Transaction Hash:
Block:
19683612 at Apr-18-2024 04:44:35 PM +UTC
Transaction Fee:
0.001288002791584775 ETH
$3.33
Gas Used:
84,559 Gas / 15.232001225 Gwei
Emitted Events:
| 355 |
Cigawrettes.Transfer( from=0x84aabB21...12230aC5a, to=[Sender] 0x8889bc01df9b009612e25003eba5d07678dc18ad, tokenId=7308 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x20370a11...55F5b8351 | 0.003099170888668864 Eth | 0.008899170888668864 Eth | 0.0058 | ||
| 0x3603b7a7...FB6416EBA | 0.99175 Eth | 1.01495 Eth | 0.0232 | ||
| 0x8889Bc01...678dC18AD |
0.079663815818739437 Eth
Nonce: 217
|
0.049375813027154662 Eth
Nonce: 218
| 0.030288002791584775 | ||
|
0x95222290...5CC4BAfe5
Miner
| (beaverbuild) | 9.987355158665463458 Eth | 9.987439717665463458 Eth | 0.000084559 | |
| 0xEEd41d06...E75F0683f |
Execution Trace
ETH 0.029
CigAffiliate.transfer( tokenIds=[7308], affiliate=0x20370a110bC13122747f639a558802255F5b8351 )
-
Cigawrettes.safeTransferFrom( from=0x84aabB216768Afb5Ef7770DF2518E2c12230aC5a, to=0x8889Bc01dF9B009612e25003eBa5D07678dC18AD, tokenId=7308, _data=0x )
-
Cigawrettes.balanceOf( owner=0x20370a110bC13122747f639a558802255F5b8351 ) => ( 3 )
- ETH 0.0058
0x20370a110bc13122747f639a558802255f5b8351.CALL( )
transfer[CigAffiliate (ln:76)]
getPrice[CigAffiliate (ln:78)]_transfer[CigAffiliate (ln:80)]safeTransferFrom[CigAffiliate (ln:70)]safeTransferFrom[CigAffiliate (ln:73)]
getAffiliatePercentage[CigAffiliate (ln:82)]balanceOf[CigAffiliate (ln:57)]
call[CigAffiliate (ln:83)]payable[CigAffiliate (ln:83)]
File 1 of 2: CigAffiliate
File 2 of 2: Cigawrettes
// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.4;
import "./ReentrancyGuard.sol";
import "./Ownable.sol";
import "./IERC721A.sol";
contract CigAffiliate is Ownable, ReentrancyGuard {
// addresses
address poolAddress = 0x84aabB216768Afb5Ef7770DF2518E2c12230aC5a;
address cigawrettesAddress = 0xEEd41d06AE195CA8f5CaCACE4cd691EE75F0683f;
// affiliate percentages and tiers
uint256[4] affiliatePercentages = [15, 20, 25, 25];
uint256[3] affiliateTiers = [1, 15, 15];
// prices and tiers
uint256[6] prices = [0.029 ether, 0.025 ether, 0.023 ether, 0.021 ether, 0.019 ether, 0.019 ether];
uint256[5] tiers = [5, 25, 50, 100, 100];
IERC721A nftContract = IERC721A(cigawrettesAddress);
function setPrices(uint256[6] memory _prices) external onlyOwner {
require(_prices.length == 6, "Prices length must be 6");
for (uint i = 0; i < 6; i++) {
prices[i] = _prices[i];
}
}
function setTiers(uint256[5] memory _tiers) external onlyOwner {
require(_tiers.length == 5, "Tiers length must be 5");
for (uint i = 0; i < 5; i++) {
tiers[i] = _tiers[i];
}
}
function setAffiliatePercentages(uint256[4] memory _percentages) external onlyOwner {
require(_percentages.length == 4, "Prices length must be 4");
for (uint i = 0; i < 4; i++) {
affiliatePercentages[i] = _percentages[i];
}
}
function setAffiliateTiers(uint256[3] memory _tiers) external onlyOwner {
require(_tiers.length == 3, "Tiers length must be 3");
for (uint i = 0; i < 3; i++) {
affiliateTiers[i] = _tiers[i];
}
}
function getPrice(uint256 quantity) public view returns (uint256) {
if(quantity < tiers[0]) {
return prices[0] * quantity;
} else if (quantity < tiers[1]) {
return prices[1] * quantity;
} else if (quantity < tiers[2]) {
return prices[2] * quantity;
} else if (quantity < tiers[3]) {
return prices[3] * quantity;
} else if (quantity < tiers[4]) {
return prices[4] * quantity;
} else {
return prices[5] * quantity;
}
}
function getAffiliatePercentage(address affiliate) public view returns (uint256) {
uint256 balance = nftContract.balanceOf(affiliate);
if (balance < affiliateTiers[0]) {
return affiliatePercentages[0];
} else if (balance < affiliateTiers[1]) {
return affiliatePercentages[1];
} else if (balance < affiliateTiers[2]) {
return affiliatePercentages[2];
} else {
return affiliatePercentages[3];
}
}
function _transfer(uint256[] calldata tokenIds) internal {
if(tokenIds.length == 1) {
nftContract.safeTransferFrom(poolAddress, msg.sender, tokenIds[0], "");
} else {
for (uint256 i = 0; i < tokenIds.length; i++)
nftContract.safeTransferFrom(poolAddress, msg.sender, tokenIds[i], "");
}
}
function transfer(uint256[] calldata tokenIds, address affiliate) external payable nonReentrant {
require(tokenIds.length >= 1, "Need at least 1 tokenId.");
require(msg.value >= getPrice(tokenIds.length), "Not enough ETH sent.");
require(msg.sender != affiliate, "You cannot affiliate yourself.");
_transfer(tokenIds);
if (affiliate != address(0)) {
uint256 affiliatePercentage = getAffiliatePercentage(affiliate);
(bool success, ) = payable(affiliate)
.call{
value: (msg.value * affiliatePercentage) / 100
}("");
require(success, "Transfer failed.");
}
}
function setPoolAddress(address _poolAddress) external onlyOwner {
poolAddress = _poolAddress;
}
function withdraw(address payable to) external onlyOwner {
require(to != address(0));
to.transfer(address(this).balance);
}
function setCigawrettes(
address _cigawrettesAddress
) external onlyOwner {
cigawrettesAddress = _cigawrettesAddress;
nftContract = IERC721A(cigawrettesAddress);
}
}
// SPDX-License-Identifier: MIT
// ERC721A Contracts v4.2.3
// Creator: Chiru Labs
pragma solidity ^0.8.4;
/**
* @dev Interface of ERC721A.
*/
interface IERC721A {
/**
* The caller must own the token or be an approved operator.
*/
error ApprovalCallerNotOwnerNorApproved();
/**
* The token does not exist.
*/
error ApprovalQueryForNonexistentToken();
/**
* Cannot query the balance for the zero address.
*/
error BalanceQueryForZeroAddress();
/**
* Cannot mint to the zero address.
*/
error MintToZeroAddress();
/**
* The quantity of tokens minted must be more than zero.
*/
error MintZeroQuantity();
/**
* The token does not exist.
*/
error OwnerQueryForNonexistentToken();
/**
* The caller must own the token or be an approved operator.
*/
error TransferCallerNotOwnerNorApproved();
/**
* The token must be owned by `from`.
*/
error TransferFromIncorrectOwner();
/**
* Cannot safely transfer to a contract that does not implement the
* ERC721Receiver interface.
*/
error TransferToNonERC721ReceiverImplementer();
/**
* Cannot transfer to the zero address.
*/
error TransferToZeroAddress();
/**
* The token does not exist.
*/
error URIQueryForNonexistentToken();
/**
* The `quantity` minted with ERC2309 exceeds the safety limit.
*/
error MintERC2309QuantityExceedsLimit();
/**
* The `extraData` cannot be set on an unintialized ownership slot.
*/
error OwnershipNotInitializedForExtraData();
// =============================================================
// STRUCTS
// =============================================================
struct TokenOwnership {
// The address of the owner.
address addr;
// Stores the start time of ownership with minimal overhead for tokenomics.
uint64 startTimestamp;
// Whether the token has been burned.
bool burned;
// Arbitrary data similar to `startTimestamp` that can be set via {_extraData}.
uint24 extraData;
}
// =============================================================
// TOKEN COUNTERS
// =============================================================
/**
* @dev Returns the total number of tokens in existence.
* Burned tokens will reduce the count.
* To get the total number of tokens minted, please see {_totalMinted}.
*/
function totalSupply() external view returns (uint256);
// =============================================================
// IERC165
// =============================================================
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* [EIP section](https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified)
* to learn more about how these ids are created.
*
* This function call must use less than 30000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
// =============================================================
// IERC721
// =============================================================
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables
* (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in `owner`'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`,
* checking first that contract recipients are aware of the ERC721 protocol
* to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move
* this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement
* {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external payable;
/**
* @dev Equivalent to `safeTransferFrom(from, to, tokenId, '')`.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external payable;
/**
* @dev Transfers `tokenId` from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom}
* whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token
* by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external payable;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the
* zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external payable;
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom}
* for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
// =============================================================
// IERC721Metadata
// =============================================================
/**
* @dev Returns the token collection name.
*/
function name() external view returns (string memory);
/**
* @dev Returns the token collection symbol.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
*/
function tokenURI(uint256 tokenId) external view returns (string memory);
// =============================================================
// IERC2309
// =============================================================
/**
* @dev Emitted when tokens in `fromTokenId` to `toTokenId`
* (inclusive) is transferred from `from` to `to`, as defined in the
* [ERC2309](https://eips.ethereum.org/EIPS/eip-2309) standard.
*
* See {_mintERC2309} for more details.
*/
event ConsecutiveTransfer(uint256 indexed fromTokenId, uint256 toTokenId, address indexed from, address indexed to);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "./Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)
pragma solidity ^0.8.20;
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuard {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant NOT_ENTERED = 1;
uint256 private constant ENTERED = 2;
uint256 private _status;
/**
* @dev Unauthorized reentrant call.
*/
error ReentrancyGuardReentrantCall();
constructor() {
_status = NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
_nonReentrantBefore();
_;
_nonReentrantAfter();
}
function _nonReentrantBefore() private {
// On the first call to nonReentrant, _status will be NOT_ENTERED
if (_status == ENTERED) {
revert ReentrancyGuardReentrantCall();
}
// Any calls to nonReentrant after this point will fail
_status = ENTERED;
}
function _nonReentrantAfter() private {
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = NOT_ENTERED;
}
/**
* @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
* `nonReentrant` function in the call stack.
*/
function _reentrancyGuardEntered() internal view returns (bool) {
return _status == ENTERED;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
File 2 of 2: Cigawrettes
{"Cigawrettes.sol":{"content":"// SPDX-License-Identifier: CC0-1.0\npragma solidity ^0.8.4;\n\nimport \"./ERC721A.sol\";\nimport \"./Ownable.sol\";\nimport \"./ECDSA.sol\";\nimport \"./MerkleProof.sol\";\n\ncontract Cigawrettes is ERC721A, Ownable {\n using ECDSA for bytes32;\n\n uint256 constant AMOUNT = 1;\n uint256 constant MAX = 20;\n uint256 constant CIG_MAX = 9999;\n uint256 constant RESERVE_MAX = 500;\n uint256 constant PRICE = 0.0333 ether;\n uint256 constant EARLY_PRICE = 0.0111 ether;\n uint256 constant EARLY_DATE = 1664596800;\n uint256 constant PRESALE_DATE = 1663945200;\n uint256 private _reserveMinted = 0;\n bytes32 private _merkleRoot;\n string private _baseTokenURI;\n\n constructor(string memory baseURI) ERC721A(\"Cigawrettes\", \"CIG\") {\n _baseTokenURI = baseURI;\n }\n\n modifier callerIsUser() {\n require(\n tx.origin == msg.sender,\n \"Are you who you say you are?\"\n );\n _;\n }\n\n function setBaseURI(string calldata baseURI) external onlyOwner {\n _baseTokenURI = baseURI;\n }\n\n function _baseURI() internal view virtual override returns (string memory) {\n return _baseTokenURI;\n }\n\n function getPrice(uint256 quantity) internal view returns (uint256) {\n uint256 unit = ((block.timestamp \u003e EARLY_DATE) ? PRICE : EARLY_PRICE);\n if(quantity \u003e= 5 \u0026\u0026 quantity \u003c 11) {\n return unit * quantity * 90 / 100;\n } else if (quantity \u003e= 11) {\n return unit * quantity * 81 / 100;\n } else {\n return unit * quantity;\n }\n }\n\n function mint(uint256 quantity) external callerIsUser payable {\n require(block.timestamp \u003e PRESALE_DATE, \"Still in presale, try again Sept 23th @ 11am EST!\");\n require(_totalMinted() + quantity \u003c CIG_MAX, \"Not enough Cigawrettes left.\");\n require(msg.value \u003e= getPrice(quantity), \"Not enough eth\");\n require(balanceOf(msg.sender) + quantity \u003c 20, \"Can\u0027t buy more than 20 Packs.\");\n _safeMint(msg.sender, quantity);\n }\n\n function freeMint(uint256 quantity, bytes32[] memory proof) external callerIsUser payable {\n require(_merkleRoot != \"\", \"Free Mint merkle tree not set\");\n require(\n MerkleProof.verify(\n proof,\n _merkleRoot,\n keccak256(abi.encodePacked(msg.sender, AMOUNT))\n ),\n \"I\u0027m sorry you\u0027re not on the presale list\"\n );\n require(_totalMinted() + quantity \u003c CIG_MAX, \"Not enough Cigawrettes left.\");\n require(msg.value \u003e= (getPrice(balanceOf(msg.sender) \u003c 1 ? quantity - 1 : quantity)), \"Not enough eth\");\n require(balanceOf(msg.sender) + quantity \u003c 20, \"Can\u0027t buy more than 20 Packs.\");\n _safeMint(msg.sender, quantity);\n }\n\n function reserveMint(address[] memory to) external onlyOwner {\n require(_totalMinted() + to.length \u003c CIG_MAX, \"Not enough Cigawrettes left.\");\n require(_reserveMinted + to.length \u003c RESERVE_MAX, \"Too many reserves, not allowed.\");\n _reserveMinted += to.length;\n for (uint i=0; i\u003cto.length; i++) {\n _safeMint(to[i], AMOUNT);\n }\n }\n\n function setMerkleRoot(bytes32 newMerkleRoot_) external onlyOwner {\n _merkleRoot = newMerkleRoot_;\n }\n\n function withdraw(address payable to) external onlyOwner {\n require(to != address(0));\n to.transfer(address(this).balance);\n }\n\n function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {\n if (!_exists(tokenId)) revert URIQueryForNonexistentToken();\n\n string memory baseURI = _baseURI();\n return bytes(baseURI).length != 0 ? string(abi.encodePacked(baseURI, \"/\", _toString(tokenId), \".json\")) : \u0027\u0027;\n }\n}\n"},"Context.sol":{"content":"// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes calldata) {\n return msg.data;\n }\n}\n"},"ECDSA.sol":{"content":"// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.3) (utils/cryptography/ECDSA.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./Strings.sol\";\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n enum RecoverError {\n NoError,\n InvalidSignature,\n InvalidSignatureLength,\n InvalidSignatureS,\n InvalidSignatureV\n }\n\n function _throwError(RecoverError error) private pure {\n if (error == RecoverError.NoError) {\n return; // no error: do nothing\n } else if (error == RecoverError.InvalidSignature) {\n revert(\"ECDSA: invalid signature\");\n } else if (error == RecoverError.InvalidSignatureLength) {\n revert(\"ECDSA: invalid signature length\");\n } else if (error == RecoverError.InvalidSignatureS) {\n revert(\"ECDSA: invalid signature \u0027s\u0027 value\");\n } else if (error == RecoverError.InvalidSignatureV) {\n revert(\"ECDSA: invalid signature \u0027v\u0027 value\");\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature` or error string. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n *\n * Documentation for signature generation:\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\n *\n * _Available since v4.3._\n */\n function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {\n if (signature.length == 65) {\n bytes32 r;\n bytes32 s;\n uint8 v;\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n /// @solidity memory-safe-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n return tryRecover(hash, v, r, s);\n } else {\n return (address(0), RecoverError.InvalidSignatureLength);\n }\n }\n\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, signature);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\n *\n * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]\n *\n * _Available since v4.3._\n */\n function tryRecover(\n bytes32 hash,\n bytes32 r,\n bytes32 vs\n ) internal pure returns (address, RecoverError) {\n bytes32 s = vs \u0026 bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\n uint8 v = uint8((uint256(vs) \u003e\u003e 255) + 27);\n return tryRecover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.\n *\n * _Available since v4.2._\n */\n function recover(\n bytes32 hash,\n bytes32 r,\n bytes32 vs\n ) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, r, vs);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\n * `r` and `s` signature fields separately.\n *\n * _Available since v4.3._\n */\n function tryRecover(\n bytes32 hash,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal pure returns (address, RecoverError) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (301): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) \u003e 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return (address(0), RecoverError.InvalidSignatureS);\n }\n if (v != 27 \u0026\u0026 v != 28) {\n return (address(0), RecoverError.InvalidSignatureV);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n if (signer == address(0)) {\n return (address(0), RecoverError.InvalidSignature);\n }\n\n return (signer, RecoverError.NoError);\n }\n\n /**\n * @dev Overload of {ECDSA-recover} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(\n bytes32 hash,\n uint8 v,\n bytes32 r,\n bytes32 s\n ) internal pure returns (address) {\n (address recovered, RecoverError error) = tryRecover(hash, v, r, s);\n _throwError(error);\n return recovered;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from `s`. This\n * produces hash corresponding to the one signed with the\n * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]\n * JSON-RPC method as part of EIP-191.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n\", Strings.toString(s.length), s));\n }\n\n /**\n * @dev Returns an Ethereum Signed Typed Data, created from a\n * `domainSeparator` and a `structHash`. This produces hash corresponding\n * to the one signed with the\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]\n * JSON-RPC method as part of EIP-712.\n *\n * See {recover}.\n */\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32) {\n return keccak256(abi.encodePacked(\"\\x19\\x01\", domainSeparator, structHash));\n }\n}\n"},"ERC721A.sol":{"content":"// SPDX-License-Identifier: MIT\n// ERC721A Contracts v4.2.3\n// Creator: Chiru Labs\n\npragma solidity ^0.8.4;\n\nimport \u0027./IERC721A.sol\u0027;\n\n/**\n * @dev Interface of ERC721 token receiver.\n */\ninterface ERC721A__IERC721Receiver {\n function onERC721Received(\n address operator,\n address from,\n uint256 tokenId,\n bytes calldata data\n ) external returns (bytes4);\n}\n\n/**\n * @title ERC721A\n *\n * @dev Implementation of the [ERC721](https://eips.ethereum.org/EIPS/eip-721)\n * Non-Fungible Token Standard, including the Metadata extension.\n * Optimized for lower gas during batch mints.\n *\n * Token IDs are minted in sequential order (e.g. 0, 1, 2, 3, ...)\n * starting from `_startTokenId()`.\n *\n * Assumptions:\n *\n * - An owner cannot have more than 2**64 - 1 (max value of uint64) of supply.\n * - The maximum token ID cannot exceed 2**256 - 1 (max value of uint256).\n */\ncontract ERC721A is IERC721A {\n // Bypass for a `--via-ir` bug (https://github.com/chiru-labs/ERC721A/pull/364).\n struct TokenApprovalRef {\n address value;\n }\n\n // =============================================================\n // CONSTANTS\n // =============================================================\n\n // Mask of an entry in packed address data.\n uint256 private constant _BITMASK_ADDRESS_DATA_ENTRY = (1 \u003c\u003c 64) - 1;\n\n // The bit position of `numberMinted` in packed address data.\n uint256 private constant _BITPOS_NUMBER_MINTED = 64;\n\n // The bit position of `numberBurned` in packed address data.\n uint256 private constant _BITPOS_NUMBER_BURNED = 128;\n\n // The bit position of `aux` in packed address data.\n uint256 private constant _BITPOS_AUX = 192;\n\n // Mask of all 256 bits in packed address data except the 64 bits for `aux`.\n uint256 private constant _BITMASK_AUX_COMPLEMENT = (1 \u003c\u003c 192) - 1;\n\n // The bit position of `startTimestamp` in packed ownership.\n uint256 private constant _BITPOS_START_TIMESTAMP = 160;\n\n // The bit mask of the `burned` bit in packed ownership.\n uint256 private constant _BITMASK_BURNED = 1 \u003c\u003c 224;\n\n // The bit position of the `nextInitialized` bit in packed ownership.\n uint256 private constant _BITPOS_NEXT_INITIALIZED = 225;\n\n // The bit mask of the `nextInitialized` bit in packed ownership.\n uint256 private constant _BITMASK_NEXT_INITIALIZED = 1 \u003c\u003c 225;\n\n // The bit position of `extraData` in packed ownership.\n uint256 private constant _BITPOS_EXTRA_DATA = 232;\n\n // Mask of all 256 bits in a packed ownership except the 24 bits for `extraData`.\n uint256 private constant _BITMASK_EXTRA_DATA_COMPLEMENT = (1 \u003c\u003c 232) - 1;\n\n // The mask of the lower 160 bits for addresses.\n uint256 private constant _BITMASK_ADDRESS = (1 \u003c\u003c 160) - 1;\n\n // The maximum `quantity` that can be minted with {_mintERC2309}.\n // This limit is to prevent overflows on the address data entries.\n // For a limit of 5000, a total of 3.689e15 calls to {_mintERC2309}\n // is required to cause an overflow, which is unrealistic.\n uint256 private constant _MAX_MINT_ERC2309_QUANTITY_LIMIT = 5000;\n\n // The `Transfer` event signature is given by:\n // `keccak256(bytes(\"Transfer(address,address,uint256)\"))`.\n bytes32 private constant _TRANSFER_EVENT_SIGNATURE =\n 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef;\n\n // =============================================================\n // STORAGE\n // =============================================================\n\n // The next token ID to be minted.\n uint256 private _currentIndex;\n\n // The number of tokens burned.\n uint256 private _burnCounter;\n\n // Token name\n string private _name;\n\n // Token symbol\n string private _symbol;\n\n // Mapping from token ID to ownership details\n // An empty struct value does not necessarily mean the token is unowned.\n // See {_packedOwnershipOf} implementation for details.\n //\n // Bits Layout:\n // - [0..159] `addr`\n // - [160..223] `startTimestamp`\n // - [224] `burned`\n // - [225] `nextInitialized`\n // - [232..255] `extraData`\n mapping(uint256 =\u003e uint256) private _packedOwnerships;\n\n // Mapping owner address to address data.\n //\n // Bits Layout:\n // - [0..63] `balance`\n // - [64..127] `numberMinted`\n // - [128..191] `numberBurned`\n // - [192..255] `aux`\n mapping(address =\u003e uint256) private _packedAddressData;\n\n // Mapping from token ID to approved address.\n mapping(uint256 =\u003e TokenApprovalRef) private _tokenApprovals;\n\n // Mapping from owner to operator approvals\n mapping(address =\u003e mapping(address =\u003e bool)) private _operatorApprovals;\n\n // =============================================================\n // CONSTRUCTOR\n // =============================================================\n\n constructor(string memory name_, string memory symbol_) {\n _name = name_;\n _symbol = symbol_;\n _currentIndex = _startTokenId();\n }\n\n // =============================================================\n // TOKEN COUNTING OPERATIONS\n // =============================================================\n\n /**\n * @dev Returns the starting token ID.\n * To change the starting token ID, please override this function.\n */\n function _startTokenId() internal view virtual returns (uint256) {\n return 0;\n }\n\n /**\n * @dev Returns the next token ID to be minted.\n */\n function _nextTokenId() internal view virtual returns (uint256) {\n return _currentIndex;\n }\n\n /**\n * @dev Returns the total number of tokens in existence.\n * Burned tokens will reduce the count.\n * To get the total number of tokens minted, please see {_totalMinted}.\n */\n function totalSupply() public view virtual override returns (uint256) {\n // Counter underflow is impossible as _burnCounter cannot be incremented\n // more than `_currentIndex - _startTokenId()` times.\n unchecked {\n return _currentIndex - _burnCounter - _startTokenId();\n }\n }\n\n /**\n * @dev Returns the total amount of tokens minted in the contract.\n */\n function _totalMinted() internal view virtual returns (uint256) {\n // Counter underflow is impossible as `_currentIndex` does not decrement,\n // and it is initialized to `_startTokenId()`.\n unchecked {\n return _currentIndex - _startTokenId();\n }\n }\n\n /**\n * @dev Returns the total number of tokens burned.\n */\n function _totalBurned() internal view virtual returns (uint256) {\n return _burnCounter;\n }\n\n // =============================================================\n // ADDRESS DATA OPERATIONS\n // =============================================================\n\n /**\n * @dev Returns the number of tokens in `owner`\u0027s account.\n */\n function balanceOf(address owner) public view virtual override returns (uint256) {\n if (owner == address(0)) revert BalanceQueryForZeroAddress();\n return _packedAddressData[owner] \u0026 _BITMASK_ADDRESS_DATA_ENTRY;\n }\n\n /**\n * Returns the number of tokens minted by `owner`.\n */\n function _numberMinted(address owner) internal view returns (uint256) {\n return (_packedAddressData[owner] \u003e\u003e _BITPOS_NUMBER_MINTED) \u0026 _BITMASK_ADDRESS_DATA_ENTRY;\n }\n\n /**\n * Returns the number of tokens burned by or on behalf of `owner`.\n */\n function _numberBurned(address owner) internal view returns (uint256) {\n return (_packedAddressData[owner] \u003e\u003e _BITPOS_NUMBER_BURNED) \u0026 _BITMASK_ADDRESS_DATA_ENTRY;\n }\n\n /**\n * Returns the auxiliary data for `owner`. (e.g. number of whitelist mint slots used).\n */\n function _getAux(address owner) internal view returns (uint64) {\n return uint64(_packedAddressData[owner] \u003e\u003e _BITPOS_AUX);\n }\n\n /**\n * Sets the auxiliary data for `owner`. (e.g. number of whitelist mint slots used).\n * If there are multiple variables, please pack them into a uint64.\n */\n function _setAux(address owner, uint64 aux) internal virtual {\n uint256 packed = _packedAddressData[owner];\n uint256 auxCasted;\n // Cast `aux` with assembly to avoid redundant masking.\n assembly {\n auxCasted := aux\n }\n packed = (packed \u0026 _BITMASK_AUX_COMPLEMENT) | (auxCasted \u003c\u003c _BITPOS_AUX);\n _packedAddressData[owner] = packed;\n }\n\n // =============================================================\n // IERC165\n // =============================================================\n\n /**\n * @dev Returns true if this contract implements the interface defined by\n * `interfaceId`. See the corresponding\n * [EIP section](https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified)\n * to learn more about how these ids are created.\n *\n * This function call must use less than 30000 gas.\n */\n function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {\n // The interface IDs are constants representing the first 4 bytes\n // of the XOR of all function selectors in the interface.\n // See: [ERC165](https://eips.ethereum.org/EIPS/eip-165)\n // (e.g. `bytes4(i.functionA.selector ^ i.functionB.selector ^ ...)`)\n return\n interfaceId == 0x01ffc9a7 || // ERC165 interface ID for ERC165.\n interfaceId == 0x80ac58cd || // ERC165 interface ID for ERC721.\n interfaceId == 0x5b5e139f; // ERC165 interface ID for ERC721Metadata.\n }\n\n // =============================================================\n // IERC721Metadata\n // =============================================================\n\n /**\n * @dev Returns the token collection name.\n */\n function name() public view virtual override returns (string memory) {\n return _name;\n }\n\n /**\n * @dev Returns the token collection symbol.\n */\n function symbol() public view virtual override returns (string memory) {\n return _symbol;\n }\n\n /**\n * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.\n */\n function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {\n if (!_exists(tokenId)) revert URIQueryForNonexistentToken();\n\n string memory baseURI = _baseURI();\n return bytes(baseURI).length != 0 ? string(abi.encodePacked(baseURI, _toString(tokenId))) : \u0027\u0027;\n }\n\n /**\n * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each\n * token will be the concatenation of the `baseURI` and the `tokenId`. Empty\n * by default, it can be overridden in child contracts.\n */\n function _baseURI() internal view virtual returns (string memory) {\n return \u0027\u0027;\n }\n\n // =============================================================\n // OWNERSHIPS OPERATIONS\n // =============================================================\n\n /**\n * @dev Returns the owner of the `tokenId` token.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function ownerOf(uint256 tokenId) public view virtual override returns (address) {\n return address(uint160(_packedOwnershipOf(tokenId)));\n }\n\n /**\n * @dev Gas spent here starts off proportional to the maximum mint batch size.\n * It gradually moves to O(1) as tokens get transferred around over time.\n */\n function _ownershipOf(uint256 tokenId) internal view virtual returns (TokenOwnership memory) {\n return _unpackedOwnership(_packedOwnershipOf(tokenId));\n }\n\n /**\n * @dev Returns the unpacked `TokenOwnership` struct at `index`.\n */\n function _ownershipAt(uint256 index) internal view virtual returns (TokenOwnership memory) {\n return _unpackedOwnership(_packedOwnerships[index]);\n }\n\n /**\n * @dev Initializes the ownership slot minted at `index` for efficiency purposes.\n */\n function _initializeOwnershipAt(uint256 index) internal virtual {\n if (_packedOwnerships[index] == 0) {\n _packedOwnerships[index] = _packedOwnershipOf(index);\n }\n }\n\n /**\n * Returns the packed ownership data of `tokenId`.\n */\n function _packedOwnershipOf(uint256 tokenId) private view returns (uint256) {\n uint256 curr = tokenId;\n\n unchecked {\n if (_startTokenId() \u003c= curr)\n if (curr \u003c _currentIndex) {\n uint256 packed = _packedOwnerships[curr];\n // If not burned.\n if (packed \u0026 _BITMASK_BURNED == 0) {\n // Invariant:\n // There will always be an initialized ownership slot\n // (i.e. `ownership.addr != address(0) \u0026\u0026 ownership.burned == false`)\n // before an unintialized ownership slot\n // (i.e. `ownership.addr == address(0) \u0026\u0026 ownership.burned == false`)\n // Hence, `curr` will not underflow.\n //\n // We can directly compare the packed value.\n // If the address is zero, packed will be zero.\n while (packed == 0) {\n packed = _packedOwnerships[--curr];\n }\n return packed;\n }\n }\n }\n revert OwnerQueryForNonexistentToken();\n }\n\n /**\n * @dev Returns the unpacked `TokenOwnership` struct from `packed`.\n */\n function _unpackedOwnership(uint256 packed) private pure returns (TokenOwnership memory ownership) {\n ownership.addr = address(uint160(packed));\n ownership.startTimestamp = uint64(packed \u003e\u003e _BITPOS_START_TIMESTAMP);\n ownership.burned = packed \u0026 _BITMASK_BURNED != 0;\n ownership.extraData = uint24(packed \u003e\u003e _BITPOS_EXTRA_DATA);\n }\n\n /**\n * @dev Packs ownership data into a single uint256.\n */\n function _packOwnershipData(address owner, uint256 flags) private view returns (uint256 result) {\n assembly {\n // Mask `owner` to the lower 160 bits, in case the upper bits somehow aren\u0027t clean.\n owner := and(owner, _BITMASK_ADDRESS)\n // `owner | (block.timestamp \u003c\u003c _BITPOS_START_TIMESTAMP) | flags`.\n result := or(owner, or(shl(_BITPOS_START_TIMESTAMP, timestamp()), flags))\n }\n }\n\n /**\n * @dev Returns the `nextInitialized` flag set if `quantity` equals 1.\n */\n function _nextInitializedFlag(uint256 quantity) private pure returns (uint256 result) {\n // For branchless setting of the `nextInitialized` flag.\n assembly {\n // `(quantity == 1) \u003c\u003c _BITPOS_NEXT_INITIALIZED`.\n result := shl(_BITPOS_NEXT_INITIALIZED, eq(quantity, 1))\n }\n }\n\n // =============================================================\n // APPROVAL OPERATIONS\n // =============================================================\n\n /**\n * @dev Gives permission to `to` to transfer `tokenId` token to another account.\n * The approval is cleared when the token is transferred.\n *\n * Only a single account can be approved at a time, so approving the\n * zero address clears previous approvals.\n *\n * Requirements:\n *\n * - The caller must own the token or be an approved operator.\n * - `tokenId` must exist.\n *\n * Emits an {Approval} event.\n */\n function approve(address to, uint256 tokenId) public payable virtual override {\n address owner = ownerOf(tokenId);\n\n if (_msgSenderERC721A() != owner)\n if (!isApprovedForAll(owner, _msgSenderERC721A())) {\n revert ApprovalCallerNotOwnerNorApproved();\n }\n\n _tokenApprovals[tokenId].value = to;\n emit Approval(owner, to, tokenId);\n }\n\n /**\n * @dev Returns the account approved for `tokenId` token.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function getApproved(uint256 tokenId) public view virtual override returns (address) {\n if (!_exists(tokenId)) revert ApprovalQueryForNonexistentToken();\n\n return _tokenApprovals[tokenId].value;\n }\n\n /**\n * @dev Approve or remove `operator` as an operator for the caller.\n * Operators can call {transferFrom} or {safeTransferFrom}\n * for any token owned by the caller.\n *\n * Requirements:\n *\n * - The `operator` cannot be the caller.\n *\n * Emits an {ApprovalForAll} event.\n */\n function setApprovalForAll(address operator, bool approved) public virtual override {\n _operatorApprovals[_msgSenderERC721A()][operator] = approved;\n emit ApprovalForAll(_msgSenderERC721A(), operator, approved);\n }\n\n /**\n * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.\n *\n * See {setApprovalForAll}.\n */\n function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) {\n return _operatorApprovals[owner][operator];\n }\n\n /**\n * @dev Returns whether `tokenId` exists.\n *\n * Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}.\n *\n * Tokens start existing when they are minted. See {_mint}.\n */\n function _exists(uint256 tokenId) internal view virtual returns (bool) {\n return\n _startTokenId() \u003c= tokenId \u0026\u0026\n tokenId \u003c _currentIndex \u0026\u0026 // If within bounds,\n _packedOwnerships[tokenId] \u0026 _BITMASK_BURNED == 0; // and not burned.\n }\n\n /**\n * @dev Returns whether `msgSender` is equal to `approvedAddress` or `owner`.\n */\n function _isSenderApprovedOrOwner(\n address approvedAddress,\n address owner,\n address msgSender\n ) private pure returns (bool result) {\n assembly {\n // Mask `owner` to the lower 160 bits, in case the upper bits somehow aren\u0027t clean.\n owner := and(owner, _BITMASK_ADDRESS)\n // Mask `msgSender` to the lower 160 bits, in case the upper bits somehow aren\u0027t clean.\n msgSender := and(msgSender, _BITMASK_ADDRESS)\n // `msgSender == owner || msgSender == approvedAddress`.\n result := or(eq(msgSender, owner), eq(msgSender, approvedAddress))\n }\n }\n\n /**\n * @dev Returns the storage slot and value for the approved address of `tokenId`.\n */\n function _getApprovedSlotAndAddress(uint256 tokenId)\n private\n view\n returns (uint256 approvedAddressSlot, address approvedAddress)\n {\n TokenApprovalRef storage tokenApproval = _tokenApprovals[tokenId];\n // The following is equivalent to `approvedAddress = _tokenApprovals[tokenId].value`.\n assembly {\n approvedAddressSlot := tokenApproval.slot\n approvedAddress := sload(approvedAddressSlot)\n }\n }\n\n // =============================================================\n // TRANSFER OPERATIONS\n // =============================================================\n\n /**\n * @dev Transfers `tokenId` from `from` to `to`.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must be owned by `from`.\n * - If the caller is not `from`, it must be approved to move this token\n * by either {approve} or {setApprovalForAll}.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(\n address from,\n address to,\n uint256 tokenId\n ) public payable virtual override {\n uint256 prevOwnershipPacked = _packedOwnershipOf(tokenId);\n\n if (address(uint160(prevOwnershipPacked)) != from) revert TransferFromIncorrectOwner();\n\n (uint256 approvedAddressSlot, address approvedAddress) = _getApprovedSlotAndAddress(tokenId);\n\n // The nested ifs save around 20+ gas over a compound boolean condition.\n if (!_isSenderApprovedOrOwner(approvedAddress, from, _msgSenderERC721A()))\n if (!isApprovedForAll(from, _msgSenderERC721A())) revert TransferCallerNotOwnerNorApproved();\n\n if (to == address(0)) revert TransferToZeroAddress();\n\n _beforeTokenTransfers(from, to, tokenId, 1);\n\n // Clear approvals from the previous owner.\n assembly {\n if approvedAddress {\n // This is equivalent to `delete _tokenApprovals[tokenId]`.\n sstore(approvedAddressSlot, 0)\n }\n }\n\n // Underflow of the sender\u0027s balance is impossible because we check for\n // ownership above and the recipient\u0027s balance can\u0027t realistically overflow.\n // Counter overflow is incredibly unrealistic as `tokenId` would have to be 2**256.\n unchecked {\n // We can directly increment and decrement the balances.\n --_packedAddressData[from]; // Updates: `balance -= 1`.\n ++_packedAddressData[to]; // Updates: `balance += 1`.\n\n // Updates:\n // - `address` to the next owner.\n // - `startTimestamp` to the timestamp of transfering.\n // - `burned` to `false`.\n // - `nextInitialized` to `true`.\n _packedOwnerships[tokenId] = _packOwnershipData(\n to,\n _BITMASK_NEXT_INITIALIZED | _nextExtraData(from, to, prevOwnershipPacked)\n );\n\n // If the next slot may not have been initialized (i.e. `nextInitialized == false`) .\n if (prevOwnershipPacked \u0026 _BITMASK_NEXT_INITIALIZED == 0) {\n uint256 nextTokenId = tokenId + 1;\n // If the next slot\u0027s address is zero and not burned (i.e. packed value is zero).\n if (_packedOwnerships[nextTokenId] == 0) {\n // If the next slot is within bounds.\n if (nextTokenId != _currentIndex) {\n // Initialize the next slot to maintain correctness for `ownerOf(tokenId + 1)`.\n _packedOwnerships[nextTokenId] = prevOwnershipPacked;\n }\n }\n }\n }\n\n emit Transfer(from, to, tokenId);\n _afterTokenTransfers(from, to, tokenId, 1);\n }\n\n /**\n * @dev Equivalent to `safeTransferFrom(from, to, tokenId, \u0027\u0027)`.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId\n ) public payable virtual override {\n safeTransferFrom(from, to, tokenId, \u0027\u0027);\n }\n\n /**\n * @dev Safely transfers `tokenId` token from `from` to `to`.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must exist and be owned by `from`.\n * - If the caller is not `from`, it must be approved to move this token\n * by either {approve} or {setApprovalForAll}.\n * - If `to` refers to a smart contract, it must implement\n * {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.\n *\n * Emits a {Transfer} event.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId,\n bytes memory _data\n ) public payable virtual override {\n transferFrom(from, to, tokenId);\n if (to.code.length != 0)\n if (!_checkContractOnERC721Received(from, to, tokenId, _data)) {\n revert TransferToNonERC721ReceiverImplementer();\n }\n }\n\n /**\n * @dev Hook that is called before a set of serially-ordered token IDs\n * are about to be transferred. This includes minting.\n * And also called before burning one token.\n *\n * `startTokenId` - the first token ID to be transferred.\n * `quantity` - the amount to be transferred.\n *\n * Calling conditions:\n *\n * - When `from` and `to` are both non-zero, `from`\u0027s `tokenId` will be\n * transferred to `to`.\n * - When `from` is zero, `tokenId` will be minted for `to`.\n * - When `to` is zero, `tokenId` will be burned by `from`.\n * - `from` and `to` are never both zero.\n */\n function _beforeTokenTransfers(\n address from,\n address to,\n uint256 startTokenId,\n uint256 quantity\n ) internal virtual {}\n\n /**\n * @dev Hook that is called after a set of serially-ordered token IDs\n * have been transferred. This includes minting.\n * And also called after one token has been burned.\n *\n * `startTokenId` - the first token ID to be transferred.\n * `quantity` - the amount to be transferred.\n *\n * Calling conditions:\n *\n * - When `from` and `to` are both non-zero, `from`\u0027s `tokenId` has been\n * transferred to `to`.\n * - When `from` is zero, `tokenId` has been minted for `to`.\n * - When `to` is zero, `tokenId` has been burned by `from`.\n * - `from` and `to` are never both zero.\n */\n function _afterTokenTransfers(\n address from,\n address to,\n uint256 startTokenId,\n uint256 quantity\n ) internal virtual {}\n\n /**\n * @dev Private function to invoke {IERC721Receiver-onERC721Received} on a target contract.\n *\n * `from` - Previous owner of the given token ID.\n * `to` - Target address that will receive the token.\n * `tokenId` - Token ID to be transferred.\n * `_data` - Optional data to send along with the call.\n *\n * Returns whether the call correctly returned the expected magic value.\n */\n function _checkContractOnERC721Received(\n address from,\n address to,\n uint256 tokenId,\n bytes memory _data\n ) private returns (bool) {\n try ERC721A__IERC721Receiver(to).onERC721Received(_msgSenderERC721A(), from, tokenId, _data) returns (\n bytes4 retval\n ) {\n return retval == ERC721A__IERC721Receiver(to).onERC721Received.selector;\n } catch (bytes memory reason) {\n if (reason.length == 0) {\n revert TransferToNonERC721ReceiverImplementer();\n } else {\n assembly {\n revert(add(32, reason), mload(reason))\n }\n }\n }\n }\n\n // =============================================================\n // MINT OPERATIONS\n // =============================================================\n\n /**\n * @dev Mints `quantity` tokens and transfers them to `to`.\n *\n * Requirements:\n *\n * - `to` cannot be the zero address.\n * - `quantity` must be greater than 0.\n *\n * Emits a {Transfer} event for each mint.\n */\n function _mint(address to, uint256 quantity) internal virtual {\n uint256 startTokenId = _currentIndex;\n if (quantity == 0) revert MintZeroQuantity();\n\n _beforeTokenTransfers(address(0), to, startTokenId, quantity);\n\n // Overflows are incredibly unrealistic.\n // `balance` and `numberMinted` have a maximum limit of 2**64.\n // `tokenId` has a maximum limit of 2**256.\n unchecked {\n // Updates:\n // - `balance += quantity`.\n // - `numberMinted += quantity`.\n //\n // We can directly add to the `balance` and `numberMinted`.\n _packedAddressData[to] += quantity * ((1 \u003c\u003c _BITPOS_NUMBER_MINTED) | 1);\n\n // Updates:\n // - `address` to the owner.\n // - `startTimestamp` to the timestamp of minting.\n // - `burned` to `false`.\n // - `nextInitialized` to `quantity == 1`.\n _packedOwnerships[startTokenId] = _packOwnershipData(\n to,\n _nextInitializedFlag(quantity) | _nextExtraData(address(0), to, 0)\n );\n\n uint256 toMasked;\n uint256 end = startTokenId + quantity;\n\n // Use assembly to loop and emit the `Transfer` event for gas savings.\n // The duplicated `log4` removes an extra check and reduces stack juggling.\n // The assembly, together with the surrounding Solidity code, have been\n // delicately arranged to nudge the compiler into producing optimized opcodes.\n assembly {\n // Mask `to` to the lower 160 bits, in case the upper bits somehow aren\u0027t clean.\n toMasked := and(to, _BITMASK_ADDRESS)\n // Emit the `Transfer` event.\n log4(\n 0, // Start of data (0, since no data).\n 0, // End of data (0, since no data).\n _TRANSFER_EVENT_SIGNATURE, // Signature.\n 0, // `address(0)`.\n toMasked, // `to`.\n startTokenId // `tokenId`.\n )\n\n // The `iszero(eq(,))` check ensures that large values of `quantity`\n // that overflows uint256 will make the loop run out of gas.\n // The compiler will optimize the `iszero` away for performance.\n for {\n let tokenId := add(startTokenId, 1)\n } iszero(eq(tokenId, end)) {\n tokenId := add(tokenId, 1)\n } {\n // Emit the `Transfer` event. Similar to above.\n log4(0, 0, _TRANSFER_EVENT_SIGNATURE, 0, toMasked, tokenId)\n }\n }\n if (toMasked == 0) revert MintToZeroAddress();\n\n _currentIndex = end;\n }\n _afterTokenTransfers(address(0), to, startTokenId, quantity);\n }\n\n /**\n * @dev Mints `quantity` tokens and transfers them to `to`.\n *\n * This function is intended for efficient minting only during contract creation.\n *\n * It emits only one {ConsecutiveTransfer} as defined in\n * [ERC2309](https://eips.ethereum.org/EIPS/eip-2309),\n * instead of a sequence of {Transfer} event(s).\n *\n * Calling this function outside of contract creation WILL make your contract\n * non-compliant with the ERC721 standard.\n * For full ERC721 compliance, substituting ERC721 {Transfer} event(s) with the ERC2309\n * {ConsecutiveTransfer} event is only permissible during contract creation.\n *\n * Requirements:\n *\n * - `to` cannot be the zero address.\n * - `quantity` must be greater than 0.\n *\n * Emits a {ConsecutiveTransfer} event.\n */\n function _mintERC2309(address to, uint256 quantity) internal virtual {\n uint256 startTokenId = _currentIndex;\n if (to == address(0)) revert MintToZeroAddress();\n if (quantity == 0) revert MintZeroQuantity();\n if (quantity \u003e _MAX_MINT_ERC2309_QUANTITY_LIMIT) revert MintERC2309QuantityExceedsLimit();\n\n _beforeTokenTransfers(address(0), to, startTokenId, quantity);\n\n // Overflows are unrealistic due to the above check for `quantity` to be below the limit.\n unchecked {\n // Updates:\n // - `balance += quantity`.\n // - `numberMinted += quantity`.\n //\n // We can directly add to the `balance` and `numberMinted`.\n _packedAddressData[to] += quantity * ((1 \u003c\u003c _BITPOS_NUMBER_MINTED) | 1);\n\n // Updates:\n // - `address` to the owner.\n // - `startTimestamp` to the timestamp of minting.\n // - `burned` to `false`.\n // - `nextInitialized` to `quantity == 1`.\n _packedOwnerships[startTokenId] = _packOwnershipData(\n to,\n _nextInitializedFlag(quantity) | _nextExtraData(address(0), to, 0)\n );\n\n emit ConsecutiveTransfer(startTokenId, startTokenId + quantity - 1, address(0), to);\n\n _currentIndex = startTokenId + quantity;\n }\n _afterTokenTransfers(address(0), to, startTokenId, quantity);\n }\n\n /**\n * @dev Safely mints `quantity` tokens and transfers them to `to`.\n *\n * Requirements:\n *\n * - If `to` refers to a smart contract, it must implement\n * {IERC721Receiver-onERC721Received}, which is called for each safe transfer.\n * - `quantity` must be greater than 0.\n *\n * See {_mint}.\n *\n * Emits a {Transfer} event for each mint.\n */\n function _safeMint(\n address to,\n uint256 quantity,\n bytes memory _data\n ) internal virtual {\n _mint(to, quantity);\n\n unchecked {\n if (to.code.length != 0) {\n uint256 end = _currentIndex;\n uint256 index = end - quantity;\n do {\n if (!_checkContractOnERC721Received(address(0), to, index++, _data)) {\n revert TransferToNonERC721ReceiverImplementer();\n }\n } while (index \u003c end);\n // Reentrancy protection.\n if (_currentIndex != end) revert();\n }\n }\n }\n\n /**\n * @dev Equivalent to `_safeMint(to, quantity, \u0027\u0027)`.\n */\n function _safeMint(address to, uint256 quantity) internal virtual {\n _safeMint(to, quantity, \u0027\u0027);\n }\n\n // =============================================================\n // BURN OPERATIONS\n // =============================================================\n\n /**\n * @dev Equivalent to `_burn(tokenId, false)`.\n */\n function _burn(uint256 tokenId) internal virtual {\n _burn(tokenId, false);\n }\n\n /**\n * @dev Destroys `tokenId`.\n * The approval is cleared when the token is burned.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n *\n * Emits a {Transfer} event.\n */\n function _burn(uint256 tokenId, bool approvalCheck) internal virtual {\n uint256 prevOwnershipPacked = _packedOwnershipOf(tokenId);\n\n address from = address(uint160(prevOwnershipPacked));\n\n (uint256 approvedAddressSlot, address approvedAddress) = _getApprovedSlotAndAddress(tokenId);\n\n if (approvalCheck) {\n // The nested ifs save around 20+ gas over a compound boolean condition.\n if (!_isSenderApprovedOrOwner(approvedAddress, from, _msgSenderERC721A()))\n if (!isApprovedForAll(from, _msgSenderERC721A())) revert TransferCallerNotOwnerNorApproved();\n }\n\n _beforeTokenTransfers(from, address(0), tokenId, 1);\n\n // Clear approvals from the previous owner.\n assembly {\n if approvedAddress {\n // This is equivalent to `delete _tokenApprovals[tokenId]`.\n sstore(approvedAddressSlot, 0)\n }\n }\n\n // Underflow of the sender\u0027s balance is impossible because we check for\n // ownership above and the recipient\u0027s balance can\u0027t realistically overflow.\n // Counter overflow is incredibly unrealistic as `tokenId` would have to be 2**256.\n unchecked {\n // Updates:\n // - `balance -= 1`.\n // - `numberBurned += 1`.\n //\n // We can directly decrement the balance, and increment the number burned.\n // This is equivalent to `packed -= 1; packed += 1 \u003c\u003c _BITPOS_NUMBER_BURNED;`.\n _packedAddressData[from] += (1 \u003c\u003c _BITPOS_NUMBER_BURNED) - 1;\n\n // Updates:\n // - `address` to the last owner.\n // - `startTimestamp` to the timestamp of burning.\n // - `burned` to `true`.\n // - `nextInitialized` to `true`.\n _packedOwnerships[tokenId] = _packOwnershipData(\n from,\n (_BITMASK_BURNED | _BITMASK_NEXT_INITIALIZED) | _nextExtraData(from, address(0), prevOwnershipPacked)\n );\n\n // If the next slot may not have been initialized (i.e. `nextInitialized == false`) .\n if (prevOwnershipPacked \u0026 _BITMASK_NEXT_INITIALIZED == 0) {\n uint256 nextTokenId = tokenId + 1;\n // If the next slot\u0027s address is zero and not burned (i.e. packed value is zero).\n if (_packedOwnerships[nextTokenId] == 0) {\n // If the next slot is within bounds.\n if (nextTokenId != _currentIndex) {\n // Initialize the next slot to maintain correctness for `ownerOf(tokenId + 1)`.\n _packedOwnerships[nextTokenId] = prevOwnershipPacked;\n }\n }\n }\n }\n\n emit Transfer(from, address(0), tokenId);\n _afterTokenTransfers(from, address(0), tokenId, 1);\n\n // Overflow not possible, as _burnCounter cannot be exceed _currentIndex times.\n unchecked {\n _burnCounter++;\n }\n }\n\n // =============================================================\n // EXTRA DATA OPERATIONS\n // =============================================================\n\n /**\n * @dev Directly sets the extra data for the ownership data `index`.\n */\n function _setExtraDataAt(uint256 index, uint24 extraData) internal virtual {\n uint256 packed = _packedOwnerships[index];\n if (packed == 0) revert OwnershipNotInitializedForExtraData();\n uint256 extraDataCasted;\n // Cast `extraData` with assembly to avoid redundant masking.\n assembly {\n extraDataCasted := extraData\n }\n packed = (packed \u0026 _BITMASK_EXTRA_DATA_COMPLEMENT) | (extraDataCasted \u003c\u003c _BITPOS_EXTRA_DATA);\n _packedOwnerships[index] = packed;\n }\n\n /**\n * @dev Called during each token transfer to set the 24bit `extraData` field.\n * Intended to be overridden by the cosumer contract.\n *\n * `previousExtraData` - the value of `extraData` before transfer.\n *\n * Calling conditions:\n *\n * - When `from` and `to` are both non-zero, `from`\u0027s `tokenId` will be\n * transferred to `to`.\n * - When `from` is zero, `tokenId` will be minted for `to`.\n * - When `to` is zero, `tokenId` will be burned by `from`.\n * - `from` and `to` are never both zero.\n */\n function _extraData(\n address from,\n address to,\n uint24 previousExtraData\n ) internal view virtual returns (uint24) {}\n\n /**\n * @dev Returns the next extra data for the packed ownership data.\n * The returned result is shifted into position.\n */\n function _nextExtraData(\n address from,\n address to,\n uint256 prevOwnershipPacked\n ) private view returns (uint256) {\n uint24 extraData = uint24(prevOwnershipPacked \u003e\u003e _BITPOS_EXTRA_DATA);\n return uint256(_extraData(from, to, extraData)) \u003c\u003c _BITPOS_EXTRA_DATA;\n }\n\n // =============================================================\n // OTHER OPERATIONS\n // =============================================================\n\n /**\n * @dev Returns the message sender (defaults to `msg.sender`).\n *\n * If you are writing GSN compatible contracts, you need to override this function.\n */\n function _msgSenderERC721A() internal view virtual returns (address) {\n return msg.sender;\n }\n\n /**\n * @dev Converts a uint256 to its ASCII string decimal representation.\n */\n function _toString(uint256 value) internal pure virtual returns (string memory str) {\n assembly {\n // The maximum value of a uint256 contains 78 digits (1 byte per digit), but\n // we allocate 0xa0 bytes to keep the free memory pointer 32-byte word aligned.\n // We will need 1 word for the trailing zeros padding, 1 word for the length,\n // and 3 words for a maximum of 78 digits. Total: 5 * 0x20 = 0xa0.\n let m := add(mload(0x40), 0xa0)\n // Update the free memory pointer to allocate.\n mstore(0x40, m)\n // Assign the `str` to the end.\n str := sub(m, 0x20)\n // Zeroize the slot after the string.\n mstore(str, 0)\n\n // Cache the end of the memory to calculate the length later.\n let end := str\n\n // We write the string from rightmost digit to leftmost digit.\n // The following is essentially a do-while loop that also handles the zero case.\n // prettier-ignore\n for { let temp := value } 1 {} {\n str := sub(str, 1)\n // Write the character to the pointer.\n // The ASCII index of the \u00270\u0027 character is 48.\n mstore8(str, add(48, mod(temp, 10)))\n // Keep dividing `temp` until zero.\n temp := div(temp, 10)\n // prettier-ignore\n if iszero(temp) { break }\n }\n\n let length := sub(end, str)\n // Move the pointer 32 bytes leftwards to make room for the length.\n str := sub(str, 0x20)\n // Store the length.\n mstore(str, length)\n }\n }\n}\n"},"IERC721A.sol":{"content":"// SPDX-License-Identifier: MIT\n// ERC721A Contracts v4.2.3\n// Creator: Chiru Labs\n\npragma solidity ^0.8.4;\n\n/**\n * @dev Interface of ERC721A.\n */\ninterface IERC721A {\n /**\n * The caller must own the token or be an approved operator.\n */\n error ApprovalCallerNotOwnerNorApproved();\n\n /**\n * The token does not exist.\n */\n error ApprovalQueryForNonexistentToken();\n\n /**\n * Cannot query the balance for the zero address.\n */\n error BalanceQueryForZeroAddress();\n\n /**\n * Cannot mint to the zero address.\n */\n error MintToZeroAddress();\n\n /**\n * The quantity of tokens minted must be more than zero.\n */\n error MintZeroQuantity();\n\n /**\n * The token does not exist.\n */\n error OwnerQueryForNonexistentToken();\n\n /**\n * The caller must own the token or be an approved operator.\n */\n error TransferCallerNotOwnerNorApproved();\n\n /**\n * The token must be owned by `from`.\n */\n error TransferFromIncorrectOwner();\n\n /**\n * Cannot safely transfer to a contract that does not implement the\n * ERC721Receiver interface.\n */\n error TransferToNonERC721ReceiverImplementer();\n\n /**\n * Cannot transfer to the zero address.\n */\n error TransferToZeroAddress();\n\n /**\n * The token does not exist.\n */\n error URIQueryForNonexistentToken();\n\n /**\n * The `quantity` minted with ERC2309 exceeds the safety limit.\n */\n error MintERC2309QuantityExceedsLimit();\n\n /**\n * The `extraData` cannot be set on an unintialized ownership slot.\n */\n error OwnershipNotInitializedForExtraData();\n\n // =============================================================\n // STRUCTS\n // =============================================================\n\n struct TokenOwnership {\n // The address of the owner.\n address addr;\n // Stores the start time of ownership with minimal overhead for tokenomics.\n uint64 startTimestamp;\n // Whether the token has been burned.\n bool burned;\n // Arbitrary data similar to `startTimestamp` that can be set via {_extraData}.\n uint24 extraData;\n }\n\n // =============================================================\n // TOKEN COUNTERS\n // =============================================================\n\n /**\n * @dev Returns the total number of tokens in existence.\n * Burned tokens will reduce the count.\n * To get the total number of tokens minted, please see {_totalMinted}.\n */\n function totalSupply() external view returns (uint256);\n\n // =============================================================\n // IERC165\n // =============================================================\n\n /**\n * @dev Returns true if this contract implements the interface defined by\n * `interfaceId`. See the corresponding\n * [EIP section](https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified)\n * to learn more about how these ids are created.\n *\n * This function call must use less than 30000 gas.\n */\n function supportsInterface(bytes4 interfaceId) external view returns (bool);\n\n // =============================================================\n // IERC721\n // =============================================================\n\n /**\n * @dev Emitted when `tokenId` token is transferred from `from` to `to`.\n */\n event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);\n\n /**\n * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.\n */\n event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);\n\n /**\n * @dev Emitted when `owner` enables or disables\n * (`approved`) `operator` to manage all of its assets.\n */\n event ApprovalForAll(address indexed owner, address indexed operator, bool approved);\n\n /**\n * @dev Returns the number of tokens in `owner`\u0027s account.\n */\n function balanceOf(address owner) external view returns (uint256 balance);\n\n /**\n * @dev Returns the owner of the `tokenId` token.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function ownerOf(uint256 tokenId) external view returns (address owner);\n\n /**\n * @dev Safely transfers `tokenId` token from `from` to `to`,\n * checking first that contract recipients are aware of the ERC721 protocol\n * to prevent tokens from being forever locked.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must exist and be owned by `from`.\n * - If the caller is not `from`, it must be have been allowed to move\n * this token by either {approve} or {setApprovalForAll}.\n * - If `to` refers to a smart contract, it must implement\n * {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.\n *\n * Emits a {Transfer} event.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId,\n bytes calldata data\n ) external payable;\n\n /**\n * @dev Equivalent to `safeTransferFrom(from, to, tokenId, \u0027\u0027)`.\n */\n function safeTransferFrom(\n address from,\n address to,\n uint256 tokenId\n ) external payable;\n\n /**\n * @dev Transfers `tokenId` from `from` to `to`.\n *\n * WARNING: Usage of this method is discouraged, use {safeTransferFrom}\n * whenever possible.\n *\n * Requirements:\n *\n * - `from` cannot be the zero address.\n * - `to` cannot be the zero address.\n * - `tokenId` token must be owned by `from`.\n * - If the caller is not `from`, it must be approved to move this token\n * by either {approve} or {setApprovalForAll}.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(\n address from,\n address to,\n uint256 tokenId\n ) external payable;\n\n /**\n * @dev Gives permission to `to` to transfer `tokenId` token to another account.\n * The approval is cleared when the token is transferred.\n *\n * Only a single account can be approved at a time, so approving the\n * zero address clears previous approvals.\n *\n * Requirements:\n *\n * - The caller must own the token or be an approved operator.\n * - `tokenId` must exist.\n *\n * Emits an {Approval} event.\n */\n function approve(address to, uint256 tokenId) external payable;\n\n /**\n * @dev Approve or remove `operator` as an operator for the caller.\n * Operators can call {transferFrom} or {safeTransferFrom}\n * for any token owned by the caller.\n *\n * Requirements:\n *\n * - The `operator` cannot be the caller.\n *\n * Emits an {ApprovalForAll} event.\n */\n function setApprovalForAll(address operator, bool _approved) external;\n\n /**\n * @dev Returns the account approved for `tokenId` token.\n *\n * Requirements:\n *\n * - `tokenId` must exist.\n */\n function getApproved(uint256 tokenId) external view returns (address operator);\n\n /**\n * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.\n *\n * See {setApprovalForAll}.\n */\n function isApprovedForAll(address owner, address operator) external view returns (bool);\n\n // =============================================================\n // IERC721Metadata\n // =============================================================\n\n /**\n * @dev Returns the token collection name.\n */\n function name() external view returns (string memory);\n\n /**\n * @dev Returns the token collection symbol.\n */\n function symbol() external view returns (string memory);\n\n /**\n * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.\n */\n function tokenURI(uint256 tokenId) external view returns (string memory);\n\n // =============================================================\n // IERC2309\n // =============================================================\n\n /**\n * @dev Emitted when tokens in `fromTokenId` to `toTokenId`\n * (inclusive) is transferred from `from` to `to`, as defined in the\n * [ERC2309](https://eips.ethereum.org/EIPS/eip-2309) standard.\n *\n * See {_mintERC2309} for more details.\n */\n event ConsecutiveTransfer(uint256 indexed fromTokenId, uint256 toTokenId, address indexed from, address indexed to);\n}\n"},"MerkleProof.sol":{"content":"// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (utils/cryptography/MerkleProof.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev These functions deal with verification of Merkle Tree proofs.\n *\n * The proofs can be generated using the JavaScript library\n * https://github.com/miguelmota/merkletreejs[merkletreejs].\n * Note: the hashing algorithm should be keccak256 and pair sorting should be enabled.\n *\n * See `test/utils/cryptography/MerkleProof.test.js` for some examples.\n *\n * WARNING: You should avoid using leaf values that are 64 bytes long prior to\n * hashing, or use a hash function other than keccak256 for hashing leaves.\n * This is because the concatenation of a sorted pair of internal nodes in\n * the merkle tree could be reinterpreted as a leaf value.\n */\nlibrary MerkleProof {\n /**\n * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree\n * defined by `root`. For this, a `proof` must be provided, containing\n * sibling hashes on the branch from the leaf to the root of the tree. Each\n * pair of leaves and each pair of pre-images are assumed to be sorted.\n */\n function verify(\n bytes32[] memory proof,\n bytes32 root,\n bytes32 leaf\n ) internal pure returns (bool) {\n return processProof(proof, leaf) == root;\n }\n\n /**\n * @dev Calldata version of {verify}\n *\n * _Available since v4.7._\n */\n function verifyCalldata(\n bytes32[] calldata proof,\n bytes32 root,\n bytes32 leaf\n ) internal pure returns (bool) {\n return processProofCalldata(proof, leaf) == root;\n }\n\n /**\n * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up\n * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt\n * hash matches the root of the tree. When processing the proof, the pairs\n * of leafs \u0026 pre-images are assumed to be sorted.\n *\n * _Available since v4.4._\n */\n function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i \u003c proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Calldata version of {processProof}\n *\n * _Available since v4.7._\n */\n function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {\n bytes32 computedHash = leaf;\n for (uint256 i = 0; i \u003c proof.length; i++) {\n computedHash = _hashPair(computedHash, proof[i]);\n }\n return computedHash;\n }\n\n /**\n * @dev Returns true if the `leaves` can be proved to be a part of a Merkle tree defined by\n * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.\n *\n * _Available since v4.7._\n */\n function multiProofVerify(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProof(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Calldata version of {multiProofVerify}\n *\n * _Available since v4.7._\n */\n function multiProofVerifyCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32 root,\n bytes32[] memory leaves\n ) internal pure returns (bool) {\n return processMultiProofCalldata(proof, proofFlags, leaves) == root;\n }\n\n /**\n * @dev Returns the root of a tree reconstructed from `leaves` and the sibling nodes in `proof`,\n * consuming from one or the other at each step according to the instructions given by\n * `proofFlags`.\n *\n * _Available since v4.7._\n */\n function processMultiProof(\n bytes32[] memory proof,\n bool[] memory proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuild the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proof.length - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue\u0027s \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value for the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i \u003c totalHashes; i++) {\n bytes32 a = leafPos \u003c leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i] ? leafPos \u003c leavesLen ? leaves[leafPos++] : hashes[hashPos++] : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes \u003e 0) {\n return hashes[totalHashes - 1];\n } else if (leavesLen \u003e 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n /**\n * @dev Calldata version of {processMultiProof}\n *\n * _Available since v4.7._\n */\n function processMultiProofCalldata(\n bytes32[] calldata proof,\n bool[] calldata proofFlags,\n bytes32[] memory leaves\n ) internal pure returns (bytes32 merkleRoot) {\n // This function rebuild the root hash by traversing the tree up from the leaves. The root is rebuilt by\n // consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the\n // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of\n // the merkle tree.\n uint256 leavesLen = leaves.length;\n uint256 totalHashes = proofFlags.length;\n\n // Check proof validity.\n require(leavesLen + proof.length - 1 == totalHashes, \"MerkleProof: invalid multiproof\");\n\n // The xxxPos values are \"pointers\" to the next value to consume in each array. All accesses are done using\n // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue\u0027s \"pop\".\n bytes32[] memory hashes = new bytes32[](totalHashes);\n uint256 leafPos = 0;\n uint256 hashPos = 0;\n uint256 proofPos = 0;\n // At each step, we compute the next hash using two values:\n // - a value from the \"main queue\". If not all leaves have been consumed, we get the next leaf, otherwise we\n // get the next hash.\n // - depending on the flag, either another value for the \"main queue\" (merging branches) or an element from the\n // `proof` array.\n for (uint256 i = 0; i \u003c totalHashes; i++) {\n bytes32 a = leafPos \u003c leavesLen ? leaves[leafPos++] : hashes[hashPos++];\n bytes32 b = proofFlags[i] ? leafPos \u003c leavesLen ? leaves[leafPos++] : hashes[hashPos++] : proof[proofPos++];\n hashes[i] = _hashPair(a, b);\n }\n\n if (totalHashes \u003e 0) {\n return hashes[totalHashes - 1];\n } else if (leavesLen \u003e 0) {\n return leaves[0];\n } else {\n return proof[0];\n }\n }\n\n function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {\n return a \u003c b ? _efficientHash(a, b) : _efficientHash(b, a);\n }\n\n function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {\n /// @solidity memory-safe-assembly\n assembly {\n mstore(0x00, a)\n mstore(0x20, b)\n value := keccak256(0x00, 0x40)\n }\n }\n}\n"},"Ownable.sol":{"content":"// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)\n\npragma solidity ^0.8.0;\n\nimport \"./Context.sol\";\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Leaves the contract without owner. It will not be possible to call\n * `onlyOwner` functions anymore. Can only be called by the current owner.\n *\n * NOTE: Renouncing ownership will leave the contract without an owner,\n * thereby removing any functionality that is only available to the owner.\n */\n function renounceOwnership() public virtual onlyOwner {\n _transferOwnership(address(0));\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n"},"Strings.sol":{"content":"// SPDX-License-Identifier: MIT\n// OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol)\n\npragma solidity ^0.8.0;\n\n/**\n * @dev String operations.\n */\nlibrary Strings {\n bytes16 private constant _HEX_SYMBOLS = \"0123456789abcdef\";\n uint8 private constant _ADDRESS_LENGTH = 20;\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\n */\n function toString(uint256 value) internal pure returns (string memory) {\n // Inspired by OraclizeAPI\u0027s implementation - MIT licence\n // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol\n\n if (value == 0) {\n return \"0\";\n }\n uint256 temp = value;\n uint256 digits;\n while (temp != 0) {\n digits++;\n temp /= 10;\n }\n bytes memory buffer = new bytes(digits);\n while (value != 0) {\n digits -= 1;\n buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));\n value /= 10;\n }\n return string(buffer);\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\n */\n function toHexString(uint256 value) internal pure returns (string memory) {\n if (value == 0) {\n return \"0x00\";\n }\n uint256 temp = value;\n uint256 length = 0;\n while (temp != 0) {\n length++;\n temp \u003e\u003e= 8;\n }\n return toHexString(value, length);\n }\n\n /**\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\n */\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\n bytes memory buffer = new bytes(2 * length + 2);\n buffer[0] = \"0\";\n buffer[1] = \"x\";\n for (uint256 i = 2 * length + 1; i \u003e 1; --i) {\n buffer[i] = _HEX_SYMBOLS[value \u0026 0xf];\n value \u003e\u003e= 4;\n }\n require(value == 0, \"Strings: hex length insufficient\");\n return string(buffer);\n }\n\n /**\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.\n */\n function toHexString(address addr) internal pure returns (string memory) {\n return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);\n }\n}\n"}}