        Checkpoint160[] storage self,\n        uint96 key,\n        uint256 low,\n        uint256 high\n    ) private view returns (uint256) {\n        while (low < high) {\n            uint256 mid = Math.average(low, high);\n            if (_unsafeAccess(self, mid)._key > key) {\n                high = mid;\n            } else {\n                low = mid + 1;\n            }\n        }\n        return high;\n    }\n\n    /**\n     * @dev Return the index of the first (oldest) checkpoint with key greater or equal than the search key, or `high`\n     * if there is none. `low` and `high` define a section where to do the search, with inclusive `low` and exclusive\n     * `high`.\n     *\n     * WARNING: `high` should not be greater than the array's length.\n     */\n    function _lowerBinaryLookup(\n        Checkpoint160[] storage self,\n        uint96 key,\n        uint256 low,\n        uint256 high\n    ) private view returns (uint256) {\n        while (low < high) {\n            uint256 mid = Math.average(low, high);\n            if (_unsafeAccess(self, mid)._key < key) {\n                low = mid + 1;\n            } else {\n                high = mid;\n            }\n        }\n        return high;\n    }\n\n    /**\n     * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.\n     */\n    function _unsafeAccess(\n        Checkpoint160[] storage self,\n        uint256 pos\n    ) private pure returns (Checkpoint160 storage result) {\n        assembly {\n            mstore(0, self.slot)\n            result.slot := add(keccak256(0, 0x20), pos)\n        }\n    }\n}\n"
+      },
+      "npm/@openzeppelin/contracts@5.3.0/utils/types/Time.sol": {
+        "content": "// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/types/Time.sol)\n\npragma solidity ^0.8.20;\n\nimport {Math} from \"../math/Math.sol\";\nimport {SafeCast} from \"../math/SafeCast.sol\";\n\n/**\n * @dev This library provides helpers for manipulating time-related objects.\n *\n * It uses the following types:\n * - `uint48` for timepoints\n * - `uint32` for durations\n *\n * While the library doesn't provide specific types for timepoints and duration, it does provide:\n * - a `Delay` type to represent duration that can be programmed to change value automatically at a given point\n * - additional helper functions\n */\nlibrary Time {\n    using Time for *;\n\n    /**\n     * @dev Get the block timestamp as a Timepoint.\n     */\n    function timestamp() internal view returns (uint48) {\n        return SafeCast.toUint48(block.timestamp);\n    }\n\n    /**\n     * @dev Get the block number as a Timepoint.\n     */\n    function blockNumber() internal view returns (uint48) {\n        return SafeCast.toUint48(block.number);\n    }\n\n    // ==================================================== Delay =====================================================\n    /**\n     * @dev A `Delay` is a uint32 duration that can be programmed to change value automatically at a given point in the\n     * future. The \"effect\" timepoint describes when the transitions happens from the \"old\" value to the \"new\" value.\n     * This allows updating the delay applied to some operation while keeping some guarantees.\n     *\n     * In particular, the {update} function guarantees that if the delay is reduced, the old delay still applies for\n     * some time. For example if the delay is currently 7 days to do an upgrade, the admin should not be able to set\n     * the delay to 0 and upgrade immediately. If the admin wants to reduce the delay, the old delay (7 days) should\n     * still apply for some time.\n     *\n     *\n     * The `Delay` type is 112 bits long, and packs the following:\n     *\n     * ```\n     *   | [uint48]: effect date (timepoint)\n     *   |           | [uint32]: value before (duration)\n     *   ↓           ↓       ↓ [uint32]: value after (duration)\n     * 0xAAAAAAAAAAAABBBBBBBBCCCCCCCC\n     * ```\n     *\n     * NOTE: The {get} and {withUpdate} functions operate using timestamps. Block number based delays are not currently\n     * supported.\n     */\n    type Delay is uint112;\n\n    /**\n     * @dev Wrap a duration into a Delay to add the one-step \"update in the future\" feature\n     */\n    function toDelay(uint32 duration) internal pure returns (Delay) {\n        return Delay.wrap(duration);\n    }\n\n    /**\n     * @dev Get the value at a given timepoint plus the pending value and effect timepoint if there is a scheduled\n     * change after this timepoint. If the effect timepoint is 0, then the pending value should not be considered.\n     */\n    function _getFullAt(\n        Delay self,\n        uint48 timepoint\n    ) private pure returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {\n        (valueBefore, valueAfter, effect) = self.unpack();\n        return effect <= timepoint ? (valueAfter, 0, 0) : (valueBefore, valueAfter, effect);\n    }\n\n    /**\n     * @dev Get the current value plus the pending value and effect timepoint if there is a scheduled change. If the\n     * effect timepoint is 0, then the pending value should not be considered.\n     */\n    function getFull(Delay self) internal view returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {\n        return _getFullAt(self, timestamp());\n    }\n\n    /**\n     * @dev Get the current value.\n     */\n    function get(Delay self) internal view returns (uint32) {\n        (uint32 delay, , ) = self.getFull();\n        return delay;\n    }\n\n    /**\n     * @dev Update a Delay object so that it takes a new duration after a timepoint that is automatically computed to\n     * enforce the old delay at the moment of the update. Returns the updated Delay object and the timestamp when the\n     * new delay becomes effective.\n     */\n    function withUpdate(\n        Delay self,\n        uint32 newValue,\n        uint32 minSetback\n    ) internal view returns (Delay updatedDelay, uint48 effect) {\n        uint32 value = self.get();\n        uint32 setback = uint32(Math.max(minSetback, value > newValue ? value - newValue : 0));\n        effect = timestamp() + setback;\n        return (pack(value, newValue, effect), effect);\n    }\n\n    /**\n     * @dev Split a delay into its components: valueBefore, valueAfter and effect (transition timepoint).\n     */\n    function unpack(Delay self) internal pure returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {\n        uint112 raw = Delay.unwrap(self);\n\n        valueAfter = uint32(raw);\n        valueBefore = uint32(raw >> 32);\n        effect = uint48(raw >> 64);\n\n        return (valueBefore, valueAfter, effect);\n    }\n\n    /**\n     * @dev pack the components into a Delay object.\n     */\n    function pack(uint32 valueBefore, uint32 valueAfter, uint48 effect) internal pure returns (Delay) {\n        return Delay.wrap((uint112(effect) << 64) | (uint112(valueBefore) << 32) | uint112(valueAfter));\n    }\n}\n"
+      },
+      "npm/@zk-kit/lean-imt.sol@2.0.1/Constants.sol": {
+        "content": "// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.4;\n\nuint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617;\n"
+      },
+      "npm/@zk-kit/lean-imt.sol@2.0.1/InternalLeanIMT.sol": {
+        "content": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.4;\n\nimport {PoseidonT3} from \"poseidon-solidity/PoseidonT3.sol\";\nimport {SNARK_SCALAR_FIELD} from \"./Constants.sol\";\n\nstruct LeanIMTData {\n    // Tracks the current number of leaves in the tree.\n    uint256 size;\n    // Represents the current depth of the tree, which can increase as new leaves are inserted.\n    uint256 depth;\n    // A mapping from each level of the tree to the node value of the last even position at that level.\n    // Used for efficient inserts, updates and root calculations.\n    mapping(uint256 => uint256) sideNodes;\n    // A mapping from leaf values to their respective indices in the tree.\n    // This facilitates checks for leaf existence and retrieval of leaf positions.\n    mapping(uint256 => uint256) leaves;\n}\n\nerror WrongSiblingNodes();\nerror LeafGreaterThanSnarkScalarField();\nerror LeafCannotBeZero();\nerror LeafAlreadyExists();\nerror LeafDoesNotExist();\n\n/// @title Lean Incremental binary Merkle tree.\n/// @dev The LeanIMT is an optimized version of the BinaryIMT.\n/// This implementation eliminates the use of zeroes, and make the tree depth dynamic.\n/// When a node doesn't have the right child, instead of using a zero hash as in the BinaryIMT,\n/// the node's value becomes that of its left child. Furthermore, rather than utilizing a static tree depth,\n/// it is updated based on the number of leaves in the tree. This approach\n/// results in the calculation of significantly fewer hashes, making the tree more efficient.\nlibrary InternalLeanIMT {\n    /// @dev Inserts a new leaf into the incremental merkle tree.\n    /// The function ensures that the leaf is valid according to the\n    /// constraints of the tree and then updates the tree's structure accordingly.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @param leaf: The value of the new leaf to be inserted into the tree.\n    /// @return The new hash of the node after the leaf has been inserted.\n    function _insert(LeanIMTData storage self, uint256 leaf) internal returns (uint256) {\n        if (leaf >= SNARK_SCALAR_FIELD) {\n            revert LeafGreaterThanSnarkScalarField();\n        } else if (leaf == 0) {\n            revert LeafCannotBeZero();\n        } else if (_has(self, leaf)) {\n            revert LeafAlreadyExists();\n        }\n\n        uint256 index = self.size;\n\n        // Cache tree depth to optimize gas\n        uint256 treeDepth = self.depth;\n\n        // A new insertion can increase a tree's depth by at most 1,\n        // and only if the number of leaves supported by the current\n        // depth is less than the number of leaves to be supported after insertion.\n        if (2 ** treeDepth < index + 1) {\n            ++treeDepth;\n        }\n\n        self.depth = treeDepth;\n\n        uint256 node = leaf;\n\n        for (uint256 level = 0; level < treeDepth; ) {\n            if ((index >> level) & 1 == 1) {\n                node = PoseidonT3.hash([self.sideNodes[level], node]);\n            } else {\n                self.sideNodes[level] = node;\n            }\n\n            unchecked {\n                ++level;\n            }\n        }\n\n        self.size = ++index;\n\n        self.sideNodes[treeDepth] = node;\n        self.leaves[leaf] = index;\n\n        return node;\n    }\n\n    /// @dev Inserts many leaves into the incremental merkle tree.\n    /// The function ensures that the leaves are valid according to the\n    /// constraints of the tree and then updates the tree's structure accordingly.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @param leaves: The values of the new leaves to be inserted into the tree.\n    /// @return The root after the leaves have been inserted.\n    function _insertMany(LeanIMTData storage self, uint256[] calldata leaves) internal returns (uint256) {\n        // Cache tree size to optimize gas\n        uint256 treeSize = self.size;\n\n        // Check that all the new values are correct to be added.\n        for (uint256 i = 0; i < leaves.length; ) {\n            if (leaves[i] >= SNARK_SCALAR_FIELD) {\n                revert LeafGreaterThanSnarkScalarField();\n            } else if (leaves[i] == 0) {\n                revert LeafCannotBeZero();\n            } else if (_has(self, leaves[i])) {\n                revert LeafAlreadyExists();\n            }\n\n            self.leaves[leaves[i]] = treeSize + 1 + i;\n\n            unchecked {\n                ++i;\n            }\n        }\n\n        // Array to save the nodes that will be used to create the next level of the tree.\n        uint256[] memory currentLevelNewNodes;\n\n        currentLevelNewNodes = leaves;\n\n        // Cache tree depth to optimize gas\n        uint256 treeDepth = self.depth;\n\n        // Calculate the depth of the tree after adding the new values.\n        // Unlike the 'insert' function, we need a while here as\n        // N insertions can increase the tree's depth more than once.\n        while (2 ** treeDepth < treeSize + leaves.length) {\n            ++treeDepth;\n        }\n\n        self.depth = treeDepth;\n\n        // First index to change in every level.\n        uint256 currentLevelStartIndex = treeSize;\n\n        // Size of the level used to create the next level.\n        uint256 currentLevelSize = treeSize + leaves.length;\n\n        // The index where changes begin at the next level.\n        uint256 nextLevelStartIndex = currentLevelStartIndex >> 1;\n\n        // The size of the next level.\n        uint256 nextLevelSize = ((currentLevelSize - 1) >> 1) + 1;\n\n        for (uint256 level = 0; level < treeDepth; ) {\n            // The number of nodes for the new level that will be created,\n            // only the new values, not the entire level.\n            uint256 numberOfNewNodes = nextLevelSize - nextLevelStartIndex;\n            uint256[] memory nextLevelNewNodes = new uint256[](numberOfNewNodes);\n            for (uint256 i = 0; i < numberOfNewNodes; ) {\n                uint256 leftNode;\n\n                // Assign the left node using the saved path or the position in the array.\n                if ((i + nextLevelStartIndex) * 2 < currentLevelStartIndex) {\n                    leftNode = self.sideNodes[level];\n                } else {\n                    leftNode = currentLevelNewNodes[(i + nextLevelStartIndex) * 2 - currentLevelStartIndex];\n                }\n\n                uint256 rightNode;\n\n                // Assign the right node if the value exists.\n                if ((i + nextLevelStartIndex) * 2 + 1 < currentLevelSize) {\n                    rightNode = currentLevelNewNodes[(i + nextLevelStartIndex) * 2 + 1 - currentLevelStartIndex];\n                }\n\n                uint256 parentNode;\n\n                // Assign the parent node.\n                // If it has a right child the result will be the hash(leftNode, rightNode) if not,\n                // it will be the leftNode.\n                if (rightNode != 0) {\n                    parentNode = PoseidonT3.hash([leftNode, rightNode]);\n                } else {\n                    parentNode = leftNode;\n                }\n\n                nextLevelNewNodes[i] = parentNode;\n\n                unchecked {\n                    ++i;\n                }\n            }\n\n            // Update the `sideNodes` variable.\n            // If `currentLevelSize` is odd, the saved value will be the last value of the array\n            // if it is even and there are more than 1 element in `currentLevelNewNodes`, the saved value\n            // will be the value before the last one.\n            // If it is even and there is only one element, there is no need to save anything because\n            // the correct value for this level was already saved before.\n            if (currentLevelSize & 1 == 1) {\n                self.sideNodes[level] = currentLevelNewNodes[currentLevelNewNodes.length - 1];\n            } else if (currentLevelNewNodes.length > 1) {\n                self.sideNodes[level] = currentLevelNewNodes[currentLevelNewNodes.length - 2];\n            }\n\n            currentLevelStartIndex = nextLevelStartIndex;\n\n            // Calculate the next level startIndex value.\n            // It is the position of the parent node which is pos/2.\n            nextLevelStartIndex >>= 1;\n\n            // Update the next array that will be used to calculate the next level.\n            currentLevelNewNodes = nextLevelNewNodes;\n\n            currentLevelSize = nextLevelSize;\n\n            // Calculate the size of the next level.\n            // The size of the next level is (currentLevelSize - 1) / 2 + 1.\n            nextLevelSize = ((nextLevelSize - 1) >> 1) + 1;\n\n            unchecked {\n                ++level;\n            }\n        }\n\n        // Update tree size\n        self.size = treeSize + leaves.length;\n\n        // Update tree root\n        self.sideNodes[treeDepth] = currentLevelNewNodes[0];\n\n        return currentLevelNewNodes[0];\n    }\n\n    /// @dev Updates the value of an existing leaf and recalculates hashes\n    /// to maintain tree integrity.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @param oldLeaf: The value of the leaf that is to be updated.\n    /// @param newLeaf: The new value that will replace the oldLeaf in the tree.\n    /// @param siblingNodes: An array of sibling nodes that are necessary to recalculate the path to the root.\n    /// @return The new hash of the updated node after the leaf has been updated.\n    function _update(\n        LeanIMTData storage self,\n        uint256 oldLeaf,\n        uint256 newLeaf,\n        uint256[] calldata siblingNodes\n    ) internal returns (uint256) {\n        if (newLeaf >= SNARK_SCALAR_FIELD) {\n            revert LeafGreaterThanSnarkScalarField();\n        } else if (!_has(self, oldLeaf)) {\n            revert LeafDoesNotExist();\n        } else if (_has(self, newLeaf)) {\n            revert LeafAlreadyExists();\n        }\n\n        uint256 index = _indexOf(self, oldLeaf);\n        uint256 node = newLeaf;\n        uint256 oldRoot = oldLeaf;\n\n        uint256 lastIndex = self.size - 1;\n        uint256 i = 0;\n\n        // Cache tree depth to optimize gas\n        uint256 treeDepth = self.depth;\n\n        for (uint256 level = 0; level < treeDepth; ) {\n            if ((index >> level) & 1 == 1) {\n                if (siblingNodes[i] >= SNARK_SCALAR_FIELD) {\n                    revert LeafGreaterThanSnarkScalarField();\n                }\n\n                node = PoseidonT3.hash([siblingNodes[i], node]);\n                oldRoot = PoseidonT3.hash([siblingNodes[i], oldRoot]);\n\n                unchecked {\n                    ++i;\n                }\n            } else {\n                if (index >> level != lastIndex >> level) {\n                    if (siblingNodes[i] >= SNARK_SCALAR_FIELD) {\n                        revert LeafGreaterThanSnarkScalarField();\n                    }\n\n                    if (self.sideNodes[level] == oldRoot) {\n                        self.sideNodes[level] = node;\n                    }\n\n                    node = PoseidonT3.hash([node, siblingNodes[i]]);\n                    oldRoot = PoseidonT3.hash([oldRoot, siblingNodes[i]]);\n\n                    unchecked {\n                        ++i;\n                    }\n                } else {\n                    self.sideNodes[level] = node;\n                }\n            }\n\n            unchecked {\n                ++level;\n            }\n        }\n\n        if (oldRoot != _root(self)) {\n            revert WrongSiblingNodes();\n        }\n\n        self.sideNodes[treeDepth] = node;\n\n        if (newLeaf != 0) {\n            self.leaves[newLeaf] = self.leaves[oldLeaf];\n        }\n\n        self.leaves[oldLeaf] = 0;\n\n        return node;\n    }\n\n    /// @dev Removes a leaf from the tree by setting its value to zero.\n    /// This function utilizes the update function to set the leaf's value\n    /// to zero and update the tree's state accordingly.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @param oldLeaf: The value of the leaf to be removed.\n    /// @param siblingNodes: An array of sibling nodes required for updating the path to the root after removal.\n    /// @return The new root hash of the tree after the leaf has been removed.\n    function _remove(\n        LeanIMTData storage self,\n        uint256 oldLeaf,\n        uint256[] calldata siblingNodes\n    ) internal returns (uint256) {\n        return _update(self, oldLeaf, 0, siblingNodes);\n    }\n\n    /// @dev Checks if a leaf exists in the tree.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @param leaf: The value of the leaf to check for existence.\n    /// @return A boolean value indicating whether the leaf exists in the tree.\n    function _has(LeanIMTData storage self, uint256 leaf) internal view returns (bool) {\n        return self.leaves[leaf] != 0;\n    }\n\n    /// @dev Retrieves the index of a given leaf in the tree.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @param leaf: The value of the leaf whose index is to be found.\n    /// @return The index of the specified leaf within the tree. If the leaf is not present, the function\n    /// reverts with a custom error.\n    function _indexOf(LeanIMTData storage self, uint256 leaf) internal view returns (uint256) {\n        if (self.leaves[leaf] == 0) {\n            revert LeafDoesNotExist();\n        }\n\n        return self.leaves[leaf] - 1;\n    }\n\n    /// @dev Retrieves the root of the tree from the 'sideNodes' mapping using the\n    /// current tree depth.\n    /// @param self: A storage reference to the 'LeanIMTData' struct.\n    /// @return The root hash of the tree.\n    function _root(LeanIMTData storage self) internal view returns (uint256) {\n        return self.sideNodes[self.depth];\n    }\n}\n"
+      },
+      "npm/poseidon-solidity@0.0.5/PoseidonT3.sol": {
+        "content": "/// SPDX-License-Identifier: MIT\npragma solidity >=0.7.0;\n\nlibrary PoseidonT3 {\n  uint constant M00 = 0x109b7f411ba0e4c9b2b70caf5c36a7b194be7c11ad24378bfedb68592ba8118b;\n  uint constant M01 = 0x2969f27eed31a480b9c36c764379dbca2cc8fdd1415c3dded62940bcde0bd771;\n  uint constant M02 = 0x143021ec686a3f330d5f9e654638065ce6cd79e28c5b3753326244ee65a1b1a7;\n  uint constant M10 = 0x16ed41e13bb9c0c66ae119424fddbcbc9314dc9fdbdeea55d6c64543dc4903e0;\n  uint constant M11 = 0x2e2419f9ec02ec394c9871c832963dc1b89d743c8c7b964029b2311687b1fe23;\n  uint constant M12 = 0x176cc029695ad02582a70eff08a6fd99d057e12e58e7d7b6b16cdfabc8ee2911;\n\n  // See here for a simplified implementation: https://github.com/vimwitch/poseidon-solidity/blob/e57becdabb65d99fdc586fe1e1e09e7108202d53/contracts/Poseidon.sol#L40\n  // Inspired by: https://github.com/iden3/circomlibjs/blob/v0.0.8/src/poseidon_slow.js\n  function hash(uint[2] memory) public pure returns (uint) {\n    assembly {\n      let F := 21888242871839275222246405745257275088548364400416034343698204186575808495617\n      let M20 := 0x2b90bba00fca0589f617e7dcbfe82e0df706ab640ceb247b791a93b74e36736d\n      let M21 := 0x101071f0032379b697315876690f053d148d4e109f5fb065c8aacc55a0f89bfa\n      let M22 := 0x19a3fc0a56702bf417ba7fee3802593fa644470307043f7773279cd71d25d5e0\n\n      // load the inputs from memory\n      let state1 := add(mod(mload(0x80), F), 0x00f1445235f2148c5986587169fc1bcd887b08d4d00868df5696fff40956e864)\n      let state2 := add(mod(mload(0xa0), F), 0x08dff3487e8ac99e1f29a058d0fa80b930c728730b7ab36ce879f3890ecf73f5)\n      let scratch0 := mulmod(state1, state1, F)\n      state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F)\n      scratch0 := mulmod(state2, state2, F)\n      state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F)\n      scratch0 := add(\n        0x2f27be690fdaee46c3ce28f7532b13c856c35342c84bda6e20966310fadc01d0,\n        add(add(15452833169820924772166449970675545095234312153403844297388521437673434406763, mulmod(state1, M10, F)), mulmod(state2, M20, F))\n      )\n      let scratch1 := add(\n        0x2b2ae1acf68b7b8d2416bebf3d4f6234b763fe04b8043ee48b8327bebca16cf2,\n        add(add(18674271267752038776579386132900109523609358935013267566297499497165104279117, mulmod(state1, M11, F)), mulmod(state2, M21, F))\n      )\n      let scratch2 := add(\n        0x0319d062072bef7ecca5eac06f97d4d55952c175ab6b03eae64b44c7dbf11cfa,\n        add(add(14817777843080276494683266178512808687156649753153012854386334860566696099579, mulmod(state1, M12, F)), mulmod(state2, M22, F))\n      )\n      let state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := mulmod(scratch1, scratch1, F)\n      scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F)\n      state0 := mulmod(scratch2, scratch2, F)\n      scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F)\n      state0 := add(0x28813dcaebaeaa828a376df87af4a63bc8b7bf27ad49c6298ef7b387bf28526d, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x2727673b2ccbc903f181bf38e1c1d40d2033865200c352bc150928adddf9cb78, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x234ec45ca27727c2e74abd2b2a1494cd6efbd43e340587d6b8fb9e31e65cc632, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := mulmod(state1, state1, F)\n      state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F)\n      scratch0 := mulmod(state2, state2, F)\n      state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F)\n      scratch0 := add(0x15b52534031ae18f7f862cb2cf7cf760ab10a8150a337b1ccd99ff6e8797d428, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x0dc8fad6d9e4b35f5ed9a3d186b79ce38e0e8a8d1b58b132d701d4eecf68d1f6, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x1bcd95ffc211fbca600f705fad3fb567ea4eb378f62e1fec97805518a47e4d9c, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := mulmod(scratch1, scratch1, F)\n      scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F)\n      state0 := mulmod(scratch2, scratch2, F)\n      scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F)\n      state0 := add(0x10520b0ab721cadfe9eff81b016fc34dc76da36c2578937817cb978d069de559, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1f6d48149b8e7f7d9b257d8ed5fbbaf42932498075fed0ace88a9eb81f5627f6, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1d9655f652309014d29e00ef35a2089bfff8dc1c816f0dc9ca34bdb5460c8705, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x04df5a56ff95bcafb051f7b1cd43a99ba731ff67e47032058fe3d4185697cc7d, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x0672d995f8fff640151b3d290cedaf148690a10a8c8424a7f6ec282b6e4be828, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x099952b414884454b21200d7ffafdd5f0c9a9dcc06f2708e9fc1d8209b5c75b9, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x052cba2255dfd00c7c483143ba8d469448e43586a9b4cd9183fd0e843a6b9fa6, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0b8badee690adb8eb0bd74712b7999af82de55707251ad7716077cb93c464ddc, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x119b1590f13307af5a1ee651020c07c749c15d60683a8050b963d0a8e4b2bdd1, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x03150b7cd6d5d17b2529d36be0f67b832c4acfc884ef4ee5ce15be0bfb4a8d09, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x2cc6182c5e14546e3cf1951f173912355374efb83d80898abe69cb317c9ea565, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x005032551e6378c450cfe129a404b3764218cadedac14e2b92d2cd73111bf0f9, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x233237e3289baa34bb147e972ebcb9516469c399fcc069fb88f9da2cc28276b5, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x05c8f4f4ebd4a6e3c980d31674bfbe6323037f21b34ae5a4e80c2d4c24d60280, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x0a7b1db13042d396ba05d818a319f25252bcf35ef3aeed91ee1f09b2590fc65b, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2a73b71f9b210cf5b14296572c9d32dbf156e2b086ff47dc5df542365a404ec0, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1ac9b0417abcc9a1935107e9ffc91dc3ec18f2c4dbe7f22976a760bb5c50c460, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x12c0339ae08374823fabb076707ef479269f3e4d6cb104349015ee046dc93fc0, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x0b7475b102a165ad7f5b18db4e1e704f52900aa3253baac68246682e56e9a28e, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x037c2849e191ca3edb1c5e49f6e8b8917c843e379366f2ea32ab3aa88d7f8448, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x05a6811f8556f014e92674661e217e9bd5206c5c93a07dc145fdb176a716346f, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x29a795e7d98028946e947b75d54e9f044076e87a7b2883b47b675ef5f38bd66e, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x20439a0c84b322eb45a3857afc18f5826e8c7382c8a1585c507be199981fd22f, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2e0ba8d94d9ecf4a94ec2050c7371ff1bb50f27799a84b6d4a2a6f2a0982c887, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x143fd115ce08fb27ca38eb7cce822b4517822cd2109048d2e6d0ddcca17d71c8, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0c64cbecb1c734b857968dbbdcf813cdf8611659323dbcbfc84323623be9caf1, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x028a305847c683f646fca925c163ff5ae74f348d62c2b670f1426cef9403da53, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2e4ef510ff0b6fda5fa940ab4c4380f26a6bcb64d89427b824d6755b5db9e30c, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x0081c95bc43384e663d79270c956ce3b8925b4f6d033b078b96384f50579400e, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2ed5f0c91cbd9749187e2fade687e05ee2491b349c039a0bba8a9f4023a0bb38, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x30509991f88da3504bbf374ed5aae2f03448a22c76234c8c990f01f33a735206, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1c3f20fd55409a53221b7c4d49a356b9f0a1119fb2067b41a7529094424ec6ad, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x10b4e7f3ab5df003049514459b6e18eec46bb2213e8e131e170887b47ddcb96c, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2a1982979c3ff7f43ddd543d891c2abddd80f804c077d775039aa3502e43adef, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1c74ee64f15e1db6feddbead56d6d55dba431ebc396c9af95cad0f1315bd5c91, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x07533ec850ba7f98eab9303cace01b4b9e4f2e8b82708cfa9c2fe45a0ae146a0, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x21576b438e500449a151e4eeaf17b154285c68f42d42c1808a11abf3764c0750, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x2f17c0559b8fe79608ad5ca193d62f10bce8384c815f0906743d6930836d4a9e, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x2d477e3862d07708a79e8aae946170bc9775a4201318474ae665b0b1b7e2730e, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x162f5243967064c390e095577984f291afba2266c38f5abcd89be0f5b2747eab, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x2b4cb233ede9ba48264ecd2c8ae50d1ad7a8596a87f29f8a7777a70092393311, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2c8fbcb2dd8573dc1dbaf8f4622854776db2eece6d85c4cf4254e7c35e03b07a, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x1d6f347725e4816af2ff453f0cd56b199e1b61e9f601e9ade5e88db870949da9, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x204b0c397f4ebe71ebc2d8b3df5b913df9e6ac02b68d31324cd49af5c4565529, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x0c4cb9dc3c4fd8174f1149b3c63c3c2f9ecb827cd7dc25534ff8fb75bc79c502, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x174ad61a1448c899a25416474f4930301e5c49475279e0639a616ddc45bc7b54, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1a96177bcf4d8d89f759df4ec2f3cde2eaaa28c177cc0fa13a9816d49a38d2ef, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x066d04b24331d71cd0ef8054bc60c4ff05202c126a233c1a8242ace360b8a30a, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x2a4c4fc6ec0b0cf52195782871c6dd3b381cc65f72e02ad527037a62aa1bd804, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x13ab2d136ccf37d447e9f2e14a7cedc95e727f8446f6d9d7e55afc01219fd649, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1121552fca26061619d24d843dc82769c1b04fcec26f55194c2e3e869acc6a9a, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x00ef653322b13d6c889bc81715c37d77a6cd267d595c4a8909a5546c7c97cff1, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x0e25483e45a665208b261d8ba74051e6400c776d652595d9845aca35d8a397d3, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x29f536dcb9dd7682245264659e15d88e395ac3d4dde92d8c46448db979eeba89, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x2a56ef9f2c53febadfda33575dbdbd885a124e2780bbea170e456baace0fa5be, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1c8361c78eb5cf5decfb7a2d17b5c409f2ae2999a46762e8ee416240a8cb9af1, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x151aff5f38b20a0fc0473089aaf0206b83e8e68a764507bfd3d0ab4be74319c5, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x04c6187e41ed881dc1b239c88f7f9d43a9f52fc8c8b6cdd1e76e47615b51f100, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x13b37bd80f4d27fb10d84331f6fb6d534b81c61ed15776449e801b7ddc9c2967, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x01a5c536273c2d9df578bfbd32c17b7a2ce3664c2a52032c9321ceb1c4e8a8e4, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x2ab3561834ca73835ad05f5d7acb950b4a9a2c666b9726da832239065b7c3b02, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1d4d8ec291e720db200fe6d686c0d613acaf6af4e95d3bf69f7ed516a597b646, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x041294d2cc484d228f5784fe7919fd2bb925351240a04b711514c9c80b65af1d, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x154ac98e01708c611c4fa715991f004898f57939d126e392042971dd90e81fc6, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x0b339d8acca7d4f83eedd84093aef51050b3684c88f8b0b04524563bc6ea4da4, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x0955e49e6610c94254a4f84cfbab344598f0e71eaff4a7dd81ed95b50839c82e, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x06746a6156eba54426b9e22206f15abca9a6f41e6f535c6f3525401ea0654626, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0f18f5a0ecd1423c496f3820c549c27838e5790e2bd0a196ac917c7ff32077fb, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x04f6eeca1751f7308ac59eff5beb261e4bb563583ede7bc92a738223d6f76e13, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2b56973364c4c4f5c1a3ec4da3cdce038811eb116fb3e45bc1768d26fc0b3758, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x123769dd49d5b054dcd76b89804b1bcb8e1392b385716a5d83feb65d437f29ef, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2147b424fc48c80a88ee52b91169aacea989f6446471150994257b2fb01c63e9, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x0fdc1f58548b85701a6c5505ea332a29647e6f34ad4243c2ea54ad897cebe54d, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x12373a8251fea004df68abcf0f7786d4bceff28c5dbbe0c3944f685cc0a0b1f2, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x21e4f4ea5f35f85bad7ea52ff742c9e8a642756b6af44203dd8a1f35c1a90035, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x16243916d69d2ca3dfb4722224d4c462b57366492f45e90d8a81934f1bc3b147, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1efbe46dd7a578b4f66f9adbc88b4378abc21566e1a0453ca13a4159cac04ac2, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x07ea5e8537cf5dd08886020e23a7f387d468d5525be66f853b672cc96a88969a, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x05a8c4f9968b8aa3b7b478a30f9a5b63650f19a75e7ce11ca9fe16c0b76c00bc, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x20f057712cc21654fbfe59bd345e8dac3f7818c701b9c7882d9d57b72a32e83f, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x04a12ededa9dfd689672f8c67fee31636dcd8e88d01d49019bd90b33eb33db69, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x27e88d8c15f37dcee44f1e5425a51decbd136ce5091a6767e49ec9544ccd101a, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x2feed17b84285ed9b8a5c8c5e95a41f66e096619a7703223176c41ee433de4d1, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x1ed7cc76edf45c7c404241420f729cf394e5942911312a0d6972b8bd53aff2b8, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x15742e99b9bfa323157ff8c586f5660eac6783476144cdcadf2874be45466b1a, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1aac285387f65e82c895fc6887ddf40577107454c6ec0317284f033f27d0c785, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x25851c3c845d4790f9ddadbdb6057357832e2e7a49775f71ec75a96554d67c77, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x15a5821565cc2ec2ce78457db197edf353b7ebba2c5523370ddccc3d9f146a67, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x2411d57a4813b9980efa7e31a1db5966dcf64f36044277502f15485f28c71727, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x002e6f8d6520cd4713e335b8c0b6d2e647e9a98e12f4cd2558828b5ef6cb4c9b, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x2ff7bc8f4380cde997da00b616b0fcd1af8f0e91e2fe1ed7398834609e0315d2, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x00b9831b948525595ee02724471bcd182e9521f6b7bb68f1e93be4febb0d3cbe, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x0a2f53768b8ebf6a86913b0e57c04e011ca408648a4743a87d77adbf0c9c3512, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x00248156142fd0373a479f91ff239e960f599ff7e94be69b7f2a290305e1198d, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x171d5620b87bfb1328cf8c02ab3f0c9a397196aa6a542c2350eb512a2b2bcda9, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x170a4f55536f7dc970087c7c10d6fad760c952172dd54dd99d1045e4ec34a808, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x29aba33f799fe66c2ef3134aea04336ecc37e38c1cd211ba482eca17e2dbfae1, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1e9bc179a4fdd758fdd1bb1945088d47e70d114a03f6a0e8b5ba650369e64973, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1dd269799b660fad58f7f4892dfb0b5afeaad869a9c4b44f9c9e1c43bdaf8f09, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x22cdbc8b70117ad1401181d02e15459e7ccd426fe869c7c95d1dd2cb0f24af38, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x0ef042e454771c533a9f57a55c503fcefd3150f52ed94a7cd5ba93b9c7dacefd, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x11609e06ad6c8fe2f287f3036037e8851318e8b08a0359a03b304ffca62e8284, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x1166d9e554616dba9e753eea427c17b7fecd58c076dfe42708b08f5b783aa9af, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x2de52989431a859593413026354413db177fbf4cd2ac0b56f855a888357ee466, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x3006eb4ffc7a85819a6da492f3a8ac1df51aee5b17b8e89d74bf01cf5f71e9ad, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2af41fbb61ba8a80fdcf6fff9e3f6f422993fe8f0a4639f962344c8225145086, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x119e684de476155fe5a6b41a8ebc85db8718ab27889e85e781b214bace4827c3, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x1835b786e2e8925e188bea59ae363537b51248c23828f047cff784b97b3fd800, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x28201a34c594dfa34d794996c6433a20d152bac2a7905c926c40e285ab32eeb6, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x083efd7a27d1751094e80fefaf78b000864c82eb571187724a761f88c22cc4e7, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x0b6f88a3577199526158e61ceea27be811c16df7774dd8519e079564f61fd13b, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x0ec868e6d15e51d9644f66e1d6471a94589511ca00d29e1014390e6ee4254f5b, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x2af33e3f866771271ac0c9b3ed2e1142ecd3e74b939cd40d00d937ab84c98591, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x0b520211f904b5e7d09b5d961c6ace7734568c547dd6858b364ce5e47951f178, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x0b2d722d0919a1aad8db58f10062a92ea0c56ac4270e822cca228620188a1d40, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x1f790d4d7f8cf094d980ceb37c2453e957b54a9991ca38bbe0061d1ed6e562d4, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x0171eb95dfbf7d1eaea97cd385f780150885c16235a2a6a8da92ceb01e504233, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x0c2d0e3b5fd57549329bf6885da66b9b790b40defd2c8650762305381b168873, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1162fb28689c27154e5a8228b4e72b377cbcafa589e283c35d3803054407a18d, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2f1459b65dee441b64ad386a91e8310f282c5a92a89e19921623ef8249711bc0, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x1e6ff3216b688c3d996d74367d5cd4c1bc489d46754eb712c243f70d1b53cfbb, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x01ca8be73832b8d0681487d27d157802d741a6f36cdc2a0576881f9326478875, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1f7735706ffe9fc586f976d5bdf223dc680286080b10cea00b9b5de315f9650e, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2522b60f4ea3307640a0c2dce041fba921ac10a3d5f096ef4745ca838285f019, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x23f0bee001b1029d5255075ddc957f833418cad4f52b6c3f8ce16c235572575b, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2bc1ae8b8ddbb81fcaac2d44555ed5685d142633e9df905f66d9401093082d59, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x0f9406b8296564a37304507b8dba3ed162371273a07b1fc98011fcd6ad72205f, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x2360a8eb0cc7defa67b72998de90714e17e75b174a52ee4acb126c8cd995f0a8, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x15871a5cddead976804c803cbaef255eb4815a5e96df8b006dcbbc2767f88948, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x193a56766998ee9e0a8652dd2f3b1da0362f4f54f72379544f957ccdeefb420f, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x2a394a43934f86982f9be56ff4fab1703b2e63c8ad334834e4309805e777ae0f, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x1859954cfeb8695f3e8b635dcb345192892cd11223443ba7b4166e8876c0d142, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x04e1181763050e58013444dbcb99f1902b11bc25d90bbdca408d3819f4fed32b, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0fdb253dee83869d40c335ea64de8c5bb10eb82db08b5e8b1f5e5552bfd05f23, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x058cbe8a9a5027bdaa4efb623adead6275f08686f1c08984a9d7c5bae9b4f1c0, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x1382edce9971e186497eadb1aeb1f52b23b4b83bef023ab0d15228b4cceca59a, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x03464990f045c6ee0819ca51fd11b0be7f61b8eb99f14b77e1e6634601d9e8b5, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x23f7bfc8720dc296fff33b41f98ff83c6fcab4605db2eb5aaa5bc137aeb70a58, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x0a59a158e3eec2117e6e94e7f0e9decf18c3ffd5e1531a9219636158bbaf62f2, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x06ec54c80381c052b58bf23b312ffd3ce2c4eba065420af8f4c23ed0075fd07b, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x118872dc832e0eb5476b56648e867ec8b09340f7a7bcb1b4962f0ff9ed1f9d01, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x13d69fa127d834165ad5c7cba7ad59ed52e0b0f0e42d7fea95e1906b520921b1, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x169a177f63ea681270b1c6877a73d21bde143942fb71dc55fd8a49f19f10c77b, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x04ef51591c6ead97ef42f287adce40d93abeb032b922f66ffb7e9a5a7450544d, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x256e175a1dc079390ecd7ca703fb2e3b19ec61805d4f03ced5f45ee6dd0f69ec, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x30102d28636abd5fe5f2af412ff6004f75cc360d3205dd2da002813d3e2ceeb2, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x10998e42dfcd3bbf1c0714bc73eb1bf40443a3fa99bef4a31fd31be182fcc792, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x193edd8e9fcf3d7625fa7d24b598a1d89f3362eaf4d582efecad76f879e36860, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x18168afd34f2d915d0368ce80b7b3347d1c7a561ce611425f2664d7aa51f0b5d, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x29383c01ebd3b6ab0c017656ebe658b6a328ec77bc33626e29e2e95b33ea6111, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x10646d2f2603de39a1f4ae5e7771a64a702db6e86fb76ab600bf573f9010c711, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0beb5e07d1b27145f575f1395a55bf132f90c25b40da7b3864d0242dcb1117fb, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x16d685252078c133dc0d3ecad62b5c8830f95bb2e54b59abdffbf018d96fa336, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x0a6abd1d833938f33c74154e0404b4b40a555bbbec21ddfafd672dd62047f01a, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1a679f5d36eb7b5c8ea12a4c2dedc8feb12dffeec450317270a6f19b34cf1860, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x0980fb233bd456c23974d50e0ebfde4726a423eada4e8f6ffbc7592e3f1b93d6, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x161b42232e61b84cbf1810af93a38fc0cece3d5628c9282003ebacb5c312c72b, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0ada10a90c7f0520950f7d47a60d5e6a493f09787f1564e5d09203db47de1a0b, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1a730d372310ba82320345a29ac4238ed3f07a8a2b4e121bb50ddb9af407f451, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x2c8120f268ef054f817064c369dda7ea908377feaba5c4dffbda10ef58e8c556, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1c7c8824f758753fa57c00789c684217b930e95313bcb73e6e7b8649a4968f70, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x2cd9ed31f5f8691c8e39e4077a74faa0f400ad8b491eb3f7b47b27fa3fd1cf77, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x23ff4f9d46813457cf60d92f57618399a5e022ac321ca550854ae23918a22eea, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x09945a5d147a4f66ceece6405dddd9d0af5a2c5103529407dff1ea58f180426d, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x188d9c528025d4c2b67660c6b771b90f7c7da6eaa29d3f268a6dd223ec6fc630, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x3050e37996596b7f81f68311431d8734dba7d926d3633595e0c0d8ddf4f0f47f, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x15af1169396830a91600ca8102c35c426ceae5461e3f95d89d829518d30afd78, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x1da6d09885432ea9a06d9f37f873d985dae933e351466b2904284da3320d8acc, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := add(0x2796ea90d269af29f5f8acf33921124e4e4fad3dbe658945e546ee411ddaa9cb, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x202d7dd1da0f6b4b0325c8b3307742f01e15612ec8e9304a7cb0319e01d32d60, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x096d6790d05bb759156a952ba263d672a2d7f9c788f4c831a29dace4c0f8be5f, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := add(0x054efa1f65b0fce283808965275d877b438da23ce5b13e1963798cb1447d25a4, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x1b162f83d917e93edb3308c29802deb9d8aa690113b2e14864ccf6e18e4165f1, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x21e5241e12564dd6fd9f1cdd2a0de39eedfefc1466cc568ec5ceb745a0506edc, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := mulmod(scratch1, scratch1, F)\n      scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F)\n      state0 := mulmod(scratch2, scratch2, F)\n      scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F)\n      state0 := add(0x1cfb5662e8cf5ac9226a80ee17b36abecb73ab5f87e161927b4349e10e4bdf08, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x0f21177e302a771bbae6d8d1ecb373b62c99af346220ac0129c53f666eb24100, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1671522374606992affb0dd7f71b12bec4236aede6290546bcef7e1f515c2320, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := mulmod(state1, state1, F)\n      state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F)\n      scratch0 := mulmod(state2, state2, F)\n      state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F)\n      scratch0 := add(0x0fa3ec5b9488259c2eb4cf24501bfad9be2ec9e42c5cc8ccd419d2a692cad870, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)))\n      scratch1 := add(0x193c0e04e0bd298357cb266c1506080ed36edce85c648cc085e8c57b1ab54bba, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)))\n      scratch2 := add(0x102adf8ef74735a27e9128306dcbc3c99f6f7291cd406578ce14ea2adaba68f8, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)))\n      state0 := mulmod(scratch0, scratch0, F)\n      scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F)\n      state0 := mulmod(scratch1, scratch1, F)\n      scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F)\n      state0 := mulmod(scratch2, scratch2, F)\n      scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F)\n      state0 := add(0x0fe0af7858e49859e2a54d6f1ad945b1316aa24bfbdd23ae40a6d0cb70c3eab1, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)))\n      state1 := add(0x216f6717bbc7dedb08536a2220843f4e2da5f1daa9ebdefde8a5ea7344798d22, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)))\n      state2 := add(0x1da55cc900f0d21f4a3e694391918a1b3c23b2ac773c6b3ef88e2e4228325161, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)))\n      scratch0 := mulmod(state0, state0, F)\n      state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F)\n      scratch0 := mulmod(state1, state1, F)\n      state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F)\n      scratch0 := mulmod(state2, state2, F)\n      state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F)\n\n      mstore(0x0, mod(add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)), F))\n\n      return(0, 0x20)\n    }\n  }\n}\n"
+      },
+      "project/contracts/Enclave.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { IEnclave, E3, IE3Program } from \"./interfaces/IEnclave.sol\";\nimport { ICiphernodeRegistry } from \"./interfaces/ICiphernodeRegistry.sol\";\nimport { IBondingRegistry } from \"./interfaces/IBondingRegistry.sol\";\nimport { IDecryptionVerifier } from \"./interfaces/IDecryptionVerifier.sol\";\nimport {\n    OwnableUpgradeable\n} from \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\nimport {\n    SafeERC20\n} from \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport { IERC20 } from \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\n/**\n * @title Enclave\n * @notice Main contract for managing Encrypted Execution Environments (E3)\n * @dev Coordinates E3 lifecycle including request, activation, input publishing, and output verification\n */\ncontract Enclave is IEnclave, OwnableUpgradeable {\n    using SafeERC20 for IERC20;\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                 Storage Variables                      //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Address of the Ciphernode Registry contract.\n    /// @dev Manages the pool of ciphernodes and committee selection.\n    ICiphernodeRegistry public ciphernodeRegistry;\n\n    /// @notice Address of the Bonding Registry contract.\n    /// @dev Handles staking and reward distribution for ciphernodes.\n    IBondingRegistry public bondingRegistry;\n\n    /// @notice Address of the ERC20 token used for E3 fees.\n    /// @dev All E3 request fees must be paid in this token.\n    IERC20 public feeToken;\n\n    /// @notice Maximum allowed duration for an E3 computation in seconds.\n    /// @dev Requests with duration exceeding this value will be rejected.\n    uint256 public maxDuration;\n\n    /// @notice ID counter for the next E3 to be created.\n    /// @dev Incremented after each successful E3 request.\n    uint256 public nexte3Id;\n\n    /// @notice Mapping of allowed E3 Programs.\n    /// @dev Only enabled E3 Programs can be used in computation requests.\n    mapping(IE3Program e3Program => bool allowed) public e3Programs;\n\n    /// @notice Mapping storing all E3 instances by their ID.\n    /// @dev Contains the full state and configuration of each E3.\n    mapping(uint256 e3Id => E3 e3) public e3s;\n\n    /// @notice Mapping of enabled encryption schemes to their decryption verifiers.\n    /// @dev Each encryption scheme ID maps to a contract that can verify decrypted outputs.\n    mapping(bytes32 encryptionSchemeId => IDecryptionVerifier decryptionVerifier)\n        public decryptionVerifiers;\n\n    /// @notice Mapping storing valid E3 program ABI encoded parameter sets.\n    /// @dev Stores allowed encryption scheme parameters (e.g., BFV parameters).\n    mapping(bytes e3ProgramParams => bool allowed) public e3ProgramsParams;\n\n    /// @notice Mapping tracking fee payments for each E3.\n    /// @dev Stores the amount paid for an E3, distributed to committee upon completion.\n    mapping(uint256 e3Id => uint256 e3Payment) public e3Payments;\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                        Errors                          //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Thrown when committee selection fails during E3 request or activation.\n    error CommitteeSelectionFailed();\n\n    /// @notice Thrown when an E3 request uses a program that is not enabled.\n    /// @param e3Program The E3 program address that is not allowed.\n    error E3ProgramNotAllowed(IE3Program e3Program);\n\n    /// @notice Thrown when attempting to activate an E3 that is already activated.\n    /// @param e3Id The ID of the E3 that is already activated.\n    error E3AlreadyActivated(uint256 e3Id);\n\n    /// @notice Thrown when the E3 start window or computation period has expired.\n    error E3Expired();\n\n    /// @notice Thrown when attempting operations on an E3 that has not been activated yet.\n    /// @param e3Id The ID of the E3 that is not activated.\n    error E3NotActivated(uint256 e3Id);\n\n    /// @notice Thrown when attempting to activate an E3 before its start window begins.\n    error E3NotReady();\n\n    /// @notice Thrown when attempting to access an E3 that does not exist.\n    /// @param e3Id The ID of the non-existent E3.\n    error E3DoesNotExist(uint256 e3Id);\n\n    /// @notice Thrown when attempting to enable a module or program that is already enabled.\n    /// @param module The address of the module that is already enabled.\n    error ModuleAlreadyEnabled(address module);\n\n    /// @notice Thrown when attempting to disable a module or program that is not enabled.\n    /// @param module The address of the module that is not enabled.\n    error ModuleNotEnabled(address module);\n\n    /// @notice Thrown when an invalid or disabled encryption scheme is used.\n    /// @param encryptionSchemeId The ID of the invalid encryption scheme.\n    error InvalidEncryptionScheme(bytes32 encryptionSchemeId);\n\n    /// @notice Thrown when attempting to publish input after the computation deadline has passed.\n    /// @param e3Id The ID of the E3.\n    /// @param expiration The expiration timestamp that has passed.\n    error InputDeadlinePassed(uint256 e3Id, uint256 expiration);\n\n    /// @notice Thrown when attempting to publish output before the input deadline has passed.\n    /// @param e3Id The ID of the E3.\n    /// @param expiration The expiration timestamp that has not yet passed.\n    error InputDeadlineNotPassed(uint256 e3Id, uint256 expiration);\n\n    /// @notice Thrown when attempting to set an invalid ciphernode registry address.\n    /// @param ciphernodeRegistry The invalid ciphernode registry address.\n    error InvalidCiphernodeRegistry(ICiphernodeRegistry ciphernodeRegistry);\n\n    /// @notice Thrown when the requested duration exceeds maxDuration or is zero.\n    /// @param duration The invalid duration value.\n    error InvalidDuration(uint256 duration);\n\n    /// @notice Thrown when output verification fails.\n    /// @param output The invalid output data.\n    error InvalidOutput(bytes output);\n\n    /// @notice Thrown when input data is invalid.\n    error InvalidInput();\n\n    /// @notice Thrown when the start window parameters are invalid.\n    error InvalidStartWindow();\n\n    /// @notice Thrown when the threshold parameters are invalid (e.g., M > N or M = 0).\n    /// @param threshold The invalid threshold array [M, N].\n    error InvalidThreshold(uint32[2] threshold);\n\n    /// @notice Thrown when attempting to publish ciphertext output that has already been published.\n    /// @param e3Id The ID of the E3.\n    error CiphertextOutputAlreadyPublished(uint256 e3Id);\n\n    /// @notice Thrown when attempting to publish plaintext output before ciphertext output.\n    /// @param e3Id The ID of the E3.\n    error CiphertextOutputNotPublished(uint256 e3Id);\n\n    /// @notice Thrown when payment is required but not provided or insufficient.\n    /// @param value The required payment amount.\n    error PaymentRequired(uint256 value);\n\n    /// @notice Thrown when attempting to publish plaintext output that has already been published.\n    /// @param e3Id The ID of the E3.\n    error PlaintextOutputAlreadyPublished(uint256 e3Id);\n\n    /// @notice Thrown when attempting to set an invalid bonding registry address.\n    /// @param bondingRegistry The invalid bonding registry address.\n    error InvalidBondingRegistry(IBondingRegistry bondingRegistry);\n\n    /// @notice Thrown when attempting to set an invalid fee token address.\n    /// @param feeToken The invalid fee token address.\n    error InvalidFeeToken(IERC20 feeToken);\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Initialization                       //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Constructor that disables initializers.\n    /// @dev Prevents the implementation contract from being initialized. Initialization is performed\n    /// via the initialize() function when deployed behind a proxy.\n    constructor() {\n        _disableInitializers();\n    }\n\n    /// @notice Initializes the Enclave contract with initial configuration.\n    /// @dev This function can only be called once due to the initializer modifier. Sets up core dependencies.\n    /// @param _owner The owner address of this contract.\n    /// @param _ciphernodeRegistry The address of the Ciphernode Registry contract.\n    /// @param _bondingRegistry The address of the Bonding Registry contract.\n    /// @param _feeToken The address of the ERC20 token used for E3 fees.\n    /// @param _maxDuration The maximum duration of a computation in seconds.\n    /// @param _e3ProgramsParams Array of ABI encoded E3 encryption scheme parameters sets (e.g., for BFV).\n    function initialize(\n        address _owner,\n        ICiphernodeRegistry _ciphernodeRegistry,\n        IBondingRegistry _bondingRegistry,\n        IERC20 _feeToken,\n        uint256 _maxDuration,\n        bytes[] memory _e3ProgramsParams\n    ) public initializer {\n        __Ownable_init(msg.sender);\n        setMaxDuration(_maxDuration);\n        setCiphernodeRegistry(_ciphernodeRegistry);\n        setBondingRegistry(_bondingRegistry);\n        setFeeToken(_feeToken);\n        setE3ProgramsParams(_e3ProgramsParams);\n        if (_owner != owner()) transferOwnership(_owner);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                  Core Entrypoints                      //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @inheritdoc IEnclave\n    function request(\n        E3RequestParams calldata requestParams\n    ) external returns (uint256 e3Id, E3 memory e3) {\n        uint256 e3Fee = getE3Quote(requestParams);\n        require(\n            requestParams.threshold[1] >= requestParams.threshold[0] &&\n                requestParams.threshold[0] > 0,\n            InvalidThreshold(requestParams.threshold)\n        );\n        require(\n            // TODO: do we need a minimum start window to allow time for committee selection?\n            requestParams.startWindow[1] >= requestParams.startWindow[0] &&\n                requestParams.startWindow[1] >= block.timestamp,\n            InvalidStartWindow()\n        );\n        require(\n            requestParams.duration > 0 && requestParams.duration <= maxDuration,\n            InvalidDuration(requestParams.duration)\n        );\n        require(\n            e3Programs[requestParams.e3Program],\n            E3ProgramNotAllowed(requestParams.e3Program)\n        );\n\n        // TODO: should IDs be incremental or produced deterministically?\n        e3Id = nexte3Id;\n        nexte3Id++;\n        uint256 seed = uint256(keccak256(abi.encode(block.prevrandao, e3Id)));\n\n        e3.seed = seed;\n        e3.threshold = requestParams.threshold;\n        e3.requestBlock = block.number;\n        e3.startWindow = requestParams.startWindow;\n        e3.duration = requestParams.duration;\n        e3.expiration = 0;\n        e3.e3Program = requestParams.e3Program;\n        e3.e3ProgramParams = requestParams.e3ProgramParams;\n        e3.customParams = requestParams.customParams;\n        e3.committeePublicKey = hex\"\";\n        e3.ciphertextOutput = hex\"\";\n        e3.plaintextOutput = hex\"\";\n\n        bytes32 encryptionSchemeId = requestParams.e3Program.validate(\n            e3Id,\n            seed,\n            requestParams.e3ProgramParams,\n            requestParams.computeProviderParams\n        );\n        IDecryptionVerifier decryptionVerifier = decryptionVerifiers[\n            encryptionSchemeId\n        ];\n\n        require(\n            decryptionVerifiers[encryptionSchemeId] !=\n                IDecryptionVerifier(address(0)),\n            InvalidEncryptionScheme(encryptionSchemeId)\n        );\n\n        e3.encryptionSchemeId = encryptionSchemeId;\n        e3.decryptionVerifier = decryptionVerifier;\n\n        e3s[e3Id] = e3;\n        e3Payments[e3Id] = e3Fee;\n\n        feeToken.safeTransferFrom(msg.sender, address(this), e3Fee);\n\n        require(\n            ciphernodeRegistry.requestCommittee(\n                e3Id,\n                seed,\n                requestParams.threshold\n            ),\n            CommitteeSelectionFailed()\n        );\n\n        emit E3Requested(e3Id, e3, requestParams.e3Program);\n    }\n\n    /// @inheritdoc IEnclave\n    function activate(\n        uint256 e3Id,\n        bytes calldata publicKey\n    ) external returns (bool success) {\n        E3 memory e3 = getE3(e3Id);\n\n        require(e3.expiration == 0, E3AlreadyActivated(e3Id));\n        require(e3.startWindow[0] <= block.timestamp, E3NotReady());\n        // TODO: handle what happens to the payment if the start window has passed.\n        require(e3.startWindow[1] >= block.timestamp, E3Expired());\n\n        bytes32 publicKeyHash = ciphernodeRegistry.committeePublicKey(e3Id);\n        require(\n            keccak256(publicKey) == publicKeyHash,\n            CommitteeSelectionFailed()\n        );\n        uint256 expiresAt = block.timestamp + e3.duration;\n        e3s[e3Id].expiration = expiresAt;\n        e3s[e3Id].committeePublicKey = keccak256(publicKey);\n\n        emit E3Activated(e3Id, expiresAt, publicKey);\n\n        return true;\n    }\n\n    /// @inheritdoc IEnclave\n    function publishInput(\n        uint256 e3Id,\n        bytes calldata data\n    ) external returns (bool success) {\n        E3 memory e3 = getE3(e3Id);\n\n        // Note: if we make 0 a no expiration, this has to be refactored\n        require(e3.expiration > 0, E3NotActivated(e3Id));\n        // TODO: should we have an input window, including both a start and end timestamp?\n        require(\n            e3.expiration > block.timestamp,\n            InputDeadlinePassed(e3Id, e3.expiration)\n        );\n\n        e3.e3Program.validateInput(e3Id, msg.sender, data);\n\n        success = true;\n    }\n\n    /// @inheritdoc IEnclave\n    function publishCiphertextOutput(\n        uint256 e3Id,\n        bytes calldata ciphertextOutput,\n        bytes calldata proof\n    ) external returns (bool success) {\n        E3 memory e3 = getE3(e3Id);\n\n        // Note: if we make 0 a no expiration, this has to be refactored\n        require(e3.expiration > 0, E3NotActivated(e3Id));\n        require(\n            e3.expiration <= block.timestamp,\n            InputDeadlineNotPassed(e3Id, e3.expiration)\n        );\n        // TODO: should the output verifier be able to change its mind?\n        //i.e. should we be able to call this multiple times?\n        require(\n            e3.ciphertextOutput == bytes32(0),\n            CiphertextOutputAlreadyPublished(e3Id)\n        );\n\n        bytes32 ciphertextOutputHash = keccak256(ciphertextOutput);\n        e3s[e3Id].ciphertextOutput = ciphertextOutputHash;\n\n        (success) = e3.e3Program.verify(e3Id, ciphertextOutputHash, proof);\n        require(success, InvalidOutput(ciphertextOutput));\n\n        emit CiphertextOutputPublished(e3Id, ciphertextOutput);\n    }\n\n    /// @inheritdoc IEnclave\n    function publishPlaintextOutput(\n        uint256 e3Id,\n        bytes calldata plaintextOutput,\n        bytes calldata proof\n    ) external returns (bool success) {\n        E3 memory e3 = getE3(e3Id);\n\n        // Note: if we make 0 a no expiration, this has to be refactored\n        require(e3.expiration > 0, E3NotActivated(e3Id));\n        require(\n            e3.ciphertextOutput != bytes32(0),\n            CiphertextOutputNotPublished(e3Id)\n        );\n        require(\n            e3.plaintextOutput.length == 0,\n            PlaintextOutputAlreadyPublished(e3Id)\n        );\n\n        e3s[e3Id].plaintextOutput = plaintextOutput;\n\n        (success) = e3.decryptionVerifier.verify(\n            e3Id,\n            keccak256(plaintextOutput),\n            proof\n        );\n        require(success, InvalidOutput(plaintextOutput));\n\n        _distributeRewards(e3Id);\n\n        emit PlaintextOutputPublished(e3Id, plaintextOutput);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Internal Functions                   //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Distributes rewards to committee members after successful E3 completion.\n    /// @dev Divides the E3 payment equally among all committee members and transfers via bonding registry.\n    /// @dev Emits RewardsDistributed event upon successful distribution.\n    /// @param e3Id The ID of the E3 for which to distribute rewards.\n    function _distributeRewards(uint256 e3Id) internal {\n        address[] memory committeeNodes = ciphernodeRegistry.getCommitteeNodes(\n            e3Id\n        );\n        uint256 committeeLength = committeeNodes.length;\n        uint256[] memory amounts = new uint256[](committeeLength);\n\n        // TODO: do we need to pay different amounts to different nodes?\n        // For now, we'll pay the same amount to all nodes.\n        uint256 amount = e3Payments[e3Id] / committeeLength;\n        for (uint256 i = 0; i < committeeLength; i++) {\n            amounts[i] = amount;\n        }\n\n        uint256 totalAmount = e3Payments[e3Id];\n        e3Payments[e3Id] = 0;\n\n        feeToken.approve(address(bondingRegistry), totalAmount);\n\n        bondingRegistry.distributeRewards(feeToken, committeeNodes, amounts);\n\n        // TODO: decide where does dust go? Treasury maybe?\n        feeToken.approve(address(bondingRegistry), 0);\n\n        emit RewardsDistributed(e3Id, committeeNodes, amounts);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Set Functions                        //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @inheritdoc IEnclave\n    function setMaxDuration(\n        uint256 _maxDuration\n    ) public onlyOwner returns (bool success) {\n        maxDuration = _maxDuration;\n        success = true;\n        emit MaxDurationSet(_maxDuration);\n    }\n\n    /// @inheritdoc IEnclave\n    function setCiphernodeRegistry(\n        ICiphernodeRegistry _ciphernodeRegistry\n    ) public onlyOwner returns (bool success) {\n        require(\n            address(_ciphernodeRegistry) != address(0) &&\n                _ciphernodeRegistry != ciphernodeRegistry,\n            InvalidCiphernodeRegistry(_ciphernodeRegistry)\n        );\n        ciphernodeRegistry = _ciphernodeRegistry;\n        success = true;\n        emit CiphernodeRegistrySet(address(_ciphernodeRegistry));\n    }\n\n    /// @inheritdoc IEnclave\n    function setBondingRegistry(\n        IBondingRegistry _bondingRegistry\n    ) public onlyOwner returns (bool success) {\n        require(\n            address(_bondingRegistry) != address(0) &&\n                _bondingRegistry != bondingRegistry,\n            InvalidBondingRegistry(_bondingRegistry)\n        );\n        bondingRegistry = _bondingRegistry;\n        success = true;\n        emit BondingRegistrySet(address(_bondingRegistry));\n    }\n\n    /// @inheritdoc IEnclave\n    function setFeeToken(\n        IERC20 _feeToken\n    ) public onlyOwner returns (bool success) {\n        require(\n            address(_feeToken) != address(0) && _feeToken != feeToken,\n            InvalidFeeToken(_feeToken)\n        );\n        feeToken = _feeToken;\n        success = true;\n        emit FeeTokenSet(address(_feeToken));\n    }\n\n    /// @inheritdoc IEnclave\n    function enableE3Program(\n        IE3Program e3Program\n    ) public onlyOwner returns (bool success) {\n        require(\n            !e3Programs[e3Program],\n            ModuleAlreadyEnabled(address(e3Program))\n        );\n        e3Programs[e3Program] = true;\n        success = true;\n        emit E3ProgramEnabled(e3Program);\n    }\n\n    /// @inheritdoc IEnclave\n    function disableE3Program(\n        IE3Program e3Program\n    ) public onlyOwner returns (bool success) {\n        require(e3Programs[e3Program], ModuleNotEnabled(address(e3Program)));\n        delete e3Programs[e3Program];\n        success = true;\n        emit E3ProgramDisabled(e3Program);\n    }\n\n    /// @inheritdoc IEnclave\n    function setDecryptionVerifier(\n        bytes32 encryptionSchemeId,\n        IDecryptionVerifier decryptionVerifier\n    ) public onlyOwner returns (bool success) {\n        require(\n            decryptionVerifier != IDecryptionVerifier(address(0)) &&\n                decryptionVerifiers[encryptionSchemeId] != decryptionVerifier,\n            InvalidEncryptionScheme(encryptionSchemeId)\n        );\n        decryptionVerifiers[encryptionSchemeId] = decryptionVerifier;\n        success = true;\n        emit EncryptionSchemeEnabled(encryptionSchemeId);\n    }\n\n    /// @inheritdoc IEnclave\n    function disableEncryptionScheme(\n        bytes32 encryptionSchemeId\n    ) public onlyOwner returns (bool success) {\n        require(\n            decryptionVerifiers[encryptionSchemeId] !=\n                IDecryptionVerifier(address(0)),\n            InvalidEncryptionScheme(encryptionSchemeId)\n        );\n        decryptionVerifiers[encryptionSchemeId] = IDecryptionVerifier(\n            address(0)\n        );\n        success = true;\n        emit EncryptionSchemeDisabled(encryptionSchemeId);\n    }\n\n    /// @inheritdoc IEnclave\n    function setE3ProgramsParams(\n        bytes[] memory _e3ProgramsParams\n    ) public onlyOwner returns (bool success) {\n        uint256 length = _e3ProgramsParams.length;\n        for (uint256 i; i < length; ) {\n            e3ProgramsParams[_e3ProgramsParams[i]] = true;\n            unchecked {\n                ++i;\n            }\n        }\n        success = true;\n        emit AllowedE3ProgramsParamsSet(_e3ProgramsParams);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Get Functions                        //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @inheritdoc IEnclave\n    function getE3(uint256 e3Id) public view returns (E3 memory e3) {\n        e3 = e3s[e3Id];\n        require(e3.e3Program != IE3Program(address(0)), E3DoesNotExist(e3Id));\n    }\n\n    /// @inheritdoc IEnclave\n    function getE3Quote(\n        E3RequestParams calldata\n    ) public pure returns (uint256 fee) {\n        fee = 1 * 10 ** 6;\n        require(fee > 0, PaymentRequired(fee));\n    }\n\n    /// @inheritdoc IEnclave\n    function getDecryptionVerifier(\n        bytes32 encryptionSchemeId\n    ) public view returns (IDecryptionVerifier) {\n        return decryptionVerifiers[encryptionSchemeId];\n    }\n}\n"
+      },
+      "project/contracts/interfaces/IBondingRegistry.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\n\npragma solidity >=0.8.27;\n\nimport { IERC20 } from \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport { ICiphernodeRegistry } from \"./ICiphernodeRegistry.sol\";\nimport { EnclaveTicketToken } from \"../token/EnclaveTicketToken.sol\";\n\n/**\n * @title IBondingRegistry\n * @notice Interface for the main bonding registry that holds operator balance and license bonds\n */\ninterface IBondingRegistry {\n    // ======================\n    // Custom Errors\n    // ======================\n\n    // General\n    error ZeroAddress();\n    error ZeroAmount();\n    error CiphernodeBanned();\n    error Unauthorized();\n    error InsufficientBalance();\n    error NotLicensed();\n    error AlreadyRegistered();\n    error NotRegistered();\n    error ExitInProgress();\n    error ExitNotReady();\n    error InvalidAmount();\n    error InvalidConfiguration();\n    error NoPendingDeregistration();\n    error OnlyRewardDistributor();\n    error ArrayLengthMismatch();\n\n    // ======================\n    // Events (Protocol-Named)\n    // ======================\n\n    /**\n     * @notice Emitted when operator's ticket balance changes\n     * @param operator Address of the operator\n     * @param delta Change in balance (positive for increase, negative for decrease)\n     * @param newBalance New total balance\n     * @param reason Reason for the change (e.g., \"DEPOSIT\", \"WITHDRAW\", slash reason)\n     */\n    event TicketBalanceUpdated(\n        address indexed operator,\n        int256 delta,\n        uint256 newBalance,\n        bytes32 indexed reason\n    );\n\n    /**\n     * @notice Emitted when operator's license bond changes\n     * @param operator Address of the operator\n     * @param delta Change in bond (positive for increase, negative for decrease)\n     * @param newBond New total license bond\n     * @param reason Reason for the change (e.g., \"BOND\", \"UNBOND\", slash reason)\n     */\n    event LicenseBondUpdated(\n        address indexed operator,\n        int256 delta,\n        uint256 newBond,\n        bytes32 indexed reason\n    );\n\n    /**\n     * @notice Emitted when operator requests deregistration from the protocol\n     * @param operator Address of the operator\n     * @param unlockAt Timestamp when deregistration can be finalized\n     */\n    event CiphernodeDeregistrationRequested(\n        address indexed operator,\n        uint64 unlockAt\n    );\n\n    /**\n     * @notice Emitted when operator active status changes\n     * @param operator Address of the operator\n     * @param active True if active, false if inactive\n     */\n    event OperatorActivationChanged(address indexed operator, bool active);\n\n    /**\n     * @notice Emitted when configuration is updated\n     * @param parameter Name of the parameter\n     * @param oldValue Previous value\n     * @param newValue New value\n     */\n    event ConfigurationUpdated(\n        bytes32 indexed parameter,\n        uint256 oldValue,\n        uint256 newValue\n    );\n\n    /**\n     * @notice Emitted when treasury withdraws slashed funds\n     * @param to Treasury address\n     * @param ticketAmount Amount of slashed ticket balance withdrawn\n     * @param licenseAmount Amount of slashed license bond withdrawn\n     */\n    event SlashedFundsWithdrawn(\n        address indexed to,\n        uint256 ticketAmount,\n        uint256 licenseAmount\n    );\n\n    // ======================\n    // View Functions\n    // ======================\n\n    /**\n     * @notice Get license token address\n     * @return License token address\n     */\n    function getLicenseToken() external view returns (address);\n\n    /**\n     * @notice Get ticket token address\n     * @return Ticket token address\n     */\n    function getTicketToken() external view returns (address);\n\n    /**\n     * @notice Get operator's current ticket balance\n     * @param operator Address of the operator\n     * @return Current collateral balance\n     */\n    function getTicketBalance(address operator) external view returns (uint256);\n\n    /**\n     * @notice Get operator's current license bond\n     * @param operator Address of the operator\n     * @return Current license bond\n     */\n    function getLicenseBond(address operator) external view returns (uint256);\n\n    /**\n     * @notice Get current ticket price\n     * @return Price per ticket in collateral token units\n     */\n    function ticketPrice() external view returns (uint256);\n\n    /**\n     * @notice Calculate available tickets for an operator\n     * @param operator Address of the operator\n     * @return Number of tickets available (floor(balance / ticketPrice))\n     */\n    function availableTickets(address operator) external view returns (uint256);\n\n    /**\n     * @notice Check if operator is licensed\n     * @param operator Address of the operator\n     * @return True if operator has sufficient license bond\n     */\n    function isLicensed(address operator) external view returns (bool);\n\n    /**\n     * @notice Check if operator is registered\n     * @param operator Address of the operator\n     * @return True if operator is registered\n     */\n    function isRegistered(address operator) external view returns (bool);\n\n    /**\n     * @notice Check if operator is active\n     * @param operator Address of the operator\n     * @return True if operator is active (licensed, registered, and has min tickets)\n     */\n    function isActive(address operator) external view returns (bool);\n\n    /**\n     * @notice Check if operator has deregistration in progress\n     * @param operator Address of the operator\n     * @return True if exit requested but not finalized\n     */\n    function hasExitInProgress(address operator) external view returns (bool);\n\n    /**\n     * @notice Get license bond price required\n     * @return License bond price amount\n     */\n    function licenseRequiredBond() external view returns (uint256);\n\n    /**\n     * @notice Get minimum ticket balance required for activation\n     * @return Minimum number of tickets required\n     */\n    function minTicketBalance() external view returns (uint256);\n\n    /**\n     * @notice Get exit delay period\n     * @return Number of seconds operators must wait after requesting exit\n     */\n    function exitDelay() external view returns (uint64);\n\n    /**\n     * @notice Get operator's ticket balance at a specific block\n     * @param operator Address of the operator\n     * @param blockNumber Block number to query\n     * @return Ticket balance at the specified block\n     */\n    function getTicketBalanceAtBlock(\n        address operator,\n        uint256 blockNumber\n    ) external view returns (uint256);\n\n    /**\n     * @notice Get operator's total pending exit amounts\n     * @param operator Address of the operator\n     * @return ticket Total pending ticket balance in exit queue\n     * @return license Total pending license bond in exit queue\n     */\n    function pendingExits(\n        address operator\n    ) external view returns (uint256 ticket, uint256 license);\n\n    /**\n     * @notice Preview how much an operator can currently claim\n     * @param operator Address of the operator\n     * @return ticket Claimable ticket balance\n     * @return license Claimable license bond\n     */\n    function previewClaimable(\n        address operator\n    ) external view returns (uint256 ticket, uint256 license);\n\n    /**\n     * @notice Get slashed funds treasury address\n     * @return Address where slashed funds are sent\n     */\n    function slashedFundsTreasury() external view returns (address);\n\n    /**\n     * @notice Get total slashed ticket balance\n     * @return Amount of ticket balance slashed and available for treasury withdrawal\n     */\n    function slashedTicketBalance() external view returns (uint256);\n\n    /**\n     * @notice Get total slashed license bond\n     * @return Amount of license bond slashed and available for treasury withdrawal\n     */\n    function slashedLicenseBond() external view returns (uint256);\n\n    // ======================\n    // Operator Functions\n    // ======================\n\n    /**\n     * @notice Register as an operator (callable by licensed operators)\n     * @dev Requires sufficient license bond and calls registry\n     */\n    function registerOperator() external;\n\n    /**\n     * @notice Deregister as an operator and remove from IMT\n     * @param siblingNodes Sibling node proofs for IMT removal\n     * @dev Requires operator to provide sibling nodes for immediate IMT removal\n     */\n    function deregisterOperator(uint256[] calldata siblingNodes) external;\n\n    /**\n     * @notice Increase operator's ticket balance by depositing tokens\n     * @param amount Amount of ticket tokens to deposit\n     * @dev Requires approval for ticket token transfer\n     */\n    function addTicketBalance(uint256 amount) external;\n\n    /**\n     * @notice Decrease operator's ticket balance by withdrawing tokens\n     * @param amount Amount of ticket tokens to withdraw\n     * @dev Reverts if operator is in any active committee\n     */\n    function removeTicketBalance(uint256 amount) external;\n\n    /**\n     * @notice Bond license tokens to become eligible for registration\n     * @param amount Amount of license tokens to bond\n     * @dev Requires approval for license token transfer\n     */\n    function bondLicense(uint256 amount) external;\n\n    /**\n     * @notice Unbond license tokens\n     * @param amount Amount of license tokens to unbond\n     * @dev Reverts if operator is in any active committee or still registered\n     */\n    function unbondLicense(uint256 amount) external;\n\n    // ======================\n    // Claim Functions\n    // ======================\n\n    /**\n     * @notice Claim operator's ticket balance and license bond\n     * @param maxTicketAmount Maximum amount of ticket tokens to claim\n     * @param maxLicenseAmount Maximum amount of license tokens to claim\n     */\n    function claimExits(\n        uint256 maxTicketAmount,\n        uint256 maxLicenseAmount\n    ) external;\n\n    // ======================\n    // Slashing Functions\n    // ======================\n\n    /**\n     * @notice Slash operator's ticket balance by absolute amount\n     * @param operator Address of the operator to slash\n     * @param amount Amount to slash\n     * @param reason Reason for slashing (stored in event)\n     * @dev Only callable by authorized slashing manager\n     */\n    function slashTicketBalance(\n        address operator,\n        uint256 amount,\n        bytes32 reason\n    ) external;\n\n    /**\n     * @notice Slash operator's license bond by absolute amount\n     * @param operator Address of the operator to slash\n     * @param amount Amount to slash\n     * @param reason Reason for slashing (stored in event)\n     * @dev Only callable by authorized slashing manager\n     */\n    function slashLicenseBond(\n        address operator,\n        uint256 amount,\n        bytes32 reason\n    ) external;\n\n    // ======================\n    // Reward Distribution Functions\n    // ======================\n    /**\n     * @notice Distribute rewards to operators\n     * @param rewardToken Reward token contract\n     * @param operators Addresses of the operators to distribute rewards to\n     * @param amounts Amounts of rewards to distribute to each operator\n     * @dev Only callable by contract owner\n     */\n    function distributeRewards(\n        IERC20 rewardToken,\n        address[] calldata operators,\n        uint256[] calldata amounts\n    ) external;\n\n    // ======================\n    // Admin Functions\n    // ======================\n\n    /**\n     * @notice Set ticket price\n     * @param newTicketPrice New price per ticket\n     * @dev Only callable by contract owner\n     */\n    function setTicketPrice(uint256 newTicketPrice) external;\n\n    /**\n     * @notice Set license bond price required\n     * @param newLicenseRequiredBond New license bond price\n     * @dev Only callable by contract owner\n     */\n    function setLicenseRequiredBond(uint256 newLicenseRequiredBond) external;\n\n    /**\n     * @notice Set license active BPS\n     * @param newBps New license active BPS\n     * @dev Only callable by contract owner\n     */\n    function setLicenseActiveBps(uint256 newBps) external;\n\n    /**\n     * @notice Set minimum ticket balance required for activation\n     * @param newMinTicketBalance New minimum ticket balance\n     * @dev Only callable by contract owner\n     */\n    function setMinTicketBalance(uint256 newMinTicketBalance) external;\n\n    /**\n     * @notice Set exit delay period\n     * @param newExitDelay New exit delay in seconds\n     * @dev Only callable by contract owner\n     */\n    function setExitDelay(uint64 newExitDelay) external;\n\n    /**\n     * @notice Set ticket token\n     * @param newTicketToken New ticket token\n     * @dev Only callable by contract owner\n     */\n    function setTicketToken(EnclaveTicketToken newTicketToken) external;\n\n    /**\n     * @notice Set license token\n     * @param newLicenseToken New license token\n     * @dev Only callable by contract owner\n     */\n    function setLicenseToken(IERC20 newLicenseToken) external;\n\n    /**\n     * @notice Set slashed funds treasury address\n     * @param newSlashedFundsTreasury New slashed funds treasury address\n     * @dev Only callable by contract owner\n     */\n    function setSlashedFundsTreasury(address newSlashedFundsTreasury) external;\n\n    /**\n     * @notice Set registry address\n     * @param newRegistry New registry contract address\n     * @dev Only callable by contract owner\n     */\n    function setRegistry(ICiphernodeRegistry newRegistry) external;\n\n    /**\n     * @notice Set slashing manager address\n     * @param newSlashingManager New slashing manager contract address\n     * @dev Only callable by contract owner\n     */\n    function setSlashingManager(address newSlashingManager) external;\n\n    /**\n     * @notice Set reward distributor address\n     * @param newRewardDistributor New reward distributor address\n     * @dev Only callable by contract owner\n     */\n    function setRewardDistributor(address newRewardDistributor) external;\n\n    /**\n     * @notice Withdraw slashed funds to treasury\n     * @param ticketAmount Amount of slashed ticket balance to withdraw\n     * @param licenseAmount Amount of slashed license bond to withdraw\n     * @dev Only callable by contract owner, sends to treasury address\n     */\n    function withdrawSlashedFunds(\n        uint256 ticketAmount,\n        uint256 licenseAmount\n    ) external;\n}\n"
+      },
+      "project/contracts/interfaces/ICiphernodeRegistry.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\n/**\n * @title ICiphernodeRegistry\n * @notice Interface for managing ciphernode registration and committee selection\n * @dev This registry maintains an Incremental Merkle Tree (IMT) of registered ciphernodes\n * and coordinates committee selection for E3 computations\n */\ninterface ICiphernodeRegistry {\n    /// @notice Struct representing the sortition state for an E3 round.\n    /// @param initialized Whether the round has been initialized.\n    /// @param finalized Whether the round has been finalized.\n    /// @param requestBlock The block number when the committee was requested.\n    /// @param submissionDeadline The deadline for submitting tickets.\n    /// @param threshold The M/N threshold for the committee ([M, N]).\n    /// @param publicKey Hash of the committee's public key.\n    /// @param seed The seed for the round.\n    /// @param topNodes The top nodes in the round.\n    /// @param committee The committee for the round.\n    /// @param submitted Mapping of nodes to their submission status.\n    /// @param scoreOf Mapping of nodes to their scores.\n    struct Committee {\n        bool initialized;\n        bool finalized;\n        uint256 seed;\n        uint256 requestBlock;\n        uint256 submissionDeadline;\n        bytes32 publicKey;\n        uint32[2] threshold;\n        address[] topNodes;\n        address[] committee;\n        mapping(address node => bool submitted) submitted;\n        mapping(address node => uint256 score) scoreOf;\n    }\n\n    /// @notice This event MUST be emitted when a committee is selected for an E3.\n    /// @param e3Id ID of the E3 for which the committee was selected.\n    /// @param seed Random seed for score computation.\n    /// @param threshold The M/N threshold for the committee.\n    /// @param requestBlock Block number for snapshot validation.\n    /// @param submissionDeadline Deadline for submitting tickets.\n    event CommitteeRequested(\n        uint256 indexed e3Id,\n        uint256 seed,\n        uint32[2] threshold,\n        uint256 requestBlock,\n        uint256 submissionDeadline\n    );\n\n    /// @notice This event MUST be emitted when a ticket is submitted for sortition\n    /// @param e3Id ID of the E3 computation\n    /// @param node Address of the ciphernode submitting the ticket\n    /// @param ticketId The ticket number being submitted\n    /// @param score The computed score for the ticket\n    event TicketSubmitted(\n        uint256 indexed e3Id,\n        address indexed node,\n        uint256 ticketId,\n        uint256 score\n    );\n\n    /// @notice This event MUST be emitted when a committee is finalized\n    /// @param e3Id ID of the E3 computation\n    /// @param committee Array of selected ciphernode addresses\n    event CommitteeFinalized(uint256 indexed e3Id, address[] committee);\n\n    /// @notice This event MUST be emitted when a committee is selected for an E3.\n    /// @param e3Id ID of the E3 for which the committee was selected.\n    /// @param publicKey Public key of the committee.\n    event CommitteePublished(\n        uint256 indexed e3Id,\n        address[] nodes,\n        bytes publicKey\n    );\n\n    /// @notice This event MUST be emitted when a committee's active status changes.\n    /// @param e3Id ID of the E3 for which the committee status changed.\n    /// @param active True if committee is now active, false if completed.\n    event CommitteeActivationChanged(uint256 indexed e3Id, bool active);\n\n    /// @notice This event MUST be emitted when `enclave` is set.\n    /// @param enclave Address of the enclave contract.\n    event EnclaveSet(address indexed enclave);\n\n    /// @notice This event MUST be emitted when a ciphernode is added to the registry.\n    /// @param node Address of the ciphernode.\n    /// @param index Index of the ciphernode in the registry.\n    /// @param numNodes Number of ciphernodes in the registry.\n    /// @param size Size of the registry.\n    event CiphernodeAdded(\n        address indexed node,\n        uint256 index,\n        uint256 numNodes,\n        uint256 size\n    );\n\n    /// @notice This event MUST be emitted when a ciphernode is removed from the registry.\n    /// @param node Address of the ciphernode.\n    /// @param index Index of the ciphernode in the registry.\n    /// @param numNodes Number of ciphernodes in the registry.\n    /// @param size Size of the registry.\n    event CiphernodeRemoved(\n        address indexed node,\n        uint256 index,\n        uint256 numNodes,\n        uint256 size\n    );\n\n    /// @notice This event MUST be emitted any time the `sortitionSubmissionWindow` is set.\n    /// @param sortitionSubmissionWindow The submission window for the E3 sortition in seconds.\n    event SortitionSubmissionWindowSet(uint256 sortitionSubmissionWindow);\n\n    /// @notice Check if a ciphernode is eligible for committee selection\n    /// @dev A ciphernode is eligible if it is enabled in the registry and meets bonding requirements\n    /// @param ciphernode Address of the ciphernode to check\n    /// @return eligible Whether the ciphernode is eligible for committee selection\n    function isCiphernodeEligible(address ciphernode) external returns (bool);\n\n    /// @notice Check if a ciphernode is enabled in the registry\n    /// @param node Address of the ciphernode\n    /// @return enabled Whether the ciphernode is enabled\n    function isEnabled(address node) external view returns (bool enabled);\n\n    /// @notice Add a ciphernode to the registry\n    /// @param node Address of the ciphernode to add\n    function addCiphernode(address node) external;\n\n    /// @notice Remove a ciphernode from the registry\n    /// @param node Address of the ciphernode to remove\n    /// @param siblingNodes Array of sibling node indices for tree operations\n    function removeCiphernode(\n        address node,\n        uint256[] calldata siblingNodes\n    ) external;\n\n    /// @notice Initiates the committee selection process for a specified E3.\n    /// @dev This function MUST revert when not called by the Enclave contract.\n    /// @param e3Id ID of the E3 for which to select the committee.\n    /// @param seed Random seed for score computation.\n    /// @param threshold The M/N threshold for the committee.\n    /// @return success True if committee selection was successfully initiated.\n    function requestCommittee(\n        uint256 e3Id,\n        uint256 seed,\n        uint32[2] calldata threshold\n    ) external returns (bool success);\n\n    /// @notice Publishes the public key resulting from the committee selection process.\n    /// @dev This function MUST revert if not called by the owner.\n    /// @param e3Id ID of the E3 for which to select the committee.\n    /// @param nodes Array of ciphernode addresses selected for the committee.\n    /// @param publicKey The public key generated by the given committee.\n    function publishCommittee(\n        uint256 e3Id,\n        address[] calldata nodes,\n        bytes calldata publicKey\n    ) external;\n\n    /// @notice This function should be called by the Enclave contract to get the public key of a committee.\n    /// @dev This function MUST revert if no committee has been requested for the given E3.\n    /// @dev This function MUST revert if the committee has not yet published a public key.\n    /// @param e3Id ID of the E3 for which to get the committee public key.\n    /// @return publicKeyHash The hash of the public key of the given committee.\n    function committeePublicKey(\n        uint256 e3Id\n    ) external view returns (bytes32 publicKeyHash);\n\n    /// @notice This function should be called by the Enclave contract to get the committee for a given E3.\n    /// @dev This function MUST revert if no committee has been requested for the given E3.\n    /// @param e3Id ID of the E3 for which to get the committee.\n    /// @return committeeNodes The nodes in the committee for the given E3.\n    function getCommitteeNodes(\n        uint256 e3Id\n    ) external view returns (address[] memory committeeNodes);\n\n    /// @notice Returns the current root of the ciphernode IMT\n    /// @return Current IMT root\n    function root() external view returns (uint256);\n\n    /// @notice Returns the IMT root at the time a committee was requested\n    /// @param e3Id ID of the E3\n    /// @return IMT root at time of committee request\n    function rootAt(uint256 e3Id) external view returns (uint256);\n\n    /// @notice Returns the current size of the ciphernode IMT\n    /// @return Size of the IMT\n    function treeSize() external view returns (uint256);\n\n    /// @notice Returns the address of the bonding registry\n    /// @return Address of the bonding registry contract\n    function getBondingRegistry() external view returns (address);\n\n    /// @notice Sets the Enclave contract address\n    /// @dev Only callable by owner\n    /// @param _enclave Address of the Enclave contract\n    function setEnclave(address _enclave) external;\n\n    /// @notice Sets the bonding registry contract address\n    /// @dev Only callable by owner\n    /// @param _bondingRegistry Address of the bonding registry contract\n    function setBondingRegistry(address _bondingRegistry) external;\n\n    /// @notice This function should be called to set the submission window for the E3 sortition.\n    /// @param _sortitionSubmissionWindow The submission window for the E3 sortition in seconds.\n    function setSortitionSubmissionWindow(\n        uint256 _sortitionSubmissionWindow\n    ) external;\n\n    /// @notice Submit a ticket for sortition\n    /// @dev Validates ticket against node's balance at request block\n    /// @param e3Id ID of the E3 computation\n    /// @param ticketNumber The ticket number to submit\n    function submitTicket(uint256 e3Id, uint256 ticketNumber) external;\n\n    /// @notice Finalize the committee after submission window closes\n    /// @param e3Id ID of the E3 computation\n    function finalizeCommittee(uint256 e3Id) external;\n\n    /// @notice Check if submission window is still open for an E3\n    /// @param e3Id ID of the E3 computation\n    /// @return Whether the submission window is open\n    function isOpen(uint256 e3Id) external view returns (bool);\n}\n"
+      },
+      "project/contracts/interfaces/IComputeProvider.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { IDecryptionVerifier } from \"./IDecryptionVerifier.sol\";\n\n/**\n * @title IComputeProvider\n * @notice Interface for compute provider validation and configuration\n * @dev Compute providers define how computations are executed and verified in the E3 system\n */\ninterface IComputeProvider {\n    /// @notice Validate compute provider parameters and return the appropriate decryption verifier\n    /// @dev This function is called by the Enclave contract during E3 request to validate\n    ///      compute provider configuration\n    /// @param e3Id ID of the E3 computation\n    /// @param seed Random seed for the computation\n    /// @param params ABI encoded compute provider parameters\n    /// @return decryptionVerifier The decryption verifier contract to use for this computation\n    function validate(\n        uint256 e3Id,\n        uint256 seed,\n        bytes calldata params\n    ) external returns (IDecryptionVerifier decryptionVerifier);\n}\n"
+      },
+      "project/contracts/interfaces/IDecryptionVerifier.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\n/**\n * @title IDecryptionVerifier\n * @notice Interface for verifying decrypted computation outputs\n * @dev Implements cryptographic verification of plaintext outputs from encrypted computations\n */\ninterface IDecryptionVerifier {\n    /// @notice Verify the decryption of a computation output\n    /// @dev This function is called by the Enclave contract when plaintext output is published\n    /// @param e3Id ID of the E3 computation\n    /// @param plaintextOutputHash The keccak256 hash of the plaintext output to be verified\n    /// @param proof ABI encoded proof of the decryption validity\n    /// @return success Whether the plaintextOutputHash was successfully verified\n    function verify(\n        uint256 e3Id,\n        bytes32 plaintextOutputHash,\n        bytes memory proof\n    ) external view returns (bool success);\n}\n"
+      },
+      "project/contracts/interfaces/IE3.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { IE3Program } from \"./IE3Program.sol\";\nimport { IDecryptionVerifier } from \"./IDecryptionVerifier.sol\";\n\n/**\n * @title E3\n * @notice Represents a complete E3 (Encrypted Execution Environment) computation request and its lifecycle\n * @dev This struct tracks all parameters, state, and results of an encrypted computation\n *      from request through completion\n * @param seed Random seed for committee selection and computation initialization\n * @param threshold M/N threshold for the committee (M required out of N total members)\n * @param requestBlock Block number when the E3 computation was requested\n * @param startWindow Start window for the computation: index 0 is minimum block, index 1 is the maximum block\n * @param duration Duration of the E3 computation in blocks or time units\n * @param expiration Timestamp when committee duties expire and computation is considered failed\n * @param encryptionSchemeId Identifier for the encryption scheme used in this computation\n * @param e3Program Address of the E3 Program contract that validates and verifies the computation\n * @param e3ProgramParams ABI encoded computation parameters specific to the E3 program\n * @param customParams Arbitrary ABI-encoded application-defined parameters.\n * @param decryptionVerifier Address of the output verifier contract for decryption verification\n * @param committeePublicKey The public key of the selected committee for this computation\n * @param ciphertextOutput Hash of the encrypted output data produced by the computation\n * @param plaintextOutput Decrypted output data after committee decryption\n */\nstruct E3 {\n    uint256 seed;\n    uint32[2] threshold;\n    uint256 requestBlock;\n    uint256[2] startWindow;\n    uint256 duration;\n    uint256 expiration;\n    bytes32 encryptionSchemeId;\n    IE3Program e3Program;\n    bytes e3ProgramParams;\n    bytes customParams;\n    IDecryptionVerifier decryptionVerifier;\n    bytes32 committeePublicKey;\n    bytes32 ciphertextOutput;\n    bytes plaintextOutput;\n}\n"
+      },
+      "project/contracts/interfaces/IE3Program.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\n/**\n * @title IE3Program\n * @notice Interface for E3 program validation and verification\n * @dev E3 programs define the computation logic and validation rules for encrypted execution environments\n */\ninterface IE3Program {\n    /// @notice Validate E3 computation parameters and return encryption scheme and input validator\n    /// @dev This function is called by the Enclave contract during E3 request to configure the computation\n    /// @param e3Id ID of the E3 computation\n    /// @param seed Random seed for the computation\n    /// @param e3ProgramParams ABI encoded E3 program parameters\n    /// @param computeProviderParams ABI encoded compute provider parameters\n    /// @return encryptionSchemeId ID of the encryption scheme to be used for the computation\n    function validate(\n        uint256 e3Id,\n        uint256 seed,\n        bytes calldata e3ProgramParams,\n        bytes calldata computeProviderParams\n    ) external returns (bytes32 encryptionSchemeId);\n\n    /// @notice Verify the ciphertext output of an E3 computation\n    /// @dev This function is called by the Enclave contract when ciphertext output is published\n    /// @param e3Id ID of the E3 computation\n    /// @param ciphertextOutputHash The keccak256 hash of output data to be verified\n    /// @param proof ABI encoded data to verify the ciphertextOutputHash\n    /// @return success Whether the output data is valid\n    function verify(\n        uint256 e3Id,\n        bytes32 ciphertextOutputHash,\n        bytes memory proof\n    ) external returns (bool success);\n\n    /// @notice Validate and process input data for a computation\n    /// @dev This function is called by the Enclave contract when input is published\n    /// @param e3Id ID of the E3 computation\n    /// @param sender The account that is submitting the input\n    /// @param data The input data to be validated\n    function validateInput(\n        uint256 e3Id,\n        address sender,\n        bytes memory data\n    ) external;\n}\n"
+      },
+      "project/contracts/interfaces/IEnclave.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { E3, IE3Program } from \"./IE3.sol\";\nimport { ICiphernodeRegistry } from \"./ICiphernodeRegistry.sol\";\nimport { IBondingRegistry } from \"./IBondingRegistry.sol\";\nimport { IDecryptionVerifier } from \"./IDecryptionVerifier.sol\";\nimport { IERC20 } from \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\n\ninterface IEnclave {\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                         Events                         //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice This event MUST be emitted when an Encrypted Execution Environment (E3) is successfully requested.\n    /// @param e3Id ID of the E3.\n    /// @param e3 Details of the E3.\n    /// @param e3Program Address of the Computation module selected.\n    event E3Requested(uint256 e3Id, E3 e3, IE3Program indexed e3Program);\n\n    /// @notice This event MUST be emitted when an Encrypted Execution Environment (E3) is successfully activated.\n    /// @param e3Id ID of the E3.\n    /// @param expiration Timestamp when committee duties expire.\n    /// @param committeePublicKey Public key of the committee.\n    event E3Activated(\n        uint256 e3Id,\n        uint256 expiration,\n        bytes committeePublicKey\n    );\n\n    /// @notice This event MUST be emitted when an input to an Encrypted Execution Environment (E3) is\n    /// successfully published.\n    /// @param e3Id ID of the E3.\n    /// @param data ABI encoded input data.\n    event InputPublished(\n        uint256 indexed e3Id,\n        bytes data,\n        uint256 inputHash,\n        uint256 index\n    );\n\n    /// @notice This event MUST be emitted when the plaintext output of an Encrypted Execution Environment (E3)\n    /// is successfully published.\n    /// @param e3Id ID of the E3.\n    /// @param plaintextOutput ABI encoded plaintext output.\n    event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);\n\n    /// @notice This event MUST be emitted when the ciphertext output of an Encrypted Execution Environment (E3)\n    /// is successfully published.\n    /// @param e3Id ID of the E3.\n    /// @param ciphertextOutput ABI encoded ciphertext output.\n    event CiphertextOutputPublished(\n        uint256 indexed e3Id,\n        bytes ciphertextOutput\n    );\n\n    /// @notice This event MUST be emitted any time the `maxDuration` is set.\n    /// @param maxDuration The maximum duration of a computation in seconds.\n    event MaxDurationSet(uint256 maxDuration);\n\n    /// @notice This event MUST be emitted any time the CiphernodeRegistry is set.\n    /// @param ciphernodeRegistry The address of the CiphernodeRegistry contract.\n    event CiphernodeRegistrySet(address ciphernodeRegistry);\n\n    /// @notice This event MUST be emitted any time the BondingRegistry is set.\n    /// @param bondingRegistry The address of the BondingRegistry contract.\n    event BondingRegistrySet(address bondingRegistry);\n\n    /// @notice This event MUST be emitted any time the fee token is set.\n    /// @param feeToken The address of the fee token.\n    event FeeTokenSet(address feeToken);\n\n    /// @notice This event MUST be emitted when rewards are distributed to committee members.\n    /// @param e3Id The ID of the E3 computation.\n    /// @param nodes The addresses of the committee members receiving rewards.\n    /// @param amounts The reward amounts for each committee member.\n    event RewardsDistributed(\n        uint256 indexed e3Id,\n        address[] nodes,\n        uint256[] amounts\n    );\n\n    /// @notice The event MUST be emitted any time an encryption scheme is enabled.\n    /// @param encryptionSchemeId The ID of the encryption scheme that was enabled.\n    event EncryptionSchemeEnabled(bytes32 encryptionSchemeId);\n\n    /// @notice This event MUST be emitted any time an encryption scheme is disabled.\n    /// @param encryptionSchemeId The ID of the encryption scheme that was disabled.\n    event EncryptionSchemeDisabled(bytes32 encryptionSchemeId);\n\n    /// @notice This event MUST be emitted any time a E3 Program is enabled.\n    /// @param e3Program The address of the E3 Program.\n    event E3ProgramEnabled(IE3Program e3Program);\n\n    /// @notice This event MUST be emitted any time a E3 Program is disabled.\n    /// @param e3Program The address of the E3 Program.\n    event E3ProgramDisabled(IE3Program e3Program);\n\n    /// @notice Emitted when the allowed E3 encryption scheme parameters are configured.\n    /// @param e3ProgramParams Array of encoded encryption scheme parameters (e.g, for BFV)\n    event AllowedE3ProgramsParamsSet(bytes[] e3ProgramParams);\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                  Structs                               //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice This struct contains the parameters to submit a request to Enclave.\n    /// @param threshold The M/N threshold for the committee.\n    /// @param startWindow The start window for the computation.\n    /// @param duration The duration of the computation in seconds.\n    /// @param e3Program The address of the E3 Program.\n    /// @param e3ProgramParams The ABI encoded computation parameters.\n    /// @param computeProviderParams The ABI encoded compute provider parameters.\n    /// @param customParams Arbitrary ABI-encoded application-defined parameters.\n    struct E3RequestParams {\n        uint32[2] threshold;\n        uint256[2] startWindow;\n        uint256 duration;\n        IE3Program e3Program;\n        bytes e3ProgramParams;\n        bytes computeProviderParams;\n        bytes customParams;\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                  Core Entrypoints                      //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice This function should be called to request a computation within an Encrypted Execution Environment (E3).\n    /// @dev This function MUST emit the E3Requested event.\n    /// @param requestParams The parameters for the E3 request.\n    /// @return e3Id ID of the E3.\n    /// @return e3 The E3 struct.\n    function request(\n        E3RequestParams calldata requestParams\n    ) external returns (uint256 e3Id, E3 memory e3);\n\n    /// @notice This function should be called to activate an Encrypted Execution Environment (E3) once it has been\n    /// initialized and is ready for input.\n    /// @dev This function MUST emit the E3Activated event.\n    /// @dev This function MUST revert if the given E3 has not yet been requested.\n    /// @dev This function MUST revert if the selected node committee has not yet published a public key.\n    /// @param e3Id ID of the E3.\n    /// @param publicKey Public key of the committee.\n    /// @return success True if the E3 was successfully activated.\n    function activate(\n        uint256 e3Id,\n        bytes calldata publicKey\n    ) external returns (bool success);\n\n    /// @notice This function should be called to publish input data for Encrypted Execution Environment (E3).\n    /// @dev This function MUST revert if the E3 is not yet activated.\n    /// @dev This function MUST emit the InputPublished event.\n    /// @param e3Id ID of the E3.\n    /// @param data ABI encoded input data to publish.\n    /// @return success True if the input was successfully published.\n    function publishInput(\n        uint256 e3Id,\n        bytes calldata data\n    ) external returns (bool success);\n\n    /// @notice This function should be called to publish output data for an Encrypted Execution Environment (E3).\n    /// @dev This function MUST emit the CiphertextOutputPublished event.\n    /// @param e3Id ID of the E3.\n    /// @param ciphertextOutput ABI encoded output data to verify.\n    /// @param proof ABI encoded data to verify the ciphertextOutput.\n    /// @return success True if the output was successfully published.\n    function publishCiphertextOutput(\n        uint256 e3Id,\n        bytes calldata ciphertextOutput,\n        bytes calldata proof\n    ) external returns (bool success);\n\n    /// @notice This function publishes the plaintext output of an Encrypted Execution Environment (E3).\n    /// @dev This function MUST revert if the output has not been published.\n    /// @dev This function MUST emit the PlaintextOutputPublished event.\n    /// @param e3Id ID of the E3.\n    /// @param plaintextOutput ABI encoded plaintext output.\n    /// @param proof ABI encoded data to verify the plaintextOutput.\n    function publishPlaintextOutput(\n        uint256 e3Id,\n        bytes calldata plaintextOutput,\n        bytes calldata proof\n    ) external returns (bool success);\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Set Functions                        //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice This function should be called to set the maximum duration of requested computations.\n    /// @param _maxDuration The maximum duration of a computation in seconds.\n    /// @return success True if the max duration was successfully set.\n    function setMaxDuration(\n        uint256 _maxDuration\n    ) external returns (bool success);\n\n    /// @notice Sets the Ciphernode Registry contract address.\n    /// @dev This function MUST revert if the address is zero or the same as the current registry.\n    /// @param _ciphernodeRegistry The address of the new Ciphernode Registry contract.\n    /// @return success True if the registry was successfully set.\n    function setCiphernodeRegistry(\n        ICiphernodeRegistry _ciphernodeRegistry\n    ) external returns (bool success);\n\n    /// @notice Sets the Bonding Registry contract address.\n    /// @dev This function MUST revert if the address is zero or the same as the current registry.\n    /// @param _bondingRegistry The address of the new Bonding Registry contract.\n    /// @return success True if the registry was successfully set.\n    function setBondingRegistry(\n        IBondingRegistry _bondingRegistry\n    ) external returns (bool success);\n\n    /// @notice Sets the fee token used for E3 payments.\n    /// @dev This function MUST revert if the address is zero or the same as the current fee token.\n    /// @param _feeToken The address of the new fee token.\n    /// @return success True if the fee token was successfully set.\n    function setFeeToken(IERC20 _feeToken) external returns (bool success);\n\n    /// @notice This function should be called to enable an E3 Program.\n    /// @param e3Program The address of the E3 Program.\n    /// @return success True if the E3 Program was successfully enabled.\n    function enableE3Program(\n        IE3Program e3Program\n    ) external returns (bool success);\n\n    /// @notice This function should be called to disable an E3 Program.\n    /// @param e3Program The address of the E3 Program.\n    /// @return success True if the E3 Program was successfully disabled.\n    function disableE3Program(\n        IE3Program e3Program\n    ) external returns (bool success);\n\n    /// @notice Sets or enables a decryption verifier for a specific encryption scheme.\n    /// @dev This function MUST revert if the verifier address is zero or already set to the same value.\n    /// @param encryptionSchemeId The unique identifier for the encryption scheme.\n    /// @param decryptionVerifier The address of the decryption verifier contract.\n    /// @return success True if the verifier was successfully set.\n    function setDecryptionVerifier(\n        bytes32 encryptionSchemeId,\n        IDecryptionVerifier decryptionVerifier\n    ) external returns (bool success);\n\n    /// @notice Disables a previously enabled encryption scheme.\n    /// @dev This function MUST revert if the encryption scheme is not currently enabled.\n    /// @param encryptionSchemeId The unique identifier for the encryption scheme to disable.\n    /// @return success True if the encryption scheme was successfully disabled.\n    function disableEncryptionScheme(\n        bytes32 encryptionSchemeId\n    ) external returns (bool success);\n\n    /// @notice Sets the allowed E3 program parameters.\n    /// @dev This function enables specific parameter sets for E3 programs (e.g., BFV encryption parameters).\n    /// @param _e3ProgramsParams Array of ABI encoded parameter sets to allow.\n    /// @return success True if the parameters were successfully set.\n    function setE3ProgramsParams(\n        bytes[] memory _e3ProgramsParams\n    ) external returns (bool success);\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Get Functions                        //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice This function should be called to retrieve the details of an Encrypted Execution Environment (E3).\n    /// @dev This function MUST revert if the E3 does not exist.\n    /// @param e3Id ID of the E3.\n    /// @return e3 The struct representing the requested E3.\n    function getE3(uint256 e3Id) external view returns (E3 memory e3);\n\n    /// @notice This function returns the fee of an E3\n    /// @dev This function MUST revert if the E3 parameters are invalid.\n    /// @param e3Params the struct representing the E3 request parameters\n    /// @return fee the fee of the E3\n    function getE3Quote(\n        E3RequestParams calldata e3Params\n    ) external view returns (uint256 fee);\n\n    /// @notice Returns the decryption verifier for a given encryption scheme.\n    /// @param encryptionSchemeId The unique identifier for the encryption scheme.\n    /// @return The decryption verifier contract for the specified encryption scheme.\n    function getDecryptionVerifier(\n        bytes32 encryptionSchemeId\n    ) external view returns (IDecryptionVerifier);\n}\n"
+      },
+      "project/contracts/interfaces/ISlashingManager.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\n\npragma solidity >=0.8.27;\n\nimport { IBondingRegistry } from \"./IBondingRegistry.sol\";\n\n/**\n * @title ISlashingManager\n * @notice Interface for managing slashing proposals, appeals, and execution\n * @dev Maintains policy table and handles slash workflows with appeals\n */\ninterface ISlashingManager {\n    // ======================\n    // Structs\n    // ======================\n\n    /**\n     * @notice Slashing policy configuration for different slash reasons\n     * @dev Defines penalties, proof requirements, and appeal mechanisms for each slash type\n     * @param ticketPenalty Amount of ticket collateral to slash (in wei)\n     * @param licensePenalty Amount of license bond to slash (in wei)\n     * @param requiresProof Whether this slash type requires cryptographic proof verification\n     * @param proofVerifier Address of the ISlashVerifier contract for proof validation\n     * @param banNode Whether executing this slash will permanently ban the node\n     * @param appealWindow Time window in seconds for operators to appeal (0 = immediate execution, no appeals)\n     * @param enabled Whether this slash type is currently active and can be proposed\n     */\n    struct SlashPolicy {\n        uint256 ticketPenalty;\n        uint256 licensePenalty;\n        bool requiresProof;\n        address proofVerifier;\n        bool banNode;\n        uint256 appealWindow;\n        bool enabled;\n    }\n\n    /**\n     * @notice Slash proposal details tracking the full lifecycle of a slash\n     * @dev Stores all state needed for proposal, appeal, and execution workflows\n     * @param operator Address of the ciphernode operator being slashed\n     * @param reason Hash of the slash reason (maps to SlashPolicy configuration)\n     * @param ticketAmount Amount of ticket collateral to slash (copied from policy at proposal time)\n     * @param licenseAmount Amount of license bond to slash (copied from policy at proposal time)\n     * @param executed Whether the slashing penalties have been executed\n     * @param appealed Whether the operator has filed an appeal\n     * @param resolved Whether the appeal has been resolved by governance\n     * @param appealUpheld Whether the appeal was approved (true = cancel slash, false = slash proceeds)\n     * @param proposedAt Block timestamp when the slash was proposed\n     * @param executableAt Block timestamp when execution becomes possible (proposedAt + appealWindow)\n     * @param proposer Address that created this slash proposal\n     * @param proofHash Keccak256 hash of the proof data submitted with the proposal\n     * @param proofVerified Whether the proof was successfully verified by the proof verifier contract\n     */\n    struct SlashProposal {\n        address operator;\n        bytes32 reason;\n        uint256 ticketAmount;\n        uint256 licenseAmount;\n        bool executed;\n        bool appealed;\n        bool resolved;\n        bool appealUpheld;\n        uint256 proposedAt;\n        uint256 executableAt;\n        address proposer;\n        bytes32 proofHash;\n        bool proofVerified;\n    }\n\n    // ======================\n    // Errors\n    // ======================\n\n    /// @notice Thrown when a zero address is provided where a valid address is required\n    error ZeroAddress();\n\n    /// @notice Thrown when caller lacks required role permissions for the operation\n    error Unauthorized();\n\n    /// @notice Thrown when a slash policy configuration is invalid\n    error InvalidPolicy();\n\n    /// @notice Thrown when referencing a proposal ID that doesn't exist or is in invalid state\n    error InvalidProposal();\n\n    /// @notice Thrown when proof is required by policy but not provided\n    error ProofRequired();\n\n    /// @notice Thrown when provided proof fails verification\n    error InvalidProof();\n\n    /// @notice Thrown when attempting to execute a slash whose appeal was upheld\n    error AppealUpheld();\n\n    /// @notice Thrown when attempting to execute a slash with an unresolved appeal\n    error AppealPending();\n\n    /// @notice Thrown when attempting to file an appeal after the appeal window has closed\n    error AppealWindowExpired();\n\n    /// @notice Thrown when attempting to execute a slash before the appeal window has closed\n    error AppealWindowActive();\n\n    /// @notice Thrown when attempting to file a second appeal for the same proposal\n    error AlreadyAppealed();\n\n    /// @notice Thrown when attempting to execute a slash that has already been executed\n    error AlreadyExecuted();\n\n    /// @notice Thrown when attempting to resolve an appeal that has already been resolved\n    error AlreadyResolved();\n\n    /// @notice Thrown when referencing a slash reason that doesn't exist\n    error SlashReasonNotFound();\n\n    /// @notice Thrown when attempting to propose a slash for a disabled reason\n    error SlashReasonDisabled();\n\n    /// @notice Thrown when a banned ciphernode attempts a restricted operation\n    error CiphernodeBanned();\n\n    /// @notice Thrown when a policy requires proof but no verifier contract is configured\n    error VerifierNotSet();\n\n    // ======================\n    // Events\n    // ======================\n\n    /**\n     * @notice Emitted when a slash policy is created or updated\n     * @param reason Hash of the slash reason being configured\n     * @param policy The complete policy configuration including penalties and appeal settings\n     */\n    event SlashPolicyUpdated(bytes32 indexed reason, SlashPolicy policy);\n\n    /**\n     * @notice Emitted when a new slash proposal is created\n     * @param proposalId Unique ID of the created proposal\n     * @param operator Address of the ciphernode operator being slashed\n     * @param reason Hash of the slash reason\n     * @param ticketAmount Amount of ticket collateral to be slashed\n     * @param licenseAmount Amount of license bond to be slashed\n     * @param executableAt Timestamp when the slash can be executed (after appeal window)\n     * @param proposer Address that created the proposal\n     */\n    event SlashProposed(\n        uint256 indexed proposalId,\n        address indexed operator,\n        bytes32 indexed reason,\n        uint256 ticketAmount,\n        uint256 licenseAmount,\n        uint256 executableAt,\n        address proposer\n    );\n\n    /**\n     * @notice Emitted when a slash proposal is executed and penalties are applied\n     * @param proposalId ID of the executed proposal\n     * @param operator Address of the slashed operator\n     * @param reason Hash of the slash reason\n     * @param ticketAmount Amount of ticket collateral slashed\n     * @param licenseAmount Amount of license bond slashed\n     * @param executed Execution status (should always be true)\n     */\n    event SlashExecuted(\n        uint256 indexed proposalId,\n        address indexed operator,\n        bytes32 indexed reason,\n        uint256 ticketAmount,\n        uint256 licenseAmount,\n        bool executed\n    );\n\n    /**\n     * @notice Emitted when an operator files an appeal against a slash proposal\n     * @param proposalId ID of the proposal being appealed\n     * @param operator Address of the operator filing the appeal\n     * @param reason Hash of the slash reason being appealed\n     * @param evidence Evidence string provided by the operator supporting their appeal\n     */\n    event AppealFiled(\n        uint256 indexed proposalId,\n        address indexed operator,\n        bytes32 indexed reason,\n        string evidence\n    );\n\n    /**\n     * @notice Emitted when governance resolves an appeal\n     * @param proposalId ID of the proposal with the resolved appeal\n     * @param operator Address of the operator who appealed\n     * @param appealUpheld Whether the appeal was approved (true = slash cancelled, false = slash proceeds)\n     * @param resolver Address of the governance account that resolved the appeal\n     * @param resolution Explanation string for the resolution decision\n     */\n    event AppealResolved(\n        uint256 indexed proposalId,\n        address indexed operator,\n        bool appealUpheld,\n        address resolver,\n        string resolution\n    );\n\n    /**\n     * @notice Emitted when a node is banned or unbanned from the network\n     * @param node Address of the node\n     * @param status Whether the node is banned\n     * @param reason Hash of the reason for banning or unbanning\n     * @param updater Address that executed the ban (governance or contract)\n     */\n    event NodeBanUpdated(\n        address indexed node,\n        bool status,\n        bytes32 indexed reason,\n        address updater\n    );\n\n    // ======================\n    // View Functions\n    // ======================\n\n    /**\n     * @notice Retrieves the slash policy configuration for a given reason\n     * @param reason Hash of the slash reason to query\n     * @return policy The complete SlashPolicy struct (returns default empty struct if not configured)\n     */\n    function getSlashPolicy(\n        bytes32 reason\n    ) external view returns (SlashPolicy memory policy);\n\n    /**\n     * @notice Retrieves the details of a slash proposal\n     * @param proposalId ID of the proposal to query\n     * @return proposal The complete SlashProposal struct\n     * @dev Reverts with InvalidProposal if proposalId >= totalProposals\n     */\n    function getSlashProposal(\n        uint256 proposalId\n    ) external view returns (SlashProposal memory proposal);\n\n    /**\n     * @notice Returns the total number of slash proposals ever created\n     * @return count The total count of proposals (next proposalId will be this value)\n     */\n    function totalProposals() external view returns (uint256 count);\n\n    /**\n     * @notice Checks whether a node is currently banned\n     * @param node Address of the node to check\n     * @return isBanned True if the node is banned, false otherwise\n     */\n    function isBanned(address node) external view returns (bool isBanned);\n\n    /**\n     * @notice Returns the bonding registry contract used for executing slashes\n     * @return registry The IBondingRegistry contract instance\n     */\n    function bondingRegistry()\n        external\n        view\n        returns (IBondingRegistry registry);\n\n    // ======================\n    // Admin Functions\n    // ======================\n\n    /**\n     * @notice Creates or updates the slash policy for a specific reason\n     * @dev Only callable by GOVERNANCE_ROLE. Validates policy constraints before setting\n     * @param reason Hash of the slash reason to configure (must be non-zero)\n     * @param policy Complete policy configuration including penalties, proof requirements, and appeal settings\n     * Requirements:\n     * - reason must not be bytes32(0)\n     * - policy.enabled must be true\n     * - At least one of ticketPenalty or licensePenalty must be non-zero\n     * - If requiresProof is true, proofVerifier must be set and appealWindow must be 0\n     * - If requiresProof is false, appealWindow must be greater than 0\n     */\n    function setSlashPolicy(\n        bytes32 reason,\n        SlashPolicy calldata policy\n    ) external;\n\n    /**\n     * @notice Updates the bonding registry contract address\n     * @dev Only callable by DEFAULT_ADMIN_ROLE. Used to execute actual slashing of funds\n     * @param newBondingRegistry Address of the new IBondingRegistry contract (must be non-zero)\n     */\n    function setBondingRegistry(address newBondingRegistry) external;\n\n    /**\n     * @notice Grants SLASHER_ROLE to an address\n     * @dev Only callable by DEFAULT_ADMIN_ROLE. Slashers can propose and execute slashes\n     * @param slasher Address to grant slashing permissions (must be non-zero)\n     */\n    function addSlasher(address slasher) external;\n\n    /**\n     * @notice Revokes SLASHER_ROLE from an address\n     * @dev Only callable by DEFAULT_ADMIN_ROLE\n     * @param slasher Address to revoke slashing permissions from\n     */\n    function removeSlasher(address slasher) external;\n\n    /**\n     * @notice Grants VERIFIER_ROLE to an address\n     * @dev Only callable by DEFAULT_ADMIN_ROLE. Verifiers can validate proof-based slashes\n     * @param verifier Address to grant verification permissions (must be non-zero)\n     */\n    function addVerifier(address verifier) external;\n\n    /**\n     * @notice Revokes VERIFIER_ROLE from an address\n     * @dev Only callable by DEFAULT_ADMIN_ROLE\n     * @param verifier Address to revoke verification permissions from\n     */\n    function removeVerifier(address verifier) external;\n\n    // ======================\n    // Slashing Functions\n    // ======================\n\n    /**\n     * @notice Creates a new slash proposal against an operator\n     * @dev Only callable by SLASHER_ROLE. Validates policy and proof if required\n     * @param operator Address of the ciphernode operator to slash (must be non-zero)\n     * @param reason Hash of the slash reason (must have an enabled policy configured)\n     * @param proof Proof data to be verified (required if policy.requiresProof is true, can be empty otherwise)\n     * @return proposalId Sequential ID of the created proposal\n     * Requirements:\n     * - operator must not be zero address\n     * - reason must have an enabled policy configured\n     * - If policy requires proof, proof must be non-empty and pass verification\n     * - Caller must have SLASHER_ROLE\n     */\n    function proposeSlash(\n        address operator,\n        bytes32 reason,\n        bytes calldata proof\n    ) external returns (uint256 proposalId);\n\n    /**\n     * @notice Executes a slash proposal and applies penalties to the operator\n     * @dev Only callable by SLASHER_ROLE. Validates execution conditions and applies slashing\n     * @param proposalId ID of the proposal to execute (must exist and not be already executed)\n     * Requirements:\n     * - Proposal must exist and not be already executed\n     * - For proof-required slashes: proof must be verified\n     * - For evidence-based slashes: appeal window must have expired\n     * - If appeal was filed and resolved, appeal must not have been upheld\n     * - Caller must have SLASHER_ROLE\n     * Effects:\n     * - Marks proposal as executed\n     * - Slashes ticket balance if ticketAmount > 0\n     * - Slashes license bond if licenseAmount > 0\n     * - Bans node if policy.banNode is true\n     */\n    function executeSlash(uint256 proposalId) external;\n\n    // ======================\n    // Appeal Functions\n    // ======================\n\n    /**\n     * @notice Allows an operator to file an appeal against a slash proposal\n     * @dev Only the operator being slashed can file an appeal, and only within the appeal window\n     * @param proposalId ID of the proposal to appeal (must exist)\n     * @param evidence String containing evidence and arguments supporting the appeal\n     * Requirements:\n     * - Proposal must exist\n     * - Caller must be the operator being slashed\n     * - Current timestamp must be before proposal.executableAt (within appeal window)\n     * - Proposal must not already have an appeal filed\n     */\n    function fileAppeal(uint256 proposalId, string calldata evidence) external;\n\n    /**\n     * @notice Resolves an appeal by accepting or rejecting it\n     * @dev Only callable by GOVERNANCE_ROLE. If appeal is upheld, the slash cannot be executed\n     * @param proposalId ID of the proposal with the appeal to resolve (must exist and have an appeal)\n     * @param appealUpheld True to uphold the appeal (cancel the slash), false to deny the appeal\n     *                     (allow slash to proceed)\n     * @param resolution String explaining the governance decision\n     * Requirements:\n     * - Proposal must exist and have an appeal filed\n     * - Appeal must not already be resolved\n     * - Caller must have GOVERNANCE_ROLE\n     * Effects:\n     * - Marks appeal as resolved\n     * - Sets appealUpheld flag (true = slash cancelled, false = slash can proceed)\n     */\n    function resolveAppeal(\n        uint256 proposalId,\n        bool appealUpheld,\n        string calldata resolution\n    ) external;\n\n    // ======================\n    // Ban Management\n    // ======================\n\n    /**\n     * @notice Bans or unbans a node from the network\n     * @dev Only callable by GOVERNANCE_ROLE. Bans can also occur automatically via executeSlash\n     * @param node Address of the node to ban (must be non-zero)\n     * @param status Whether to ban the node\n     * @param reason Hash of the reason for banning\n     * Requirements:\n     * - node must not be zero address\n     * - Caller must have GOVERNANCE_ROLE\n     * Effects:\n     * - Sets banned[node] to status\n     * - Emits NodeBanned event if status is true\n     * - Emits NodeUnbanned event if status is false\n     */\n    function updateBanStatus(\n        address node,\n        bool status,\n        bytes32 reason\n    ) external;\n}\n"
+      },
+      "project/contracts/interfaces/ISlashVerifier.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\n/**\n * @title ISlashVerifier\n * @notice Interface for verifying slash proofs\n * @dev Slash verifiers implement cryptographic or logical verification of slash proposals\n */\ninterface ISlashVerifier {\n    /// @notice Verify a slash proof\n    /// @dev This function is called by the SlashingManager contract during slash proposal to verify proof validity\n    /// @param proposalId ID of the slash proposal\n    /// @param proof ABI encoded proof data supporting the slash\n    /// @return success Whether the proof was successfully verified\n    function verify(\n        uint256 proposalId,\n        bytes memory proof\n    ) external view returns (bool success);\n}\n"
+      },
+      "project/contracts/lib/ExitQueueLib.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\n\npragma solidity >=0.8.27;\n\n/**\n * @title ExitQueueLib\n * @notice Library for managing time-locked exit queues for tickets and licenses\n * @dev Implements a queue system where assets are locked for a delay period before they can be claimed or slashed.\n *      Assets are organized into tranches based on unlock timestamps, allowing efficient batch operations.\n */\nlibrary ExitQueueLib {\n    /**\n     * @notice Represents a single tranche of assets with a specific unlock timestamp\n     * @dev Multiple assets queued at the same time are merged into the same tranche for efficiency\n     * @param unlockTimestamp The timestamp when assets in this tranche become claimable\n     * @param ticketAmount The amount of tickets in this tranche\n     * @param licenseAmount The amount of licenses in this tranche\n     */\n    struct ExitTranche {\n        uint64 unlockTimestamp;\n        uint256 ticketAmount;\n        uint256 licenseAmount;\n    }\n\n    /**\n     * @notice Tracks total pending amounts for an operator across all tranches\n     * @param ticketAmount Total pending tickets waiting in the exit queue\n     * @param licenseAmount Total pending licenses waiting in the exit queue\n     */\n    struct PendingAmounts {\n        uint256 ticketAmount;\n        uint256 licenseAmount;\n    }\n\n    /**\n     * @notice Main state structure for the exit queue system\n     * @dev Contains all per-operator queue data and pending totals\n     * @param operatorQueues Maps operator addresses to their arrays of exit tranches\n     * @param queueHeadIndex Maps operator addresses to the current head index (for efficient cleanup)\n     * @param pendingTotals Maps operator addresses to their total pending amounts\n     */\n    struct ExitQueueState {\n        mapping(address operator => ExitTranche[] operatorQueues) operatorQueues;\n        mapping(address operator => uint256 queueHeadIndex) queueHeadIndex;\n        mapping(address operator => PendingAmounts operatorPendings) pendingTotals;\n    }\n\n    /**\n     * @notice Types of assets that can be queued for exit\n     * @dev Used internally to differentiate between ticket and license operations\n     */\n    enum AssetType {\n        Ticket,\n        License\n    }\n\n    /**\n     * @notice Emitted when assets are queued for exit\n     * @param operator The operator whose assets were queued\n     * @param ticketAmount The amount of tickets queued\n     * @param licenseAmount The amount of licenses queued\n     * @param unlockTimestamp The timestamp when these assets will become claimable\n     */\n    event AssetsQueuedForExit(\n        address indexed operator,\n        uint256 ticketAmount,\n        uint256 licenseAmount,\n        uint64 unlockTimestamp\n    );\n\n    /**\n     * @notice Emitted when assets are claimed from the exit queue\n     * @param operator The operator who claimed the assets\n     * @param ticketAmount The amount of tickets claimed\n     * @param licenseAmount The amount of licenses claimed\n     */\n    event AssetsClaimed(\n        address indexed operator,\n        uint256 ticketAmount,\n        uint256 licenseAmount\n    );\n\n    /**\n     * @notice Emitted when pending assets are slashed\n     * @param operator The operator whose assets were slashed\n     * @param ticketAmount The amount of tickets slashed\n     * @param licenseAmount The amount of licenses slashed\n     * @param includedLockedAssets Whether locked (not yet unlocked) assets were included in the slash\n     */\n    event PendingAssetsSlashed(\n        address indexed operator,\n        uint256 ticketAmount,\n        uint256 licenseAmount,\n        bool includedLockedAssets\n    );\n\n    /// @notice Thrown when attempting to queue zero amount of both asset types\n    error ZeroAmountNotAllowed();\n\n    /// @notice Thrown when timestamp calculation would overflow uint64\n    error TimestampOverflow();\n\n    /// @notice Thrown when accessing an invalid queue index\n    error IndexOutOfBounds();\n\n    /**\n     * @notice Queues both tickets and licenses for exit with a time delay\n     * @dev Assets are added to the operator's queue and will be claimable after exitDelaySeconds.\n     *      If a tranche with the same unlock timestamp already exists, amounts are merged into it.\n     * @param state The exit queue state storage\n     * @param operator The operator whose assets are being queued\n     * @param exitDelaySeconds The number of seconds until assets become claimable\n     * @param ticketAmount The amount of tickets to queue (can be 0)\n     * @param licenseAmount The amount of licenses to queue (can be 0)\n     */\n    function queueAssetsForExit(\n        ExitQueueState storage state,\n        address operator,\n        uint64 exitDelaySeconds,\n        uint256 ticketAmount,\n        uint256 licenseAmount\n    ) internal {\n        if (ticketAmount == 0 && licenseAmount == 0) {\n            return;\n        }\n\n        uint64 currentTimestamp = uint64(block.timestamp);\n        require(\n            currentTimestamp <= (type(uint64).max - exitDelaySeconds),\n            TimestampOverflow()\n        );\n        uint64 unlockTimestamp = currentTimestamp + exitDelaySeconds;\n\n        ExitTranche[] storage operatorQueue = state.operatorQueues[operator];\n\n        uint256 len = operatorQueue.length;\n        bool merged;\n        if (len != 0) {\n            ExitTranche storage lastTranche = operatorQueue[len - 1];\n            if (lastTranche.unlockTimestamp == unlockTimestamp) {\n                if (ticketAmount != 0) lastTranche.ticketAmount += ticketAmount;\n                if (licenseAmount != 0) {\n                    lastTranche.licenseAmount += licenseAmount;\n                }\n                merged = true;\n            }\n        }\n\n        if (!merged) {\n            ExitTranche storage t = operatorQueue.push();\n            t.unlockTimestamp = unlockTimestamp;\n            t.ticketAmount = ticketAmount;\n            t.licenseAmount = licenseAmount;\n        }\n\n        _updatePendingTotals(\n            state,\n            operator,\n            ticketAmount,\n            licenseAmount,\n            true\n        );\n\n        emit AssetsQueuedForExit(\n            operator,\n            ticketAmount,\n            licenseAmount,\n            unlockTimestamp\n        );\n    }\n\n    /**\n     * @notice Queues only tickets for exit with a time delay\n     * @dev Convenience function that calls queueAssetsForExit with licenseAmount = 0\n     * @param state The exit queue state storage\n     * @param operator The operator whose tickets are being queued\n     * @param exitDelaySeconds The number of seconds until tickets become claimable\n     * @param ticketAmount The amount of tickets to queue\n     */\n    function queueTicketsForExit(\n        ExitQueueState storage state,\n        address operator,\n        uint64 exitDelaySeconds,\n        uint256 ticketAmount\n    ) internal {\n        queueAssetsForExit(state, operator, exitDelaySeconds, ticketAmount, 0);\n    }\n\n    /**\n     * @notice Queues only licenses for exit with a time delay\n     * @dev Convenience function that calls queueAssetsForExit with ticketAmount = 0\n     * @param state The exit queue state storage\n     * @param operator The operator whose licenses are being queued\n     * @param exitDelaySeconds The number of seconds until licenses become claimable\n     * @param licenseAmount The amount of licenses to queue\n     */\n    function queueLicensesForExit(\n        ExitQueueState storage state,\n        address operator,\n        uint64 exitDelaySeconds,\n        uint256 licenseAmount\n    ) internal {\n        queueAssetsForExit(state, operator, exitDelaySeconds, 0, licenseAmount);\n    }\n\n    /**\n     * @notice Gets the total pending amounts for an operator across all tranches\n     * @dev Returns both locked (not yet claimable) and unlocked (claimable) amounts\n     * @param state The exit queue state storage\n     * @param operator The operator to query\n     * @return ticketAmount Total pending tickets in the exit queue\n     * @return licenseAmount Total pending licenses in the exit queue\n     */\n    function getPendingAmounts(\n        ExitQueueState storage state,\n        address operator\n    ) internal view returns (uint256 ticketAmount, uint256 licenseAmount) {\n        PendingAmounts storage pending = state.pendingTotals[operator];\n        return (pending.ticketAmount, pending.licenseAmount);\n    }\n\n    /**\n     * @notice Previews the amounts that can be claimed at the current block timestamp\n     * @dev Iterates through tranches and sums up amounts where unlock timestamp has passed\n     * @param state The exit queue state storage\n     * @param operator The operator to query\n     * @return ticketAmount Total claimable tickets at current timestamp\n     * @return licenseAmount Total claimable licenses at current timestamp\n     */\n    function previewClaimableAmounts(\n        ExitQueueState storage state,\n        address operator\n    ) internal view returns (uint256 ticketAmount, uint256 licenseAmount) {\n        ExitTranche[] storage operatorQueue = state.operatorQueues[operator];\n        uint256 currentIndex = state.queueHeadIndex[operator];\n\n        for (uint256 i = currentIndex; i < operatorQueue.length; i++) {\n            ExitTranche storage tranche = operatorQueue[i];\n\n            if (block.timestamp < tranche.unlockTimestamp) {\n                break;\n            }\n\n            ticketAmount += tranche.ticketAmount;\n            licenseAmount += tranche.licenseAmount;\n        }\n    }\n\n    /**\n     * @notice Claims unlocked assets from the exit queue\n     * @dev Only processes tranches where unlock timestamp has passed. Updates pending totals\n     *      and cleans up empty tranches.\n     * @param state The exit queue state storage\n     * @param operator The operator claiming assets\n     * @param maxTicketAmount Maximum tickets to claim (actual claimed may be less if queue has fewer)\n     * @param maxLicenseAmount Maximum licenses to claim (actual claimed may be less if queue has fewer)\n     * @return ticketsClaimed Actual amount of tickets claimed\n     * @return licensesClaimed Actual amount of licenses claimed\n     */\n    function claimAssets(\n        ExitQueueState storage state,\n        address operator,\n        uint256 maxTicketAmount,\n        uint256 maxLicenseAmount\n    ) internal returns (uint256 ticketsClaimed, uint256 licensesClaimed) {\n        if (maxTicketAmount > 0) {\n            ticketsClaimed = _takeAssetsFromQueue(\n                state,\n                operator,\n                maxTicketAmount,\n                AssetType.Ticket,\n                false\n            );\n            if (ticketsClaimed > 0) {\n                state.pendingTotals[operator].ticketAmount -= ticketsClaimed;\n            }\n        }\n\n        if (maxLicenseAmount > 0) {\n            licensesClaimed = _takeAssetsFromQueue(\n                state,\n                operator,\n                maxLicenseAmount,\n                AssetType.License,\n                false\n            );\n            if (licensesClaimed > 0) {\n                state.pendingTotals[operator].licenseAmount -= licensesClaimed;\n            }\n        }\n\n        if (ticketsClaimed > 0 || licensesClaimed > 0) {\n            _cleanupEmptyTranches(state, operator);\n            emit AssetsClaimed(operator, ticketsClaimed, licensesClaimed);\n        }\n    }\n\n    /**\n     * @notice Slashes pending assets from the exit queue\n     * @dev Can optionally include locked (not yet unlocked) assets. Updates pending totals\n     *      and cleans up empty tranches.\n     * @param state The exit queue state storage\n     * @param operator The operator whose assets are being slashed\n     * @param ticketAmountToSlash Maximum tickets to slash\n     * @param licenseAmountToSlash Maximum licenses to slash\n     * @param includeLockedAssets If true, slashes locked assets; if false, only slashes unlocked assets\n     * @return ticketsSlashed Actual amount of tickets slashed\n     * @return licensesSlashed Actual amount of licenses slashed\n     */\n    function slashPendingAssets(\n        ExitQueueState storage state,\n        address operator,\n        uint256 ticketAmountToSlash,\n        uint256 licenseAmountToSlash,\n        bool includeLockedAssets\n    ) internal returns (uint256 ticketsSlashed, uint256 licensesSlashed) {\n        if (ticketAmountToSlash > 0) {\n            ticketsSlashed = _takeAssetsFromQueue(\n                state,\n                operator,\n                ticketAmountToSlash,\n                AssetType.Ticket,\n                includeLockedAssets\n            );\n            if (ticketsSlashed > 0) {\n                state.pendingTotals[operator].ticketAmount -= ticketsSlashed;\n            }\n        }\n\n        if (licenseAmountToSlash > 0) {\n            licensesSlashed = _takeAssetsFromQueue(\n                state,\n                operator,\n                licenseAmountToSlash,\n                AssetType.License,\n                includeLockedAssets\n            );\n            if (licensesSlashed > 0) {\n                state.pendingTotals[operator].licenseAmount -= licensesSlashed;\n            }\n        }\n\n        if (ticketsSlashed > 0 || licensesSlashed > 0) {\n            _cleanupEmptyTranches(state, operator);\n            emit PendingAssetsSlashed(\n                operator,\n                ticketsSlashed,\n                licensesSlashed,\n                includeLockedAssets\n            );\n        }\n    }\n\n    /**\n     * @notice Updates the pending totals for an operator\n     * @dev Internal helper to increase or decrease pending amounts. Uses bitwise OR for efficient zero check.\n     * @param state The exit queue state storage\n     * @param operator The operator whose pending totals are being updated\n     * @param ticketAmountDelta The change in ticket amount\n     * @param licenseAmountDelta The change in license amount\n     * @param isIncrease If true, increases totals; if false, decreases totals\n     */\n    function _updatePendingTotals(\n        ExitQueueState storage state,\n        address operator,\n        uint256 ticketAmountDelta,\n        uint256 licenseAmountDelta,\n        bool isIncrease\n    ) private {\n        if ((ticketAmountDelta | licenseAmountDelta) == 0) return;\n\n        PendingAmounts storage pending = state.pendingTotals[operator];\n\n        if (isIncrease) {\n            if (ticketAmountDelta != 0) {\n                pending.ticketAmount += ticketAmountDelta;\n            }\n            if (licenseAmountDelta != 0) {\n                pending.licenseAmount += licenseAmountDelta;\n            }\n        } else {\n            if (ticketAmountDelta != 0) {\n                pending.ticketAmount -= ticketAmountDelta;\n            }\n            if (licenseAmountDelta != 0) {\n                pending.licenseAmount -= licenseAmountDelta;\n            }\n        }\n    }\n\n    /**\n     * @notice Cleans up empty tranches from the head of the queue\n     * @dev Advances the queue head index past all tranches with zero tickets and licenses.\n     *      This prevents the queue from growing unbounded and reduces gas costs for future operations.\n     * @param state The exit queue state storage\n     * @param operator The operator whose queue is being cleaned up\n     */\n    function _cleanupEmptyTranches(\n        ExitQueueState storage state,\n        address operator\n    ) private {\n        ExitTranche[] storage operatorQueue = state.operatorQueues[operator];\n        uint256 currentIndex = state.queueHeadIndex[operator];\n\n        while (currentIndex < operatorQueue.length) {\n            ExitTranche storage tranche = operatorQueue[currentIndex];\n            if (tranche.ticketAmount == 0 && tranche.licenseAmount == 0) {\n                currentIndex++;\n            } else {\n                break;\n            }\n        }\n\n        state.queueHeadIndex[operator] = currentIndex;\n    }\n\n    /**\n     * @notice Takes assets from the queue, either for claiming or slashing\n     * @dev Iterates through tranches from head to tail, taking assets up to wantedAmount.\n     *      Respects unlock timestamps unless includeLockedAssets is true.\n     * @param state The exit queue state storage\n     * @param operator The operator whose assets are being taken\n     * @param wantedAmount The maximum amount to take\n     * @param assetType Whether to take tickets or licenses\n     * @param includeLockedAssets If true, takes locked assets; if false, only takes unlocked assets\n     * @return takenAmount The actual amount taken (may be less than wantedAmount if queue has fewer assets)\n     */\n    function _takeAssetsFromQueue(\n        ExitQueueState storage state,\n        address operator,\n        uint256 wantedAmount,\n        AssetType assetType,\n        bool includeLockedAssets\n    ) private returns (uint256 takenAmount) {\n        if (wantedAmount == 0) {\n            return 0;\n        }\n\n        ExitTranche[] storage operatorQueue = state.operatorQueues[operator];\n        uint256 currentIndex = state.queueHeadIndex[operator];\n        uint256 queueLength = operatorQueue.length;\n        uint256 remainingWanted = wantedAmount;\n\n        while (remainingWanted > 0 && currentIndex < queueLength) {\n            ExitTranche storage tranche = operatorQueue[currentIndex];\n\n            if (\n                !includeLockedAssets &&\n                block.timestamp < tranche.unlockTimestamp\n            ) {\n                break;\n            }\n\n            uint256 availableAmount;\n            if (assetType == AssetType.Ticket) {\n                availableAmount = tranche.ticketAmount;\n            } else {\n                availableAmount = tranche.licenseAmount;\n            }\n\n            if (availableAmount == 0) {\n                currentIndex++;\n                continue;\n            }\n\n            uint256 amountToTake = remainingWanted < availableAmount\n                ? remainingWanted\n                : availableAmount;\n\n            if (assetType == AssetType.Ticket) {\n                tranche.ticketAmount -= amountToTake;\n            } else {\n                tranche.licenseAmount -= amountToTake;\n            }\n\n            remainingWanted -= amountToTake;\n            takenAmount += amountToTake;\n\n            if (tranche.ticketAmount == 0 && tranche.licenseAmount == 0) {\n                currentIndex++;\n            }\n        }\n\n        state.queueHeadIndex[operator] = currentIndex;\n    }\n}\n"
+      },
+      "project/contracts/registry/BondingRegistry.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\n\npragma solidity >=0.8.27;\n\nimport {\n    OwnableUpgradeable\n} from \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\nimport { IERC20 } from \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport {\n    SafeERC20\n} from \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport { Math } from \"@openzeppelin/contracts/utils/math/Math.sol\";\nimport { ExitQueueLib } from \"../lib/ExitQueueLib.sol\";\n\nimport { IBondingRegistry } from \"../interfaces/IBondingRegistry.sol\";\nimport { ICiphernodeRegistry } from \"../interfaces/ICiphernodeRegistry.sol\";\nimport { ISlashingManager } from \"../interfaces/ISlashingManager.sol\";\nimport { EnclaveTicketToken } from \"../token/EnclaveTicketToken.sol\";\n\n/**\n * @title BondingRegistry\n * @notice Implementation of the bonding registry managing operator ticket balances and license bonds\n * @dev Handles deposits, withdrawals, slashing, exits, and integrates with registry and slashing manager\n */\ncontract BondingRegistry is IBondingRegistry, OwnableUpgradeable {\n    using SafeERC20 for IERC20;\n    using ExitQueueLib for ExitQueueLib.ExitQueueState;\n\n    // ======================\n    // Constants\n    // ======================\n\n    /// @dev Reason code for ticket balance deposits\n    bytes32 private constant REASON_DEPOSIT = bytes32(\"DEPOSIT\");\n\n    /// @dev Reason code for ticket balance withdrawals\n    bytes32 private constant REASON_WITHDRAW = bytes32(\"WITHDRAW\");\n\n    /// @dev Reason code for license bond operations\n    bytes32 private constant REASON_BOND = bytes32(\"BOND\");\n\n    /// @dev Reason code for license unbond operations\n    bytes32 private constant REASON_UNBOND = bytes32(\"UNBOND\");\n\n    // ======================\n    // Storage\n    // ======================\n\n    /// @notice Ticket token (ETK with underlying USDC) used for collateral\n    EnclaveTicketToken public ticketToken;\n\n    /// @notice License token (ENCL) required for operator registration\n    IERC20 public licenseToken;\n\n    /// @notice Registry contract for managing committee membership\n    ICiphernodeRegistry public registry;\n\n    /// @notice Address authorized to perform slashing operations\n    address public slashingManager;\n\n    /// @notice Address authorized to distribute rewards to operators\n    address public rewardDistributor;\n\n    /// @notice Treasury address that receives slashed funds\n    address public slashedFundsTreasury;\n\n    /// @notice Price per ticket in ticket token units\n    uint256 public ticketPrice;\n\n    /// @notice Minimum license bond required for initial registration\n    uint256 public licenseRequiredBond;\n\n    /// @notice Minimum number of tickets required to maintain active status\n    uint256 public minTicketBalance;\n\n    /// @notice Time delay in seconds before exits can be claimed\n    uint64 public exitDelay;\n\n    /// @notice Percentage (in basis points) of license bond that must remain bonded to stay active\n    /// @dev Default 8000 = 80%. Allows operators to unbond up to 20% while remaining active\n    uint256 public licenseActiveBps;\n\n    /// @notice Operator state data structure\n    /// @param licenseBond Amount of license tokens currently bonded\n    /// @param exitUnlocksAt Timestamp when pending exit can be claimed\n    /// @param registered Whether operator is registered in the protocol\n    /// @param exitRequested Whether operator has requested to exit\n    /// @param active Whether operator meets all requirements for active status\n    struct Operator {\n        uint256 licenseBond;\n        uint64 exitUnlocksAt;\n        bool registered;\n        bool exitRequested;\n        bool active;\n    }\n\n    /// @notice Maps operator address to their state data\n    mapping(address operator => Operator data) internal operators;\n\n    /// @notice Total slashed ticket balance available for treasury withdrawal\n    uint256 public slashedTicketBalance;\n\n    /// @notice Total slashed license bond available for treasury withdrawal\n    uint256 public slashedLicenseBond;\n\n    // ======================\n    // Exit Queue library state\n    // ======================\n\n    /// @dev Internal state for managing exit queue of tickets and licenses\n    ExitQueueLib.ExitQueueState private _exits;\n\n    // ======================\n    // Modifiers\n    // ======================\n\n    /// @dev Restricts function access to only the slashing manager\n    modifier onlySlashingManager() {\n        if (msg.sender != slashingManager) revert Unauthorized();\n        _;\n    }\n\n    /// @dev Reverts if operator has an exit in progress that hasn't unlocked yet\n    /// @param operator Address of the operator to check\n    modifier noExitInProgress(address operator) {\n        Operator memory op = operators[operator];\n        if (op.exitRequested && block.timestamp < op.exitUnlocksAt) {\n            revert ExitInProgress();\n        }\n        _;\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Initialization                       //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Constructor that disables initializers.\n    /// @dev Prevents the implementation contract from being initialized. Initialization is performed\n    /// via the initialize() function when deployed behind a proxy.\n    constructor() {\n        _disableInitializers();\n    }\n\n    /// @notice Initializes the bonding registry contract\n    /// @dev Can only be called once due to initializer modifier\n    /// @param _owner Address that will own the contract\n    /// @param _ticketToken Ticket token contract for collateral\n    /// @param _licenseToken License token contract for bonding\n    /// @param _registry Ciphernode registry contract\n    /// @param _slashedFundsTreasury Address to receive slashed funds\n    /// @param _ticketPrice Initial price per ticket\n    /// @param _licenseRequiredBond Initial required license bond for registration\n    /// @param _minTicketBalance Initial minimum ticket balance for activation\n    /// @param _exitDelay Initial exit delay period in seconds\n    function initialize(\n        address _owner,\n        EnclaveTicketToken _ticketToken,\n        IERC20 _licenseToken,\n        ICiphernodeRegistry _registry,\n        address _slashedFundsTreasury,\n        uint256 _ticketPrice,\n        uint256 _licenseRequiredBond,\n        uint256 _minTicketBalance,\n        uint64 _exitDelay\n    ) public initializer {\n        __Ownable_init(msg.sender);\n        setTicketToken(_ticketToken);\n        setLicenseToken(_licenseToken);\n        setRegistry(_registry);\n        setSlashedFundsTreasury(_slashedFundsTreasury);\n        setTicketPrice(_ticketPrice);\n        setLicenseRequiredBond(_licenseRequiredBond);\n        setMinTicketBalance(_minTicketBalance);\n        setExitDelay(_exitDelay);\n        setLicenseActiveBps(8_000);\n        if (_owner != owner()) transferOwnership(_owner);\n    }\n\n    // ======================\n    // View Functions\n    // ======================\n\n    /// @inheritdoc IBondingRegistry\n    function getLicenseToken() external view returns (address) {\n        return address(licenseToken);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function getTicketToken() external view returns (address) {\n        return address(ticketToken);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function getTicketBalance(\n        address operator\n    ) external view returns (uint256) {\n        return ticketToken.balanceOf(operator);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function getLicenseBond(address operator) external view returns (uint256) {\n        return operators[operator].licenseBond;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function availableTickets(\n        address operator\n    ) external view returns (uint256) {\n        return ticketToken.balanceOf(operator) / ticketPrice;\n    }\n\n    /// @notice Get operator's ticket balance at a specific block\n    /// @dev Uses checkpoint mechanism from ticket token\n    /// @param operator Address of the operator\n    /// @param blockNumber Block number to query\n    /// @return Ticket balance at the specified block\n    function getTicketBalanceAtBlock(\n        address operator,\n        uint256 blockNumber\n    ) external view returns (uint256) {\n        return ticketToken.getPastVotes(operator, blockNumber);\n    }\n\n    /// @notice Get operator's total pending exit amounts\n    /// @param operator Address of the operator\n    /// @return ticket Total pending ticket balance in exit queue\n    /// @return license Total pending license bond in exit queue\n    function pendingExits(\n        address operator\n    ) external view returns (uint256 ticket, uint256 license) {\n        return _exits.getPendingAmounts(operator);\n    }\n\n    /// @notice Preview how much an operator can currently claim\n    /// @param operator Address of the operator\n    /// @return ticket Claimable ticket balance\n    /// @return license Claimable license bond\n    function previewClaimable(\n        address operator\n    ) external view returns (uint256 ticket, uint256 license) {\n        return _exits.previewClaimableAmounts(operator);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function isLicensed(address operator) external view returns (bool) {\n        return operators[operator].licenseBond >= _minLicenseBond();\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function isRegistered(address operator) external view returns (bool) {\n        return operators[operator].registered;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function isActive(address operator) external view returns (bool) {\n        return operators[operator].active;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function hasExitInProgress(address operator) external view returns (bool) {\n        Operator memory op = operators[operator];\n        return op.exitRequested && block.timestamp < op.exitUnlocksAt;\n    }\n\n    // ======================\n    // Operator Functions\n    // ======================\n\n    /// @inheritdoc IBondingRegistry\n    function registerOperator() external noExitInProgress(msg.sender) {\n        // Clear previous exit request\n        if (operators[msg.sender].exitRequested) {\n            operators[msg.sender].exitRequested = false;\n            operators[msg.sender].exitUnlocksAt = 0;\n        }\n\n        require(\n            !ISlashingManager(slashingManager).isBanned(msg.sender),\n            CiphernodeBanned()\n        );\n        require(!operators[msg.sender].registered, AlreadyRegistered());\n        require(\n            operators[msg.sender].licenseBond >= licenseRequiredBond,\n            NotLicensed()\n        );\n\n        operators[msg.sender].registered = true;\n\n        // CiphernodeRegistry already emits an event when a ciphernode is added\n        registry.addCiphernode(msg.sender);\n\n        _updateOperatorStatus(msg.sender);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function deregisterOperator(\n        uint256[] calldata siblingNodes\n    ) external noExitInProgress(msg.sender) {\n        Operator storage op = operators[msg.sender];\n        require(op.registered, NotRegistered());\n\n        op.registered = false;\n        op.exitRequested = true;\n        op.exitUnlocksAt = uint64(block.timestamp) + exitDelay;\n\n        uint256 ticketOut = ticketToken.balanceOf(msg.sender);\n        uint256 licenseOut = op.licenseBond;\n        if (ticketOut != 0) {\n            ticketToken.burnTickets(msg.sender, ticketOut);\n            emit TicketBalanceUpdated(\n                msg.sender,\n                -int256(ticketOut),\n                0,\n                REASON_WITHDRAW\n            );\n        }\n        if (licenseOut != 0) {\n            op.licenseBond = 0;\n            emit LicenseBondUpdated(\n                msg.sender,\n                -int256(licenseOut),\n                0,\n                REASON_UNBOND\n            );\n        }\n\n        if (ticketOut != 0 || licenseOut != 0) {\n            _exits.queueAssetsForExit(\n                msg.sender,\n                exitDelay,\n                ticketOut,\n                licenseOut\n            );\n        }\n\n        // CiphernodeRegistry already emits an event when a ciphernode is removed\n        registry.removeCiphernode(msg.sender, siblingNodes);\n\n        emit CiphernodeDeregistrationRequested(msg.sender, op.exitUnlocksAt);\n        _updateOperatorStatus(msg.sender);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function addTicketBalance(\n        uint256 amount\n    ) external noExitInProgress(msg.sender) {\n        require(amount != 0, ZeroAmount());\n        require(operators[msg.sender].registered, NotRegistered());\n\n        ticketToken.depositFrom(msg.sender, msg.sender, amount);\n\n        emit TicketBalanceUpdated(\n            msg.sender,\n            int256(amount),\n            ticketToken.balanceOf(msg.sender),\n            REASON_DEPOSIT\n        );\n\n        _updateOperatorStatus(msg.sender);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function removeTicketBalance(\n        uint256 amount\n    ) external noExitInProgress(msg.sender) {\n        require(amount != 0, ZeroAmount());\n        require(operators[msg.sender].registered, NotRegistered());\n        require(\n            ticketToken.balanceOf(msg.sender) >= amount,\n            InsufficientBalance()\n        );\n\n        ticketToken.burnTickets(msg.sender, amount);\n        _exits.queueTicketsForExit(msg.sender, exitDelay, amount);\n\n        emit TicketBalanceUpdated(\n            msg.sender,\n            -int256(amount),\n            ticketToken.balanceOf(msg.sender),\n            REASON_WITHDRAW\n        );\n\n        _updateOperatorStatus(msg.sender);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function bondLicense(uint256 amount) external noExitInProgress(msg.sender) {\n        require(amount != 0, ZeroAmount());\n\n        uint256 balanceBefore = licenseToken.balanceOf(address(this));\n        licenseToken.safeTransferFrom(msg.sender, address(this), amount);\n        uint256 actualReceived = licenseToken.balanceOf(address(this)) -\n            balanceBefore;\n\n        operators[msg.sender].licenseBond += actualReceived;\n\n        emit LicenseBondUpdated(\n            msg.sender,\n            int256(actualReceived),\n            operators[msg.sender].licenseBond,\n            REASON_BOND\n        );\n\n        _updateOperatorStatus(msg.sender);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function unbondLicense(\n        uint256 amount\n    ) external noExitInProgress(msg.sender) {\n        require(amount != 0, ZeroAmount());\n        require(\n            operators[msg.sender].licenseBond >= amount,\n            InsufficientBalance()\n        );\n\n        operators[msg.sender].licenseBond -= amount;\n        _exits.queueLicensesForExit(msg.sender, exitDelay, amount);\n\n        emit LicenseBondUpdated(\n            msg.sender,\n            -int256(amount),\n            operators[msg.sender].licenseBond,\n            REASON_UNBOND\n        );\n\n        _updateOperatorStatus(msg.sender);\n    }\n\n    // ======================\n    // Claim Functions\n    // ======================\n\n    /// @inheritdoc IBondingRegistry\n    function claimExits(\n        uint256 maxTicketAmount,\n        uint256 maxLicenseAmount\n    ) external {\n        (uint256 ticketClaim, uint256 licenseClaim) = _exits.claimAssets(\n            msg.sender,\n            maxTicketAmount,\n            maxLicenseAmount\n        );\n        require(ticketClaim > 0 || licenseClaim > 0, ExitNotReady());\n\n        if (ticketClaim > 0) ticketToken.payout(msg.sender, ticketClaim);\n        if (licenseClaim > 0) {\n            licenseToken.safeTransfer(msg.sender, licenseClaim);\n        }\n    }\n\n    // ======================\n    // Slashing Functions\n    // ======================\n\n    /// @inheritdoc IBondingRegistry\n    function slashTicketBalance(\n        address operator,\n        uint256 requestedSlashAmount,\n        bytes32 slashReason\n    ) external onlySlashingManager {\n        require(requestedSlashAmount != 0, ZeroAmount());\n\n        (uint256 pendingTicketBalance, ) = _exits.getPendingAmounts(operator);\n        uint256 activeBalance = ticketToken.balanceOf(operator);\n        uint256 totalAvailableBalance = activeBalance + pendingTicketBalance;\n\n        uint256 actualSlashAmount = Math.min(\n            requestedSlashAmount,\n            totalAvailableBalance\n        );\n\n        if (actualSlashAmount == 0) {\n            return;\n        }\n\n        // Slash from active balance first\n        uint256 slashedFromActiveBalance = Math.min(\n            actualSlashAmount,\n            activeBalance\n        );\n        if (slashedFromActiveBalance > 0) {\n            ticketToken.burnTickets(operator, slashedFromActiveBalance);\n        }\n\n        // Slash remaining amount from pending queue\n        uint256 remainingToSlash = actualSlashAmount - slashedFromActiveBalance;\n        if (remainingToSlash > 0) {\n            _exits.slashPendingAssets(\n                operator,\n                remainingToSlash,\n                0, // licenseAmount\n                true\n            );\n        }\n\n        slashedTicketBalance += actualSlashAmount;\n        emit TicketBalanceUpdated(\n            operator,\n            -int256(actualSlashAmount),\n            ticketToken.balanceOf(operator),\n            slashReason\n        );\n\n        _updateOperatorStatus(operator);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function slashLicenseBond(\n        address operator,\n        uint256 requestedSlashAmount,\n        bytes32 slashReason\n    ) external onlySlashingManager {\n        require(requestedSlashAmount != 0, ZeroAmount());\n\n        Operator storage operatorData = operators[operator];\n        (, uint256 pendingLicenseBalance) = _exits.getPendingAmounts(operator);\n        uint256 totalAvailableBalance = operatorData.licenseBond +\n            pendingLicenseBalance;\n        uint256 actualSlashAmount = Math.min(\n            requestedSlashAmount,\n            totalAvailableBalance\n        );\n\n        if (actualSlashAmount == 0) return;\n\n        // Slash from active balance first\n        uint256 slashedFromActiveBalance = Math.min(\n            actualSlashAmount,\n            operatorData.licenseBond\n        );\n        if (slashedFromActiveBalance > 0) {\n            operatorData.licenseBond -= slashedFromActiveBalance;\n        }\n\n        // Slash remaining amount from pending queue\n        uint256 remainingToSlash = actualSlashAmount - slashedFromActiveBalance;\n        if (remainingToSlash > 0) {\n            _exits.slashPendingAssets(\n                operator,\n                0, // ticketAmount\n                remainingToSlash,\n                true\n            );\n        }\n\n        slashedLicenseBond += actualSlashAmount;\n        emit LicenseBondUpdated(\n            operator,\n            -int256(actualSlashAmount),\n            operatorData.licenseBond,\n            slashReason\n        );\n\n        _updateOperatorStatus(operator);\n    }\n\n    // ======================\n    // Reward Distribution Functions\n    // ======================\n\n    /// @inheritdoc IBondingRegistry\n    function distributeRewards(\n        IERC20 rewardToken,\n        address[] calldata recipients,\n        uint256[] calldata amounts\n    ) external {\n        require(msg.sender == rewardDistributor, OnlyRewardDistributor());\n        require(recipients.length == amounts.length, ArrayLengthMismatch());\n\n        uint256 len = recipients.length;\n        for (uint256 i = 0; i < len; i++) {\n            if (amounts[i] > 0 && operators[recipients[i]].registered) {\n                rewardToken.safeTransferFrom(\n                    rewardDistributor,\n                    recipients[i],\n                    amounts[i]\n                );\n            }\n        }\n    }\n\n    // ======================\n    // Admin Functions\n    // ======================\n\n    /// @inheritdoc IBondingRegistry\n    function setTicketPrice(uint256 newTicketPrice) public onlyOwner {\n        require(newTicketPrice != 0, InvalidConfiguration());\n\n        uint256 oldValue = ticketPrice;\n        ticketPrice = newTicketPrice;\n\n        emit ConfigurationUpdated(\"ticketPrice\", oldValue, newTicketPrice);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setLicenseRequiredBond(\n        uint256 newLicenseRequiredBond\n    ) public onlyOwner {\n        require(newLicenseRequiredBond != 0, InvalidConfiguration());\n\n        uint256 oldValue = licenseRequiredBond;\n        licenseRequiredBond = newLicenseRequiredBond;\n\n        emit ConfigurationUpdated(\n            \"licenseRequiredBond\",\n            oldValue,\n            newLicenseRequiredBond\n        );\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setLicenseActiveBps(uint256 newBps) public onlyOwner {\n        require(newBps > 0 && newBps <= 10_000, InvalidConfiguration());\n\n        uint256 oldValue = licenseActiveBps;\n        licenseActiveBps = newBps;\n\n        emit ConfigurationUpdated(\"licenseActiveBps\", oldValue, newBps);\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setMinTicketBalance(uint256 newMinTicketBalance) public onlyOwner {\n        uint256 oldValue = minTicketBalance;\n        minTicketBalance = newMinTicketBalance;\n\n        emit ConfigurationUpdated(\n            \"minTicketBalance\",\n            oldValue,\n            newMinTicketBalance\n        );\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setExitDelay(uint64 newExitDelay) public onlyOwner {\n        uint256 oldValue = uint256(exitDelay);\n        exitDelay = newExitDelay;\n\n        emit ConfigurationUpdated(\"exitDelay\", oldValue, uint256(newExitDelay));\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setSlashedFundsTreasury(\n        address newSlashedFundsTreasury\n    ) public onlyOwner {\n        require(newSlashedFundsTreasury != address(0), ZeroAddress());\n        slashedFundsTreasury = newSlashedFundsTreasury;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setTicketToken(\n        EnclaveTicketToken newTicketToken\n    ) public onlyOwner {\n        ticketToken = newTicketToken;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setLicenseToken(IERC20 newLicenseToken) public onlyOwner {\n        licenseToken = newLicenseToken;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setRegistry(ICiphernodeRegistry newRegistry) public onlyOwner {\n        registry = newRegistry;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function setSlashingManager(address newSlashingManager) public onlyOwner {\n        slashingManager = newSlashingManager;\n    }\n\n    /// @notice Sets the reward distributor address\n    /// @dev Only callable by owner\n    /// @param newRewardDistributor Address of the reward distributor\n    function setRewardDistributor(\n        address newRewardDistributor\n    ) public onlyOwner {\n        rewardDistributor = newRewardDistributor;\n    }\n\n    /// @inheritdoc IBondingRegistry\n    function withdrawSlashedFunds(\n        uint256 ticketAmount,\n        uint256 licenseAmount\n    ) public onlyOwner {\n        require(ticketAmount <= slashedTicketBalance, InsufficientBalance());\n        require(licenseAmount <= slashedLicenseBond, InsufficientBalance());\n\n        if (ticketAmount > 0) {\n            slashedTicketBalance -= ticketAmount;\n            ticketToken.payout(slashedFundsTreasury, ticketAmount);\n        }\n\n        if (licenseAmount > 0) {\n            slashedLicenseBond -= licenseAmount;\n            licenseToken.safeTransfer(slashedFundsTreasury, licenseAmount);\n        }\n\n        emit SlashedFundsWithdrawn(\n            slashedFundsTreasury,\n            ticketAmount,\n            licenseAmount\n        );\n    }\n\n    // ======================\n    // Internal Functions\n    // ======================\n\n    /// @dev Updates operator's active status based on current conditions\n    /// @dev Operator is active if: registered, has minimum license bond, and has minimum tickets\n    /// @param operator Address of the operator to update\n    function _updateOperatorStatus(address operator) internal {\n        Operator storage op = operators[operator];\n        bool newActiveStatus = op.registered &&\n            op.licenseBond >= _minLicenseBond() &&\n            (ticketToken.balanceOf(operator) / ticketPrice >= minTicketBalance);\n\n        if (op.active != newActiveStatus) {\n            op.active = newActiveStatus;\n            emit OperatorActivationChanged(operator, newActiveStatus);\n        }\n    }\n\n    /// @dev Calculates the minimum license bond required to maintain active status\n    /// @return Minimum license bond (licenseRequiredBond * licenseActiveBps / 10000)\n    function _minLicenseBond() internal view returns (uint256) {\n        return (licenseRequiredBond * licenseActiveBps) / 10_000;\n    }\n}\n"
+      },
+      "project/contracts/registry/CiphernodeRegistryOwnable.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { ICiphernodeRegistry } from \"../interfaces/ICiphernodeRegistry.sol\";\nimport { IBondingRegistry } from \"../interfaces/IBondingRegistry.sol\";\nimport {\n    OwnableUpgradeable\n} from \"@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol\";\nimport {\n    InternalLeanIMT,\n    LeanIMTData\n} from \"@zk-kit/lean-imt.sol/InternalLeanIMT.sol\";\n\n/**\n * @title CiphernodeRegistryOwnable\n * @notice Ownable implementation of the ciphernode registry with IMT-based membership tracking\n * @dev Manages ciphernode registration, committee selection, and integrates with bonding registry\n */\ncontract CiphernodeRegistryOwnable is ICiphernodeRegistry, OwnableUpgradeable {\n    using InternalLeanIMT for LeanIMTData;\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                        Events                          //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Emitted when the bonding registry address is set\n    /// @param bondingRegistry Address of the bonding registry contract\n    event BondingRegistrySet(address indexed bondingRegistry);\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                 Storage Variables                      //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Address of the Enclave contract authorized to request committees\n    address public enclave;\n\n    /// @notice Address of the bonding registry for checking node eligibility\n    address public bondingRegistry;\n\n    /// @notice Current number of registered ciphernodes\n    uint256 public numCiphernodes;\n\n    /// @notice Submission Window for an E3 Sortition.\n    /// @dev The submission window is the time period during which the ciphernodes can submit\n    /// their tickets to be a part of the committee.\n    uint256 public sortitionSubmissionWindow;\n\n    /// @notice Incremental Merkle Tree (IMT) containing all registered ciphernodes\n    LeanIMTData public ciphernodes;\n\n    /// @notice Maps E3 ID to the IMT root at the time of committee request\n    mapping(uint256 e3Id => uint256 root) public roots;\n\n    /// @notice Maps E3 ID to the hash of the committee's public key\n    mapping(uint256 e3Id => bytes32 publicKeyHash) public publicKeyHashes;\n\n    /// @notice Maps E3 ID to its committee data\n    mapping(uint256 e3Id => Committee committee) internal committees;\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                        Errors                          //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Committee has already been requested for this E3\n    error CommitteeAlreadyRequested();\n\n    /// @notice Committee has already been published for this E3\n    error CommitteeAlreadyPublished();\n\n    /// @notice Committee has not been published yet for this E3\n    error CommitteeNotPublished();\n\n    /// @notice Committee has not been requested yet for this E3\n    error CommitteeNotRequested();\n\n    /// @notice Committee Not Initialized or Finalized\n    error CommitteeNotInitializedOrFinalized();\n\n    /// @notice Submission Window has been closed for this E3\n    error SubmissionWindowClosed();\n\n    /// @notice Submission deadline has been reached for this E3\n    error SubmissionDeadlineReached();\n\n    /// @notice Committee has already been finalized for this E3\n    error CommitteeAlreadyFinalized();\n\n    /// @notice Committee has not been finalized yet for this E3\n    error CommitteeNotFinalized();\n\n    /// @notice Node has already submitted a ticket for this E3\n    error NodeAlreadySubmitted();\n\n    /// @notice Node has not submitted a ticket for this E3\n    error NodeNotSubmitted();\n\n    /// @notice Node is not eligible for this E3\n    error NodeNotEligible();\n\n    /// @notice Ciphernode is not enabled in the registry\n    /// @param node Address of the ciphernode\n    error CiphernodeNotEnabled(address node);\n\n    /// @notice Caller is not the Enclave contract\n    error OnlyEnclave();\n\n    /// @notice Caller is not the bonding registry\n    error OnlyBondingRegistry();\n\n    /// @notice Caller is neither owner nor bonding registry\n    error NotOwnerOrBondingRegistry();\n\n    /// @notice Node is not bonded\n    /// @param node Address of the node\n    error NodeNotBonded(address node);\n\n    /// @notice Address cannot be zero\n    error ZeroAddress();\n\n    /// @notice Bonding registry has not been set\n    error BondingRegistryNotSet();\n\n    /// @notice Invalid ticket number\n    error InvalidTicketNumber();\n\n    /// @notice Submission window not closed yet\n    error SubmissionWindowNotClosed();\n\n    /// @notice Threshold not met for this E3\n    error ThresholdNotMet();\n\n    /// @notice Caller is not authorized\n    error Unauthorized();\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                     Modifiers                          //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @dev Restricts function access to only the Enclave contract\n    modifier onlyEnclave() {\n        require(msg.sender == enclave, OnlyEnclave());\n        _;\n    }\n\n    /// @dev Restricts function access to only the bonding registry\n    modifier onlyBondingRegistry() {\n        require(msg.sender == bondingRegistry, OnlyBondingRegistry());\n        _;\n    }\n\n    /// @dev Restricts function access to owner or bonding registry\n    modifier onlyOwnerOrBondingVault() {\n        require(\n            msg.sender == owner() || msg.sender == bondingRegistry,\n            NotOwnerOrBondingRegistry()\n        );\n        _;\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Initialization                       //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Constructor that disables initializers.\n    /// @dev Prevents the implementation contract from being initialized. Initialization is performed\n    /// via the initialize() function when deployed behind a proxy.\n    constructor() {\n        _disableInitializers();\n    }\n\n    /// @notice Initializes the registry contract\n    /// @dev Can only be called once due to initializer modifier\n    /// @param _owner Address that will own the contract\n    /// @param _enclave Address of the Enclave contract\n    /// @param _submissionWindow The submission window for the E3 sortition in seconds\n    function initialize(\n        address _owner,\n        address _enclave,\n        uint256 _submissionWindow\n    ) public initializer {\n        require(_owner != address(0), ZeroAddress());\n        require(_enclave != address(0), ZeroAddress());\n\n        __Ownable_init(msg.sender);\n        setEnclave(_enclave);\n        setSortitionSubmissionWindow(_submissionWindow);\n        if (_owner != owner()) transferOwnership(_owner);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                  Core Entrypoints                      //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @inheritdoc ICiphernodeRegistry\n    function requestCommittee(\n        uint256 e3Id,\n        uint256 seed,\n        uint32[2] calldata threshold\n    ) external onlyEnclave returns (bool success) {\n        Committee storage c = committees[e3Id];\n        require(!c.initialized, CommitteeAlreadyRequested());\n\n        c.initialized = true;\n        c.finalized = false;\n        c.seed = seed;\n        c.requestBlock = block.number;\n        c.submissionDeadline = block.timestamp + sortitionSubmissionWindow;\n        c.threshold = threshold;\n        roots[e3Id] = root();\n\n        emit CommitteeRequested(\n            e3Id,\n            seed,\n            threshold,\n            c.requestBlock,\n            c.submissionDeadline\n        );\n        success = true;\n    }\n\n    /// @notice Publishes a committee for an E3 computation\n    /// @dev Only callable by owner. Verifies committee is finalized and matches provided nodes.\n    /// @param e3Id ID of the E3 computation\n    /// @param nodes Array of ciphernode addresses selected for the committee\n    /// @param publicKey Aggregated public key of the committee\n    function publishCommittee(\n        uint256 e3Id,\n        address[] calldata nodes,\n        bytes calldata publicKey\n    ) external onlyOwner {\n        Committee storage c = committees[e3Id];\n\n        require(c.initialized, CommitteeNotRequested());\n        require(c.finalized, CommitteeNotFinalized());\n        require(c.publicKey == bytes32(0), CommitteeAlreadyPublished());\n        require(nodes.length == c.committee.length, \"Node count mismatch\");\n\n        // TODO: Currently we trust the owner to publish the correct committee.\n        // TODO: Need a Proof that the public key is generated from the committee\n        bytes32 publicKeyHash = keccak256(publicKey);\n        c.publicKey = publicKeyHash;\n        publicKeyHashes[e3Id] = publicKeyHash;\n        emit CommitteePublished(e3Id, nodes, publicKey);\n    }\n\n    /// @inheritdoc ICiphernodeRegistry\n    function addCiphernode(address node) external onlyOwnerOrBondingVault {\n        if (isEnabled(node)) {\n            return;\n        }\n\n        uint160 ciphernode = uint160(node);\n        ciphernodes._insert(ciphernode);\n        numCiphernodes++;\n        emit CiphernodeAdded(\n            node,\n            ciphernodes._indexOf(ciphernode),\n            numCiphernodes,\n            ciphernodes.size\n        );\n    }\n\n    /// @inheritdoc ICiphernodeRegistry\n    function removeCiphernode(\n        address node,\n        uint256[] calldata siblingNodes\n    ) external onlyOwnerOrBondingVault {\n        require(isEnabled(node), CiphernodeNotEnabled(node));\n\n        uint160 ciphernode = uint160(node);\n        uint256 index = ciphernodes._indexOf(ciphernode);\n        ciphernodes._remove(ciphernode, siblingNodes);\n        numCiphernodes--;\n        emit CiphernodeRemoved(node, index, numCiphernodes, ciphernodes.size);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Sortition Functions                  //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Submit a ticket for sortition\n    /// @dev Validates ticket against node's balance at request block and inserts into top-N\n    /// @param e3Id ID of the E3 computation\n    /// @param ticketNumber The ticket number to submit (1 to available tickets at snapshot)\n    function submitTicket(uint256 e3Id, uint256 ticketNumber) external {\n        Committee storage c = committees[e3Id];\n        require(c.initialized, CommitteeNotRequested());\n        require(!c.finalized, CommitteeAlreadyFinalized());\n        require(\n            block.timestamp <= c.submissionDeadline,\n            SubmissionDeadlineReached()\n        );\n        require(!c.submitted[msg.sender], NodeAlreadySubmitted());\n        require(isCiphernodeEligible(msg.sender), NodeNotEligible());\n\n        // Validate node eligibility and ticket number\n        _validateNodeEligibility(msg.sender, ticketNumber, e3Id);\n\n        // Compute score\n        uint256 score = _computeTicketScore(\n            msg.sender,\n            ticketNumber,\n            e3Id,\n            c.seed\n        );\n\n        // Store submission\n        c.submitted[msg.sender] = true;\n\n        // Insert into top-N (ascending score)\n        _insertTopN(c, msg.sender, score);\n\n        emit TicketSubmitted(e3Id, msg.sender, ticketNumber, score);\n    }\n\n    /// @notice Finalize the committee after submission window closes\n    /// @dev Can be called by anyone after the deadline. Reverts if not enough nodes submitted.\n    /// @param e3Id ID of the E3 computation\n    function finalizeCommittee(uint256 e3Id) external {\n        Committee storage c = committees[e3Id];\n        require(c.initialized, CommitteeNotRequested());\n        require(!c.finalized, CommitteeAlreadyFinalized());\n        require(\n            block.timestamp >= c.submissionDeadline,\n            SubmissionWindowNotClosed()\n        );\n        // TODO: Handle what happens if the threshold is not met.\n        require(c.topNodes.length >= c.threshold[0], ThresholdNotMet());\n\n        c.finalized = true;\n        c.committee = c.topNodes;\n\n        emit CommitteeFinalized(e3Id, c.topNodes);\n    }\n\n    /// @notice Check if submission window is still open for an E3\n    /// @param e3Id ID of the E3 computation\n    /// @return Whether the submission window is open\n    function isOpen(uint256 e3Id) public view returns (bool) {\n        Committee storage c = committees[e3Id];\n        if (!c.initialized || c.finalized) return false;\n        return block.timestamp <= c.submissionDeadline;\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Set Functions                        //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Sets the Enclave contract address\n    /// @dev Only callable by owner\n    /// @param _enclave Address of the Enclave contract\n    function setEnclave(address _enclave) public onlyOwner {\n        require(_enclave != address(0), ZeroAddress());\n        enclave = _enclave;\n        emit EnclaveSet(_enclave);\n    }\n\n    /// @notice Sets the bonding registry contract address\n    /// @dev Only callable by owner\n    /// @param _bondingRegistry Address of the bonding registry contract\n    function setBondingRegistry(address _bondingRegistry) public onlyOwner {\n        require(_bondingRegistry != address(0), ZeroAddress());\n        bondingRegistry = _bondingRegistry;\n        emit BondingRegistrySet(_bondingRegistry);\n    }\n\n    /// @inheritdoc ICiphernodeRegistry\n    function setSortitionSubmissionWindow(\n        uint256 _sortitionSubmissionWindow\n    ) public onlyOwner {\n        sortitionSubmissionWindow = _sortitionSubmissionWindow;\n        emit SortitionSubmissionWindowSet(_sortitionSubmissionWindow);\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Get Functions                        //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @inheritdoc ICiphernodeRegistry\n    function committeePublicKey(\n        uint256 e3Id\n    ) external view returns (bytes32 publicKeyHash) {\n        publicKeyHash = publicKeyHashes[e3Id];\n        require(publicKeyHash != bytes32(0), CommitteeNotPublished());\n    }\n\n    /// @inheritdoc ICiphernodeRegistry\n    function isCiphernodeEligible(address node) public view returns (bool) {\n        if (!isEnabled(node)) return false;\n\n        require(bondingRegistry != address(0), BondingRegistryNotSet());\n        return IBondingRegistry(bondingRegistry).isActive(node);\n    }\n\n    /// @inheritdoc ICiphernodeRegistry\n    function isEnabled(address node) public view returns (bool) {\n        return ciphernodes._has(uint160(node));\n    }\n\n    /// @notice Returns the current root of the ciphernode IMT\n    /// @return Current IMT root\n    function root() public view returns (uint256) {\n        return (ciphernodes._root());\n    }\n\n    /// @notice Returns the IMT root at the time a committee was requested\n    /// @param e3Id ID of the E3\n    /// @return IMT root at time of committee request\n    function rootAt(uint256 e3Id) public view returns (uint256) {\n        return roots[e3Id];\n    }\n\n    /// @inheritdoc ICiphernodeRegistry\n    function getCommitteeNodes(\n        uint256 e3Id\n    ) public view returns (address[] memory nodes) {\n        Committee storage c = committees[e3Id];\n        require(c.publicKey != bytes32(0), CommitteeNotPublished());\n        nodes = c.committee;\n    }\n\n    /// @notice Returns the current size of the ciphernode IMT\n    /// @return Size of the IMT\n    function treeSize() public view returns (uint256) {\n        return ciphernodes.size;\n    }\n\n    /// @notice Returns the address of the bonding registry\n    /// @return Address of the bonding registry contract\n    function getBondingRegistry() external view returns (address) {\n        return bondingRegistry;\n    }\n\n    ////////////////////////////////////////////////////////////\n    //                                                        //\n    //                   Internal Functions                   //\n    //                                                        //\n    ////////////////////////////////////////////////////////////\n\n    /// @notice Computes ticket score as keccak256(node || ticketNumber || e3Id || seed)\n    /// @param node Address of the ciphernode\n    /// @param ticketNumber The ticket number\n    /// @param e3Id ID of the E3 computation\n    /// @param seed Random seed for the E3\n    /// @return score The computed score\n    function _computeTicketScore(\n        address node,\n        uint256 ticketNumber,\n        uint256 e3Id,\n        uint256 seed\n    ) internal pure returns (uint256) {\n        bytes32 hash = keccak256(\n            abi.encodePacked(node, ticketNumber, e3Id, seed)\n        );\n        return uint256(hash);\n    }\n\n    /// @notice Validates that a node is eligible to submit a ticket\n    /// @dev Uses snapshot of ticket balance at E3 request block for deterministic validation\n    /// @param node Address of the ciphernode\n    /// @param ticketNumber The ticket number being submitted\n    /// @param e3Id ID of the E3 computation\n    function _validateNodeEligibility(\n        address node,\n        uint256 ticketNumber,\n        uint256 e3Id\n    ) internal view {\n        require(ticketNumber > 0, InvalidTicketNumber());\n        require(bondingRegistry != address(0), BondingRegistryNotSet());\n\n        Committee storage c = committees[e3Id];\n\n        // @todo Ensure we check everywhere that we use the block before the request block\n        // to ensure cases where everything is done in the same block are handled correctly.\n        uint256 ticketBalance = IBondingRegistry(bondingRegistry)\n            .getTicketBalanceAtBlock(node, c.requestBlock - 1);\n        uint256 ticketPrice = IBondingRegistry(bondingRegistry).ticketPrice();\n\n        require(ticketPrice > 0, InvalidTicketNumber());\n        uint256 availableTickets = ticketBalance / ticketPrice;\n\n        require(availableTickets > 0, NodeNotEligible());\n        require(ticketNumber <= availableTickets, InvalidTicketNumber());\n    }\n\n    /// @notice Inserts a node into the top-N list - Smallest scores\n    /// @dev If the node is not in the top-N, it is added to the top-N.\n    /// @param c Committee storage reference\n    /// @param node Address of the node\n    /// @param score Score of the node\n    /// @return entered Whether the node was inserted into the top-N\n    function _insertTopN(\n        Committee storage c,\n        address node,\n        uint256 score\n    ) internal returns (bool entered) {\n        address[] storage top = c.topNodes;\n        uint256 cap = c.threshold[1];\n\n        if (top.length < cap) {\n            top.push(node);\n            c.scoreOf[node] = score;\n            return true;\n        }\n\n        uint256 worstIdx = 0;\n        uint256 worstScore = c.scoreOf[top[0]];\n        unchecked {\n            for (uint256 i = 1; i < top.length; ++i) {\n                uint256 s = c.scoreOf[top[i]];\n                if (s > worstScore) {\n                    worstScore = s;\n                    worstIdx = i;\n                }\n            }\n        }\n\n        if (score >= worstScore) return false;\n\n        top[worstIdx] = node;\n        c.scoreOf[node] = score;\n\n        return true;\n    }\n}\n"
+      },
+      "project/contracts/slashing/SlashingManager.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\n\npragma solidity >=0.8.27;\n\nimport {\n    AccessControl\n} from \"@openzeppelin/contracts/access/AccessControl.sol\";\nimport { ISlashingManager } from \"../interfaces/ISlashingManager.sol\";\nimport { IBondingRegistry } from \"../interfaces/IBondingRegistry.sol\";\nimport { ISlashVerifier } from \"../interfaces/ISlashVerifier.sol\";\n\n/**\n * @title SlashingManager\n * @notice Implementation of slashing management with proposal, appeal, and execution workflows\n * @dev Role-based access control for slashers, verifiers, and governance with configurable slash policies\n */\ncontract SlashingManager is ISlashingManager, AccessControl {\n    // ======================\n    // Constants & Roles\n    // ======================\n\n    /// @notice Role identifier for accounts authorized to propose and execute slashes\n    bytes32 public constant SLASHER_ROLE = keccak256(\"SLASHER_ROLE\");\n\n    /// @notice Role identifier for accounts authorized to verify cryptographic proofs in slash proposals\n    bytes32 public constant VERIFIER_ROLE = keccak256(\"VERIFIER_ROLE\");\n\n    /// @notice Role identifier for governance accounts that can configure policies, resolve appeals, and manage bans\n    bytes32 public constant GOVERNANCE_ROLE = keccak256(\"GOVERNANCE_ROLE\");\n\n    // ======================\n    // Storage\n    // ======================\n\n    /// @notice Reference to the bonding registry contract where slash penalties are executed\n    /// @dev Used to call slashTicketBalance() and slashLicenseBond() when executing slashes\n    IBondingRegistry public bondingRegistry;\n\n    /// @notice Mapping from slash reason hash to its configured policy\n    /// @dev Stores penalty amounts, proof requirements, and appeal settings for each slash type\n    mapping(bytes32 reason => SlashPolicy policy) public slashPolicies;\n\n    /// @notice Internal storage for all slash proposals indexed by proposal ID\n    /// @dev Sequentially indexed starting from 0, accessed via getSlashProposal()\n    mapping(uint256 proposalId => SlashProposal proposal) internal _proposals;\n\n    /// @notice Counter for total number of slash proposals ever created\n    /// @dev Also serves as the next proposal ID to be assigned\n    uint256 public totalProposals;\n\n    /// @notice Mapping tracking which nodes are currently banned from the network\n    /// @dev Set to true when a node is banned (either via executeSlash or banNode), false when unbanned\n    mapping(address node => bool banned) public banned;\n\n    // ======================\n    // Modifiers\n    // ======================\n\n    /// @notice Restricts function access to accounts with SLASHER_ROLE\n    /// @dev Reverts with Unauthorized() if caller lacks the role\n    modifier onlySlasher() {\n        if (!hasRole(SLASHER_ROLE, msg.sender)) revert Unauthorized();\n        _;\n    }\n\n    /// @notice Restricts function access to accounts with VERIFIER_ROLE\n    /// @dev Reverts with Unauthorized() if caller lacks the role\n    modifier onlyVerifier() {\n        if (!hasRole(VERIFIER_ROLE, msg.sender)) revert Unauthorized();\n        _;\n    }\n\n    /// @notice Restricts function access to accounts with GOVERNANCE_ROLE\n    /// @dev Reverts with Unauthorized() if caller lacks the role\n    modifier onlyGovernance() {\n        if (!hasRole(GOVERNANCE_ROLE, msg.sender)) revert Unauthorized();\n        _;\n    }\n\n    // ======================\n    // Constructor\n    // ======================\n\n    /**\n     * @notice Initializes the SlashingManager contract with admin and bonding registry\n     * @dev Sets up initial role assignments and bonding registry reference\n     * @param admin Address to receive DEFAULT_ADMIN_ROLE and GOVERNANCE_ROLE\n     * @param _bondingRegistry Address of the bonding registry contract for executing slashes\n     * Requirements:\n     * - admin must not be zero address\n     * - _bondingRegistry must not be zero address\n     */\n    constructor(address admin, address _bondingRegistry) {\n        require(admin != address(0), ZeroAddress());\n        require(_bondingRegistry != address(0), ZeroAddress());\n\n        bondingRegistry = IBondingRegistry(_bondingRegistry);\n\n        _grantRole(DEFAULT_ADMIN_ROLE, admin);\n        _grantRole(GOVERNANCE_ROLE, admin);\n    }\n\n    // ======================\n    // View Functions\n    // ======================\n\n    /// @inheritdoc ISlashingManager\n    function getSlashPolicy(\n        bytes32 reason\n    ) external view returns (SlashPolicy memory) {\n        return slashPolicies[reason];\n    }\n\n    /// @inheritdoc ISlashingManager\n    function getSlashProposal(\n        uint256 proposalId\n    ) external view returns (SlashProposal memory) {\n        require(proposalId < totalProposals, InvalidProposal());\n        return _proposals[proposalId];\n    }\n\n    /// @inheritdoc ISlashingManager\n    function isBanned(address node) external view returns (bool) {\n        return banned[node];\n    }\n\n    // ======================\n    // Admin Functions\n    // ======================\n\n    /// @inheritdoc ISlashingManager\n    function setSlashPolicy(\n        bytes32 reason,\n        SlashPolicy calldata policy\n    ) external onlyRole(GOVERNANCE_ROLE) {\n        require(reason != bytes32(0), InvalidPolicy());\n        require(policy.enabled, InvalidPolicy());\n        require(\n            policy.ticketPenalty > 0 || policy.licensePenalty > 0,\n            InvalidPolicy()\n        );\n\n        if (policy.requiresProof) {\n            require(policy.proofVerifier != address(0), VerifierNotSet());\n            // TODO: Should we allow appeal window for proof required?\n            require(policy.appealWindow == 0, InvalidPolicy());\n        } else {\n            require(policy.appealWindow > 0, InvalidPolicy());\n        }\n\n        slashPolicies[reason] = policy;\n        emit SlashPolicyUpdated(reason, policy);\n    }\n\n    /// @inheritdoc ISlashingManager\n    function setBondingRegistry(\n        address newBondingRegistry\n    ) external onlyRole(DEFAULT_ADMIN_ROLE) {\n        require(newBondingRegistry != address(0), ZeroAddress());\n        bondingRegistry = IBondingRegistry(newBondingRegistry);\n    }\n\n    /// @inheritdoc ISlashingManager\n    function addSlasher(address slasher) external onlyRole(DEFAULT_ADMIN_ROLE) {\n        require(slasher != address(0), ZeroAddress());\n        _grantRole(SLASHER_ROLE, slasher);\n    }\n\n    /// @inheritdoc ISlashingManager\n    function removeSlasher(\n        address slasher\n    ) external onlyRole(DEFAULT_ADMIN_ROLE) {\n        _revokeRole(SLASHER_ROLE, slasher);\n    }\n\n    /// @inheritdoc ISlashingManager\n    function addVerifier(\n        address verifier\n    ) external onlyRole(DEFAULT_ADMIN_ROLE) {\n        require(verifier != address(0), ZeroAddress());\n        _grantRole(VERIFIER_ROLE, verifier);\n    }\n\n    /// @inheritdoc ISlashingManager\n    function removeVerifier(\n        address verifier\n    ) external onlyRole(DEFAULT_ADMIN_ROLE) {\n        _revokeRole(VERIFIER_ROLE, verifier);\n    }\n\n    // ======================\n    // Slashing Functions\n    // ======================\n\n    /// @inheritdoc ISlashingManager\n    function proposeSlash(\n        address operator,\n        bytes32 reason,\n        bytes calldata proof\n    )\n        external\n        // TODO: Do we need an onlySlasher modifier?\n        // Can anyone propose a slash?\n        onlySlasher\n        returns (uint256 proposalId)\n    {\n        require(operator != address(0), ZeroAddress());\n\n        SlashPolicy memory policy = slashPolicies[reason];\n        require(policy.enabled, SlashReasonDisabled());\n\n        proposalId = totalProposals;\n        totalProposals = proposalId + 1;\n\n        uint256 executableAt = block.timestamp + policy.appealWindow;\n        SlashProposal storage p = _proposals[proposalId];\n\n        p.operator = operator;\n        p.reason = reason;\n        p.ticketAmount = policy.ticketPenalty;\n        p.licenseAmount = policy.licensePenalty;\n        p.proposedAt = block.timestamp;\n        p.executableAt = executableAt;\n        p.proposer = msg.sender;\n        p.proofHash = keccak256(proof);\n\n        if (policy.requiresProof) {\n            require(proof.length != 0, ProofRequired());\n            bool ok = ISlashVerifier(policy.proofVerifier).verify(\n                proposalId,\n                proof\n            );\n            require(ok, InvalidProof());\n            p.proofVerified = true;\n        }\n\n        emit SlashProposed(\n            proposalId,\n            operator,\n            reason,\n            policy.ticketPenalty,\n            policy.licensePenalty,\n            executableAt,\n            msg.sender\n        );\n    }\n\n    /// @inheritdoc ISlashingManager\n    function executeSlash(uint256 proposalId) external {\n        require(proposalId < totalProposals, InvalidProposal());\n        SlashProposal storage p = _proposals[proposalId];\n\n        // Has already been executed?\n        require(!p.executed, AlreadyExecuted());\n        p.executed = true;\n\n        SlashPolicy memory policy = slashPolicies[p.reason];\n\n        if (policy.requiresProof) {\n            // Appeal window is 0 by policy validation, so we dont check for appeal gating\n            require(p.proofVerified, InvalidProof());\n        } else {\n            // Evidence mode with appeals\n            require(block.timestamp >= p.executableAt, AppealWindowActive());\n            if (p.appealed) {\n                require(p.resolved, AppealPending());\n                require(!p.appealUpheld, AppealUpheld()); // approved = appeal upheld => cancel slash, return?\n            }\n        }\n\n        if (p.ticketAmount > 0) {\n            bondingRegistry.slashTicketBalance(\n                p.operator,\n                p.ticketAmount,\n                p.reason\n            );\n        }\n\n        if (p.licenseAmount > 0) {\n            bondingRegistry.slashLicenseBond(\n                p.operator,\n                p.licenseAmount,\n                p.reason\n            );\n        }\n\n        if (policy.banNode) {\n            banned[p.operator] = true;\n            emit NodeBanUpdated(p.operator, true, p.reason, msg.sender);\n        }\n\n        emit SlashExecuted(\n            proposalId,\n            p.operator,\n            p.reason,\n            p.ticketAmount,\n            p.licenseAmount,\n            p.executed\n        );\n    }\n\n    // ======================\n    // Appeal Functions\n    // ======================\n\n    /// @inheritdoc ISlashingManager\n    function fileAppeal(uint256 proposalId, string calldata evidence) external {\n        require(proposalId < totalProposals, InvalidProposal());\n        // TODO: Should we reject the appeal if the proposal has a cryptographic proof?\n        SlashProposal storage p = _proposals[proposalId];\n\n        // Only the accused can appeal\n        require(msg.sender == p.operator, Unauthorized());\n        // Only in the window\n        require(block.timestamp < p.executableAt, AppealWindowExpired());\n        // Only once\n        require(!p.appealed, AlreadyAppealed());\n\n        p.appealed = true;\n\n        emit AppealFiled(proposalId, p.operator, p.reason, evidence);\n    }\n\n    /// @inheritdoc ISlashingManager\n    function resolveAppeal(\n        uint256 proposalId,\n        bool appealUpheld,\n        string calldata resolution\n    ) external onlyGovernance {\n        require(proposalId < totalProposals, InvalidProposal());\n        SlashProposal storage p = _proposals[proposalId];\n\n        require(p.appealed, InvalidProposal());\n        require(!p.resolved, AlreadyResolved());\n\n        p.resolved = true;\n        p.appealUpheld = appealUpheld; // true => cancel slash, false => slash stands\n\n        emit AppealResolved(\n            proposalId,\n            p.operator,\n            appealUpheld,\n            msg.sender,\n            resolution\n        );\n    }\n\n    // ======================\n    // Ban Management\n    // ======================\n\n    /// @inheritdoc ISlashingManager\n    function updateBanStatus(\n        address node,\n        bool status,\n        bytes32 reason\n    ) external onlyGovernance {\n        require(node != address(0), ZeroAddress());\n\n        banned[node] = status;\n        emit NodeBanUpdated(node, status, reason, msg.sender);\n    }\n}\n"
+      },
+      "project/contracts/test/MockCiphernodeRegistry.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { ICiphernodeRegistry } from \"../interfaces/ICiphernodeRegistry.sol\";\n\ncontract MockCiphernodeRegistry is ICiphernodeRegistry {\n    function requestCommittee(\n        uint256,\n        uint256,\n        uint32[2] calldata\n    ) external pure returns (bool success) {\n        success = true;\n    }\n\n    function isEnabled(address) external pure returns (bool) {\n        return true;\n    }\n\n    function committeePublicKey(uint256 e3Id) external pure returns (bytes32) {\n        if (e3Id == type(uint256).max) {\n            return bytes32(0);\n        } else {\n            return keccak256(abi.encode(e3Id));\n        }\n    }\n\n    function isCiphernodeEligible(address) external pure returns (bool) {\n        return false;\n    }\n\n    // solhint-disable-next-line no-empty-blocks\n    function addCiphernode(address) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function removeCiphernode(address, uint256[] calldata) external pure {}\n\n    function publishCommittee(\n        uint256,\n        address[] calldata,\n        bytes calldata\n    ) external pure {} // solhint-disable-line no-empty-blocks\n\n    function getCommitteeNodes(\n        uint256\n    ) external pure returns (address[] memory) {\n        address[] memory nodes = new address[](0);\n        return nodes;\n    }\n\n    function root() external pure returns (uint256) {\n        return 0;\n    }\n\n    function rootAt(uint256) external pure returns (uint256) {\n        return 0;\n    }\n\n    function treeSize() external pure returns (uint256) {\n        return 0;\n    }\n\n    function getBondingRegistry() external pure returns (address) {\n        return address(0);\n    }\n\n    // solhint-disable-next-line no-empty-blocks\n    function setEnclave(address) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function setBondingRegistry(address) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function submitTicket(uint256, uint256) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function finalizeCommittee(uint256) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function setSortitionSubmissionWindow(uint256) external pure {}\n\n    function isOpen(uint256) external pure returns (bool) {\n        return false;\n    }\n}\n\ncontract MockCiphernodeRegistryEmptyKey is ICiphernodeRegistry {\n    function requestCommittee(\n        uint256,\n        uint256,\n        uint32[2] calldata\n    ) external pure returns (bool success) {\n        success = true;\n    }\n\n    function isEnabled(address) external pure returns (bool) {\n        return true;\n    }\n\n    function committeePublicKey(uint256) external pure returns (bytes32) {\n        return bytes32(0);\n    }\n\n    function isCiphernodeEligible(address) external pure returns (bool) {\n        return false;\n    }\n\n    // solhint-disable-next-line no-empty-blocks\n    function addCiphernode(address) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function removeCiphernode(address, uint256[] calldata) external pure {}\n\n    function publishCommittee(\n        uint256,\n        address[] calldata,\n        bytes calldata\n    ) external pure {} // solhint-disable-line no-empty-blocks\n\n    function getCommitteeNodes(\n        uint256\n    ) external pure returns (address[] memory) {\n        address[] memory nodes = new address[](0);\n        return nodes;\n    }\n\n    function root() external pure returns (uint256) {\n        return 0;\n    }\n\n    function rootAt(uint256) external pure returns (uint256) {\n        return 0;\n    }\n\n    function treeSize() external pure returns (uint256) {\n        return 0;\n    }\n\n    function getBondingRegistry() external pure returns (address) {\n        return address(0);\n    }\n\n    // solhint-disable-next-line no-empty-blocks\n    function setEnclave(address) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function setBondingRegistry(address) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function setSortitionSubmissionWindow(uint256) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function submitTicket(uint256, uint256) external pure {}\n\n    // solhint-disable-next-line no-empty-blocks\n    function finalizeCommittee(uint256) external pure {}\n\n    function isOpen(uint256) external pure returns (bool) {\n        return false;\n    }\n}\n"
+      },
+      "project/contracts/test/MockComputeProvider.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport {\n    IComputeProvider,\n    IDecryptionVerifier\n} from \"../interfaces/IComputeProvider.sol\";\n\ncontract MockComputeProvider is IComputeProvider {\n    error InvalidParams();\n\n    function validate(\n        uint256,\n        uint256,\n        bytes memory params\n    ) external pure returns (IDecryptionVerifier decryptionVerifier) {\n        require(params.length == 32, InvalidParams());\n        // solhint-disable no-inline-assembly\n        assembly {\n            decryptionVerifier := mload(add(params, 32))\n        }\n        (decryptionVerifier) = abi.decode(params, (IDecryptionVerifier));\n    }\n}\n"
+      },
+      "project/contracts/test/MockDecryptionVerifier.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { IDecryptionVerifier } from \"../interfaces/IDecryptionVerifier.sol\";\n\ncontract MockDecryptionVerifier is IDecryptionVerifier {\n    function verify(\n        uint256,\n        bytes32,\n        bytes memory data\n    ) external pure returns (bool success) {\n        data;\n\n        if (data.length > 0) success = true;\n    }\n}\n"
+      },
+      "project/contracts/test/MockE3Program.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { IE3Program } from \"../interfaces/IE3Program.sol\";\n\ncontract MockE3Program is IE3Program {\n    error InvalidParams(bytes e3ProgramParams, bytes computeProviderParams);\n    error E3AlreadyInitialized();\n\n    bytes32 public constant ENCRYPTION_SCHEME_ID = keccak256(\"fhe.rs:BFV\");\n\n    mapping(uint256 e3Id => bytes32 paramsHash) public paramsHashes;\n\n    error InvalidInput();\n\n    function validate(\n        uint256 e3Id,\n        uint256,\n        bytes calldata e3ProgramParams,\n        bytes calldata computeProviderParams\n    ) external returns (bytes32) {\n        require(\n            computeProviderParams.length == 32,\n            InvalidParams(e3ProgramParams, computeProviderParams)\n        );\n\n        require(paramsHashes[e3Id] == bytes32(0), E3AlreadyInitialized());\n        paramsHashes[e3Id] = keccak256(e3ProgramParams);\n        return ENCRYPTION_SCHEME_ID;\n    }\n\n    function validateInput(\n        uint256,\n        address sender,\n        bytes memory data\n    ) external pure {\n        if (data.length == 3 || sender == address(0)) {\n            revert InvalidInput();\n        }\n    }\n\n    function verify(\n        uint256,\n        bytes32,\n        bytes memory data\n    ) external pure returns (bool success) {\n        data;\n        if (data.length > 0) success = true;\n    }\n}\n"
+      },
+      "project/contracts/test/MockSlashingVerifier.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { ISlashVerifier } from \"../interfaces/ISlashVerifier.sol\";\n\ncontract MockSlashingVerifier is ISlashVerifier {\n    function verify(\n        uint256,\n        bytes memory data\n    ) external pure returns (bool success) {\n        data;\n\n        if (data.length > 0) success = true;\n    }\n}\n"
+      },
+      "project/contracts/test/MockStableToken.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity >=0.8.27;\n\nimport { ERC20 } from \"@openzeppelin/contracts/token/ERC20/ERC20.sol\";\nimport { Ownable } from \"@openzeppelin/contracts/access/Ownable.sol\";\n\ncontract MockUSDC is ERC20, Ownable {\n    uint8 private _decimals;\n\n    constructor(\n        uint256 initialSupply\n    ) ERC20(\"USD Coin\", \"USDC\") Ownable(msg.sender) {\n        _decimals = 6;\n        _mint(msg.sender, initialSupply * 10 ** _decimals);\n    }\n\n    function decimals() public view override returns (uint8) {\n        return _decimals;\n    }\n\n    function mint(address to, uint256 amount) external {\n        _mint(to, amount);\n    }\n}\n"
+      },
+      "project/contracts/token/EnclaveTicketToken.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\npragma solidity ^0.8.27;\n\nimport { ERC20 } from \"@openzeppelin/contracts/token/ERC20/ERC20.sol\";\nimport { IERC20 } from \"@openzeppelin/contracts/token/ERC20/IERC20.sol\";\nimport {\n    SafeERC20\n} from \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nimport {\n    ERC20Wrapper\n} from \"@openzeppelin/contracts/token/ERC20/extensions/ERC20Wrapper.sol\";\nimport {\n    ERC20Permit\n} from \"@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol\";\nimport {\n    ERC20Votes\n} from \"@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol\";\nimport { Ownable } from \"@openzeppelin/contracts/access/Ownable.sol\";\nimport { Nonces } from \"@openzeppelin/contracts/utils/Nonces.sol\";\n\n/**\n * @title EnclaveTicketToken (ETK)\n * @notice Non-transferable, non-delegatable ERC20Votes wrapper over a stablecoin for operator staking\n * @dev ERC20 wrapper token that represents staked stablecoins (e.g., USDC, DAI) used for operator\n *      bonding in the Enclave protocol. Implements voting power tracking through ERC20Votes but\n *      prevents transfers between users and manual delegation. Deposits automatically delegate to\n *      self to enable voting power tracking. Only the designated registry contract can mint\n *      (deposit) and burn (withdraw) tokens.\n */\ncontract EnclaveTicketToken is\n    ERC20,\n    ERC20Permit,\n    ERC20Votes,\n    Ownable,\n    ERC20Wrapper\n{\n    using SafeERC20 for IERC20;\n    // Custom errors\n\n    /// @notice Thrown when a function is called by an address other than the registry\n    error NotRegistry();\n\n    /// @notice Thrown when attempting to transfer tokens between non-zero addresses\n    error TransferNotAllowed();\n\n    /// @notice Thrown when a zero address is provided where a valid address is required\n    error ZeroAddress();\n\n    /// @notice Thrown when attempting to manually delegate voting power\n    error DelegationLocked();\n\n    /// @notice Address of the registry contract authorized to mint, burn, and manage ticket tokens\n    /// @dev Only this contract can call restricted functions like depositFor, withdrawTo, burnTickets, and payout\n    address public registry;\n\n    /// @notice Restricts function access to only the registry contract\n    /// @dev Reverts with NotRegistry if caller is not the registry address\n    modifier onlyRegistry() {\n        if (msg.sender != registry) revert NotRegistry();\n        _;\n    }\n\n    /**\n     * @notice Initializes the Enclave Ticket Token with name \"Enclave Ticket Token\" and symbol \"ETK\"\n     * @dev Sets up the token as an ERC20 wrapper around the provided base token (stablecoin).\n     *      Initializes voting and permit functionality. The decimals will match the base token.\n     * @param baseToken The underlying ERC20 stablecoin to wrap (e.g., USDC, DAI)\n     * @param registry_ Address of the registry contract that will manage deposits and withdrawals\n     * @param initialOwner_ Address that will own the contract and can update the registry\n     */\n    constructor(\n        IERC20 baseToken,\n        address registry_,\n        address initialOwner_\n    )\n        ERC20(\"Enclave Ticket Token\", \"ETK\")\n        ERC20Permit(\"Enclave Ticket Token\")\n        ERC20Wrapper(baseToken)\n        Ownable(initialOwner_)\n    {\n        setRegistry(registry_);\n    }\n\n    /**\n     * @notice Updates the registry contract address\n     * @dev Only callable by the contract owner. The new registry address cannot be zero.\n     *      This function grants the new registry exclusive rights to mint, burn, and manage tokens.\n     * @param newRegistry Address of the new registry contract (must not be zero address)\n     */\n    function setRegistry(address newRegistry) public onlyOwner {\n        require(newRegistry != address(0), ZeroAddress());\n        registry = newRegistry;\n    }\n\n    /**\n     * @notice Deposits underlying tokens from the registry and mints ticket tokens to an operator\n     * @dev Only callable by the registry contract. Transfers underlying tokens from the registry to\n     *      this contract and mints an equivalent amount of ticket tokens. Automatically delegates\n     *      voting power to the operator on their first deposit to enable voting power tracking.\n     * @param operator Address to receive the minted ticket tokens\n     * @param amount Number of underlying tokens to deposit and ticket tokens to mint\n     * @return success True if the deposit and minting succeeded\n     */\n    function depositFor(\n        address operator,\n        uint256 amount\n    ) public override onlyRegistry returns (bool success) {\n        success = super.depositFor(operator, amount);\n\n        // Auto-delegate on first deposit to track voting power\n        if (delegates(operator) == address(0)) {\n            _delegate(operator, operator);\n        }\n    }\n\n    /**\n     * @notice Deposits underlying tokens from a specified account and mints ticket tokens to another account\n     * @dev Only callable by the registry contract. Transfers underlying tokens from the 'from' address\n     *      to this contract and mints ticket tokens to the 'to' address. Useful for scenarios where\n     *      the source and destination differ. Automatically delegates voting power to recipient on\n     *      their first deposit.\n     * @param from Address to transfer underlying tokens from (must have approved this contract)\n     * @param to Address to receive the minted ticket tokens\n     * @param amount Number of underlying tokens to deposit and ticket tokens to mint\n     * @return bool True if the deposit and minting succeeded\n     */\n    function depositFrom(\n        address from,\n        address to,\n        uint256 amount\n    ) external onlyRegistry returns (bool) {\n        SafeERC20.safeTransferFrom(\n            IERC20(address(underlying())),\n            from,\n            address(this),\n            amount\n        );\n        _mint(to, amount);\n        if (delegates(to) == address(0)) _delegate(to, to);\n        return true;\n    }\n\n    /**\n     * @notice Burns ticket tokens from the registry and transfers underlying tokens to a receiver\n     * @dev Only callable by the registry contract. Burns ticket tokens from the registry's balance\n     *      and transfers an equivalent amount of underlying tokens to the receiver address. Used\n     *      when operators unstake their tokens.\n     * @param receiver Address to receive the underlying tokens\n     * @param amount Number of ticket tokens to burn and underlying tokens to transfer\n     * @return success True if the burn and transfer succeeded\n     */\n    function withdrawTo(\n        address receiver,\n        uint256 amount\n    ) public override onlyRegistry returns (bool success) {\n        return super.withdrawTo(receiver, amount);\n    }\n\n    /**\n     * @notice Burns ticket tokens from an operator's balance without transferring underlying tokens\n     * @dev Only callable by the registry contract. Used for slashing or penalizing operators where\n     *      the underlying tokens should remain in the contract or be handled separately. Does not\n     *      return underlying tokens to the operator.\n     * @param operator Address whose ticket tokens will be burned\n     * @param amount Number of ticket tokens to burn from the operator's balance\n     */\n    function burnTickets(\n        address operator,\n        uint256 amount\n    ) external onlyRegistry {\n        _burn(operator, amount);\n    }\n\n    /**\n     * @notice Transfer underlying tokens to an address without burning ticket tokens.\n     * @dev Only callable by the registry contract.\n     * @param to Address to payout to.\n     * @param amount Amount of ticket tokens to payout.\n     */\n    function payout(address to, uint256 amount) external onlyRegistry {\n        SafeERC20.safeTransfer(IERC20(address(underlying())), to, amount);\n    }\n\n    /**\n     * @dev Override ERC20Votes update hook to prevent transfers between users.\n     */\n    function _update(\n        address from,\n        address to,\n        uint256 value\n    ) internal override(ERC20, ERC20Votes) {\n        if (from != address(0) && to != address(0)) {\n            revert TransferNotAllowed();\n        }\n        super._update(from, to, value);\n    }\n\n    /**\n     * @dev Prevent delegation of voting power.\n     */\n    function delegate(address) public pure override {\n        revert DelegationLocked();\n    }\n\n    /**\n     * @dev Prevent delegation of voting power via signature.\n     */\n    function delegateBySig(\n        address,\n        uint256,\n        uint256,\n        uint8,\n        bytes32,\n        bytes32\n    ) public pure override {\n        revert DelegationLocked();\n    }\n\n    /**\n     * @dev Expose decimals from the underlying token.\n     */\n    function decimals()\n        public\n        view\n        override(ERC20, ERC20Wrapper)\n        returns (uint8)\n    {\n        return super.decimals();\n    }\n\n    /**\n     * @dev Expose permit nonces via both ERC20Permit and OpenZeppelin Nonces.\n     */\n    function nonces(\n        address owner\n    ) public view override(ERC20Permit, Nonces) returns (uint256) {\n        return super.nonces(owner);\n    }\n}\n"
+      },
+      "project/contracts/token/EnclaveToken.sol": {
+        "content": "// SPDX-License-Identifier: LGPL-3.0-only\n//\n// This file is provided WITHOUT ANY WARRANTY;\n// without even the implied warranty of MERCHANTABILITY\n// or FITNESS FOR A PARTICULAR PURPOSE.\n\npragma solidity >=0.8.27;\n\nimport { ERC20 } from \"@openzeppelin/contracts/token/ERC20/ERC20.sol\";\nimport {\n    ERC20Permit,\n    Nonces\n} from \"@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol\";\nimport {\n    ERC20Votes\n} from \"@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol\";\nimport { Ownable } from \"@openzeppelin/contracts/access/Ownable.sol\";\nimport {\n    AccessControl\n} from \"@openzeppelin/contracts/access/AccessControl.sol\";\n\n/**\n * @title EnclaveToken\n * @notice The governance and utility token for the Enclave protocol\n * @dev ERC20 token with voting capabilities, permit functionality, and controlled minting.\n *      Implements transfer restrictions that can be toggled by the owner to control token\n *      transferability during early phases. Supports a maximum supply cap and role-based\n *      minting through the MINTER_ROLE.\n */\ncontract EnclaveToken is\n    ERC20,\n    ERC20Permit,\n    ERC20Votes,\n    Ownable,\n    AccessControl\n{\n    // Custom errors\n\n    /// @notice Thrown when a zero address is provided where a valid address is required\n    error ZeroAddress();\n\n    /// @notice Thrown when attempting to mint zero tokens\n    error ZeroAmount();\n\n    /// @notice Thrown when minting would exceed the maximum token supply\n    error ExceedsTotalSupply();\n\n    /// @notice Thrown when array parameters have mismatched lengths\n    error ArrayLengthMismatch();\n\n    /// @notice Thrown when a transfer is attempted while restrictions are active and neither party is whitelisted\n    error TransferNotAllowed();\n\n    /// @notice Maximum supply of the token: 1.2 billion tokens with 18 decimals\n    /// @dev Hard cap on total token supply that cannot be exceeded through minting\n    uint256 public constant MAX_SUPPLY = 1_200_000_000e18;\n\n    /// @notice Role identifier for accounts authorized to mint new tokens\n    /// @dev Keccak256 hash of \"MINTER_ROLE\" used in AccessControl\n    bytes32 public constant MINTER_ROLE = keccak256(\"MINTER_ROLE\");\n\n    /// @notice Tracks the cumulative amount of tokens minted since deployment\n    /// @dev Incremented with each mint operation to enforce MAX_SUPPLY cap\n    uint256 public totalMinted;\n\n    /// @notice Mapping of addresses permitted to transfer tokens when restrictions are active\n    /// @dev When transfersRestricted is true, only whitelisted addresses can send or receive tokens\n    mapping(address account => bool allowed) public transferWhitelisted;\n\n    /// @notice Indicates whether token transfers are currently restricted\n    /// @dev When true, only whitelisted addresses can transfer tokens\n    bool public transfersRestricted;\n\n    /// @notice Emitted when tokens are minted as part of a named allocation\n    /// @param recipient Address receiving the minted tokens\n    /// @param amount Number of tokens minted (18 decimals)\n    /// @param allocation Description of the allocation for tracking purposes\n    event AllocationMinted(\n        address indexed recipient,\n        uint256 amount,\n        string allocation\n    );\n\n    /// @notice Emitted when the transfer restriction setting is changed\n    /// @param restricted New state of transfer restrictions (true = restricted, false = unrestricted)\n    event TransferRestrictionUpdated(bool restricted);\n\n    /// @notice Emitted when an address is added to or removed from the transfer whitelist\n    /// @param account Address whose whitelist status changed\n    /// @param whitelisted New whitelist status (true = whitelisted, false = not whitelisted)\n    event TransferWhitelistUpdated(address indexed account, bool whitelisted);\n\n    /**\n     * @notice Initializes the Enclave token with name \"Enclave\" and symbol \"ENCL\"\n     * @dev Sets up the token with voting and permit functionality. Grants admin and minter\n     *      roles to the owner, enables transfer restrictions, and whitelists the owner.\n     * @param _owner Address that will own the contract and receive DEFAULT_ADMIN_ROLE and MINTER_ROLE\n     */\n    constructor(\n        address _owner\n    ) ERC20(\"Enclave\", \"ENCL\") ERC20Permit(\"Enclave\") Ownable(_owner) {\n        // Grant the deployer all admin roles.\n        _grantRole(DEFAULT_ADMIN_ROLE, _owner);\n        _grantRole(MINTER_ROLE, _owner);\n\n        // Initialise state variables.\n        transfersRestricted = true;\n        transferWhitelisted[_owner] = true;\n\n        emit TransferRestrictionUpdated(true);\n        emit TransferWhitelistUpdated(_owner, true);\n    }\n\n    /**\n     * @notice Mints a named allocation of tokens to a specified recipient\n     * @dev Only callable by accounts with MINTER_ROLE. Reverts if recipient is zero address,\n     *      amount is zero, or minting would exceed MAX_SUPPLY. Updates totalMinted tracker.\n     * @param recipient Address to receive the minted tokens (cannot be zero address)\n     * @param amount Number of tokens to mint in wei (18 decimals, must be greater than zero)\n     * @param allocation Human-readable description of this allocation for tracking and auditing purposes\n     */\n    function mintAllocation(\n        address recipient,\n        uint256 amount,\n        string memory allocation\n    ) external onlyRole(MINTER_ROLE) {\n        if (recipient == address(0)) revert ZeroAddress();\n        if (amount == 0) revert ZeroAmount();\n        // Ensure we do not exceed the total supply.\n        if (totalMinted + amount > MAX_SUPPLY) revert ExceedsTotalSupply();\n\n        _mint(recipient, amount);\n        totalMinted += amount;\n        emit AllocationMinted(recipient, amount, allocation);\n    }\n\n    /**\n     * @notice Mints multiple named allocations to different recipients in a single transaction\n     * @dev Only callable by accounts with MINTER_ROLE. All arrays must have the same length.\n     *      Reverts if any amount is zero or if the cumulative minting would exceed MAX_SUPPLY.\n     *      Gas-efficient for distributing tokens to multiple addresses.\n     * @param recipients Array of addresses to receive minted tokens\n     * @param amounts Array of token amounts to mint (18 decimals, must match recipients length)\n     * @param allocations Array of allocation descriptions (must match recipients length)\n     */\n    function batchMintAllocations(\n        address[] calldata recipients,\n        uint256[] calldata amounts,\n        string[] calldata allocations\n    ) external onlyRole(MINTER_ROLE) {\n        uint256 len = recipients.length;\n        if (amounts.length != len || allocations.length != len) {\n            revert ArrayLengthMismatch();\n        }\n\n        uint256 minted = totalMinted;\n\n        for (uint256 i = 0; i < len; i++) {\n            address recipient = recipients[i];\n            uint256 amount = amounts[i];\n            if (amount == 0) revert ZeroAmount();\n\n            if (amount > MAX_SUPPLY - minted) revert ExceedsTotalSupply();\n            minted += amount;\n\n            _mint(recipient, amount);\n            emit AllocationMinted(recipient, amount, allocations[i]);\n        }\n\n        totalMinted = minted;\n    }\n\n    /**\n     * @notice Enables or disables transfer restrictions for the token\n     * @dev Only callable by the contract owner. When restrictions are enabled, only whitelisted\n     *      addresses can send or receive tokens. Useful for controlling token circulation during\n     *      early phases before public trading.\n     * @param restricted True to enable restrictions, false to allow unrestricted transfers\n     */\n    function setTransferRestriction(bool restricted) external onlyOwner {\n        transfersRestricted = restricted;\n        emit TransferRestrictionUpdated(restricted);\n    }\n\n    /**\n     * @notice Toggles an account's transfer whitelist status between enabled and disabled\n     * @dev Only callable by the contract owner. Flips the current whitelist state for the given\n     *      account. Whitelisted accounts can send and receive tokens even when transfer restrictions\n     *      are active.\n     * @param account Address whose whitelist status will be toggled\n     */\n    function toggleTransferWhitelist(address account) external onlyOwner {\n        bool newStatus = !transferWhitelisted[account];\n        transferWhitelisted[account] = newStatus;\n        emit TransferWhitelistUpdated(account, newStatus);\n    }\n\n    /**\n     * @notice Whitelists key protocol contracts to allow them to transfer tokens during restricted periods\n     * @dev Only callable by the contract owner. Convenience function for whitelisting multiple protocol\n     *      contracts in a single transaction. Zero addresses are safely ignored. Typically used to whitelist\n     *      contracts like bonding managers and vesting escrows that need to handle tokens on behalf of users.\n     * @param bondingManager Address of the BondingManager contract (zero address skipped)\n     * @param vestingEscrow Address of the VestingEscrow contract (zero address skipped)\n     */\n    function whitelistContracts(\n        address bondingManager,\n        address vestingEscrow\n    ) external onlyOwner {\n        if (bondingManager != address(0)) {\n            transferWhitelisted[bondingManager] = true;\n            emit TransferWhitelistUpdated(bondingManager, true);\n        }\n        if (vestingEscrow != address(0)) {\n            transferWhitelisted[vestingEscrow] = true;\n            emit TransferWhitelistUpdated(vestingEscrow, true);\n        }\n    }\n\n    /**\n     * @notice Internal hook that enforces transfer restrictions and updates voting power\n     * @dev Overrides ERC20 and ERC20Votes to add transfer restriction logic. Reverts if transfers\n     *      are restricted and neither sender nor receiver is whitelisted. Minting (from == 0) and\n     *      burning (to == 0) are always allowed regardless of restrictions.\n     * @param from Address sending tokens (zero address for minting)\n     * @param to Address receiving tokens (zero address for burning)\n     * @param value Amount of tokens being transferred\n     */\n    function _update(\n        address from,\n        address to,\n        uint256 value\n    ) internal override(ERC20, ERC20Votes) {\n        // When transfers are restricted, only whitelisted addresses can send or receive.\n        if (from != address(0) && to != address(0) && transfersRestricted) {\n            if (!transferWhitelisted[from] && !transferWhitelisted[to]) {\n                revert TransferNotAllowed();\n            }\n        }\n        super._update(from, to, value);\n    }\n\n    /**\n     * @notice Checks if this contract implements a given interface\n     * @dev Implements ERC165 interface detection via AccessControl\n     * @param interfaceId The interface identifier to check, as specified in ERC-165\n     * @return bool True if the contract implements the interface, false otherwise\n     */\n    function supportsInterface(\n        bytes4 interfaceId\n    ) public view override(AccessControl) returns (bool) {\n        return super.supportsInterface(interfaceId);\n    }\n\n    /**\n     * @notice Returns the current nonce for an address, used for permit signatures\n     * @dev Resolves the override conflict between ERC20Permit and Nonces by calling the parent\n     *      implementation. Nonces are incremented with each permit to prevent replay attacks.\n     * @param owner Address to query the nonce for\n     * @return uint256 The current nonce value for the given address\n     */\n    function nonces(\n        address owner\n    ) public view override(ERC20Permit, Nonces) returns (uint256) {\n        return super.nonces(owner);\n    }\n}\n"
+      }
+    }
+  }
+}