ETH Price: $2,761.17 (+6.56%)

Transaction Decoder

Block:
21066711 at Oct-28-2024 09:07:11 PM +UTC
Transaction Fee:
0.0012587373117499 ETH $3.48
Gas Used:
97,810 Gas / 12.86920879 Gwei

Emitted Events:

50 DOP.Transfer( from=[Sender] 0x3df5e43f6377694d21c3d4f6e201992183a86af7, to=[Receiver] TransparentUpgradeableProxy, value=108512320000000000000000 )
51 TransparentUpgradeableProxy.0x1449c6dd7851abc30abf37f57715f492010519147cc2652fbc38202c18a6ee90( 0x1449c6dd7851abc30abf37f57715f492010519147cc2652fbc38202c18a6ee90, 0x0000000000000000000000003df5e43f6377694d21c3d4f6e201992183a86af7, 0000000000000000000000000000000000000000000016fa76f39516aba00000, 000000000000000000000000000000000000000000000000000000006796a3ff )

Account State Difference:

  Address   Before After State Difference Code
0x3dF5E43F...183a86aF7
0.021430152876517752 Eth
Nonce: 389
0.020171415564767852 Eth
Nonce: 390
0.0012587373117499
(beaverbuild)
11.42155955747367678 Eth11.42182651488252201 Eth0.00026695740884523
0x953be9C1...e7FF9AA27
0x97A9a151...9C8ad0978

Execution Trace

TransparentUpgradeableProxy.a694fc3a( )
  • Staking.stake( amount=108512320000000000000000 )
    • DOP.transferFrom( from=0x3dF5E43F6377694d21c3d4F6e201992183a86aF7, to=0x953be9C1ADb9c651bBEC52E614c06EEe7FF9AA27, value=108512320000000000000000 ) => ( True )
      File 1 of 3: TransparentUpgradeableProxy
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
      pragma solidity ^0.8.20;
      import {Context} from "../utils/Context.sol";
      /**
       * @dev Contract module which provides a basic access control mechanism, where
       * there is an account (an owner) that can be granted exclusive access to
       * specific functions.
       *
       * The initial owner is set to the address provided by the deployer. This can
       * later be changed with {transferOwnership}.
       *
       * This module is used through inheritance. It will make available the modifier
       * `onlyOwner`, which can be applied to your functions to restrict their use to
       * the owner.
       */
      abstract contract Ownable is Context {
          address private _owner;
          /**
           * @dev The caller account is not authorized to perform an operation.
           */
          error OwnableUnauthorizedAccount(address account);
          /**
           * @dev The owner is not a valid owner account. (eg. `address(0)`)
           */
          error OwnableInvalidOwner(address owner);
          event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
          /**
           * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
           */
          constructor(address initialOwner) {
              if (initialOwner == address(0)) {
                  revert OwnableInvalidOwner(address(0));
              }
              _transferOwnership(initialOwner);
          }
          /**
           * @dev Throws if called by any account other than the owner.
           */
          modifier onlyOwner() {
              _checkOwner();
              _;
          }
          /**
           * @dev Returns the address of the current owner.
           */
          function owner() public view virtual returns (address) {
              return _owner;
          }
          /**
           * @dev Throws if the sender is not the owner.
           */
          function _checkOwner() internal view virtual {
              if (owner() != _msgSender()) {
                  revert OwnableUnauthorizedAccount(_msgSender());
              }
          }
          /**
           * @dev Leaves the contract without owner. It will not be possible to call
           * `onlyOwner` functions. Can only be called by the current owner.
           *
           * NOTE: Renouncing ownership will leave the contract without an owner,
           * thereby disabling any functionality that is only available to the owner.
           */
          function renounceOwnership() public virtual onlyOwner {
              _transferOwnership(address(0));
          }
          /**
           * @dev Transfers ownership of the contract to a new account (`newOwner`).
           * Can only be called by the current owner.
           */
          function transferOwnership(address newOwner) public virtual onlyOwner {
              if (newOwner == address(0)) {
                  revert OwnableInvalidOwner(address(0));
              }
              _transferOwnership(newOwner);
          }
          /**
           * @dev Transfers ownership of the contract to a new account (`newOwner`).
           * Internal function without access restriction.
           */
          function _transferOwnership(address newOwner) internal virtual {
              address oldOwner = _owner;
              _owner = newOwner;
              emit OwnershipTransferred(oldOwner, newOwner);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1967.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
       */
      interface IERC1967 {
          /**
           * @dev Emitted when the implementation is upgraded.
           */
          event Upgraded(address indexed implementation);
          /**
           * @dev Emitted when the admin account has changed.
           */
          event AdminChanged(address previousAdmin, address newAdmin);
          /**
           * @dev Emitted when the beacon is changed.
           */
          event BeaconUpgraded(address indexed beacon);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/BeaconProxy.sol)
      pragma solidity ^0.8.20;
      import {IBeacon} from "./IBeacon.sol";
      import {Proxy} from "../Proxy.sol";
      import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol";
      /**
       * @dev This contract implements a proxy that gets the implementation address for each call from an {UpgradeableBeacon}.
       *
       * The beacon address can only be set once during construction, and cannot be changed afterwards. It is stored in an
       * immutable variable to avoid unnecessary storage reads, and also in the beacon storage slot specified by
       * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] so that it can be accessed externally.
       *
       * CAUTION: Since the beacon address can never be changed, you must ensure that you either control the beacon, or trust
       * the beacon to not upgrade the implementation maliciously.
       *
       * IMPORTANT: Do not use the implementation logic to modify the beacon storage slot. Doing so would leave the proxy in
       * an inconsistent state where the beacon storage slot does not match the beacon address.
       */
      contract BeaconProxy is Proxy {
          // An immutable address for the beacon to avoid unnecessary SLOADs before each delegate call.
          address private immutable _beacon;
          /**
           * @dev Initializes the proxy with `beacon`.
           *
           * If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. This
           * will typically be an encoded function call, and allows initializing the storage of the proxy like a Solidity
           * constructor.
           *
           * Requirements:
           *
           * - `beacon` must be a contract with the interface {IBeacon}.
           * - If `data` is empty, `msg.value` must be zero.
           */
          constructor(address beacon, bytes memory data) payable {
              ERC1967Utils.upgradeBeaconToAndCall(beacon, data);
              _beacon = beacon;
          }
          /**
           * @dev Returns the current implementation address of the associated beacon.
           */
          function _implementation() internal view virtual override returns (address) {
              return IBeacon(_getBeacon()).implementation();
          }
          /**
           * @dev Returns the beacon.
           */
          function _getBeacon() internal view virtual returns (address) {
              return _beacon;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev This is the interface that {BeaconProxy} expects of its beacon.
       */
      interface IBeacon {
          /**
           * @dev Must return an address that can be used as a delegate call target.
           *
           * {UpgradeableBeacon} will check that this address is a contract.
           */
          function implementation() external view returns (address);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/UpgradeableBeacon.sol)
      pragma solidity ^0.8.20;
      import {IBeacon} from "./IBeacon.sol";
      import {Ownable} from "../../access/Ownable.sol";
      /**
       * @dev This contract is used in conjunction with one or more instances of {BeaconProxy} to determine their
       * implementation contract, which is where they will delegate all function calls.
       *
       * An owner is able to change the implementation the beacon points to, thus upgrading the proxies that use this beacon.
       */
      contract UpgradeableBeacon is IBeacon, Ownable {
          address private _implementation;
          /**
           * @dev The `implementation` of the beacon is invalid.
           */
          error BeaconInvalidImplementation(address implementation);
          /**
           * @dev Emitted when the implementation returned by the beacon is changed.
           */
          event Upgraded(address indexed implementation);
          /**
           * @dev Sets the address of the initial implementation, and the initial owner who can upgrade the beacon.
           */
          constructor(address implementation_, address initialOwner) Ownable(initialOwner) {
              _setImplementation(implementation_);
          }
          /**
           * @dev Returns the current implementation address.
           */
          function implementation() public view virtual returns (address) {
              return _implementation;
          }
          /**
           * @dev Upgrades the beacon to a new implementation.
           *
           * Emits an {Upgraded} event.
           *
           * Requirements:
           *
           * - msg.sender must be the owner of the contract.
           * - `newImplementation` must be a contract.
           */
          function upgradeTo(address newImplementation) public virtual onlyOwner {
              _setImplementation(newImplementation);
          }
          /**
           * @dev Sets the implementation contract address for this beacon
           *
           * Requirements:
           *
           * - `newImplementation` must be a contract.
           */
          function _setImplementation(address newImplementation) private {
              if (newImplementation.code.length == 0) {
                  revert BeaconInvalidImplementation(newImplementation);
              }
              _implementation = newImplementation;
              emit Upgraded(newImplementation);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Proxy.sol)
      pragma solidity ^0.8.20;
      import {Proxy} from "../Proxy.sol";
      import {ERC1967Utils} from "./ERC1967Utils.sol";
      /**
       * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
       * implementation address that can be changed. This address is stored in storage in the location specified by
       * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
       * implementation behind the proxy.
       */
      contract ERC1967Proxy is Proxy {
          /**
           * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.
           *
           * If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
           * encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
           *
           * Requirements:
           *
           * - If `data` is empty, `msg.value` must be zero.
           */
          constructor(address implementation, bytes memory _data) payable {
              ERC1967Utils.upgradeToAndCall(implementation, _data);
          }
          /**
           * @dev Returns the current implementation address.
           *
           * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
           * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
           * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
           */
          function _implementation() internal view virtual override returns (address) {
              return ERC1967Utils.getImplementation();
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Utils.sol)
      pragma solidity ^0.8.20;
      import {IBeacon} from "../beacon/IBeacon.sol";
      import {Address} from "../../utils/Address.sol";
      import {StorageSlot} from "../../utils/StorageSlot.sol";
      /**
       * @dev This abstract contract provides getters and event emitting update functions for
       * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
       */
      library ERC1967Utils {
          // We re-declare ERC-1967 events here because they can't be used directly from IERC1967.
          // This will be fixed in Solidity 0.8.21. At that point we should remove these events.
          /**
           * @dev Emitted when the implementation is upgraded.
           */
          event Upgraded(address indexed implementation);
          /**
           * @dev Emitted when the admin account has changed.
           */
          event AdminChanged(address previousAdmin, address newAdmin);
          /**
           * @dev Emitted when the beacon is changed.
           */
          event BeaconUpgraded(address indexed beacon);
          /**
           * @dev Storage slot with the address of the current implementation.
           * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
           */
          // solhint-disable-next-line private-vars-leading-underscore
          bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
          /**
           * @dev The `implementation` of the proxy is invalid.
           */
          error ERC1967InvalidImplementation(address implementation);
          /**
           * @dev The `admin` of the proxy is invalid.
           */
          error ERC1967InvalidAdmin(address admin);
          /**
           * @dev The `beacon` of the proxy is invalid.
           */
          error ERC1967InvalidBeacon(address beacon);
          /**
           * @dev An upgrade function sees `msg.value > 0` that may be lost.
           */
          error ERC1967NonPayable();
          /**
           * @dev Returns the current implementation address.
           */
          function getImplementation() internal view returns (address) {
              return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
          }
          /**
           * @dev Stores a new address in the EIP1967 implementation slot.
           */
          function _setImplementation(address newImplementation) private {
              if (newImplementation.code.length == 0) {
                  revert ERC1967InvalidImplementation(newImplementation);
              }
              StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
          }
          /**
           * @dev Performs implementation upgrade with additional setup call if data is nonempty.
           * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
           * to avoid stuck value in the contract.
           *
           * Emits an {IERC1967-Upgraded} event.
           */
          function upgradeToAndCall(address newImplementation, bytes memory data) internal {
              _setImplementation(newImplementation);
              emit Upgraded(newImplementation);
              if (data.length > 0) {
                  Address.functionDelegateCall(newImplementation, data);
              } else {
                  _checkNonPayable();
              }
          }
          /**
           * @dev Storage slot with the admin of the contract.
           * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
           */
          // solhint-disable-next-line private-vars-leading-underscore
          bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
          /**
           * @dev Returns the current admin.
           *
           * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
           * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
           * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
           */
          function getAdmin() internal view returns (address) {
              return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
          }
          /**
           * @dev Stores a new address in the EIP1967 admin slot.
           */
          function _setAdmin(address newAdmin) private {
              if (newAdmin == address(0)) {
                  revert ERC1967InvalidAdmin(address(0));
              }
              StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
          }
          /**
           * @dev Changes the admin of the proxy.
           *
           * Emits an {IERC1967-AdminChanged} event.
           */
          function changeAdmin(address newAdmin) internal {
              emit AdminChanged(getAdmin(), newAdmin);
              _setAdmin(newAdmin);
          }
          /**
           * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
           * This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
           */
          // solhint-disable-next-line private-vars-leading-underscore
          bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
          /**
           * @dev Returns the current beacon.
           */
          function getBeacon() internal view returns (address) {
              return StorageSlot.getAddressSlot(BEACON_SLOT).value;
          }
          /**
           * @dev Stores a new beacon in the EIP1967 beacon slot.
           */
          function _setBeacon(address newBeacon) private {
              if (newBeacon.code.length == 0) {
                  revert ERC1967InvalidBeacon(newBeacon);
              }
              StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;
              address beaconImplementation = IBeacon(newBeacon).implementation();
              if (beaconImplementation.code.length == 0) {
                  revert ERC1967InvalidImplementation(beaconImplementation);
              }
          }
          /**
           * @dev Change the beacon and trigger a setup call if data is nonempty.
           * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
           * to avoid stuck value in the contract.
           *
           * Emits an {IERC1967-BeaconUpgraded} event.
           *
           * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
           * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
           * efficiency.
           */
          function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
              _setBeacon(newBeacon);
              emit BeaconUpgraded(newBeacon);
              if (data.length > 0) {
                  Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
              } else {
                  _checkNonPayable();
              }
          }
          /**
           * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
           * if an upgrade doesn't perform an initialization call.
           */
          function _checkNonPayable() private {
              if (msg.value > 0) {
                  revert ERC1967NonPayable();
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
       * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
       * be specified by overriding the virtual {_implementation} function.
       *
       * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
       * different contract through the {_delegate} function.
       *
       * The success and return data of the delegated call will be returned back to the caller of the proxy.
       */
      abstract contract Proxy {
          /**
           * @dev Delegates the current call to `implementation`.
           *
           * This function does not return to its internal call site, it will return directly to the external caller.
           */
          function _delegate(address implementation) internal virtual {
              assembly {
                  // Copy msg.data. We take full control of memory in this inline assembly
                  // block because it will not return to Solidity code. We overwrite the
                  // Solidity scratch pad at memory position 0.
                  calldatacopy(0, 0, calldatasize())
                  // Call the implementation.
                  // out and outsize are 0 because we don't know the size yet.
                  let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
                  // Copy the returned data.
                  returndatacopy(0, 0, returndatasize())
                  switch result
                  // delegatecall returns 0 on error.
                  case 0 {
                      revert(0, returndatasize())
                  }
                  default {
                      return(0, returndatasize())
                  }
              }
          }
          /**
           * @dev This is a virtual function that should be overridden so it returns the address to which the fallback
           * function and {_fallback} should delegate.
           */
          function _implementation() internal view virtual returns (address);
          /**
           * @dev Delegates the current call to the address returned by `_implementation()`.
           *
           * This function does not return to its internal call site, it will return directly to the external caller.
           */
          function _fallback() internal virtual {
              _delegate(_implementation());
          }
          /**
           * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
           * function in the contract matches the call data.
           */
          fallback() external payable virtual {
              _fallback();
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/transparent/ProxyAdmin.sol)
      pragma solidity ^0.8.20;
      import {ITransparentUpgradeableProxy} from "./TransparentUpgradeableProxy.sol";
      import {Ownable} from "../../access/Ownable.sol";
      /**
       * @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an
       * explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}.
       */
      contract ProxyAdmin is Ownable {
          /**
           * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgrade(address)`
           * and `upgradeAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called,
           * while `upgradeAndCall` will invoke the `receive` function if the second argument is the empty byte string.
           * If the getter returns `"5.0.0"`, only `upgradeAndCall(address,bytes)` is present, and the second argument must
           * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
           * during an upgrade.
           */
          string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";
          /**
           * @dev Sets the initial owner who can perform upgrades.
           */
          constructor(address initialOwner) Ownable(initialOwner) {}
          /**
           * @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation.
           * See {TransparentUpgradeableProxy-_dispatchUpgradeToAndCall}.
           *
           * Requirements:
           *
           * - This contract must be the admin of `proxy`.
           * - If `data` is empty, `msg.value` must be zero.
           */
          function upgradeAndCall(
              ITransparentUpgradeableProxy proxy,
              address implementation,
              bytes memory data
          ) public payable virtual onlyOwner {
              proxy.upgradeToAndCall{value: msg.value}(implementation, data);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/transparent/TransparentUpgradeableProxy.sol)
      pragma solidity ^0.8.20;
      import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol";
      import {ERC1967Proxy} from "../ERC1967/ERC1967Proxy.sol";
      import {IERC1967} from "../../interfaces/IERC1967.sol";
      import {ProxyAdmin} from "./ProxyAdmin.sol";
      /**
       * @dev Interface for {TransparentUpgradeableProxy}. In order to implement transparency, {TransparentUpgradeableProxy}
       * does not implement this interface directly, and its upgradeability mechanism is implemented by an internal dispatch
       * mechanism. The compiler is unaware that these functions are implemented by {TransparentUpgradeableProxy} and will not
       * include them in the ABI so this interface must be used to interact with it.
       */
      interface ITransparentUpgradeableProxy is IERC1967 {
          function upgradeToAndCall(address, bytes calldata) external payable;
      }
      /**
       * @dev This contract implements a proxy that is upgradeable through an associated {ProxyAdmin} instance.
       *
       * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
       * clashing], which can potentially be used in an attack, this contract uses the
       * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
       * things that go hand in hand:
       *
       * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
       * that call matches the {ITransparentUpgradeableProxy-upgradeToAndCall} function exposed by the proxy itself.
       * 2. If the admin calls the proxy, it can call the `upgradeToAndCall` function but any other call won't be forwarded to
       * the implementation. If the admin tries to call a function on the implementation it will fail with an error indicating
       * the proxy admin cannot fallback to the target implementation.
       *
       * These properties mean that the admin account can only be used for upgrading the proxy, so it's best if it's a
       * dedicated account that is not used for anything else. This will avoid headaches due to sudden errors when trying to
       * call a function from the proxy implementation. For this reason, the proxy deploys an instance of {ProxyAdmin} and
       * allows upgrades only if they come through it. You should think of the `ProxyAdmin` instance as the administrative
       * interface of the proxy, including the ability to change who can trigger upgrades by transferring ownership.
       *
       * NOTE: The real interface of this proxy is that defined in `ITransparentUpgradeableProxy`. This contract does not
       * inherit from that interface, and instead `upgradeToAndCall` is implicitly implemented using a custom dispatch
       * mechanism in `_fallback`. Consequently, the compiler will not produce an ABI for this contract. This is necessary to
       * fully implement transparency without decoding reverts caused by selector clashes between the proxy and the
       * implementation.
       *
       * NOTE: This proxy does not inherit from {Context} deliberately. The {ProxyAdmin} of this contract won't send a
       * meta-transaction in any way, and any other meta-transaction setup should be made in the implementation contract.
       *
       * IMPORTANT: This contract avoids unnecessary storage reads by setting the admin only during construction as an
       * immutable variable, preventing any changes thereafter. However, the admin slot defined in ERC-1967 can still be
       * overwritten by the implementation logic pointed to by this proxy. In such cases, the contract may end up in an
       * undesirable state where the admin slot is different from the actual admin.
       *
       * WARNING: It is not recommended to extend this contract to add additional external functions. If you do so, the
       * compiler will not check that there are no selector conflicts, due to the note above. A selector clash between any new
       * function and the functions declared in {ITransparentUpgradeableProxy} will be resolved in favor of the new one. This
       * could render the `upgradeToAndCall` function inaccessible, preventing upgradeability and compromising transparency.
       */
      contract TransparentUpgradeableProxy is ERC1967Proxy {
          // An immutable address for the admin to avoid unnecessary SLOADs before each call
          // at the expense of removing the ability to change the admin once it's set.
          // This is acceptable if the admin is always a ProxyAdmin instance or similar contract
          // with its own ability to transfer the permissions to another account.
          address private immutable _admin;
          /**
           * @dev The proxy caller is the current admin, and can't fallback to the proxy target.
           */
          error ProxyDeniedAdminAccess();
          /**
           * @dev Initializes an upgradeable proxy managed by an instance of a {ProxyAdmin} with an `initialOwner`,
           * backed by the implementation at `_logic`, and optionally initialized with `_data` as explained in
           * {ERC1967Proxy-constructor}.
           */
          constructor(address _logic, address initialOwner, bytes memory _data) payable ERC1967Proxy(_logic, _data) {
              _admin = address(new ProxyAdmin(initialOwner));
              // Set the storage value and emit an event for ERC-1967 compatibility
              ERC1967Utils.changeAdmin(_proxyAdmin());
          }
          /**
           * @dev Returns the admin of this proxy.
           */
          function _proxyAdmin() internal virtual returns (address) {
              return _admin;
          }
          /**
           * @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior.
           */
          function _fallback() internal virtual override {
              if (msg.sender == _proxyAdmin()) {
                  if (msg.sig != ITransparentUpgradeableProxy.upgradeToAndCall.selector) {
                      revert ProxyDeniedAdminAccess();
                  } else {
                      _dispatchUpgradeToAndCall();
                  }
              } else {
                  super._fallback();
              }
          }
          /**
           * @dev Upgrade the implementation of the proxy. See {ERC1967Utils-upgradeToAndCall}.
           *
           * Requirements:
           *
           * - If `data` is empty, `msg.value` must be zero.
           */
          function _dispatchUpgradeToAndCall() private {
              (address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes));
              ERC1967Utils.upgradeToAndCall(newImplementation, data);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Collection of functions related to the address type
       */
      library Address {
          /**
           * @dev The ETH balance of the account is not enough to perform the operation.
           */
          error AddressInsufficientBalance(address account);
          /**
           * @dev There's no code at `target` (it is not a contract).
           */
          error AddressEmptyCode(address target);
          /**
           * @dev A call to an address target failed. The target may have reverted.
           */
          error FailedInnerCall();
          /**
           * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
           * `recipient`, forwarding all available gas and reverting on errors.
           *
           * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
           * of certain opcodes, possibly making contracts go over the 2300 gas limit
           * imposed by `transfer`, making them unable to receive funds via
           * `transfer`. {sendValue} removes this limitation.
           *
           * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
           *
           * IMPORTANT: because control is transferred to `recipient`, care must be
           * taken to not create reentrancy vulnerabilities. Consider using
           * {ReentrancyGuard} or the
           * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
           */
          function sendValue(address payable recipient, uint256 amount) internal {
              if (address(this).balance < amount) {
                  revert AddressInsufficientBalance(address(this));
              }
              (bool success, ) = recipient.call{value: amount}("");
              if (!success) {
                  revert FailedInnerCall();
              }
          }
          /**
           * @dev Performs a Solidity function call using a low level `call`. A
           * plain `call` is an unsafe replacement for a function call: use this
           * function instead.
           *
           * If `target` reverts with a revert reason or custom error, it is bubbled
           * up by this function (like regular Solidity function calls). However, if
           * the call reverted with no returned reason, this function reverts with a
           * {FailedInnerCall} error.
           *
           * Returns the raw returned data. To convert to the expected return value,
           * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
           *
           * Requirements:
           *
           * - `target` must be a contract.
           * - calling `target` with `data` must not revert.
           */
          function functionCall(address target, bytes memory data) internal returns (bytes memory) {
              return functionCallWithValue(target, data, 0);
          }
          /**
           * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
           * but also transferring `value` wei to `target`.
           *
           * Requirements:
           *
           * - the calling contract must have an ETH balance of at least `value`.
           * - the called Solidity function must be `payable`.
           */
          function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
              if (address(this).balance < value) {
                  revert AddressInsufficientBalance(address(this));
              }
              (bool success, bytes memory returndata) = target.call{value: value}(data);
              return verifyCallResultFromTarget(target, success, returndata);
          }
          /**
           * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
           * but performing a static call.
           */
          function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
              (bool success, bytes memory returndata) = target.staticcall(data);
              return verifyCallResultFromTarget(target, success, returndata);
          }
          /**
           * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
           * but performing a delegate call.
           */
          function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
              (bool success, bytes memory returndata) = target.delegatecall(data);
              return verifyCallResultFromTarget(target, success, returndata);
          }
          /**
           * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
           * was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
           * unsuccessful call.
           */
          function verifyCallResultFromTarget(
              address target,
              bool success,
              bytes memory returndata
          ) internal view returns (bytes memory) {
              if (!success) {
                  _revert(returndata);
              } else {
                  // only check if target is a contract if the call was successful and the return data is empty
                  // otherwise we already know that it was a contract
                  if (returndata.length == 0 && target.code.length == 0) {
                      revert AddressEmptyCode(target);
                  }
                  return returndata;
              }
          }
          /**
           * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
           * revert reason or with a default {FailedInnerCall} error.
           */
          function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
              if (!success) {
                  _revert(returndata);
              } else {
                  return returndata;
              }
          }
          /**
           * @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
           */
          function _revert(bytes memory returndata) private pure {
              // Look for revert reason and bubble it up if present
              if (returndata.length > 0) {
                  // The easiest way to bubble the revert reason is using memory via assembly
                  /// @solidity memory-safe-assembly
                  assembly {
                      let returndata_size := mload(returndata)
                      revert(add(32, returndata), returndata_size)
                  }
              } else {
                  revert FailedInnerCall();
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Provides information about the current execution context, including the
       * sender of the transaction and its data. While these are generally available
       * via msg.sender and msg.data, they should not be accessed in such a direct
       * manner, since when dealing with meta-transactions the account sending and
       * paying for execution may not be the actual sender (as far as an application
       * is concerned).
       *
       * This contract is only required for intermediate, library-like contracts.
       */
      abstract contract Context {
          function _msgSender() internal view virtual returns (address) {
              return msg.sender;
          }
          function _msgData() internal view virtual returns (bytes calldata) {
              return msg.data;
          }
          function _contextSuffixLength() internal view virtual returns (uint256) {
              return 0;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
      // This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
      pragma solidity ^0.8.20;
      /**
       * @dev Library for reading and writing primitive types to specific storage slots.
       *
       * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
       * This library helps with reading and writing to such slots without the need for inline assembly.
       *
       * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
       *
       * Example usage to set ERC1967 implementation slot:
       * ```solidity
       * contract ERC1967 {
       *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
       *
       *     function _getImplementation() internal view returns (address) {
       *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
       *     }
       *
       *     function _setImplementation(address newImplementation) internal {
       *         require(newImplementation.code.length > 0);
       *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
       *     }
       * }
       * ```
       */
      library StorageSlot {
          struct AddressSlot {
              address value;
          }
          struct BooleanSlot {
              bool value;
          }
          struct Bytes32Slot {
              bytes32 value;
          }
          struct Uint256Slot {
              uint256 value;
          }
          struct StringSlot {
              string value;
          }
          struct BytesSlot {
              bytes value;
          }
          /**
           * @dev Returns an `AddressSlot` with member `value` located at `slot`.
           */
          function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `BooleanSlot` with member `value` located at `slot`.
           */
          function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
           */
          function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `Uint256Slot` with member `value` located at `slot`.
           */
          function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `StringSlot` with member `value` located at `slot`.
           */
          function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
           */
          function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := store.slot
              }
          }
          /**
           * @dev Returns an `BytesSlot` with member `value` located at `slot`.
           */
          function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
           */
          function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := store.slot
              }
          }
      }
      

      File 2 of 3: DOP
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
      pragma solidity ^0.8.20;
      import {Context} from "../utils/Context.sol";
      /**
       * @dev Contract module which provides a basic access control mechanism, where
       * there is an account (an owner) that can be granted exclusive access to
       * specific functions.
       *
       * The initial owner is set to the address provided by the deployer. This can
       * later be changed with {transferOwnership}.
       *
       * This module is used through inheritance. It will make available the modifier
       * `onlyOwner`, which can be applied to your functions to restrict their use to
       * the owner.
       */
      abstract contract Ownable is Context {
          address private _owner;
          /**
           * @dev The caller account is not authorized to perform an operation.
           */
          error OwnableUnauthorizedAccount(address account);
          /**
           * @dev The owner is not a valid owner account. (eg. `address(0)`)
           */
          error OwnableInvalidOwner(address owner);
          event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
          /**
           * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
           */
          constructor(address initialOwner) {
              if (initialOwner == address(0)) {
                  revert OwnableInvalidOwner(address(0));
              }
              _transferOwnership(initialOwner);
          }
          /**
           * @dev Throws if called by any account other than the owner.
           */
          modifier onlyOwner() {
              _checkOwner();
              _;
          }
          /**
           * @dev Returns the address of the current owner.
           */
          function owner() public view virtual returns (address) {
              return _owner;
          }
          /**
           * @dev Throws if the sender is not the owner.
           */
          function _checkOwner() internal view virtual {
              if (owner() != _msgSender()) {
                  revert OwnableUnauthorizedAccount(_msgSender());
              }
          }
          /**
           * @dev Leaves the contract without owner. It will not be possible to call
           * `onlyOwner` functions. Can only be called by the current owner.
           *
           * NOTE: Renouncing ownership will leave the contract without an owner,
           * thereby disabling any functionality that is only available to the owner.
           */
          function renounceOwnership() public virtual onlyOwner {
              _transferOwnership(address(0));
          }
          /**
           * @dev Transfers ownership of the contract to a new account (`newOwner`).
           * Can only be called by the current owner.
           */
          function transferOwnership(address newOwner) public virtual onlyOwner {
              if (newOwner == address(0)) {
                  revert OwnableInvalidOwner(address(0));
              }
              _transferOwnership(newOwner);
          }
          /**
           * @dev Transfers ownership of the contract to a new account (`newOwner`).
           * Internal function without access restriction.
           */
          function _transferOwnership(address newOwner) internal virtual {
              address oldOwner = _owner;
              _owner = newOwner;
              emit OwnershipTransferred(oldOwner, newOwner);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Standard ERC20 Errors
       * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC20 tokens.
       */
      interface IERC20Errors {
          /**
           * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
           * @param sender Address whose tokens are being transferred.
           * @param balance Current balance for the interacting account.
           * @param needed Minimum amount required to perform a transfer.
           */
          error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
          /**
           * @dev Indicates a failure with the token `sender`. Used in transfers.
           * @param sender Address whose tokens are being transferred.
           */
          error ERC20InvalidSender(address sender);
          /**
           * @dev Indicates a failure with the token `receiver`. Used in transfers.
           * @param receiver Address to which tokens are being transferred.
           */
          error ERC20InvalidReceiver(address receiver);
          /**
           * @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
           * @param spender Address that may be allowed to operate on tokens without being their owner.
           * @param allowance Amount of tokens a `spender` is allowed to operate with.
           * @param needed Minimum amount required to perform a transfer.
           */
          error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
          /**
           * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
           * @param approver Address initiating an approval operation.
           */
          error ERC20InvalidApprover(address approver);
          /**
           * @dev Indicates a failure with the `spender` to be approved. Used in approvals.
           * @param spender Address that may be allowed to operate on tokens without being their owner.
           */
          error ERC20InvalidSpender(address spender);
      }
      /**
       * @dev Standard ERC721 Errors
       * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC721 tokens.
       */
      interface IERC721Errors {
          /**
           * @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in EIP-20.
           * Used in balance queries.
           * @param owner Address of the current owner of a token.
           */
          error ERC721InvalidOwner(address owner);
          /**
           * @dev Indicates a `tokenId` whose `owner` is the zero address.
           * @param tokenId Identifier number of a token.
           */
          error ERC721NonexistentToken(uint256 tokenId);
          /**
           * @dev Indicates an error related to the ownership over a particular token. Used in transfers.
           * @param sender Address whose tokens are being transferred.
           * @param tokenId Identifier number of a token.
           * @param owner Address of the current owner of a token.
           */
          error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
          /**
           * @dev Indicates a failure with the token `sender`. Used in transfers.
           * @param sender Address whose tokens are being transferred.
           */
          error ERC721InvalidSender(address sender);
          /**
           * @dev Indicates a failure with the token `receiver`. Used in transfers.
           * @param receiver Address to which tokens are being transferred.
           */
          error ERC721InvalidReceiver(address receiver);
          /**
           * @dev Indicates a failure with the `operator`’s approval. Used in transfers.
           * @param operator Address that may be allowed to operate on tokens without being their owner.
           * @param tokenId Identifier number of a token.
           */
          error ERC721InsufficientApproval(address operator, uint256 tokenId);
          /**
           * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
           * @param approver Address initiating an approval operation.
           */
          error ERC721InvalidApprover(address approver);
          /**
           * @dev Indicates a failure with the `operator` to be approved. Used in approvals.
           * @param operator Address that may be allowed to operate on tokens without being their owner.
           */
          error ERC721InvalidOperator(address operator);
      }
      /**
       * @dev Standard ERC1155 Errors
       * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC1155 tokens.
       */
      interface IERC1155Errors {
          /**
           * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
           * @param sender Address whose tokens are being transferred.
           * @param balance Current balance for the interacting account.
           * @param needed Minimum amount required to perform a transfer.
           * @param tokenId Identifier number of a token.
           */
          error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
          /**
           * @dev Indicates a failure with the token `sender`. Used in transfers.
           * @param sender Address whose tokens are being transferred.
           */
          error ERC1155InvalidSender(address sender);
          /**
           * @dev Indicates a failure with the token `receiver`. Used in transfers.
           * @param receiver Address to which tokens are being transferred.
           */
          error ERC1155InvalidReceiver(address receiver);
          /**
           * @dev Indicates a failure with the `operator`’s approval. Used in transfers.
           * @param operator Address that may be allowed to operate on tokens without being their owner.
           * @param owner Address of the current owner of a token.
           */
          error ERC1155MissingApprovalForAll(address operator, address owner);
          /**
           * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
           * @param approver Address initiating an approval operation.
           */
          error ERC1155InvalidApprover(address approver);
          /**
           * @dev Indicates a failure with the `operator` to be approved. Used in approvals.
           * @param operator Address that may be allowed to operate on tokens without being their owner.
           */
          error ERC1155InvalidOperator(address operator);
          /**
           * @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
           * Used in batch transfers.
           * @param idsLength Length of the array of token identifiers
           * @param valuesLength Length of the array of token amounts
           */
          error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5267.sol)
      pragma solidity ^0.8.20;
      interface IERC5267 {
          /**
           * @dev MAY be emitted to signal that the domain could have changed.
           */
          event EIP712DomainChanged();
          /**
           * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
           * signature.
           */
          function eip712Domain()
              external
              view
              returns (
                  bytes1 fields,
                  string memory name,
                  string memory version,
                  uint256 chainId,
                  address verifyingContract,
                  bytes32 salt,
                  uint256[] memory extensions
              );
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
      pragma solidity ^0.8.20;
      import {IERC20} from "./IERC20.sol";
      import {IERC20Metadata} from "./extensions/IERC20Metadata.sol";
      import {Context} from "../../utils/Context.sol";
      import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol";
      /**
       * @dev Implementation of the {IERC20} interface.
       *
       * This implementation is agnostic to the way tokens are created. This means
       * that a supply mechanism has to be added in a derived contract using {_mint}.
       *
       * TIP: For a detailed writeup see our guide
       * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
       * to implement supply mechanisms].
       *
       * The default value of {decimals} is 18. To change this, you should override
       * this function so it returns a different value.
       *
       * We have followed general OpenZeppelin Contracts guidelines: functions revert
       * instead returning `false` on failure. This behavior is nonetheless
       * conventional and does not conflict with the expectations of ERC20
       * applications.
       *
       * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
       * This allows applications to reconstruct the allowance for all accounts just
       * by listening to said events. Other implementations of the EIP may not emit
       * these events, as it isn't required by the specification.
       */
      abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
          mapping(address account => uint256) private _balances;
          mapping(address account => mapping(address spender => uint256)) private _allowances;
          uint256 private _totalSupply;
          string private _name;
          string private _symbol;
          /**
           * @dev Sets the values for {name} and {symbol}.
           *
           * All two of these values are immutable: they can only be set once during
           * construction.
           */
          constructor(string memory name_, string memory symbol_) {
              _name = name_;
              _symbol = symbol_;
          }
          /**
           * @dev Returns the name of the token.
           */
          function name() public view virtual returns (string memory) {
              return _name;
          }
          /**
           * @dev Returns the symbol of the token, usually a shorter version of the
           * name.
           */
          function symbol() public view virtual returns (string memory) {
              return _symbol;
          }
          /**
           * @dev Returns the number of decimals used to get its user representation.
           * For example, if `decimals` equals `2`, a balance of `505` tokens should
           * be displayed to a user as `5.05` (`505 / 10 ** 2`).
           *
           * Tokens usually opt for a value of 18, imitating the relationship between
           * Ether and Wei. This is the default value returned by this function, unless
           * it's overridden.
           *
           * NOTE: This information is only used for _display_ purposes: it in
           * no way affects any of the arithmetic of the contract, including
           * {IERC20-balanceOf} and {IERC20-transfer}.
           */
          function decimals() public view virtual returns (uint8) {
              return 18;
          }
          /**
           * @dev See {IERC20-totalSupply}.
           */
          function totalSupply() public view virtual returns (uint256) {
              return _totalSupply;
          }
          /**
           * @dev See {IERC20-balanceOf}.
           */
          function balanceOf(address account) public view virtual returns (uint256) {
              return _balances[account];
          }
          /**
           * @dev See {IERC20-transfer}.
           *
           * Requirements:
           *
           * - `to` cannot be the zero address.
           * - the caller must have a balance of at least `value`.
           */
          function transfer(address to, uint256 value) public virtual returns (bool) {
              address owner = _msgSender();
              _transfer(owner, to, value);
              return true;
          }
          /**
           * @dev See {IERC20-allowance}.
           */
          function allowance(address owner, address spender) public view virtual returns (uint256) {
              return _allowances[owner][spender];
          }
          /**
           * @dev See {IERC20-approve}.
           *
           * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
           * `transferFrom`. This is semantically equivalent to an infinite approval.
           *
           * Requirements:
           *
           * - `spender` cannot be the zero address.
           */
          function approve(address spender, uint256 value) public virtual returns (bool) {
              address owner = _msgSender();
              _approve(owner, spender, value);
              return true;
          }
          /**
           * @dev See {IERC20-transferFrom}.
           *
           * Emits an {Approval} event indicating the updated allowance. This is not
           * required by the EIP. See the note at the beginning of {ERC20}.
           *
           * NOTE: Does not update the allowance if the current allowance
           * is the maximum `uint256`.
           *
           * Requirements:
           *
           * - `from` and `to` cannot be the zero address.
           * - `from` must have a balance of at least `value`.
           * - the caller must have allowance for ``from``'s tokens of at least
           * `value`.
           */
          function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
              address spender = _msgSender();
              _spendAllowance(from, spender, value);
              _transfer(from, to, value);
              return true;
          }
          /**
           * @dev Moves a `value` amount of tokens from `from` to `to`.
           *
           * This internal function is equivalent to {transfer}, and can be used to
           * e.g. implement automatic token fees, slashing mechanisms, etc.
           *
           * Emits a {Transfer} event.
           *
           * NOTE: This function is not virtual, {_update} should be overridden instead.
           */
          function _transfer(address from, address to, uint256 value) internal {
              if (from == address(0)) {
                  revert ERC20InvalidSender(address(0));
              }
              if (to == address(0)) {
                  revert ERC20InvalidReceiver(address(0));
              }
              _update(from, to, value);
          }
          /**
           * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
           * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
           * this function.
           *
           * Emits a {Transfer} event.
           */
          function _update(address from, address to, uint256 value) internal virtual {
              if (from == address(0)) {
                  // Overflow check required: The rest of the code assumes that totalSupply never overflows
                  _totalSupply += value;
              } else {
                  uint256 fromBalance = _balances[from];
                  if (fromBalance < value) {
                      revert ERC20InsufficientBalance(from, fromBalance, value);
                  }
                  unchecked {
                      // Overflow not possible: value <= fromBalance <= totalSupply.
                      _balances[from] = fromBalance - value;
                  }
              }
              if (to == address(0)) {
                  unchecked {
                      // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
                      _totalSupply -= value;
                  }
              } else {
                  unchecked {
                      // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
                      _balances[to] += value;
                  }
              }
              emit Transfer(from, to, value);
          }
          /**
           * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
           * Relies on the `_update` mechanism
           *
           * Emits a {Transfer} event with `from` set to the zero address.
           *
           * NOTE: This function is not virtual, {_update} should be overridden instead.
           */
          function _mint(address account, uint256 value) internal {
              if (account == address(0)) {
                  revert ERC20InvalidReceiver(address(0));
              }
              _update(address(0), account, value);
          }
          /**
           * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
           * Relies on the `_update` mechanism.
           *
           * Emits a {Transfer} event with `to` set to the zero address.
           *
           * NOTE: This function is not virtual, {_update} should be overridden instead
           */
          function _burn(address account, uint256 value) internal {
              if (account == address(0)) {
                  revert ERC20InvalidSender(address(0));
              }
              _update(account, address(0), value);
          }
          /**
           * @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
           *
           * This internal function is equivalent to `approve`, and can be used to
           * e.g. set automatic allowances for certain subsystems, etc.
           *
           * Emits an {Approval} event.
           *
           * Requirements:
           *
           * - `owner` cannot be the zero address.
           * - `spender` cannot be the zero address.
           *
           * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
           */
          function _approve(address owner, address spender, uint256 value) internal {
              _approve(owner, spender, value, true);
          }
          /**
           * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
           *
           * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
           * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
           * `Approval` event during `transferFrom` operations.
           *
           * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
           * true using the following override:
           * ```
           * function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
           *     super._approve(owner, spender, value, true);
           * }
           * ```
           *
           * Requirements are the same as {_approve}.
           */
          function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
              if (owner == address(0)) {
                  revert ERC20InvalidApprover(address(0));
              }
              if (spender == address(0)) {
                  revert ERC20InvalidSpender(address(0));
              }
              _allowances[owner][spender] = value;
              if (emitEvent) {
                  emit Approval(owner, spender, value);
              }
          }
          /**
           * @dev Updates `owner` s allowance for `spender` based on spent `value`.
           *
           * Does not update the allowance value in case of infinite allowance.
           * Revert if not enough allowance is available.
           *
           * Does not emit an {Approval} event.
           */
          function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
              uint256 currentAllowance = allowance(owner, spender);
              if (currentAllowance != type(uint256).max) {
                  if (currentAllowance < value) {
                      revert ERC20InsufficientAllowance(spender, currentAllowance, value);
                  }
                  unchecked {
                      _approve(owner, spender, currentAllowance - value, false);
                  }
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Burnable.sol)
      pragma solidity ^0.8.20;
      import {ERC20} from "../ERC20.sol";
      import {Context} from "../../../utils/Context.sol";
      /**
       * @dev Extension of {ERC20} that allows token holders to destroy both their own
       * tokens and those that they have an allowance for, in a way that can be
       * recognized off-chain (via event analysis).
       */
      abstract contract ERC20Burnable is Context, ERC20 {
          /**
           * @dev Destroys a `value` amount of tokens from the caller.
           *
           * See {ERC20-_burn}.
           */
          function burn(uint256 value) public virtual {
              _burn(_msgSender(), value);
          }
          /**
           * @dev Destroys a `value` amount of tokens from `account`, deducting from
           * the caller's allowance.
           *
           * See {ERC20-_burn} and {ERC20-allowance}.
           *
           * Requirements:
           *
           * - the caller must have allowance for ``accounts``'s tokens of at least
           * `value`.
           */
          function burnFrom(address account, uint256 value) public virtual {
              _spendAllowance(account, _msgSender(), value);
              _burn(account, value);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Permit.sol)
      pragma solidity ^0.8.20;
      import {IERC20Permit} from "./IERC20Permit.sol";
      import {ERC20} from "../ERC20.sol";
      import {ECDSA} from "../../../utils/cryptography/ECDSA.sol";
      import {EIP712} from "../../../utils/cryptography/EIP712.sol";
      import {Nonces} from "../../../utils/Nonces.sol";
      /**
       * @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
       * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
       *
       * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
       * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
       * need to send a transaction, and thus is not required to hold Ether at all.
       */
      abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712, Nonces {
          bytes32 private constant PERMIT_TYPEHASH =
              keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
          /**
           * @dev Permit deadline has expired.
           */
          error ERC2612ExpiredSignature(uint256 deadline);
          /**
           * @dev Mismatched signature.
           */
          error ERC2612InvalidSigner(address signer, address owner);
          /**
           * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
           *
           * It's a good idea to use the same `name` that is defined as the ERC20 token name.
           */
          constructor(string memory name) EIP712(name, "1") {}
          /**
           * @inheritdoc IERC20Permit
           */
          function permit(
              address owner,
              address spender,
              uint256 value,
              uint256 deadline,
              uint8 v,
              bytes32 r,
              bytes32 s
          ) public virtual {
              if (block.timestamp > deadline) {
                  revert ERC2612ExpiredSignature(deadline);
              }
              bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));
              bytes32 hash = _hashTypedDataV4(structHash);
              address signer = ECDSA.recover(hash, v, r, s);
              if (signer != owner) {
                  revert ERC2612InvalidSigner(signer, owner);
              }
              _approve(owner, spender, value);
          }
          /**
           * @inheritdoc IERC20Permit
           */
          function nonces(address owner) public view virtual override(IERC20Permit, Nonces) returns (uint256) {
              return super.nonces(owner);
          }
          /**
           * @inheritdoc IERC20Permit
           */
          // solhint-disable-next-line func-name-mixedcase
          function DOMAIN_SEPARATOR() external view virtual returns (bytes32) {
              return _domainSeparatorV4();
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)
      pragma solidity ^0.8.20;
      import {IERC20} from "../IERC20.sol";
      /**
       * @dev Interface for the optional metadata functions from the ERC20 standard.
       */
      interface IERC20Metadata is IERC20 {
          /**
           * @dev Returns the name of the token.
           */
          function name() external view returns (string memory);
          /**
           * @dev Returns the symbol of the token.
           */
          function symbol() external view returns (string memory);
          /**
           * @dev Returns the decimals places of the token.
           */
          function decimals() external view returns (uint8);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
       * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
       *
       * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
       * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
       * need to send a transaction, and thus is not required to hold Ether at all.
       *
       * ==== Security Considerations
       *
       * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
       * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
       * considered as an intention to spend the allowance in any specific way. The second is that because permits have
       * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
       * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
       * generally recommended is:
       *
       * ```solidity
       * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
       *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
       *     doThing(..., value);
       * }
       *
       * function doThing(..., uint256 value) public {
       *     token.safeTransferFrom(msg.sender, address(this), value);
       *     ...
       * }
       * ```
       *
       * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
       * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
       * {SafeERC20-safeTransferFrom}).
       *
       * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
       * contracts should have entry points that don't rely on permit.
       */
      interface IERC20Permit {
          /**
           * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
           * given ``owner``'s signed approval.
           *
           * IMPORTANT: The same issues {IERC20-approve} has related to transaction
           * ordering also apply here.
           *
           * Emits an {Approval} event.
           *
           * Requirements:
           *
           * - `spender` cannot be the zero address.
           * - `deadline` must be a timestamp in the future.
           * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
           * over the EIP712-formatted function arguments.
           * - the signature must use ``owner``'s current nonce (see {nonces}).
           *
           * For more information on the signature format, see the
           * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
           * section].
           *
           * CAUTION: See Security Considerations above.
           */
          function permit(
              address owner,
              address spender,
              uint256 value,
              uint256 deadline,
              uint8 v,
              bytes32 r,
              bytes32 s
          ) external;
          /**
           * @dev Returns the current nonce for `owner`. This value must be
           * included whenever a signature is generated for {permit}.
           *
           * Every successful call to {permit} increases ``owner``'s nonce by one. This
           * prevents a signature from being used multiple times.
           */
          function nonces(address owner) external view returns (uint256);
          /**
           * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
           */
          // solhint-disable-next-line func-name-mixedcase
          function DOMAIN_SEPARATOR() external view returns (bytes32);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Interface of the ERC20 standard as defined in the EIP.
       */
      interface IERC20 {
          /**
           * @dev Emitted when `value` tokens are moved from one account (`from`) to
           * another (`to`).
           *
           * Note that `value` may be zero.
           */
          event Transfer(address indexed from, address indexed to, uint256 value);
          /**
           * @dev Emitted when the allowance of a `spender` for an `owner` is set by
           * a call to {approve}. `value` is the new allowance.
           */
          event Approval(address indexed owner, address indexed spender, uint256 value);
          /**
           * @dev Returns the value of tokens in existence.
           */
          function totalSupply() external view returns (uint256);
          /**
           * @dev Returns the value of tokens owned by `account`.
           */
          function balanceOf(address account) external view returns (uint256);
          /**
           * @dev Moves a `value` amount of tokens from the caller's account to `to`.
           *
           * Returns a boolean value indicating whether the operation succeeded.
           *
           * Emits a {Transfer} event.
           */
          function transfer(address to, uint256 value) external returns (bool);
          /**
           * @dev Returns the remaining number of tokens that `spender` will be
           * allowed to spend on behalf of `owner` through {transferFrom}. This is
           * zero by default.
           *
           * This value changes when {approve} or {transferFrom} are called.
           */
          function allowance(address owner, address spender) external view returns (uint256);
          /**
           * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
           * caller's tokens.
           *
           * Returns a boolean value indicating whether the operation succeeded.
           *
           * IMPORTANT: Beware that changing an allowance with this method brings the risk
           * that someone may use both the old and the new allowance by unfortunate
           * transaction ordering. One possible solution to mitigate this race
           * condition is to first reduce the spender's allowance to 0 and set the
           * desired value afterwards:
           * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
           *
           * Emits an {Approval} event.
           */
          function approve(address spender, uint256 value) external returns (bool);
          /**
           * @dev Moves a `value` amount of tokens from `from` to `to` using the
           * allowance mechanism. `value` is then deducted from the caller's
           * allowance.
           *
           * Returns a boolean value indicating whether the operation succeeded.
           *
           * Emits a {Transfer} event.
           */
          function transferFrom(address from, address to, uint256 value) external returns (bool);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Provides information about the current execution context, including the
       * sender of the transaction and its data. While these are generally available
       * via msg.sender and msg.data, they should not be accessed in such a direct
       * manner, since when dealing with meta-transactions the account sending and
       * paying for execution may not be the actual sender (as far as an application
       * is concerned).
       *
       * This contract is only required for intermediate, library-like contracts.
       */
      abstract contract Context {
          function _msgSender() internal view virtual returns (address) {
              return msg.sender;
          }
          function _msgData() internal view virtual returns (bytes calldata) {
              return msg.data;
          }
          function _contextSuffixLength() internal view virtual returns (uint256) {
              return 0;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
       *
       * These functions can be used to verify that a message was signed by the holder
       * of the private keys of a given address.
       */
      library ECDSA {
          enum RecoverError {
              NoError,
              InvalidSignature,
              InvalidSignatureLength,
              InvalidSignatureS
          }
          /**
           * @dev The signature derives the `address(0)`.
           */
          error ECDSAInvalidSignature();
          /**
           * @dev The signature has an invalid length.
           */
          error ECDSAInvalidSignatureLength(uint256 length);
          /**
           * @dev The signature has an S value that is in the upper half order.
           */
          error ECDSAInvalidSignatureS(bytes32 s);
          /**
           * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
           * return address(0) without also returning an error description. Errors are documented using an enum (error type)
           * and a bytes32 providing additional information about the error.
           *
           * If no error is returned, then the address can be used for verification purposes.
           *
           * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
           * this function rejects them by requiring the `s` value to be in the lower
           * half order, and the `v` value to be either 27 or 28.
           *
           * IMPORTANT: `hash` _must_ be the result of a hash operation for the
           * verification to be secure: it is possible to craft signatures that
           * recover to arbitrary addresses for non-hashed data. A safe way to ensure
           * this is by receiving a hash of the original message (which may otherwise
           * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
           *
           * Documentation for signature generation:
           * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
           * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
           */
          function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError, bytes32) {
              if (signature.length == 65) {
                  bytes32 r;
                  bytes32 s;
                  uint8 v;
                  // ecrecover takes the signature parameters, and the only way to get them
                  // currently is to use assembly.
                  /// @solidity memory-safe-assembly
                  assembly {
                      r := mload(add(signature, 0x20))
                      s := mload(add(signature, 0x40))
                      v := byte(0, mload(add(signature, 0x60)))
                  }
                  return tryRecover(hash, v, r, s);
              } else {
                  return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
              }
          }
          /**
           * @dev Returns the address that signed a hashed message (`hash`) with
           * `signature`. This address can then be used for verification purposes.
           *
           * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
           * this function rejects them by requiring the `s` value to be in the lower
           * half order, and the `v` value to be either 27 or 28.
           *
           * IMPORTANT: `hash` _must_ be the result of a hash operation for the
           * verification to be secure: it is possible to craft signatures that
           * recover to arbitrary addresses for non-hashed data. A safe way to ensure
           * this is by receiving a hash of the original message (which may otherwise
           * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
           */
          function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
              (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
              _throwError(error, errorArg);
              return recovered;
          }
          /**
           * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
           *
           * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
           */
          function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError, bytes32) {
              unchecked {
                  bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
                  // We do not check for an overflow here since the shift operation results in 0 or 1.
                  uint8 v = uint8((uint256(vs) >> 255) + 27);
                  return tryRecover(hash, v, r, s);
              }
          }
          /**
           * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
           */
          function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
              (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
              _throwError(error, errorArg);
              return recovered;
          }
          /**
           * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
           * `r` and `s` signature fields separately.
           */
          function tryRecover(
              bytes32 hash,
              uint8 v,
              bytes32 r,
              bytes32 s
          ) internal pure returns (address, RecoverError, bytes32) {
              // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
              // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
              // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
              // signatures from current libraries generate a unique signature with an s-value in the lower half order.
              //
              // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
              // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
              // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
              // these malleable signatures as well.
              if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
                  return (address(0), RecoverError.InvalidSignatureS, s);
              }
              // If the signature is valid (and not malleable), return the signer address
              address signer = ecrecover(hash, v, r, s);
              if (signer == address(0)) {
                  return (address(0), RecoverError.InvalidSignature, bytes32(0));
              }
              return (signer, RecoverError.NoError, bytes32(0));
          }
          /**
           * @dev Overload of {ECDSA-recover} that receives the `v`,
           * `r` and `s` signature fields separately.
           */
          function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
              (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
              _throwError(error, errorArg);
              return recovered;
          }
          /**
           * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
           */
          function _throwError(RecoverError error, bytes32 errorArg) private pure {
              if (error == RecoverError.NoError) {
                  return; // no error: do nothing
              } else if (error == RecoverError.InvalidSignature) {
                  revert ECDSAInvalidSignature();
              } else if (error == RecoverError.InvalidSignatureLength) {
                  revert ECDSAInvalidSignatureLength(uint256(errorArg));
              } else if (error == RecoverError.InvalidSignatureS) {
                  revert ECDSAInvalidSignatureS(errorArg);
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/EIP712.sol)
      pragma solidity ^0.8.20;
      import {MessageHashUtils} from "./MessageHashUtils.sol";
      import {ShortStrings, ShortString} from "../ShortStrings.sol";
      import {IERC5267} from "../../interfaces/IERC5267.sol";
      /**
       * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
       *
       * The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose
       * encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract
       * does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to
       * produce the hash of their typed data using a combination of `abi.encode` and `keccak256`.
       *
       * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
       * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
       * ({_hashTypedDataV4}).
       *
       * The implementation of the domain separator was designed to be as efficient as possible while still properly updating
       * the chain id to protect against replay attacks on an eventual fork of the chain.
       *
       * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
       * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
       *
       * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
       * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the
       * separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
       *
       * @custom:oz-upgrades-unsafe-allow state-variable-immutable
       */
      abstract contract EIP712 is IERC5267 {
          using ShortStrings for *;
          bytes32 private constant TYPE_HASH =
              keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
          // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
          // invalidate the cached domain separator if the chain id changes.
          bytes32 private immutable _cachedDomainSeparator;
          uint256 private immutable _cachedChainId;
          address private immutable _cachedThis;
          bytes32 private immutable _hashedName;
          bytes32 private immutable _hashedVersion;
          ShortString private immutable _name;
          ShortString private immutable _version;
          string private _nameFallback;
          string private _versionFallback;
          /**
           * @dev Initializes the domain separator and parameter caches.
           *
           * The meaning of `name` and `version` is specified in
           * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
           *
           * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
           * - `version`: the current major version of the signing domain.
           *
           * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
           * contract upgrade].
           */
          constructor(string memory name, string memory version) {
              _name = name.toShortStringWithFallback(_nameFallback);
              _version = version.toShortStringWithFallback(_versionFallback);
              _hashedName = keccak256(bytes(name));
              _hashedVersion = keccak256(bytes(version));
              _cachedChainId = block.chainid;
              _cachedDomainSeparator = _buildDomainSeparator();
              _cachedThis = address(this);
          }
          /**
           * @dev Returns the domain separator for the current chain.
           */
          function _domainSeparatorV4() internal view returns (bytes32) {
              if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
                  return _cachedDomainSeparator;
              } else {
                  return _buildDomainSeparator();
              }
          }
          function _buildDomainSeparator() private view returns (bytes32) {
              return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
          }
          /**
           * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
           * function returns the hash of the fully encoded EIP712 message for this domain.
           *
           * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
           *
           * ```solidity
           * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
           *     keccak256("Mail(address to,string contents)"),
           *     mailTo,
           *     keccak256(bytes(mailContents))
           * )));
           * address signer = ECDSA.recover(digest, signature);
           * ```
           */
          function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
              return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash);
          }
          /**
           * @dev See {IERC-5267}.
           */
          function eip712Domain()
              public
              view
              virtual
              returns (
                  bytes1 fields,
                  string memory name,
                  string memory version,
                  uint256 chainId,
                  address verifyingContract,
                  bytes32 salt,
                  uint256[] memory extensions
              )
          {
              return (
                  hex"0f", // 01111
                  _EIP712Name(),
                  _EIP712Version(),
                  block.chainid,
                  address(this),
                  bytes32(0),
                  new uint256[](0)
              );
          }
          /**
           * @dev The name parameter for the EIP712 domain.
           *
           * NOTE: By default this function reads _name which is an immutable value.
           * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).
           */
          // solhint-disable-next-line func-name-mixedcase
          function _EIP712Name() internal view returns (string memory) {
              return _name.toStringWithFallback(_nameFallback);
          }
          /**
           * @dev The version parameter for the EIP712 domain.
           *
           * NOTE: By default this function reads _version which is an immutable value.
           * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).
           */
          // solhint-disable-next-line func-name-mixedcase
          function _EIP712Version() internal view returns (string memory) {
              return _version.toStringWithFallback(_versionFallback);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MessageHashUtils.sol)
      pragma solidity ^0.8.20;
      import {Strings} from "../Strings.sol";
      /**
       * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
       *
       * The library provides methods for generating a hash of a message that conforms to the
       * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
       * specifications.
       */
      library MessageHashUtils {
          /**
           * @dev Returns the keccak256 digest of an EIP-191 signed data with version
           * `0x45` (`personal_sign` messages).
           *
           * The digest is calculated by prefixing a bytes32 `messageHash` with
           * `"\\x19Ethereum Signed Message:\
      32"` and hashing the result. It corresponds with the
           * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
           *
           * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
           * keccak256, although any bytes32 value can be safely used because the final digest will
           * be re-hashed.
           *
           * See {ECDSA-recover}.
           */
          function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
              /// @solidity memory-safe-assembly
              assembly {
                  mstore(0x00, "\\x19Ethereum Signed Message:\
      32") // 32 is the bytes-length of messageHash
                  mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
                  digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
              }
          }
          /**
           * @dev Returns the keccak256 digest of an EIP-191 signed data with version
           * `0x45` (`personal_sign` messages).
           *
           * The digest is calculated by prefixing an arbitrary `message` with
           * `"\\x19Ethereum Signed Message:\
      " + len(message)` and hashing the result. It corresponds with the
           * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
           *
           * See {ECDSA-recover}.
           */
          function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
              return
                  keccak256(bytes.concat("\\x19Ethereum Signed Message:\
      ", bytes(Strings.toString(message.length)), message));
          }
          /**
           * @dev Returns the keccak256 digest of an EIP-191 signed data with version
           * `0x00` (data with intended validator).
           *
           * The digest is calculated by prefixing an arbitrary `data` with `"\\x19\\x00"` and the intended
           * `validator` address. Then hashing the result.
           *
           * See {ECDSA-recover}.
           */
          function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
              return keccak256(abi.encodePacked(hex"19_00", validator, data));
          }
          /**
           * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
           *
           * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
           * `\\x19\\x01` and hashing the result. It corresponds to the hash signed by the
           * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
           *
           * See {ECDSA-recover}.
           */
          function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
              /// @solidity memory-safe-assembly
              assembly {
                  let ptr := mload(0x40)
                  mstore(ptr, hex"19_01")
                  mstore(add(ptr, 0x02), domainSeparator)
                  mstore(add(ptr, 0x22), structHash)
                  digest := keccak256(ptr, 0x42)
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Standard math utilities missing in the Solidity language.
       */
      library Math {
          /**
           * @dev Muldiv operation overflow.
           */
          error MathOverflowedMulDiv();
          enum Rounding {
              Floor, // Toward negative infinity
              Ceil, // Toward positive infinity
              Trunc, // Toward zero
              Expand // Away from zero
          }
          /**
           * @dev Returns the addition of two unsigned integers, with an overflow flag.
           */
          function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
              unchecked {
                  uint256 c = a + b;
                  if (c < a) return (false, 0);
                  return (true, c);
              }
          }
          /**
           * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
           */
          function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
              unchecked {
                  if (b > a) return (false, 0);
                  return (true, a - b);
              }
          }
          /**
           * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
           */
          function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
              unchecked {
                  // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
                  // benefit is lost if 'b' is also tested.
                  // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
                  if (a == 0) return (true, 0);
                  uint256 c = a * b;
                  if (c / a != b) return (false, 0);
                  return (true, c);
              }
          }
          /**
           * @dev Returns the division of two unsigned integers, with a division by zero flag.
           */
          function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
              unchecked {
                  if (b == 0) return (false, 0);
                  return (true, a / b);
              }
          }
          /**
           * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
           */
          function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
              unchecked {
                  if (b == 0) return (false, 0);
                  return (true, a % b);
              }
          }
          /**
           * @dev Returns the largest of two numbers.
           */
          function max(uint256 a, uint256 b) internal pure returns (uint256) {
              return a > b ? a : b;
          }
          /**
           * @dev Returns the smallest of two numbers.
           */
          function min(uint256 a, uint256 b) internal pure returns (uint256) {
              return a < b ? a : b;
          }
          /**
           * @dev Returns the average of two numbers. The result is rounded towards
           * zero.
           */
          function average(uint256 a, uint256 b) internal pure returns (uint256) {
              // (a + b) / 2 can overflow.
              return (a & b) + (a ^ b) / 2;
          }
          /**
           * @dev Returns the ceiling of the division of two numbers.
           *
           * This differs from standard division with `/` in that it rounds towards infinity instead
           * of rounding towards zero.
           */
          function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
              if (b == 0) {
                  // Guarantee the same behavior as in a regular Solidity division.
                  return a / b;
              }
              // (a + b - 1) / b can overflow on addition, so we distribute.
              return a == 0 ? 0 : (a - 1) / b + 1;
          }
          /**
           * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
           * denominator == 0.
           * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
           * Uniswap Labs also under MIT license.
           */
          function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
              unchecked {
                  // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
                  // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
                  // variables such that product = prod1 * 2^256 + prod0.
                  uint256 prod0 = x * y; // Least significant 256 bits of the product
                  uint256 prod1; // Most significant 256 bits of the product
                  assembly {
                      let mm := mulmod(x, y, not(0))
                      prod1 := sub(sub(mm, prod0), lt(mm, prod0))
                  }
                  // Handle non-overflow cases, 256 by 256 division.
                  if (prod1 == 0) {
                      // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                      // The surrounding unchecked block does not change this fact.
                      // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                      return prod0 / denominator;
                  }
                  // Make sure the result is less than 2^256. Also prevents denominator == 0.
                  if (denominator <= prod1) {
                      revert MathOverflowedMulDiv();
                  }
                  ///////////////////////////////////////////////
                  // 512 by 256 division.
                  ///////////////////////////////////////////////
                  // Make division exact by subtracting the remainder from [prod1 prod0].
                  uint256 remainder;
                  assembly {
                      // Compute remainder using mulmod.
                      remainder := mulmod(x, y, denominator)
                      // Subtract 256 bit number from 512 bit number.
                      prod1 := sub(prod1, gt(remainder, prod0))
                      prod0 := sub(prod0, remainder)
                  }
                  // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
                  // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
                  uint256 twos = denominator & (0 - denominator);
                  assembly {
                      // Divide denominator by twos.
                      denominator := div(denominator, twos)
                      // Divide [prod1 prod0] by twos.
                      prod0 := div(prod0, twos)
                      // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                      twos := add(div(sub(0, twos), twos), 1)
                  }
                  // Shift in bits from prod1 into prod0.
                  prod0 |= prod1 * twos;
                  // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
                  // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
                  // four bits. That is, denominator * inv = 1 mod 2^4.
                  uint256 inverse = (3 * denominator) ^ 2;
                  // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
                  // works in modular arithmetic, doubling the correct bits in each step.
                  inverse *= 2 - denominator * inverse; // inverse mod 2^8
                  inverse *= 2 - denominator * inverse; // inverse mod 2^16
                  inverse *= 2 - denominator * inverse; // inverse mod 2^32
                  inverse *= 2 - denominator * inverse; // inverse mod 2^64
                  inverse *= 2 - denominator * inverse; // inverse mod 2^128
                  inverse *= 2 - denominator * inverse; // inverse mod 2^256
                  // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
                  // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
                  // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
                  // is no longer required.
                  result = prod0 * inverse;
                  return result;
              }
          }
          /**
           * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
           */
          function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
              uint256 result = mulDiv(x, y, denominator);
              if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
                  result += 1;
              }
              return result;
          }
          /**
           * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
           * towards zero.
           *
           * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
           */
          function sqrt(uint256 a) internal pure returns (uint256) {
              if (a == 0) {
                  return 0;
              }
              // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
              //
              // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
              // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
              //
              // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
              // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
              // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
              //
              // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
              uint256 result = 1 << (log2(a) >> 1);
              // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
              // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
              // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
              // into the expected uint128 result.
              unchecked {
                  result = (result + a / result) >> 1;
                  result = (result + a / result) >> 1;
                  result = (result + a / result) >> 1;
                  result = (result + a / result) >> 1;
                  result = (result + a / result) >> 1;
                  result = (result + a / result) >> 1;
                  result = (result + a / result) >> 1;
                  return min(result, a / result);
              }
          }
          /**
           * @notice Calculates sqrt(a), following the selected rounding direction.
           */
          function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
              unchecked {
                  uint256 result = sqrt(a);
                  return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
              }
          }
          /**
           * @dev Return the log in base 2 of a positive value rounded towards zero.
           * Returns 0 if given 0.
           */
          function log2(uint256 value) internal pure returns (uint256) {
              uint256 result = 0;
              unchecked {
                  if (value >> 128 > 0) {
                      value >>= 128;
                      result += 128;
                  }
                  if (value >> 64 > 0) {
                      value >>= 64;
                      result += 64;
                  }
                  if (value >> 32 > 0) {
                      value >>= 32;
                      result += 32;
                  }
                  if (value >> 16 > 0) {
                      value >>= 16;
                      result += 16;
                  }
                  if (value >> 8 > 0) {
                      value >>= 8;
                      result += 8;
                  }
                  if (value >> 4 > 0) {
                      value >>= 4;
                      result += 4;
                  }
                  if (value >> 2 > 0) {
                      value >>= 2;
                      result += 2;
                  }
                  if (value >> 1 > 0) {
                      result += 1;
                  }
              }
              return result;
          }
          /**
           * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
           * Returns 0 if given 0.
           */
          function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
              unchecked {
                  uint256 result = log2(value);
                  return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
              }
          }
          /**
           * @dev Return the log in base 10 of a positive value rounded towards zero.
           * Returns 0 if given 0.
           */
          function log10(uint256 value) internal pure returns (uint256) {
              uint256 result = 0;
              unchecked {
                  if (value >= 10 ** 64) {
                      value /= 10 ** 64;
                      result += 64;
                  }
                  if (value >= 10 ** 32) {
                      value /= 10 ** 32;
                      result += 32;
                  }
                  if (value >= 10 ** 16) {
                      value /= 10 ** 16;
                      result += 16;
                  }
                  if (value >= 10 ** 8) {
                      value /= 10 ** 8;
                      result += 8;
                  }
                  if (value >= 10 ** 4) {
                      value /= 10 ** 4;
                      result += 4;
                  }
                  if (value >= 10 ** 2) {
                      value /= 10 ** 2;
                      result += 2;
                  }
                  if (value >= 10 ** 1) {
                      result += 1;
                  }
              }
              return result;
          }
          /**
           * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
           * Returns 0 if given 0.
           */
          function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
              unchecked {
                  uint256 result = log10(value);
                  return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
              }
          }
          /**
           * @dev Return the log in base 256 of a positive value rounded towards zero.
           * Returns 0 if given 0.
           *
           * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
           */
          function log256(uint256 value) internal pure returns (uint256) {
              uint256 result = 0;
              unchecked {
                  if (value >> 128 > 0) {
                      value >>= 128;
                      result += 16;
                  }
                  if (value >> 64 > 0) {
                      value >>= 64;
                      result += 8;
                  }
                  if (value >> 32 > 0) {
                      value >>= 32;
                      result += 4;
                  }
                  if (value >> 16 > 0) {
                      value >>= 16;
                      result += 2;
                  }
                  if (value >> 8 > 0) {
                      result += 1;
                  }
              }
              return result;
          }
          /**
           * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
           * Returns 0 if given 0.
           */
          function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
              unchecked {
                  uint256 result = log256(value);
                  return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
              }
          }
          /**
           * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
           */
          function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
              return uint8(rounding) % 2 == 1;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Standard signed math utilities missing in the Solidity language.
       */
      library SignedMath {
          /**
           * @dev Returns the largest of two signed numbers.
           */
          function max(int256 a, int256 b) internal pure returns (int256) {
              return a > b ? a : b;
          }
          /**
           * @dev Returns the smallest of two signed numbers.
           */
          function min(int256 a, int256 b) internal pure returns (int256) {
              return a < b ? a : b;
          }
          /**
           * @dev Returns the average of two signed numbers without overflow.
           * The result is rounded towards zero.
           */
          function average(int256 a, int256 b) internal pure returns (int256) {
              // Formula from the book "Hacker's Delight"
              int256 x = (a & b) + ((a ^ b) >> 1);
              return x + (int256(uint256(x) >> 255) & (a ^ b));
          }
          /**
           * @dev Returns the absolute unsigned value of a signed value.
           */
          function abs(int256 n) internal pure returns (uint256) {
              unchecked {
                  // must be unchecked in order to support `n = type(int256).min`
                  return uint256(n >= 0 ? n : -n);
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/Nonces.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Provides tracking nonces for addresses. Nonces will only increment.
       */
      abstract contract Nonces {
          /**
           * @dev The nonce used for an `account` is not the expected current nonce.
           */
          error InvalidAccountNonce(address account, uint256 currentNonce);
          mapping(address account => uint256) private _nonces;
          /**
           * @dev Returns the next unused nonce for an address.
           */
          function nonces(address owner) public view virtual returns (uint256) {
              return _nonces[owner];
          }
          /**
           * @dev Consumes a nonce.
           *
           * Returns the current value and increments nonce.
           */
          function _useNonce(address owner) internal virtual returns (uint256) {
              // For each account, the nonce has an initial value of 0, can only be incremented by one, and cannot be
              // decremented or reset. This guarantees that the nonce never overflows.
              unchecked {
                  // It is important to do x++ and not ++x here.
                  return _nonces[owner]++;
              }
          }
          /**
           * @dev Same as {_useNonce} but checking that `nonce` is the next valid for `owner`.
           */
          function _useCheckedNonce(address owner, uint256 nonce) internal virtual {
              uint256 current = _useNonce(owner);
              if (nonce != current) {
                  revert InvalidAccountNonce(owner, current);
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/ShortStrings.sol)
      pragma solidity ^0.8.20;
      import {StorageSlot} from "./StorageSlot.sol";
      // | string  | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   |
      // | length  | 0x                                                              BB |
      type ShortString is bytes32;
      /**
       * @dev This library provides functions to convert short memory strings
       * into a `ShortString` type that can be used as an immutable variable.
       *
       * Strings of arbitrary length can be optimized using this library if
       * they are short enough (up to 31 bytes) by packing them with their
       * length (1 byte) in a single EVM word (32 bytes). Additionally, a
       * fallback mechanism can be used for every other case.
       *
       * Usage example:
       *
       * ```solidity
       * contract Named {
       *     using ShortStrings for *;
       *
       *     ShortString private immutable _name;
       *     string private _nameFallback;
       *
       *     constructor(string memory contractName) {
       *         _name = contractName.toShortStringWithFallback(_nameFallback);
       *     }
       *
       *     function name() external view returns (string memory) {
       *         return _name.toStringWithFallback(_nameFallback);
       *     }
       * }
       * ```
       */
      library ShortStrings {
          // Used as an identifier for strings longer than 31 bytes.
          bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
          error StringTooLong(string str);
          error InvalidShortString();
          /**
           * @dev Encode a string of at most 31 chars into a `ShortString`.
           *
           * This will trigger a `StringTooLong` error is the input string is too long.
           */
          function toShortString(string memory str) internal pure returns (ShortString) {
              bytes memory bstr = bytes(str);
              if (bstr.length > 31) {
                  revert StringTooLong(str);
              }
              return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
          }
          /**
           * @dev Decode a `ShortString` back to a "normal" string.
           */
          function toString(ShortString sstr) internal pure returns (string memory) {
              uint256 len = byteLength(sstr);
              // using `new string(len)` would work locally but is not memory safe.
              string memory str = new string(32);
              /// @solidity memory-safe-assembly
              assembly {
                  mstore(str, len)
                  mstore(add(str, 0x20), sstr)
              }
              return str;
          }
          /**
           * @dev Return the length of a `ShortString`.
           */
          function byteLength(ShortString sstr) internal pure returns (uint256) {
              uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
              if (result > 31) {
                  revert InvalidShortString();
              }
              return result;
          }
          /**
           * @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
           */
          function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
              if (bytes(value).length < 32) {
                  return toShortString(value);
              } else {
                  StorageSlot.getStringSlot(store).value = value;
                  return ShortString.wrap(FALLBACK_SENTINEL);
              }
          }
          /**
           * @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
           */
          function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
              if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {
                  return toString(value);
              } else {
                  return store;
              }
          }
          /**
           * @dev Return the length of a string that was encoded to `ShortString` or written to storage using
           * {setWithFallback}.
           *
           * WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
           * actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
           */
          function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
              if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {
                  return byteLength(value);
              } else {
                  return bytes(store).length;
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
      // This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
      pragma solidity ^0.8.20;
      /**
       * @dev Library for reading and writing primitive types to specific storage slots.
       *
       * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
       * This library helps with reading and writing to such slots without the need for inline assembly.
       *
       * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
       *
       * Example usage to set ERC1967 implementation slot:
       * ```solidity
       * contract ERC1967 {
       *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
       *
       *     function _getImplementation() internal view returns (address) {
       *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
       *     }
       *
       *     function _setImplementation(address newImplementation) internal {
       *         require(newImplementation.code.length > 0);
       *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
       *     }
       * }
       * ```
       */
      library StorageSlot {
          struct AddressSlot {
              address value;
          }
          struct BooleanSlot {
              bool value;
          }
          struct Bytes32Slot {
              bytes32 value;
          }
          struct Uint256Slot {
              uint256 value;
          }
          struct StringSlot {
              string value;
          }
          struct BytesSlot {
              bytes value;
          }
          /**
           * @dev Returns an `AddressSlot` with member `value` located at `slot`.
           */
          function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `BooleanSlot` with member `value` located at `slot`.
           */
          function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
           */
          function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `Uint256Slot` with member `value` located at `slot`.
           */
          function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `StringSlot` with member `value` located at `slot`.
           */
          function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
           */
          function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := store.slot
              }
          }
          /**
           * @dev Returns an `BytesSlot` with member `value` located at `slot`.
           */
          function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := slot
              }
          }
          /**
           * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
           */
          function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
              /// @solidity memory-safe-assembly
              assembly {
                  r.slot := store.slot
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)
      pragma solidity ^0.8.20;
      import {Math} from "./math/Math.sol";
      import {SignedMath} from "./math/SignedMath.sol";
      /**
       * @dev String operations.
       */
      library Strings {
          bytes16 private constant HEX_DIGITS = "0123456789abcdef";
          uint8 private constant ADDRESS_LENGTH = 20;
          /**
           * @dev The `value` string doesn't fit in the specified `length`.
           */
          error StringsInsufficientHexLength(uint256 value, uint256 length);
          /**
           * @dev Converts a `uint256` to its ASCII `string` decimal representation.
           */
          function toString(uint256 value) internal pure returns (string memory) {
              unchecked {
                  uint256 length = Math.log10(value) + 1;
                  string memory buffer = new string(length);
                  uint256 ptr;
                  /// @solidity memory-safe-assembly
                  assembly {
                      ptr := add(buffer, add(32, length))
                  }
                  while (true) {
                      ptr--;
                      /// @solidity memory-safe-assembly
                      assembly {
                          mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
                      }
                      value /= 10;
                      if (value == 0) break;
                  }
                  return buffer;
              }
          }
          /**
           * @dev Converts a `int256` to its ASCII `string` decimal representation.
           */
          function toStringSigned(int256 value) internal pure returns (string memory) {
              return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
          }
          /**
           * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
           */
          function toHexString(uint256 value) internal pure returns (string memory) {
              unchecked {
                  return toHexString(value, Math.log256(value) + 1);
              }
          }
          /**
           * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
           */
          function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
              uint256 localValue = value;
              bytes memory buffer = new bytes(2 * length + 2);
              buffer[0] = "0";
              buffer[1] = "x";
              for (uint256 i = 2 * length + 1; i > 1; --i) {
                  buffer[i] = HEX_DIGITS[localValue & 0xf];
                  localValue >>= 4;
              }
              if (localValue != 0) {
                  revert StringsInsufficientHexLength(value, length);
              }
              return string(buffer);
          }
          /**
           * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
           * representation.
           */
          function toHexString(address addr) internal pure returns (string memory) {
              return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
          }
          /**
           * @dev Returns true if the two strings are equal.
           */
          function equal(string memory a, string memory b) internal pure returns (bool) {
              return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
          }
      }
      // SPDX-License-Identifier: MIT
      /**********************************************************************************************
       * ░░░░░██░███░░░░░░░░░░░░░░░░░░░░░░░░░░░░░████░░░░░░░░░░░░░░░░░░░██░████░████░░░░░░░░░░░░░░░ *
       * ░░░░░██░░░░░███░░░░░░░░░░░░░░░░░░░░░░██░░░░░░██░░░░░░░░░░░░░░░░██░░░░░░░░░████░░░░░░░░░░░░ *
       * ░░░░░██░░░░░░░████░░░░░░░░░░░░░░░░██░░░░░░░░░░░░██░░░░░░░░░░░░░██░░░░░░░░░████░░░░░░░░░░░░ *
       * ░░░░░██░░░░░░░░░████░░░░░░░░░░░░░██░░░░░░░░░░░░░░██░░░░░░░░░░░░██░░░░░░░░░████░░░░░░░░░░░░ *
       * ░░░░░██░░░░░░░░░░░███░░░░██░░░░░█░░░░░░░░░░░░░░░░░░█░░░░██░░░░░██░████░████░░░░░░░░░░░░░░░ *
       * ░░░░░██░░░░░░░░░░░███░░░░░░░░░░░░██░░░░░░░░░░░░░░██░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░ *
       * ░░░░░██░░░░░░░░░████░░░░░░░░░░░░░░██░░░░░░░░░░░░██░░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░ *
       * ░░░░░██░░░░░░░████░░░░░░░░░░░░░░░░░░░██░░░░░░██░░░░░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░ *
       * ░░░░░██░░░░░███░░░░░░░░░░░░░░░░░░░░░░░░░████░░░░░░░░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░ *
       * ░░░░░██░███░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██░░░░░░░░░░░░░░░░░░░░░░░░░ *
       **********************************************************************************************/
      pragma solidity 0.8.24;
      import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
      import { ERC20Permit } from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
      import { ERC20Burnable } from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol";
      import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
      /// @title DOP token contract
      /// @notice An ERC20 token
      contract DOP is ERC20, ERC20Permit, ERC20Burnable, Ownable {
          /// @notice Thrown when transfer is not enabled
          error TransferNotAllowed();
          /// @notice Thrown when there is an attempt to enable transfers more than once
          error AlreadyEnabled();
          /// A list of operational addresses which are allowed to transfer tokens while transfers are still disabled
          mapping(address => bool) public initiallyAllowedAccounts;
          /// Boolean flag indicating the current state of transfer functionality. Initially false, Can be toggled only once.
          bool public isTransferEnabled;
          /// @dev Emitted when the state of isTransferEnabled changes
          event TransfersEnabled();
          /// @dev Emitted when any account address is added in th allowed list
          event AllowListUpdated(address indexed account, bool state);
          /// @dev Constructor
          /// @param initialOwner The address of account in which tokens will be minted to
          /// @param initialAllowedList List of account addresses to allow transfer initially
          constructor(
              address initialOwner,
              address[] memory initialAllowedList
          ) ERC20("Data Ownership Protocol", "DOP") ERC20Permit("Data Ownership Protocol") Ownable(initialOwner) {
              for (uint256 i; i < initialAllowedList.length; ++i) {
                  _updateAccountState(initialAllowedList[i], true);
              }
              _mint(initialOwner, 23_447_160_768 * 10 ** decimals());
          }
          /// @notice Change the state of transfer to enable for all, call only once
          function enableTransfer() external onlyOwner {
              /// revert if already enabled
              if (isTransferEnabled) {
                  revert AlreadyEnabled();
              }
              isTransferEnabled = true;
              emit TransfersEnabled();
          }
          /// @dev Add an addresses to allowed list
          /// @param account The address of account of which state to be change
          /// @param state The new whitelist status of the address
          function updateAccountState(address account, bool state) external onlyOwner {
              _updateAccountState(account, state);
          }
          /// @dev Change account status to enable/disable transfer initially
          /// @param account The address of account of which state to be change
          /// @param newStatus The new whitelist status of the address
          function _updateAccountState(address account, bool newStatus) private {
              if (initiallyAllowedAccounts[account] != newStatus) {
                  initiallyAllowedAccounts[account] = newStatus;
                  emit AllowListUpdated({ account: account, state: newStatus });
              }
          }
          /// @dev Overridden to check if transfers are enabled
          function _update(address from, address to, uint256 value) internal override {
              if (isTransferEnabled) {
                  super._update(from, to, value);
                  return;
              }
              if (!initiallyAllowedAccounts[msg.sender]) {
                  revert TransferNotAllowed();
              }
              super._update(from, to, value);
          }
      }
      

      File 3 of 3: Staking
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
      pragma solidity ^0.8.20;
      import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
      import {Initializable} from "../proxy/utils/Initializable.sol";
      /**
       * @dev Contract module which provides a basic access control mechanism, where
       * there is an account (an owner) that can be granted exclusive access to
       * specific functions.
       *
       * The initial owner is set to the address provided by the deployer. This can
       * later be changed with {transferOwnership}.
       *
       * This module is used through inheritance. It will make available the modifier
       * `onlyOwner`, which can be applied to your functions to restrict their use to
       * the owner.
       */
      abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
          /// @custom:storage-location erc7201:openzeppelin.storage.Ownable
          struct OwnableStorage {
              address _owner;
          }
          // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
          bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;
          function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
              assembly {
                  $.slot := OwnableStorageLocation
              }
          }
          /**
           * @dev The caller account is not authorized to perform an operation.
           */
          error OwnableUnauthorizedAccount(address account);
          /**
           * @dev The owner is not a valid owner account. (eg. `address(0)`)
           */
          error OwnableInvalidOwner(address owner);
          event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
          /**
           * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
           */
          function __Ownable_init(address initialOwner) internal onlyInitializing {
              __Ownable_init_unchained(initialOwner);
          }
          function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
              if (initialOwner == address(0)) {
                  revert OwnableInvalidOwner(address(0));
              }
              _transferOwnership(initialOwner);
          }
          /**
           * @dev Throws if called by any account other than the owner.
           */
          modifier onlyOwner() {
              _checkOwner();
              _;
          }
          /**
           * @dev Returns the address of the current owner.
           */
          function owner() public view virtual returns (address) {
              OwnableStorage storage $ = _getOwnableStorage();
              return $._owner;
          }
          /**
           * @dev Throws if the sender is not the owner.
           */
          function _checkOwner() internal view virtual {
              if (owner() != _msgSender()) {
                  revert OwnableUnauthorizedAccount(_msgSender());
              }
          }
          /**
           * @dev Leaves the contract without owner. It will not be possible to call
           * `onlyOwner` functions. Can only be called by the current owner.
           *
           * NOTE: Renouncing ownership will leave the contract without an owner,
           * thereby disabling any functionality that is only available to the owner.
           */
          function renounceOwnership() public virtual onlyOwner {
              _transferOwnership(address(0));
          }
          /**
           * @dev Transfers ownership of the contract to a new account (`newOwner`).
           * Can only be called by the current owner.
           */
          function transferOwnership(address newOwner) public virtual onlyOwner {
              if (newOwner == address(0)) {
                  revert OwnableInvalidOwner(address(0));
              }
              _transferOwnership(newOwner);
          }
          /**
           * @dev Transfers ownership of the contract to a new account (`newOwner`).
           * Internal function without access restriction.
           */
          function _transferOwnership(address newOwner) internal virtual {
              OwnableStorage storage $ = _getOwnableStorage();
              address oldOwner = $._owner;
              $._owner = newOwner;
              emit OwnershipTransferred(oldOwner, newOwner);
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
       * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
       * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
       * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
       *
       * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
       * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
       * case an upgrade adds a module that needs to be initialized.
       *
       * For example:
       *
       * [.hljs-theme-light.nopadding]
       * ```solidity
       * contract MyToken is ERC20Upgradeable {
       *     function initialize() initializer public {
       *         __ERC20_init("MyToken", "MTK");
       *     }
       * }
       *
       * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
       *     function initializeV2() reinitializer(2) public {
       *         __ERC20Permit_init("MyToken");
       *     }
       * }
       * ```
       *
       * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
       * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
       *
       * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
       * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
       *
       * [CAUTION]
       * ====
       * Avoid leaving a contract uninitialized.
       *
       * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
       * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
       * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
       *
       * [.hljs-theme-light.nopadding]
       * ```
       * /// @custom:oz-upgrades-unsafe-allow constructor
       * constructor() {
       *     _disableInitializers();
       * }
       * ```
       * ====
       */
      abstract contract Initializable {
          /**
           * @dev Storage of the initializable contract.
           *
           * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
           * when using with upgradeable contracts.
           *
           * @custom:storage-location erc7201:openzeppelin.storage.Initializable
           */
          struct InitializableStorage {
              /**
               * @dev Indicates that the contract has been initialized.
               */
              uint64 _initialized;
              /**
               * @dev Indicates that the contract is in the process of being initialized.
               */
              bool _initializing;
          }
          // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
          bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
          /**
           * @dev The contract is already initialized.
           */
          error InvalidInitialization();
          /**
           * @dev The contract is not initializing.
           */
          error NotInitializing();
          /**
           * @dev Triggered when the contract has been initialized or reinitialized.
           */
          event Initialized(uint64 version);
          /**
           * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
           * `onlyInitializing` functions can be used to initialize parent contracts.
           *
           * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
           * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
           * production.
           *
           * Emits an {Initialized} event.
           */
          modifier initializer() {
              // solhint-disable-next-line var-name-mixedcase
              InitializableStorage storage $ = _getInitializableStorage();
              // Cache values to avoid duplicated sloads
              bool isTopLevelCall = !$._initializing;
              uint64 initialized = $._initialized;
              // Allowed calls:
              // - initialSetup: the contract is not in the initializing state and no previous version was
              //                 initialized
              // - construction: the contract is initialized at version 1 (no reininitialization) and the
              //                 current contract is just being deployed
              bool initialSetup = initialized == 0 && isTopLevelCall;
              bool construction = initialized == 1 && address(this).code.length == 0;
              if (!initialSetup && !construction) {
                  revert InvalidInitialization();
              }
              $._initialized = 1;
              if (isTopLevelCall) {
                  $._initializing = true;
              }
              _;
              if (isTopLevelCall) {
                  $._initializing = false;
                  emit Initialized(1);
              }
          }
          /**
           * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
           * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
           * used to initialize parent contracts.
           *
           * A reinitializer may be used after the original initialization step. This is essential to configure modules that
           * are added through upgrades and that require initialization.
           *
           * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
           * cannot be nested. If one is invoked in the context of another, execution will revert.
           *
           * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
           * a contract, executing them in the right order is up to the developer or operator.
           *
           * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
           *
           * Emits an {Initialized} event.
           */
          modifier reinitializer(uint64 version) {
              // solhint-disable-next-line var-name-mixedcase
              InitializableStorage storage $ = _getInitializableStorage();
              if ($._initializing || $._initialized >= version) {
                  revert InvalidInitialization();
              }
              $._initialized = version;
              $._initializing = true;
              _;
              $._initializing = false;
              emit Initialized(version);
          }
          /**
           * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
           * {initializer} and {reinitializer} modifiers, directly or indirectly.
           */
          modifier onlyInitializing() {
              _checkInitializing();
              _;
          }
          /**
           * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
           */
          function _checkInitializing() internal view virtual {
              if (!_isInitializing()) {
                  revert NotInitializing();
              }
          }
          /**
           * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
           * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
           * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
           * through proxies.
           *
           * Emits an {Initialized} event the first time it is successfully executed.
           */
          function _disableInitializers() internal virtual {
              // solhint-disable-next-line var-name-mixedcase
              InitializableStorage storage $ = _getInitializableStorage();
              if ($._initializing) {
                  revert InvalidInitialization();
              }
              if ($._initialized != type(uint64).max) {
                  $._initialized = type(uint64).max;
                  emit Initialized(type(uint64).max);
              }
          }
          /**
           * @dev Returns the highest version that has been initialized. See {reinitializer}.
           */
          function _getInitializedVersion() internal view returns (uint64) {
              return _getInitializableStorage()._initialized;
          }
          /**
           * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
           */
          function _isInitializing() internal view returns (bool) {
              return _getInitializableStorage()._initializing;
          }
          /**
           * @dev Returns a pointer to the storage namespace.
           */
          // solhint-disable-next-line var-name-mixedcase
          function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
              assembly {
                  $.slot := INITIALIZABLE_STORAGE
              }
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
      pragma solidity ^0.8.20;
      import {Initializable} from "../proxy/utils/Initializable.sol";
      /**
       * @dev Provides information about the current execution context, including the
       * sender of the transaction and its data. While these are generally available
       * via msg.sender and msg.data, they should not be accessed in such a direct
       * manner, since when dealing with meta-transactions the account sending and
       * paying for execution may not be the actual sender (as far as an application
       * is concerned).
       *
       * This contract is only required for intermediate, library-like contracts.
       */
      abstract contract ContextUpgradeable is Initializable {
          function __Context_init() internal onlyInitializing {
          }
          function __Context_init_unchained() internal onlyInitializing {
          }
          function _msgSender() internal view virtual returns (address) {
              return msg.sender;
          }
          function _msgData() internal view virtual returns (bytes calldata) {
              return msg.data;
          }
          function _contextSuffixLength() internal view virtual returns (uint256) {
              return 0;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)
      pragma solidity ^0.8.20;
      import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
      import {Initializable} from "../proxy/utils/Initializable.sol";
      /**
       * @dev Contract module which allows children to implement an emergency stop
       * mechanism that can be triggered by an authorized account.
       *
       * This module is used through inheritance. It will make available the
       * modifiers `whenNotPaused` and `whenPaused`, which can be applied to
       * the functions of your contract. Note that they will not be pausable by
       * simply including this module, only once the modifiers are put in place.
       */
      abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
          /// @custom:storage-location erc7201:openzeppelin.storage.Pausable
          struct PausableStorage {
              bool _paused;
          }
          // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
          bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;
          function _getPausableStorage() private pure returns (PausableStorage storage $) {
              assembly {
                  $.slot := PausableStorageLocation
              }
          }
          /**
           * @dev Emitted when the pause is triggered by `account`.
           */
          event Paused(address account);
          /**
           * @dev Emitted when the pause is lifted by `account`.
           */
          event Unpaused(address account);
          /**
           * @dev The operation failed because the contract is paused.
           */
          error EnforcedPause();
          /**
           * @dev The operation failed because the contract is not paused.
           */
          error ExpectedPause();
          /**
           * @dev Initializes the contract in unpaused state.
           */
          function __Pausable_init() internal onlyInitializing {
              __Pausable_init_unchained();
          }
          function __Pausable_init_unchained() internal onlyInitializing {
              PausableStorage storage $ = _getPausableStorage();
              $._paused = false;
          }
          /**
           * @dev Modifier to make a function callable only when the contract is not paused.
           *
           * Requirements:
           *
           * - The contract must not be paused.
           */
          modifier whenNotPaused() {
              _requireNotPaused();
              _;
          }
          /**
           * @dev Modifier to make a function callable only when the contract is paused.
           *
           * Requirements:
           *
           * - The contract must be paused.
           */
          modifier whenPaused() {
              _requirePaused();
              _;
          }
          /**
           * @dev Returns true if the contract is paused, and false otherwise.
           */
          function paused() public view virtual returns (bool) {
              PausableStorage storage $ = _getPausableStorage();
              return $._paused;
          }
          /**
           * @dev Throws if the contract is paused.
           */
          function _requireNotPaused() internal view virtual {
              if (paused()) {
                  revert EnforcedPause();
              }
          }
          /**
           * @dev Throws if the contract is not paused.
           */
          function _requirePaused() internal view virtual {
              if (!paused()) {
                  revert ExpectedPause();
              }
          }
          /**
           * @dev Triggers stopped state.
           *
           * Requirements:
           *
           * - The contract must not be paused.
           */
          function _pause() internal virtual whenNotPaused {
              PausableStorage storage $ = _getPausableStorage();
              $._paused = true;
              emit Paused(_msgSender());
          }
          /**
           * @dev Returns to normal state.
           *
           * Requirements:
           *
           * - The contract must be paused.
           */
          function _unpause() internal virtual whenPaused {
              PausableStorage storage $ = _getPausableStorage();
              $._paused = false;
              emit Unpaused(_msgSender());
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)
      pragma solidity ^0.8.20;
      import {Initializable} from "../proxy/utils/Initializable.sol";
      /**
       * @dev Contract module that helps prevent reentrant calls to a function.
       *
       * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
       * available, which can be applied to functions to make sure there are no nested
       * (reentrant) calls to them.
       *
       * Note that because there is a single `nonReentrant` guard, functions marked as
       * `nonReentrant` may not call one another. This can be worked around by making
       * those functions `private`, and then adding `external` `nonReentrant` entry
       * points to them.
       *
       * TIP: If you would like to learn more about reentrancy and alternative ways
       * to protect against it, check out our blog post
       * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
       */
      abstract contract ReentrancyGuardUpgradeable is Initializable {
          // Booleans are more expensive than uint256 or any type that takes up a full
          // word because each write operation emits an extra SLOAD to first read the
          // slot's contents, replace the bits taken up by the boolean, and then write
          // back. This is the compiler's defense against contract upgrades and
          // pointer aliasing, and it cannot be disabled.
          // The values being non-zero value makes deployment a bit more expensive,
          // but in exchange the refund on every call to nonReentrant will be lower in
          // amount. Since refunds are capped to a percentage of the total
          // transaction's gas, it is best to keep them low in cases like this one, to
          // increase the likelihood of the full refund coming into effect.
          uint256 private constant NOT_ENTERED = 1;
          uint256 private constant ENTERED = 2;
          /// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuard
          struct ReentrancyGuardStorage {
              uint256 _status;
          }
          // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
          bytes32 private constant ReentrancyGuardStorageLocation = 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;
          function _getReentrancyGuardStorage() private pure returns (ReentrancyGuardStorage storage $) {
              assembly {
                  $.slot := ReentrancyGuardStorageLocation
              }
          }
          /**
           * @dev Unauthorized reentrant call.
           */
          error ReentrancyGuardReentrantCall();
          function __ReentrancyGuard_init() internal onlyInitializing {
              __ReentrancyGuard_init_unchained();
          }
          function __ReentrancyGuard_init_unchained() internal onlyInitializing {
              ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
              $._status = NOT_ENTERED;
          }
          /**
           * @dev Prevents a contract from calling itself, directly or indirectly.
           * Calling a `nonReentrant` function from another `nonReentrant`
           * function is not supported. It is possible to prevent this from happening
           * by making the `nonReentrant` function external, and making it call a
           * `private` function that does the actual work.
           */
          modifier nonReentrant() {
              _nonReentrantBefore();
              _;
              _nonReentrantAfter();
          }
          function _nonReentrantBefore() private {
              ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
              // On the first call to nonReentrant, _status will be NOT_ENTERED
              if ($._status == ENTERED) {
                  revert ReentrancyGuardReentrantCall();
              }
              // Any calls to nonReentrant after this point will fail
              $._status = ENTERED;
          }
          function _nonReentrantAfter() private {
              ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
              // By storing the original value once again, a refund is triggered (see
              // https://eips.ethereum.org/EIPS/eip-2200)
              $._status = NOT_ENTERED;
          }
          /**
           * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
           * `nonReentrant` function in the call stack.
           */
          function _reentrancyGuardEntered() internal view returns (bool) {
              ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
              return $._status == ENTERED;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
       * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
       *
       * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
       * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
       * need to send a transaction, and thus is not required to hold Ether at all.
       *
       * ==== Security Considerations
       *
       * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
       * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
       * considered as an intention to spend the allowance in any specific way. The second is that because permits have
       * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
       * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
       * generally recommended is:
       *
       * ```solidity
       * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
       *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
       *     doThing(..., value);
       * }
       *
       * function doThing(..., uint256 value) public {
       *     token.safeTransferFrom(msg.sender, address(this), value);
       *     ...
       * }
       * ```
       *
       * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
       * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
       * {SafeERC20-safeTransferFrom}).
       *
       * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
       * contracts should have entry points that don't rely on permit.
       */
      interface IERC20Permit {
          /**
           * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
           * given ``owner``'s signed approval.
           *
           * IMPORTANT: The same issues {IERC20-approve} has related to transaction
           * ordering also apply here.
           *
           * Emits an {Approval} event.
           *
           * Requirements:
           *
           * - `spender` cannot be the zero address.
           * - `deadline` must be a timestamp in the future.
           * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
           * over the EIP712-formatted function arguments.
           * - the signature must use ``owner``'s current nonce (see {nonces}).
           *
           * For more information on the signature format, see the
           * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
           * section].
           *
           * CAUTION: See Security Considerations above.
           */
          function permit(
              address owner,
              address spender,
              uint256 value,
              uint256 deadline,
              uint8 v,
              bytes32 r,
              bytes32 s
          ) external;
          /**
           * @dev Returns the current nonce for `owner`. This value must be
           * included whenever a signature is generated for {permit}.
           *
           * Every successful call to {permit} increases ``owner``'s nonce by one. This
           * prevents a signature from being used multiple times.
           */
          function nonces(address owner) external view returns (uint256);
          /**
           * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
           */
          // solhint-disable-next-line func-name-mixedcase
          function DOMAIN_SEPARATOR() external view returns (bytes32);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Interface of the ERC20 standard as defined in the EIP.
       */
      interface IERC20 {
          /**
           * @dev Emitted when `value` tokens are moved from one account (`from`) to
           * another (`to`).
           *
           * Note that `value` may be zero.
           */
          event Transfer(address indexed from, address indexed to, uint256 value);
          /**
           * @dev Emitted when the allowance of a `spender` for an `owner` is set by
           * a call to {approve}. `value` is the new allowance.
           */
          event Approval(address indexed owner, address indexed spender, uint256 value);
          /**
           * @dev Returns the value of tokens in existence.
           */
          function totalSupply() external view returns (uint256);
          /**
           * @dev Returns the value of tokens owned by `account`.
           */
          function balanceOf(address account) external view returns (uint256);
          /**
           * @dev Moves a `value` amount of tokens from the caller's account to `to`.
           *
           * Returns a boolean value indicating whether the operation succeeded.
           *
           * Emits a {Transfer} event.
           */
          function transfer(address to, uint256 value) external returns (bool);
          /**
           * @dev Returns the remaining number of tokens that `spender` will be
           * allowed to spend on behalf of `owner` through {transferFrom}. This is
           * zero by default.
           *
           * This value changes when {approve} or {transferFrom} are called.
           */
          function allowance(address owner, address spender) external view returns (uint256);
          /**
           * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
           * caller's tokens.
           *
           * Returns a boolean value indicating whether the operation succeeded.
           *
           * IMPORTANT: Beware that changing an allowance with this method brings the risk
           * that someone may use both the old and the new allowance by unfortunate
           * transaction ordering. One possible solution to mitigate this race
           * condition is to first reduce the spender's allowance to 0 and set the
           * desired value afterwards:
           * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
           *
           * Emits an {Approval} event.
           */
          function approve(address spender, uint256 value) external returns (bool);
          /**
           * @dev Moves a `value` amount of tokens from `from` to `to` using the
           * allowance mechanism. `value` is then deducted from the caller's
           * allowance.
           *
           * Returns a boolean value indicating whether the operation succeeded.
           *
           * Emits a {Transfer} event.
           */
          function transferFrom(address from, address to, uint256 value) external returns (bool);
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)
      pragma solidity ^0.8.20;
      import {IERC20} from "../IERC20.sol";
      import {IERC20Permit} from "../extensions/IERC20Permit.sol";
      import {Address} from "../../../utils/Address.sol";
      /**
       * @title SafeERC20
       * @dev Wrappers around ERC20 operations that throw on failure (when the token
       * contract returns false). Tokens that return no value (and instead revert or
       * throw on failure) are also supported, non-reverting calls are assumed to be
       * successful.
       * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
       * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
       */
      library SafeERC20 {
          using Address for address;
          /**
           * @dev An operation with an ERC20 token failed.
           */
          error SafeERC20FailedOperation(address token);
          /**
           * @dev Indicates a failed `decreaseAllowance` request.
           */
          error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
          /**
           * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
           * non-reverting calls are assumed to be successful.
           */
          function safeTransfer(IERC20 token, address to, uint256 value) internal {
              _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
          }
          /**
           * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
           * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
           */
          function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
              _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
          }
          /**
           * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
           * non-reverting calls are assumed to be successful.
           */
          function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
              uint256 oldAllowance = token.allowance(address(this), spender);
              forceApprove(token, spender, oldAllowance + value);
          }
          /**
           * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
           * value, non-reverting calls are assumed to be successful.
           */
          function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
              unchecked {
                  uint256 currentAllowance = token.allowance(address(this), spender);
                  if (currentAllowance < requestedDecrease) {
                      revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
                  }
                  forceApprove(token, spender, currentAllowance - requestedDecrease);
              }
          }
          /**
           * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
           * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
           * to be set to zero before setting it to a non-zero value, such as USDT.
           */
          function forceApprove(IERC20 token, address spender, uint256 value) internal {
              bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
              if (!_callOptionalReturnBool(token, approvalCall)) {
                  _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
                  _callOptionalReturn(token, approvalCall);
              }
          }
          /**
           * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
           * on the return value: the return value is optional (but if data is returned, it must not be false).
           * @param token The token targeted by the call.
           * @param data The call data (encoded using abi.encode or one of its variants).
           */
          function _callOptionalReturn(IERC20 token, bytes memory data) private {
              // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
              // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
              // the target address contains contract code and also asserts for success in the low-level call.
              bytes memory returndata = address(token).functionCall(data);
              if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
                  revert SafeERC20FailedOperation(address(token));
              }
          }
          /**
           * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
           * on the return value: the return value is optional (but if data is returned, it must not be false).
           * @param token The token targeted by the call.
           * @param data The call data (encoded using abi.encode or one of its variants).
           *
           * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
           */
          function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
              // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
              // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
              // and not revert is the subcall reverts.
              (bool success, bytes memory returndata) = address(token).call(data);
              return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
          }
      }
      // SPDX-License-Identifier: MIT
      // OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
      pragma solidity ^0.8.20;
      /**
       * @dev Collection of functions related to the address type
       */
      library Address {
          /**
           * @dev The ETH balance of the account is not enough to perform the operation.
           */
          error AddressInsufficientBalance(address account);
          /**
           * @dev There's no code at `target` (it is not a contract).
           */
          error AddressEmptyCode(address target);
          /**
           * @dev A call to an address target failed. The target may have reverted.
           */
          error FailedInnerCall();
          /**
           * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
           * `recipient`, forwarding all available gas and reverting on errors.
           *
           * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
           * of certain opcodes, possibly making contracts go over the 2300 gas limit
           * imposed by `transfer`, making them unable to receive funds via
           * `transfer`. {sendValue} removes this limitation.
           *
           * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
           *
           * IMPORTANT: because control is transferred to `recipient`, care must be
           * taken to not create reentrancy vulnerabilities. Consider using
           * {ReentrancyGuard} or the
           * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
           */
          function sendValue(address payable recipient, uint256 amount) internal {
              if (address(this).balance < amount) {
                  revert AddressInsufficientBalance(address(this));
              }
              (bool success, ) = recipient.call{value: amount}("");
              if (!success) {
                  revert FailedInnerCall();
              }
          }
          /**
           * @dev Performs a Solidity function call using a low level `call`. A
           * plain `call` is an unsafe replacement for a function call: use this
           * function instead.
           *
           * If `target` reverts with a revert reason or custom error, it is bubbled
           * up by this function (like regular Solidity function calls). However, if
           * the call reverted with no returned reason, this function reverts with a
           * {FailedInnerCall} error.
           *
           * Returns the raw returned data. To convert to the expected return value,
           * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
           *
           * Requirements:
           *
           * - `target` must be a contract.
           * - calling `target` with `data` must not revert.
           */
          function functionCall(address target, bytes memory data) internal returns (bytes memory) {
              return functionCallWithValue(target, data, 0);
          }
          /**
           * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
           * but also transferring `value` wei to `target`.
           *
           * Requirements:
           *
           * - the calling contract must have an ETH balance of at least `value`.
           * - the called Solidity function must be `payable`.
           */
          function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
              if (address(this).balance < value) {
                  revert AddressInsufficientBalance(address(this));
              }
              (bool success, bytes memory returndata) = target.call{value: value}(data);
              return verifyCallResultFromTarget(target, success, returndata);
          }
          /**
           * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
           * but performing a static call.
           */
          function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
              (bool success, bytes memory returndata) = target.staticcall(data);
              return verifyCallResultFromTarget(target, success, returndata);
          }
          /**
           * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
           * but performing a delegate call.
           */
          function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
              (bool success, bytes memory returndata) = target.delegatecall(data);
              return verifyCallResultFromTarget(target, success, returndata);
          }
          /**
           * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
           * was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
           * unsuccessful call.
           */
          function verifyCallResultFromTarget(
              address target,
              bool success,
              bytes memory returndata
          ) internal view returns (bytes memory) {
              if (!success) {
                  _revert(returndata);
              } else {
                  // only check if target is a contract if the call was successful and the return data is empty
                  // otherwise we already know that it was a contract
                  if (returndata.length == 0 && target.code.length == 0) {
                      revert AddressEmptyCode(target);
                  }
                  return returndata;
              }
          }
          /**
           * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
           * revert reason or with a default {FailedInnerCall} error.
           */
          function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
              if (!success) {
                  _revert(returndata);
              } else {
                  return returndata;
              }
          }
          /**
           * @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
           */
          function _revert(bytes memory returndata) private pure {
              // Look for revert reason and bubble it up if present
              if (returndata.length > 0) {
                  // The easiest way to bubble the revert reason is using memory via assembly
                  /// @solidity memory-safe-assembly
                  assembly {
                      let returndata_size := mload(returndata)
                      revert(add(32, returndata), returndata_size)
                  }
              } else {
                  revert FailedInnerCall();
              }
          }
      }
      // SPDX-License-Identifier: MIT
      pragma solidity 0.8.25;
      /**
       * @title Generic errors.
       * @author DOP team.
       * @notice Errors being used in more than one contract.
       */
      interface Errors {
          /**
           * @dev Indicates a failure with the given address, for example,
           * `address(0)`.
           */
          error InvalidAddress();
          /**
           * @dev Indicates an error related to the given amount, for example, `0`.
           */
          error InvalidAmount();
          /**
           * @dev Indicates an error if the variable being assigned is identical to
           * the old variable.
           */
          error IdenticalVariableAssignment();
      }
      /**
       * @title Staking errors.
       * @author DOP team.
       * @notice Errors being used only in the Staking contract.
       */
      interface StakingErrors is Errors {
          /**
           * @dev Indicates an error related to ``staker``'s unstake request when the
           * amount of tokens staked is less than the `amount` requested to unstake.
           */
          error InvalidRequestUnstake(address staker, uint256 amount);
          /**
           * @dev Indicates an error related to staker's claim when the claim time
           * has not yet passed.
           */
          error ClaimTimeNotReached();
          /**
           * @dev Indicates an error related to staker's claim when there is no
           * amount of DOP token rewards to claim.
           */
          error NoRewardToClaim();
      }
      /**
       * @title Claiming errors.
       * @author DOP team.
       * @notice Errors being used only in the Claiming contract.
       */
      interface ClaimingErrors is Errors {
          /**
           * @dev Indicates an error when the caller, `account`, is not authorized.
           */
          error ClaimingUnauthorizedAccount(address account);
          /**
           * @dev Indicates an error related to claimer's claim request when the
           * claim request time has not yet passed.
           */
          error ClaimRequestTimeNotReached();
          /**
           * @dev Indicates an error related to claimer's claim request when the
           * amount of tokens in the request is `0`.
           */
          error InvalidClaimRequest();
          /**
           * @dev Indicates a failure with the given array's length, i.e. array's
           * length is `0`.
           */
          error ZeroLengthArray();
      }
      // SPDX-License-Identifier: MIT
      pragma solidity 0.8.25;
      /**
       * @title Claiming contract interface.
       * @author DOP team.
       * @notice Interface for the Claiming contract.
       */
      interface IClaiming {
          /* ========== FUNCTIONS ========== */
          /**
           * @notice Set a request to claim DOP tokens being unstaked from the Staking
           * contract. Only `staking` can call this function.
           * @param claimer Claimer who's DOP tokens are being held.
           * @param amount Amount of DOP tokens being unstaked.
           */
          function setRequest(address claimer, uint256 amount) external;
          /**
           * @notice Claim DOP tokens following the completion of a claim request.
           * @param index Claimer's index to claim request against.
           */
          function claimRequest(uint256 index) external;
          /**
           * @notice Claim DOP tokens following the completion of multiple claim
           * requests.
           * @param indexes List of claimer indexes to claim requests against.
           */
          function claimMultipleRequests(uint256[] calldata indexes) external;
          /**
           * @notice Gives the request pertaining to the given unique request index.
           * @param index Request index to get the key for.
           * @return amount Amount of DOP tokens requested.
           * @return claimRequestTime Time after which requested DOP tokens will be
           * claimable.
           */
          function getRequest(uint256 index) external view returns (uint256, uint256);
          /**
           * @notice Gives a unique key pertaining to the given unique request index.
           * @param index Request index to get the key for.
           * @return key Key that is present for the given request index.
           */
          function getRequestKey(uint256 index) external view returns (bytes32);
      }
      // SPDX-License-Identifier: MIT
      pragma solidity 0.8.25;
      import { IClaiming } from "./IClaiming.sol";
      /**
       * @title Staking contract interface.
       * @author DOP team.
       * @notice Interface for the Staking contract.
       */
      interface IStaking {
          /* ========== FUNCTIONS ========== */
          /**
           * @notice Stake DOP tokens to earn rewards. Resets reward claim time.
           * CANNOT be called when paused.
           * @param amount Amount of DOP tokens to stake.
           */
          function stake(uint256 amount) external;
          /**
           * @notice Submit a request to unstake your DOP tokens.
           * @dev Performs necessary checks on staker's stake and transfers unstaked
           * tokens to the Claim contract for further processing.
           */
          function requestUnstake(uint256 amount) external;
          /**
           * @notice Claim DOP token rewards. CANNOT be called when claim time is not
           * reached.
           */
          function claim() external;
          /**
           * @notice Claim and restake DOP token rewards. CAN be called when claim
           * time is not reached. Resets reward claim time. CANNOT be called when
           * paused.
           */
          function claimAndRestake() external;
          /**
           * @notice Updates the DOP token rewards wallet. Only `owner` can call this
           * function.
           * @param newRewardWallet Address of the new DOP token rewards wallet.
           */
          function updateRewardWallet(address newRewardWallet) external;
          /**
           * @notice Updates the Claiming contract. Only `owner` can call this
           * function.
           * @param newClaiming Address of the mew Claiming contract.
           */
          function updateClaiming(IClaiming newClaiming) external;
          /**
           * @notice Change the state of the contract from unpaused to paused. Only
           * `owner` can call this function.
           */
          function pause() external;
          /**
           * @notice Change the state of the contract from paused to unpaused. Only
           * `owner` can call this function.
           */
          function unpause() external;
          /**
           * @notice Gives the last reward time where reward is calculable.
           * @return lastTimeReward Time until DOP token rewards should be
           * calculated.
           */
          function lastTimeRewardApplicable() external view returns (uint256);
          /**
           * @notice Gives the accumulated reward per DOP token staked.
           * @return rewardPerTokenStored Accumulated DOP token rewards per
           * individual DOP token staked.
           */
          function rewardPerToken() external view returns (uint256);
          /**
           * @notice Gives the DOP token reward for a given staker.
           * @param staker Staker to get reward for.
           * @return rewards Rewards calculated for the given staker.
           */
          function getReward(address staker) external view returns (uint256);
      }
      // SPDX-License-Identifier: MIT
      pragma solidity 0.8.25;
      import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
      import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
      import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
      import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
      import { PausableUpgradeable } from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
      import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
      import { StakingErrors } from "./interfaces/Errors.sol";
      import { IClaiming } from "./interfaces/IClaiming.sol";
      import { IStaking } from "./interfaces/IStaking.sol";
      /**
       * @title DOP Staking contract.
       * @author DOP team.
       * @notice Allows DOP tokens to be staked and rewarded.
       */
      contract Staking is
          Initializable,
          OwnableUpgradeable,
          PausableUpgradeable,
          ReentrancyGuardUpgradeable,
          StakingErrors,
          IStaking
      {
          using SafeERC20 for IERC20;
          /* ========== STATE VARIABLES ========== */
          /// @dev One year time in seconds.
          uint256 private constant _ONE_YEAR_TIME = 365 days;
          /// @dev Ninety days time in seconds.
          uint256 private constant _NINETY_DAYS_TIME = 90 days;
          /// @dev Magnitude at which accumulation is carried out.
          uint256 private constant _ACC_MAGNITUDE = 1e18;
          /// @notice Address of the DOP token contract.
          IERC20 public immutable DOP_TOKEN;
          /// @notice Time at which reward generation will stop.
          uint256 public immutable END_TIME;
          /// @notice DOP token rewards generated per second.
          uint256 public immutable REWARD_RATE;
          /// @notice Address of the DOP token rewards wallet.
          address public rewardWallet;
          /// @notice Address of the Claiming contract.
          IClaiming public claiming;
          /// @notice Time at which the last reward was updated.
          uint256 public lastUpdateTime;
          /// @notice Accumulated DOP token rewards per staked token.
          uint256 public rewardPerTokenStored;
          /// @notice Total DOP tokens staked in the contract.
          uint256 public totalStaked;
          /// @notice Staker's rewards. Triggers on each update call.
          mapping(address staker => uint256 rewards) public rewards;
          /// @notice Staker's stake data.
          mapping(address staker => Stake staking) public stakes;
          /// @notice Accumulated rewards per token already paid to each staker.
          mapping(address staker => uint256 rewardPerTokenPaid)
              public stakerRewardPerTokenPaid;
          /* ========== STRUCTS ========== */
          struct Stake {
              uint256 amount;
              uint256 restakedAmount;
              /// @dev Time after which rewards will be claimable.
              uint256 claimTime;
          }
          /* ========== EVENTS ========== */
          /// @dev Emitted when a stake has been performed.
          event Staked(address indexed staker, uint256 amount, uint256 claimTime);
          /// @dev Emitted when an unstake request has been issued.
          event UnstakeRequested(address indexed staker, uint256 amount);
          /// @dev Emitted when rewards have been claimed.
          event Claimed(address indexed staker, uint256 reward);
          /// @dev Emitted when a restake has been performed.
          event Restaked(address indexed staker, uint256 amount, uint256 claimTime);
          /// @dev Emitted when the DOP token rewards wallet is updated.
          event RewardWalletUpdated(
              address indexed oldRewardWallet,
              address indexed newRewardWallet
          );
          /// @dev Emitted when the Claiming contract is updated.
          event ClaimingUpdated(
              address indexed oldClaiming,
              address indexed newClaiming
          );
          /* ========== MODIFIERS ========== */
          /**
           * @dev Updates staker's DOP token rewards.
           */
          modifier updateReward() {
              _updateReward();
              _;
          }
          /**
           * @dev Implements staker's DOP token rewards updation logic.
           */
          function _updateReward() private {
              rewardPerTokenStored = rewardPerToken();
              lastUpdateTime = lastTimeRewardApplicable();
              rewards[msg.sender] = getReward(msg.sender);
              stakerRewardPerTokenPaid[msg.sender] = rewardPerTokenStored;
          }
          /* ========== CONSTRUCTOR ========== */
          /**
           * @dev Constructor.
           * @param initDOPToken Address of the DOP token contract.
           * @param initRewardSupply DOP token rewards to be distributed in the given
           * time period.
           * @param initStartTime Time when reward generation will start.
           */
          constructor(
              IERC20 initDOPToken,
              uint256 initRewardSupply,
              uint256 initStartTime
          ) {
              if (address(initDOPToken) == address(0)) {
                  revert InvalidAddress();
              }
              DOP_TOKEN = initDOPToken;
              END_TIME = initStartTime + _ONE_YEAR_TIME;
              REWARD_RATE = initRewardSupply / _ONE_YEAR_TIME;
              if (initRewardSupply == 0 || initStartTime == 0 || REWARD_RATE == 0) {
                  revert InvalidAmount();
              }
          }
          /* ========== INITIALIZER ========== */
          /**
           * @notice Initializes external dependencies and state variables.
           *
           * NOTE: This function can be maliciously front run after deployment,
           * however it should still be called atomically. In the case that it is
           * incorrectly initialized, no harm will be done since the contract can
           * always be abandoned.
           *
           * @param initOwner Address to initially transfer ownership to.
           * @param initRewardWallet Address of the DOP token rewards wallet.
           * @param initStartTime Time when reward generation will start.
           */
          function initialize(
              address initOwner,
              address initRewardWallet,
              uint256 initStartTime
          ) external initializer {
              __Staking_init(initOwner, initRewardWallet, initStartTime);
          }
          /**
           * @dev Initializes the contract by calling init functions, checking
           * initialization variables and finally setting them.
           * @param initOwner Address to initially transfer ownership to.
           * @param initRewardWallet Address of the DOP token rewards wallet.
           * @param initStartTime Time when reward generation will start.
           */
          function __Staking_init(
              address initOwner,
              address initRewardWallet,
              uint256 initStartTime
          ) internal onlyInitializing {
              __Staking_init_unchained(initOwner, initRewardWallet, initStartTime);
          }
          function __Staking_init_unchained(
              address initOwner,
              address initRewardWallet,
              uint256 initStartTime
          ) internal onlyInitializing {
              __Ownable_init(initOwner);
              __Pausable_init();
              __ReentrancyGuard_init();
              if (initRewardWallet == address(0)) {
                  revert InvalidAddress();
              }
              if (initStartTime == 0) {
                  revert InvalidAmount();
              }
              rewardWallet = initRewardWallet;
              lastUpdateTime = initStartTime;
              _pause();
          }
          /* ========== FUNCTIONS ========== */
          /**
           * @inheritdoc IStaking
           */
          function stake(
              uint256 amount
          ) external nonReentrant whenNotPaused updateReward {
              if (amount == 0) {
                  revert InvalidAmount();
              }
              uint256 claimTime = _stake(msg.sender, amount, false);
              emit Staked({
                  staker: msg.sender,
                  amount: amount,
                  claimTime: claimTime
              });
          }
          /**
           * @inheritdoc IStaking
           */
          function requestUnstake(uint256 amount) external nonReentrant updateReward {
              if (amount == 0) {
                  revert InvalidAmount();
              }
              Stake memory staking = stakes[msg.sender];
              uint256 restakedAmount = staking.restakedAmount;
              uint256 unstakeableAmount = staking.amount - restakedAmount;
              if (block.timestamp >= staking.claimTime) {
                  unstakeableAmount = staking.amount;
                  if (restakedAmount > 0) {
                      restakedAmount = amount > restakedAmount
                          ? 0
                          : restakedAmount - amount;
                  }
              }
              if (amount > unstakeableAmount) {
                  revert InvalidRequestUnstake(msg.sender, amount);
              }
              totalStaked -= amount;
              staking.amount -= amount;
              staking.restakedAmount = restakedAmount;
              stakes[msg.sender] = staking;
              claiming.setRequest(msg.sender, amount);
              emit UnstakeRequested({ staker: msg.sender, amount: amount });
          }
          /**
           * @inheritdoc IStaking
           */
          function claim() external nonReentrant updateReward {
              if (block.timestamp < stakes[msg.sender].claimTime) {
                  revert ClaimTimeNotReached();
              }
              uint256 reward = _claim();
              DOP_TOKEN.safeTransferFrom(rewardWallet, msg.sender, reward);
          }
          /**
           * @inheritdoc IStaking
           */
          function claimAndRestake()
              external
              nonReentrant
              whenNotPaused
              updateReward
          {
              uint256 reward = _claim();
              uint256 claimTime = _stake(rewardWallet, reward, true);
              emit Restaked({
                  staker: msg.sender,
                  amount: reward,
                  claimTime: claimTime
              });
          }
          /**
           * @inheritdoc IStaking
           */
          function updateRewardWallet(address newRewardWallet) external onlyOwner {
              if (rewardWallet == newRewardWallet) {
                  revert IdenticalVariableAssignment();
              }
              emit RewardWalletUpdated({
                  oldRewardWallet: rewardWallet,
                  newRewardWallet: newRewardWallet
              });
              rewardWallet = newRewardWallet;
          }
          /**
           * @inheritdoc IStaking
           */
          function updateClaiming(IClaiming newClaiming) external onlyOwner {
              if (claiming == newClaiming) {
                  revert IdenticalVariableAssignment();
              }
              emit ClaimingUpdated({
                  oldClaiming: address(claiming),
                  newClaiming: address(newClaiming)
              });
              if (address(claiming) != address(0)) {
                  _provideAllowance(false);
              }
              claiming = newClaiming;
              _provideAllowance(true);
          }
          /**
           * @inheritdoc IStaking
           */
          function pause() external onlyOwner {
              _pause();
          }
          /**
           * @inheritdoc IStaking
           */
          function unpause() external onlyOwner {
              _unpause();
          }
          /**
           * @inheritdoc IStaking
           */
          function lastTimeRewardApplicable() public view returns (uint256) {
              return block.timestamp < END_TIME ? block.timestamp : END_TIME;
          }
          /**
           * @inheritdoc IStaking
           */
          function rewardPerToken() public view returns (uint256) {
              if (totalStaked == 0) {
                  return rewardPerTokenStored;
              }
              return
                  rewardPerTokenStored +
                  (((lastTimeRewardApplicable() - lastUpdateTime) *
                      REWARD_RATE *
                      _ACC_MAGNITUDE) / totalStaked);
          }
          /**
           * @inheritdoc IStaking
           */
          function getReward(address staker) public view returns (uint256) {
              return
                  rewards[staker] +
                  ((stakes[staker].amount *
                      (rewardPerToken() - stakerRewardPerTokenPaid[staker])) /
                      _ACC_MAGNITUDE);
          }
          /**
           * @dev Provides max allowance of DOP tokens in the staking contract to
           * the Claiming contract.
           * @param isAllowed State of whether the Claiming contract is allowed to
           * access this contracts DOP tokens.
           */
          function _provideAllowance(bool isAllowed) private {
              DOP_TOKEN.forceApprove(
                  address(claiming),
                  isAllowed ? type(uint256).max : 0
              );
          }
          /**
           * @dev Implements DOP token staking logic. DOES transfer staking DOP
           * tokens.
           * @param from Address to transfer DOP tokens from.
           * @param amount Amount of DOP tokens to stake.
           * @param isRestake Denotes whether the call is for a restake or a stake.
           * @return claimTime Time when rewards will be claimable.
           */
          function _stake(
              address from,
              uint256 amount,
              bool isRestake
          ) private returns (uint256) {
              totalStaked += amount;
              Stake memory staking = stakes[msg.sender];
              staking.amount += amount;
              if (isRestake) {
                  staking.restakedAmount += amount;
              }
              staking.claimTime = block.timestamp + _NINETY_DAYS_TIME;
              stakes[msg.sender] = staking;
              DOP_TOKEN.safeTransferFrom(from, address(this), amount);
              return staking.claimTime;
          }
          /**
           * @dev Implements DOP token rewards claim logic. DOES NOT transfer
           * rewarding DOP tokens.
           * @return rewards Amount of DOP token rewards that need to be processed.
           */
          function _claim() private returns (uint256) {
              uint256 reward = rewards[msg.sender];
              if (reward == 0) {
                  revert NoRewardToClaim();
              }
              delete rewards[msg.sender];
              emit Claimed({ staker: msg.sender, reward: reward });
              return reward;
          }
          /* ========== STORAGE GAP ========== */
          uint256[50] private _gap;
      }