ETH Price: $3,336.04 (-1.22%)

Contract

0xfdf47b657aB5062938Ba23335b01e0F545FAF852
 

Overview

ETH Balance

0 ETH

Eth Value

$0.00

Token Holdings

Multichain Info

No addresses found
Transaction Hash
Method
Block
From
To
Claim Refund197978112024-05-04 16:03:59232 days ago1714838639IN
0xfdf47b65...545FAF852
0 ETH0.000241246.67964402
Claim Refund197978092024-05-04 16:03:35232 days ago1714838615IN
0xfdf47b65...545FAF852
0 ETH0.000229036.34153626
Claim Refund197542702024-04-28 13:59:23238 days ago1714312763IN
0xfdf47b65...545FAF852
0 ETH0.000614498.04429413
Claim Refund197520552024-04-28 6:33:47239 days ago1714286027IN
0xfdf47b65...545FAF852
0 ETH0.000413175.46205857
Claim Refund197507112024-04-28 2:03:35239 days ago1714269815IN
0xfdf47b65...545FAF852
0 ETH0.000408485.3465786
Claim Refund197503902024-04-28 0:58:11239 days ago1714265891IN
0xfdf47b65...545FAF852
0 ETH0.0007649610.11428921
Claim Refund197486352024-04-27 19:04:11239 days ago1714244651IN
0xfdf47b65...545FAF852
0 ETH0.000431185.63924001
Claim Refund197476642024-04-27 15:49:11239 days ago1714232951IN
0xfdf47b65...545FAF852
0 ETH0.000734879.62317081
Claim Refund197473162024-04-27 14:38:59239 days ago1714228739IN
0xfdf47b65...545FAF852
0 ETH0.000473276.25171643
Claim Refund197450432024-04-27 6:59:47240 days ago1714201187IN
0xfdf47b65...545FAF852
0 ETH0.000421775.52225123
Claim Refund197446532024-04-27 5:40:59240 days ago1714196459IN
0xfdf47b65...545FAF852
0 ETH0.000418615.48440439
Claim Refund197444732024-04-27 5:04:59240 days ago1714194299IN
0xfdf47b65...545FAF852
0 ETH0.000419515.49274979
Claim Refund197408622024-04-26 16:57:59240 days ago1714150679IN
0xfdf47b65...545FAF852
0 ETH0.00048946.39467775
Claim Refund197403832024-04-26 15:20:59240 days ago1714144859IN
0xfdf47b65...545FAF852
0 ETH0.0007857110.38542051
Claim Refund197395692024-04-26 12:35:59240 days ago1714134959IN
0xfdf47b65...545FAF852
0 ETH0.0007834310.25424348
Claim Refund197395312024-04-26 12:28:11240 days ago1714134491IN
0xfdf47b65...545FAF852
0 ETH0.0008018810.61419726
Claim Refund197395222024-04-26 12:26:23240 days ago1714134383IN
0xfdf47b65...545FAF852
0 ETH0.0008735511.53728658
Claim Refund197394932024-04-26 12:20:23240 days ago1714134023IN
0xfdf47b65...545FAF852
0 ETH0.000608637.97255538
Claim Refund197394792024-04-26 12:17:35240 days ago1714133855IN
0xfdf47b65...545FAF852
0 ETH0.000674068.83379334
Claim Refund197394002024-04-26 12:01:47240 days ago1714132907IN
0xfdf47b65...545FAF852
0 ETH0.000593877.76950669
Claim Refund197386162024-04-26 9:23:35241 days ago1714123415IN
0xfdf47b65...545FAF852
0 ETH0.000548857.18839385
Claim Refund197361362024-04-26 1:03:35241 days ago1714093415IN
0xfdf47b65...545FAF852
0 ETH0.000365934.84070363
Claim Refund197353932024-04-25 22:33:35241 days ago1714084415IN
0xfdf47b65...545FAF852
0 ETH0.000477556.31415701
Claim Refund197341662024-04-25 18:27:11241 days ago1714069631IN
0xfdf47b65...545FAF852
0 ETH0.0011721515.35423015
Claim Refund197336052024-04-25 16:34:47241 days ago1714062887IN
0xfdf47b65...545FAF852
0 ETH0.0017044322.3371332
View all transactions

Latest 25 internal transactions (View All)

Advanced mode:
Parent Transaction Hash Block
From
To
199167592024-05-21 7:21:23216 days ago1716276083
0xfdf47b65...545FAF852
113.1 ETH
197542702024-04-28 13:59:23238 days ago1714312763
0xfdf47b65...545FAF852
0.1 ETH
197520552024-04-28 6:33:47239 days ago1714286027
0xfdf47b65...545FAF852
0.25 ETH
197507112024-04-28 2:03:35239 days ago1714269815
0xfdf47b65...545FAF852
0.25 ETH
197503902024-04-28 0:58:11239 days ago1714265891
0xfdf47b65...545FAF852
0.15 ETH
197486352024-04-27 19:04:11239 days ago1714244651
0xfdf47b65...545FAF852
0.05 ETH
197476642024-04-27 15:49:11239 days ago1714232951
0xfdf47b65...545FAF852
0.6 ETH
197473162024-04-27 14:38:59239 days ago1714228739
0xfdf47b65...545FAF852
0.05 ETH
197450432024-04-27 6:59:47240 days ago1714201187
0xfdf47b65...545FAF852
0.15 ETH
197446532024-04-27 5:40:59240 days ago1714196459
0xfdf47b65...545FAF852
0.3 ETH
197444732024-04-27 5:04:59240 days ago1714194299
0xfdf47b65...545FAF852
0.1 ETH
197408622024-04-26 16:57:59240 days ago1714150679
0xfdf47b65...545FAF852
0.45 ETH
197403832024-04-26 15:20:59240 days ago1714144859
0xfdf47b65...545FAF852
0.05 ETH
197395692024-04-26 12:35:59240 days ago1714134959
0xfdf47b65...545FAF852
0.05 ETH
197395312024-04-26 12:28:11240 days ago1714134491
0xfdf47b65...545FAF852
0.1 ETH
197395222024-04-26 12:26:23240 days ago1714134383
0xfdf47b65...545FAF852
0.55 ETH
197394932024-04-26 12:20:23240 days ago1714134023
0xfdf47b65...545FAF852
0.05 ETH
197394792024-04-26 12:17:35240 days ago1714133855
0xfdf47b65...545FAF852
0.05 ETH
197394002024-04-26 12:01:47240 days ago1714132907
0xfdf47b65...545FAF852
0.05 ETH
197386162024-04-26 9:23:35241 days ago1714123415
0xfdf47b65...545FAF852
0.2 ETH
197361362024-04-26 1:03:35241 days ago1714093415
0xfdf47b65...545FAF852
0.05 ETH
197353932024-04-25 22:33:35241 days ago1714084415
0xfdf47b65...545FAF852
0.05 ETH
197341662024-04-25 18:27:11241 days ago1714069631
0xfdf47b65...545FAF852
0.05 ETH
197336052024-04-25 16:34:47241 days ago1714062887
0xfdf47b65...545FAF852
0.3 ETH
197331072024-04-25 14:54:35241 days ago1714056875
0xfdf47b65...545FAF852
0.35 ETH
View All Internal Transactions
Loading...
Loading

Contract Source Code Verified (Exact Match)

Contract Name:
Refunds

Compiler Version
v0.8.24+commit.e11b9ed9

Optimization Enabled:
Yes with 10000000 runs

Other Settings:
paris EvmVersion
File 1 of 17 : Refunds.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.24;

import {ReentrancyGuard} from "lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol";
import {Ownable2Step, Ownable} from "lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol";
import {MerkleProof} from "lib/openzeppelin-contracts/contracts/utils/cryptography/MerkleProof.sol";
import {Presale} from "src/Presale.sol";

/// @title Refunds
/// @notice Refund unallocated funds to users
/// @author karooolis
contract Refunds is Ownable2Step, ReentrancyGuard {
    /*==============================================================
                      CONSTANTS & IMMUTABLES
    ==============================================================*/

    /// @notice The presale contract address
    Presale public immutable presale;

    /*==============================================================
                       STORAGE VARIABLES
    ==============================================================*/

    /// @notice Did the address already get refunded
    mapping(address => bool) public refunded;

    /// @notice When refunds started
    uint256 public refundsStartedAt;

    /*==============================================================
                            FUNCTIONS
    ==============================================================*/

    /// @notice Refunds contract constructor
    /// @param _initialOwner The initial owner of the contract
    /// @param _presale The presale contract address
    constructor(address _initialOwner, address _presale) payable Ownable(_initialOwner) {
        presale = Presale(_presale);
    }

    /// @notice Claim refund from Open phase allocations
    /// @param _proof The merkle proof
    /// @param _ethAmount The Open phase allocation (ETH)
    /// @param _tokensAmount The Open phase allocation (tokens)
    function claimRefund(bytes32[] calldata _proof, uint256 _ethAmount, uint256 _tokensAmount) external nonReentrant {
        if (refundsStartedAt == 0) {
            revert RefundsNotStarted();
        } else if (block.timestamp > refundsStartedAt + 30 days) {
            revert RefundsEnded();
        } else if (refunded[msg.sender]) {
            revert AlreadyRefunded(msg.sender);
        }

        _verifyOpenTierAllocation(_proof, _ethAmount, _tokensAmount);

        uint256 refundable = _refundableAmount(_ethAmount);
        if (refundable == 0) {
            revert NothingToRefund(msg.sender);
        }

        // update refunds
        refunded[msg.sender] = true;

        // transfer
        (bool success,) = msg.sender.call{value: refundable}("");
        if (!success) {
            revert TransferFailed(msg.sender, refundable);
        }

        emit Refunded(msg.sender, refundable);
    }

    /// @notice Get the refundable amount
    /// @param _proof The merkle proof
    /// @param _ethAmount The Open phase allocation (ETH)
    /// @param _tokensAmount The Open phase allocation (tokens)
    function refundableAmount(bytes32[] calldata _proof, uint256 _ethAmount, uint256 _tokensAmount)
        external
        view
        returns (uint256)
    {
        _verifyOpenTierAllocation(_proof, _ethAmount, _tokensAmount);
        return _refundableAmount(_ethAmount);
    }

    /*==============================================================
                       ADMIN FUNCTIONS
    ==============================================================*/

    /// @notice Start refunds
    function startRefunds() external onlyOwner {
        if (refundsStartedAt != 0) {
            revert RefundsAlreadyStarted();
        }

        refundsStartedAt = block.timestamp;
        emit RefundsStarted();
    }

    /// @notice Withdraw remaining funds back to owner
    function withdraw() external onlyOwner {
        if (refundsStartedAt == 0 || block.timestamp <= refundsStartedAt + 30 days) {
            revert RefundsNotEnded();
        }

        uint256 balance = address(this).balance;
        (bool success,) = owner().call{value: balance}("");
        if (!success) {
            revert TransferFailed(owner(), balance);
        }

        emit RefundsWithdrawn(balance);
    }

    receive() external payable {}

    /*==============================================================
                       INTERNAL FUNCTIONS
    ==============================================================*/

    /// @notice Verify the merkle proof
    /// @param _proof The merkle proof
    /// @param _ethAmount The amount to verify
    /// @param _tokensAmount The amount to verify
    function _verifyOpenTierAllocation(bytes32[] calldata _proof, uint256 _ethAmount, uint256 _tokensAmount)
        internal
        view
    {
        bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(msg.sender, _ethAmount, _tokensAmount))));
        bytes32 root = presale.openPhaseAllocationsMerkleRoot();
        if (!MerkleProof.verify(_proof, root, leaf)) {
            revert InvalidOpenTierAllocationsMerkleProof();
        }
    }

    /// @notice Get the refundable amount
    /// @param _allocation The Open phase allocation
    function _refundableAmount(uint256 _allocation) internal view returns (uint256) {
        uint256 contributed = presale.openPhaseContributed(msg.sender);
        if (_allocation >= contributed) {
            return 0;
        }
        return contributed - _allocation;
    }

    /*==============================================================
                            EVENTS
    ==============================================================*/

    /// @notice Emitted when refunds started
    event RefundsStarted();

    /// @notice Emitted when a refund is claimed
    /// @param recipient The address of the recipient
    /// @param amount The amount of funds refunded
    event Refunded(address indexed recipient, uint256 indexed amount);

    /// @notice Emitted when funds are withdrawn
    /// @param amount The amount of funds withdrawn
    event RefundsWithdrawn(uint256 indexed amount);

    /*==============================================================
                            ERRORS
    ==============================================================*/

    /// @notice Error when transfer failed
    /// @param recipient The address of the recipient
    /// @param amount The amount of funds to transfer
    error TransferFailed(address recipient, uint256 amount);

    /// @notice Error when refunds not started
    error RefundsNotStarted();

    /// @notice Error when refunds already started
    error RefundsAlreadyStarted();

    /// @notice Error when refunds ended
    error RefundsEnded();

    /// @notice Error when refunds not ended
    error RefundsNotEnded();

    /// @notice Error when already refunded
    /// @param recipient The address of the recipient
    error AlreadyRefunded(address recipient);

    /// @notice Error when nothing to refund
    /// @param recipient The address of the recipient
    error NothingToRefund(address recipient);

    /// @notice Revert if the merkle proof for Open phase allocations is invalid
    error InvalidOpenTierAllocationsMerkleProof();
}

File 2 of 17 : ReentrancyGuard.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)

pragma solidity ^0.8.20;

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuard {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant NOT_ENTERED = 1;
    uint256 private constant ENTERED = 2;

    uint256 private _status;

    /**
     * @dev Unauthorized reentrant call.
     */
    error ReentrancyGuardReentrantCall();

    constructor() {
        _status = NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        // On the first call to nonReentrant, _status will be NOT_ENTERED
        if (_status == ENTERED) {
            revert ReentrancyGuardReentrantCall();
        }

        // Any calls to nonReentrant after this point will fail
        _status = ENTERED;
    }

    function _nonReentrantAfter() private {
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        _status = NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        return _status == ENTERED;
    }
}

File 3 of 17 : Ownable2Step.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable2Step.sol)

pragma solidity ^0.8.20;

import {Ownable} from "./Ownable.sol";

/**
 * @dev Contract module which provides access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is specified at deployment time in the constructor for `Ownable`. This
 * can later be changed with {transferOwnership} and {acceptOwnership}.
 *
 * This module is used through inheritance. It will make available all functions
 * from parent (Ownable).
 */
abstract contract Ownable2Step is Ownable {
    address private _pendingOwner;

    event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Returns the address of the pending owner.
     */
    function pendingOwner() public view virtual returns (address) {
        return _pendingOwner;
    }

    /**
     * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual override onlyOwner {
        _pendingOwner = newOwner;
        emit OwnershipTransferStarted(owner(), newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual override {
        delete _pendingOwner;
        super._transferOwnership(newOwner);
    }

    /**
     * @dev The new owner accepts the ownership transfer.
     */
    function acceptOwnership() public virtual {
        address sender = _msgSender();
        if (pendingOwner() != sender) {
            revert OwnableUnauthorizedAccount(sender);
        }
        _transferOwnership(sender);
    }
}

File 4 of 17 : MerkleProof.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MerkleProof.sol)

pragma solidity ^0.8.20;

/**
 * @dev These functions deal with verification of Merkle Tree proofs.
 *
 * The tree and the proofs can be generated using our
 * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].
 * You will find a quickstart guide in the readme.
 *
 * WARNING: You should avoid using leaf values that are 64 bytes long prior to
 * hashing, or use a hash function other than keccak256 for hashing leaves.
 * This is because the concatenation of a sorted pair of internal nodes in
 * the Merkle tree could be reinterpreted as a leaf value.
 * OpenZeppelin's JavaScript library generates Merkle trees that are safe
 * against this attack out of the box.
 */
library MerkleProof {
    /**
     *@dev The multiproof provided is not valid.
     */
    error MerkleProofInvalidMultiproof();

    /**
     * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
     * defined by `root`. For this, a `proof` must be provided, containing
     * sibling hashes on the branch from the leaf to the root of the tree. Each
     * pair of leaves and each pair of pre-images are assumed to be sorted.
     */
    function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
        return processProof(proof, leaf) == root;
    }

    /**
     * @dev Calldata version of {verify}
     */
    function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
        return processProofCalldata(proof, leaf) == root;
    }

    /**
     * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
     * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
     * hash matches the root of the tree. When processing the proof, the pairs
     * of leafs & pre-images are assumed to be sorted.
     */
    function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {
        bytes32 computedHash = leaf;
        for (uint256 i = 0; i < proof.length; i++) {
            computedHash = _hashPair(computedHash, proof[i]);
        }
        return computedHash;
    }

    /**
     * @dev Calldata version of {processProof}
     */
    function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {
        bytes32 computedHash = leaf;
        for (uint256 i = 0; i < proof.length; i++) {
            computedHash = _hashPair(computedHash, proof[i]);
        }
        return computedHash;
    }

    /**
     * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree defined by
     * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
     *
     * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
     */
    function multiProofVerify(
        bytes32[] memory proof,
        bool[] memory proofFlags,
        bytes32 root,
        bytes32[] memory leaves
    ) internal pure returns (bool) {
        return processMultiProof(proof, proofFlags, leaves) == root;
    }

    /**
     * @dev Calldata version of {multiProofVerify}
     *
     * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
     */
    function multiProofVerifyCalldata(
        bytes32[] calldata proof,
        bool[] calldata proofFlags,
        bytes32 root,
        bytes32[] memory leaves
    ) internal pure returns (bool) {
        return processMultiProofCalldata(proof, proofFlags, leaves) == root;
    }

    /**
     * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction
     * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another
     * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false
     * respectively.
     *
     * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree
     * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the
     * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).
     */
    function processMultiProof(
        bytes32[] memory proof,
        bool[] memory proofFlags,
        bytes32[] memory leaves
    ) internal pure returns (bytes32 merkleRoot) {
        // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
        // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
        // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
        // the Merkle tree.
        uint256 leavesLen = leaves.length;
        uint256 proofLen = proof.length;
        uint256 totalHashes = proofFlags.length;

        // Check proof validity.
        if (leavesLen + proofLen != totalHashes + 1) {
            revert MerkleProofInvalidMultiproof();
        }

        // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
        // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
        bytes32[] memory hashes = new bytes32[](totalHashes);
        uint256 leafPos = 0;
        uint256 hashPos = 0;
        uint256 proofPos = 0;
        // At each step, we compute the next hash using two values:
        // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
        //   get the next hash.
        // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
        //   `proof` array.
        for (uint256 i = 0; i < totalHashes; i++) {
            bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
            bytes32 b = proofFlags[i]
                ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
                : proof[proofPos++];
            hashes[i] = _hashPair(a, b);
        }

        if (totalHashes > 0) {
            if (proofPos != proofLen) {
                revert MerkleProofInvalidMultiproof();
            }
            unchecked {
                return hashes[totalHashes - 1];
            }
        } else if (leavesLen > 0) {
            return leaves[0];
        } else {
            return proof[0];
        }
    }

    /**
     * @dev Calldata version of {processMultiProof}.
     *
     * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
     */
    function processMultiProofCalldata(
        bytes32[] calldata proof,
        bool[] calldata proofFlags,
        bytes32[] memory leaves
    ) internal pure returns (bytes32 merkleRoot) {
        // This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
        // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
        // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
        // the Merkle tree.
        uint256 leavesLen = leaves.length;
        uint256 proofLen = proof.length;
        uint256 totalHashes = proofFlags.length;

        // Check proof validity.
        if (leavesLen + proofLen != totalHashes + 1) {
            revert MerkleProofInvalidMultiproof();
        }

        // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
        // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
        bytes32[] memory hashes = new bytes32[](totalHashes);
        uint256 leafPos = 0;
        uint256 hashPos = 0;
        uint256 proofPos = 0;
        // At each step, we compute the next hash using two values:
        // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
        //   get the next hash.
        // - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
        //   `proof` array.
        for (uint256 i = 0; i < totalHashes; i++) {
            bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
            bytes32 b = proofFlags[i]
                ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
                : proof[proofPos++];
            hashes[i] = _hashPair(a, b);
        }

        if (totalHashes > 0) {
            if (proofPos != proofLen) {
                revert MerkleProofInvalidMultiproof();
            }
            unchecked {
                return hashes[totalHashes - 1];
            }
        } else if (leavesLen > 0) {
            return leaves[0];
        } else {
            return proof[0];
        }
    }

    /**
     * @dev Sorts the pair (a, b) and hashes the result.
     */
    function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {
        return a < b ? _efficientHash(a, b) : _efficientHash(b, a);
    }

    /**
     * @dev Implementation of keccak256(abi.encode(a, b)) that doesn't allocate or expand memory.
     */
    function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x00, a)
            mstore(0x20, b)
            value := keccak256(0x00, 0x40)
        }
    }
}

File 5 of 17 : Presale.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.24;

import {MerkleProof} from "lib/openzeppelin-contracts/contracts/utils/cryptography/MerkleProof.sol";
import {ECDSA} from "lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol";
import {MessageHashUtils} from "lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol";
import {IERC721} from "lib/openzeppelin-contracts/contracts/token/ERC721/IERC721.sol";
import {ReentrancyGuard} from "lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol";
import {Ownable2Step, Ownable} from "lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol";
import {Pausable} from "lib/openzeppelin-contracts/contracts/utils/Pausable.sol";
import {IDelegationRegistry} from "src/lib/IDelegationRegistry.sol";
import {IDelegateRegistry} from "lib/delegate-registry/src/IDelegateRegistry.sol";

/// @title Presale
/// @notice Block Games presale contract
/// @author karooolis
contract Presale is Ownable2Step, Pausable, ReentrancyGuard {
    /*==============================================================
                      CONSTANTS & IMMUTABLES
    ==============================================================*/

    /// @notice Event emitted when the merkle root for the allowed wallets is set
    bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(uint256 chainId,address verifyingContract)");

    /// @notice Event emitted when the merkle root for the allowed wallets is set
    bytes32 public immutable cachedDomainSeparator;

    /// @notice Chain ID of the contract
    uint256 public immutable cachedChainId;

    // @notice Address of the contract
    address public immutable cachedThis;

    /// @notice Address of the Dice NFT
    address public immutable diceNFT;

    /// @notice Address of the wallet that will receive the funds
    address public immutable treasury;

    /// @notice Address of the delegate registry v1
    IDelegationRegistry public immutable delegateRegistryV1;

    /// @notice Address of the delegate registry v2
    IDelegateRegistry public immutable delegateRegistryV2;

    /*==============================================================
                            STRUCTS
    ==============================================================*/

    struct BuyWithDiceNFTParams {
        bytes32[] proof;
        uint256 tokenId;
        uint256 amount;
        uint256 maxAmount;
    }

    struct BuyWithAllowedNFTParams {
        bytes32[] proof;
        address collection;
        uint256 tokenId;
        uint256 amount;
        uint256 maxAmount;
    }

    struct AllowedWalletParams {
        bytes32[] proof;
        uint256 amount;
        uint256 maxAmount;
    }

    /*==============================================================
                       STORAGE VARIABLES
    ==============================================================*/

    enum Phase {
        Guaranteed,
        Lucky,
        Open
    }

    /// @notice Merkle root for the allowed wallets, and their caps (wallet + ETH amount)
    bytes32 public allowedWalletsMerkleRoot;

    /// @notice Merkle root for the Dice NFTs, and their caps (tokenId + ETH amount)
    bytes32 public diceNFTsMerkleRoot;

    /// @notice Merkle root for the allowed NFT collections, and their caps (collection + ETH amount)
    bytes32 public allowedNFTsMerkleRoot;

    /// @notice Merkle root for Open phase alocations (wallet + ETH amount + tokens amount)
    bytes32 public openPhaseAllocationsMerkleRoot;

    /// @notice Merkle root for Dice NFT eligible tokens (tokenId + tokens amount)
    bytes32 public diceNFTsTokensEligibleMerkleRoot;

    /// @notice Guaranteed allocation (ETH)
    uint256 public guaranteedAllocation;

    /// @notice Lucky allocation for each Lucky Tier 1 (ETH)
    uint256 public luckyAllocationTier1;

    /// @notice Lucky allocation for each Lucky Tier 2 (ETH)
    uint256 public luckyAllocationTier2;

    /// @notice Lucky allocation for each Lucky Tier 3 (ETH)
    uint256 public luckyAllocationTier3;

    /// @notice Signer of lucky signatures
    address public luckySigner;

    /// @notice Guaranteed phase start
    uint256 public guaranteedStart;

    /// @notice Guaranteed phase end
    uint256 public guaranteedEnd;

    /// @notice Lucky phase start
    uint256 public luckyStart;

    /// @notice Lucky phase end
    uint256 public luckyEnd;

    /// @notice Open phase start
    uint256 public openStart;

    /// @notice Open phase end
    uint256 public openEnd;

    /// @notice Wallet cap for the Open phase
    uint256 public openPhaseWalletCap;

    /// @notice Contribution step for the Open phase
    uint256 public openPhaseContributionStep;

    /// @notice Guaranteed phase exchange rate
    uint256 public guaranteedExchangeRate;

    /// @notice Lucky phase Tier 1 exchange rate
    uint256 public luckyExchangeRate1;

    /// @notice Lucky phase Tier 2 exchange rate
    uint256 public luckyExchangeRate2;

    /// @notice Lucky phase Tier 3 exchange rate
    uint256 public luckyExchangeRate3;

    /// @notice Guaranteed phase raised ETH
    uint256 public guaranteedRaisedETH;

    /// @notice Lucky phase raised ETH
    uint256 public luckyRaisedETH;

    /// @notice Open phase raised ETH
    uint256 public openRaisedETH;

    /// @notice Contributed ETH in allowed NFTs (tokenId => amount)
    mapping(uint256 => uint256) public diceNFTContributed;

    /// @notice Contributed in allowed wallets (wallet => amount)
    mapping(address => uint256) public allowedWalletContributed;

    /// @notice Contributed in allowed NFTs (collection => (tokenId => amount)
    mapping(address => mapping(uint256 => uint256)) public allowedNFTContributed;

    /// @notice Contributed in Lucky phase (wallet => amount)
    mapping(address => uint256) public luckyPhaseContributed;

    /// @notice Contributed in Lucky phase with signature (signature => amount)
    mapping(bytes => uint256) public raffleTicketContributed;

    /// @notice Contributed in Open phase (wallet => amount)
    mapping(address => uint256) public openPhaseContributed;

    /// @notice Tokens vestable after contribution (wallet => amount)
    mapping(address => uint256) public tokensEligible;

    /*==============================================================
                            MODIFIERS
    ==============================================================*/

    /// @notice Modifier to check if the phase is active
    /// @param _phase The phase to check
    modifier phaseGuard(Phase _phase) {
        bool isPhaseActive = isPhaseActive(_phase);
        if (!isPhaseActive) {
            revert PhaseNotActive(_phase);
        }
        _;
    }

    /// @notice Check if the presale has not started
    modifier onlyBeforePresale() {
        if (
            (guaranteedStart != 0 && block.timestamp > guaranteedStart)
                || (luckyStart != 0 && block.timestamp > luckyStart) || (openStart != 0 && block.timestamp > openStart)
        ) {
            revert OnlyBeforePresale();
        }
        _;
    }

    /// @notice Check if the presale has ended
    modifier onlyAfterPresale() {
        if (
            (guaranteedEnd != 0 && block.timestamp < guaranteedEnd) || (luckyEnd != 0 && block.timestamp < luckyEnd)
                || (openEnd != 0 && block.timestamp < openEnd)
        ) {
            revert OnlyAfterPresale();
        }
        _;
    }

    /*==============================================================
                            FUNCTIONS
    ==============================================================*/

    /// @param _diceNFT Address of the Dice NFT
    /// @param _treasury Address of the wallet that will receive the funds
    /// @param _initialOwner Address of the initial owner
    /// @param _delegateRegistryV1 Address of the delegate registry v1
    /// @param _delegateRegistryV2 Address of the delegate registry v2
    constructor(
        address _diceNFT,
        address _treasury,
        address _initialOwner,
        address _delegateRegistryV1,
        address _delegateRegistryV2
    ) Ownable(_initialOwner) {
        diceNFT = _diceNFT;
        treasury = _treasury;
        delegateRegistryV1 = IDelegationRegistry(_delegateRegistryV1);
        delegateRegistryV2 = IDelegateRegistry(_delegateRegistryV2);

        // Domain separator for EIP-712
        cachedChainId = block.chainid;
        cachedDomainSeparator = _constructDomainSeparator();
        cachedThis = address(this);
    }

    /// @notice Buy tokens with Dice NFTs
    /// @dev This function allows users to buy tokens with Dice NFTs during the guaranteed phase
    /// @param _params Array of BuyWithDiceNFTParams
    function buyWithDiceNFTs(BuyWithDiceNFTParams[] calldata _params) public payable {
        uint256 ethContributed;
        for (uint256 i = 0; i < _params.length; i++) {
            _buyWithDiceNFT(_params[i].amount, _params[i].proof, _params[i].tokenId, _params[i].maxAmount);
            ethContributed += _params[i].amount;
        }

        if (ethContributed != msg.value) {
            revert ContributionAmountMismatch();
        }
    }

    /// @notice Buy tokens with a Dice NFT
    /// @dev This function allows users to buy tokens with a Dice NFT during the guaranteed phase
    /// @param _proof Merkle proof
    /// @param _tokenId ID of the NFT
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    function buyWithDiceNFT(bytes32[] calldata _proof, uint256 _tokenId, uint256 _maxAmount) external payable {
        _buyWithDiceNFT(msg.value, _proof, _tokenId, _maxAmount);
    }

    /// @notice Buy tokens with an allowlisted wallet
    /// @dev This function relies on the merkle proof to verify the caller's eligibility
    /// @param _proof Merkle proof
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    function buyWithAllowedWallet(bytes32[] calldata _proof, uint256 _maxAmount) external payable {
        _buyWithAllowedWallet(msg.value, _proof, _maxAmount);
    }

    /// @notice Buy tokens with an allowlisted wallet
    /// @param _params AllowedWalletParams
    function buyWithAllowedNFTs(BuyWithAllowedNFTParams[] calldata _params) external payable {
        uint256 ethContributed;
        for (uint256 i = 0; i < _params.length; i++) {
            _buyWithAllowedNFT(
                _params[i].amount, _params[i].proof, _params[i].collection, _params[i].tokenId, _params[i].maxAmount
            );
            ethContributed += _params[i].amount;
        }

        if (ethContributed != msg.value) {
            revert ContributionAmountMismatch();
        }
    }

    /// @notice Buy tokens with an allowlisted NFT
    /// @dev This function allows users to buy tokens with an allowlisted NFT
    /// @param _proof Merkle proof
    /// @param _collection Address of the NFT collection
    /// @param _tokenId ID of the NFT
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    function buyWithAllowedNFT(bytes32[] calldata _proof, address _collection, uint256 _tokenId, uint256 _maxAmount)
        external
        payable
    {
        _buyWithAllowedNFT(msg.value, _proof, _collection, _tokenId, _maxAmount);
    }

    /// @notice Buy tokens in the Lucky phase
    /// @dev This function uses a signature to verify the maximum investment amount
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    /// @param _signature Signature of the maximum amount and the sender's address
    function buyLuckyTier(uint256 _maxAmount, bytes calldata _signature) external payable {
        _buyLuckyTier(msg.value, _maxAmount, _signature);
    }

    /// @notice Buy tokens in the Open phase
    function buyOpenPhase() external payable {
        _buyOpenPhase(msg.value);
    }

    /// @notice Buy tokens in all phases
    /// @param _diceNFTParams Array of BuyWithDiceNFTParams
    /// @param _allowedNFTParams Array of BuyWithAllowedNFTParams
    /// @param _allowedWalletParams AllowedWalletParams
    /// @param _luckyPhaseSignature Signature of the maximum amount and the sender's address
    /// @param _luckyPhaseAmount Amount of ETH to contribute in the lucky phase
    /// @param _luckyPhaseMaxAmount Maximum amount of ETH that can be contributed in the lucky phase
    /// @param _openPhaseAmount Amount of ETH to contribute in the open phase
    function buyAllPhases(
        BuyWithDiceNFTParams[] calldata _diceNFTParams,
        BuyWithAllowedNFTParams[] calldata _allowedNFTParams,
        AllowedWalletParams calldata _allowedWalletParams,
        bytes calldata _luckyPhaseSignature,
        uint256 _luckyPhaseAmount,
        uint256 _luckyPhaseMaxAmount,
        uint256 _openPhaseAmount
    ) external payable {
        uint256 ethContributed;

        uint256 diceNFTParamsLength = _diceNFTParams.length;
        for (uint256 i = 0; i < diceNFTParamsLength; i++) {
            BuyWithDiceNFTParams memory param = _diceNFTParams[i];
            _buyWithDiceNFT(param.amount, _diceNFTParams[i].proof, param.tokenId, param.maxAmount);
            ethContributed += param.amount;
        }

        uint256 allowedNFTParamsLength = _allowedNFTParams.length;
        for (uint256 i = 0; i < allowedNFTParamsLength; i++) {
            BuyWithAllowedNFTParams memory param = _allowedNFTParams[i];
            _buyWithAllowedNFT(
                param.amount, _allowedNFTParams[i].proof, param.collection, param.tokenId, param.maxAmount
            );
            ethContributed += param.amount;
        }

        if (_allowedWalletParams.proof.length > 0) {
            _buyWithAllowedWallet(
                _allowedWalletParams.amount, _allowedWalletParams.proof, _allowedWalletParams.maxAmount
            );
            ethContributed += _allowedWalletParams.amount;
        }

        if (_luckyPhaseSignature.length > 0) {
            _buyLuckyTier(_luckyPhaseAmount, _luckyPhaseMaxAmount, _luckyPhaseSignature);
            ethContributed += _luckyPhaseAmount;
        }

        if (_openPhaseAmount > 0) {
            _buyOpenPhase(_openPhaseAmount);
            ethContributed += _openPhaseAmount;
        }

        if (ethContributed != msg.value) {
            revert ContributionAmountMismatch();
        }
    }

    /*==============================================================
                            VIEW FUNCTIONS
    ==============================================================*/

    /// @notice Calculate the amount of tokens for a given amount and phase
    /// @param _amount Amount of ETH to calculate tokens for
    /// @param _phase Phase to calculate tokens for
    function calculateTokens(uint256 _amount, Phase _phase) public view returns (uint256 tokens) {
        if (_phase == Phase.Guaranteed) {
            tokens = _amount * guaranteedExchangeRate;
        } else {
            uint256 remainingETH = _amount;
            uint256 luckyRaisedETH_ = luckyRaisedETH;
            uint256 tier1Space = luckyAllocationTier1 > luckyRaisedETH_ ? luckyAllocationTier1 - luckyRaisedETH_ : 0;

            if (tier1Space > 0) {
                uint256 tier1ETH = remainingETH > tier1Space ? tier1Space : remainingETH;
                tokens = tier1ETH * luckyExchangeRate1;
                remainingETH -= tier1ETH;
                luckyRaisedETH_ += tier1Space;
            }

            if (remainingETH > 0) {
                uint256 tier2Space = luckyAllocationTier1 + luckyAllocationTier2 > luckyRaisedETH_
                    ? luckyAllocationTier1 + luckyAllocationTier2 - luckyRaisedETH_
                    : 0;

                if (tier2Space > 0) {
                    uint256 tier2ETH = remainingETH > tier2Space ? tier2Space : remainingETH;
                    tokens += tier2ETH * luckyExchangeRate2;
                    remainingETH -= tier2ETH;
                }
            }

            if (remainingETH > 0) {
                tokens += remainingETH * luckyExchangeRate3;
            }
        }
    }

    /// @notice Check if a phase is active
    /// @param _phase Phase to check
    /// @return bool
    function isPhaseActive(Phase _phase) public view returns (bool) {
        if (_phase == Phase.Guaranteed) {
            if (
                guaranteedRaisedETH > guaranteedAllocation
                    || (block.timestamp < guaranteedStart || block.timestamp > guaranteedEnd)
            ) {
                return false;
            }
        } else if (_phase == Phase.Lucky) {
            if (
                luckyRaisedETH > luckyAllocationTier1 + luckyAllocationTier2 + luckyAllocationTier3
                    || (block.timestamp < luckyStart || block.timestamp > luckyEnd)
            ) {
                return false;
            }
        } else if (_phase == Phase.Open) {
            if (block.timestamp < openStart || block.timestamp > openEnd) {
                return false;
            }
        }

        return true;
    }

    /*==============================================================
                       ADMIN FUNCTIONS
    ==============================================================*/

    /// @notice Set the merkle root for the allowed wallets
    /// @param _allowedWalletsMerkleRoot Merkle root for the allowed wallets
    function setAllowedWalletsMerkleRoot(bytes32 _allowedWalletsMerkleRoot) external onlyOwner onlyBeforePresale {
        allowedWalletsMerkleRoot = _allowedWalletsMerkleRoot;
        emit AllowedWalletsMerkleRootSet(_allowedWalletsMerkleRoot);
    }

    /// @notice Set the merkle root for the Dice NFTs
    /// @param _diceNFTsMerkleRoot Merkle root for the Dice NFTs
    function setDiceNFTsMerkleRoot(bytes32 _diceNFTsMerkleRoot) external onlyOwner onlyBeforePresale {
        diceNFTsMerkleRoot = _diceNFTsMerkleRoot;
        emit DiceNFTsMerkleRootSet(_diceNFTsMerkleRoot);
    }

    /// @notice Set the merkle root for the allowed NFTs
    /// @param _allowedNFTsMerkleRoot Merkle root for the allowed NFTs
    function setAllowedNFTsMerkleRoot(bytes32 _allowedNFTsMerkleRoot) external onlyOwner onlyBeforePresale {
        allowedNFTsMerkleRoot = _allowedNFTsMerkleRoot;
        emit AllowedNFTsMerkleRootSet(_allowedNFTsMerkleRoot);
    }

    /// @notice Set the merkle root for the Open phase allocations
    /// @param _openPhaseAllocationsMerkleRoot Merkle root for the Open phase allocations
    function setOpenPhaseAllocationsMerkleRoot(bytes32 _openPhaseAllocationsMerkleRoot)
        external
        onlyOwner
        onlyAfterPresale
    {
        openPhaseAllocationsMerkleRoot = _openPhaseAllocationsMerkleRoot;
        emit OpenPhaseAllocationsMerkleRootSet(_openPhaseAllocationsMerkleRoot);
    }

    /// @notice Sets the merkle root for the Dice NFTs tokens eligible
    /// @param _diceNFTsTokensEligibleMerkleRoot Merkle root for the Dice NFTs tokens eligible
    function setDiceNFTsTokensEligibleMerkleRoot(bytes32 _diceNFTsTokensEligibleMerkleRoot)
        external
        onlyOwner
        onlyAfterPresale
    {
        diceNFTsTokensEligibleMerkleRoot = _diceNFTsTokensEligibleMerkleRoot;
        emit DiceNFTsTokensEligibleMerkleRootSet(_diceNFTsTokensEligibleMerkleRoot);
    }

    /// @notice Set guaranteed phase start, end and allocation
    /// @param _guaranteedStart Start time of the guaranteed phase
    /// @param _guaranteedEnd End time of the guaranteed phase
    /// @param _guaranteedAllocation Allocation for the guaranteed phase
    function setGuaranteedPhase(uint256 _guaranteedStart, uint256 _guaranteedEnd, uint256 _guaranteedAllocation)
        external
        onlyOwner
        onlyBeforePresale
    {
        guaranteedStart = _guaranteedStart;
        guaranteedEnd = _guaranteedEnd;
        guaranteedAllocation = _guaranteedAllocation;

        emit GuaranteedPhaseSet(guaranteedStart, guaranteedEnd, guaranteedAllocation);
    }

    /// @notice Set Lucky phase start, end, allocations per tier, and wallet cap
    /// @param _luckyStart Start time of the Lucky phase
    /// @param _luckyEnd End time of the Lucky phase
    /// @param _luckyAllocationTier1 Allocation for the first lucky tier1
    /// @param _luckyAllocationTier2 Allocation for the second lucky tier2
    /// @param _luckyAllocationTier3 Allocation for the third lucky tier3
    /// @param _luckySigner Signer of lucky signatures
    function setLuckyPhase(
        uint256 _luckyStart,
        uint256 _luckyEnd,
        uint256 _luckyAllocationTier1,
        uint256 _luckyAllocationTier2,
        uint256 _luckyAllocationTier3,
        address _luckySigner
    ) external onlyOwner onlyBeforePresale {
        luckyStart = _luckyStart;
        luckyEnd = _luckyEnd;
        luckyAllocationTier1 = _luckyAllocationTier1;
        luckyAllocationTier2 = _luckyAllocationTier2;
        luckyAllocationTier3 = _luckyAllocationTier3;
        luckySigner = _luckySigner;

        emit LuckyPhaseSet(
            _luckyStart, _luckyEnd, _luckyAllocationTier1, _luckyAllocationTier2, _luckyAllocationTier3, _luckySigner
        );
    }

    /// @notice Set Open phase start, end and allocation
    /// @param _openStart Start time of the open phase
    /// @param _openEnd End time of the open phase
    function setOpenPhase(
        uint256 _openStart,
        uint256 _openEnd,
        uint256 _openPhaseWalletCap,
        uint256 _openPhaseContributionStep
    ) external onlyOwner onlyBeforePresale {
        openStart = _openStart;
        openEnd = _openEnd;
        openPhaseWalletCap = _openPhaseWalletCap;
        openPhaseContributionStep = _openPhaseContributionStep;

        emit OpenPhaseSet(_openStart, _openEnd, _openPhaseWalletCap, _openPhaseContributionStep);
    }

    /// @notice Set the exchange rates for each phase
    /// @param _guaranteedExchangeRate Exchange rate for the guaranteed phase
    /// @param _luckyExchangeRate1 Exchange rate for the first lucky phase
    /// @param _luckyExchangeRate2 Exchange rate for the second lucky phase
    /// @param _luckyExchangeRate3 Exchange rate for the third lucky phase
    function setExchangeRates(
        uint256 _guaranteedExchangeRate,
        uint256 _luckyExchangeRate1,
        uint256 _luckyExchangeRate2,
        uint256 _luckyExchangeRate3
    ) external onlyOwner onlyBeforePresale {
        guaranteedExchangeRate = _guaranteedExchangeRate;
        luckyExchangeRate1 = _luckyExchangeRate1;
        luckyExchangeRate2 = _luckyExchangeRate2;
        luckyExchangeRate3 = _luckyExchangeRate3;

        emit ExchangeRatesSet(_guaranteedExchangeRate, _luckyExchangeRate1, _luckyExchangeRate2, _luckyExchangeRate3);
    }

    /// @notice Pause the purchase functions, only owner can call this function
    function pause() external onlyOwner {
        _pause();
    }

    /// @notice Unpause the purchase functions, only owner can call this function
    function unpause() external onlyOwner {
        _unpause();
    }

    /*==============================================================
                       INTERNAL FUNCTIONS
    ==============================================================*/

    function _buyWithDiceNFT(uint256 _amount, bytes32[] calldata _proof, uint256 _tokenId, uint256 _maxAmount)
        internal
        nonReentrant
        whenNotPaused
        phaseGuard(Phase.Guaranteed)
    {
        _verifyTokenOwner(diceNFT, _tokenId);
        _verifyDiceNFTProof(_proof, _tokenId, _maxAmount);

        // check if contribution cap is not exceeded
        if (diceNFTContributed[_tokenId] + _amount > _maxAmount) {
            revert ExceededDiceNFTCap(_tokenId);
        }

        // check if total contribution cap is not exceeded
        if (guaranteedRaisedETH + _amount > guaranteedAllocation) {
            revert ExceededGuaranteedAllocation();
        }

        // update contributed amount, tokens eligible & total sold
        uint256 tokensAmount = calculateTokens(_amount, Phase.Guaranteed);
        tokensEligible[msg.sender] += tokensAmount;
        diceNFTContributed[_tokenId] += _amount;
        guaranteedRaisedETH += _amount;

        // transfer ETH to receiver wallet
        (bool success,) = treasury.call{value: _amount}("");
        if (!success) {
            revert TransferFailed(treasury, _amount);
        }

        emit ContributedDiceNFT(msg.sender, _amount, tokensAmount, _tokenId);
    }

    /// @notice Buy tokens with an allowlisted NFT
    /// @param _amount Amount of ETH to contribute
    /// @param _proof Merkle proof
    /// @param _collection Address of the NFT collection
    /// @param _tokenId ID of the NFT
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    function _buyWithAllowedNFT(
        uint256 _amount,
        bytes32[] calldata _proof,
        address _collection,
        uint256 _tokenId,
        uint256 _maxAmount
    ) internal nonReentrant whenNotPaused phaseGuard(Phase.Guaranteed) {
        _verifyTokenOwner(_collection, _tokenId);
        _verifyAllowedNFTProof(_proof, _collection, _maxAmount);

        // check if total contribution cap is not exceeded
        if (guaranteedRaisedETH + _amount > guaranteedAllocation) {
            revert ExceededGuaranteedAllocation();
        }

        // check if NFT cap is not exceeded
        if (allowedNFTContributed[_collection][_tokenId] + _amount > _maxAmount) {
            revert ExceededNFTCap(_collection, _tokenId);
        }

        // update contributed amount, tokens eligible & total sold
        uint256 tokensAmount = calculateTokens(_amount, Phase.Guaranteed);
        tokensEligible[msg.sender] += tokensAmount;
        allowedNFTContributed[_collection][_tokenId] += _amount;
        guaranteedRaisedETH += _amount;

        // transfer ETH to receiver wallet
        (bool success,) = treasury.call{value: _amount}("");
        if (!success) {
            revert TransferFailed(treasury, _amount);
        }

        emit ContributedAllowedNFT(msg.sender, _amount, tokensAmount, _collection, _tokenId);
    }

    /// @notice Buy tokens with an allowlisted wallet
    /// @param _amount Amount of ETH to contribute
    /// @param _proof Merkle proof
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    function _buyWithAllowedWallet(uint256 _amount, bytes32[] calldata _proof, uint256 _maxAmount)
        internal
        nonReentrant
        whenNotPaused
        phaseGuard(Phase.Guaranteed)
    {
        _verifyAllowedWalletProof(_proof, _maxAmount);

        // check if contribution cap is not exceeded
        if (allowedWalletContributed[msg.sender] + _amount > _maxAmount) {
            revert ExceededAllowedWalletCap(msg.sender);
        }

        // check if total contribution cap is not exceeded
        if (guaranteedRaisedETH + _amount > guaranteedAllocation) {
            revert ExceededGuaranteedAllocation();
        }

        // Update contributed amount, tokens eligible & total sold
        uint256 tokensAmount = calculateTokens(_amount, Phase.Guaranteed);
        tokensEligible[msg.sender] += tokensAmount;
        allowedWalletContributed[msg.sender] += _amount;
        guaranteedRaisedETH += _amount;

        // Transfer ETH to receiver wallet
        (bool success,) = treasury.call{value: _amount}("");
        if (!success) {
            revert TransferFailed(treasury, _amount);
        }

        emit ContributedAllowedWallet(msg.sender, _amount, tokensAmount);
    }

    /// @notice Buy tokens in the Lucky phase
    /// @param _amount Amount of ETH to contribute
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    /// @param _signature Signature of the maximum amount and the sender's address
    function _buyLuckyTier(uint256 _amount, uint256 _maxAmount, bytes calldata _signature)
        internal
        nonReentrant
        whenNotPaused
        phaseGuard(Phase.Lucky)
    {
        _verifyLuckySignature(_maxAmount, _signature);

        if (raffleTicketContributed[_signature] + _amount > _maxAmount) {
            revert ExceededRaffleTicketContribution();
        } else if (luckyRaisedETH + _amount > luckyAllocationTier1 + luckyAllocationTier2 + luckyAllocationTier3) {
            revert ExceededLuckyAllocation();
        }

        // update contributed amounts for raffle ticket and per-wallet, tokens eligible & total sold
        uint256 tokensAmount = calculateTokens(_amount, Phase.Lucky);
        tokensEligible[msg.sender] += tokensAmount;
        raffleTicketContributed[_signature] += _amount;
        luckyPhaseContributed[msg.sender] += _amount;
        luckyRaisedETH += _amount;

        // transfer ETH to receiver wallet
        (bool success,) = treasury.call{value: _amount}("");
        if (!success) {
            revert TransferFailed(treasury, _amount);
        }

        emit ContributedLuckyPhase(msg.sender, _amount, tokensAmount);
    }

    /// @notice Buy tokens in the Open phase
    /// @param _amount Amount of ETH to contribute
    function _buyOpenPhase(uint256 _amount) internal nonReentrant whenNotPaused phaseGuard(Phase.Open) {
        if (_amount % openPhaseContributionStep != 0) {
            revert IncorrectContributionStep();
        }

        if (openPhaseContributed[msg.sender] + _amount > openPhaseWalletCap) {
            revert ExceededOpenPhaseWalletCap(msg.sender);
        }

        openPhaseContributed[msg.sender] += _amount;
        openRaisedETH += _amount;

        // transfer ETH to receiver wallet
        (bool success,) = treasury.call{value: _amount}("");
        if (!success) {
            revert TransferFailed(treasury, _amount);
        }

        emit ContributedOpenPhase(msg.sender, _amount);
    }

    /// @notice Verifies if the sender is the owner of a given token or a valid delegate.
    /// @param _collection The address of the collection contract.
    /// @param _tokenId The token ID to verify ownership or delegation for.
    function _verifyTokenOwner(address _collection, uint256 _tokenId) internal view {
        address _tokenOwner = IERC721(_collection).ownerOf(_tokenId);

        // Check sender is owner
        if (_tokenOwner == msg.sender) {
            return;
        }

        // Check with delegate registry v2
        if (delegateRegistryV2.checkDelegateForERC721(msg.sender, _tokenOwner, _collection, _tokenId, "")) {
            return;
        }

        // Check with delegate registry v1
        if (delegateRegistryV1.checkDelegateForToken(msg.sender, _tokenOwner, _collection, _tokenId)) {
            return;
        }

        // Revert if not owner or delegate
        revert NotTokenOwner(_collection, _tokenId);
    }

    /// @notice Verify the signature of the maximum amount and the sender's address
    /// @param _maxAmount Maximum amount of ETH that can be contributed
    /// @param _signature Signature of the maximum amount and the sender's address
    function _verifyLuckySignature(uint256 _maxAmount, bytes calldata _signature) internal view {
        bytes32 signedMessageHash = MessageHashUtils.toEthSignedMessageHash(
            keccak256(abi.encode(_getDomainSeparator(), _maxAmount, msg.sender))
        );
        address recoveredOwner = ECDSA.recover(signedMessageHash, _signature);

        if (recoveredOwner != luckySigner) {
            revert InvalidSignature();
        }
    }

    /// @notice Verify the merkle proof
    /// @param _proof The merkle proof
    /// @param _maxAmount The amount to verify
    function _verifyAllowedWalletProof(bytes32[] calldata _proof, uint256 _maxAmount) internal view {
        bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(msg.sender, _maxAmount))));
        if (!MerkleProof.verify(_proof, allowedWalletsMerkleRoot, leaf)) {
            revert InvalidAllowedWalletProof();
        }
    }

    /// @notice Verify the merkle proof
    /// @param _proof The merkle proof
    /// @param _tokenId The token ID to verify
    /// @param _maxAmount The amount to verify
    function _verifyDiceNFTProof(bytes32[] calldata _proof, uint256 _tokenId, uint256 _maxAmount) internal view {
        bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(_tokenId, _maxAmount))));
        if (!MerkleProof.verify(_proof, diceNFTsMerkleRoot, leaf)) {
            revert InvalidDiceNFTProof();
        }
    }

    /// @notice Verify the merkle proof
    /// @param _proof The merkle proof
    /// @param _collection Collection address
    /// @param _maxAmount The amount to verify
    function _verifyAllowedNFTProof(bytes32[] calldata _proof, address _collection, uint256 _maxAmount) internal view {
        bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(_collection, _maxAmount))));
        if (!MerkleProof.verify(_proof, allowedNFTsMerkleRoot, leaf)) {
            revert InvalidAllowedNFTProof();
        }
    }

    /// @notice Get the domain separator
    function _getDomainSeparator() internal view returns (bytes32) {
        if (address(this) == cachedThis && block.chainid == cachedChainId) {
            return cachedDomainSeparator;
        } else {
            return _constructDomainSeparator();
        }
    }

    /// @notice Construct the domain separator
    function _constructDomainSeparator() internal view returns (bytes32) {
        return keccak256(abi.encode(DOMAIN_TYPEHASH, block.chainid, address(this)));
    }

    /*==============================================================
                            EVENTS
    ==============================================================*/

    /// @notice Emitted when the merkle root for the allowed wallets is set
    /// @param allowedWalletsMerkleRoot The merkle root for the allowed wallets
    event AllowedWalletsMerkleRootSet(bytes32 indexed allowedWalletsMerkleRoot);

    /// @notice Emitted when the merkle root for the Dice NFTs is set
    /// @param diceNFTsMerkleRoot The merkle root for the Dice NFTs
    event DiceNFTsMerkleRootSet(bytes32 indexed diceNFTsMerkleRoot);

    /// @notice Emitted when the merkle root for the allowed NFTs is set
    /// @param allowedNFTsMerkleRoot The merkle root for the allowed NFTs
    event AllowedNFTsMerkleRootSet(bytes32 indexed allowedNFTsMerkleRoot);

    /// @notice Emitted when the merkle root for the open phase allocations is set
    /// @param openPhaseAllocationsMerkleRoot The merkle root for the open phase allocations
    event OpenPhaseAllocationsMerkleRootSet(bytes32 indexed openPhaseAllocationsMerkleRoot);

    /// @notice Emitted when the merkle root for the Dice NFTs tokens eligible is set
    /// @param diceNFTsTokensEligibleMerkleRootSet The merkle root for the Dice NFTs tokens eligible
    event DiceNFTsTokensEligibleMerkleRootSet(bytes32 indexed diceNFTsTokensEligibleMerkleRootSet);

    /// @notice Emitted when the exchange rates for each phase are set
    event ExchangeRatesSet(
        uint256 guaranteedExchangeRate,
        uint256 luckyExchangeRate1,
        uint256 luckyExchangeRate2,
        uint256 luckyExchangeRate3
    );

    /// @notice Emitted when the allocations for the guaranteed phase are set
    /// @param guaranteedStart Start time of the guaranteed phase
    /// @param guaranteedEnd End time of the guaranteed phase
    /// @param guaranteedAllocation Allocation for the guaranteed phase
    event GuaranteedPhaseSet(
        uint256 indexed guaranteedStart, uint256 indexed guaranteedEnd, uint256 indexed guaranteedAllocation
    );

    /// @notice Emitted when the allocations for the lucky phase are set
    /// @param luckyStart Start time of the Lucky phase
    /// @param luckyEnd End time of the Lucky phase
    /// @param luckyAllocationTier1 Allocation for the first lucky tier1
    /// @param luckyAllocationTier2 Allocation for the second lucky tier2
    /// @param luckyAllocationTier3 Allocation for the third lucky tier3
    /// @param luckySigner Signer of lucky signatures
    event LuckyPhaseSet(
        uint256 luckyStart,
        uint256 luckyEnd,
        uint256 luckyAllocationTier1,
        uint256 luckyAllocationTier2,
        uint256 luckyAllocationTier3,
        address luckySigner
    );

    /// @notice Emitted when the allocations for the open phase are set
    /// @param openStart Start time of the Open phase
    /// @param openEnd End time of the Open phase
    /// @param openPhaseWalletCap Wallet cap for the Open phase
    /// @param openPhaseContributionStep Contribution step for the Open phase
    event OpenPhaseSet(
        uint256 openStart, uint256 openEnd, uint256 openPhaseWalletCap, uint256 openPhaseContributionStep
    );

    /// @notice Emitted when a contributor buys tokens
    /// @param contributor The address of the contributor
    /// @param amount The amount of ETH contributed
    event Contributed(address indexed contributor, uint256 indexed amount);

    /// @notice Emitted when a contributor buys tokens with allowed wallet
    /// @param contributor The address of the contributor
    /// @param amount The amount of ETH contributed
    /// @param tokensAmount The amount of tokens contributed
    event ContributedAllowedWallet(address indexed contributor, uint256 indexed amount, uint256 indexed tokensAmount);

    /// @notice Emitted when a contributor buys tokens with a Dice NFT
    /// @param contributor The address of the contributor
    /// @param amount The amount of ETH contributed
    /// @param tokensAmount The amount of tokens contributed
    /// @param tokenId The token ID contributed for
    event ContributedDiceNFT(
        address indexed contributor, uint256 indexed amount, uint256 indexed tokensAmount, uint256 tokenId
    );

    /// @notice Emitted when a contributor buys tokens with an allowlisted NFT
    /// @param contributor The address of the contributor
    /// @param amount The amount of ETH contributed
    /// @param tokensAmount The amount of tokens contributed
    /// @param collection The address of the NFT collection
    /// @param tokenId The token ID contributed for
    event ContributedAllowedNFT(
        address indexed contributor,
        uint256 indexed amount,
        uint256 indexed tokensAmount,
        address collection,
        uint256 tokenId
    );

    /// @notice Emitted when a contributor buys tokens in the Lucky phase
    /// @param contributor The address of the contributor
    /// @param amount The amount of ETH contributed
    /// @param tokensAmount The amount of tokens contributed
    event ContributedLuckyPhase(address indexed contributor, uint256 indexed amount, uint256 indexed tokensAmount);

    /// @notice Emitted when a contributor buys tokens in the Open phase
    /// @param contributor The address of the contributor
    /// @param amount The amount of ETH contributed
    event ContributedOpenPhase(address indexed contributor, uint256 indexed amount);

    /*==============================================================
                            ERRORS
    ==============================================================*/

    /// @notice Revert if the transfer of funds fails
    /// @param recipient The address of the recipient
    /// @param amount The amount of funds refunded
    error TransferFailed(address recipient, uint256 amount);

    /// @notice Reverse if the signature is invalid
    error InvalidSignature();

    /// @notice Revert if the merkle proof for allowed wallet is invalid
    error InvalidAllowedWalletProof();

    /// @notice Revert if the merkle proof for Dice NFT is invalid
    error InvalidDiceNFTProof();

    /// @notice Revert if the merkle proof for allowed NFT is invalid
    error InvalidAllowedNFTProof();

    /// @notice Revert if the Dice NFT cap is exceeded
    error ExceededDiceNFTCap(uint256 tokenId);

    /// @notice Revert if the NFT cap is exceeded
    error ExceededNFTCap(address collection, uint256 tokenId);

    /// @notice Revert if the guaranteed allocation is exceeded
    error ExceededGuaranteedAllocation();

    /// @notice Revert if the contribution amount is incorrect
    error ContributionAmountMismatch();

    /// @notice Revert if the lucky allocation is exceeded
    error ExceededLuckyAllocation();

    /// @notice Revert if the wallet cap is exceeded
    error ExceededAllowedWalletCap(address wallet);

    /// @notice Revert if the raffle ticket contribution is exceeded
    error ExceededOpenPhaseWalletCap(address wallet);

    /// @notice Revert if the contribution is not divisible by the step
    error IncorrectContributionStep();

    /// @notice Revert if the raffle ticket contribution is exceeded
    error ExceededRaffleTicketContribution();

    /// @notice Revert if the phase is not active
    error PhaseNotActive(Phase phase);

    /// @notice Revert if the caller is not the owner of the token or a valid delegate.
    /// @param collection The address of the collection contract.
    /// @param tokenId The token ID to verify ownership or delegation for.
    error NotTokenOwner(address collection, uint256 tokenId);

    /// @notice Revert if presale has started
    error OnlyBeforePresale();

    /// @notice Revert if presale has ended
    error OnlyAfterPresale();
}

File 6 of 17 : Ownable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {Context} from "../utils/Context.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
    address private _owner;

    /**
     * @dev The caller account is not authorized to perform an operation.
     */
    error OwnableUnauthorizedAccount(address account);

    /**
     * @dev The owner is not a valid owner account. (eg. `address(0)`)
     */
    error OwnableInvalidOwner(address owner);

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
     */
    constructor(address initialOwner) {
        if (initialOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(initialOwner);
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        if (owner() != _msgSender()) {
            revert OwnableUnauthorizedAccount(_msgSender());
        }
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        if (newOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

File 7 of 17 : ECDSA.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.20;

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS
    }

    /**
     * @dev The signature derives the `address(0)`.
     */
    error ECDSAInvalidSignature();

    /**
     * @dev The signature has an invalid length.
     */
    error ECDSAInvalidSignatureLength(uint256 length);

    /**
     * @dev The signature has an S value that is in the upper half order.
     */
    error ECDSAInvalidSignatureS(bytes32 s);

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
     * return address(0) without also returning an error description. Errors are documented using an enum (error type)
     * and a bytes32 providing additional information about the error.
     *
     * If no error is returned, then the address can be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError, bytes32) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     */
    function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError, bytes32) {
        unchecked {
            bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
            // We do not check for an overflow here since the shift operation results in 0 or 1.
            uint8 v = uint8((uint256(vs) >> 255) + 27);
            return tryRecover(hash, v, r, s);
        }
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function tryRecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address, RecoverError, bytes32) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS, s);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature, bytes32(0));
        }

        return (signer, RecoverError.NoError, bytes32(0));
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
     */
    function _throwError(RecoverError error, bytes32 errorArg) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert ECDSAInvalidSignature();
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert ECDSAInvalidSignatureLength(uint256(errorArg));
        } else if (error == RecoverError.InvalidSignatureS) {
            revert ECDSAInvalidSignatureS(errorArg);
        }
    }
}

File 8 of 17 : MessageHashUtils.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MessageHashUtils.sol)

pragma solidity ^0.8.20;

import {Strings} from "../Strings.sol";

/**
 * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
 *
 * The library provides methods for generating a hash of a message that conforms to the
 * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
 * specifications.
 */
library MessageHashUtils {
    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x45` (`personal_sign` messages).
     *
     * The digest is calculated by prefixing a bytes32 `messageHash` with
     * `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the
     * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
     *
     * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
     * keccak256, although any bytes32 value can be safely used because the final digest will
     * be re-hashed.
     *
     * See {ECDSA-recover}.
     */
    function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash
            mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
            digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
        }
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x45` (`personal_sign` messages).
     *
     * The digest is calculated by prefixing an arbitrary `message` with
     * `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the
     * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
     *
     * See {ECDSA-recover}.
     */
    function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
        return
            keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message));
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-191 signed data with version
     * `0x00` (data with intended validator).
     *
     * The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended
     * `validator` address. Then hashing the result.
     *
     * See {ECDSA-recover}.
     */
    function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked(hex"19_00", validator, data));
    }

    /**
     * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
     *
     * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
     * `\x19\x01` and hashing the result. It corresponds to the hash signed by the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
     *
     * See {ECDSA-recover}.
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
        /// @solidity memory-safe-assembly
        assembly {
            let ptr := mload(0x40)
            mstore(ptr, hex"19_01")
            mstore(add(ptr, 0x02), domainSeparator)
            mstore(add(ptr, 0x22), structHash)
            digest := keccak256(ptr, 0x42)
        }
    }
}

File 9 of 17 : IERC721.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721.sol)

pragma solidity ^0.8.20;

import {IERC165} from "../../utils/introspection/IERC165.sol";

/**
 * @dev Required interface of an ERC721 compliant contract.
 */
interface IERC721 is IERC165 {
    /**
     * @dev Emitted when `tokenId` token is transferred from `from` to `to`.
     */
    event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);

    /**
     * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
     */
    event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);

    /**
     * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
     */
    event ApprovalForAll(address indexed owner, address indexed operator, bool approved);

    /**
     * @dev Returns the number of tokens in ``owner``'s account.
     */
    function balanceOf(address owner) external view returns (uint256 balance);

    /**
     * @dev Returns the owner of the `tokenId` token.
     *
     * Requirements:
     *
     * - `tokenId` must exist.
     */
    function ownerOf(uint256 tokenId) external view returns (address owner);

    /**
     * @dev Safely transfers `tokenId` token from `from` to `to`.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `tokenId` token must exist and be owned by `from`.
     * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
     * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
     *   a safe transfer.
     *
     * Emits a {Transfer} event.
     */
    function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;

    /**
     * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
     * are aware of the ERC721 protocol to prevent tokens from being forever locked.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `tokenId` token must exist and be owned by `from`.
     * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or
     *   {setApprovalForAll}.
     * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
     *   a safe transfer.
     *
     * Emits a {Transfer} event.
     */
    function safeTransferFrom(address from, address to, uint256 tokenId) external;

    /**
     * @dev Transfers `tokenId` token from `from` to `to`.
     *
     * WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
     * or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
     * understand this adds an external call which potentially creates a reentrancy vulnerability.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `tokenId` token must be owned by `from`.
     * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 tokenId) external;

    /**
     * @dev Gives permission to `to` to transfer `tokenId` token to another account.
     * The approval is cleared when the token is transferred.
     *
     * Only a single account can be approved at a time, so approving the zero address clears previous approvals.
     *
     * Requirements:
     *
     * - The caller must own the token or be an approved operator.
     * - `tokenId` must exist.
     *
     * Emits an {Approval} event.
     */
    function approve(address to, uint256 tokenId) external;

    /**
     * @dev Approve or remove `operator` as an operator for the caller.
     * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
     *
     * Requirements:
     *
     * - The `operator` cannot be the address zero.
     *
     * Emits an {ApprovalForAll} event.
     */
    function setApprovalForAll(address operator, bool approved) external;

    /**
     * @dev Returns the account approved for `tokenId` token.
     *
     * Requirements:
     *
     * - `tokenId` must exist.
     */
    function getApproved(uint256 tokenId) external view returns (address operator);

    /**
     * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
     *
     * See {setApprovalForAll}
     */
    function isApprovedForAll(address owner, address operator) external view returns (bool);
}

File 10 of 17 : Pausable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)

pragma solidity ^0.8.20;

import {Context} from "../utils/Context.sol";

/**
 * @dev Contract module which allows children to implement an emergency stop
 * mechanism that can be triggered by an authorized account.
 *
 * This module is used through inheritance. It will make available the
 * modifiers `whenNotPaused` and `whenPaused`, which can be applied to
 * the functions of your contract. Note that they will not be pausable by
 * simply including this module, only once the modifiers are put in place.
 */
abstract contract Pausable is Context {
    bool private _paused;

    /**
     * @dev Emitted when the pause is triggered by `account`.
     */
    event Paused(address account);

    /**
     * @dev Emitted when the pause is lifted by `account`.
     */
    event Unpaused(address account);

    /**
     * @dev The operation failed because the contract is paused.
     */
    error EnforcedPause();

    /**
     * @dev The operation failed because the contract is not paused.
     */
    error ExpectedPause();

    /**
     * @dev Initializes the contract in unpaused state.
     */
    constructor() {
        _paused = false;
    }

    /**
     * @dev Modifier to make a function callable only when the contract is not paused.
     *
     * Requirements:
     *
     * - The contract must not be paused.
     */
    modifier whenNotPaused() {
        _requireNotPaused();
        _;
    }

    /**
     * @dev Modifier to make a function callable only when the contract is paused.
     *
     * Requirements:
     *
     * - The contract must be paused.
     */
    modifier whenPaused() {
        _requirePaused();
        _;
    }

    /**
     * @dev Returns true if the contract is paused, and false otherwise.
     */
    function paused() public view virtual returns (bool) {
        return _paused;
    }

    /**
     * @dev Throws if the contract is paused.
     */
    function _requireNotPaused() internal view virtual {
        if (paused()) {
            revert EnforcedPause();
        }
    }

    /**
     * @dev Throws if the contract is not paused.
     */
    function _requirePaused() internal view virtual {
        if (!paused()) {
            revert ExpectedPause();
        }
    }

    /**
     * @dev Triggers stopped state.
     *
     * Requirements:
     *
     * - The contract must not be paused.
     */
    function _pause() internal virtual whenNotPaused {
        _paused = true;
        emit Paused(_msgSender());
    }

    /**
     * @dev Returns to normal state.
     *
     * Requirements:
     *
     * - The contract must be paused.
     */
    function _unpause() internal virtual whenPaused {
        _paused = false;
        emit Unpaused(_msgSender());
    }
}

File 11 of 17 : IDelegationRegistry.sol
// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.17;

/**
 * @title An immutable registry contract to be deployed as a standalone primitive
 * @dev See EIP-5639, new project launches can read previous cold wallet -> hot wallet delegations
 * from here and integrate those permissions into their flow
 */
interface IDelegationRegistry {
    /// @notice Delegation type
    enum DelegationType {
        NONE,
        ALL,
        CONTRACT,
        TOKEN
    }

    /// @notice Info about a single delegation, used for onchain enumeration
    struct DelegationInfo {
        DelegationType type_;
        address vault;
        address delegate;
        address contract_;
        uint256 tokenId;
    }

    /// @notice Info about a single contract-level delegation
    struct ContractDelegation {
        address contract_;
        address delegate;
    }

    /// @notice Info about a single token-level delegation
    struct TokenDelegation {
        address contract_;
        uint256 tokenId;
        address delegate;
    }

    /// @notice Emitted when a user delegates their entire wallet
    event DelegateForAll(address vault, address delegate, bool value);

    /// @notice Emitted when a user delegates a specific contract
    event DelegateForContract(
        address vault,
        address delegate,
        address contract_,
        bool value
    );

    /// @notice Emitted when a user delegates a specific token
    event DelegateForToken(
        address vault,
        address delegate,
        address contract_,
        uint256 tokenId,
        bool value
    );

    /// @notice Emitted when a user revokes all delegations
    event RevokeAllDelegates(address vault);

    /// @notice Emitted when a user revoes all delegations for a given delegate
    event RevokeDelegate(address vault, address delegate);

    /**
     * -----------  WRITE -----------
     */

    /**
     * @notice Allow the delegate to act on your behalf for all contracts
     * @param delegate The hotwallet to act on your behalf
     * @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
     */
    function delegateForAll(address delegate, bool value) external;

    /**
     * @notice Allow the delegate to act on your behalf for a specific contract
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
     */
    function delegateForContract(
        address delegate,
        address contract_,
        bool value
    ) external;

    /**
     * @notice Allow the delegate to act on your behalf for a specific token
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param tokenId The token id for the token you're delegating
     * @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
     */
    function delegateForToken(
        address delegate,
        address contract_,
        uint256 tokenId,
        bool value
    ) external;

    /**
     * @notice Revoke all delegates
     */
    function revokeAllDelegates() external;

    /**
     * @notice Revoke a specific delegate for all their permissions
     * @param delegate The hotwallet to revoke
     */
    function revokeDelegate(address delegate) external;

    /**
     * @notice Remove yourself as a delegate for a specific vault
     * @param vault The vault which delegated to the msg.sender, and should be removed
     */
    function revokeSelf(address vault) external;

    /**
     * -----------  READ -----------
     */

    /**
     * @notice Returns all active delegations a given delegate is able to claim on behalf of
     * @param delegate The delegate that you would like to retrieve delegations for
     * @return info Array of DelegationInfo structs
     */
    function getDelegationsByDelegate(
        address delegate
    ) external view returns (DelegationInfo[] memory);

    /**
     * @notice Returns an array of wallet-level delegates for a given vault
     * @param vault The cold wallet who issued the delegation
     * @return addresses Array of wallet-level delegates for a given vault
     */
    function getDelegatesForAll(
        address vault
    ) external view returns (address[] memory);

    /**
     * @notice Returns an array of contract-level delegates for a given vault and contract
     * @param vault The cold wallet who issued the delegation
     * @param contract_ The address for the contract you're delegating
     * @return addresses Array of contract-level delegates for a given vault and contract
     */
    function getDelegatesForContract(
        address vault,
        address contract_
    ) external view returns (address[] memory);

    /**
     * @notice Returns an array of contract-level delegates for a given vault's token
     * @param vault The cold wallet who issued the delegation
     * @param contract_ The address for the contract holding the token
     * @param tokenId The token id for the token you're delegating
     * @return addresses Array of contract-level delegates for a given vault's token
     */
    function getDelegatesForToken(
        address vault,
        address contract_,
        uint256 tokenId
    ) external view returns (address[] memory);

    /**
     * @notice Returns all contract-level delegations for a given vault
     * @param vault The cold wallet who issued the delegations
     * @return delegations Array of ContractDelegation structs
     */
    function getContractLevelDelegations(
        address vault
    ) external view returns (ContractDelegation[] memory delegations);

    /**
     * @notice Returns all token-level delegations for a given vault
     * @param vault The cold wallet who issued the delegations
     * @return delegations Array of TokenDelegation structs
     */
    function getTokenLevelDelegations(
        address vault
    ) external view returns (TokenDelegation[] memory delegations);

    /**
     * @notice Returns true if the address is delegated to act on the entire vault
     * @param delegate The hotwallet to act on your behalf
     * @param vault The cold wallet who issued the delegation
     */
    function checkDelegateForAll(
        address delegate,
        address vault
    ) external view returns (bool);

    /**
     * @notice Returns true if the address is delegated to act on your behalf for a token contract or an entire vault
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param vault The cold wallet who issued the delegation
     */
    function checkDelegateForContract(
        address delegate,
        address vault,
        address contract_
    ) external view returns (bool);

    /**
     * @notice Returns true if the address is delegated to act on your behalf for a specific token, the token's contract or an entire vault
     * @param delegate The hotwallet to act on your behalf
     * @param contract_ The address for the contract you're delegating
     * @param tokenId The token id for the token you're delegating
     * @param vault The cold wallet who issued the delegation
     */
    function checkDelegateForToken(
        address delegate,
        address vault,
        address contract_,
        uint256 tokenId
    ) external view returns (bool);
}

File 12 of 17 : IDelegateRegistry.sol
// SPDX-License-Identifier: CC0-1.0
pragma solidity >=0.8.13;

/**
 * @title IDelegateRegistry
 * @custom:version 2.0
 * @custom:author foobar (0xfoobar)
 * @notice A standalone immutable registry storing delegated permissions from one address to another
 */
interface IDelegateRegistry {
    /// @notice Delegation type, NONE is used when a delegation does not exist or is revoked
    enum DelegationType {
        NONE,
        ALL,
        CONTRACT,
        ERC721,
        ERC20,
        ERC1155
    }

    /// @notice Struct for returning delegations
    struct Delegation {
        DelegationType type_;
        address to;
        address from;
        bytes32 rights;
        address contract_;
        uint256 tokenId;
        uint256 amount;
    }

    /// @notice Emitted when an address delegates or revokes rights for their entire wallet
    event DelegateAll(address indexed from, address indexed to, bytes32 rights, bool enable);

    /// @notice Emitted when an address delegates or revokes rights for a contract address
    event DelegateContract(address indexed from, address indexed to, address indexed contract_, bytes32 rights, bool enable);

    /// @notice Emitted when an address delegates or revokes rights for an ERC721 tokenId
    event DelegateERC721(address indexed from, address indexed to, address indexed contract_, uint256 tokenId, bytes32 rights, bool enable);

    /// @notice Emitted when an address delegates or revokes rights for an amount of ERC20 tokens
    event DelegateERC20(address indexed from, address indexed to, address indexed contract_, bytes32 rights, uint256 amount);

    /// @notice Emitted when an address delegates or revokes rights for an amount of an ERC1155 tokenId
    event DelegateERC1155(address indexed from, address indexed to, address indexed contract_, uint256 tokenId, bytes32 rights, uint256 amount);

    /// @notice Thrown if multicall calldata is malformed
    error MulticallFailed();

    /**
     * -----------  WRITE -----------
     */

    /**
     * @notice Call multiple functions in the current contract and return the data from all of them if they all succeed
     * @param data The encoded function data for each of the calls to make to this contract
     * @return results The results from each of the calls passed in via data
     */
    function multicall(bytes[] calldata data) external payable returns (bytes[] memory results);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for all contracts
     * @param to The address to act as delegate
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param enable Whether to enable or disable this delegation, true delegates and false revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateAll(address to, bytes32 rights, bool enable) external payable returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific contract
     * @param to The address to act as delegate
     * @param contract_ The contract whose rights are being delegated
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param enable Whether to enable or disable this delegation, true delegates and false revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateContract(address to, address contract_, bytes32 rights, bool enable) external payable returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific ERC721 token
     * @param to The address to act as delegate
     * @param contract_ The contract whose rights are being delegated
     * @param tokenId The token id to delegate
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param enable Whether to enable or disable this delegation, true delegates and false revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateERC721(address to, address contract_, uint256 tokenId, bytes32 rights, bool enable) external payable returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific amount of ERC20 tokens
     * @dev The actual amount is not encoded in the hash, just the existence of a amount (since it is an upper bound)
     * @param to The address to act as delegate
     * @param contract_ The address for the fungible token contract
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param amount The amount to delegate, > 0 delegates and 0 revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateERC20(address to, address contract_, bytes32 rights, uint256 amount) external payable returns (bytes32 delegationHash);

    /**
     * @notice Allow the delegate to act on behalf of `msg.sender` for a specific amount of ERC1155 tokens
     * @dev The actual amount is not encoded in the hash, just the existence of a amount (since it is an upper bound)
     * @param to The address to act as delegate
     * @param contract_ The address of the contract that holds the token
     * @param tokenId The token id to delegate
     * @param rights Specific subdelegation rights granted to the delegate, pass an empty bytestring to encompass all rights
     * @param amount The amount of that token id to delegate, > 0 delegates and 0 revokes
     * @return delegationHash The unique identifier of the delegation
     */
    function delegateERC1155(address to, address contract_, uint256 tokenId, bytes32 rights, uint256 amount) external payable returns (bytes32 delegationHash);

    /**
     * ----------- CHECKS -----------
     */

    /**
     * @notice Check if `to` is a delegate of `from` for the entire wallet
     * @param to The potential delegate address
     * @param from The potential address who delegated rights
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return valid Whether delegate is granted to act on the from's behalf
     */
    function checkDelegateForAll(address to, address from, bytes32 rights) external view returns (bool);

    /**
     * @notice Check if `to` is a delegate of `from` for the specified `contract_` or the entire wallet
     * @param to The delegated address to check
     * @param contract_ The specific contract address being checked
     * @param from The cold wallet who issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return valid Whether delegate is granted to act on from's behalf for entire wallet or that specific contract
     */
    function checkDelegateForContract(address to, address from, address contract_, bytes32 rights) external view returns (bool);

    /**
     * @notice Check if `to` is a delegate of `from` for the specific `contract` and `tokenId`, the entire `contract_`, or the entire wallet
     * @param to The delegated address to check
     * @param contract_ The specific contract address being checked
     * @param tokenId The token id for the token to delegating
     * @param from The wallet that issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return valid Whether delegate is granted to act on from's behalf for entire wallet, that contract, or that specific tokenId
     */
    function checkDelegateForERC721(address to, address from, address contract_, uint256 tokenId, bytes32 rights) external view returns (bool);

    /**
     * @notice Returns the amount of ERC20 tokens the delegate is granted rights to act on the behalf of
     * @param to The delegated address to check
     * @param contract_ The address of the token contract
     * @param from The cold wallet who issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return balance The delegated balance, which will be 0 if the delegation does not exist
     */
    function checkDelegateForERC20(address to, address from, address contract_, bytes32 rights) external view returns (uint256);

    /**
     * @notice Returns the amount of a ERC1155 tokens the delegate is granted rights to act on the behalf of
     * @param to The delegated address to check
     * @param contract_ The address of the token contract
     * @param tokenId The token id to check the delegated amount of
     * @param from The cold wallet who issued the delegation
     * @param rights Specific rights to check for, pass the zero value to ignore subdelegations and check full delegations only
     * @return balance The delegated balance, which will be 0 if the delegation does not exist
     */
    function checkDelegateForERC1155(address to, address from, address contract_, uint256 tokenId, bytes32 rights) external view returns (uint256);

    /**
     * ----------- ENUMERATIONS -----------
     */

    /**
     * @notice Returns all enabled delegations a given delegate has received
     * @param to The address to retrieve delegations for
     * @return delegations Array of Delegation structs
     */
    function getIncomingDelegations(address to) external view returns (Delegation[] memory delegations);

    /**
     * @notice Returns all enabled delegations an address has given out
     * @param from The address to retrieve delegations for
     * @return delegations Array of Delegation structs
     */
    function getOutgoingDelegations(address from) external view returns (Delegation[] memory delegations);

    /**
     * @notice Returns all hashes associated with enabled delegations an address has received
     * @param to The address to retrieve incoming delegation hashes for
     * @return delegationHashes Array of delegation hashes
     */
    function getIncomingDelegationHashes(address to) external view returns (bytes32[] memory delegationHashes);

    /**
     * @notice Returns all hashes associated with enabled delegations an address has given out
     * @param from The address to retrieve outgoing delegation hashes for
     * @return delegationHashes Array of delegation hashes
     */
    function getOutgoingDelegationHashes(address from) external view returns (bytes32[] memory delegationHashes);

    /**
     * @notice Returns the delegations for a given array of delegation hashes
     * @param delegationHashes is an array of hashes that correspond to delegations
     * @return delegations Array of Delegation structs, return empty structs for nonexistent or revoked delegations
     */
    function getDelegationsFromHashes(bytes32[] calldata delegationHashes) external view returns (Delegation[] memory delegations);

    /**
     * ----------- STORAGE ACCESS -----------
     */

    /**
     * @notice Allows external contracts to read arbitrary storage slots
     */
    function readSlot(bytes32 location) external view returns (bytes32);

    /**
     * @notice Allows external contracts to read an arbitrary array of storage slots
     */
    function readSlots(bytes32[] calldata locations) external view returns (bytes32[] memory);
}

File 13 of 17 : Context.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

File 14 of 17 : Strings.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)

pragma solidity ^0.8.20;

import {Math} from "./math/Math.sol";
import {SignedMath} from "./math/SignedMath.sol";

/**
 * @dev String operations.
 */
library Strings {
    bytes16 private constant HEX_DIGITS = "0123456789abcdef";
    uint8 private constant ADDRESS_LENGTH = 20;

    /**
     * @dev The `value` string doesn't fit in the specified `length`.
     */
    error StringsInsufficientHexLength(uint256 value, uint256 length);

    /**
     * @dev Converts a `uint256` to its ASCII `string` decimal representation.
     */
    function toString(uint256 value) internal pure returns (string memory) {
        unchecked {
            uint256 length = Math.log10(value) + 1;
            string memory buffer = new string(length);
            uint256 ptr;
            /// @solidity memory-safe-assembly
            assembly {
                ptr := add(buffer, add(32, length))
            }
            while (true) {
                ptr--;
                /// @solidity memory-safe-assembly
                assembly {
                    mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
                }
                value /= 10;
                if (value == 0) break;
            }
            return buffer;
        }
    }

    /**
     * @dev Converts a `int256` to its ASCII `string` decimal representation.
     */
    function toStringSigned(int256 value) internal pure returns (string memory) {
        return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
     */
    function toHexString(uint256 value) internal pure returns (string memory) {
        unchecked {
            return toHexString(value, Math.log256(value) + 1);
        }
    }

    /**
     * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
     */
    function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
        uint256 localValue = value;
        bytes memory buffer = new bytes(2 * length + 2);
        buffer[0] = "0";
        buffer[1] = "x";
        for (uint256 i = 2 * length + 1; i > 1; --i) {
            buffer[i] = HEX_DIGITS[localValue & 0xf];
            localValue >>= 4;
        }
        if (localValue != 0) {
            revert StringsInsufficientHexLength(value, length);
        }
        return string(buffer);
    }

    /**
     * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
     * representation.
     */
    function toHexString(address addr) internal pure returns (string memory) {
        return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
    }

    /**
     * @dev Returns true if the two strings are equal.
     */
    function equal(string memory a, string memory b) internal pure returns (bool) {
        return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
    }
}

File 15 of 17 : IERC165.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
    /**
     * @dev Returns true if this contract implements the interface defined by
     * `interfaceId`. See the corresponding
     * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
     * to learn more about how these ids are created.
     *
     * This function call must use less than 30 000 gas.
     */
    function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

File 16 of 17 : Math.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
    /**
     * @dev Muldiv operation overflow.
     */
    error MathOverflowedMulDiv();

    enum Rounding {
        Floor, // Toward negative infinity
        Ceil, // Toward positive infinity
        Trunc, // Toward zero
        Expand // Away from zero
    }

    /**
     * @dev Returns the addition of two unsigned integers, with an overflow flag.
     */
    function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            uint256 c = a + b;
            if (c < a) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
     */
    function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b > a) return (false, 0);
            return (true, a - b);
        }
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
     */
    function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
            // benefit is lost if 'b' is also tested.
            // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
            if (a == 0) return (true, 0);
            uint256 c = a * b;
            if (c / a != b) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the division of two unsigned integers, with a division by zero flag.
     */
    function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a / b);
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
     */
    function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a % b);
        }
    }

    /**
     * @dev Returns the largest of two numbers.
     */
    function max(uint256 a, uint256 b) internal pure returns (uint256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two numbers.
     */
    function min(uint256 a, uint256 b) internal pure returns (uint256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two numbers. The result is rounded towards
     * zero.
     */
    function average(uint256 a, uint256 b) internal pure returns (uint256) {
        // (a + b) / 2 can overflow.
        return (a & b) + (a ^ b) / 2;
    }

    /**
     * @dev Returns the ceiling of the division of two numbers.
     *
     * This differs from standard division with `/` in that it rounds towards infinity instead
     * of rounding towards zero.
     */
    function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
        if (b == 0) {
            // Guarantee the same behavior as in a regular Solidity division.
            return a / b;
        }

        // (a + b - 1) / b can overflow on addition, so we distribute.
        return a == 0 ? 0 : (a - 1) / b + 1;
    }

    /**
     * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
     * denominator == 0.
     * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
     * Uniswap Labs also under MIT license.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
        unchecked {
            // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
            // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
            // variables such that product = prod1 * 2^256 + prod0.
            uint256 prod0 = x * y; // Least significant 256 bits of the product
            uint256 prod1; // Most significant 256 bits of the product
            assembly {
                let mm := mulmod(x, y, not(0))
                prod1 := sub(sub(mm, prod0), lt(mm, prod0))
            }

            // Handle non-overflow cases, 256 by 256 division.
            if (prod1 == 0) {
                // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                // The surrounding unchecked block does not change this fact.
                // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                return prod0 / denominator;
            }

            // Make sure the result is less than 2^256. Also prevents denominator == 0.
            if (denominator <= prod1) {
                revert MathOverflowedMulDiv();
            }

            ///////////////////////////////////////////////
            // 512 by 256 division.
            ///////////////////////////////////////////////

            // Make division exact by subtracting the remainder from [prod1 prod0].
            uint256 remainder;
            assembly {
                // Compute remainder using mulmod.
                remainder := mulmod(x, y, denominator)

                // Subtract 256 bit number from 512 bit number.
                prod1 := sub(prod1, gt(remainder, prod0))
                prod0 := sub(prod0, remainder)
            }

            // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
            // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.

            uint256 twos = denominator & (0 - denominator);
            assembly {
                // Divide denominator by twos.
                denominator := div(denominator, twos)

                // Divide [prod1 prod0] by twos.
                prod0 := div(prod0, twos)

                // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                twos := add(div(sub(0, twos), twos), 1)
            }

            // Shift in bits from prod1 into prod0.
            prod0 |= prod1 * twos;

            // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
            // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
            // four bits. That is, denominator * inv = 1 mod 2^4.
            uint256 inverse = (3 * denominator) ^ 2;

            // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
            // works in modular arithmetic, doubling the correct bits in each step.
            inverse *= 2 - denominator * inverse; // inverse mod 2^8
            inverse *= 2 - denominator * inverse; // inverse mod 2^16
            inverse *= 2 - denominator * inverse; // inverse mod 2^32
            inverse *= 2 - denominator * inverse; // inverse mod 2^64
            inverse *= 2 - denominator * inverse; // inverse mod 2^128
            inverse *= 2 - denominator * inverse; // inverse mod 2^256

            // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
            // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
            // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
            // is no longer required.
            result = prod0 * inverse;
            return result;
        }
    }

    /**
     * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
     */
    function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
        uint256 result = mulDiv(x, y, denominator);
        if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
            result += 1;
        }
        return result;
    }

    /**
     * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
     * towards zero.
     *
     * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
     */
    function sqrt(uint256 a) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }

        // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
        //
        // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
        // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
        //
        // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
        // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
        // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
        //
        // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
        uint256 result = 1 << (log2(a) >> 1);

        // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
        // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
        // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
        // into the expected uint128 result.
        unchecked {
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            result = (result + a / result) >> 1;
            return min(result, a / result);
        }
    }

    /**
     * @notice Calculates sqrt(a), following the selected rounding direction.
     */
    function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = sqrt(a);
            return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 2 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log2(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 128;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 64;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 32;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 16;
            }
            if (value >> 8 > 0) {
                value >>= 8;
                result += 8;
            }
            if (value >> 4 > 0) {
                value >>= 4;
                result += 4;
            }
            if (value >> 2 > 0) {
                value >>= 2;
                result += 2;
            }
            if (value >> 1 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log2(value);
            return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 10 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     */
    function log10(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >= 10 ** 64) {
                value /= 10 ** 64;
                result += 64;
            }
            if (value >= 10 ** 32) {
                value /= 10 ** 32;
                result += 32;
            }
            if (value >= 10 ** 16) {
                value /= 10 ** 16;
                result += 16;
            }
            if (value >= 10 ** 8) {
                value /= 10 ** 8;
                result += 8;
            }
            if (value >= 10 ** 4) {
                value /= 10 ** 4;
                result += 4;
            }
            if (value >= 10 ** 2) {
                value /= 10 ** 2;
                result += 2;
            }
            if (value >= 10 ** 1) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log10(value);
            return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
        }
    }

    /**
     * @dev Return the log in base 256 of a positive value rounded towards zero.
     * Returns 0 if given 0.
     *
     * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
     */
    function log256(uint256 value) internal pure returns (uint256) {
        uint256 result = 0;
        unchecked {
            if (value >> 128 > 0) {
                value >>= 128;
                result += 16;
            }
            if (value >> 64 > 0) {
                value >>= 64;
                result += 8;
            }
            if (value >> 32 > 0) {
                value >>= 32;
                result += 4;
            }
            if (value >> 16 > 0) {
                value >>= 16;
                result += 2;
            }
            if (value >> 8 > 0) {
                result += 1;
            }
        }
        return result;
    }

    /**
     * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
     * Returns 0 if given 0.
     */
    function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
        unchecked {
            uint256 result = log256(value);
            return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
        }
    }

    /**
     * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
     */
    function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
        return uint8(rounding) % 2 == 1;
    }
}

File 17 of 17 : SignedMath.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)

pragma solidity ^0.8.20;

/**
 * @dev Standard signed math utilities missing in the Solidity language.
 */
library SignedMath {
    /**
     * @dev Returns the largest of two signed numbers.
     */
    function max(int256 a, int256 b) internal pure returns (int256) {
        return a > b ? a : b;
    }

    /**
     * @dev Returns the smallest of two signed numbers.
     */
    function min(int256 a, int256 b) internal pure returns (int256) {
        return a < b ? a : b;
    }

    /**
     * @dev Returns the average of two signed numbers without overflow.
     * The result is rounded towards zero.
     */
    function average(int256 a, int256 b) internal pure returns (int256) {
        // Formula from the book "Hacker's Delight"
        int256 x = (a & b) + ((a ^ b) >> 1);
        return x + (int256(uint256(x) >> 255) & (a ^ b));
    }

    /**
     * @dev Returns the absolute unsigned value of a signed value.
     */
    function abs(int256 n) internal pure returns (uint256) {
        unchecked {
            // must be unchecked in order to support `n = type(int256).min`
            return uint256(n >= 0 ? n : -n);
        }
    }
}

Settings
{
  "remappings": [
    "@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/",
    "LayerZero-v2/=lib/LayerZero-v2/",
    "delegate-registry/=lib/delegate-registry/src/",
    "ds-test/=lib/forge-std/lib/ds-test/src/",
    "erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/",
    "forge-std/=lib/forge-std/src/",
    "murky/=lib/delegate-registry/lib/murky/src/",
    "openzeppelin-contracts/=lib/openzeppelin-contracts/",
    "openzeppelin/=lib/delegate-registry/lib/openzeppelin-contracts/contracts/"
  ],
  "optimizer": {
    "enabled": true,
    "runs": 10000000
  },
  "metadata": {
    "useLiteralContent": false,
    "bytecodeHash": "ipfs",
    "appendCBOR": true
  },
  "outputSelection": {
    "*": {
      "*": [
        "evm.bytecode",
        "evm.deployedBytecode",
        "devdoc",
        "userdoc",
        "metadata",
        "abi"
      ]
    }
  },
  "evmVersion": "paris",
  "viaIR": false,
  "libraries": {}
}

Contract Security Audit

Contract ABI

[{"inputs":[{"internalType":"address","name":"_initialOwner","type":"address"},{"internalType":"address","name":"_presale","type":"address"}],"stateMutability":"payable","type":"constructor"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"}],"name":"AlreadyRefunded","type":"error"},{"inputs":[],"name":"InvalidOpenTierAllocationsMerkleProof","type":"error"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"}],"name":"NothingToRefund","type":"error"},{"inputs":[{"internalType":"address","name":"owner","type":"address"}],"name":"OwnableInvalidOwner","type":"error"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"OwnableUnauthorizedAccount","type":"error"},{"inputs":[],"name":"ReentrancyGuardReentrantCall","type":"error"},{"inputs":[],"name":"RefundsAlreadyStarted","type":"error"},{"inputs":[],"name":"RefundsEnded","type":"error"},{"inputs":[],"name":"RefundsNotEnded","type":"error"},{"inputs":[],"name":"RefundsNotStarted","type":"error"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"TransferFailed","type":"error"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"recipient","type":"address"},{"indexed":true,"internalType":"uint256","name":"amount","type":"uint256"}],"name":"Refunded","type":"event"},{"anonymous":false,"inputs":[],"name":"RefundsStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"amount","type":"uint256"}],"name":"RefundsWithdrawn","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32[]","name":"_proof","type":"bytes32[]"},{"internalType":"uint256","name":"_ethAmount","type":"uint256"},{"internalType":"uint256","name":"_tokensAmount","type":"uint256"}],"name":"claimRefund","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"presale","outputs":[{"internalType":"contract Presale","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32[]","name":"_proof","type":"bytes32[]"},{"internalType":"uint256","name":"_ethAmount","type":"uint256"},{"internalType":"uint256","name":"_tokensAmount","type":"uint256"}],"name":"refundableAmount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"refunded","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"refundsStartedAt","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"renounceOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"startRefunds","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"withdraw","outputs":[],"stateMutability":"nonpayable","type":"function"},{"stateMutability":"payable","type":"receive"}]

60a0604052604051610f00380380610f00833981016040819052610022916100fa565b816001600160a01b03811661005157604051631e4fbdf760e01b81526000600482015260240160405180910390fd5b61005a81610072565b5060016002556001600160a01b03166080525061012d565b600180546001600160a01b031916905561008b8161008e565b50565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b80516001600160a01b03811681146100f557600080fd5b919050565b6000806040838503121561010d57600080fd5b610116836100de565b9150610124602084016100de565b90509250929050565b608051610daa6101566000396000818161027f015281816108bc0152610a110152610daa6000f3fe6080604052600436106100cb5760003560e01c80638da5cb5b11610074578063e30c39781161004e578063e30c397814610222578063f2fde38b1461024d578063fdea8e0b1461026d57600080fd5b80638da5cb5b14610176578063c033a490146101c2578063c71bca6c1461020257600080fd5b80636af582d8116100a55780636af582d814610123578063715018a61461014c57806379ba50971461016157600080fd5b806307a91528146100d75780632fe9f821146100f95780633ccfd60b1461010e57600080fd5b366100d257005b600080fd5b3480156100e357600080fd5b506100f76100f2366004610c1f565b6102a1565b005b34801561010557600080fd5b506100f76104d3565b34801561011a57600080fd5b506100f7610544565b34801561012f57600080fd5b5061013960045481565b6040519081526020015b60405180910390f35b34801561015857600080fd5b506100f76106ac565b34801561016d57600080fd5b506100f76106c0565b34801561018257600080fd5b5060005473ffffffffffffffffffffffffffffffffffffffff165b60405173ffffffffffffffffffffffffffffffffffffffff9091168152602001610143565b3480156101ce57600080fd5b506101f26101dd366004610ca1565b60036020526000908152604090205460ff1681565b6040519015158152602001610143565b34801561020e57600080fd5b5061013961021d366004610c1f565b610737565b34801561022e57600080fd5b5060015473ffffffffffffffffffffffffffffffffffffffff1661019d565b34801561025957600080fd5b506100f7610268366004610ca1565b610757565b34801561027957600080fd5b5061019d7f000000000000000000000000000000000000000000000000000000000000000081565b6102a9610807565b6004546000036102e5576040517f5a54654500000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b6004546102f59062278d00610d06565b42111561032e576040517f2db8eabb00000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b3360009081526003602052604090205460ff161561037f576040517f086735f50000000000000000000000000000000000000000000000000000000081523360048201526024015b60405180910390fd5b61038b84848484610848565b6000610396836109c9565b9050806000036103d4576040517fbb386939000000000000000000000000000000000000000000000000000000008152336004820152602401610376565b3360008181526003602052604080822080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff001660011790555190919083908381818185875af1925050503d806000811461044b576040519150601f19603f3d011682016040523d82523d6000602084013e610450565b606091505b5050905080610494576040517f1c43b97600000000000000000000000000000000000000000000000000000000815233600482015260248101839052604401610376565b604051829033907fd7dee2702d63ad89917b6a4da9981c90c4d24f8c2bdfd64c604ecae57d8d065190600090a350506104cd6001600255565b50505050565b6104db610a9f565b60045415610515576040517fa0827d0c00000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b426004556040517fbc1f5722811e09c8335814964968a46668c64629cb96e3490703ef59a0f5375590600090a1565b61054c610a9f565b600454158061056a57506004546105669062278d00610d06565b4211155b156105a1576040517fafd4a04900000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b4760006105c360005473ffffffffffffffffffffffffffffffffffffffff1690565b73ffffffffffffffffffffffffffffffffffffffff168260405160006040518083038185875af1925050503d806000811461061a576040519150601f19603f3d011682016040523d82523d6000602084013e61061f565b606091505b505090508061067d576000546040517f1c43b97600000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff909116600482015260248101839052604401610376565b60405182907febf375307b93b39034afbc1771b8387e5c41824bdea4a95d9317e0f58555136690600090a25050565b6106b4610a9f565b6106be6000610af2565b565b600154339073ffffffffffffffffffffffffffffffffffffffff16811461072b576040517f118cdaa700000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff82166004820152602401610376565b61073481610af2565b50565b600061074585858585610848565b61074e836109c9565b95945050505050565b61075f610a9f565b6001805473ffffffffffffffffffffffffffffffffffffffff83167fffffffffffffffffffffffff000000000000000000000000000000000000000090911681179091556107c260005473ffffffffffffffffffffffffffffffffffffffff1690565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b6002805403610842576040517f3ee5aeb500000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b60028055565b6040805133602082015290810183905260608101829052600090608001604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe08184030181528282528051602091820120908301520160405160208183030381529060405280519060200120905060007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff166354e9f7cd6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610925573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906109499190610d19565b905061098b868680806020026020016040519081016040528093929190818152602001838360200280828437600092019190915250859250869150610b239050565b6109c1576040517f9cb946d500000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b505050505050565b6040517ff3ef576c000000000000000000000000000000000000000000000000000000008152336004820152600090819073ffffffffffffffffffffffffffffffffffffffff7f0000000000000000000000000000000000000000000000000000000000000000169063f3ef576c90602401602060405180830381865afa158015610a58573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a7c9190610d19565b9050808310610a8e5750600092915050565b610a988382610d32565b9392505050565b60005473ffffffffffffffffffffffffffffffffffffffff1633146106be576040517f118cdaa7000000000000000000000000000000000000000000000000000000008152336004820152602401610376565b600180547fffffffffffffffffffffffff000000000000000000000000000000000000000016905561073481610b39565b600082610b308584610bae565b14949350505050565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b600081815b8451811015610be957610bdf82868381518110610bd257610bd2610d45565b6020026020010151610bf3565b9150600101610bb3565b5090505b92915050565b6000818310610c0f576000828152602084905260409020610a98565b5060009182526020526040902090565b60008060008060608587031215610c3557600080fd5b843567ffffffffffffffff80821115610c4d57600080fd5b818701915087601f830112610c6157600080fd5b813581811115610c7057600080fd5b8860208260051b8501011115610c8557600080fd5b6020928301999098509187013596604001359550909350505050565b600060208284031215610cb357600080fd5b813573ffffffffffffffffffffffffffffffffffffffff81168114610a9857600080fd5b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b80820180821115610bed57610bed610cd7565b600060208284031215610d2b57600080fd5b5051919050565b81810381811115610bed57610bed610cd7565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052603260045260246000fdfea2646970667358221220feb28e021a9ec63c84a2c6ea054c5c1cb1fd7b2583aa9527f0d67784af7c644e64736f6c634300081800330000000000000000000000008d15554f578c952d7388ed12c25384b715cdc6960000000000000000000000007a655a234ddf076c3530ac847040f8d8c5115021

Deployed Bytecode

0x6080604052600436106100cb5760003560e01c80638da5cb5b11610074578063e30c39781161004e578063e30c397814610222578063f2fde38b1461024d578063fdea8e0b1461026d57600080fd5b80638da5cb5b14610176578063c033a490146101c2578063c71bca6c1461020257600080fd5b80636af582d8116100a55780636af582d814610123578063715018a61461014c57806379ba50971461016157600080fd5b806307a91528146100d75780632fe9f821146100f95780633ccfd60b1461010e57600080fd5b366100d257005b600080fd5b3480156100e357600080fd5b506100f76100f2366004610c1f565b6102a1565b005b34801561010557600080fd5b506100f76104d3565b34801561011a57600080fd5b506100f7610544565b34801561012f57600080fd5b5061013960045481565b6040519081526020015b60405180910390f35b34801561015857600080fd5b506100f76106ac565b34801561016d57600080fd5b506100f76106c0565b34801561018257600080fd5b5060005473ffffffffffffffffffffffffffffffffffffffff165b60405173ffffffffffffffffffffffffffffffffffffffff9091168152602001610143565b3480156101ce57600080fd5b506101f26101dd366004610ca1565b60036020526000908152604090205460ff1681565b6040519015158152602001610143565b34801561020e57600080fd5b5061013961021d366004610c1f565b610737565b34801561022e57600080fd5b5060015473ffffffffffffffffffffffffffffffffffffffff1661019d565b34801561025957600080fd5b506100f7610268366004610ca1565b610757565b34801561027957600080fd5b5061019d7f0000000000000000000000007a655a234ddf076c3530ac847040f8d8c511502181565b6102a9610807565b6004546000036102e5576040517f5a54654500000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b6004546102f59062278d00610d06565b42111561032e576040517f2db8eabb00000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b3360009081526003602052604090205460ff161561037f576040517f086735f50000000000000000000000000000000000000000000000000000000081523360048201526024015b60405180910390fd5b61038b84848484610848565b6000610396836109c9565b9050806000036103d4576040517fbb386939000000000000000000000000000000000000000000000000000000008152336004820152602401610376565b3360008181526003602052604080822080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff001660011790555190919083908381818185875af1925050503d806000811461044b576040519150601f19603f3d011682016040523d82523d6000602084013e610450565b606091505b5050905080610494576040517f1c43b97600000000000000000000000000000000000000000000000000000000815233600482015260248101839052604401610376565b604051829033907fd7dee2702d63ad89917b6a4da9981c90c4d24f8c2bdfd64c604ecae57d8d065190600090a350506104cd6001600255565b50505050565b6104db610a9f565b60045415610515576040517fa0827d0c00000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b426004556040517fbc1f5722811e09c8335814964968a46668c64629cb96e3490703ef59a0f5375590600090a1565b61054c610a9f565b600454158061056a57506004546105669062278d00610d06565b4211155b156105a1576040517fafd4a04900000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b4760006105c360005473ffffffffffffffffffffffffffffffffffffffff1690565b73ffffffffffffffffffffffffffffffffffffffff168260405160006040518083038185875af1925050503d806000811461061a576040519150601f19603f3d011682016040523d82523d6000602084013e61061f565b606091505b505090508061067d576000546040517f1c43b97600000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff909116600482015260248101839052604401610376565b60405182907febf375307b93b39034afbc1771b8387e5c41824bdea4a95d9317e0f58555136690600090a25050565b6106b4610a9f565b6106be6000610af2565b565b600154339073ffffffffffffffffffffffffffffffffffffffff16811461072b576040517f118cdaa700000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff82166004820152602401610376565b61073481610af2565b50565b600061074585858585610848565b61074e836109c9565b95945050505050565b61075f610a9f565b6001805473ffffffffffffffffffffffffffffffffffffffff83167fffffffffffffffffffffffff000000000000000000000000000000000000000090911681179091556107c260005473ffffffffffffffffffffffffffffffffffffffff1690565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b6002805403610842576040517f3ee5aeb500000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b60028055565b6040805133602082015290810183905260608101829052600090608001604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe08184030181528282528051602091820120908301520160405160208183030381529060405280519060200120905060007f0000000000000000000000007a655a234ddf076c3530ac847040f8d8c511502173ffffffffffffffffffffffffffffffffffffffff166354e9f7cd6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610925573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906109499190610d19565b905061098b868680806020026020016040519081016040528093929190818152602001838360200280828437600092019190915250859250869150610b239050565b6109c1576040517f9cb946d500000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b505050505050565b6040517ff3ef576c000000000000000000000000000000000000000000000000000000008152336004820152600090819073ffffffffffffffffffffffffffffffffffffffff7f0000000000000000000000007a655a234ddf076c3530ac847040f8d8c5115021169063f3ef576c90602401602060405180830381865afa158015610a58573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a7c9190610d19565b9050808310610a8e5750600092915050565b610a988382610d32565b9392505050565b60005473ffffffffffffffffffffffffffffffffffffffff1633146106be576040517f118cdaa7000000000000000000000000000000000000000000000000000000008152336004820152602401610376565b600180547fffffffffffffffffffffffff000000000000000000000000000000000000000016905561073481610b39565b600082610b308584610bae565b14949350505050565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b600081815b8451811015610be957610bdf82868381518110610bd257610bd2610d45565b6020026020010151610bf3565b9150600101610bb3565b5090505b92915050565b6000818310610c0f576000828152602084905260409020610a98565b5060009182526020526040902090565b60008060008060608587031215610c3557600080fd5b843567ffffffffffffffff80821115610c4d57600080fd5b818701915087601f830112610c6157600080fd5b813581811115610c7057600080fd5b8860208260051b8501011115610c8557600080fd5b6020928301999098509187013596604001359550909350505050565b600060208284031215610cb357600080fd5b813573ffffffffffffffffffffffffffffffffffffffff81168114610a9857600080fd5b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b80820180821115610bed57610bed610cd7565b600060208284031215610d2b57600080fd5b5051919050565b81810381811115610bed57610bed610cd7565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052603260045260246000fdfea2646970667358221220feb28e021a9ec63c84a2c6ea054c5c1cb1fd7b2583aa9527f0d67784af7c644e64736f6c63430008180033

Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)

0000000000000000000000008d15554f578c952d7388ed12c25384b715cdc6960000000000000000000000007a655a234ddf076c3530ac847040f8d8c5115021

-----Decoded View---------------
Arg [0] : _initialOwner (address): 0x8d15554f578c952D7388ED12C25384b715CdC696
Arg [1] : _presale (address): 0x7A655a234DDf076C3530aC847040f8d8C5115021

-----Encoded View---------------
2 Constructor Arguments found :
Arg [0] : 0000000000000000000000008d15554f578c952d7388ed12c25384b715cdc696
Arg [1] : 0000000000000000000000007a655a234ddf076c3530ac847040f8d8c5115021


Block Transaction Difficulty Gas Used Reward
View All Blocks Produced

Block Uncle Number Difficulty Gas Used Reward
View All Uncles
Loading...
Loading
Loading...
Loading

Validator Index Block Amount
View All Withdrawals

Transaction Hash Block Value Eth2 PubKey Valid
View All Deposits
Loading...
Loading
[ Download: CSV Export  ]
[ Download: CSV Export  ]

A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.