npm - @ensuro/access-managed-proxy - Versions diffs - 0.1.0 → 0.3.0 - Mend

@ensuro/access-managed-proxy 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/contracts/AccessManagedProxy.sol CHANGED Viewed

@@ -1,85 +1,73 @@
-// SPDX-License-Identifier: MIT
+// SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.0;
-import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
 import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
+import {IAccessManagedProxy} from "./interfaces/IAccessManagedProxy.sol";
+import {AccessManagedProxyBase} from "./AccessManagedProxyBase.sol";
+import {AMPUtils} from "./AMPUtils.sol";
 /**
  * @title AccessManagedProxy
- * @notice Proxy contract using IAccessManager to manage access control before delegating calls.
+ * @notice Proxy contract using IAccessManager to manage access control before delegating calls (mutable version)
  * @dev It's a variant of ERC1967Proxy.
  *
- *      Currently the check is executed on any call received by the proxy contract even calls to view methods
- *      (staticcall). In the setup of the ACCESS_MANAGER permissions you would want to make all the views and pure
- *      functions enabled for the PUBLIC_ROLE.
+ *      Currently the check is executed on any call received by the proxy contract (even calls to view methods, i.e.
+ *      staticcall). For gas efficiency, you can also have `passThruMethods`, and for those methods it will skip
+ *      the call to the AccessManager, calling directly to the implementation contract.
  *
- *      For gas efficiency, the ACCESS_MANAGER is immutable, so take care you don't lose control of it, otherwise
- *      it will make your contract inaccesible or other bad things will happen.
+ *      The accessManager and the passThruMethods are in the storage, but this contract doesn't include any method
+ *      to modify them. They should be modified by the implementation contract (check AMPUtils for functions that
+ *      encapsulate these operations).
  *
  *      Check https://forum.openzeppelin.com/t/accessmanagedproxy-is-a-good-idea/41917 for a discussion on the
- *      advantages and disadvantages of using it.
+ *      advantages and disadvantages of using it. Also https://www.youtube.com/watch?v=DKdwJ9Ap9vM for a presentation
+ *      on this approach.
  *
  * @custom:security-contact security@ensuro.co
  * @author Ensuro
  */
-contract AccessManagedProxy is ERC1967Proxy {
-  /**
-   * @notice AccessManager contract that handles the permissions to access the implementation methods
-   */
-  IAccessManager public immutable ACCESS_MANAGER;
-  // Error copied from IAccessManaged
-  error AccessManagedUnauthorized(address caller);
+contract AccessManagedProxy is AccessManagedProxyBase {
+  /// @custom:storage-location erc7201:ensuro.storage.AccessManagedProxy
+  /// For struct AMPUtils.AccessManagedProxyStorage
   /**
    * @notice Constructor of the proxy, defining the implementation and the access manager
    * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation` and
-   *      with `manager` as the ACCESS_MANAGER that will handle access control.
+   *      with `accessManager` as the ACCESS_MANAGER that will handle access control.
    *
    * @param implementation The initial implementation contract.
    * @param _data If nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
    *              encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
-   * @param manager The access manager that will handle access control
+   * @param accessManager The access manager that will handle access control
+   * @param passThruMethods The selector of methods that will skip the access control validation, typically used for
+   *                        views and other methods for gas optimization.
    *
-   * Requirements:
-   *
-   * - If `data` is empty, `msg.value` must be zero.
+   * @custom:pre If `_data` is empty, `msg.value` must be zero.
    */
   constructor(
     address implementation,
     bytes memory _data,
-    IAccessManager manager
-  ) payable ERC1967Proxy(implementation, _data) {
-    ACCESS_MANAGER = manager;
+    IAccessManager accessManager,
+    bytes4[] memory passThruMethods
+  ) payable AccessManagedProxyBase(implementation, _data) {
+    AMPUtils.setAccessManager(accessManager);
+    AMPUtils.setPassThruMethods(passThruMethods);
   }
-  /**
-   * @notice Intercepts the super._delegate call to implement access control
-   * @dev Checks with the ACCESS_MANAGER if msg.sender is authorized to call the current call's function,
-   * and if so, delegates the current call to `implementation`.
-   * @param implementation The implementation contract
-   *
-   * This function does not return to its internal call site, it will return directly to the external caller.
-   */
-  function _delegate(address implementation) internal virtual override {
-    bytes4 selector = bytes4(msg.data[0:4]);
-    bool immediate = _skipAC(selector); // reuse immediate variable both for skipped methods and canCall result
-    if (!immediate) {
-      (immediate, ) = ACCESS_MANAGER.canCall(msg.sender, address(this), selector);
-      if (!immediate) revert AccessManagedUnauthorized(msg.sender);
-    }
-    super._delegate(implementation);
+  /// @inheritdoc AccessManagedProxyBase
+  function _skipAC(bytes4 selector) internal view override returns (bool) {
+    return AMPUtils.getAccessManagedProxyStorage().skipAc[selector];
   }
-  /**
-   * @notice Returns whether to skip the access control validation or not
-   * @dev Hook called before ACCESS_MANAGER.canCall to enable skipping the call to the access manager for performance
-   *      reasons (for example on views) or to remove access control for other specific cases
-   * @param selector The selector of the method called
-   * @return Whether the access control using ACCESS_MANAGER should be skipped or not
-   */
-  // solhint-disable-next-line no-unused-vars
-  function _skipAC(bytes4 selector) internal view virtual returns (bool) {
-    return false;
+  /// @inheritdoc IAccessManagedProxy
+  // solhint-disable-next-line func-name-mixedcase
+  function PASS_THRU_METHODS() external view override returns (bytes4[] memory methods) {
+    return AMPUtils.getAccessManagedProxyStorage().passThruMethods;
+  }
+  /// @inheritdoc IAccessManagedProxy
+  // solhint-disable-next-line func-name-mixedcase
+  function ACCESS_MANAGER() public view override returns (IAccessManager) {
+    return AMPUtils.getAccessManagedProxyStorage().accessManager;
   }
 }

package/contracts/AccessManagedProxyBase.sol ADDED Viewed

@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.0;
+import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
+import {IAccessManagedProxy} from "./interfaces/IAccessManagedProxy.sol";
+/**
+ * @title AccessManagedProxyBase
+ * @notice Proxy contract using IAccessManager to manage access control before delegating calls.
+ * @dev It's a variant of ERC1967Proxy.
+ *
+ *      Currently the check is executed on any call received by the proxy contract even calls to view methods
+ *      (staticcall). In the setup of the ACCESS_MANAGER permissions you would want to make all the views and pure
+ *      functions enabled for the PUBLIC_ROLE.
+ *
+ *      This base contract delegates on descendent contracts the storage of the ACCESS_MANAGER.
+ *
+ *      Check https://forum.openzeppelin.com/t/accessmanagedproxy-is-a-good-idea/41917 for a discussion on the
+ *      advantages and disadvantages of using it.
+ *
+ * @custom:security-contact security@ensuro.co
+ * @author Ensuro
+ */
+abstract contract AccessManagedProxyBase is ERC1967Proxy, IAccessManagedProxy {
+  /**
+   * @notice Constructor of the proxy, defining the implementation and the access manager
+   * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation` and
+   *      with `manager` as the ACCESS_MANAGER that will handle access control.
+   *
+   * @param implementation The initial implementation contract.
+   * @param _data If nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
+   *              encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
+   *
+   * @custom:pre If `_data` is empty, `msg.value` must be zero.
+   */
+  constructor(address implementation, bytes memory _data) payable ERC1967Proxy(implementation, _data) {}
+  /// @inheritdoc IAccessManagedProxy
+  // solhint-disable-next-line func-name-mixedcase
+  function ACCESS_MANAGER() public view virtual returns (IAccessManager);
+  /// @inheritdoc IAccessManagedProxy
+  function authority() external view virtual returns (address) {
+    return address(ACCESS_MANAGER());
+  }
+  /**
+   * @notice Intercepts the super._delegate call to implement access control
+   * @dev Checks with the ACCESS_MANAGER if msg.sender is authorized to call the current call's function,
+   * and if so, delegates the current call to `implementation`.
+   * @param implementation The implementation contract
+   *
+   * This function does not return to its internal call site, it will return directly to the external caller.
+   */
+  function _delegate(address implementation) internal virtual override {
+    bytes4 selector = bytes4(msg.data[0:4]);
+    bool immediate = _skipAC(selector); // reuse immediate variable both for skipped methods and canCall result
+    if (!immediate) {
+      (immediate, ) = ACCESS_MANAGER().canCall(msg.sender, address(this), selector);
+      if (!immediate) revert AccessManagedUnauthorized(msg.sender);
+    }
+    super._delegate(implementation);
+  }
+  /**
+   * @notice Returns whether to skip the access control validation or not
+   * @dev Hook called before ACCESS_MANAGER.canCall to enable skipping the call to the access manager for performance
+   *      reasons (for example on views) or to remove access control for other specific cases
+   * @param selector The selector of the method called
+   * @return Whether the access control using ACCESS_MANAGER should be skipped or not
+   */
+  function _skipAC(bytes4 selector) internal view virtual returns (bool);
+}

package/contracts/interfaces/IAccessManagedProxy.sol ADDED Viewed

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.28;
+import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
+/**
+ * @title IAccessManagedProxy - Interface of AccessManagedProxy contracts
+ * @notice This interface gives observability of the access control setup
+ *
+ * @dev The `ACCESS_MANAGER()` is the AccessManager contract that stores the access roles for most of the methods,
+ * except those listed in `PASS_THRU_METHODS()` that are forwarded directly to the proxy and don't have access control
+ * (at least not by the AccessManager contract).
+ *
+ * @author Ensuro
+ */
+interface IAccessManagedProxy {
+  /**
+   * @notice The ACCESS_MANAGER that manages the access controls was updated
+   * @dev Authority that manages this contract was updated. Uses same interface as OZ's IAccessManaged
+   */
+  // solhint-disable-next-line gas-indexed-events
+  event AuthorityUpdated(address authority);
+  /**
+   * @dev Emitted when the passThruMethods has changed.
+   */
+  event PassThruMethodsChanged(bytes4[] newPassThruMethods);
+  // Errors copied from OZ's IAccessManaged
+  error AccessManagedUnauthorized(address caller);
+  error AccessManagedInvalidAuthority(address authority);
+  /**
+   * @notice Returns the current authority.
+   * @dev Returns the current authority. Same as ACCESS_MANAGER(), added for compatibility with OZ's IAccessManaged
+   */
+  function authority() external view returns (address);
+  /**
+   * @notice AccessManager contract that handles the permissions to access the implementation methods
+   */
+  // solhint-disable-next-line func-name-mixedcase
+  function ACCESS_MANAGER() external view returns (IAccessManager);
+  /**
+   * @notice Gives observability to the methods that are skipped from access control
+   * @return methods The list of method selectors that skip ACCESS_MANAGER access control
+   */
+  // solhint-disable-next-line func-name-mixedcase
+  function PASS_THRU_METHODS() external view returns (bytes4[] memory methods);
+}

package/contracts/mock/DummyAccessManaged.sol ADDED Viewed

@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.16;
+import {UUPSUpgradeable} from "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
+import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
+/**
+ * @title Dummy implementation contract that supports upgrade and logs methods called
+ *
+ * @custom:security-contact security@ensuro.co
+ * @author Ensuro
+ */
+contract DummyAccessManaged is AccessManagedUpgradeable, UUPSUpgradeable {
+  event MethodCalled(bytes4 selector);
+  /// @custom:oz-upgrades-unsafe-allow constructor
+  constructor() {
+    _disableInitializers();
+  }
+  function initialize(address initialAuthority) public virtual initializer {
+    __AccessManaged_init(initialAuthority);
+  }
+  /// @inheritdoc UUPSUpgradeable
+  function _authorizeUpgrade(address newImplementation) internal override {}
+  // For making gas usage comparisons easier, I'm going to use different methods for each variant
+  function callThruAMP() external restricted {
+    emit MethodCalled(this.callThruAMP.selector);
+  }
+  function callThru1967() external {
+    emit MethodCalled(this.callThru1967.selector);
+  }
+  function callDirect() external {
+    emit MethodCalled(this.callDirect.selector);
+  }
+  function callThruAMPSkippedMethod() external {
+    emit MethodCalled(this.callThruAMPSkippedMethod.selector);
+  }
+  function callThruAMPNonSkippedMethod() external restricted {
+    emit MethodCalled(this.callThruAMPNonSkippedMethod.selector);
+  }
+  function viewMethod() external view returns (address) {
+    return msg.sender;
+  }
+  function pureMethod() external pure returns (uint256) {
+    return 123456;
+  }
+}

package/contracts/mock/DummyImplementation.sol CHANGED Viewed

@@ -1,7 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.16;
-import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
+import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
+import {UUPSUpgradeable} from "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
+import {Initializable} from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
+import {AMPUtils} from "../AMPUtils.sol";
 /**
  * @title Dummy implementation contract that supports upgrade and logs methods called
@@ -9,7 +12,7 @@ import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/U
  * @custom:security-contact security@ensuro.co
  * @author Ensuro
  */
-contract DummyImplementation is UUPSUpgradeable {
+contract DummyImplementation is UUPSUpgradeable, Initializable {
   event MethodCalled(bytes4 selector);
   /// @custom:oz-upgrades-unsafe-allow constructor
@@ -50,4 +53,18 @@ contract DummyImplementation is UUPSUpgradeable {
   function pureMethod() external pure returns (uint256) {
     return 123456;
   }
+  function setAuthority(address newAuthority) external {
+    AMPUtils.setAccessManager(IAccessManager(newAuthority));
+  }
+  function setPassThruMethods(bytes4[] memory newPTMethods) external {
+    AMPUtils.replacePassThruMethods(newPTMethods);
+  }
+  function checkCanCall(bytes memory something) external returns (bytes4 selector) {
+    selector = AMPUtils.makeSelector(something);
+    AMPUtils.checkCanCall(msg.sender, selector);
+    emit MethodCalled(selector);
+  }
 }

package/js/deployProxy.js ADDED Viewed

@@ -0,0 +1,69 @@
+const hre = require("hardhat");
+const { ethers } = hre;
+const { deploy: ozUpgradesDeploy } = require("@openzeppelin/hardhat-upgrades/dist/utils");
+/**
+ * Deploys a contract using an AccessManagedProxy. Similar to hre.upgrades.deployProxy, but using AccessManagedProxy
+ *
+ * @param {contractFactory} The contract factory of the implementation contract
+ * @param {initializeArgs} Arguments for `initialize`
+ * @param {opts} Options for hre.upgrades.deployProxy with some AccessManagedProxy additions:
+ *               - skipViewsAndPure: if true, deploys a proxy that will skip the access control for all the view and
+ *                                   pure methods
+ *               - skipMethods: list of method names that will skip the access control. Added to views and pure, if
+ *                              skipViewsAndPure is true.
+ *               - acMgr: mandatory argument that will be used for the AMP
+ * @returns {contract} Promise<Contract>
+ */
+async function deployAMPProxy(contractFactory, initializeArgs = [], opts = {}) {
+  const { acMgr, skipViewsAndPure, skipMethods } = opts;
+  if (acMgr === undefined) throw new Error("Missing required `acMgr` in opts");
+  let skipSelectors = [];
+  if (skipViewsAndPure) {
+    skipSelectors = contractFactory.interface.fragments
+      .filter(
+        (fragment) =>
+          fragment.type === "function" && (fragment.stateMutability === "pure" || fragment.stateMutability === "view")
+      )
+      .map((fragment) => fragment.selector);
+  }
+  if (skipMethods !== undefined && skipMethods.length > 0) {
+    skipSelectors.push(
+      ...skipMethods.map((method) =>
+        method.startsWith("0x") ? method : contractFactory.interface.getFunction(method).selector
+      )
+    );
+  }
+  let proxyFactory, deployFunction;
+  proxyFactory = await ethers.getContractFactory(opts.proxyClass || "AccessManagedProxy");
+  deployFunction = async (hre_, opts, factory, ...args) =>
+    ozUpgradesDeploy(hre_, opts, factory, ...args, acMgr, skipSelectors);
+  return hre.upgrades.deployProxy(contractFactory, initializeArgs, {
+    ...opts,
+    kind: "uups",
+    proxyFactory,
+    deployFunction,
+  });
+}
+async function attachAsAMP(contract, ampContractFactory = undefined) {
+  ampContractFactory = ampContractFactory || (await ethers.getContractFactory("AccessManagedProxy"));
+  return ampContractFactory.attach(contract);
+}
+async function getAccessManager(contract, ampContractFactory = undefined, accessManagerFactory = "AccessManager") {
+  const contractAsAMP = await attachAsAMP(contract, ampContractFactory);
+  return ethers.getContractAt(accessManagerFactory, await contractAsAMP.ACCESS_MANAGER());
+}
+function makeSelector(role) {
+  return ethers.keccak256(ethers.toUtf8Bytes(role)).slice(0, 10);
+}
+module.exports = {
+  deployAMPProxy,
+  attachAsAMP,
+  getAccessManager,
+  makeSelector,
+};

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@ensuro/access-managed-proxy",
   "description": "Variant of ERC-1967 proxy with built-in access control using OZ 5.x AccessManager",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "files": [
     "**/*.sol",
     "/build",

package/build/contracts/amps/AccessManagedProxyS1.sol/AccessManagedProxyS1.json DELETED Viewed

@@ -1,123 +0,0 @@
-{
-  "_format": "hh-sol-artifact-1",
-  "contractName": "AccessManagedProxyS1",
-  "sourceName": "contracts/amps/AccessManagedProxyS1.sol",
-  "abi": [
-    {
-      "inputs": [
-        {
-          "internalType": "address",
-          "name": "implementation",
-          "type": "address"
-        },
-        {
-          "internalType": "bytes",
-          "name": "_data",
-          "type": "bytes"
-        },
-        {
-          "internalType": "contract IAccessManager",
-          "name": "manager",
-          "type": "address"
-        },
-        {
-          "internalType": "bytes4[1]",
-          "name": "passThruMethods",
-          "type": "bytes4[1]"
-        }
-      ],
-      "stateMutability": "payable",
-      "type": "constructor"
-    },
-    {
-      "inputs": [
-        {
-          "internalType": "address",
-          "name": "caller",
-          "type": "address"
-        }
-      ],
-      "name": "AccessManagedUnauthorized",
-      "type": "error"
-    },
-    {
-      "inputs": [
-        {
-          "internalType": "address",
-          "name": "target",
-          "type": "address"
-        }
-      ],
-      "name": "AddressEmptyCode",
-      "type": "error"
-    },
-    {
-      "inputs": [
-        {
-          "internalType": "address",
-          "name": "implementation",
-          "type": "address"
-        }
-      ],
-      "name": "ERC1967InvalidImplementation",
-      "type": "error"
-    },
-    {
-      "inputs": [],
-      "name": "ERC1967NonPayable",
-      "type": "error"
-    },
-    {
-      "inputs": [],
-      "name": "FailedCall",
-      "type": "error"
-    },
-    {
-      "anonymous": false,
-      "inputs": [
-        {
-          "indexed": true,
-          "internalType": "address",
-          "name": "implementation",
-          "type": "address"
-        }
-      ],
-      "name": "Upgraded",
-      "type": "event"
-    },
-    {
-      "stateMutability": "payable",
-      "type": "fallback"
-    },
-    {
-      "inputs": [],
-      "name": "ACCESS_MANAGER",
-      "outputs": [
-        {
-          "internalType": "contract IAccessManager",
-          "name": "",
-          "type": "address"
-        }
-      ],
-      "stateMutability": "view",
-      "type": "function"
-    },
-    {
-      "inputs": [],
-      "name": "PASS_THRU_METHODS",
-      "outputs": [
-        {
-          "internalType": "bytes4[]",
-          "name": "methods",
-          "type": "bytes4[]"
-        }
-      ],
-      "stateMutability": "view",
-      "type": "function"
-    }
-  ],
-  "bytecode": "0x60c060405260405161081638038061081683398101604081905261002291610336565b83838382826100318282610058565b50506001600160a01b03166080525050516001600160e01b03191660a05250610413915050565b610061826100b6565b6040516001600160a01b038316907fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b905f90a28051156100aa576100a58282610131565b505050565b6100b26101a4565b5050565b806001600160a01b03163b5f036100f057604051634c9c8ce360e01b81526001600160a01b03821660048201526024015b60405180910390fd5b7f360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc80546001600160a01b0319166001600160a01b0392909216919091179055565b60605f5f846001600160a01b03168460405161014d91906103fd565b5f60405180830381855af49150503d805f8114610185576040519150601f19603f3d011682016040523d82523d5f602084013e61018a565b606091505b50909250905061019b8583836101c5565b95945050505050565b34156101c35760405163b398979f60e01b815260040160405180910390fd5b565b6060826101da576101d582610224565b61021d565b81511580156101f157506001600160a01b0384163b155b1561021a57604051639996b31560e01b81526001600160a01b03851660048201526024016100e7565b50805b9392505050565b80511561023357805160208201fd5b60405163d6bda27560e01b815260040160405180910390fd5b50565b6001600160a01b038116811461024c575f5ffd5b634e487b7160e01b5f52604160045260245ffd5b604051601f8201601f191681016001600160401b038111828210171561029f5761029f610263565b604052919050565b80516102b28161024f565b919050565b5f82601f8301126102c6575f5ffd5b604051602081016001600160401b03811182821017156102e8576102e8610263565b6040528060208401858111156102fc575f5ffd5b845b8181101561032b5780516001600160e01b03198116811461031d575f5ffd5b8352602092830192016102fe565b509195945050505050565b5f5f5f5f60808587031215610349575f5ffd5b84516103548161024f565b60208601519094506001600160401b0381111561036f575f5ffd5b8501601f8101871361037f575f5ffd5b80516001600160401b0381111561039857610398610263565b6103ab601f8201601f1916602001610277565b8181528860208385010111156103bf575f5ffd5b8160208401602083015e5f602083830101528095505050506103e3604086016102a7565b91506103f286606087016102b7565b905092959194509250565b5f82518060208501845e5f920191825250919050565b60805160a0516103d66104405f395f818160dd015261017c01525f8181606d01526101db01526103d65ff3fe608060405260043610610028575f3560e01c806314416c03146100325780633a7b7a391461005c575b6100306100a7565b005b34801561003d575f5ffd5b506100466100b9565b604051610053919061029d565b60405180910390f35b348015610067575f5ffd5b5061008f7f000000000000000000000000000000000000000000000000000000000000000081565b6040516001600160a01b039091168152602001610053565b6100b76100b261012a565b610161565b565b604080516001808252818301909252606091602080830190803683370190505090507f0000000000000000000000000000000000000000000000000000000000000000815f8151811061010e5761010e6102e9565b6001600160e01b03199092166020928302919091019091015290565b5f61015c7f360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc546001600160a01b031690565b905090565b5f61016f60048236816102fd565b61017891610324565b90507f00000000000000000000000000000000000000000000000000000000000000006001600160e01b031990811690821614806102715760405163b700961360e01b81523360048201523060248201526001600160e01b0319831660448201527f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03169063b7009613906064016040805180830381865afa158015610227573d5f5f3e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061024b919061035c565b509050806102715760405162d1953b60e31b815233600482015260240160405180910390fd5b61027a8361027f565b505050565b365f5f375f5f365f845af43d5f5f3e808015610299573d5ff35b3d5ffd5b602080825282518282018190525f918401906040840190835b818110156102de5783516001600160e01b0319168352602093840193909201916001016102b6565b509095945050505050565b634e487b7160e01b5f52603260045260245ffd5b5f5f8585111561030b575f5ffd5b83861115610317575f5ffd5b5050820193919092039150565b80356001600160e01b03198116906004841015610355576001600160e01b0319600485900360031b81901b82161691505b5092915050565b5f5f6040838503121561036d575f5ffd5b8251801515811461037c575f5ffd5b602084015190925063ffffffff81168114610395575f5ffd5b80915050925092905056fea2646970667358221220873e8348d7827c642661807395e7a3cf310474fd71de0b76f6468d17b66de4ac64736f6c634300081c0033",
-  "deployedBytecode": "0x608060405260043610610028575f3560e01c806314416c03146100325780633a7b7a391461005c575b6100306100a7565b005b34801561003d575f5ffd5b506100466100b9565b604051610053919061029d565b60405180910390f35b348015610067575f5ffd5b5061008f7f000000000000000000000000000000000000000000000000000000000000000081565b6040516001600160a01b039091168152602001610053565b6100b76100b261012a565b610161565b565b604080516001808252818301909252606091602080830190803683370190505090507f0000000000000000000000000000000000000000000000000000000000000000815f8151811061010e5761010e6102e9565b6001600160e01b03199092166020928302919091019091015290565b5f61015c7f360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc546001600160a01b031690565b905090565b5f61016f60048236816102fd565b61017891610324565b90507f00000000000000000000000000000000000000000000000000000000000000006001600160e01b031990811690821614806102715760405163b700961360e01b81523360048201523060248201526001600160e01b0319831660448201527f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03169063b7009613906064016040805180830381865afa158015610227573d5f5f3e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061024b919061035c565b509050806102715760405162d1953b60e31b815233600482015260240160405180910390fd5b61027a8361027f565b505050565b365f5f375f5f365f845af43d5f5f3e808015610299573d5ff35b3d5ffd5b602080825282518282018190525f918401906040840190835b818110156102de5783516001600160e01b0319168352602093840193909201916001016102b6565b509095945050505050565b634e487b7160e01b5f52603260045260245ffd5b5f5f8585111561030b575f5ffd5b83861115610317575f5ffd5b5050820193919092039150565b80356001600160e01b03198116906004841015610355576001600160e01b0319600485900360031b81901b82161691505b5092915050565b5f5f6040838503121561036d575f5ffd5b8251801515811461037c575f5ffd5b602084015190925063ffffffff81168114610395575f5ffd5b80915050925092905056fea2646970667358221220873e8348d7827c642661807395e7a3cf310474fd71de0b76f6468d17b66de4ac64736f6c634300081c0033",
-  "linkReferences": {},
-  "deployedLinkReferences": {}
-}