{"status":"1","message":"","result":{"address":"0xb7376A897222Da0C4EE61702b797ddFe251f7fD0","balance":"0","nonce":"1","codeHash":"0xffd83041d01799ec40ad5dc1660722fc799afa11568b4d1cbe4faf73a437d4a7","stakingBalance":"0","collateralForStorage":"0","accumulatedInterestReturn":"0","admin":"0x0000000000000000000000000000000000000000","cfxTransferTab":0,"erc20TransferTab":0,"erc721TransferTab":0,"erc1155TransferTab":0,"nftAssetTab":0,"minedBlockTab":0,"authorizationsTab":0,"sponsor":{"sponsorForGas":"0x0000000000000000000000000000000000000000","sponsorForCollateral":"0x0000000000000000000000000000000000000000","sponsorGasBound":"0","sponsorBalanceForGas":"0","sponsorBalanceForCollateral":"0","availableStoragePoints":null,"usedStoragePoints":null},"epochNumber":33222112,"transactionHash":"0xd2a6831a4b73785b6659458de86bb71d0e22915e22b2fc35bd98cce09168714c","from":"0xD24e06f0DBadA268314DbcB97F48f87b85b6Dd30","contractFactory":"","timestamp":1778759070,"hex40id":213990,"name":null,"website":null,"abi":"[{\"type\":\"constructor\",\"inputs\":[{\"name\":\"initialOwner\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"initialAttestor\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"nonpayable\"},{\"name\":\"AttestationExpired\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"AttestorNotSet\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"ECDSAInvalidSignature\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"ECDSAInvalidSignatureLength\",\"type\":\"error\",\"inputs\":[{\"name\":\"length\",\"type\":\"uint256\",\"internalType\":\"uint256\"}]},{\"name\":\"ECDSAInvalidSignatureS\",\"type\":\"error\",\"inputs\":[{\"name\":\"s\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"}]},{\"name\":\"InvalidOracleProof\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"InvalidProofFormat\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"InvalidShortString\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"InvalidSignature\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"OwnableInvalidOwner\",\"type\":\"error\",\"inputs\":[{\"name\":\"owner\",\"type\":\"address\",\"internalType\":\"address\"}]},{\"name\":\"OwnableUnauthorizedAccount\",\"type\":\"error\",\"inputs\":[{\"name\":\"account\",\"type\":\"address\",\"internalType\":\"address\"}]},{\"name\":\"StringTooLong\",\"type\":\"error\",\"inputs\":[{\"name\":\"str\",\"type\":\"string\",\"internalType\":\"string\"}]},{\"name\":\"ZeroAddress\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"AttestorUpdated\",\"type\":\"event\",\"inputs\":[{\"name\":\"oldAttestor\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"},{\"name\":\"newAttestor\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"}],\"anonymous\":false},{\"name\":\"EIP712DomainChanged\",\"type\":\"event\",\"inputs\":[],\"anonymous\":false},{\"name\":\"OwnershipTransferStarted\",\"type\":\"event\",\"inputs\":[{\"name\":\"previousOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"},{\"name\":\"newOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"}],\"anonymous\":false},{\"name\":\"OwnershipTransferred\",\"type\":\"event\",\"inputs\":[{\"name\":\"previousOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"},{\"name\":\"newOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"}],\"anonymous\":false},{\"name\":\"TRANSFER_ATTESTATION_TYPEHASH\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"}],\"stateMutability\":\"view\"},{\"name\":\"acceptOwnership\",\"type\":\"function\",\"inputs\":[],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"attestor\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"view\"},{\"name\":\"eip712Domain\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"fields\",\"type\":\"bytes1\",\"internalType\":\"bytes1\"},{\"name\":\"name\",\"type\":\"string\",\"internalType\":\"string\"},{\"name\":\"version\",\"type\":\"string\",\"internalType\":\"string\"},{\"name\":\"chainId\",\"type\":\"uint256\",\"internalType\":\"uint256\"},{\"name\":\"verifyingContract\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"salt\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"},{\"name\":\"extensions\",\"type\":\"uint256[]\",\"internalType\":\"uint256[]\"}],\"stateMutability\":\"view\"},{\"name\":\"hashTransferAttestation\",\"type\":\"function\",\"inputs\":[{\"name\":\"tokenId\",\"type\":\"uint256\",\"internalType\":\"uint256\"},{\"name\":\"from\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"to\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"sealedKeyHash\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"},{\"name\":\"deadline\",\"type\":\"uint64\",\"internalType\":\"uint64\"}],\"outputs\":[{\"name\":\"\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"}],\"stateMutability\":\"view\"},{\"name\":\"owner\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"view\"},{\"name\":\"pendingOwner\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"view\"},{\"name\":\"renounceOwnership\",\"type\":\"function\",\"inputs\":[],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"setAttestor\",\"type\":\"function\",\"inputs\":[{\"name\":\"newAttestor\",\"type\":\"address\",\"internalType\":\"address\"}],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"transferOwnership\",\"type\":\"function\",\"inputs\":[{\"name\":\"newOwner\",\"type\":\"address\",\"internalType\":\"address\"}],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"verifyProof\",\"type\":\"function\",\"inputs\":[{\"name\":\"proof\",\"type\":\"bytes\",\"internalType\":\"bytes\"},{\"name\":\"tokenId\",\"type\":\"uint256\",\"internalType\":\"uint256\"},{\"name\":\"from\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"to\",\"type\":\"address\",\"internalType\":\"address\"}],\"outputs\":[{\"name\":\"\",\"type\":\"bool\",\"internalType\":\"bool\"}],\"stateMutability\":\"view\"}]","sourceCode":"{\"sources\":{\"src/IBrain.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\npragma solidity 0.8.30;\\n\\n// forgefmt: disable-start\\n//\\n// ██████╗ ██████╗ █████╗ ██╗███╗ ██╗██████╗ ███████╗██████╗ ██╗ █████╗\\n// ██╔══██╗██╔══██╗██╔══██╗██║████╗ ██║██╔══██╗██╔════╝██╔══██╗██║██╔══██╗\\n// ██████╔╝██████╔╝███████║██║██╔██╗ ██║██████╔╝█████╗ ██║ ██║██║███████║\\n// ██╔══██╗██╔══██╗██╔══██║██║██║╚██╗██║██╔═══╝ ██╔══╝ ██║ ██║██║██╔══██║\\n// ██████╔╝██║ ██║██║ ██║██║██║ ╚████║██║ ███████╗██████╔╝██║██║ ██║\\n// ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═╝ ╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝\\n//\\n// Specialty AI Brains as iNFTs · Agent-paid knowledge marketplace\\n//\\n// forgefmt: disable-end\\n\\n/// @title IOracle — ERC-7857 attestation oracle\\n/// @author Brainpedia Team\\n/// @notice Verifies transfer proofs (TEE attestation or ZK proof) before\\n/// the iNFT changes hands. Brainpedia ships a default oracle\\n/// (`BrainOracle.sol`) that accepts an EIP-712 signed attestation\\n/// from a trusted attestor address as the proof format. Production\\n/// deployments can swap in a real TEE node or ZK verifier without\\n/// changing Brain.sol — the only contract surface is this one method.\\n/// @dev The verifier receives the live transfer context (tokenId, from, to)\\n/// alongside the opaque proof bytes. Implementations MUST cross-check\\n/// the proof's embedded fields against the supplied context to prevent\\n/// proof replay across different transfers (audit finding #1).\\ninterface IOracle {\\n function verifyProof(bytes calldata proof, uint256 tokenId, address from, address to)\\n external\\n view\\n returns (bool);\\n}\\n\\n/// @title IBrain — ERC-7857 canonical intelligent NFT for Brainpedia\\n/// @author Brainpedia Team\\n/// @notice Each tokenId is one specialty AI Brain. Public reference data\\n/// lives at `storageRoot` on 0G Storage (anyone can fetch and verify\\n/// the snapshot). Private metadata — system prompt, royalty terms,\\n/// owner notes, anything kept out of the public snapshot — lives at\\n/// `encryptedURI`, encrypted with a per-Brain symmetric key sealed\\n/// for the current owner. Transfers require an oracle proof that\\n/// the key has been re-sealed for the new owner (`secureTransfer`).\\n/// @dev The interface intentionally omits error declarations; all errors\\n/// used by the Brain contract suite live in `src/lib/Errors.sol`.\\ninterface IBrain {\\n // ============ Types ============\\n\\n struct IntelligentData {\\n bytes32 storageRoot; // public 0G Storage Log layer merkle root\\n bytes encryptedURI; // encrypted ref to private metadata blob on\\n // 0G Storage. Empty bytes = no encrypted\\n // metadata (public-only Brain).\\n bytes32 metadataHash; // keccak256(canonical plaintext metadata) commit.\\n // Zero hash = no metadata commit.\\n uint64 createdAt; // block.timestamp at the time of append\\n string description; // free-form (\\\"snapshot v3, added 12 articles\\\")\\n }\\n\\n // ============ Events ============\\n\\n event BrainMinted(\\n uint256 indexed tokenId, address indexed owner, bytes32 storageRoot, bytes32 metadataHash\\n );\\n event StorageRootAppended(\\n uint256 indexed tokenId, bytes32 storageRoot, bytes32 metadataHash, string description\\n );\\n event UsageAuthorized(uint256 indexed tokenId, address indexed agent, uint64 expiresAt);\\n event UsageRevoked(uint256 indexed tokenId, address indexed agent);\\n event BrainPayment(\\n uint256 indexed tokenId,\\n address indexed payer,\\n address indexed brainOwner,\\n uint256 amount,\\n bytes32 queryHash\\n );\\n event OracleUpdated(address indexed oracle);\\n event KeySealed(uint256 indexed tokenId, address indexed sealedFor, bytes sealedKey);\\n event SecureTransferCompleted(uint256 indexed tokenId, address indexed from, address indexed to);\\n\\n // ============ Mint and append ============\\n\\n function mint(\\n address to,\\n bytes32 initialStorageRoot,\\n bytes calldata encryptedURI,\\n bytes32 metadataHash,\\n string calldata description,\\n bytes calldata sealedKey\\n ) external returns (uint256 tokenId);\\n\\n function appendStorageRoot(\\n uint256 tokenId,\\n bytes32 storageRoot,\\n bytes calldata encryptedURI,\\n bytes32 metadataHash,\\n string calldata description,\\n bytes calldata sealedKey\\n ) external;\\n\\n // ============ Usage authorization ============\\n\\n function authorizeUsage(uint256 tokenId, address agent, uint64 ttlSeconds) external payable;\\n function revokeAuthorization(uint256 tokenId, address agent) external;\\n function isAuthorized(uint256 tokenId, address agent) external view returns (bool);\\n\\n // ============ Canonical ERC-7857 secure transfer ============\\n\\n function setOracle(address oracle_) external;\\n function oracle() external view returns (address);\\n function secureTransfer(\\n address to,\\n uint256 tokenId,\\n bytes calldata sealedKey,\\n bytes calldata oracleProof\\n ) external;\\n\\n // ============ Views ============\\n\\n function intelligenceOf(uint256 tokenId) external view returns (IntelligentData[] memory);\\n function currentStorageRoot(uint256 tokenId) external view returns (bytes32);\\n function currentMetadataHash(uint256 tokenId) external view returns (bytes32);\\n function currentEncryptedURI(uint256 tokenId) external view returns (bytes memory);\\n}\\n\"},\"src/lib/Errors.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\npragma solidity 0.8.30;\\n\\n// forgefmt: disable-start\\n//\\n// ██████╗ ██████╗ █████╗ ██╗███╗ ██╗██████╗ ███████╗██████╗ ██╗ █████╗\\n// ██╔══██╗██╔══██╗██╔══██╗██║████╗ ██║██╔══██╗██╔════╝██╔══██╗██║██╔══██╗\\n// ██████╔╝██████╔╝███████║██║██╔██╗ ██║██████╔╝█████╗ ██║ ██║██║███████║\\n// ██╔══██╗██╔══██╗██╔══██║██║██║╚██╗██║██╔═══╝ ██╔══╝ ██║ ██║██║██╔══██║\\n// ██████╔╝██║ ██║██║ ██║██║██║ ╚████║██║ ███████╗██████╔╝██║██║ ██║\\n// ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═╝ ╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝\\n//\\n// Specialty AI Brains as iNFTs · Agent-paid knowledge marketplace\\n//\\n// forgefmt: disable-end\\n\\n/// @title Errors\\n/// @author Brainpedia Team\\n/// @notice Custom errors used across the Brainpedia contract suite.\\n/// @dev Library of error declarations. Replaces every `require(cond, \\\"string\\\")`\\n/// in Brain, BrainOracle, BrainMinter, RoyaltyDistributor, SubnameRegistrar,\\n/// and AccessTokenRegistrar. Custom errors are gas-efficient and fully\\n/// typed for off-chain decoding.\\nlibrary Errors {\\n // ----- Generic input validation -----\\n\\n /// @notice Thrown when an address parameter is the zero address.\\n error ZeroAddress();\\n\\n /// @notice Thrown when an amount parameter is zero.\\n error ZeroAmount();\\n\\n /// @notice Thrown when two arrays that must be the same length are not.\\n error LengthMismatch();\\n\\n /// @notice Thrown when a native ETH transfer fails.\\n error EthTransferFailed();\\n\\n /// @notice Thrown when ECDSA recovery does not return the configured signer.\\n error InvalidSignature();\\n\\n // ----- Brain (ERC-7857 iNFT) -----\\n\\n /// @notice Thrown when `msg.sender` is not the owner of the targeted tokenId.\\n error NotBrainOwner();\\n\\n /// @notice Thrown when authorizeUsage is called with msg.value below the\\n /// Brain's configured per-query minimum payment.\\n error InsufficientPayment();\\n\\n /// @notice Thrown when the per-query payment forward from the Brain contract\\n /// to the Brain owner fails (e.g., recipient is a contract that reverts\\n /// on receive).\\n error PaymentForwardFailed();\\n\\n /// @notice Thrown when a view function is called on a tokenId that has no\\n /// IntelligentData records yet (i.e., was never minted or was burned).\\n error NoIntelligence();\\n\\n // ----- ERC-7857 canonical transfer path -----\\n\\n /// @notice Thrown when a caller invokes `transferFrom` or `safeTransferFrom`\\n /// directly. ERC-7857 mandates the oracle-attested `secureTransfer`\\n /// path so that the per-Brain symmetric key can be re-sealed for the\\n /// new owner. Standard ERC-721 transfers would leave the recipient\\n /// with an undecryptable Brain.\\n error UseSecureTransfer();\\n\\n /// @notice Thrown when secureTransfer is called before an oracle is set.\\n error OracleNotSet();\\n\\n /// @notice Thrown when the configured oracle rejects the supplied proof.\\n error InvalidOracleProof();\\n\\n // ----- BrainOracle attestation -----\\n\\n /// @notice Thrown when verifyProof is called while the attestor is unset.\\n error AttestorNotSet();\\n\\n /// @notice Thrown when the EIP-712 TransferAttestation deadline has passed.\\n error AttestationExpired();\\n\\n /// @notice Thrown when the supplied oracle proof is malformed (e.g., too\\n /// short to ABI-decode as a TransferAttestation).\\n error InvalidProofFormat();\\n\\n // ----- BrainMinter anti-spam -----\\n\\n /// @notice Thrown when mintToSender is called with msg.value below the\\n /// currently-configured anti-spam mint fee.\\n error InsufficientFee();\\n\\n /// @notice Thrown when an internal native-token transfer fails (fee sweep,\\n /// payment forward, refund).\\n error TransferFailed();\\n\\n // ----- RoyaltyDistributor -----\\n\\n /// @notice Thrown when distribute() is called with msg.value below the\\n /// sum of per-Brain payment amounts.\\n error InsufficientValue();\\n\\n // ----- ENS subname + access-token registrars -----\\n\\n /// @notice Thrown when a registrar tries to issue a subname whose label\\n /// hash is already registered.\\n error LabelAlreadyTaken();\\n\\n /// @notice Thrown when a subname text-record write is attempted by an\\n /// account that does not own the label.\\n error NotLabelOwner();\\n\\n /// @notice Thrown when a non-issuer account calls a function gated by\\n /// the issuer allow-list on AccessTokenRegistrar.\\n error NotIssuer();\\n\\n /// @notice Thrown when an AccessTokenRegistrar operation references a\\n /// label that has never been issued.\\n error TokenNotFound();\\n\\n /// @notice Thrown when an AccessTokenRegistrar operation references a\\n /// label whose TTL has elapsed.\\n error TokenExpired();\\n}\\n\"},\"src/BrainOracle.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\npragma solidity 0.8.30;\\n\\n// forgefmt: disable-start\\n//\\n// ██████╗ ██████╗ █████╗ ██╗███╗ ██╗██████╗ ███████╗██████╗ ██╗ █████╗\\n// ██╔══██╗██╔══██╗██╔══██╗██║████╗ ██║██╔══██╗██╔════╝██╔══██╗██║██╔══██╗\\n// ██████╔╝██████╔╝███████║██║██╔██╗ ██║██████╔╝█████╗ ██║ ██║██║███████║\\n// ██╔══██╗██╔══██╗██╔══██║██║██║╚██╗██║██╔═══╝ ██╔══╝ ██║ ██║██║██╔══██║\\n// ██████╔╝██║ ██║██║ ██║██║██║ ╚████║██║ ███████╗██████╔╝██║██║ ██║\\n// ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═╝ ╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝\\n//\\n// Specialty AI Brains as iNFTs · Agent-paid knowledge marketplace\\n//\\n// forgefmt: disable-end\\n\\nimport { Ownable } from \\\"@openzeppelin/contracts/access/Ownable.sol\\\";\\nimport { Ownable2Step } from \\\"@openzeppelin/contracts/access/Ownable2Step.sol\\\";\\nimport { ECDSA } from \\\"@openzeppelin/contracts/utils/cryptography/ECDSA.sol\\\";\\nimport { EIP712 } from \\\"@openzeppelin/contracts/utils/cryptography/EIP712.sol\\\";\\n\\nimport { IOracle } from \\\"./IBrain.sol\\\";\\nimport { Errors } from \\\"./lib/Errors.sol\\\";\\n\\n/// @title BrainOracle — ERC-7857 attestor for Brainpedia\\n/// @author Brainpedia Team\\n/// @notice Default IOracle implementation. Accepts an EIP-712 signed\\n/// attestation from a trusted attestor address as the proof\\n/// format passed into Brain.secureTransfer.\\n/// @dev The attestor signs a TransferAttestation struct that commits\\n/// to (tokenId, from, to, sealedKeyHash, deadline). The signed\\n/// struct is then ABI-encoded into the `oracleProof` argument.\\n/// The oracle verifies the signature recovers to `attestor`, the\\n/// deadline has not passed, AND the decoded (tokenId, from, to)\\n/// match the live transfer context supplied by Brain.secureTransfer\\n/// (audit finding #1: prevents proof replay across transfers).\\n///\\n/// For the hackathon submission the attestor is the Brainpedia\\n/// operator address. Production upgrade swaps this for an\\n/// attestor address controlled by a 0G Compute TEE node that\\n/// signs only after verifying off-chain key re-sealing.\\ncontract BrainOracle is IOracle, Ownable2Step, EIP712 {\\n // ============ Constants ============\\n\\n /// @notice EIP-712 type hash for transfer attestations.\\n bytes32 public constant TRANSFER_ATTESTATION_TYPEHASH = keccak256(\\n \\\"TransferAttestation(uint256 tokenId,address from,address to,bytes32 sealedKeyHash,uint64 deadline)\\\"\\n );\\n\\n // ============ Storage ============\\n\\n address public attestor;\\n\\n // ============ Events ============\\n\\n event AttestorUpdated(address indexed oldAttestor, address indexed newAttestor);\\n\\n // ============ Constructor ============\\n\\n constructor(address initialOwner, address initialAttestor)\\n Ownable(initialOwner)\\n EIP712(\\\"BrainOracle\\\", \\\"1\\\")\\n {\\n if (initialAttestor == address(0)) revert Errors.ZeroAddress();\\n attestor = initialAttestor;\\n emit AttestorUpdated(address(0), initialAttestor);\\n }\\n\\n // ============ External: admin ============\\n\\n /// @notice Rotate the attestor address. Owner-only.\\n function setAttestor(address newAttestor) external onlyOwner {\\n if (newAttestor == address(0)) revert Errors.ZeroAddress();\\n emit AttestorUpdated(attestor, newAttestor);\\n attestor = newAttestor;\\n }\\n\\n // ============ External: verification ============\\n\\n /// @notice Verify an oracle proof for a transfer.\\n /// @param proof abi.encode(uint256 tokenId, address from, address to,\\n /// bytes32 sealedKeyHash, uint64 deadline,\\n /// bytes signature)\\n /// @param tokenId live transfer tokenId from Brain.secureTransfer\\n /// @param from live transfer sender (msg.sender of secureTransfer)\\n /// @param to live transfer recipient\\n /// @return true iff the proof's embedded (tokenId, from, to) match\\n /// the live context, the attestation has not expired, and\\n /// the signature recovers to the configured attestor.\\n function verifyProof(bytes calldata proof, uint256 tokenId, address from, address to)\\n external\\n view\\n override\\n returns (bool)\\n {\\n if (attestor == address(0)) revert Errors.AttestorNotSet();\\n if (proof.length < 32) revert Errors.InvalidProofFormat();\\n\\n (\\n uint256 pTokenId,\\n address pFrom,\\n address pTo,\\n bytes32 sealedKeyHash,\\n uint64 deadline,\\n bytes memory signature\\n ) = abi.decode(proof, (uint256, address, address, bytes32, uint64, bytes));\\n\\n // Bind the proof to the live transfer context.\\n if (pTokenId != tokenId) revert Errors.InvalidOracleProof();\\n if (pFrom != from) revert Errors.InvalidOracleProof();\\n if (pTo != to) revert Errors.InvalidOracleProof();\\n\\n if (block.timestamp > deadline) revert Errors.AttestationExpired();\\n\\n bytes32 structHash = keccak256(\\n abi.encode(TRANSFER_ATTESTATION_TYPEHASH, pTokenId, pFrom, pTo, sealedKeyHash, deadline)\\n );\\n bytes32 digest = _hashTypedDataV4(structHash);\\n address signer = ECDSA.recover(digest, signature);\\n if (signer != attestor) revert Errors.InvalidSignature();\\n\\n return true;\\n }\\n\\n // ============ View helpers for off-chain SDKs ============\\n\\n /// @notice Compute the EIP-712 digest an attestor must sign.\\n function hashTransferAttestation(\\n uint256 tokenId,\\n address from,\\n address to,\\n bytes32 sealedKeyHash,\\n uint64 deadline\\n ) external view returns (bytes32) {\\n return _hashTypedDataV4(\\n keccak256(\\n abi.encode(\\n TRANSFER_ATTESTATION_TYPEHASH, tokenId, from, to, sealedKeyHash, deadline\\n )\\n )\\n );\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Bytes.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/Bytes.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {Math} from \\\"./math/Math.sol\\\";\\n\\n/**\\n * @dev Bytes operations.\\n */\\nlibrary Bytes {\\n /**\\n * @dev Forward search for `s` in `buffer`\\n * * If `s` is present in the buffer, returns the index of the first instance\\n * * If `s` is not present in the buffer, returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]\\n */\\n function indexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {\\n return indexOf(buffer, s, 0);\\n }\\n\\n /**\\n * @dev Forward search for `s` in `buffer` starting at position `pos`\\n * * If `s` is present in the buffer (at or after `pos`), returns the index of the next instance\\n * * If `s` is not present in the buffer (at or after `pos`), returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]\\n */\\n function indexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {\\n uint256 length = buffer.length;\\n for (uint256 i = pos; i < length; ++i) {\\n if (bytes1(_unsafeReadBytesOffset(buffer, i)) == s) {\\n return i;\\n }\\n }\\n return type(uint256).max;\\n }\\n\\n /**\\n * @dev Backward search for `s` in `buffer`\\n * * If `s` is present in the buffer, returns the index of the last instance\\n * * If `s` is not present in the buffer, returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]\\n */\\n function lastIndexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {\\n return lastIndexOf(buffer, s, type(uint256).max);\\n }\\n\\n /**\\n * @dev Backward search for `s` in `buffer` starting at position `pos`\\n * * If `s` is present in the buffer (at or before `pos`), returns the index of the previous instance\\n * * If `s` is not present in the buffer (at or before `pos`), returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]\\n */\\n function lastIndexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {\\n unchecked {\\n uint256 length = buffer.length;\\n for (uint256 i = Math.min(Math.saturatingAdd(pos, 1), length); i > 0; --i) {\\n if (bytes1(_unsafeReadBytesOffset(buffer, i - 1)) == s) {\\n return i - 1;\\n }\\n }\\n return type(uint256).max;\\n }\\n }\\n\\n /**\\n * @dev Copies the content of `buffer`, from `start` (included) to the end of `buffer` into a new bytes object in\\n * memory.\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]\\n */\\n function slice(bytes memory buffer, uint256 start) internal pure returns (bytes memory) {\\n return slice(buffer, start, buffer.length);\\n }\\n\\n /**\\n * @dev Copies the content of `buffer`, from `start` (included) to `end` (excluded) into a new bytes object in\\n * memory. The `end` argument is truncated to the length of the `buffer`.\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]\\n */\\n function slice(bytes memory buffer, uint256 start, uint256 end) internal pure returns (bytes memory) {\\n // sanitize\\n end = Math.min(end, buffer.length);\\n start = Math.min(start, end);\\n\\n // allocate and copy\\n bytes memory result = new bytes(end - start);\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(result, 0x20), add(add(buffer, 0x20), start), sub(end, start))\\n }\\n\\n return result;\\n }\\n\\n /**\\n * @dev Moves the content of `buffer`, from `start` (included) to the end of `buffer` to the start of that buffer,\\n * and shrinks the buffer length accordingly, effectively overriding the content of buffer with buffer[start:].\\n *\\n * NOTE: This function modifies the provided buffer in place. If you need to preserve the original buffer, use {slice} instead\\n */\\n function splice(bytes memory buffer, uint256 start) internal pure returns (bytes memory) {\\n return splice(buffer, start, buffer.length);\\n }\\n\\n /**\\n * @dev Moves the content of `buffer`, from `start` (included) to `end` (excluded) to the start of that buffer,\\n * and shrinks the buffer length accordingly, effectively overriding the content of buffer with buffer[start:end].\\n * The `end` argument is truncated to the length of the `buffer`.\\n *\\n * NOTE: This function modifies the provided buffer in place. If you need to preserve the original buffer, use {slice} instead\\n */\\n function splice(bytes memory buffer, uint256 start, uint256 end) internal pure returns (bytes memory) {\\n // sanitize\\n end = Math.min(end, buffer.length);\\n start = Math.min(start, end);\\n\\n // move and resize\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(buffer, 0x20), add(add(buffer, 0x20), start), sub(end, start))\\n mstore(buffer, sub(end, start))\\n }\\n\\n return buffer;\\n }\\n\\n /**\\n * @dev Replaces bytes in `buffer` starting at `pos` with all bytes from `replacement`.\\n *\\n * Parameters are clamped to valid ranges (i.e. `pos` is clamped to `[0, buffer.length]`).\\n * If `pos >= buffer.length`, no replacement occurs and the buffer is returned unchanged.\\n *\\n * NOTE: This function modifies the provided buffer in place.\\n */\\n function replace(bytes memory buffer, uint256 pos, bytes memory replacement) internal pure returns (bytes memory) {\\n return replace(buffer, pos, replacement, 0, replacement.length);\\n }\\n\\n /**\\n * @dev Replaces bytes in `buffer` starting at `pos` with bytes from `replacement` starting at `offset`.\\n * Copies at most `length` bytes from `replacement` to `buffer`.\\n *\\n * Parameters are clamped to valid ranges (i.e. `pos` is clamped to `[0, buffer.length]`, `offset` is\\n * clamped to `[0, replacement.length]`, and `length` is clamped to `min(length, replacement.length - offset,\\n * buffer.length - pos))`. If `pos >= buffer.length` or `offset >= replacement.length`, no replacement occurs\\n * and the buffer is returned unchanged.\\n *\\n * NOTE: This function modifies the provided buffer in place.\\n */\\n function replace(\\n bytes memory buffer,\\n uint256 pos,\\n bytes memory replacement,\\n uint256 offset,\\n uint256 length\\n ) internal pure returns (bytes memory) {\\n // sanitize\\n pos = Math.min(pos, buffer.length);\\n offset = Math.min(offset, replacement.length);\\n length = Math.min(length, Math.min(replacement.length - offset, buffer.length - pos));\\n\\n // replace\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(add(buffer, 0x20), pos), add(add(replacement, 0x20), offset), length)\\n }\\n\\n return buffer;\\n }\\n\\n /**\\n * @dev Concatenate an array of bytes into a single bytes object.\\n *\\n * For fixed bytes types, we recommend using the solidity built-in `bytes.concat` or (equivalent)\\n * `abi.encodePacked`.\\n *\\n * NOTE: this could be done in assembly with a single loop that expands starting at the FMP, but that would be\\n * significantly less readable. It might be worth benchmarking the savings of the full-assembly approach.\\n */\\n function concat(bytes[] memory buffers) internal pure returns (bytes memory) {\\n uint256 length = 0;\\n for (uint256 i = 0; i < buffers.length; ++i) {\\n length += buffers[i].length;\\n }\\n\\n bytes memory result = new bytes(length);\\n\\n uint256 offset = 0x20;\\n for (uint256 i = 0; i < buffers.length; ++i) {\\n bytes memory input = buffers[i];\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(result, offset), add(input, 0x20), mload(input))\\n }\\n unchecked {\\n offset += input.length;\\n }\\n }\\n\\n return result;\\n }\\n\\n /**\\n * @dev Split each byte in `input` into two nibbles (4 bits each)\\n *\\n * Example: hex\\\"01234567\\\" → hex\\\"0001020304050607\\\"\\n */\\n function toNibbles(bytes memory input) internal pure returns (bytes memory output) {\\n assembly (\\\"memory-safe\\\") {\\n let length := mload(input)\\n output := mload(0x40)\\n mstore(0x40, add(add(output, 0x20), mul(length, 2)))\\n mstore(output, mul(length, 2))\\n for {\\n let i := 0\\n } lt(i, length) {\\n i := add(i, 0x10)\\n } {\\n let chunk := shr(128, mload(add(add(input, 0x20), i)))\\n chunk := and(\\n 0x0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff,\\n or(shl(64, chunk), chunk)\\n )\\n chunk := and(\\n 0x00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff,\\n or(shl(32, chunk), chunk)\\n )\\n chunk := and(\\n 0x0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff,\\n or(shl(16, chunk), chunk)\\n )\\n chunk := and(\\n 0x00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff,\\n or(shl(8, chunk), chunk)\\n )\\n chunk := and(\\n 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f,\\n or(shl(4, chunk), chunk)\\n )\\n mstore(add(add(output, 0x20), mul(i, 2)), chunk)\\n }\\n }\\n }\\n\\n /**\\n * @dev Returns true if the two byte buffers are equal.\\n */\\n function equal(bytes memory a, bytes memory b) internal pure returns (bool) {\\n return a.length == b.length && keccak256(a) == keccak256(b);\\n }\\n\\n /**\\n * @dev Reverses the byte order of a bytes32 value, converting between little-endian and big-endian.\\n * Inspired by https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel[Reverse Parallel]\\n */\\n function reverseBytes32(bytes32 value) internal pure returns (bytes32) {\\n value = // swap bytes\\n ((value >> 8) & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\\n ((value & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) << 8);\\n value = // swap 2-byte long pairs\\n ((value >> 16) & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\\n ((value & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) << 16);\\n value = // swap 4-byte long pairs\\n ((value >> 32) & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\\n ((value & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) << 32);\\n value = // swap 8-byte long pairs\\n ((value >> 64) & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\\n ((value & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) << 64);\\n return (value >> 128) | (value << 128); // swap 16-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 128-bit values.\\n function reverseBytes16(bytes16 value) internal pure returns (bytes16) {\\n value = // swap bytes\\n ((value & 0xFF00FF00FF00FF00FF00FF00FF00FF00) >> 8) |\\n ((value & 0x00FF00FF00FF00FF00FF00FF00FF00FF) << 8);\\n value = // swap 2-byte long pairs\\n ((value & 0xFFFF0000FFFF0000FFFF0000FFFF0000) >> 16) |\\n ((value & 0x0000FFFF0000FFFF0000FFFF0000FFFF) << 16);\\n value = // swap 4-byte long pairs\\n ((value & 0xFFFFFFFF00000000FFFFFFFF00000000) >> 32) |\\n ((value & 0x00000000FFFFFFFF00000000FFFFFFFF) << 32);\\n return (value >> 64) | (value << 64); // swap 8-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 64-bit values.\\n function reverseBytes8(bytes8 value) internal pure returns (bytes8) {\\n value = ((value & 0xFF00FF00FF00FF00) >> 8) | ((value & 0x00FF00FF00FF00FF) << 8); // swap bytes\\n value = ((value & 0xFFFF0000FFFF0000) >> 16) | ((value & 0x0000FFFF0000FFFF) << 16); // swap 2-byte long pairs\\n return (value >> 32) | (value << 32); // swap 4-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 32-bit values.\\n function reverseBytes4(bytes4 value) internal pure returns (bytes4) {\\n value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8); // swap bytes\\n return (value >> 16) | (value << 16); // swap 2-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 16-bit values.\\n function reverseBytes2(bytes2 value) internal pure returns (bytes2) {\\n return (value >> 8) | (value << 8);\\n }\\n\\n /**\\n * @dev Counts the number of leading zero bits a bytes array. Returns `8 * buffer.length`\\n * if the buffer is all zeros.\\n */\\n function clz(bytes memory buffer) internal pure returns (uint256) {\\n for (uint256 i = 0; i < buffer.length; i += 0x20) {\\n bytes32 chunk = _unsafeReadBytesOffset(buffer, i);\\n if (chunk != bytes32(0)) {\\n return Math.min(8 * i + Math.clz(uint256(chunk)), 8 * buffer.length);\\n }\\n }\\n return 8 * buffer.length;\\n }\\n\\n /**\\n * @dev Reads a bytes32 from a bytes array without bounds checking.\\n *\\n * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\\n * assembly block as such would prevent some optimizations.\\n */\\n function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {\\n // This is not memory safe in the general case, but all calls to this private function are within bounds.\\n assembly (\\\"memory-safe\\\") {\\n value := mload(add(add(buffer, 0x20), offset))\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Panic.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Helper library for emitting standardized panic codes.\\n *\\n * ```solidity\\n * contract Example {\\n * using Panic for uint256;\\n *\\n * // Use any of the declared internal constants\\n * function foo() { Panic.GENERIC.panic(); }\\n *\\n * // Alternatively\\n * function foo() { Panic.panic(Panic.GENERIC); }\\n * }\\n * ```\\n *\\n * Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].\\n *\\n * _Available since v5.1._\\n */\\n// slither-disable-next-line unused-state\\nlibrary Panic {\\n /// @dev generic / unspecified error\\n uint256 internal constant GENERIC = 0x00;\\n /// @dev used by the assert() builtin\\n uint256 internal constant ASSERT = 0x01;\\n /// @dev arithmetic underflow or overflow\\n uint256 internal constant UNDER_OVERFLOW = 0x11;\\n /// @dev division or modulo by zero\\n uint256 internal constant DIVISION_BY_ZERO = 0x12;\\n /// @dev enum conversion error\\n uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;\\n /// @dev invalid encoding in storage\\n uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;\\n /// @dev empty array pop\\n uint256 internal constant EMPTY_ARRAY_POP = 0x31;\\n /// @dev array out of bounds access\\n uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;\\n /// @dev resource error (too large allocation or too large array)\\n uint256 internal constant RESOURCE_ERROR = 0x41;\\n /// @dev calling invalid internal function\\n uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;\\n\\n /// @dev Reverts with a panic code. Recommended to use with\\n /// the internal constants with predefined codes.\\n function panic(uint256 code) internal pure {\\n assembly (\\\"memory-safe\\\") {\\n mstore(0x00, 0x4e487b71)\\n mstore(0x20, code)\\n revert(0x1c, 0x24)\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Context.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Provides information about the current execution context, including the\\n * sender of the transaction and its data. While these are generally available\\n * via msg.sender and msg.data, they should not be accessed in such a direct\\n * manner, since when dealing with meta-transactions the account sending and\\n * paying for execution may not be the actual sender (as far as an application\\n * is concerned).\\n *\\n * This contract is only required for intermediate, library-like contracts.\\n */\\nabstract contract Context {\\n function _msgSender() internal view virtual returns (address) {\\n return msg.sender;\\n }\\n\\n function _msgData() internal view virtual returns (bytes calldata) {\\n return msg.data;\\n }\\n\\n function _contextSuffixLength() internal view virtual returns (uint256) {\\n return 0;\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Strings.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/Strings.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {Math} from \\\"./math/Math.sol\\\";\\nimport {SafeCast} from \\\"./math/SafeCast.sol\\\";\\nimport {SignedMath} from \\\"./math/SignedMath.sol\\\";\\nimport {Bytes} from \\\"./Bytes.sol\\\";\\n\\n/**\\n * @dev String operations.\\n */\\nlibrary Strings {\\n using SafeCast for *;\\n\\n bytes16 private constant HEX_DIGITS = \\\"0123456789abcdef\\\";\\n uint8 private constant ADDRESS_LENGTH = 20;\\n uint256 private constant SPECIAL_CHARS_LOOKUP =\\n 0xffffffff | // first 32 bits corresponding to the control characters (U+0000 to U+001F)\\n (1 << 0x22) | // double quote\\n (1 << 0x5c); // backslash\\n\\n /**\\n * @dev The `value` string doesn't fit in the specified `length`.\\n */\\n error StringsInsufficientHexLength(uint256 value, uint256 length);\\n\\n /**\\n * @dev The string being parsed contains characters that are not in scope of the given base.\\n */\\n error StringsInvalidChar();\\n\\n /**\\n * @dev The string being parsed is not a properly formatted address.\\n */\\n error StringsInvalidAddressFormat();\\n\\n /**\\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\\n */\\n function toString(uint256 value) internal pure returns (string memory) {\\n unchecked {\\n uint256 length = Math.log10(value) + 1;\\n string memory buffer = new string(length);\\n uint256 ptr;\\n assembly (\\\"memory-safe\\\") {\\n ptr := add(add(buffer, 0x20), length)\\n }\\n while (true) {\\n ptr--;\\n assembly (\\\"memory-safe\\\") {\\n mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))\\n }\\n value /= 10;\\n if (value == 0) break;\\n }\\n return buffer;\\n }\\n }\\n\\n /**\\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\\n */\\n function toStringSigned(int256 value) internal pure returns (string memory) {\\n return string.concat(value < 0 ? \\\"-\\\" : \\\"\\\", toString(SignedMath.abs(value)));\\n }\\n\\n /**\\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\\n */\\n function toHexString(uint256 value) internal pure returns (string memory) {\\n unchecked {\\n return toHexString(value, Math.log256(value) + 1);\\n }\\n }\\n\\n /**\\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\\n */\\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\\n uint256 localValue = value;\\n bytes memory buffer = new bytes(2 * length + 2);\\n buffer[0] = \\\"0\\\";\\n buffer[1] = \\\"x\\\";\\n for (uint256 i = 2 * length + 1; i > 1; --i) {\\n buffer[i] = HEX_DIGITS[localValue & 0xf];\\n localValue >>= 4;\\n }\\n if (localValue != 0) {\\n revert StringsInsufficientHexLength(value, length);\\n }\\n return string(buffer);\\n }\\n\\n /**\\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal\\n * representation.\\n */\\n function toHexString(address addr) internal pure returns (string memory) {\\n return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);\\n }\\n\\n /**\\n * @dev Converts an `address` with fixed length of 20 bytes to its checksummed ASCII `string` hexadecimal\\n * representation, according to EIP-55.\\n */\\n function toChecksumHexString(address addr) internal pure returns (string memory) {\\n bytes memory buffer = bytes(toHexString(addr));\\n\\n // hash the hex part of buffer (skip length + 2 bytes, length 40)\\n uint256 hashValue;\\n assembly (\\\"memory-safe\\\") {\\n hashValue := shr(96, keccak256(add(buffer, 0x22), 40))\\n }\\n\\n for (uint256 i = 41; i > 1; --i) {\\n // possible values for buffer[i] are 48 (0) to 57 (9) and 97 (a) to 102 (f)\\n if (hashValue & 0xf > 7 && uint8(buffer[i]) > 96) {\\n // case shift by xoring with 0x20\\n buffer[i] ^= 0x20;\\n }\\n hashValue >>= 4;\\n }\\n return string(buffer);\\n }\\n\\n /**\\n * @dev Converts a `bytes` buffer to its ASCII `string` hexadecimal representation.\\n */\\n function toHexString(bytes memory input) internal pure returns (string memory) {\\n unchecked {\\n bytes memory buffer = new bytes(2 * input.length + 2);\\n buffer[0] = \\\"0\\\";\\n buffer[1] = \\\"x\\\";\\n for (uint256 i = 0; i < input.length; ++i) {\\n uint8 v = uint8(input[i]);\\n buffer[2 * i + 2] = HEX_DIGITS[v >> 4];\\n buffer[2 * i + 3] = HEX_DIGITS[v & 0xf];\\n }\\n return string(buffer);\\n }\\n }\\n\\n /**\\n * @dev Returns true if the two strings are equal.\\n */\\n function equal(string memory a, string memory b) internal pure returns (bool) {\\n return Bytes.equal(bytes(a), bytes(b));\\n }\\n\\n /**\\n * @dev Parse a decimal string and returns the value as a `uint256`.\\n *\\n * Requirements:\\n * - The string must be formatted as `[0-9]*`\\n * - The result must fit into an `uint256` type\\n */\\n function parseUint(string memory input) internal pure returns (uint256) {\\n return parseUint(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseUint-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `[0-9]*`\\n * - The result must fit into an `uint256` type\\n */\\n function parseUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {\\n (bool success, uint256 value) = tryParseUint(input, begin, end);\\n if (!success) revert StringsInvalidChar();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseUint-string} that returns false if the parsing fails because of an invalid character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseUint(string memory input) internal pure returns (bool success, uint256 value) {\\n return _tryParseUintUncheckedBounds(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseUint-string-uint256-uint256} that returns false if the parsing fails because of an invalid\\n * character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseUint(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, uint256 value) {\\n if (end > bytes(input).length || begin > end) return (false, 0);\\n return _tryParseUintUncheckedBounds(input, begin, end);\\n }\\n\\n /**\\n * @dev Implementation of {tryParseUint-string-uint256-uint256} that does not check bounds. Caller should make sure that\\n * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\\n */\\n function _tryParseUintUncheckedBounds(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) private pure returns (bool success, uint256 value) {\\n bytes memory buffer = bytes(input);\\n\\n uint256 result = 0;\\n for (uint256 i = begin; i < end; ++i) {\\n uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));\\n if (chr > 9) return (false, 0);\\n result *= 10;\\n result += chr;\\n }\\n return (true, result);\\n }\\n\\n /**\\n * @dev Parse a decimal string and returns the value as a `int256`.\\n *\\n * Requirements:\\n * - The string must be formatted as `[-+]?[0-9]*`\\n * - The result must fit in an `int256` type.\\n */\\n function parseInt(string memory input) internal pure returns (int256) {\\n return parseInt(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseInt-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `[-+]?[0-9]*`\\n * - The result must fit in an `int256` type.\\n */\\n function parseInt(string memory input, uint256 begin, uint256 end) internal pure returns (int256) {\\n (bool success, int256 value) = tryParseInt(input, begin, end);\\n if (!success) revert StringsInvalidChar();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseInt-string} that returns false if the parsing fails because of an invalid character or if\\n * the result does not fit in a `int256`.\\n *\\n * NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.\\n */\\n function tryParseInt(string memory input) internal pure returns (bool success, int256 value) {\\n return _tryParseIntUncheckedBounds(input, 0, bytes(input).length);\\n }\\n\\n uint256 private constant ABS_MIN_INT256 = 2 ** 255;\\n\\n /**\\n * @dev Variant of {parseInt-string-uint256-uint256} that returns false if the parsing fails because of an invalid\\n * character or if the result does not fit in a `int256`.\\n *\\n * NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.\\n */\\n function tryParseInt(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, int256 value) {\\n if (end > bytes(input).length || begin > end) return (false, 0);\\n return _tryParseIntUncheckedBounds(input, begin, end);\\n }\\n\\n /**\\n * @dev Implementation of {tryParseInt-string-uint256-uint256} that does not check bounds. Caller should make sure that\\n * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\\n */\\n function _tryParseIntUncheckedBounds(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) private pure returns (bool success, int256 value) {\\n bytes memory buffer = bytes(input);\\n\\n // Check presence of a negative sign.\\n bytes1 sign = begin == end ? bytes1(0) : bytes1(_unsafeReadBytesOffset(buffer, begin)); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\\n bool positiveSign = sign == bytes1(\\\"+\\\");\\n bool negativeSign = sign == bytes1(\\\"-\\\");\\n uint256 offset = (positiveSign || negativeSign).toUint();\\n\\n (bool absSuccess, uint256 absValue) = tryParseUint(input, begin + offset, end);\\n\\n if (absSuccess && absValue < ABS_MIN_INT256) {\\n return (true, negativeSign ? -int256(absValue) : int256(absValue));\\n } else if (absSuccess && negativeSign && absValue == ABS_MIN_INT256) {\\n return (true, type(int256).min);\\n } else return (false, 0);\\n }\\n\\n /**\\n * @dev Parse a hexadecimal string (with or without \\\"0x\\\" prefix), and returns the value as a `uint256`.\\n *\\n * Requirements:\\n * - The string must be formatted as `(0x)?[0-9a-fA-F]*`\\n * - The result must fit in an `uint256` type.\\n */\\n function parseHexUint(string memory input) internal pure returns (uint256) {\\n return parseHexUint(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseHexUint-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `(0x)?[0-9a-fA-F]*`\\n * - The result must fit in an `uint256` type.\\n */\\n function parseHexUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {\\n (bool success, uint256 value) = tryParseHexUint(input, begin, end);\\n if (!success) revert StringsInvalidChar();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseHexUint-string} that returns false if the parsing fails because of an invalid character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseHexUint(string memory input) internal pure returns (bool success, uint256 value) {\\n return _tryParseHexUintUncheckedBounds(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseHexUint-string-uint256-uint256} that returns false if the parsing fails because of an\\n * invalid character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseHexUint(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, uint256 value) {\\n if (end > bytes(input).length || begin > end) return (false, 0);\\n return _tryParseHexUintUncheckedBounds(input, begin, end);\\n }\\n\\n /**\\n * @dev Implementation of {tryParseHexUint-string-uint256-uint256} that does not check bounds. Caller should make sure that\\n * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\\n */\\n function _tryParseHexUintUncheckedBounds(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) private pure returns (bool success, uint256 value) {\\n bytes memory buffer = bytes(input);\\n\\n // skip 0x prefix if present\\n bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(buffer, begin)) == bytes2(\\\"0x\\\"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\\n uint256 offset = hasPrefix.toUint() * 2;\\n\\n uint256 result = 0;\\n for (uint256 i = begin + offset; i < end; ++i) {\\n uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));\\n if (chr > 15) return (false, 0);\\n result *= 16;\\n unchecked {\\n // Multiplying by 16 is equivalent to a shift of 4 bits (with additional overflow check).\\n // This guarantees that adding a value < 16 will not cause an overflow, hence the unchecked.\\n result += chr;\\n }\\n }\\n return (true, result);\\n }\\n\\n /**\\n * @dev Parse a hexadecimal string (with or without \\\"0x\\\" prefix), and returns the value as an `address`.\\n *\\n * Requirements:\\n * - The string must be formatted as `(0x)?[0-9a-fA-F]{40}`\\n */\\n function parseAddress(string memory input) internal pure returns (address) {\\n return parseAddress(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseAddress-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `(0x)?[0-9a-fA-F]{40}`\\n */\\n function parseAddress(string memory input, uint256 begin, uint256 end) internal pure returns (address) {\\n (bool success, address value) = tryParseAddress(input, begin, end);\\n if (!success) revert StringsInvalidAddressFormat();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseAddress-string} that returns false if the parsing fails because the input is not a properly\\n * formatted address. See {parseAddress-string} requirements.\\n */\\n function tryParseAddress(string memory input) internal pure returns (bool success, address value) {\\n return tryParseAddress(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseAddress-string-uint256-uint256} that returns false if the parsing fails because input is not a properly\\n * formatted address. See {parseAddress-string-uint256-uint256} requirements.\\n */\\n function tryParseAddress(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, address value) {\\n if (end > bytes(input).length || begin > end) return (false, address(0));\\n\\n bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(bytes(input), begin)) == bytes2(\\\"0x\\\"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\\n uint256 expectedLength = 40 + hasPrefix.toUint() * 2;\\n\\n // check that input is the correct length\\n if (end - begin == expectedLength) {\\n // length guarantees that this does not overflow, and value is at most type(uint160).max\\n (bool s, uint256 v) = _tryParseHexUintUncheckedBounds(input, begin, end);\\n return (s, address(uint160(v)));\\n } else {\\n return (false, address(0));\\n }\\n }\\n\\n function _tryParseChr(bytes1 chr) private pure returns (uint8) {\\n uint8 value = uint8(chr);\\n\\n // Try to parse `chr`:\\n // - Case 1: [0-9]\\n // - Case 2: [a-f]\\n // - Case 3: [A-F]\\n // - otherwise not supported\\n unchecked {\\n if (value > 47 && value < 58) value -= 48;\\n else if (value > 96 && value < 103) value -= 87;\\n else if (value > 64 && value < 71) value -= 55;\\n else return type(uint8).max;\\n }\\n\\n return value;\\n }\\n\\n /**\\n * @dev Escape special characters in JSON strings. This can be useful to prevent JSON injection in NFT metadata.\\n *\\n * WARNING: This function should only be used in double quoted JSON strings. Single quotes are not escaped.\\n *\\n * NOTE: This function escapes backslashes (including those in \\\\uXXXX sequences) and the characters in ranges\\n * defined in section 2.5 of RFC-4627 (U+0000 to U+001F, U+0022 and U+005C). All control characters in U+0000\\n * to U+001F are escaped (\\\\b, \\\\t, \\\\n, \\\\f, \\\\r use short form; others use \\\\u00XX). ECMAScript's `JSON.parse` does\\n * recover escaped unicode characters that are not in this range, but other tooling may provide different results.\\n */\\n function escapeJSON(string memory input) internal pure returns (string memory) {\\n bytes memory buffer = bytes(input);\\n\\n // Put output at the FMP. Memory will be reserved later when we figure out the actual length of the escaped\\n // string. All write are done using _unsafeWriteBytesOffset, which avoid the (expensive) length checks for\\n // each character written.\\n bytes memory output;\\n assembly (\\\"memory-safe\\\") {\\n output := mload(0x40)\\n }\\n uint256 outputLength = 0;\\n\\n for (uint256 i = 0; i < buffer.length; ++i) {\\n uint8 char = uint8(bytes1(_unsafeReadBytesOffset(buffer, i)));\\n if (((SPECIAL_CHARS_LOOKUP & (1 << char)) != 0)) {\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"\\\\\\\\\\\");\\n if (char == 0x08) _unsafeWriteBytesOffset(output, outputLength++, \\\"b\\\");\\n else if (char == 0x09) _unsafeWriteBytesOffset(output, outputLength++, \\\"t\\\");\\n else if (char == 0x0a) _unsafeWriteBytesOffset(output, outputLength++, \\\"n\\\");\\n else if (char == 0x0c) _unsafeWriteBytesOffset(output, outputLength++, \\\"f\\\");\\n else if (char == 0x0d) _unsafeWriteBytesOffset(output, outputLength++, \\\"r\\\");\\n else if (char == 0x5c) _unsafeWriteBytesOffset(output, outputLength++, \\\"\\\\\\\\\\\");\\n else if (char == 0x22) {\\n // solhint-disable-next-line quotes\\n _unsafeWriteBytesOffset(output, outputLength++, '\\\"');\\n } else {\\n // U+0000 to U+001F without short form: output \\\\u00XX\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"u\\\");\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"0\\\");\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"0\\\");\\n _unsafeWriteBytesOffset(output, outputLength++, HEX_DIGITS[char >> 4]);\\n _unsafeWriteBytesOffset(output, outputLength++, HEX_DIGITS[char & 0x0f]);\\n }\\n } else {\\n _unsafeWriteBytesOffset(output, outputLength++, bytes1(char));\\n }\\n }\\n // write the actual length and reserve memory\\n assembly (\\\"memory-safe\\\") {\\n mstore(output, outputLength)\\n mstore(0x40, add(output, add(outputLength, 0x20)))\\n }\\n\\n return string(output);\\n }\\n\\n /**\\n * @dev Reads a bytes32 from a bytes array without bounds checking.\\n *\\n * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\\n * assembly block as such would prevent some optimizations.\\n */\\n function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {\\n // This is not memory safe in the general case, but all calls to this private function are within bounds.\\n assembly (\\\"memory-safe\\\") {\\n value := mload(add(add(buffer, 0x20), offset))\\n }\\n }\\n\\n /**\\n * @dev Write a bytes1 to a bytes array without bounds checking.\\n *\\n * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\\n * assembly block as such would prevent some optimizations.\\n */\\n function _unsafeWriteBytesOffset(bytes memory buffer, uint256 offset, bytes1 value) private pure {\\n // This is not memory safe in the general case, but all calls to this private function are within bounds.\\n assembly (\\\"memory-safe\\\") {\\n mstore8(add(add(buffer, 0x20), offset), shr(248, value))\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/access/Ownable.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {Context} from \\\"../utils/Context.sol\\\";\\n\\n/**\\n * @dev Contract module which provides a basic access control mechanism, where\\n * there is an account (an owner) that can be granted exclusive access to\\n * specific functions.\\n *\\n * The initial owner is set to the address provided by the deployer. This can\\n * later be changed with {transferOwnership}.\\n *\\n * This module is used through inheritance. It will make available the modifier\\n * `onlyOwner`, which can be applied to your functions to restrict their use to\\n * the owner.\\n */\\nabstract contract Ownable is Context {\\n address private _owner;\\n\\n /**\\n * @dev The caller account is not authorized to perform an operation.\\n */\\n error OwnableUnauthorizedAccount(address account);\\n\\n /**\\n * @dev The owner is not a valid owner account. (eg. `address(0)`)\\n */\\n error OwnableInvalidOwner(address owner);\\n\\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\\n\\n /**\\n * @dev Initializes the contract setting the address provided by the deployer as the initial owner.\\n */\\n constructor(address initialOwner) {\\n if (initialOwner == address(0)) {\\n revert OwnableInvalidOwner(address(0));\\n }\\n _transferOwnership(initialOwner);\\n }\\n\\n /**\\n * @dev Throws if called by any account other than the owner.\\n */\\n modifier onlyOwner() {\\n _checkOwner();\\n _;\\n }\\n\\n /**\\n * @dev Returns the address of the current owner.\\n */\\n function owner() public view virtual returns (address) {\\n return _owner;\\n }\\n\\n /**\\n * @dev Throws if the sender is not the owner.\\n */\\n function _checkOwner() internal view virtual {\\n if (owner() != _msgSender()) {\\n revert OwnableUnauthorizedAccount(_msgSender());\\n }\\n }\\n\\n /**\\n * @dev Leaves the contract without owner. It will not be possible to call\\n * `onlyOwner` functions. Can only be called by the current owner.\\n *\\n * NOTE: Renouncing ownership will leave the contract without an owner,\\n * thereby disabling any functionality that is only available to the owner.\\n */\\n function renounceOwnership() public virtual onlyOwner {\\n _transferOwnership(address(0));\\n }\\n\\n /**\\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\\n * Can only be called by the current owner.\\n */\\n function transferOwnership(address newOwner) public virtual onlyOwner {\\n if (newOwner == address(0)) {\\n revert OwnableInvalidOwner(address(0));\\n }\\n _transferOwnership(newOwner);\\n }\\n\\n /**\\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\\n * Internal function without access restriction.\\n */\\n function _transferOwnership(address newOwner) internal virtual {\\n address oldOwner = _owner;\\n _owner = newOwner;\\n emit OwnershipTransferred(oldOwner, newOwner);\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/math/Math.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/math/Math.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {Panic} from \\\"../Panic.sol\\\";\\nimport {SafeCast} from \\\"./SafeCast.sol\\\";\\n\\n/**\\n * @dev Standard math utilities missing in the Solidity language.\\n */\\nlibrary Math {\\n enum Rounding {\\n Floor, // Toward negative infinity\\n Ceil, // Toward positive infinity\\n Trunc, // Toward zero\\n Expand // Away from zero\\n }\\n\\n /**\\n * @dev Return the 512-bit addition of two uint256.\\n *\\n * The result is stored in two 256 variables such that sum = high * 2²⁵⁶ + low.\\n */\\n function add512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {\\n assembly (\\\"memory-safe\\\") {\\n low := add(a, b)\\n high := lt(low, a)\\n }\\n }\\n\\n /**\\n * @dev Return the 512-bit multiplication of two uint256.\\n *\\n * The result is stored in two 256 variables such that product = high * 2²⁵⁶ + low.\\n */\\n function mul512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {\\n // 512-bit multiply [high low] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use\\n // the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\\n // variables such that product = high * 2²⁵⁶ + low.\\n assembly (\\\"memory-safe\\\") {\\n let mm := mulmod(a, b, not(0))\\n low := mul(a, b)\\n high := sub(sub(mm, low), lt(mm, low))\\n }\\n }\\n\\n /**\\n * @dev Returns the addition of two unsigned integers, with a success flag (no overflow).\\n */\\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n uint256 c = a + b;\\n success = c >= a;\\n result = c * SafeCast.toUint(success);\\n }\\n }\\n\\n /**\\n * @dev Returns the subtraction of two unsigned integers, with a success flag (no overflow).\\n */\\n function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n uint256 c = a - b;\\n success = c <= a;\\n result = c * SafeCast.toUint(success);\\n }\\n }\\n\\n /**\\n * @dev Returns the multiplication of two unsigned integers, with a success flag (no overflow).\\n */\\n function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n uint256 c = a * b;\\n assembly (\\\"memory-safe\\\") {\\n // Only true when the multiplication doesn't overflow\\n // (c / a == b) || (a == 0)\\n success := or(eq(div(c, a), b), iszero(a))\\n }\\n // equivalent to: success ? c : 0\\n result = c * SafeCast.toUint(success);\\n }\\n }\\n\\n /**\\n * @dev Returns the division of two unsigned integers, with a success flag (no division by zero).\\n */\\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n success = b > 0;\\n assembly (\\\"memory-safe\\\") {\\n // The `DIV` opcode returns zero when the denominator is 0.\\n result := div(a, b)\\n }\\n }\\n }\\n\\n /**\\n * @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).\\n */\\n function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n success = b > 0;\\n assembly (\\\"memory-safe\\\") {\\n // The `MOD` opcode returns zero when the denominator is 0.\\n result := mod(a, b)\\n }\\n }\\n }\\n\\n /**\\n * @dev Unsigned saturating addition, bounds to `2²⁵⁶ - 1` instead of overflowing.\\n */\\n function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {\\n (bool success, uint256 result) = tryAdd(a, b);\\n return ternary(success, result, type(uint256).max);\\n }\\n\\n /**\\n * @dev Unsigned saturating subtraction, bounds to zero instead of overflowing.\\n */\\n function saturatingSub(uint256 a, uint256 b) internal pure returns (uint256) {\\n (, uint256 result) = trySub(a, b);\\n return result;\\n }\\n\\n /**\\n * @dev Unsigned saturating multiplication, bounds to `2²⁵⁶ - 1` instead of overflowing.\\n */\\n function saturatingMul(uint256 a, uint256 b) internal pure returns (uint256) {\\n (bool success, uint256 result) = tryMul(a, b);\\n return ternary(success, result, type(uint256).max);\\n }\\n\\n /**\\n * @dev Branchless ternary evaluation for `condition ? a : b`. Gas costs are constant.\\n *\\n * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.\\n * However, the compiler may optimize Solidity ternary operations (i.e. `condition ? a : b`) to only compute\\n * one branch when needed, making this function more expensive.\\n */\\n function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {\\n unchecked {\\n // branchless ternary works because:\\n // b ^ (a ^ b) == a\\n // b ^ 0 == b\\n return b ^ ((a ^ b) * SafeCast.toUint(condition));\\n }\\n }\\n\\n /**\\n * @dev Returns the largest of two numbers.\\n */\\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\\n return ternary(a > b, a, b);\\n }\\n\\n /**\\n * @dev Returns the smallest of two numbers.\\n */\\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\\n return ternary(a < b, a, b);\\n }\\n\\n /**\\n * @dev Returns the average of two numbers. The result is rounded towards\\n * zero.\\n */\\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\\n unchecked {\\n // (a + b) / 2 can overflow.\\n return (a & b) + (a ^ b) / 2;\\n }\\n }\\n\\n /**\\n * @dev Returns the ceiling of the division of two numbers.\\n *\\n * This differs from standard division with `/` in that it rounds towards infinity instead\\n * of rounding towards zero.\\n */\\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\\n if (b == 0) {\\n // Guarantee the same behavior as in a regular Solidity division.\\n Panic.panic(Panic.DIVISION_BY_ZERO);\\n }\\n\\n // The following calculation ensures accurate ceiling division without overflow.\\n // Since a is non-zero, (a - 1) / b will not overflow.\\n // The largest possible result occurs when (a - 1) / b is type(uint256).max,\\n // but the largest value we can obtain is type(uint256).max - 1, which happens\\n // when a = type(uint256).max and b = 1.\\n unchecked {\\n return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);\\n }\\n }\\n\\n /**\\n * @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or\\n * denominator == 0.\\n *\\n * Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by\\n * Uniswap Labs also under MIT license.\\n */\\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\\n unchecked {\\n (uint256 high, uint256 low) = mul512(x, y);\\n\\n // Handle non-overflow cases, 256 by 256 division.\\n if (high == 0) {\\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\\n // The surrounding unchecked block does not change this fact.\\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\\n return low / denominator;\\n }\\n\\n // Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.\\n if (denominator <= high) {\\n Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));\\n }\\n\\n ///////////////////////////////////////////////\\n // 512 by 256 division.\\n ///////////////////////////////////////////////\\n\\n // Make division exact by subtracting the remainder from [high low].\\n uint256 remainder;\\n assembly (\\\"memory-safe\\\") {\\n // Compute remainder using mulmod.\\n remainder := mulmod(x, y, denominator)\\n\\n // Subtract 256 bit number from 512 bit number.\\n high := sub(high, gt(remainder, low))\\n low := sub(low, remainder)\\n }\\n\\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator.\\n // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.\\n\\n uint256 twos = denominator & (0 - denominator);\\n assembly (\\\"memory-safe\\\") {\\n // Divide denominator by twos.\\n denominator := div(denominator, twos)\\n\\n // Divide [high low] by twos.\\n low := div(low, twos)\\n\\n // Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.\\n twos := add(div(sub(0, twos), twos), 1)\\n }\\n\\n // Shift in bits from high into low.\\n low |= high * twos;\\n\\n // Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such\\n // that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for\\n // four bits. That is, denominator * inv ≡ 1 mod 2⁴.\\n uint256 inverse = (3 * denominator) ^ 2;\\n\\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also\\n // works in modular arithmetic, doubling the correct bits in each step.\\n inverse *= 2 - denominator * inverse; // inverse mod 2⁸\\n inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶\\n inverse *= 2 - denominator * inverse; // inverse mod 2³²\\n inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴\\n inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸\\n inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶\\n\\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\\n // This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is\\n // less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and high\\n // is no longer required.\\n result = low * inverse;\\n return result;\\n }\\n }\\n\\n /**\\n * @dev Calculates x * y / denominator with full precision, following the selected rounding direction.\\n */\\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\\n return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);\\n }\\n\\n /**\\n * @dev Calculates floor(x * y >> n) with full precision. Throws if result overflows a uint256.\\n */\\n function mulShr(uint256 x, uint256 y, uint8 n) internal pure returns (uint256 result) {\\n unchecked {\\n (uint256 high, uint256 low) = mul512(x, y);\\n if (high >= 1 << n) {\\n Panic.panic(Panic.UNDER_OVERFLOW);\\n }\\n return (high << (256 - n)) | (low >> n);\\n }\\n }\\n\\n /**\\n * @dev Calculates x * y >> n with full precision, following the selected rounding direction.\\n */\\n function mulShr(uint256 x, uint256 y, uint8 n, Rounding rounding) internal pure returns (uint256) {\\n return mulShr(x, y, n) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, 1 << n) > 0);\\n }\\n\\n /**\\n * @dev Calculate the modular multiplicative inverse of a number in Z/nZ.\\n *\\n * If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.\\n * If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.\\n *\\n * If the input value is not inversible, 0 is returned.\\n *\\n * NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the\\n * inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.\\n */\\n function invMod(uint256 a, uint256 n) internal pure returns (uint256) {\\n unchecked {\\n if (n == 0) return 0;\\n\\n // The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)\\n // Used to compute integers x and y such that: ax + ny = gcd(a, n).\\n // When the gcd is 1, then the inverse of a modulo n exists and it's x.\\n // ax + ny = 1\\n // ax = 1 + (-y)n\\n // ax ≡ 1 (mod n) # x is the inverse of a modulo n\\n\\n // If the remainder is 0 the gcd is n right away.\\n uint256 remainder = a % n;\\n uint256 gcd = n;\\n\\n // Therefore the initial coefficients are:\\n // ax + ny = gcd(a, n) = n\\n // 0a + 1n = n\\n int256 x = 0;\\n int256 y = 1;\\n\\n while (remainder != 0) {\\n uint256 quotient = gcd / remainder;\\n\\n (gcd, remainder) = (\\n // The old remainder is the next gcd to try.\\n remainder,\\n // Compute the next remainder.\\n // Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd\\n // where gcd is at most n (capped to type(uint256).max)\\n gcd - remainder * quotient\\n );\\n\\n (x, y) = (\\n // Increment the coefficient of a.\\n y,\\n // Decrement the coefficient of n.\\n // Can overflow, but the result is casted to uint256 so that the\\n // next value of y is \\\"wrapped around\\\" to a value between 0 and n - 1.\\n x - y * int256(quotient)\\n );\\n }\\n\\n if (gcd != 1) return 0; // No inverse exists.\\n return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.\\n }\\n }\\n\\n /**\\n * @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.\\n *\\n * From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is\\n * prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that\\n * `a**(p-2)` is the modular multiplicative inverse of a in Fp.\\n *\\n * NOTE: this function does NOT check that `p` is a prime greater than `2`.\\n */\\n function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {\\n unchecked {\\n return Math.modExp(a, p - 2, p);\\n }\\n }\\n\\n /**\\n * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)\\n *\\n * Requirements:\\n * - modulus can't be zero\\n * - underlying staticcall to precompile must succeed\\n *\\n * IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make\\n * sure the chain you're using it on supports the precompiled contract for modular exponentiation\\n * at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,\\n * the underlying function will succeed given the lack of a revert, but the result may be incorrectly\\n * interpreted as 0.\\n */\\n function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {\\n (bool success, uint256 result) = tryModExp(b, e, m);\\n if (!success) {\\n Panic.panic(Panic.DIVISION_BY_ZERO);\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).\\n * It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying\\n * to operate modulo 0 or if the underlying precompile reverted.\\n *\\n * IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain\\n * you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in\\n * https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack\\n * of a revert, but the result may be incorrectly interpreted as 0.\\n */\\n function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {\\n if (m == 0) return (false, 0);\\n assembly (\\\"memory-safe\\\") {\\n let ptr := mload(0x40)\\n // | Offset | Content | Content (Hex) |\\n // |-----------|------------|--------------------------------------------------------------------|\\n // | 0x00:0x1f | size of b | 0x0000000000000000000000000000000000000000000000000000000000000020 |\\n // | 0x20:0x3f | size of e | 0x0000000000000000000000000000000000000000000000000000000000000020 |\\n // | 0x40:0x5f | size of m | 0x0000000000000000000000000000000000000000000000000000000000000020 |\\n // | 0x60:0x7f | value of b | 0x<.............................................................b> |\\n // | 0x80:0x9f | value of e | 0x<.............................................................e> |\\n // | 0xa0:0xbf | value of m | 0x<.............................................................m> |\\n mstore(ptr, 0x20)\\n mstore(add(ptr, 0x20), 0x20)\\n mstore(add(ptr, 0x40), 0x20)\\n mstore(add(ptr, 0x60), b)\\n mstore(add(ptr, 0x80), e)\\n mstore(add(ptr, 0xa0), m)\\n\\n // Given the result < m, it's guaranteed to fit in 32 bytes,\\n // so we can use the memory scratch space located at offset 0.\\n success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)\\n result := mload(0x00)\\n }\\n }\\n\\n /**\\n * @dev Variant of {modExp} that supports inputs of arbitrary length.\\n */\\n function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {\\n (bool success, bytes memory result) = tryModExp(b, e, m);\\n if (!success) {\\n Panic.panic(Panic.DIVISION_BY_ZERO);\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Variant of {tryModExp} that supports inputs of arbitrary length.\\n */\\n function tryModExp(\\n bytes memory b,\\n bytes memory e,\\n bytes memory m\\n ) internal view returns (bool success, bytes memory result) {\\n if (_zeroBytes(m)) return (false, new bytes(0));\\n\\n uint256 mLen = m.length;\\n\\n // Encode call args in result and move the free memory pointer\\n result = abi.encodePacked(b.length, e.length, mLen, b, e, m);\\n\\n assembly (\\\"memory-safe\\\") {\\n let dataPtr := add(result, 0x20)\\n // Write result on top of args to avoid allocating extra memory.\\n success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)\\n // Overwrite the length.\\n // result.length > returndatasize() is guaranteed because returndatasize() == m.length\\n mstore(result, mLen)\\n // Set the memory pointer after the returned data.\\n mstore(0x40, add(dataPtr, mLen))\\n }\\n }\\n\\n /**\\n * @dev Returns whether the provided byte array is zero.\\n */\\n function _zeroBytes(bytes memory buffer) private pure returns (bool) {\\n uint256 chunk;\\n for (uint256 i = 0; i < buffer.length; i += 0x20) {\\n // See _unsafeReadBytesOffset from utils/Bytes.sol\\n assembly (\\\"memory-safe\\\") {\\n chunk := mload(add(add(buffer, 0x20), i))\\n }\\n if (chunk >> (8 * saturatingSub(i + 0x20, buffer.length)) != 0) {\\n return false;\\n }\\n }\\n return true;\\n }\\n\\n /**\\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded\\n * towards zero.\\n *\\n * This method is based on Newton's method for computing square roots; the algorithm is restricted to only\\n * using integer operations.\\n */\\n function sqrt(uint256 a) internal pure returns (uint256) {\\n unchecked {\\n // Take care of easy edge cases when a == 0 or a == 1\\n if (a <= 1) {\\n return a;\\n }\\n\\n // In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a\\n // sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between\\n // the current value as `ε_n = | x_n - sqrt(a) |`.\\n //\\n // For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root\\n // of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is\\n // bigger than any uint256.\\n //\\n // By noticing that\\n // `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`\\n // we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar\\n // to the msb function.\\n uint256 aa = a;\\n uint256 xn = 1;\\n\\n if (aa >= (1 << 128)) {\\n aa >>= 128;\\n xn <<= 64;\\n }\\n if (aa >= (1 << 64)) {\\n aa >>= 64;\\n xn <<= 32;\\n }\\n if (aa >= (1 << 32)) {\\n aa >>= 32;\\n xn <<= 16;\\n }\\n if (aa >= (1 << 16)) {\\n aa >>= 16;\\n xn <<= 8;\\n }\\n if (aa >= (1 << 8)) {\\n aa >>= 8;\\n xn <<= 4;\\n }\\n if (aa >= (1 << 4)) {\\n aa >>= 4;\\n xn <<= 2;\\n }\\n if (aa >= (1 << 2)) {\\n xn <<= 1;\\n }\\n\\n // We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).\\n //\\n // We can refine our estimation by noticing that the middle of that interval minimizes the error.\\n // If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).\\n // This is going to be our x_0 (and ε_0)\\n xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)\\n\\n // From here, Newton's method give us:\\n // x_{n+1} = (x_n + a / x_n) / 2\\n //\\n // One should note that:\\n // x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a\\n // = ((x_n² + a) / (2 * x_n))² - a\\n // = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a\\n // = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)\\n // = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)\\n // = (x_n² - a)² / (2 * x_n)²\\n // = ((x_n² - a) / (2 * x_n))²\\n // ≥ 0\\n // Which proves that for all n ≥ 1, sqrt(a) ≤ x_n\\n //\\n // This gives us the proof of quadratic convergence of the sequence:\\n // ε_{n+1} = | x_{n+1} - sqrt(a) |\\n // = | (x_n + a / x_n) / 2 - sqrt(a) |\\n // = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |\\n // = | (x_n - sqrt(a))² / (2 * x_n) |\\n // = | ε_n² / (2 * x_n) |\\n // = ε_n² / | (2 * x_n) |\\n //\\n // For the first iteration, we have a special case where x_0 is known:\\n // ε_1 = ε_0² / | (2 * x_0) |\\n // ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))\\n // ≤ 2**(2*e-4) / (3 * 2**(e-1))\\n // ≤ 2**(e-3) / 3\\n // ≤ 2**(e-3-log2(3))\\n // ≤ 2**(e-4.5)\\n //\\n // For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:\\n // ε_{n+1} = ε_n² / | (2 * x_n) |\\n // ≤ (2**(e-k))² / (2 * 2**(e-1))\\n // ≤ 2**(2*e-2*k) / 2**e\\n // ≤ 2**(e-2*k)\\n xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5) -- special case, see above\\n xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9) -- general case with k = 4.5\\n xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18) -- general case with k = 9\\n xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36) -- general case with k = 18\\n xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72) -- general case with k = 36\\n xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144) -- general case with k = 72\\n\\n // Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision\\n // ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either\\n // sqrt(a) or sqrt(a) + 1.\\n return xn - SafeCast.toUint(xn > a / xn);\\n }\\n }\\n\\n /**\\n * @dev Calculates sqrt(a), following the selected rounding direction.\\n */\\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = sqrt(a);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 2 of a positive value rounded towards zero.\\n * Returns 0 if given 0.\\n */\\n function log2(uint256 x) internal pure returns (uint256 r) {\\n // If value has upper 128 bits set, log2 result is at least 128\\n r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;\\n // If upper 64 bits of 128-bit half set, add 64 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;\\n // If upper 32 bits of 64-bit half set, add 32 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;\\n // If upper 16 bits of 32-bit half set, add 16 to result\\n r |= SafeCast.toUint((x >> r) > 0xffff) << 4;\\n // If upper 8 bits of 16-bit half set, add 8 to result\\n r |= SafeCast.toUint((x >> r) > 0xff) << 3;\\n // If upper 4 bits of 8-bit half set, add 4 to result\\n r |= SafeCast.toUint((x >> r) > 0xf) << 2;\\n\\n // Shifts value right by the current result and use it as an index into this lookup table:\\n //\\n // | x (4 bits) | index | table[index] = MSB position |\\n // |------------|---------|-----------------------------|\\n // | 0000 | 0 | table[0] = 0 |\\n // | 0001 | 1 | table[1] = 0 |\\n // | 0010 | 2 | table[2] = 1 |\\n // | 0011 | 3 | table[3] = 1 |\\n // | 0100 | 4 | table[4] = 2 |\\n // | 0101 | 5 | table[5] = 2 |\\n // | 0110 | 6 | table[6] = 2 |\\n // | 0111 | 7 | table[7] = 2 |\\n // | 1000 | 8 | table[8] = 3 |\\n // | 1001 | 9 | table[9] = 3 |\\n // | 1010 | 10 | table[10] = 3 |\\n // | 1011 | 11 | table[11] = 3 |\\n // | 1100 | 12 | table[12] = 3 |\\n // | 1101 | 13 | table[13] = 3 |\\n // | 1110 | 14 | table[14] = 3 |\\n // | 1111 | 15 | table[15] = 3 |\\n //\\n // The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the first 16 bytes (most significant half).\\n assembly (\\\"memory-safe\\\") {\\n r := or(r, byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000))\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\\n * Returns 0 if given 0.\\n */\\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = log2(value);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 10 of a positive value rounded towards zero.\\n * Returns 0 if given 0.\\n */\\n function log10(uint256 value) internal pure returns (uint256) {\\n uint256 result = 0;\\n unchecked {\\n if (value >= 10 ** 64) {\\n value /= 10 ** 64;\\n result += 64;\\n }\\n if (value >= 10 ** 32) {\\n value /= 10 ** 32;\\n result += 32;\\n }\\n if (value >= 10 ** 16) {\\n value /= 10 ** 16;\\n result += 16;\\n }\\n if (value >= 10 ** 8) {\\n value /= 10 ** 8;\\n result += 8;\\n }\\n if (value >= 10 ** 4) {\\n value /= 10 ** 4;\\n result += 4;\\n }\\n if (value >= 10 ** 2) {\\n value /= 10 ** 2;\\n result += 2;\\n }\\n if (value >= 10 ** 1) {\\n result += 1;\\n }\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\\n * Returns 0 if given 0.\\n */\\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = log10(value);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 256 of a positive value rounded towards zero.\\n * Returns 0 if given 0.\\n *\\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\\n */\\n function log256(uint256 x) internal pure returns (uint256 r) {\\n // If value has upper 128 bits set, log2 result is at least 128\\n r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;\\n // If upper 64 bits of 128-bit half set, add 64 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;\\n // If upper 32 bits of 64-bit half set, add 32 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;\\n // If upper 16 bits of 32-bit half set, add 16 to result\\n r |= SafeCast.toUint((x >> r) > 0xffff) << 4;\\n // Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8\\n return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);\\n }\\n\\n /**\\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\\n * Returns 0 if given 0.\\n */\\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = log256(value);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);\\n }\\n }\\n\\n /**\\n * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.\\n */\\n function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {\\n return uint8(rounding) % 2 == 1;\\n }\\n\\n /**\\n * @dev Counts the number of leading zero bits in a uint256.\\n */\\n function clz(uint256 x) internal pure returns (uint256) {\\n return ternary(x == 0, 256, 255 - log2(x));\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/StorageSlot.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)\\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Library for reading and writing primitive types to specific storage slots.\\n *\\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\\n * This library helps with reading and writing to such slots without the need for inline assembly.\\n *\\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\\n *\\n * Example usage to set ERC-1967 implementation slot:\\n * ```solidity\\n * contract ERC1967 {\\n * // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.\\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\\n *\\n * function _getImplementation() internal view returns (address) {\\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\\n * }\\n *\\n * function _setImplementation(address newImplementation) internal {\\n * require(newImplementation.code.length > 0);\\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\\n * }\\n * }\\n * ```\\n *\\n * TIP: Consider using this library along with {SlotDerivation}.\\n */\\nlibrary StorageSlot {\\n struct AddressSlot {\\n address value;\\n }\\n\\n struct BooleanSlot {\\n bool value;\\n }\\n\\n struct Bytes32Slot {\\n bytes32 value;\\n }\\n\\n struct Uint256Slot {\\n uint256 value;\\n }\\n\\n struct Int256Slot {\\n int256 value;\\n }\\n\\n struct StringSlot {\\n string value;\\n }\\n\\n struct BytesSlot {\\n bytes value;\\n }\\n\\n /**\\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\\n */\\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `BooleanSlot` with member `value` located at `slot`.\\n */\\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `Bytes32Slot` with member `value` located at `slot`.\\n */\\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `Uint256Slot` with member `value` located at `slot`.\\n */\\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `Int256Slot` with member `value` located at `slot`.\\n */\\n function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `StringSlot` with member `value` located at `slot`.\\n */\\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\\n */\\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := store.slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `BytesSlot` with member `value` located at `slot`.\\n */\\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\\n */\\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := store.slot\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/ShortStrings.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.5.0) (utils/ShortStrings.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {StorageSlot} from \\\"./StorageSlot.sol\\\";\\n\\n// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |\\n// | length | 0x BB |\\ntype ShortString is bytes32;\\n\\n/**\\n * @dev This library provides functions to convert short memory strings\\n * into a `ShortString` type that can be used as an immutable variable.\\n *\\n * Strings of arbitrary length can be optimized using this library if\\n * they are short enough (up to 31 bytes) by packing them with their\\n * length (1 byte) in a single EVM word (32 bytes). Additionally, a\\n * fallback mechanism can be used for every other case.\\n *\\n * Usage example:\\n *\\n * ```solidity\\n * contract Named {\\n * using ShortStrings for *;\\n *\\n * ShortString private immutable _name;\\n * string private _nameFallback;\\n *\\n * constructor(string memory contractName) {\\n * _name = contractName.toShortStringWithFallback(_nameFallback);\\n * }\\n *\\n * function name() external view returns (string memory) {\\n * return _name.toStringWithFallback(_nameFallback);\\n * }\\n * }\\n * ```\\n */\\nlibrary ShortStrings {\\n // Used as an identifier for strings longer than 31 bytes.\\n bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;\\n\\n error StringTooLong(string str);\\n error InvalidShortString();\\n\\n /**\\n * @dev Encode a string of at most 31 chars into a `ShortString`.\\n *\\n * This will trigger a `StringTooLong` error is the input string is too long.\\n */\\n function toShortString(string memory str) internal pure returns (ShortString) {\\n bytes memory bstr = bytes(str);\\n if (bstr.length > 0x1f) {\\n revert StringTooLong(str);\\n }\\n return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));\\n }\\n\\n /**\\n * @dev Decode a `ShortString` back to a \\\"normal\\\" string.\\n */\\n function toString(ShortString sstr) internal pure returns (string memory) {\\n uint256 len = byteLength(sstr);\\n // using `new string(len)` would work locally but is not memory safe.\\n string memory str = new string(0x20);\\n assembly (\\\"memory-safe\\\") {\\n mstore(str, len)\\n mstore(add(str, 0x20), sstr)\\n }\\n return str;\\n }\\n\\n /**\\n * @dev Return the length of a `ShortString`.\\n */\\n function byteLength(ShortString sstr) internal pure returns (uint256) {\\n uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;\\n if (result > 0x1f) {\\n revert InvalidShortString();\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Encode a string into a `ShortString`, or write it to storage if it is too long.\\n */\\n function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {\\n if (bytes(value).length < 0x20) {\\n return toShortString(value);\\n } else {\\n StorageSlot.getStringSlot(store).value = value;\\n return ShortString.wrap(FALLBACK_SENTINEL);\\n }\\n }\\n\\n /**\\n * @dev Decode a string that was encoded to `ShortString` or written to storage using {toShortStringWithFallback}.\\n */\\n function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {\\n if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {\\n return toString(value);\\n } else {\\n return store;\\n }\\n }\\n\\n /**\\n * @dev Return the length of a string that was encoded to `ShortString` or written to storage using\\n * {toShortStringWithFallback}.\\n *\\n * WARNING: This will return the \\\"byte length\\\" of the string. This may not reflect the actual length in terms of\\n * actual characters as the UTF-8 encoding of a single character can span over multiple bytes.\\n */\\n function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {\\n if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {\\n return byteLength(value);\\n } else {\\n return bytes(store).length;\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (access/Ownable2Step.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {Ownable} from \\\"./Ownable.sol\\\";\\n\\n/**\\n * @dev Contract module which provides access control mechanism, where\\n * there is an account (an owner) that can be granted exclusive access to\\n * specific functions.\\n *\\n * This extension of the {Ownable} contract includes a two-step mechanism to transfer\\n * ownership, where the new owner must call {acceptOwnership} in order to replace the\\n * old one. This can help prevent common mistakes, such as transfers of ownership to\\n * incorrect accounts, or to contracts that are unable to interact with the\\n * permission system.\\n *\\n * The initial owner is specified at deployment time in the constructor for `Ownable`. This\\n * can later be changed with {transferOwnership} and {acceptOwnership}.\\n *\\n * This module is used through inheritance. It will make available all functions\\n * from parent (Ownable).\\n */\\nabstract contract Ownable2Step is Ownable {\\n address private _pendingOwner;\\n\\n event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);\\n\\n /**\\n * @dev Returns the address of the pending owner.\\n */\\n function pendingOwner() public view virtual returns (address) {\\n return _pendingOwner;\\n }\\n\\n /**\\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\\n * Can only be called by the current owner.\\n *\\n * Setting `newOwner` to the zero address is allowed; this can be used to cancel an initiated ownership transfer.\\n */\\n function transferOwnership(address newOwner) public virtual override onlyOwner {\\n _pendingOwner = newOwner;\\n emit OwnershipTransferStarted(owner(), newOwner);\\n }\\n\\n /**\\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\\n * Internal function without access restriction.\\n */\\n function _transferOwnership(address newOwner) internal virtual override {\\n delete _pendingOwner;\\n super._transferOwnership(newOwner);\\n }\\n\\n /**\\n * @dev The new owner accepts the ownership transfer.\\n */\\n function acceptOwnership() public virtual {\\n address sender = _msgSender();\\n if (pendingOwner() != sender) {\\n revert OwnableUnauthorizedAccount(sender);\\n }\\n _transferOwnership(sender);\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/interfaces/IERC5267.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC5267.sol)\\n\\npragma solidity >=0.4.16;\\n\\ninterface IERC5267 {\\n /**\\n * @dev MAY be emitted to signal that the domain could have changed.\\n */\\n event EIP712DomainChanged();\\n\\n /**\\n * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712\\n * signature.\\n */\\n function eip712Domain()\\n external\\n view\\n returns (\\n bytes1 fields,\\n string memory name,\\n string memory version,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt,\\n uint256[] memory extensions\\n );\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/math/SafeCast.sol)\\n// This file was procedurally generated from scripts/generate/templates/SafeCast.js.\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow\\n * checks.\\n *\\n * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can\\n * easily result in undesired exploitation or bugs, since developers usually\\n * assume that overflows raise errors. `SafeCast` restores this intuition by\\n * reverting the transaction when such an operation overflows.\\n *\\n * Using this library instead of the unchecked operations eliminates an entire\\n * class of bugs, so it's recommended to use it always.\\n */\\nlibrary SafeCast {\\n /**\\n * @dev Value doesn't fit in a uint of `bits` size.\\n */\\n error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);\\n\\n /**\\n * @dev An int value doesn't fit in a uint of `bits` size.\\n */\\n error SafeCastOverflowedIntToUint(int256 value);\\n\\n /**\\n * @dev Value doesn't fit in an int of `bits` size.\\n */\\n error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);\\n\\n /**\\n * @dev A uint value doesn't fit in an int of `bits` size.\\n */\\n error SafeCastOverflowedUintToInt(uint256 value);\\n\\n /**\\n * @dev Returns the downcasted uint248 from uint256, reverting on\\n * overflow (when the input is greater than largest uint248).\\n *\\n * Counterpart to Solidity's `uint248` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 248 bits\\n */\\n function toUint248(uint256 value) internal pure returns (uint248) {\\n if (value > type(uint248).max) {\\n revert SafeCastOverflowedUintDowncast(248, value);\\n }\\n return uint248(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint240 from uint256, reverting on\\n * overflow (when the input is greater than largest uint240).\\n *\\n * Counterpart to Solidity's `uint240` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 240 bits\\n */\\n function toUint240(uint256 value) internal pure returns (uint240) {\\n if (value > type(uint240).max) {\\n revert SafeCastOverflowedUintDowncast(240, value);\\n }\\n return uint240(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint232 from uint256, reverting on\\n * overflow (when the input is greater than largest uint232).\\n *\\n * Counterpart to Solidity's `uint232` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 232 bits\\n */\\n function toUint232(uint256 value) internal pure returns (uint232) {\\n if (value > type(uint232).max) {\\n revert SafeCastOverflowedUintDowncast(232, value);\\n }\\n return uint232(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint224 from uint256, reverting on\\n * overflow (when the input is greater than largest uint224).\\n *\\n * Counterpart to Solidity's `uint224` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 224 bits\\n */\\n function toUint224(uint256 value) internal pure returns (uint224) {\\n if (value > type(uint224).max) {\\n revert SafeCastOverflowedUintDowncast(224, value);\\n }\\n return uint224(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint216 from uint256, reverting on\\n * overflow (when the input is greater than largest uint216).\\n *\\n * Counterpart to Solidity's `uint216` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 216 bits\\n */\\n function toUint216(uint256 value) internal pure returns (uint216) {\\n if (value > type(uint216).max) {\\n revert SafeCastOverflowedUintDowncast(216, value);\\n }\\n return uint216(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint208 from uint256, reverting on\\n * overflow (when the input is greater than largest uint208).\\n *\\n * Counterpart to Solidity's `uint208` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 208 bits\\n */\\n function toUint208(uint256 value) internal pure returns (uint208) {\\n if (value > type(uint208).max) {\\n revert SafeCastOverflowedUintDowncast(208, value);\\n }\\n return uint208(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint200 from uint256, reverting on\\n * overflow (when the input is greater than largest uint200).\\n *\\n * Counterpart to Solidity's `uint200` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 200 bits\\n */\\n function toUint200(uint256 value) internal pure returns (uint200) {\\n if (value > type(uint200).max) {\\n revert SafeCastOverflowedUintDowncast(200, value);\\n }\\n return uint200(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint192 from uint256, reverting on\\n * overflow (when the input is greater than largest uint192).\\n *\\n * Counterpart to Solidity's `uint192` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 192 bits\\n */\\n function toUint192(uint256 value) internal pure returns (uint192) {\\n if (value > type(uint192).max) {\\n revert SafeCastOverflowedUintDowncast(192, value);\\n }\\n return uint192(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint184 from uint256, reverting on\\n * overflow (when the input is greater than largest uint184).\\n *\\n * Counterpart to Solidity's `uint184` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 184 bits\\n */\\n function toUint184(uint256 value) internal pure returns (uint184) {\\n if (value > type(uint184).max) {\\n revert SafeCastOverflowedUintDowncast(184, value);\\n }\\n return uint184(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint176 from uint256, reverting on\\n * overflow (when the input is greater than largest uint176).\\n *\\n * Counterpart to Solidity's `uint176` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 176 bits\\n */\\n function toUint176(uint256 value) internal pure returns (uint176) {\\n if (value > type(uint176).max) {\\n revert SafeCastOverflowedUintDowncast(176, value);\\n }\\n return uint176(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint168 from uint256, reverting on\\n * overflow (when the input is greater than largest uint168).\\n *\\n * Counterpart to Solidity's `uint168` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 168 bits\\n */\\n function toUint168(uint256 value) internal pure returns (uint168) {\\n if (value > type(uint168).max) {\\n revert SafeCastOverflowedUintDowncast(168, value);\\n }\\n return uint168(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint160 from uint256, reverting on\\n * overflow (when the input is greater than largest uint160).\\n *\\n * Counterpart to Solidity's `uint160` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 160 bits\\n */\\n function toUint160(uint256 value) internal pure returns (uint160) {\\n if (value > type(uint160).max) {\\n revert SafeCastOverflowedUintDowncast(160, value);\\n }\\n return uint160(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint152 from uint256, reverting on\\n * overflow (when the input is greater than largest uint152).\\n *\\n * Counterpart to Solidity's `uint152` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 152 bits\\n */\\n function toUint152(uint256 value) internal pure returns (uint152) {\\n if (value > type(uint152).max) {\\n revert SafeCastOverflowedUintDowncast(152, value);\\n }\\n return uint152(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint144 from uint256, reverting on\\n * overflow (when the input is greater than largest uint144).\\n *\\n * Counterpart to Solidity's `uint144` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 144 bits\\n */\\n function toUint144(uint256 value) internal pure returns (uint144) {\\n if (value > type(uint144).max) {\\n revert SafeCastOverflowedUintDowncast(144, value);\\n }\\n return uint144(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint136 from uint256, reverting on\\n * overflow (when the input is greater than largest uint136).\\n *\\n * Counterpart to Solidity's `uint136` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 136 bits\\n */\\n function toUint136(uint256 value) internal pure returns (uint136) {\\n if (value > type(uint136).max) {\\n revert SafeCastOverflowedUintDowncast(136, value);\\n }\\n return uint136(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint128 from uint256, reverting on\\n * overflow (when the input is greater than largest uint128).\\n *\\n * Counterpart to Solidity's `uint128` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 128 bits\\n */\\n function toUint128(uint256 value) internal pure returns (uint128) {\\n if (value > type(uint128).max) {\\n revert SafeCastOverflowedUintDowncast(128, value);\\n }\\n return uint128(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint120 from uint256, reverting on\\n * overflow (when the input is greater than largest uint120).\\n *\\n * Counterpart to Solidity's `uint120` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 120 bits\\n */\\n function toUint120(uint256 value) internal pure returns (uint120) {\\n if (value > type(uint120).max) {\\n revert SafeCastOverflowedUintDowncast(120, value);\\n }\\n return uint120(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint112 from uint256, reverting on\\n * overflow (when the input is greater than largest uint112).\\n *\\n * Counterpart to Solidity's `uint112` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 112 bits\\n */\\n function toUint112(uint256 value) internal pure returns (uint112) {\\n if (value > type(uint112).max) {\\n revert SafeCastOverflowedUintDowncast(112, value);\\n }\\n return uint112(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint104 from uint256, reverting on\\n * overflow (when the input is greater than largest uint104).\\n *\\n * Counterpart to Solidity's `uint104` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 104 bits\\n */\\n function toUint104(uint256 value) internal pure returns (uint104) {\\n if (value > type(uint104).max) {\\n revert SafeCastOverflowedUintDowncast(104, value);\\n }\\n return uint104(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint96 from uint256, reverting on\\n * overflow (when the input is greater than largest uint96).\\n *\\n * Counterpart to Solidity's `uint96` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 96 bits\\n */\\n function toUint96(uint256 value) internal pure returns (uint96) {\\n if (value > type(uint96).max) {\\n revert SafeCastOverflowedUintDowncast(96, value);\\n }\\n return uint96(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint88 from uint256, reverting on\\n * overflow (when the input is greater than largest uint88).\\n *\\n * Counterpart to Solidity's `uint88` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 88 bits\\n */\\n function toUint88(uint256 value) internal pure returns (uint88) {\\n if (value > type(uint88).max) {\\n revert SafeCastOverflowedUintDowncast(88, value);\\n }\\n return uint88(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint80 from uint256, reverting on\\n * overflow (when the input is greater than largest uint80).\\n *\\n * Counterpart to Solidity's `uint80` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 80 bits\\n */\\n function toUint80(uint256 value) internal pure returns (uint80) {\\n if (value > type(uint80).max) {\\n revert SafeCastOverflowedUintDowncast(80, value);\\n }\\n return uint80(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint72 from uint256, reverting on\\n * overflow (when the input is greater than largest uint72).\\n *\\n * Counterpart to Solidity's `uint72` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 72 bits\\n */\\n function toUint72(uint256 value) internal pure returns (uint72) {\\n if (value > type(uint72).max) {\\n revert SafeCastOverflowedUintDowncast(72, value);\\n }\\n return uint72(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint64 from uint256, reverting on\\n * overflow (when the input is greater than largest uint64).\\n *\\n * Counterpart to Solidity's `uint64` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 64 bits\\n */\\n function toUint64(uint256 value) internal pure returns (uint64) {\\n if (value > type(uint64).max) {\\n revert SafeCastOverflowedUintDowncast(64, value);\\n }\\n return uint64(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint56 from uint256, reverting on\\n * overflow (when the input is greater than largest uint56).\\n *\\n * Counterpart to Solidity's `uint56` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 56 bits\\n */\\n function toUint56(uint256 value) internal pure returns (uint56) {\\n if (value > type(uint56).max) {\\n revert SafeCastOverflowedUintDowncast(56, value);\\n }\\n return uint56(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint48 from uint256, reverting on\\n * overflow (when the input is greater than largest uint48).\\n *\\n * Counterpart to Solidity's `uint48` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 48 bits\\n */\\n function toUint48(uint256 value) internal pure returns (uint48) {\\n if (value > type(uint48).max) {\\n revert SafeCastOverflowedUintDowncast(48, value);\\n }\\n return uint48(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint40 from uint256, reverting on\\n * overflow (when the input is greater than largest uint40).\\n *\\n * Counterpart to Solidity's `uint40` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 40 bits\\n */\\n function toUint40(uint256 value) internal pure returns (uint40) {\\n if (value > type(uint40).max) {\\n revert SafeCastOverflowedUintDowncast(40, value);\\n }\\n return uint40(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint32 from uint256, reverting on\\n * overflow (when the input is greater than largest uint32).\\n *\\n * Counterpart to Solidity's `uint32` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 32 bits\\n */\\n function toUint32(uint256 value) internal pure returns (uint32) {\\n if (value > type(uint32).max) {\\n revert SafeCastOverflowedUintDowncast(32, value);\\n }\\n return uint32(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint24 from uint256, reverting on\\n * overflow (when the input is greater than largest uint24).\\n *\\n * Counterpart to Solidity's `uint24` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 24 bits\\n */\\n function toUint24(uint256 value) internal pure returns (uint24) {\\n if (value > type(uint24).max) {\\n revert SafeCastOverflowedUintDowncast(24, value);\\n }\\n return uint24(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint16 from uint256, reverting on\\n * overflow (when the input is greater than largest uint16).\\n *\\n * Counterpart to Solidity's `uint16` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 16 bits\\n */\\n function toUint16(uint256 value) internal pure returns (uint16) {\\n if (value > type(uint16).max) {\\n revert SafeCastOverflowedUintDowncast(16, value);\\n }\\n return uint16(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint8 from uint256, reverting on\\n * overflow (when the input is greater than largest uint8).\\n *\\n * Counterpart to Solidity's `uint8` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 8 bits\\n */\\n function toUint8(uint256 value) internal pure returns (uint8) {\\n if (value > type(uint8).max) {\\n revert SafeCastOverflowedUintDowncast(8, value);\\n }\\n return uint8(value);\\n }\\n\\n /**\\n * @dev Converts a signed int256 into an unsigned uint256.\\n *\\n * Requirements:\\n *\\n * - input must be greater than or equal to 0.\\n */\\n function toUint256(int256 value) internal pure returns (uint256) {\\n if (value < 0) {\\n revert SafeCastOverflowedIntToUint(value);\\n }\\n return uint256(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted int248 from int256, reverting on\\n * overflow (when the input is less than smallest int248 or\\n * greater than largest int248).\\n *\\n * Counterpart to Solidity's `int248` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 248 bits\\n */\\n function toInt248(int256 value) internal pure returns (int248 downcasted) {\\n downcasted = int248(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(248, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int240 from int256, reverting on\\n * overflow (when the input is less than smallest int240 or\\n * greater than largest int240).\\n *\\n * Counterpart to Solidity's `int240` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 240 bits\\n */\\n function toInt240(int256 value) internal pure returns (int240 downcasted) {\\n downcasted = int240(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(240, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int232 from int256, reverting on\\n * overflow (when the input is less than smallest int232 or\\n * greater than largest int232).\\n *\\n * Counterpart to Solidity's `int232` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 232 bits\\n */\\n function toInt232(int256 value) internal pure returns (int232 downcasted) {\\n downcasted = int232(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(232, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int224 from int256, reverting on\\n * overflow (when the input is less than smallest int224 or\\n * greater than largest int224).\\n *\\n * Counterpart to Solidity's `int224` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 224 bits\\n */\\n function toInt224(int256 value) internal pure returns (int224 downcasted) {\\n downcasted = int224(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(224, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int216 from int256, reverting on\\n * overflow (when the input is less than smallest int216 or\\n * greater than largest int216).\\n *\\n * Counterpart to Solidity's `int216` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 216 bits\\n */\\n function toInt216(int256 value) internal pure returns (int216 downcasted) {\\n downcasted = int216(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(216, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int208 from int256, reverting on\\n * overflow (when the input is less than smallest int208 or\\n * greater than largest int208).\\n *\\n * Counterpart to Solidity's `int208` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 208 bits\\n */\\n function toInt208(int256 value) internal pure returns (int208 downcasted) {\\n downcasted = int208(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(208, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int200 from int256, reverting on\\n * overflow (when the input is less than smallest int200 or\\n * greater than largest int200).\\n *\\n * Counterpart to Solidity's `int200` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 200 bits\\n */\\n function toInt200(int256 value) internal pure returns (int200 downcasted) {\\n downcasted = int200(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(200, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int192 from int256, reverting on\\n * overflow (when the input is less than smallest int192 or\\n * greater than largest int192).\\n *\\n * Counterpart to Solidity's `int192` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 192 bits\\n */\\n function toInt192(int256 value) internal pure returns (int192 downcasted) {\\n downcasted = int192(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(192, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int184 from int256, reverting on\\n * overflow (when the input is less than smallest int184 or\\n * greater than largest int184).\\n *\\n * Counterpart to Solidity's `int184` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 184 bits\\n */\\n function toInt184(int256 value) internal pure returns (int184 downcasted) {\\n downcasted = int184(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(184, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int176 from int256, reverting on\\n * overflow (when the input is less than smallest int176 or\\n * greater than largest int176).\\n *\\n * Counterpart to Solidity's `int176` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 176 bits\\n */\\n function toInt176(int256 value) internal pure returns (int176 downcasted) {\\n downcasted = int176(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(176, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int168 from int256, reverting on\\n * overflow (when the input is less than smallest int168 or\\n * greater than largest int168).\\n *\\n * Counterpart to Solidity's `int168` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 168 bits\\n */\\n function toInt168(int256 value) internal pure returns (int168 downcasted) {\\n downcasted = int168(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(168, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int160 from int256, reverting on\\n * overflow (when the input is less than smallest int160 or\\n * greater than largest int160).\\n *\\n * Counterpart to Solidity's `int160` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 160 bits\\n */\\n function toInt160(int256 value) internal pure returns (int160 downcasted) {\\n downcasted = int160(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(160, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int152 from int256, reverting on\\n * overflow (when the input is less than smallest int152 or\\n * greater than largest int152).\\n *\\n * Counterpart to Solidity's `int152` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 152 bits\\n */\\n function toInt152(int256 value) internal pure returns (int152 downcasted) {\\n downcasted = int152(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(152, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int144 from int256, reverting on\\n * overflow (when the input is less than smallest int144 or\\n * greater than largest int144).\\n *\\n * Counterpart to Solidity's `int144` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 144 bits\\n */\\n function toInt144(int256 value) internal pure returns (int144 downcasted) {\\n downcasted = int144(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(144, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int136 from int256, reverting on\\n * overflow (when the input is less than smallest int136 or\\n * greater than largest int136).\\n *\\n * Counterpart to Solidity's `int136` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 136 bits\\n */\\n function toInt136(int256 value) internal pure returns (int136 downcasted) {\\n downcasted = int136(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(136, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int128 from int256, reverting on\\n * overflow (when the input is less than smallest int128 or\\n * greater than largest int128).\\n *\\n * Counterpart to Solidity's `int128` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 128 bits\\n */\\n function toInt128(int256 value) internal pure returns (int128 downcasted) {\\n downcasted = int128(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(128, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int120 from int256, reverting on\\n * overflow (when the input is less than smallest int120 or\\n * greater than largest int120).\\n *\\n * Counterpart to Solidity's `int120` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 120 bits\\n */\\n function toInt120(int256 value) internal pure returns (int120 downcasted) {\\n downcasted = int120(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(120, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int112 from int256, reverting on\\n * overflow (when the input is less than smallest int112 or\\n * greater than largest int112).\\n *\\n * Counterpart to Solidity's `int112` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 112 bits\\n */\\n function toInt112(int256 value) internal pure returns (int112 downcasted) {\\n downcasted = int112(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(112, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int104 from int256, reverting on\\n * overflow (when the input is less than smallest int104 or\\n * greater than largest int104).\\n *\\n * Counterpart to Solidity's `int104` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 104 bits\\n */\\n function toInt104(int256 value) internal pure returns (int104 downcasted) {\\n downcasted = int104(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(104, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int96 from int256, reverting on\\n * overflow (when the input is less than smallest int96 or\\n * greater than largest int96).\\n *\\n * Counterpart to Solidity's `int96` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 96 bits\\n */\\n function toInt96(int256 value) internal pure returns (int96 downcasted) {\\n downcasted = int96(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(96, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int88 from int256, reverting on\\n * overflow (when the input is less than smallest int88 or\\n * greater than largest int88).\\n *\\n * Counterpart to Solidity's `int88` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 88 bits\\n */\\n function toInt88(int256 value) internal pure returns (int88 downcasted) {\\n downcasted = int88(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(88, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int80 from int256, reverting on\\n * overflow (when the input is less than smallest int80 or\\n * greater than largest int80).\\n *\\n * Counterpart to Solidity's `int80` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 80 bits\\n */\\n function toInt80(int256 value) internal pure returns (int80 downcasted) {\\n downcasted = int80(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(80, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int72 from int256, reverting on\\n * overflow (when the input is less than smallest int72 or\\n * greater than largest int72).\\n *\\n * Counterpart to Solidity's `int72` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 72 bits\\n */\\n function toInt72(int256 value) internal pure returns (int72 downcasted) {\\n downcasted = int72(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(72, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int64 from int256, reverting on\\n * overflow (when the input is less than smallest int64 or\\n * greater than largest int64).\\n *\\n * Counterpart to Solidity's `int64` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 64 bits\\n */\\n function toInt64(int256 value) internal pure returns (int64 downcasted) {\\n downcasted = int64(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(64, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int56 from int256, reverting on\\n * overflow (when the input is less than smallest int56 or\\n * greater than largest int56).\\n *\\n * Counterpart to Solidity's `int56` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 56 bits\\n */\\n function toInt56(int256 value) internal pure returns (int56 downcasted) {\\n downcasted = int56(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(56, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int48 from int256, reverting on\\n * overflow (when the input is less than smallest int48 or\\n * greater than largest int48).\\n *\\n * Counterpart to Solidity's `int48` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 48 bits\\n */\\n function toInt48(int256 value) internal pure returns (int48 downcasted) {\\n downcasted = int48(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(48, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int40 from int256, reverting on\\n * overflow (when the input is less than smallest int40 or\\n * greater than largest int40).\\n *\\n * Counterpart to Solidity's `int40` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 40 bits\\n */\\n function toInt40(int256 value) internal pure returns (int40 downcasted) {\\n downcasted = int40(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(40, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int32 from int256, reverting on\\n * overflow (when the input is less than smallest int32 or\\n * greater than largest int32).\\n *\\n * Counterpart to Solidity's `int32` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 32 bits\\n */\\n function toInt32(int256 value) internal pure returns (int32 downcasted) {\\n downcasted = int32(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(32, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int24 from int256, reverting on\\n * overflow (when the input is less than smallest int24 or\\n * greater than largest int24).\\n *\\n * Counterpart to Solidity's `int24` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 24 bits\\n */\\n function toInt24(int256 value) internal pure returns (int24 downcasted) {\\n downcasted = int24(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(24, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int16 from int256, reverting on\\n * overflow (when the input is less than smallest int16 or\\n * greater than largest int16).\\n *\\n * Counterpart to Solidity's `int16` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 16 bits\\n */\\n function toInt16(int256 value) internal pure returns (int16 downcasted) {\\n downcasted = int16(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(16, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int8 from int256, reverting on\\n * overflow (when the input is less than smallest int8 or\\n * greater than largest int8).\\n *\\n * Counterpart to Solidity's `int8` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 8 bits\\n */\\n function toInt8(int256 value) internal pure returns (int8 downcasted) {\\n downcasted = int8(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(8, value);\\n }\\n }\\n\\n /**\\n * @dev Converts an unsigned uint256 into a signed int256.\\n *\\n * Requirements:\\n *\\n * - input must be less than or equal to maxInt256.\\n */\\n function toInt256(uint256 value) internal pure returns (int256) {\\n // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive\\n if (value > uint256(type(int256).max)) {\\n revert SafeCastOverflowedUintToInt(value);\\n }\\n return int256(value);\\n }\\n\\n /**\\n * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.\\n */\\n function toUint(bool b) internal pure returns (uint256 u) {\\n assembly (\\\"memory-safe\\\") {\\n u := iszero(iszero(b))\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/math/SignedMath.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SignedMath.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {SafeCast} from \\\"./SafeCast.sol\\\";\\n\\n/**\\n * @dev Standard signed math utilities missing in the Solidity language.\\n */\\nlibrary SignedMath {\\n /**\\n * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.\\n *\\n * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.\\n * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute\\n * one branch when needed, making this function more expensive.\\n */\\n function ternary(bool condition, int256 a, int256 b) internal pure returns (int256) {\\n unchecked {\\n // branchless ternary works because:\\n // b ^ (a ^ b) == a\\n // b ^ 0 == b\\n return b ^ ((a ^ b) * int256(SafeCast.toUint(condition)));\\n }\\n }\\n\\n /**\\n * @dev Returns the largest of two signed numbers.\\n */\\n function max(int256 a, int256 b) internal pure returns (int256) {\\n return ternary(a > b, a, b);\\n }\\n\\n /**\\n * @dev Returns the smallest of two signed numbers.\\n */\\n function min(int256 a, int256 b) internal pure returns (int256) {\\n return ternary(a < b, a, b);\\n }\\n\\n /**\\n * @dev Returns the average of two signed numbers without overflow.\\n * The result is rounded towards zero.\\n */\\n function average(int256 a, int256 b) internal pure returns (int256) {\\n // Formula from the book \\\"Hacker's Delight\\\"\\n int256 x = (a & b) + ((a ^ b) >> 1);\\n return x + (int256(uint256(x) >> 255) & (a ^ b));\\n }\\n\\n /**\\n * @dev Returns the absolute unsigned value of a signed value.\\n */\\n function abs(int256 n) internal pure returns (uint256) {\\n unchecked {\\n // Formula from the \\\"Bit Twiddling Hacks\\\" by Sean Eron Anderson.\\n // Since `n` is a signed integer, the generated bytecode will use the SAR opcode to perform the right shift,\\n // taking advantage of the most significant (or \\\"sign\\\" bit) in two's complement representation.\\n // This opcode adds new most significant bits set to the value of the previous most significant bit. As a result,\\n // the mask will either be `bytes32(0)` (if n is positive) or `~bytes32(0)` (if n is negative).\\n int256 mask = n >> 255;\\n\\n // A `bytes32(0)` mask leaves the input unchanged, while a `~bytes32(0)` mask complements it.\\n return uint256((n + mask) ^ mask);\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/cryptography/ECDSA.sol)\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\\n *\\n * These functions can be used to verify that a message was signed by the holder\\n * of the private keys of a given address.\\n */\\nlibrary ECDSA {\\n enum RecoverError {\\n NoError,\\n InvalidSignature,\\n InvalidSignatureLength,\\n InvalidSignatureS\\n }\\n\\n /**\\n * @dev The signature is invalid.\\n */\\n error ECDSAInvalidSignature();\\n\\n /**\\n * @dev The signature has an invalid length.\\n */\\n error ECDSAInvalidSignatureLength(uint256 length);\\n\\n /**\\n * @dev The signature has an S value that is in the upper half order.\\n */\\n error ECDSAInvalidSignatureS(bytes32 s);\\n\\n /**\\n * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not\\n * return address(0) without also returning an error description. Errors are documented using an enum (error type)\\n * and a bytes32 providing additional information about the error.\\n *\\n * If no error is returned, then the address can be used for verification purposes.\\n *\\n * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:\\n * this function rejects them by requiring the `s` value to be in the lower\\n * half order, and the `v` value to be either 27 or 28.\\n *\\n * NOTE: This function only supports 65-byte signatures. ERC-2098 short signatures are rejected. This restriction\\n * is DEPRECATED and will be removed in v6.0. Developers SHOULD NOT use signatures as unique identifiers; use hash\\n * invalidation or nonces for replay protection.\\n *\\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\\n * verification to be secure: it is possible to craft signatures that\\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\\n * this is by receiving a hash of the original message (which may otherwise\\n * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.\\n *\\n * Documentation for signature generation:\\n *\\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\\n */\\n function tryRecover(\\n bytes32 hash,\\n bytes memory signature\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n if (signature.length == 65) {\\n bytes32 r;\\n bytes32 s;\\n uint8 v;\\n // ecrecover takes the signature parameters, and the only way to get them\\n // currently is to use assembly.\\n assembly (\\\"memory-safe\\\") {\\n r := mload(add(signature, 0x20))\\n s := mload(add(signature, 0x40))\\n v := byte(0, mload(add(signature, 0x60)))\\n }\\n return tryRecover(hash, v, r, s);\\n } else {\\n return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));\\n }\\n }\\n\\n /**\\n * @dev Variant of {tryRecover} that takes a signature in calldata\\n */\\n function tryRecoverCalldata(\\n bytes32 hash,\\n bytes calldata signature\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n if (signature.length == 65) {\\n bytes32 r;\\n bytes32 s;\\n uint8 v;\\n // ecrecover takes the signature parameters, calldata slices would work here, but are\\n // significantly more expensive (length check) than using calldataload in assembly.\\n assembly (\\\"memory-safe\\\") {\\n r := calldataload(signature.offset)\\n s := calldataload(add(signature.offset, 0x20))\\n v := byte(0, calldataload(add(signature.offset, 0x40)))\\n }\\n return tryRecover(hash, v, r, s);\\n } else {\\n return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));\\n }\\n }\\n\\n /**\\n * @dev Returns the address that signed a hashed message (`hash`) with\\n * `signature`. This address can then be used for verification purposes.\\n *\\n * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:\\n * this function rejects them by requiring the `s` value to be in the lower\\n * half order, and the `v` value to be either 27 or 28.\\n *\\n * NOTE: This function only supports 65-byte signatures. ERC-2098 short signatures are rejected. This restriction\\n * is DEPRECATED and will be removed in v6.0. Developers SHOULD NOT use signatures as unique identifiers; use hash\\n * invalidation or nonces for replay protection.\\n *\\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\\n * verification to be secure: it is possible to craft signatures that\\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\\n * this is by receiving a hash of the original message (which may otherwise\\n * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.\\n */\\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Variant of {recover} that takes a signature in calldata\\n */\\n function recoverCalldata(bytes32 hash, bytes calldata signature) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecoverCalldata(hash, signature);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\\n *\\n * See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]\\n */\\n function tryRecover(\\n bytes32 hash,\\n bytes32 r,\\n bytes32 vs\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n unchecked {\\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\\n // We do not check for an overflow here since the shift operation results in 0 or 1.\\n uint8 v = uint8((uint256(vs) >> 255) + 27);\\n return tryRecover(hash, v, r, s);\\n }\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-recover} that receives the `r` and `vs` short-signature fields separately.\\n */\\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\\n * `r` and `s` signature fields separately.\\n */\\n function tryRecover(\\n bytes32 hash,\\n uint8 v,\\n bytes32 r,\\n bytes32 s\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\\n //\\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\\n // these malleable signatures as well.\\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\\n return (address(0), RecoverError.InvalidSignatureS, s);\\n }\\n\\n // If the signature is valid (and not malleable), return the signer address\\n address signer = ecrecover(hash, v, r, s);\\n if (signer == address(0)) {\\n return (address(0), RecoverError.InvalidSignature, bytes32(0));\\n }\\n\\n return (signer, RecoverError.NoError, bytes32(0));\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-recover} that receives the `v`,\\n * `r` and `s` signature fields separately.\\n */\\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Parse a signature into its `v`, `r` and `s` components. Supports 65-byte and 64-byte (ERC-2098)\\n * formats. Returns (0,0,0) for invalid signatures.\\n *\\n * For 64-byte signatures, `v` is automatically normalized to 27 or 28.\\n * For 65-byte signatures, `v` is returned as-is and MUST already be 27 or 28 for use with ecrecover.\\n *\\n * Consider validating the result before use, or use {tryRecover}/{recover} which perform full validation.\\n */\\n function parse(bytes memory signature) internal pure returns (uint8 v, bytes32 r, bytes32 s) {\\n assembly (\\\"memory-safe\\\") {\\n // Check the signature length\\n switch mload(signature)\\n // - case 65: r,s,v signature (standard)\\n case 65 {\\n r := mload(add(signature, 0x20))\\n s := mload(add(signature, 0x40))\\n v := byte(0, mload(add(signature, 0x60)))\\n }\\n // - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098)\\n case 64 {\\n let vs := mload(add(signature, 0x40))\\n r := mload(add(signature, 0x20))\\n s := and(vs, shr(1, not(0)))\\n v := add(shr(255, vs), 27)\\n }\\n default {\\n r := 0\\n s := 0\\n v := 0\\n }\\n }\\n }\\n\\n /**\\n * @dev Variant of {parse} that takes a signature in calldata\\n */\\n function parseCalldata(bytes calldata signature) internal pure returns (uint8 v, bytes32 r, bytes32 s) {\\n assembly (\\\"memory-safe\\\") {\\n // Check the signature length\\n switch signature.length\\n // - case 65: r,s,v signature (standard)\\n case 65 {\\n r := calldataload(signature.offset)\\n s := calldataload(add(signature.offset, 0x20))\\n v := byte(0, calldataload(add(signature.offset, 0x40)))\\n }\\n // - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098)\\n case 64 {\\n let vs := calldataload(add(signature.offset, 0x20))\\n r := calldataload(signature.offset)\\n s := and(vs, shr(1, not(0)))\\n v := add(shr(255, vs), 27)\\n }\\n default {\\n r := 0\\n s := 0\\n v := 0\\n }\\n }\\n }\\n\\n /**\\n * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.\\n */\\n function _throwError(RecoverError error, bytes32 errorArg) private pure {\\n if (error == RecoverError.NoError) {\\n return; // no error: do nothing\\n } else if (error == RecoverError.InvalidSignature) {\\n revert ECDSAInvalidSignature();\\n } else if (error == RecoverError.InvalidSignatureLength) {\\n revert ECDSAInvalidSignatureLength(uint256(errorArg));\\n } else if (error == RecoverError.InvalidSignatureS) {\\n revert ECDSAInvalidSignatureS(errorArg);\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/cryptography/EIP712.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.5.0) (utils/cryptography/EIP712.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {MessageHashUtils} from \\\"./MessageHashUtils.sol\\\";\\nimport {ShortStrings, ShortString} from \\\"../ShortStrings.sol\\\";\\nimport {IERC5267} from \\\"../../interfaces/IERC5267.sol\\\";\\n\\n/**\\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP-712] is a standard for hashing and signing of typed structured data.\\n *\\n * The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose\\n * encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract\\n * does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to\\n * produce the hash of their typed data using a combination of `abi.encode` and `keccak256`.\\n *\\n * This contract implements the EIP-712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding\\n * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA\\n * ({_hashTypedDataV4}).\\n *\\n * The implementation of the domain separator was designed to be as efficient as possible while still properly updating\\n * the chain id to protect against replay attacks on an eventual fork of the chain.\\n *\\n * NOTE: This contract implements the version of the encoding known as \\\"v4\\\", as implemented by the JSON RPC method\\n * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].\\n *\\n * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain\\n * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the\\n * separator from the immutable values, which is cheaper than accessing a cached version in cold storage.\\n *\\n * @custom:oz-upgrades-unsafe-allow state-variable-immutable\\n */\\nabstract contract EIP712 is IERC5267 {\\n using ShortStrings for *;\\n\\n bytes32 private constant TYPE_HASH =\\n keccak256(\\\"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\\\");\\n\\n // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to\\n // invalidate the cached domain separator if the chain id changes.\\n bytes32 private immutable _cachedDomainSeparator;\\n uint256 private immutable _cachedChainId;\\n address private immutable _cachedThis;\\n\\n bytes32 private immutable _hashedName;\\n bytes32 private immutable _hashedVersion;\\n\\n ShortString private immutable _name;\\n ShortString private immutable _version;\\n // slither-disable-next-line constable-states\\n string private _nameFallback;\\n // slither-disable-next-line constable-states\\n string private _versionFallback;\\n\\n /**\\n * @dev Initializes the domain separator and parameter caches.\\n *\\n * The meaning of `name` and `version` is specified in\\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP-712]:\\n *\\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\\n * - `version`: the current major version of the signing domain.\\n *\\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\\n * contract upgrade].\\n */\\n constructor(string memory name, string memory version) {\\n _name = name.toShortStringWithFallback(_nameFallback);\\n _version = version.toShortStringWithFallback(_versionFallback);\\n _hashedName = keccak256(bytes(name));\\n _hashedVersion = keccak256(bytes(version));\\n\\n _cachedChainId = block.chainid;\\n _cachedDomainSeparator = _buildDomainSeparator();\\n _cachedThis = address(this);\\n }\\n\\n /**\\n * @dev Returns the domain separator for the current chain.\\n */\\n function _domainSeparatorV4() internal view returns (bytes32) {\\n if (address(this) == _cachedThis && block.chainid == _cachedChainId) {\\n return _cachedDomainSeparator;\\n } else {\\n return _buildDomainSeparator();\\n }\\n }\\n\\n function _buildDomainSeparator() private view returns (bytes32) {\\n return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));\\n }\\n\\n /**\\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\\n * function returns the hash of the fully encoded EIP712 message for this domain.\\n *\\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\\n *\\n * ```solidity\\n * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(\\n * keccak256(\\\"Mail(address to,string contents)\\\"),\\n * mailTo,\\n * keccak256(bytes(mailContents))\\n * )));\\n * address signer = ECDSA.recover(digest, signature);\\n * ```\\n */\\n function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {\\n return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash);\\n }\\n\\n /// @inheritdoc IERC5267\\n function eip712Domain()\\n public\\n view\\n virtual\\n returns (\\n bytes1 fields,\\n string memory name,\\n string memory version,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt,\\n uint256[] memory extensions\\n )\\n {\\n return (\\n hex\\\"0f\\\", // 01111\\n _EIP712Name(),\\n _EIP712Version(),\\n block.chainid,\\n address(this),\\n bytes32(0),\\n new uint256[](0)\\n );\\n }\\n\\n /**\\n * @dev The name parameter for the EIP712 domain.\\n *\\n * NOTE: By default this function reads _name which is an immutable value.\\n * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).\\n */\\n // solhint-disable-next-line func-name-mixedcase\\n function _EIP712Name() internal view returns (string memory) {\\n return _name.toStringWithFallback(_nameFallback);\\n }\\n\\n /**\\n * @dev The version parameter for the EIP712 domain.\\n *\\n * NOTE: By default this function reads _version which is an immutable value.\\n * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).\\n */\\n // solhint-disable-next-line func-name-mixedcase\\n function _EIP712Version() internal view returns (string memory) {\\n return _version.toStringWithFallback(_versionFallback);\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/cryptography/MessageHashUtils.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {Strings} from \\\"../Strings.sol\\\";\\n\\n/**\\n * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.\\n *\\n * The library provides methods for generating a hash of a message that conforms to the\\n * https://eips.ethereum.org/EIPS/eip-191[ERC-191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]\\n * specifications.\\n */\\nlibrary MessageHashUtils {\\n error ERC5267ExtensionsNotSupported();\\n\\n /**\\n * @dev Returns the keccak256 digest of an ERC-191 signed data with version\\n * `0x45` (`personal_sign` messages).\\n *\\n * The digest is calculated by prefixing a bytes32 `messageHash` with\\n * `\\\"\\\\x19Ethereum Signed Message:\\\\n32\\\"` and hashing the result. It corresponds with the\\n * hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.\\n *\\n * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with\\n * keccak256, although any bytes32 value can be safely used because the final digest will\\n * be re-hashed.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {\\n assembly (\\\"memory-safe\\\") {\\n mstore(0x00, \\\"\\\\x19Ethereum Signed Message:\\\\n32\\\") // 32 is the bytes-length of messageHash\\n mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix\\n digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)\\n }\\n }\\n\\n /**\\n * @dev Returns the keccak256 digest of an ERC-191 signed data with version\\n * `0x45` (`personal_sign` messages).\\n *\\n * The digest is calculated by prefixing an arbitrary `message` with\\n * `\\\"\\\\x19Ethereum Signed Message:\\\\n\\\" + len(message)` and hashing the result. It corresponds with the\\n * hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {\\n return\\n keccak256(bytes.concat(\\\"\\\\x19Ethereum Signed Message:\\\\n\\\", bytes(Strings.toString(message.length)), message));\\n }\\n\\n /**\\n * @dev Returns the keccak256 digest of an ERC-191 signed data with version\\n * `0x00` (data with intended validator).\\n *\\n * The digest is calculated by prefixing an arbitrary `data` with `\\\"\\\\x19\\\\x00\\\"` and the intended\\n * `validator` address. Then hashing the result.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\\n return keccak256(abi.encodePacked(hex\\\"19_00\\\", validator, data));\\n }\\n\\n /**\\n * @dev Variant of {toDataWithIntendedValidatorHash-address-bytes} optimized for cases where `data` is a bytes32.\\n */\\n function toDataWithIntendedValidatorHash(\\n address validator,\\n bytes32 messageHash\\n ) internal pure returns (bytes32 digest) {\\n assembly (\\\"memory-safe\\\") {\\n mstore(0x00, hex\\\"19_00\\\")\\n mstore(0x02, shl(96, validator))\\n mstore(0x16, messageHash)\\n digest := keccak256(0x00, 0x36)\\n }\\n }\\n\\n /**\\n * @dev Returns the keccak256 digest of an EIP-712 typed data (ERC-191 version `0x01`).\\n *\\n * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with\\n * `\\\\x19\\\\x01` and hashing the result. It corresponds to the hash signed by the\\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {\\n assembly (\\\"memory-safe\\\") {\\n let ptr := mload(0x40)\\n mstore(ptr, hex\\\"19_01\\\")\\n mstore(add(ptr, 0x02), domainSeparator)\\n mstore(add(ptr, 0x22), structHash)\\n digest := keccak256(ptr, 0x42)\\n }\\n }\\n\\n /**\\n * @dev Returns the EIP-712 domain separator constructed from an `eip712Domain`. See {IERC5267-eip712Domain}\\n *\\n * This function dynamically constructs the domain separator based on which fields are present in the\\n * `fields` parameter. It contains flags that indicate which domain fields are present:\\n *\\n * * Bit 0 (0x01): name\\n * * Bit 1 (0x02): version\\n * * Bit 2 (0x04): chainId\\n * * Bit 3 (0x08): verifyingContract\\n * * Bit 4 (0x10): salt\\n *\\n * Arguments that correspond to fields which are not present in `fields` are ignored. For example, if `fields` is\\n * `0x0f` (`0b01111`), then the `salt` parameter is ignored.\\n */\\n function toDomainSeparator(\\n bytes1 fields,\\n string memory name,\\n string memory version,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt\\n ) internal pure returns (bytes32 hash) {\\n return\\n toDomainSeparator(\\n fields,\\n keccak256(bytes(name)),\\n keccak256(bytes(version)),\\n chainId,\\n verifyingContract,\\n salt\\n );\\n }\\n\\n /// @dev Variant of {toDomainSeparator-bytes1-string-string-uint256-address-bytes32} that uses hashed name and version.\\n function toDomainSeparator(\\n bytes1 fields,\\n bytes32 nameHash,\\n bytes32 versionHash,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt\\n ) internal pure returns (bytes32 hash) {\\n bytes32 domainTypeHash = toDomainTypeHash(fields);\\n\\n assembly (\\\"memory-safe\\\") {\\n // align fields to the right for easy processing\\n fields := shr(248, fields)\\n\\n // FMP used as scratch space\\n let fmp := mload(0x40)\\n mstore(fmp, domainTypeHash)\\n\\n let ptr := add(fmp, 0x20)\\n if and(fields, 0x01) {\\n mstore(ptr, nameHash)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x02) {\\n mstore(ptr, versionHash)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x04) {\\n mstore(ptr, chainId)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x08) {\\n mstore(ptr, verifyingContract)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x10) {\\n mstore(ptr, salt)\\n ptr := add(ptr, 0x20)\\n }\\n\\n hash := keccak256(fmp, sub(ptr, fmp))\\n }\\n }\\n\\n /// @dev Builds an EIP-712 domain type hash depending on the `fields` provided, following https://eips.ethereum.org/EIPS/eip-5267[ERC-5267]\\n function toDomainTypeHash(bytes1 fields) internal pure returns (bytes32 hash) {\\n if (fields & 0x20 == 0x20) revert ERC5267ExtensionsNotSupported();\\n\\n assembly (\\\"memory-safe\\\") {\\n // align fields to the right for easy processing\\n fields := shr(248, fields)\\n\\n // FMP used as scratch space\\n let fmp := mload(0x40)\\n mstore(fmp, \\\"EIP712Domain(\\\")\\n\\n let ptr := add(fmp, 0x0d)\\n // name field\\n if and(fields, 0x01) {\\n mstore(ptr, \\\"string name,\\\")\\n ptr := add(ptr, 0x0c)\\n }\\n // version field\\n if and(fields, 0x02) {\\n mstore(ptr, \\\"string version,\\\")\\n ptr := add(ptr, 0x0f)\\n }\\n // chainId field\\n if and(fields, 0x04) {\\n mstore(ptr, \\\"uint256 chainId,\\\")\\n ptr := add(ptr, 0x10)\\n }\\n // verifyingContract field\\n if and(fields, 0x08) {\\n mstore(ptr, \\\"address verifyingContract,\\\")\\n ptr := add(ptr, 0x1a)\\n }\\n // salt field\\n if and(fields, 0x10) {\\n mstore(ptr, \\\"bytes32 salt,\\\")\\n ptr := add(ptr, 0x0d)\\n }\\n // if any field is enabled, remove the trailing comma\\n ptr := sub(ptr, iszero(iszero(and(fields, 0x1f))))\\n // add the closing brace\\n mstore8(ptr, 0x29) // add closing brace\\n ptr := add(ptr, 1)\\n\\n hash := keccak256(fmp, sub(ptr, fmp))\\n }\\n }\\n}\\n\"}},\"language\":\"Solidity\",\"settings\":{\"viaIR\":true,\"metadata\":{\"appendCBOR\":true,\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":false},\"libraries\":{},\"optimizer\":{\"runs\":200,\"enabled\":true},\"evmVersion\":\"cancun\",\"remappings\":[\"@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/\",\"ens-contracts/=lib/ens-contracts/contracts/\",\"forge-std/=lib/forge-std/src/\",\"erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/\",\"halmos-cheatcodes/=lib/openzeppelin-contracts/lib/halmos-cheatcodes/src/\",\"openzeppelin-contracts/=lib/openzeppelin-contracts/\"]}}","verify":{"address":"net16661:ac5xs4yksjvrydcs62nufr61519cmh594a2ae185rd","name":"src/BrainOracle.sol:BrainOracle","language":"solidity","sourceCode":"{\"sources\":{\"src/IBrain.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\npragma solidity 0.8.30;\\n\\n// forgefmt: disable-start\\n//\\n// ██████╗ ██████╗ █████╗ ██╗███╗ ██╗██████╗ ███████╗██████╗ ██╗ █████╗\\n// ██╔══██╗██╔══██╗██╔══██╗██║████╗ ██║██╔══██╗██╔════╝██╔══██╗██║██╔══██╗\\n// ██████╔╝██████╔╝███████║██║██╔██╗ ██║██████╔╝█████╗ ██║ ██║██║███████║\\n// ██╔══██╗██╔══██╗██╔══██║██║██║╚██╗██║██╔═══╝ ██╔══╝ ██║ ██║██║██╔══██║\\n// ██████╔╝██║ ██║██║ ██║██║██║ ╚████║██║ ███████╗██████╔╝██║██║ ██║\\n// ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═╝ ╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝\\n//\\n// Specialty AI Brains as iNFTs · Agent-paid knowledge marketplace\\n//\\n// forgefmt: disable-end\\n\\n/// @title IOracle — ERC-7857 attestation oracle\\n/// @author Brainpedia Team\\n/// @notice Verifies transfer proofs (TEE attestation or ZK proof) before\\n/// the iNFT changes hands. Brainpedia ships a default oracle\\n/// (`BrainOracle.sol`) that accepts an EIP-712 signed attestation\\n/// from a trusted attestor address as the proof format. Production\\n/// deployments can swap in a real TEE node or ZK verifier without\\n/// changing Brain.sol — the only contract surface is this one method.\\n/// @dev The verifier receives the live transfer context (tokenId, from, to)\\n/// alongside the opaque proof bytes. Implementations MUST cross-check\\n/// the proof's embedded fields against the supplied context to prevent\\n/// proof replay across different transfers (audit finding #1).\\ninterface IOracle {\\n function verifyProof(bytes calldata proof, uint256 tokenId, address from, address to)\\n external\\n view\\n returns (bool);\\n}\\n\\n/// @title IBrain — ERC-7857 canonical intelligent NFT for Brainpedia\\n/// @author Brainpedia Team\\n/// @notice Each tokenId is one specialty AI Brain. Public reference data\\n/// lives at `storageRoot` on 0G Storage (anyone can fetch and verify\\n/// the snapshot). Private metadata — system prompt, royalty terms,\\n/// owner notes, anything kept out of the public snapshot — lives at\\n/// `encryptedURI`, encrypted with a per-Brain symmetric key sealed\\n/// for the current owner. Transfers require an oracle proof that\\n/// the key has been re-sealed for the new owner (`secureTransfer`).\\n/// @dev The interface intentionally omits error declarations; all errors\\n/// used by the Brain contract suite live in `src/lib/Errors.sol`.\\ninterface IBrain {\\n // ============ Types ============\\n\\n struct IntelligentData {\\n bytes32 storageRoot; // public 0G Storage Log layer merkle root\\n bytes encryptedURI; // encrypted ref to private metadata blob on\\n // 0G Storage. Empty bytes = no encrypted\\n // metadata (public-only Brain).\\n bytes32 metadataHash; // keccak256(canonical plaintext metadata) commit.\\n // Zero hash = no metadata commit.\\n uint64 createdAt; // block.timestamp at the time of append\\n string description; // free-form (\\\"snapshot v3, added 12 articles\\\")\\n }\\n\\n // ============ Events ============\\n\\n event BrainMinted(\\n uint256 indexed tokenId, address indexed owner, bytes32 storageRoot, bytes32 metadataHash\\n );\\n event StorageRootAppended(\\n uint256 indexed tokenId, bytes32 storageRoot, bytes32 metadataHash, string description\\n );\\n event UsageAuthorized(uint256 indexed tokenId, address indexed agent, uint64 expiresAt);\\n event UsageRevoked(uint256 indexed tokenId, address indexed agent);\\n event BrainPayment(\\n uint256 indexed tokenId,\\n address indexed payer,\\n address indexed brainOwner,\\n uint256 amount,\\n bytes32 queryHash\\n );\\n event OracleUpdated(address indexed oracle);\\n event KeySealed(uint256 indexed tokenId, address indexed sealedFor, bytes sealedKey);\\n event SecureTransferCompleted(uint256 indexed tokenId, address indexed from, address indexed to);\\n\\n // ============ Mint and append ============\\n\\n function mint(\\n address to,\\n bytes32 initialStorageRoot,\\n bytes calldata encryptedURI,\\n bytes32 metadataHash,\\n string calldata description,\\n bytes calldata sealedKey\\n ) external returns (uint256 tokenId);\\n\\n function appendStorageRoot(\\n uint256 tokenId,\\n bytes32 storageRoot,\\n bytes calldata encryptedURI,\\n bytes32 metadataHash,\\n string calldata description,\\n bytes calldata sealedKey\\n ) external;\\n\\n // ============ Usage authorization ============\\n\\n function authorizeUsage(uint256 tokenId, address agent, uint64 ttlSeconds) external payable;\\n function revokeAuthorization(uint256 tokenId, address agent) external;\\n function isAuthorized(uint256 tokenId, address agent) external view returns (bool);\\n\\n // ============ Canonical ERC-7857 secure transfer ============\\n\\n function setOracle(address oracle_) external;\\n function oracle() external view returns (address);\\n function secureTransfer(\\n address to,\\n uint256 tokenId,\\n bytes calldata sealedKey,\\n bytes calldata oracleProof\\n ) external;\\n\\n // ============ Views ============\\n\\n function intelligenceOf(uint256 tokenId) external view returns (IntelligentData[] memory);\\n function currentStorageRoot(uint256 tokenId) external view returns (bytes32);\\n function currentMetadataHash(uint256 tokenId) external view returns (bytes32);\\n function currentEncryptedURI(uint256 tokenId) external view returns (bytes memory);\\n}\\n\"},\"src/lib/Errors.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\npragma solidity 0.8.30;\\n\\n// forgefmt: disable-start\\n//\\n// ██████╗ ██████╗ █████╗ ██╗███╗ ██╗██████╗ ███████╗██████╗ ██╗ █████╗\\n// ██╔══██╗██╔══██╗██╔══██╗██║████╗ ██║██╔══██╗██╔════╝██╔══██╗██║██╔══██╗\\n// ██████╔╝██████╔╝███████║██║██╔██╗ ██║██████╔╝█████╗ ██║ ██║██║███████║\\n// ██╔══██╗██╔══██╗██╔══██║██║██║╚██╗██║██╔═══╝ ██╔══╝ ██║ ██║██║██╔══██║\\n// ██████╔╝██║ ██║██║ ██║██║██║ ╚████║██║ ███████╗██████╔╝██║██║ ██║\\n// ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═╝ ╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝\\n//\\n// Specialty AI Brains as iNFTs · Agent-paid knowledge marketplace\\n//\\n// forgefmt: disable-end\\n\\n/// @title Errors\\n/// @author Brainpedia Team\\n/// @notice Custom errors used across the Brainpedia contract suite.\\n/// @dev Library of error declarations. Replaces every `require(cond, \\\"string\\\")`\\n/// in Brain, BrainOracle, BrainMinter, RoyaltyDistributor, SubnameRegistrar,\\n/// and AccessTokenRegistrar. Custom errors are gas-efficient and fully\\n/// typed for off-chain decoding.\\nlibrary Errors {\\n // ----- Generic input validation -----\\n\\n /// @notice Thrown when an address parameter is the zero address.\\n error ZeroAddress();\\n\\n /// @notice Thrown when an amount parameter is zero.\\n error ZeroAmount();\\n\\n /// @notice Thrown when two arrays that must be the same length are not.\\n error LengthMismatch();\\n\\n /// @notice Thrown when a native ETH transfer fails.\\n error EthTransferFailed();\\n\\n /// @notice Thrown when ECDSA recovery does not return the configured signer.\\n error InvalidSignature();\\n\\n // ----- Brain (ERC-7857 iNFT) -----\\n\\n /// @notice Thrown when `msg.sender` is not the owner of the targeted tokenId.\\n error NotBrainOwner();\\n\\n /// @notice Thrown when authorizeUsage is called with msg.value below the\\n /// Brain's configured per-query minimum payment.\\n error InsufficientPayment();\\n\\n /// @notice Thrown when the per-query payment forward from the Brain contract\\n /// to the Brain owner fails (e.g., recipient is a contract that reverts\\n /// on receive).\\n error PaymentForwardFailed();\\n\\n /// @notice Thrown when a view function is called on a tokenId that has no\\n /// IntelligentData records yet (i.e., was never minted or was burned).\\n error NoIntelligence();\\n\\n // ----- ERC-7857 canonical transfer path -----\\n\\n /// @notice Thrown when a caller invokes `transferFrom` or `safeTransferFrom`\\n /// directly. ERC-7857 mandates the oracle-attested `secureTransfer`\\n /// path so that the per-Brain symmetric key can be re-sealed for the\\n /// new owner. Standard ERC-721 transfers would leave the recipient\\n /// with an undecryptable Brain.\\n error UseSecureTransfer();\\n\\n /// @notice Thrown when secureTransfer is called before an oracle is set.\\n error OracleNotSet();\\n\\n /// @notice Thrown when the configured oracle rejects the supplied proof.\\n error InvalidOracleProof();\\n\\n // ----- BrainOracle attestation -----\\n\\n /// @notice Thrown when verifyProof is called while the attestor is unset.\\n error AttestorNotSet();\\n\\n /// @notice Thrown when the EIP-712 TransferAttestation deadline has passed.\\n error AttestationExpired();\\n\\n /// @notice Thrown when the supplied oracle proof is malformed (e.g., too\\n /// short to ABI-decode as a TransferAttestation).\\n error InvalidProofFormat();\\n\\n // ----- BrainMinter anti-spam -----\\n\\n /// @notice Thrown when mintToSender is called with msg.value below the\\n /// currently-configured anti-spam mint fee.\\n error InsufficientFee();\\n\\n /// @notice Thrown when an internal native-token transfer fails (fee sweep,\\n /// payment forward, refund).\\n error TransferFailed();\\n\\n // ----- RoyaltyDistributor -----\\n\\n /// @notice Thrown when distribute() is called with msg.value below the\\n /// sum of per-Brain payment amounts.\\n error InsufficientValue();\\n\\n // ----- ENS subname + access-token registrars -----\\n\\n /// @notice Thrown when a registrar tries to issue a subname whose label\\n /// hash is already registered.\\n error LabelAlreadyTaken();\\n\\n /// @notice Thrown when a subname text-record write is attempted by an\\n /// account that does not own the label.\\n error NotLabelOwner();\\n\\n /// @notice Thrown when a non-issuer account calls a function gated by\\n /// the issuer allow-list on AccessTokenRegistrar.\\n error NotIssuer();\\n\\n /// @notice Thrown when an AccessTokenRegistrar operation references a\\n /// label that has never been issued.\\n error TokenNotFound();\\n\\n /// @notice Thrown when an AccessTokenRegistrar operation references a\\n /// label whose TTL has elapsed.\\n error TokenExpired();\\n}\\n\"},\"src/BrainOracle.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\npragma solidity 0.8.30;\\n\\n// forgefmt: disable-start\\n//\\n// ██████╗ ██████╗ █████╗ ██╗███╗ ██╗██████╗ ███████╗██████╗ ██╗ █████╗\\n// ██╔══██╗██╔══██╗██╔══██╗██║████╗ ██║██╔══██╗██╔════╝██╔══██╗██║██╔══██╗\\n// ██████╔╝██████╔╝███████║██║██╔██╗ ██║██████╔╝█████╗ ██║ ██║██║███████║\\n// ██╔══██╗██╔══██╗██╔══██║██║██║╚██╗██║██╔═══╝ ██╔══╝ ██║ ██║██║██╔══██║\\n// ██████╔╝██║ ██║██║ ██║██║██║ ╚████║██║ ███████╗██████╔╝██║██║ ██║\\n// ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═╝ ╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝\\n//\\n// Specialty AI Brains as iNFTs · Agent-paid knowledge marketplace\\n//\\n// forgefmt: disable-end\\n\\nimport { Ownable } from \\\"@openzeppelin/contracts/access/Ownable.sol\\\";\\nimport { Ownable2Step } from \\\"@openzeppelin/contracts/access/Ownable2Step.sol\\\";\\nimport { ECDSA } from \\\"@openzeppelin/contracts/utils/cryptography/ECDSA.sol\\\";\\nimport { EIP712 } from \\\"@openzeppelin/contracts/utils/cryptography/EIP712.sol\\\";\\n\\nimport { IOracle } from \\\"./IBrain.sol\\\";\\nimport { Errors } from \\\"./lib/Errors.sol\\\";\\n\\n/// @title BrainOracle — ERC-7857 attestor for Brainpedia\\n/// @author Brainpedia Team\\n/// @notice Default IOracle implementation. Accepts an EIP-712 signed\\n/// attestation from a trusted attestor address as the proof\\n/// format passed into Brain.secureTransfer.\\n/// @dev The attestor signs a TransferAttestation struct that commits\\n/// to (tokenId, from, to, sealedKeyHash, deadline). The signed\\n/// struct is then ABI-encoded into the `oracleProof` argument.\\n/// The oracle verifies the signature recovers to `attestor`, the\\n/// deadline has not passed, AND the decoded (tokenId, from, to)\\n/// match the live transfer context supplied by Brain.secureTransfer\\n/// (audit finding #1: prevents proof replay across transfers).\\n///\\n/// For the hackathon submission the attestor is the Brainpedia\\n/// operator address. Production upgrade swaps this for an\\n/// attestor address controlled by a 0G Compute TEE node that\\n/// signs only after verifying off-chain key re-sealing.\\ncontract BrainOracle is IOracle, Ownable2Step, EIP712 {\\n // ============ Constants ============\\n\\n /// @notice EIP-712 type hash for transfer attestations.\\n bytes32 public constant TRANSFER_ATTESTATION_TYPEHASH = keccak256(\\n \\\"TransferAttestation(uint256 tokenId,address from,address to,bytes32 sealedKeyHash,uint64 deadline)\\\"\\n );\\n\\n // ============ Storage ============\\n\\n address public attestor;\\n\\n // ============ Events ============\\n\\n event AttestorUpdated(address indexed oldAttestor, address indexed newAttestor);\\n\\n // ============ Constructor ============\\n\\n constructor(address initialOwner, address initialAttestor)\\n Ownable(initialOwner)\\n EIP712(\\\"BrainOracle\\\", \\\"1\\\")\\n {\\n if (initialAttestor == address(0)) revert Errors.ZeroAddress();\\n attestor = initialAttestor;\\n emit AttestorUpdated(address(0), initialAttestor);\\n }\\n\\n // ============ External: admin ============\\n\\n /// @notice Rotate the attestor address. Owner-only.\\n function setAttestor(address newAttestor) external onlyOwner {\\n if (newAttestor == address(0)) revert Errors.ZeroAddress();\\n emit AttestorUpdated(attestor, newAttestor);\\n attestor = newAttestor;\\n }\\n\\n // ============ External: verification ============\\n\\n /// @notice Verify an oracle proof for a transfer.\\n /// @param proof abi.encode(uint256 tokenId, address from, address to,\\n /// bytes32 sealedKeyHash, uint64 deadline,\\n /// bytes signature)\\n /// @param tokenId live transfer tokenId from Brain.secureTransfer\\n /// @param from live transfer sender (msg.sender of secureTransfer)\\n /// @param to live transfer recipient\\n /// @return true iff the proof's embedded (tokenId, from, to) match\\n /// the live context, the attestation has not expired, and\\n /// the signature recovers to the configured attestor.\\n function verifyProof(bytes calldata proof, uint256 tokenId, address from, address to)\\n external\\n view\\n override\\n returns (bool)\\n {\\n if (attestor == address(0)) revert Errors.AttestorNotSet();\\n if (proof.length < 32) revert Errors.InvalidProofFormat();\\n\\n (\\n uint256 pTokenId,\\n address pFrom,\\n address pTo,\\n bytes32 sealedKeyHash,\\n uint64 deadline,\\n bytes memory signature\\n ) = abi.decode(proof, (uint256, address, address, bytes32, uint64, bytes));\\n\\n // Bind the proof to the live transfer context.\\n if (pTokenId != tokenId) revert Errors.InvalidOracleProof();\\n if (pFrom != from) revert Errors.InvalidOracleProof();\\n if (pTo != to) revert Errors.InvalidOracleProof();\\n\\n if (block.timestamp > deadline) revert Errors.AttestationExpired();\\n\\n bytes32 structHash = keccak256(\\n abi.encode(TRANSFER_ATTESTATION_TYPEHASH, pTokenId, pFrom, pTo, sealedKeyHash, deadline)\\n );\\n bytes32 digest = _hashTypedDataV4(structHash);\\n address signer = ECDSA.recover(digest, signature);\\n if (signer != attestor) revert Errors.InvalidSignature();\\n\\n return true;\\n }\\n\\n // ============ View helpers for off-chain SDKs ============\\n\\n /// @notice Compute the EIP-712 digest an attestor must sign.\\n function hashTransferAttestation(\\n uint256 tokenId,\\n address from,\\n address to,\\n bytes32 sealedKeyHash,\\n uint64 deadline\\n ) external view returns (bytes32) {\\n return _hashTypedDataV4(\\n keccak256(\\n abi.encode(\\n TRANSFER_ATTESTATION_TYPEHASH, tokenId, from, to, sealedKeyHash, deadline\\n )\\n )\\n );\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Bytes.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/Bytes.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {Math} from \\\"./math/Math.sol\\\";\\n\\n/**\\n * @dev Bytes operations.\\n */\\nlibrary Bytes {\\n /**\\n * @dev Forward search for `s` in `buffer`\\n * * If `s` is present in the buffer, returns the index of the first instance\\n * * If `s` is not present in the buffer, returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]\\n */\\n function indexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {\\n return indexOf(buffer, s, 0);\\n }\\n\\n /**\\n * @dev Forward search for `s` in `buffer` starting at position `pos`\\n * * If `s` is present in the buffer (at or after `pos`), returns the index of the next instance\\n * * If `s` is not present in the buffer (at or after `pos`), returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]\\n */\\n function indexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {\\n uint256 length = buffer.length;\\n for (uint256 i = pos; i < length; ++i) {\\n if (bytes1(_unsafeReadBytesOffset(buffer, i)) == s) {\\n return i;\\n }\\n }\\n return type(uint256).max;\\n }\\n\\n /**\\n * @dev Backward search for `s` in `buffer`\\n * * If `s` is present in the buffer, returns the index of the last instance\\n * * If `s` is not present in the buffer, returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]\\n */\\n function lastIndexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {\\n return lastIndexOf(buffer, s, type(uint256).max);\\n }\\n\\n /**\\n * @dev Backward search for `s` in `buffer` starting at position `pos`\\n * * If `s` is present in the buffer (at or before `pos`), returns the index of the previous instance\\n * * If `s` is not present in the buffer (at or before `pos`), returns type(uint256).max\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]\\n */\\n function lastIndexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {\\n unchecked {\\n uint256 length = buffer.length;\\n for (uint256 i = Math.min(Math.saturatingAdd(pos, 1), length); i > 0; --i) {\\n if (bytes1(_unsafeReadBytesOffset(buffer, i - 1)) == s) {\\n return i - 1;\\n }\\n }\\n return type(uint256).max;\\n }\\n }\\n\\n /**\\n * @dev Copies the content of `buffer`, from `start` (included) to the end of `buffer` into a new bytes object in\\n * memory.\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]\\n */\\n function slice(bytes memory buffer, uint256 start) internal pure returns (bytes memory) {\\n return slice(buffer, start, buffer.length);\\n }\\n\\n /**\\n * @dev Copies the content of `buffer`, from `start` (included) to `end` (excluded) into a new bytes object in\\n * memory. The `end` argument is truncated to the length of the `buffer`.\\n *\\n * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]\\n */\\n function slice(bytes memory buffer, uint256 start, uint256 end) internal pure returns (bytes memory) {\\n // sanitize\\n end = Math.min(end, buffer.length);\\n start = Math.min(start, end);\\n\\n // allocate and copy\\n bytes memory result = new bytes(end - start);\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(result, 0x20), add(add(buffer, 0x20), start), sub(end, start))\\n }\\n\\n return result;\\n }\\n\\n /**\\n * @dev Moves the content of `buffer`, from `start` (included) to the end of `buffer` to the start of that buffer,\\n * and shrinks the buffer length accordingly, effectively overriding the content of buffer with buffer[start:].\\n *\\n * NOTE: This function modifies the provided buffer in place. If you need to preserve the original buffer, use {slice} instead\\n */\\n function splice(bytes memory buffer, uint256 start) internal pure returns (bytes memory) {\\n return splice(buffer, start, buffer.length);\\n }\\n\\n /**\\n * @dev Moves the content of `buffer`, from `start` (included) to `end` (excluded) to the start of that buffer,\\n * and shrinks the buffer length accordingly, effectively overriding the content of buffer with buffer[start:end].\\n * The `end` argument is truncated to the length of the `buffer`.\\n *\\n * NOTE: This function modifies the provided buffer in place. If you need to preserve the original buffer, use {slice} instead\\n */\\n function splice(bytes memory buffer, uint256 start, uint256 end) internal pure returns (bytes memory) {\\n // sanitize\\n end = Math.min(end, buffer.length);\\n start = Math.min(start, end);\\n\\n // move and resize\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(buffer, 0x20), add(add(buffer, 0x20), start), sub(end, start))\\n mstore(buffer, sub(end, start))\\n }\\n\\n return buffer;\\n }\\n\\n /**\\n * @dev Replaces bytes in `buffer` starting at `pos` with all bytes from `replacement`.\\n *\\n * Parameters are clamped to valid ranges (i.e. `pos` is clamped to `[0, buffer.length]`).\\n * If `pos >= buffer.length`, no replacement occurs and the buffer is returned unchanged.\\n *\\n * NOTE: This function modifies the provided buffer in place.\\n */\\n function replace(bytes memory buffer, uint256 pos, bytes memory replacement) internal pure returns (bytes memory) {\\n return replace(buffer, pos, replacement, 0, replacement.length);\\n }\\n\\n /**\\n * @dev Replaces bytes in `buffer` starting at `pos` with bytes from `replacement` starting at `offset`.\\n * Copies at most `length` bytes from `replacement` to `buffer`.\\n *\\n * Parameters are clamped to valid ranges (i.e. `pos` is clamped to `[0, buffer.length]`, `offset` is\\n * clamped to `[0, replacement.length]`, and `length` is clamped to `min(length, replacement.length - offset,\\n * buffer.length - pos))`. If `pos >= buffer.length` or `offset >= replacement.length`, no replacement occurs\\n * and the buffer is returned unchanged.\\n *\\n * NOTE: This function modifies the provided buffer in place.\\n */\\n function replace(\\n bytes memory buffer,\\n uint256 pos,\\n bytes memory replacement,\\n uint256 offset,\\n uint256 length\\n ) internal pure returns (bytes memory) {\\n // sanitize\\n pos = Math.min(pos, buffer.length);\\n offset = Math.min(offset, replacement.length);\\n length = Math.min(length, Math.min(replacement.length - offset, buffer.length - pos));\\n\\n // replace\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(add(buffer, 0x20), pos), add(add(replacement, 0x20), offset), length)\\n }\\n\\n return buffer;\\n }\\n\\n /**\\n * @dev Concatenate an array of bytes into a single bytes object.\\n *\\n * For fixed bytes types, we recommend using the solidity built-in `bytes.concat` or (equivalent)\\n * `abi.encodePacked`.\\n *\\n * NOTE: this could be done in assembly with a single loop that expands starting at the FMP, but that would be\\n * significantly less readable. It might be worth benchmarking the savings of the full-assembly approach.\\n */\\n function concat(bytes[] memory buffers) internal pure returns (bytes memory) {\\n uint256 length = 0;\\n for (uint256 i = 0; i < buffers.length; ++i) {\\n length += buffers[i].length;\\n }\\n\\n bytes memory result = new bytes(length);\\n\\n uint256 offset = 0x20;\\n for (uint256 i = 0; i < buffers.length; ++i) {\\n bytes memory input = buffers[i];\\n assembly (\\\"memory-safe\\\") {\\n mcopy(add(result, offset), add(input, 0x20), mload(input))\\n }\\n unchecked {\\n offset += input.length;\\n }\\n }\\n\\n return result;\\n }\\n\\n /**\\n * @dev Split each byte in `input` into two nibbles (4 bits each)\\n *\\n * Example: hex\\\"01234567\\\" → hex\\\"0001020304050607\\\"\\n */\\n function toNibbles(bytes memory input) internal pure returns (bytes memory output) {\\n assembly (\\\"memory-safe\\\") {\\n let length := mload(input)\\n output := mload(0x40)\\n mstore(0x40, add(add(output, 0x20), mul(length, 2)))\\n mstore(output, mul(length, 2))\\n for {\\n let i := 0\\n } lt(i, length) {\\n i := add(i, 0x10)\\n } {\\n let chunk := shr(128, mload(add(add(input, 0x20), i)))\\n chunk := and(\\n 0x0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff,\\n or(shl(64, chunk), chunk)\\n )\\n chunk := and(\\n 0x00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff,\\n or(shl(32, chunk), chunk)\\n )\\n chunk := and(\\n 0x0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff,\\n or(shl(16, chunk), chunk)\\n )\\n chunk := and(\\n 0x00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff,\\n or(shl(8, chunk), chunk)\\n )\\n chunk := and(\\n 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f,\\n or(shl(4, chunk), chunk)\\n )\\n mstore(add(add(output, 0x20), mul(i, 2)), chunk)\\n }\\n }\\n }\\n\\n /**\\n * @dev Returns true if the two byte buffers are equal.\\n */\\n function equal(bytes memory a, bytes memory b) internal pure returns (bool) {\\n return a.length == b.length && keccak256(a) == keccak256(b);\\n }\\n\\n /**\\n * @dev Reverses the byte order of a bytes32 value, converting between little-endian and big-endian.\\n * Inspired by https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel[Reverse Parallel]\\n */\\n function reverseBytes32(bytes32 value) internal pure returns (bytes32) {\\n value = // swap bytes\\n ((value >> 8) & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\\n ((value & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) << 8);\\n value = // swap 2-byte long pairs\\n ((value >> 16) & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\\n ((value & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) << 16);\\n value = // swap 4-byte long pairs\\n ((value >> 32) & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\\n ((value & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) << 32);\\n value = // swap 8-byte long pairs\\n ((value >> 64) & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\\n ((value & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) << 64);\\n return (value >> 128) | (value << 128); // swap 16-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 128-bit values.\\n function reverseBytes16(bytes16 value) internal pure returns (bytes16) {\\n value = // swap bytes\\n ((value & 0xFF00FF00FF00FF00FF00FF00FF00FF00) >> 8) |\\n ((value & 0x00FF00FF00FF00FF00FF00FF00FF00FF) << 8);\\n value = // swap 2-byte long pairs\\n ((value & 0xFFFF0000FFFF0000FFFF0000FFFF0000) >> 16) |\\n ((value & 0x0000FFFF0000FFFF0000FFFF0000FFFF) << 16);\\n value = // swap 4-byte long pairs\\n ((value & 0xFFFFFFFF00000000FFFFFFFF00000000) >> 32) |\\n ((value & 0x00000000FFFFFFFF00000000FFFFFFFF) << 32);\\n return (value >> 64) | (value << 64); // swap 8-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 64-bit values.\\n function reverseBytes8(bytes8 value) internal pure returns (bytes8) {\\n value = ((value & 0xFF00FF00FF00FF00) >> 8) | ((value & 0x00FF00FF00FF00FF) << 8); // swap bytes\\n value = ((value & 0xFFFF0000FFFF0000) >> 16) | ((value & 0x0000FFFF0000FFFF) << 16); // swap 2-byte long pairs\\n return (value >> 32) | (value << 32); // swap 4-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 32-bit values.\\n function reverseBytes4(bytes4 value) internal pure returns (bytes4) {\\n value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8); // swap bytes\\n return (value >> 16) | (value << 16); // swap 2-byte long pairs\\n }\\n\\n /// @dev Same as {reverseBytes32} but optimized for 16-bit values.\\n function reverseBytes2(bytes2 value) internal pure returns (bytes2) {\\n return (value >> 8) | (value << 8);\\n }\\n\\n /**\\n * @dev Counts the number of leading zero bits a bytes array. Returns `8 * buffer.length`\\n * if the buffer is all zeros.\\n */\\n function clz(bytes memory buffer) internal pure returns (uint256) {\\n for (uint256 i = 0; i < buffer.length; i += 0x20) {\\n bytes32 chunk = _unsafeReadBytesOffset(buffer, i);\\n if (chunk != bytes32(0)) {\\n return Math.min(8 * i + Math.clz(uint256(chunk)), 8 * buffer.length);\\n }\\n }\\n return 8 * buffer.length;\\n }\\n\\n /**\\n * @dev Reads a bytes32 from a bytes array without bounds checking.\\n *\\n * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\\n * assembly block as such would prevent some optimizations.\\n */\\n function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {\\n // This is not memory safe in the general case, but all calls to this private function are within bounds.\\n assembly (\\\"memory-safe\\\") {\\n value := mload(add(add(buffer, 0x20), offset))\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Panic.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Helper library for emitting standardized panic codes.\\n *\\n * ```solidity\\n * contract Example {\\n * using Panic for uint256;\\n *\\n * // Use any of the declared internal constants\\n * function foo() { Panic.GENERIC.panic(); }\\n *\\n * // Alternatively\\n * function foo() { Panic.panic(Panic.GENERIC); }\\n * }\\n * ```\\n *\\n * Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].\\n *\\n * _Available since v5.1._\\n */\\n// slither-disable-next-line unused-state\\nlibrary Panic {\\n /// @dev generic / unspecified error\\n uint256 internal constant GENERIC = 0x00;\\n /// @dev used by the assert() builtin\\n uint256 internal constant ASSERT = 0x01;\\n /// @dev arithmetic underflow or overflow\\n uint256 internal constant UNDER_OVERFLOW = 0x11;\\n /// @dev division or modulo by zero\\n uint256 internal constant DIVISION_BY_ZERO = 0x12;\\n /// @dev enum conversion error\\n uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;\\n /// @dev invalid encoding in storage\\n uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;\\n /// @dev empty array pop\\n uint256 internal constant EMPTY_ARRAY_POP = 0x31;\\n /// @dev array out of bounds access\\n uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;\\n /// @dev resource error (too large allocation or too large array)\\n uint256 internal constant RESOURCE_ERROR = 0x41;\\n /// @dev calling invalid internal function\\n uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;\\n\\n /// @dev Reverts with a panic code. Recommended to use with\\n /// the internal constants with predefined codes.\\n function panic(uint256 code) internal pure {\\n assembly (\\\"memory-safe\\\") {\\n mstore(0x00, 0x4e487b71)\\n mstore(0x20, code)\\n revert(0x1c, 0x24)\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Context.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Provides information about the current execution context, including the\\n * sender of the transaction and its data. While these are generally available\\n * via msg.sender and msg.data, they should not be accessed in such a direct\\n * manner, since when dealing with meta-transactions the account sending and\\n * paying for execution may not be the actual sender (as far as an application\\n * is concerned).\\n *\\n * This contract is only required for intermediate, library-like contracts.\\n */\\nabstract contract Context {\\n function _msgSender() internal view virtual returns (address) {\\n return msg.sender;\\n }\\n\\n function _msgData() internal view virtual returns (bytes calldata) {\\n return msg.data;\\n }\\n\\n function _contextSuffixLength() internal view virtual returns (uint256) {\\n return 0;\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/Strings.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/Strings.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {Math} from \\\"./math/Math.sol\\\";\\nimport {SafeCast} from \\\"./math/SafeCast.sol\\\";\\nimport {SignedMath} from \\\"./math/SignedMath.sol\\\";\\nimport {Bytes} from \\\"./Bytes.sol\\\";\\n\\n/**\\n * @dev String operations.\\n */\\nlibrary Strings {\\n using SafeCast for *;\\n\\n bytes16 private constant HEX_DIGITS = \\\"0123456789abcdef\\\";\\n uint8 private constant ADDRESS_LENGTH = 20;\\n uint256 private constant SPECIAL_CHARS_LOOKUP =\\n 0xffffffff | // first 32 bits corresponding to the control characters (U+0000 to U+001F)\\n (1 << 0x22) | // double quote\\n (1 << 0x5c); // backslash\\n\\n /**\\n * @dev The `value` string doesn't fit in the specified `length`.\\n */\\n error StringsInsufficientHexLength(uint256 value, uint256 length);\\n\\n /**\\n * @dev The string being parsed contains characters that are not in scope of the given base.\\n */\\n error StringsInvalidChar();\\n\\n /**\\n * @dev The string being parsed is not a properly formatted address.\\n */\\n error StringsInvalidAddressFormat();\\n\\n /**\\n * @dev Converts a `uint256` to its ASCII `string` decimal representation.\\n */\\n function toString(uint256 value) internal pure returns (string memory) {\\n unchecked {\\n uint256 length = Math.log10(value) + 1;\\n string memory buffer = new string(length);\\n uint256 ptr;\\n assembly (\\\"memory-safe\\\") {\\n ptr := add(add(buffer, 0x20), length)\\n }\\n while (true) {\\n ptr--;\\n assembly (\\\"memory-safe\\\") {\\n mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))\\n }\\n value /= 10;\\n if (value == 0) break;\\n }\\n return buffer;\\n }\\n }\\n\\n /**\\n * @dev Converts a `int256` to its ASCII `string` decimal representation.\\n */\\n function toStringSigned(int256 value) internal pure returns (string memory) {\\n return string.concat(value < 0 ? \\\"-\\\" : \\\"\\\", toString(SignedMath.abs(value)));\\n }\\n\\n /**\\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.\\n */\\n function toHexString(uint256 value) internal pure returns (string memory) {\\n unchecked {\\n return toHexString(value, Math.log256(value) + 1);\\n }\\n }\\n\\n /**\\n * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.\\n */\\n function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {\\n uint256 localValue = value;\\n bytes memory buffer = new bytes(2 * length + 2);\\n buffer[0] = \\\"0\\\";\\n buffer[1] = \\\"x\\\";\\n for (uint256 i = 2 * length + 1; i > 1; --i) {\\n buffer[i] = HEX_DIGITS[localValue & 0xf];\\n localValue >>= 4;\\n }\\n if (localValue != 0) {\\n revert StringsInsufficientHexLength(value, length);\\n }\\n return string(buffer);\\n }\\n\\n /**\\n * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal\\n * representation.\\n */\\n function toHexString(address addr) internal pure returns (string memory) {\\n return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);\\n }\\n\\n /**\\n * @dev Converts an `address` with fixed length of 20 bytes to its checksummed ASCII `string` hexadecimal\\n * representation, according to EIP-55.\\n */\\n function toChecksumHexString(address addr) internal pure returns (string memory) {\\n bytes memory buffer = bytes(toHexString(addr));\\n\\n // hash the hex part of buffer (skip length + 2 bytes, length 40)\\n uint256 hashValue;\\n assembly (\\\"memory-safe\\\") {\\n hashValue := shr(96, keccak256(add(buffer, 0x22), 40))\\n }\\n\\n for (uint256 i = 41; i > 1; --i) {\\n // possible values for buffer[i] are 48 (0) to 57 (9) and 97 (a) to 102 (f)\\n if (hashValue & 0xf > 7 && uint8(buffer[i]) > 96) {\\n // case shift by xoring with 0x20\\n buffer[i] ^= 0x20;\\n }\\n hashValue >>= 4;\\n }\\n return string(buffer);\\n }\\n\\n /**\\n * @dev Converts a `bytes` buffer to its ASCII `string` hexadecimal representation.\\n */\\n function toHexString(bytes memory input) internal pure returns (string memory) {\\n unchecked {\\n bytes memory buffer = new bytes(2 * input.length + 2);\\n buffer[0] = \\\"0\\\";\\n buffer[1] = \\\"x\\\";\\n for (uint256 i = 0; i < input.length; ++i) {\\n uint8 v = uint8(input[i]);\\n buffer[2 * i + 2] = HEX_DIGITS[v >> 4];\\n buffer[2 * i + 3] = HEX_DIGITS[v & 0xf];\\n }\\n return string(buffer);\\n }\\n }\\n\\n /**\\n * @dev Returns true if the two strings are equal.\\n */\\n function equal(string memory a, string memory b) internal pure returns (bool) {\\n return Bytes.equal(bytes(a), bytes(b));\\n }\\n\\n /**\\n * @dev Parse a decimal string and returns the value as a `uint256`.\\n *\\n * Requirements:\\n * - The string must be formatted as `[0-9]*`\\n * - The result must fit into an `uint256` type\\n */\\n function parseUint(string memory input) internal pure returns (uint256) {\\n return parseUint(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseUint-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `[0-9]*`\\n * - The result must fit into an `uint256` type\\n */\\n function parseUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {\\n (bool success, uint256 value) = tryParseUint(input, begin, end);\\n if (!success) revert StringsInvalidChar();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseUint-string} that returns false if the parsing fails because of an invalid character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseUint(string memory input) internal pure returns (bool success, uint256 value) {\\n return _tryParseUintUncheckedBounds(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseUint-string-uint256-uint256} that returns false if the parsing fails because of an invalid\\n * character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseUint(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, uint256 value) {\\n if (end > bytes(input).length || begin > end) return (false, 0);\\n return _tryParseUintUncheckedBounds(input, begin, end);\\n }\\n\\n /**\\n * @dev Implementation of {tryParseUint-string-uint256-uint256} that does not check bounds. Caller should make sure that\\n * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\\n */\\n function _tryParseUintUncheckedBounds(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) private pure returns (bool success, uint256 value) {\\n bytes memory buffer = bytes(input);\\n\\n uint256 result = 0;\\n for (uint256 i = begin; i < end; ++i) {\\n uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));\\n if (chr > 9) return (false, 0);\\n result *= 10;\\n result += chr;\\n }\\n return (true, result);\\n }\\n\\n /**\\n * @dev Parse a decimal string and returns the value as a `int256`.\\n *\\n * Requirements:\\n * - The string must be formatted as `[-+]?[0-9]*`\\n * - The result must fit in an `int256` type.\\n */\\n function parseInt(string memory input) internal pure returns (int256) {\\n return parseInt(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseInt-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `[-+]?[0-9]*`\\n * - The result must fit in an `int256` type.\\n */\\n function parseInt(string memory input, uint256 begin, uint256 end) internal pure returns (int256) {\\n (bool success, int256 value) = tryParseInt(input, begin, end);\\n if (!success) revert StringsInvalidChar();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseInt-string} that returns false if the parsing fails because of an invalid character or if\\n * the result does not fit in a `int256`.\\n *\\n * NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.\\n */\\n function tryParseInt(string memory input) internal pure returns (bool success, int256 value) {\\n return _tryParseIntUncheckedBounds(input, 0, bytes(input).length);\\n }\\n\\n uint256 private constant ABS_MIN_INT256 = 2 ** 255;\\n\\n /**\\n * @dev Variant of {parseInt-string-uint256-uint256} that returns false if the parsing fails because of an invalid\\n * character or if the result does not fit in a `int256`.\\n *\\n * NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.\\n */\\n function tryParseInt(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, int256 value) {\\n if (end > bytes(input).length || begin > end) return (false, 0);\\n return _tryParseIntUncheckedBounds(input, begin, end);\\n }\\n\\n /**\\n * @dev Implementation of {tryParseInt-string-uint256-uint256} that does not check bounds. Caller should make sure that\\n * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\\n */\\n function _tryParseIntUncheckedBounds(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) private pure returns (bool success, int256 value) {\\n bytes memory buffer = bytes(input);\\n\\n // Check presence of a negative sign.\\n bytes1 sign = begin == end ? bytes1(0) : bytes1(_unsafeReadBytesOffset(buffer, begin)); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\\n bool positiveSign = sign == bytes1(\\\"+\\\");\\n bool negativeSign = sign == bytes1(\\\"-\\\");\\n uint256 offset = (positiveSign || negativeSign).toUint();\\n\\n (bool absSuccess, uint256 absValue) = tryParseUint(input, begin + offset, end);\\n\\n if (absSuccess && absValue < ABS_MIN_INT256) {\\n return (true, negativeSign ? -int256(absValue) : int256(absValue));\\n } else if (absSuccess && negativeSign && absValue == ABS_MIN_INT256) {\\n return (true, type(int256).min);\\n } else return (false, 0);\\n }\\n\\n /**\\n * @dev Parse a hexadecimal string (with or without \\\"0x\\\" prefix), and returns the value as a `uint256`.\\n *\\n * Requirements:\\n * - The string must be formatted as `(0x)?[0-9a-fA-F]*`\\n * - The result must fit in an `uint256` type.\\n */\\n function parseHexUint(string memory input) internal pure returns (uint256) {\\n return parseHexUint(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseHexUint-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `(0x)?[0-9a-fA-F]*`\\n * - The result must fit in an `uint256` type.\\n */\\n function parseHexUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {\\n (bool success, uint256 value) = tryParseHexUint(input, begin, end);\\n if (!success) revert StringsInvalidChar();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseHexUint-string} that returns false if the parsing fails because of an invalid character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseHexUint(string memory input) internal pure returns (bool success, uint256 value) {\\n return _tryParseHexUintUncheckedBounds(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseHexUint-string-uint256-uint256} that returns false if the parsing fails because of an\\n * invalid character.\\n *\\n * NOTE: This function will revert if the result does not fit in a `uint256`.\\n */\\n function tryParseHexUint(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, uint256 value) {\\n if (end > bytes(input).length || begin > end) return (false, 0);\\n return _tryParseHexUintUncheckedBounds(input, begin, end);\\n }\\n\\n /**\\n * @dev Implementation of {tryParseHexUint-string-uint256-uint256} that does not check bounds. Caller should make sure that\\n * `begin <= end <= input.length`. Other inputs would result in undefined behavior.\\n */\\n function _tryParseHexUintUncheckedBounds(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) private pure returns (bool success, uint256 value) {\\n bytes memory buffer = bytes(input);\\n\\n // skip 0x prefix if present\\n bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(buffer, begin)) == bytes2(\\\"0x\\\"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\\n uint256 offset = hasPrefix.toUint() * 2;\\n\\n uint256 result = 0;\\n for (uint256 i = begin + offset; i < end; ++i) {\\n uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));\\n if (chr > 15) return (false, 0);\\n result *= 16;\\n unchecked {\\n // Multiplying by 16 is equivalent to a shift of 4 bits (with additional overflow check).\\n // This guarantees that adding a value < 16 will not cause an overflow, hence the unchecked.\\n result += chr;\\n }\\n }\\n return (true, result);\\n }\\n\\n /**\\n * @dev Parse a hexadecimal string (with or without \\\"0x\\\" prefix), and returns the value as an `address`.\\n *\\n * Requirements:\\n * - The string must be formatted as `(0x)?[0-9a-fA-F]{40}`\\n */\\n function parseAddress(string memory input) internal pure returns (address) {\\n return parseAddress(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseAddress-string} that parses a substring of `input` located between position `begin` (included) and\\n * `end` (excluded).\\n *\\n * Requirements:\\n * - The substring must be formatted as `(0x)?[0-9a-fA-F]{40}`\\n */\\n function parseAddress(string memory input, uint256 begin, uint256 end) internal pure returns (address) {\\n (bool success, address value) = tryParseAddress(input, begin, end);\\n if (!success) revert StringsInvalidAddressFormat();\\n return value;\\n }\\n\\n /**\\n * @dev Variant of {parseAddress-string} that returns false if the parsing fails because the input is not a properly\\n * formatted address. See {parseAddress-string} requirements.\\n */\\n function tryParseAddress(string memory input) internal pure returns (bool success, address value) {\\n return tryParseAddress(input, 0, bytes(input).length);\\n }\\n\\n /**\\n * @dev Variant of {parseAddress-string-uint256-uint256} that returns false if the parsing fails because input is not a properly\\n * formatted address. See {parseAddress-string-uint256-uint256} requirements.\\n */\\n function tryParseAddress(\\n string memory input,\\n uint256 begin,\\n uint256 end\\n ) internal pure returns (bool success, address value) {\\n if (end > bytes(input).length || begin > end) return (false, address(0));\\n\\n bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(bytes(input), begin)) == bytes2(\\\"0x\\\"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty\\n uint256 expectedLength = 40 + hasPrefix.toUint() * 2;\\n\\n // check that input is the correct length\\n if (end - begin == expectedLength) {\\n // length guarantees that this does not overflow, and value is at most type(uint160).max\\n (bool s, uint256 v) = _tryParseHexUintUncheckedBounds(input, begin, end);\\n return (s, address(uint160(v)));\\n } else {\\n return (false, address(0));\\n }\\n }\\n\\n function _tryParseChr(bytes1 chr) private pure returns (uint8) {\\n uint8 value = uint8(chr);\\n\\n // Try to parse `chr`:\\n // - Case 1: [0-9]\\n // - Case 2: [a-f]\\n // - Case 3: [A-F]\\n // - otherwise not supported\\n unchecked {\\n if (value > 47 && value < 58) value -= 48;\\n else if (value > 96 && value < 103) value -= 87;\\n else if (value > 64 && value < 71) value -= 55;\\n else return type(uint8).max;\\n }\\n\\n return value;\\n }\\n\\n /**\\n * @dev Escape special characters in JSON strings. This can be useful to prevent JSON injection in NFT metadata.\\n *\\n * WARNING: This function should only be used in double quoted JSON strings. Single quotes are not escaped.\\n *\\n * NOTE: This function escapes backslashes (including those in \\\\uXXXX sequences) and the characters in ranges\\n * defined in section 2.5 of RFC-4627 (U+0000 to U+001F, U+0022 and U+005C). All control characters in U+0000\\n * to U+001F are escaped (\\\\b, \\\\t, \\\\n, \\\\f, \\\\r use short form; others use \\\\u00XX). ECMAScript's `JSON.parse` does\\n * recover escaped unicode characters that are not in this range, but other tooling may provide different results.\\n */\\n function escapeJSON(string memory input) internal pure returns (string memory) {\\n bytes memory buffer = bytes(input);\\n\\n // Put output at the FMP. Memory will be reserved later when we figure out the actual length of the escaped\\n // string. All write are done using _unsafeWriteBytesOffset, which avoid the (expensive) length checks for\\n // each character written.\\n bytes memory output;\\n assembly (\\\"memory-safe\\\") {\\n output := mload(0x40)\\n }\\n uint256 outputLength = 0;\\n\\n for (uint256 i = 0; i < buffer.length; ++i) {\\n uint8 char = uint8(bytes1(_unsafeReadBytesOffset(buffer, i)));\\n if (((SPECIAL_CHARS_LOOKUP & (1 << char)) != 0)) {\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"\\\\\\\\\\\");\\n if (char == 0x08) _unsafeWriteBytesOffset(output, outputLength++, \\\"b\\\");\\n else if (char == 0x09) _unsafeWriteBytesOffset(output, outputLength++, \\\"t\\\");\\n else if (char == 0x0a) _unsafeWriteBytesOffset(output, outputLength++, \\\"n\\\");\\n else if (char == 0x0c) _unsafeWriteBytesOffset(output, outputLength++, \\\"f\\\");\\n else if (char == 0x0d) _unsafeWriteBytesOffset(output, outputLength++, \\\"r\\\");\\n else if (char == 0x5c) _unsafeWriteBytesOffset(output, outputLength++, \\\"\\\\\\\\\\\");\\n else if (char == 0x22) {\\n // solhint-disable-next-line quotes\\n _unsafeWriteBytesOffset(output, outputLength++, '\\\"');\\n } else {\\n // U+0000 to U+001F without short form: output \\\\u00XX\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"u\\\");\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"0\\\");\\n _unsafeWriteBytesOffset(output, outputLength++, \\\"0\\\");\\n _unsafeWriteBytesOffset(output, outputLength++, HEX_DIGITS[char >> 4]);\\n _unsafeWriteBytesOffset(output, outputLength++, HEX_DIGITS[char & 0x0f]);\\n }\\n } else {\\n _unsafeWriteBytesOffset(output, outputLength++, bytes1(char));\\n }\\n }\\n // write the actual length and reserve memory\\n assembly (\\\"memory-safe\\\") {\\n mstore(output, outputLength)\\n mstore(0x40, add(output, add(outputLength, 0x20)))\\n }\\n\\n return string(output);\\n }\\n\\n /**\\n * @dev Reads a bytes32 from a bytes array without bounds checking.\\n *\\n * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\\n * assembly block as such would prevent some optimizations.\\n */\\n function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {\\n // This is not memory safe in the general case, but all calls to this private function are within bounds.\\n assembly (\\\"memory-safe\\\") {\\n value := mload(add(add(buffer, 0x20), offset))\\n }\\n }\\n\\n /**\\n * @dev Write a bytes1 to a bytes array without bounds checking.\\n *\\n * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the\\n * assembly block as such would prevent some optimizations.\\n */\\n function _unsafeWriteBytesOffset(bytes memory buffer, uint256 offset, bytes1 value) private pure {\\n // This is not memory safe in the general case, but all calls to this private function are within bounds.\\n assembly (\\\"memory-safe\\\") {\\n mstore8(add(add(buffer, 0x20), offset), shr(248, value))\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/access/Ownable.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {Context} from \\\"../utils/Context.sol\\\";\\n\\n/**\\n * @dev Contract module which provides a basic access control mechanism, where\\n * there is an account (an owner) that can be granted exclusive access to\\n * specific functions.\\n *\\n * The initial owner is set to the address provided by the deployer. This can\\n * later be changed with {transferOwnership}.\\n *\\n * This module is used through inheritance. It will make available the modifier\\n * `onlyOwner`, which can be applied to your functions to restrict their use to\\n * the owner.\\n */\\nabstract contract Ownable is Context {\\n address private _owner;\\n\\n /**\\n * @dev The caller account is not authorized to perform an operation.\\n */\\n error OwnableUnauthorizedAccount(address account);\\n\\n /**\\n * @dev The owner is not a valid owner account. (eg. `address(0)`)\\n */\\n error OwnableInvalidOwner(address owner);\\n\\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\\n\\n /**\\n * @dev Initializes the contract setting the address provided by the deployer as the initial owner.\\n */\\n constructor(address initialOwner) {\\n if (initialOwner == address(0)) {\\n revert OwnableInvalidOwner(address(0));\\n }\\n _transferOwnership(initialOwner);\\n }\\n\\n /**\\n * @dev Throws if called by any account other than the owner.\\n */\\n modifier onlyOwner() {\\n _checkOwner();\\n _;\\n }\\n\\n /**\\n * @dev Returns the address of the current owner.\\n */\\n function owner() public view virtual returns (address) {\\n return _owner;\\n }\\n\\n /**\\n * @dev Throws if the sender is not the owner.\\n */\\n function _checkOwner() internal view virtual {\\n if (owner() != _msgSender()) {\\n revert OwnableUnauthorizedAccount(_msgSender());\\n }\\n }\\n\\n /**\\n * @dev Leaves the contract without owner. It will not be possible to call\\n * `onlyOwner` functions. Can only be called by the current owner.\\n *\\n * NOTE: Renouncing ownership will leave the contract without an owner,\\n * thereby disabling any functionality that is only available to the owner.\\n */\\n function renounceOwnership() public virtual onlyOwner {\\n _transferOwnership(address(0));\\n }\\n\\n /**\\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\\n * Can only be called by the current owner.\\n */\\n function transferOwnership(address newOwner) public virtual onlyOwner {\\n if (newOwner == address(0)) {\\n revert OwnableInvalidOwner(address(0));\\n }\\n _transferOwnership(newOwner);\\n }\\n\\n /**\\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\\n * Internal function without access restriction.\\n */\\n function _transferOwnership(address newOwner) internal virtual {\\n address oldOwner = _owner;\\n _owner = newOwner;\\n emit OwnershipTransferred(oldOwner, newOwner);\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/math/Math.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/math/Math.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {Panic} from \\\"../Panic.sol\\\";\\nimport {SafeCast} from \\\"./SafeCast.sol\\\";\\n\\n/**\\n * @dev Standard math utilities missing in the Solidity language.\\n */\\nlibrary Math {\\n enum Rounding {\\n Floor, // Toward negative infinity\\n Ceil, // Toward positive infinity\\n Trunc, // Toward zero\\n Expand // Away from zero\\n }\\n\\n /**\\n * @dev Return the 512-bit addition of two uint256.\\n *\\n * The result is stored in two 256 variables such that sum = high * 2²⁵⁶ + low.\\n */\\n function add512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {\\n assembly (\\\"memory-safe\\\") {\\n low := add(a, b)\\n high := lt(low, a)\\n }\\n }\\n\\n /**\\n * @dev Return the 512-bit multiplication of two uint256.\\n *\\n * The result is stored in two 256 variables such that product = high * 2²⁵⁶ + low.\\n */\\n function mul512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {\\n // 512-bit multiply [high low] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use\\n // the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256\\n // variables such that product = high * 2²⁵⁶ + low.\\n assembly (\\\"memory-safe\\\") {\\n let mm := mulmod(a, b, not(0))\\n low := mul(a, b)\\n high := sub(sub(mm, low), lt(mm, low))\\n }\\n }\\n\\n /**\\n * @dev Returns the addition of two unsigned integers, with a success flag (no overflow).\\n */\\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n uint256 c = a + b;\\n success = c >= a;\\n result = c * SafeCast.toUint(success);\\n }\\n }\\n\\n /**\\n * @dev Returns the subtraction of two unsigned integers, with a success flag (no overflow).\\n */\\n function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n uint256 c = a - b;\\n success = c <= a;\\n result = c * SafeCast.toUint(success);\\n }\\n }\\n\\n /**\\n * @dev Returns the multiplication of two unsigned integers, with a success flag (no overflow).\\n */\\n function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n uint256 c = a * b;\\n assembly (\\\"memory-safe\\\") {\\n // Only true when the multiplication doesn't overflow\\n // (c / a == b) || (a == 0)\\n success := or(eq(div(c, a), b), iszero(a))\\n }\\n // equivalent to: success ? c : 0\\n result = c * SafeCast.toUint(success);\\n }\\n }\\n\\n /**\\n * @dev Returns the division of two unsigned integers, with a success flag (no division by zero).\\n */\\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n success = b > 0;\\n assembly (\\\"memory-safe\\\") {\\n // The `DIV` opcode returns zero when the denominator is 0.\\n result := div(a, b)\\n }\\n }\\n }\\n\\n /**\\n * @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).\\n */\\n function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {\\n unchecked {\\n success = b > 0;\\n assembly (\\\"memory-safe\\\") {\\n // The `MOD` opcode returns zero when the denominator is 0.\\n result := mod(a, b)\\n }\\n }\\n }\\n\\n /**\\n * @dev Unsigned saturating addition, bounds to `2²⁵⁶ - 1` instead of overflowing.\\n */\\n function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {\\n (bool success, uint256 result) = tryAdd(a, b);\\n return ternary(success, result, type(uint256).max);\\n }\\n\\n /**\\n * @dev Unsigned saturating subtraction, bounds to zero instead of overflowing.\\n */\\n function saturatingSub(uint256 a, uint256 b) internal pure returns (uint256) {\\n (, uint256 result) = trySub(a, b);\\n return result;\\n }\\n\\n /**\\n * @dev Unsigned saturating multiplication, bounds to `2²⁵⁶ - 1` instead of overflowing.\\n */\\n function saturatingMul(uint256 a, uint256 b) internal pure returns (uint256) {\\n (bool success, uint256 result) = tryMul(a, b);\\n return ternary(success, result, type(uint256).max);\\n }\\n\\n /**\\n * @dev Branchless ternary evaluation for `condition ? a : b`. Gas costs are constant.\\n *\\n * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.\\n * However, the compiler may optimize Solidity ternary operations (i.e. `condition ? a : b`) to only compute\\n * one branch when needed, making this function more expensive.\\n */\\n function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {\\n unchecked {\\n // branchless ternary works because:\\n // b ^ (a ^ b) == a\\n // b ^ 0 == b\\n return b ^ ((a ^ b) * SafeCast.toUint(condition));\\n }\\n }\\n\\n /**\\n * @dev Returns the largest of two numbers.\\n */\\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\\n return ternary(a > b, a, b);\\n }\\n\\n /**\\n * @dev Returns the smallest of two numbers.\\n */\\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\\n return ternary(a < b, a, b);\\n }\\n\\n /**\\n * @dev Returns the average of two numbers. The result is rounded towards\\n * zero.\\n */\\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\\n unchecked {\\n // (a + b) / 2 can overflow.\\n return (a & b) + (a ^ b) / 2;\\n }\\n }\\n\\n /**\\n * @dev Returns the ceiling of the division of two numbers.\\n *\\n * This differs from standard division with `/` in that it rounds towards infinity instead\\n * of rounding towards zero.\\n */\\n function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {\\n if (b == 0) {\\n // Guarantee the same behavior as in a regular Solidity division.\\n Panic.panic(Panic.DIVISION_BY_ZERO);\\n }\\n\\n // The following calculation ensures accurate ceiling division without overflow.\\n // Since a is non-zero, (a - 1) / b will not overflow.\\n // The largest possible result occurs when (a - 1) / b is type(uint256).max,\\n // but the largest value we can obtain is type(uint256).max - 1, which happens\\n // when a = type(uint256).max and b = 1.\\n unchecked {\\n return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);\\n }\\n }\\n\\n /**\\n * @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or\\n * denominator == 0.\\n *\\n * Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by\\n * Uniswap Labs also under MIT license.\\n */\\n function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {\\n unchecked {\\n (uint256 high, uint256 low) = mul512(x, y);\\n\\n // Handle non-overflow cases, 256 by 256 division.\\n if (high == 0) {\\n // Solidity will revert if denominator == 0, unlike the div opcode on its own.\\n // The surrounding unchecked block does not change this fact.\\n // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.\\n return low / denominator;\\n }\\n\\n // Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.\\n if (denominator <= high) {\\n Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));\\n }\\n\\n ///////////////////////////////////////////////\\n // 512 by 256 division.\\n ///////////////////////////////////////////////\\n\\n // Make division exact by subtracting the remainder from [high low].\\n uint256 remainder;\\n assembly (\\\"memory-safe\\\") {\\n // Compute remainder using mulmod.\\n remainder := mulmod(x, y, denominator)\\n\\n // Subtract 256 bit number from 512 bit number.\\n high := sub(high, gt(remainder, low))\\n low := sub(low, remainder)\\n }\\n\\n // Factor powers of two out of denominator and compute largest power of two divisor of denominator.\\n // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.\\n\\n uint256 twos = denominator & (0 - denominator);\\n assembly (\\\"memory-safe\\\") {\\n // Divide denominator by twos.\\n denominator := div(denominator, twos)\\n\\n // Divide [high low] by twos.\\n low := div(low, twos)\\n\\n // Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.\\n twos := add(div(sub(0, twos), twos), 1)\\n }\\n\\n // Shift in bits from high into low.\\n low |= high * twos;\\n\\n // Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such\\n // that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for\\n // four bits. That is, denominator * inv ≡ 1 mod 2⁴.\\n uint256 inverse = (3 * denominator) ^ 2;\\n\\n // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also\\n // works in modular arithmetic, doubling the correct bits in each step.\\n inverse *= 2 - denominator * inverse; // inverse mod 2⁸\\n inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶\\n inverse *= 2 - denominator * inverse; // inverse mod 2³²\\n inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴\\n inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸\\n inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶\\n\\n // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.\\n // This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is\\n // less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and high\\n // is no longer required.\\n result = low * inverse;\\n return result;\\n }\\n }\\n\\n /**\\n * @dev Calculates x * y / denominator with full precision, following the selected rounding direction.\\n */\\n function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {\\n return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);\\n }\\n\\n /**\\n * @dev Calculates floor(x * y >> n) with full precision. Throws if result overflows a uint256.\\n */\\n function mulShr(uint256 x, uint256 y, uint8 n) internal pure returns (uint256 result) {\\n unchecked {\\n (uint256 high, uint256 low) = mul512(x, y);\\n if (high >= 1 << n) {\\n Panic.panic(Panic.UNDER_OVERFLOW);\\n }\\n return (high << (256 - n)) | (low >> n);\\n }\\n }\\n\\n /**\\n * @dev Calculates x * y >> n with full precision, following the selected rounding direction.\\n */\\n function mulShr(uint256 x, uint256 y, uint8 n, Rounding rounding) internal pure returns (uint256) {\\n return mulShr(x, y, n) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, 1 << n) > 0);\\n }\\n\\n /**\\n * @dev Calculate the modular multiplicative inverse of a number in Z/nZ.\\n *\\n * If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.\\n * If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.\\n *\\n * If the input value is not inversible, 0 is returned.\\n *\\n * NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the\\n * inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.\\n */\\n function invMod(uint256 a, uint256 n) internal pure returns (uint256) {\\n unchecked {\\n if (n == 0) return 0;\\n\\n // The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)\\n // Used to compute integers x and y such that: ax + ny = gcd(a, n).\\n // When the gcd is 1, then the inverse of a modulo n exists and it's x.\\n // ax + ny = 1\\n // ax = 1 + (-y)n\\n // ax ≡ 1 (mod n) # x is the inverse of a modulo n\\n\\n // If the remainder is 0 the gcd is n right away.\\n uint256 remainder = a % n;\\n uint256 gcd = n;\\n\\n // Therefore the initial coefficients are:\\n // ax + ny = gcd(a, n) = n\\n // 0a + 1n = n\\n int256 x = 0;\\n int256 y = 1;\\n\\n while (remainder != 0) {\\n uint256 quotient = gcd / remainder;\\n\\n (gcd, remainder) = (\\n // The old remainder is the next gcd to try.\\n remainder,\\n // Compute the next remainder.\\n // Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd\\n // where gcd is at most n (capped to type(uint256).max)\\n gcd - remainder * quotient\\n );\\n\\n (x, y) = (\\n // Increment the coefficient of a.\\n y,\\n // Decrement the coefficient of n.\\n // Can overflow, but the result is casted to uint256 so that the\\n // next value of y is \\\"wrapped around\\\" to a value between 0 and n - 1.\\n x - y * int256(quotient)\\n );\\n }\\n\\n if (gcd != 1) return 0; // No inverse exists.\\n return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.\\n }\\n }\\n\\n /**\\n * @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.\\n *\\n * From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is\\n * prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that\\n * `a**(p-2)` is the modular multiplicative inverse of a in Fp.\\n *\\n * NOTE: this function does NOT check that `p` is a prime greater than `2`.\\n */\\n function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {\\n unchecked {\\n return Math.modExp(a, p - 2, p);\\n }\\n }\\n\\n /**\\n * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)\\n *\\n * Requirements:\\n * - modulus can't be zero\\n * - underlying staticcall to precompile must succeed\\n *\\n * IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make\\n * sure the chain you're using it on supports the precompiled contract for modular exponentiation\\n * at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,\\n * the underlying function will succeed given the lack of a revert, but the result may be incorrectly\\n * interpreted as 0.\\n */\\n function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {\\n (bool success, uint256 result) = tryModExp(b, e, m);\\n if (!success) {\\n Panic.panic(Panic.DIVISION_BY_ZERO);\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).\\n * It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying\\n * to operate modulo 0 or if the underlying precompile reverted.\\n *\\n * IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain\\n * you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in\\n * https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack\\n * of a revert, but the result may be incorrectly interpreted as 0.\\n */\\n function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {\\n if (m == 0) return (false, 0);\\n assembly (\\\"memory-safe\\\") {\\n let ptr := mload(0x40)\\n // | Offset | Content | Content (Hex) |\\n // |-----------|------------|--------------------------------------------------------------------|\\n // | 0x00:0x1f | size of b | 0x0000000000000000000000000000000000000000000000000000000000000020 |\\n // | 0x20:0x3f | size of e | 0x0000000000000000000000000000000000000000000000000000000000000020 |\\n // | 0x40:0x5f | size of m | 0x0000000000000000000000000000000000000000000000000000000000000020 |\\n // | 0x60:0x7f | value of b | 0x<.............................................................b> |\\n // | 0x80:0x9f | value of e | 0x<.............................................................e> |\\n // | 0xa0:0xbf | value of m | 0x<.............................................................m> |\\n mstore(ptr, 0x20)\\n mstore(add(ptr, 0x20), 0x20)\\n mstore(add(ptr, 0x40), 0x20)\\n mstore(add(ptr, 0x60), b)\\n mstore(add(ptr, 0x80), e)\\n mstore(add(ptr, 0xa0), m)\\n\\n // Given the result < m, it's guaranteed to fit in 32 bytes,\\n // so we can use the memory scratch space located at offset 0.\\n success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)\\n result := mload(0x00)\\n }\\n }\\n\\n /**\\n * @dev Variant of {modExp} that supports inputs of arbitrary length.\\n */\\n function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {\\n (bool success, bytes memory result) = tryModExp(b, e, m);\\n if (!success) {\\n Panic.panic(Panic.DIVISION_BY_ZERO);\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Variant of {tryModExp} that supports inputs of arbitrary length.\\n */\\n function tryModExp(\\n bytes memory b,\\n bytes memory e,\\n bytes memory m\\n ) internal view returns (bool success, bytes memory result) {\\n if (_zeroBytes(m)) return (false, new bytes(0));\\n\\n uint256 mLen = m.length;\\n\\n // Encode call args in result and move the free memory pointer\\n result = abi.encodePacked(b.length, e.length, mLen, b, e, m);\\n\\n assembly (\\\"memory-safe\\\") {\\n let dataPtr := add(result, 0x20)\\n // Write result on top of args to avoid allocating extra memory.\\n success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)\\n // Overwrite the length.\\n // result.length > returndatasize() is guaranteed because returndatasize() == m.length\\n mstore(result, mLen)\\n // Set the memory pointer after the returned data.\\n mstore(0x40, add(dataPtr, mLen))\\n }\\n }\\n\\n /**\\n * @dev Returns whether the provided byte array is zero.\\n */\\n function _zeroBytes(bytes memory buffer) private pure returns (bool) {\\n uint256 chunk;\\n for (uint256 i = 0; i < buffer.length; i += 0x20) {\\n // See _unsafeReadBytesOffset from utils/Bytes.sol\\n assembly (\\\"memory-safe\\\") {\\n chunk := mload(add(add(buffer, 0x20), i))\\n }\\n if (chunk >> (8 * saturatingSub(i + 0x20, buffer.length)) != 0) {\\n return false;\\n }\\n }\\n return true;\\n }\\n\\n /**\\n * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded\\n * towards zero.\\n *\\n * This method is based on Newton's method for computing square roots; the algorithm is restricted to only\\n * using integer operations.\\n */\\n function sqrt(uint256 a) internal pure returns (uint256) {\\n unchecked {\\n // Take care of easy edge cases when a == 0 or a == 1\\n if (a <= 1) {\\n return a;\\n }\\n\\n // In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a\\n // sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between\\n // the current value as `ε_n = | x_n - sqrt(a) |`.\\n //\\n // For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root\\n // of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is\\n // bigger than any uint256.\\n //\\n // By noticing that\\n // `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`\\n // we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar\\n // to the msb function.\\n uint256 aa = a;\\n uint256 xn = 1;\\n\\n if (aa >= (1 << 128)) {\\n aa >>= 128;\\n xn <<= 64;\\n }\\n if (aa >= (1 << 64)) {\\n aa >>= 64;\\n xn <<= 32;\\n }\\n if (aa >= (1 << 32)) {\\n aa >>= 32;\\n xn <<= 16;\\n }\\n if (aa >= (1 << 16)) {\\n aa >>= 16;\\n xn <<= 8;\\n }\\n if (aa >= (1 << 8)) {\\n aa >>= 8;\\n xn <<= 4;\\n }\\n if (aa >= (1 << 4)) {\\n aa >>= 4;\\n xn <<= 2;\\n }\\n if (aa >= (1 << 2)) {\\n xn <<= 1;\\n }\\n\\n // We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).\\n //\\n // We can refine our estimation by noticing that the middle of that interval minimizes the error.\\n // If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).\\n // This is going to be our x_0 (and ε_0)\\n xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)\\n\\n // From here, Newton's method give us:\\n // x_{n+1} = (x_n + a / x_n) / 2\\n //\\n // One should note that:\\n // x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a\\n // = ((x_n² + a) / (2 * x_n))² - a\\n // = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a\\n // = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)\\n // = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)\\n // = (x_n² - a)² / (2 * x_n)²\\n // = ((x_n² - a) / (2 * x_n))²\\n // ≥ 0\\n // Which proves that for all n ≥ 1, sqrt(a) ≤ x_n\\n //\\n // This gives us the proof of quadratic convergence of the sequence:\\n // ε_{n+1} = | x_{n+1} - sqrt(a) |\\n // = | (x_n + a / x_n) / 2 - sqrt(a) |\\n // = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |\\n // = | (x_n - sqrt(a))² / (2 * x_n) |\\n // = | ε_n² / (2 * x_n) |\\n // = ε_n² / | (2 * x_n) |\\n //\\n // For the first iteration, we have a special case where x_0 is known:\\n // ε_1 = ε_0² / | (2 * x_0) |\\n // ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))\\n // ≤ 2**(2*e-4) / (3 * 2**(e-1))\\n // ≤ 2**(e-3) / 3\\n // ≤ 2**(e-3-log2(3))\\n // ≤ 2**(e-4.5)\\n //\\n // For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:\\n // ε_{n+1} = ε_n² / | (2 * x_n) |\\n // ≤ (2**(e-k))² / (2 * 2**(e-1))\\n // ≤ 2**(2*e-2*k) / 2**e\\n // ≤ 2**(e-2*k)\\n xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5) -- special case, see above\\n xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9) -- general case with k = 4.5\\n xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18) -- general case with k = 9\\n xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36) -- general case with k = 18\\n xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72) -- general case with k = 36\\n xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144) -- general case with k = 72\\n\\n // Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision\\n // ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either\\n // sqrt(a) or sqrt(a) + 1.\\n return xn - SafeCast.toUint(xn > a / xn);\\n }\\n }\\n\\n /**\\n * @dev Calculates sqrt(a), following the selected rounding direction.\\n */\\n function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = sqrt(a);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 2 of a positive value rounded towards zero.\\n * Returns 0 if given 0.\\n */\\n function log2(uint256 x) internal pure returns (uint256 r) {\\n // If value has upper 128 bits set, log2 result is at least 128\\n r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;\\n // If upper 64 bits of 128-bit half set, add 64 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;\\n // If upper 32 bits of 64-bit half set, add 32 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;\\n // If upper 16 bits of 32-bit half set, add 16 to result\\n r |= SafeCast.toUint((x >> r) > 0xffff) << 4;\\n // If upper 8 bits of 16-bit half set, add 8 to result\\n r |= SafeCast.toUint((x >> r) > 0xff) << 3;\\n // If upper 4 bits of 8-bit half set, add 4 to result\\n r |= SafeCast.toUint((x >> r) > 0xf) << 2;\\n\\n // Shifts value right by the current result and use it as an index into this lookup table:\\n //\\n // | x (4 bits) | index | table[index] = MSB position |\\n // |------------|---------|-----------------------------|\\n // | 0000 | 0 | table[0] = 0 |\\n // | 0001 | 1 | table[1] = 0 |\\n // | 0010 | 2 | table[2] = 1 |\\n // | 0011 | 3 | table[3] = 1 |\\n // | 0100 | 4 | table[4] = 2 |\\n // | 0101 | 5 | table[5] = 2 |\\n // | 0110 | 6 | table[6] = 2 |\\n // | 0111 | 7 | table[7] = 2 |\\n // | 1000 | 8 | table[8] = 3 |\\n // | 1001 | 9 | table[9] = 3 |\\n // | 1010 | 10 | table[10] = 3 |\\n // | 1011 | 11 | table[11] = 3 |\\n // | 1100 | 12 | table[12] = 3 |\\n // | 1101 | 13 | table[13] = 3 |\\n // | 1110 | 14 | table[14] = 3 |\\n // | 1111 | 15 | table[15] = 3 |\\n //\\n // The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the first 16 bytes (most significant half).\\n assembly (\\\"memory-safe\\\") {\\n r := or(r, byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000))\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 2, following the selected rounding direction, of a positive value.\\n * Returns 0 if given 0.\\n */\\n function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = log2(value);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 10 of a positive value rounded towards zero.\\n * Returns 0 if given 0.\\n */\\n function log10(uint256 value) internal pure returns (uint256) {\\n uint256 result = 0;\\n unchecked {\\n if (value >= 10 ** 64) {\\n value /= 10 ** 64;\\n result += 64;\\n }\\n if (value >= 10 ** 32) {\\n value /= 10 ** 32;\\n result += 32;\\n }\\n if (value >= 10 ** 16) {\\n value /= 10 ** 16;\\n result += 16;\\n }\\n if (value >= 10 ** 8) {\\n value /= 10 ** 8;\\n result += 8;\\n }\\n if (value >= 10 ** 4) {\\n value /= 10 ** 4;\\n result += 4;\\n }\\n if (value >= 10 ** 2) {\\n value /= 10 ** 2;\\n result += 2;\\n }\\n if (value >= 10 ** 1) {\\n result += 1;\\n }\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Return the log in base 10, following the selected rounding direction, of a positive value.\\n * Returns 0 if given 0.\\n */\\n function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = log10(value);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);\\n }\\n }\\n\\n /**\\n * @dev Return the log in base 256 of a positive value rounded towards zero.\\n * Returns 0 if given 0.\\n *\\n * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.\\n */\\n function log256(uint256 x) internal pure returns (uint256 r) {\\n // If value has upper 128 bits set, log2 result is at least 128\\n r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;\\n // If upper 64 bits of 128-bit half set, add 64 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;\\n // If upper 32 bits of 64-bit half set, add 32 to result\\n r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;\\n // If upper 16 bits of 32-bit half set, add 16 to result\\n r |= SafeCast.toUint((x >> r) > 0xffff) << 4;\\n // Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8\\n return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);\\n }\\n\\n /**\\n * @dev Return the log in base 256, following the selected rounding direction, of a positive value.\\n * Returns 0 if given 0.\\n */\\n function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {\\n unchecked {\\n uint256 result = log256(value);\\n return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);\\n }\\n }\\n\\n /**\\n * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.\\n */\\n function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {\\n return uint8(rounding) % 2 == 1;\\n }\\n\\n /**\\n * @dev Counts the number of leading zero bits in a uint256.\\n */\\n function clz(uint256 x) internal pure returns (uint256) {\\n return ternary(x == 0, 256, 255 - log2(x));\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/StorageSlot.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)\\n// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Library for reading and writing primitive types to specific storage slots.\\n *\\n * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.\\n * This library helps with reading and writing to such slots without the need for inline assembly.\\n *\\n * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.\\n *\\n * Example usage to set ERC-1967 implementation slot:\\n * ```solidity\\n * contract ERC1967 {\\n * // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.\\n * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;\\n *\\n * function _getImplementation() internal view returns (address) {\\n * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;\\n * }\\n *\\n * function _setImplementation(address newImplementation) internal {\\n * require(newImplementation.code.length > 0);\\n * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;\\n * }\\n * }\\n * ```\\n *\\n * TIP: Consider using this library along with {SlotDerivation}.\\n */\\nlibrary StorageSlot {\\n struct AddressSlot {\\n address value;\\n }\\n\\n struct BooleanSlot {\\n bool value;\\n }\\n\\n struct Bytes32Slot {\\n bytes32 value;\\n }\\n\\n struct Uint256Slot {\\n uint256 value;\\n }\\n\\n struct Int256Slot {\\n int256 value;\\n }\\n\\n struct StringSlot {\\n string value;\\n }\\n\\n struct BytesSlot {\\n bytes value;\\n }\\n\\n /**\\n * @dev Returns an `AddressSlot` with member `value` located at `slot`.\\n */\\n function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `BooleanSlot` with member `value` located at `slot`.\\n */\\n function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `Bytes32Slot` with member `value` located at `slot`.\\n */\\n function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `Uint256Slot` with member `value` located at `slot`.\\n */\\n function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `Int256Slot` with member `value` located at `slot`.\\n */\\n function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `StringSlot` with member `value` located at `slot`.\\n */\\n function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns an `StringSlot` representation of the string storage pointer `store`.\\n */\\n function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := store.slot\\n }\\n }\\n\\n /**\\n * @dev Returns a `BytesSlot` with member `value` located at `slot`.\\n */\\n function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := slot\\n }\\n }\\n\\n /**\\n * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.\\n */\\n function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {\\n assembly (\\\"memory-safe\\\") {\\n r.slot := store.slot\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/ShortStrings.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.5.0) (utils/ShortStrings.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {StorageSlot} from \\\"./StorageSlot.sol\\\";\\n\\n// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |\\n// | length | 0x BB |\\ntype ShortString is bytes32;\\n\\n/**\\n * @dev This library provides functions to convert short memory strings\\n * into a `ShortString` type that can be used as an immutable variable.\\n *\\n * Strings of arbitrary length can be optimized using this library if\\n * they are short enough (up to 31 bytes) by packing them with their\\n * length (1 byte) in a single EVM word (32 bytes). Additionally, a\\n * fallback mechanism can be used for every other case.\\n *\\n * Usage example:\\n *\\n * ```solidity\\n * contract Named {\\n * using ShortStrings for *;\\n *\\n * ShortString private immutable _name;\\n * string private _nameFallback;\\n *\\n * constructor(string memory contractName) {\\n * _name = contractName.toShortStringWithFallback(_nameFallback);\\n * }\\n *\\n * function name() external view returns (string memory) {\\n * return _name.toStringWithFallback(_nameFallback);\\n * }\\n * }\\n * ```\\n */\\nlibrary ShortStrings {\\n // Used as an identifier for strings longer than 31 bytes.\\n bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;\\n\\n error StringTooLong(string str);\\n error InvalidShortString();\\n\\n /**\\n * @dev Encode a string of at most 31 chars into a `ShortString`.\\n *\\n * This will trigger a `StringTooLong` error is the input string is too long.\\n */\\n function toShortString(string memory str) internal pure returns (ShortString) {\\n bytes memory bstr = bytes(str);\\n if (bstr.length > 0x1f) {\\n revert StringTooLong(str);\\n }\\n return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));\\n }\\n\\n /**\\n * @dev Decode a `ShortString` back to a \\\"normal\\\" string.\\n */\\n function toString(ShortString sstr) internal pure returns (string memory) {\\n uint256 len = byteLength(sstr);\\n // using `new string(len)` would work locally but is not memory safe.\\n string memory str = new string(0x20);\\n assembly (\\\"memory-safe\\\") {\\n mstore(str, len)\\n mstore(add(str, 0x20), sstr)\\n }\\n return str;\\n }\\n\\n /**\\n * @dev Return the length of a `ShortString`.\\n */\\n function byteLength(ShortString sstr) internal pure returns (uint256) {\\n uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;\\n if (result > 0x1f) {\\n revert InvalidShortString();\\n }\\n return result;\\n }\\n\\n /**\\n * @dev Encode a string into a `ShortString`, or write it to storage if it is too long.\\n */\\n function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {\\n if (bytes(value).length < 0x20) {\\n return toShortString(value);\\n } else {\\n StorageSlot.getStringSlot(store).value = value;\\n return ShortString.wrap(FALLBACK_SENTINEL);\\n }\\n }\\n\\n /**\\n * @dev Decode a string that was encoded to `ShortString` or written to storage using {toShortStringWithFallback}.\\n */\\n function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {\\n if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {\\n return toString(value);\\n } else {\\n return store;\\n }\\n }\\n\\n /**\\n * @dev Return the length of a string that was encoded to `ShortString` or written to storage using\\n * {toShortStringWithFallback}.\\n *\\n * WARNING: This will return the \\\"byte length\\\" of the string. This may not reflect the actual length in terms of\\n * actual characters as the UTF-8 encoding of a single character can span over multiple bytes.\\n */\\n function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {\\n if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {\\n return byteLength(value);\\n } else {\\n return bytes(store).length;\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/access/Ownable2Step.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (access/Ownable2Step.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {Ownable} from \\\"./Ownable.sol\\\";\\n\\n/**\\n * @dev Contract module which provides access control mechanism, where\\n * there is an account (an owner) that can be granted exclusive access to\\n * specific functions.\\n *\\n * This extension of the {Ownable} contract includes a two-step mechanism to transfer\\n * ownership, where the new owner must call {acceptOwnership} in order to replace the\\n * old one. This can help prevent common mistakes, such as transfers of ownership to\\n * incorrect accounts, or to contracts that are unable to interact with the\\n * permission system.\\n *\\n * The initial owner is specified at deployment time in the constructor for `Ownable`. This\\n * can later be changed with {transferOwnership} and {acceptOwnership}.\\n *\\n * This module is used through inheritance. It will make available all functions\\n * from parent (Ownable).\\n */\\nabstract contract Ownable2Step is Ownable {\\n address private _pendingOwner;\\n\\n event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);\\n\\n /**\\n * @dev Returns the address of the pending owner.\\n */\\n function pendingOwner() public view virtual returns (address) {\\n return _pendingOwner;\\n }\\n\\n /**\\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\\n * Can only be called by the current owner.\\n *\\n * Setting `newOwner` to the zero address is allowed; this can be used to cancel an initiated ownership transfer.\\n */\\n function transferOwnership(address newOwner) public virtual override onlyOwner {\\n _pendingOwner = newOwner;\\n emit OwnershipTransferStarted(owner(), newOwner);\\n }\\n\\n /**\\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\\n * Internal function without access restriction.\\n */\\n function _transferOwnership(address newOwner) internal virtual override {\\n delete _pendingOwner;\\n super._transferOwnership(newOwner);\\n }\\n\\n /**\\n * @dev The new owner accepts the ownership transfer.\\n */\\n function acceptOwnership() public virtual {\\n address sender = _msgSender();\\n if (pendingOwner() != sender) {\\n revert OwnableUnauthorizedAccount(sender);\\n }\\n _transferOwnership(sender);\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/interfaces/IERC5267.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC5267.sol)\\n\\npragma solidity >=0.4.16;\\n\\ninterface IERC5267 {\\n /**\\n * @dev MAY be emitted to signal that the domain could have changed.\\n */\\n event EIP712DomainChanged();\\n\\n /**\\n * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712\\n * signature.\\n */\\n function eip712Domain()\\n external\\n view\\n returns (\\n bytes1 fields,\\n string memory name,\\n string memory version,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt,\\n uint256[] memory extensions\\n );\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/math/SafeCast.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/math/SafeCast.sol)\\n// This file was procedurally generated from scripts/generate/templates/SafeCast.js.\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow\\n * checks.\\n *\\n * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can\\n * easily result in undesired exploitation or bugs, since developers usually\\n * assume that overflows raise errors. `SafeCast` restores this intuition by\\n * reverting the transaction when such an operation overflows.\\n *\\n * Using this library instead of the unchecked operations eliminates an entire\\n * class of bugs, so it's recommended to use it always.\\n */\\nlibrary SafeCast {\\n /**\\n * @dev Value doesn't fit in a uint of `bits` size.\\n */\\n error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);\\n\\n /**\\n * @dev An int value doesn't fit in a uint of `bits` size.\\n */\\n error SafeCastOverflowedIntToUint(int256 value);\\n\\n /**\\n * @dev Value doesn't fit in an int of `bits` size.\\n */\\n error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);\\n\\n /**\\n * @dev A uint value doesn't fit in an int of `bits` size.\\n */\\n error SafeCastOverflowedUintToInt(uint256 value);\\n\\n /**\\n * @dev Returns the downcasted uint248 from uint256, reverting on\\n * overflow (when the input is greater than largest uint248).\\n *\\n * Counterpart to Solidity's `uint248` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 248 bits\\n */\\n function toUint248(uint256 value) internal pure returns (uint248) {\\n if (value > type(uint248).max) {\\n revert SafeCastOverflowedUintDowncast(248, value);\\n }\\n return uint248(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint240 from uint256, reverting on\\n * overflow (when the input is greater than largest uint240).\\n *\\n * Counterpart to Solidity's `uint240` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 240 bits\\n */\\n function toUint240(uint256 value) internal pure returns (uint240) {\\n if (value > type(uint240).max) {\\n revert SafeCastOverflowedUintDowncast(240, value);\\n }\\n return uint240(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint232 from uint256, reverting on\\n * overflow (when the input is greater than largest uint232).\\n *\\n * Counterpart to Solidity's `uint232` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 232 bits\\n */\\n function toUint232(uint256 value) internal pure returns (uint232) {\\n if (value > type(uint232).max) {\\n revert SafeCastOverflowedUintDowncast(232, value);\\n }\\n return uint232(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint224 from uint256, reverting on\\n * overflow (when the input is greater than largest uint224).\\n *\\n * Counterpart to Solidity's `uint224` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 224 bits\\n */\\n function toUint224(uint256 value) internal pure returns (uint224) {\\n if (value > type(uint224).max) {\\n revert SafeCastOverflowedUintDowncast(224, value);\\n }\\n return uint224(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint216 from uint256, reverting on\\n * overflow (when the input is greater than largest uint216).\\n *\\n * Counterpart to Solidity's `uint216` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 216 bits\\n */\\n function toUint216(uint256 value) internal pure returns (uint216) {\\n if (value > type(uint216).max) {\\n revert SafeCastOverflowedUintDowncast(216, value);\\n }\\n return uint216(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint208 from uint256, reverting on\\n * overflow (when the input is greater than largest uint208).\\n *\\n * Counterpart to Solidity's `uint208` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 208 bits\\n */\\n function toUint208(uint256 value) internal pure returns (uint208) {\\n if (value > type(uint208).max) {\\n revert SafeCastOverflowedUintDowncast(208, value);\\n }\\n return uint208(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint200 from uint256, reverting on\\n * overflow (when the input is greater than largest uint200).\\n *\\n * Counterpart to Solidity's `uint200` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 200 bits\\n */\\n function toUint200(uint256 value) internal pure returns (uint200) {\\n if (value > type(uint200).max) {\\n revert SafeCastOverflowedUintDowncast(200, value);\\n }\\n return uint200(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint192 from uint256, reverting on\\n * overflow (when the input is greater than largest uint192).\\n *\\n * Counterpart to Solidity's `uint192` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 192 bits\\n */\\n function toUint192(uint256 value) internal pure returns (uint192) {\\n if (value > type(uint192).max) {\\n revert SafeCastOverflowedUintDowncast(192, value);\\n }\\n return uint192(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint184 from uint256, reverting on\\n * overflow (when the input is greater than largest uint184).\\n *\\n * Counterpart to Solidity's `uint184` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 184 bits\\n */\\n function toUint184(uint256 value) internal pure returns (uint184) {\\n if (value > type(uint184).max) {\\n revert SafeCastOverflowedUintDowncast(184, value);\\n }\\n return uint184(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint176 from uint256, reverting on\\n * overflow (when the input is greater than largest uint176).\\n *\\n * Counterpart to Solidity's `uint176` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 176 bits\\n */\\n function toUint176(uint256 value) internal pure returns (uint176) {\\n if (value > type(uint176).max) {\\n revert SafeCastOverflowedUintDowncast(176, value);\\n }\\n return uint176(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint168 from uint256, reverting on\\n * overflow (when the input is greater than largest uint168).\\n *\\n * Counterpart to Solidity's `uint168` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 168 bits\\n */\\n function toUint168(uint256 value) internal pure returns (uint168) {\\n if (value > type(uint168).max) {\\n revert SafeCastOverflowedUintDowncast(168, value);\\n }\\n return uint168(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint160 from uint256, reverting on\\n * overflow (when the input is greater than largest uint160).\\n *\\n * Counterpart to Solidity's `uint160` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 160 bits\\n */\\n function toUint160(uint256 value) internal pure returns (uint160) {\\n if (value > type(uint160).max) {\\n revert SafeCastOverflowedUintDowncast(160, value);\\n }\\n return uint160(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint152 from uint256, reverting on\\n * overflow (when the input is greater than largest uint152).\\n *\\n * Counterpart to Solidity's `uint152` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 152 bits\\n */\\n function toUint152(uint256 value) internal pure returns (uint152) {\\n if (value > type(uint152).max) {\\n revert SafeCastOverflowedUintDowncast(152, value);\\n }\\n return uint152(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint144 from uint256, reverting on\\n * overflow (when the input is greater than largest uint144).\\n *\\n * Counterpart to Solidity's `uint144` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 144 bits\\n */\\n function toUint144(uint256 value) internal pure returns (uint144) {\\n if (value > type(uint144).max) {\\n revert SafeCastOverflowedUintDowncast(144, value);\\n }\\n return uint144(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint136 from uint256, reverting on\\n * overflow (when the input is greater than largest uint136).\\n *\\n * Counterpart to Solidity's `uint136` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 136 bits\\n */\\n function toUint136(uint256 value) internal pure returns (uint136) {\\n if (value > type(uint136).max) {\\n revert SafeCastOverflowedUintDowncast(136, value);\\n }\\n return uint136(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint128 from uint256, reverting on\\n * overflow (when the input is greater than largest uint128).\\n *\\n * Counterpart to Solidity's `uint128` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 128 bits\\n */\\n function toUint128(uint256 value) internal pure returns (uint128) {\\n if (value > type(uint128).max) {\\n revert SafeCastOverflowedUintDowncast(128, value);\\n }\\n return uint128(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint120 from uint256, reverting on\\n * overflow (when the input is greater than largest uint120).\\n *\\n * Counterpart to Solidity's `uint120` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 120 bits\\n */\\n function toUint120(uint256 value) internal pure returns (uint120) {\\n if (value > type(uint120).max) {\\n revert SafeCastOverflowedUintDowncast(120, value);\\n }\\n return uint120(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint112 from uint256, reverting on\\n * overflow (when the input is greater than largest uint112).\\n *\\n * Counterpart to Solidity's `uint112` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 112 bits\\n */\\n function toUint112(uint256 value) internal pure returns (uint112) {\\n if (value > type(uint112).max) {\\n revert SafeCastOverflowedUintDowncast(112, value);\\n }\\n return uint112(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint104 from uint256, reverting on\\n * overflow (when the input is greater than largest uint104).\\n *\\n * Counterpart to Solidity's `uint104` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 104 bits\\n */\\n function toUint104(uint256 value) internal pure returns (uint104) {\\n if (value > type(uint104).max) {\\n revert SafeCastOverflowedUintDowncast(104, value);\\n }\\n return uint104(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint96 from uint256, reverting on\\n * overflow (when the input is greater than largest uint96).\\n *\\n * Counterpart to Solidity's `uint96` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 96 bits\\n */\\n function toUint96(uint256 value) internal pure returns (uint96) {\\n if (value > type(uint96).max) {\\n revert SafeCastOverflowedUintDowncast(96, value);\\n }\\n return uint96(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint88 from uint256, reverting on\\n * overflow (when the input is greater than largest uint88).\\n *\\n * Counterpart to Solidity's `uint88` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 88 bits\\n */\\n function toUint88(uint256 value) internal pure returns (uint88) {\\n if (value > type(uint88).max) {\\n revert SafeCastOverflowedUintDowncast(88, value);\\n }\\n return uint88(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint80 from uint256, reverting on\\n * overflow (when the input is greater than largest uint80).\\n *\\n * Counterpart to Solidity's `uint80` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 80 bits\\n */\\n function toUint80(uint256 value) internal pure returns (uint80) {\\n if (value > type(uint80).max) {\\n revert SafeCastOverflowedUintDowncast(80, value);\\n }\\n return uint80(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint72 from uint256, reverting on\\n * overflow (when the input is greater than largest uint72).\\n *\\n * Counterpart to Solidity's `uint72` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 72 bits\\n */\\n function toUint72(uint256 value) internal pure returns (uint72) {\\n if (value > type(uint72).max) {\\n revert SafeCastOverflowedUintDowncast(72, value);\\n }\\n return uint72(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint64 from uint256, reverting on\\n * overflow (when the input is greater than largest uint64).\\n *\\n * Counterpart to Solidity's `uint64` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 64 bits\\n */\\n function toUint64(uint256 value) internal pure returns (uint64) {\\n if (value > type(uint64).max) {\\n revert SafeCastOverflowedUintDowncast(64, value);\\n }\\n return uint64(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint56 from uint256, reverting on\\n * overflow (when the input is greater than largest uint56).\\n *\\n * Counterpart to Solidity's `uint56` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 56 bits\\n */\\n function toUint56(uint256 value) internal pure returns (uint56) {\\n if (value > type(uint56).max) {\\n revert SafeCastOverflowedUintDowncast(56, value);\\n }\\n return uint56(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint48 from uint256, reverting on\\n * overflow (when the input is greater than largest uint48).\\n *\\n * Counterpart to Solidity's `uint48` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 48 bits\\n */\\n function toUint48(uint256 value) internal pure returns (uint48) {\\n if (value > type(uint48).max) {\\n revert SafeCastOverflowedUintDowncast(48, value);\\n }\\n return uint48(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint40 from uint256, reverting on\\n * overflow (when the input is greater than largest uint40).\\n *\\n * Counterpart to Solidity's `uint40` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 40 bits\\n */\\n function toUint40(uint256 value) internal pure returns (uint40) {\\n if (value > type(uint40).max) {\\n revert SafeCastOverflowedUintDowncast(40, value);\\n }\\n return uint40(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint32 from uint256, reverting on\\n * overflow (when the input is greater than largest uint32).\\n *\\n * Counterpart to Solidity's `uint32` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 32 bits\\n */\\n function toUint32(uint256 value) internal pure returns (uint32) {\\n if (value > type(uint32).max) {\\n revert SafeCastOverflowedUintDowncast(32, value);\\n }\\n return uint32(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint24 from uint256, reverting on\\n * overflow (when the input is greater than largest uint24).\\n *\\n * Counterpart to Solidity's `uint24` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 24 bits\\n */\\n function toUint24(uint256 value) internal pure returns (uint24) {\\n if (value > type(uint24).max) {\\n revert SafeCastOverflowedUintDowncast(24, value);\\n }\\n return uint24(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint16 from uint256, reverting on\\n * overflow (when the input is greater than largest uint16).\\n *\\n * Counterpart to Solidity's `uint16` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 16 bits\\n */\\n function toUint16(uint256 value) internal pure returns (uint16) {\\n if (value > type(uint16).max) {\\n revert SafeCastOverflowedUintDowncast(16, value);\\n }\\n return uint16(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted uint8 from uint256, reverting on\\n * overflow (when the input is greater than largest uint8).\\n *\\n * Counterpart to Solidity's `uint8` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 8 bits\\n */\\n function toUint8(uint256 value) internal pure returns (uint8) {\\n if (value > type(uint8).max) {\\n revert SafeCastOverflowedUintDowncast(8, value);\\n }\\n return uint8(value);\\n }\\n\\n /**\\n * @dev Converts a signed int256 into an unsigned uint256.\\n *\\n * Requirements:\\n *\\n * - input must be greater than or equal to 0.\\n */\\n function toUint256(int256 value) internal pure returns (uint256) {\\n if (value < 0) {\\n revert SafeCastOverflowedIntToUint(value);\\n }\\n return uint256(value);\\n }\\n\\n /**\\n * @dev Returns the downcasted int248 from int256, reverting on\\n * overflow (when the input is less than smallest int248 or\\n * greater than largest int248).\\n *\\n * Counterpart to Solidity's `int248` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 248 bits\\n */\\n function toInt248(int256 value) internal pure returns (int248 downcasted) {\\n downcasted = int248(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(248, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int240 from int256, reverting on\\n * overflow (when the input is less than smallest int240 or\\n * greater than largest int240).\\n *\\n * Counterpart to Solidity's `int240` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 240 bits\\n */\\n function toInt240(int256 value) internal pure returns (int240 downcasted) {\\n downcasted = int240(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(240, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int232 from int256, reverting on\\n * overflow (when the input is less than smallest int232 or\\n * greater than largest int232).\\n *\\n * Counterpart to Solidity's `int232` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 232 bits\\n */\\n function toInt232(int256 value) internal pure returns (int232 downcasted) {\\n downcasted = int232(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(232, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int224 from int256, reverting on\\n * overflow (when the input is less than smallest int224 or\\n * greater than largest int224).\\n *\\n * Counterpart to Solidity's `int224` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 224 bits\\n */\\n function toInt224(int256 value) internal pure returns (int224 downcasted) {\\n downcasted = int224(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(224, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int216 from int256, reverting on\\n * overflow (when the input is less than smallest int216 or\\n * greater than largest int216).\\n *\\n * Counterpart to Solidity's `int216` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 216 bits\\n */\\n function toInt216(int256 value) internal pure returns (int216 downcasted) {\\n downcasted = int216(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(216, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int208 from int256, reverting on\\n * overflow (when the input is less than smallest int208 or\\n * greater than largest int208).\\n *\\n * Counterpart to Solidity's `int208` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 208 bits\\n */\\n function toInt208(int256 value) internal pure returns (int208 downcasted) {\\n downcasted = int208(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(208, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int200 from int256, reverting on\\n * overflow (when the input is less than smallest int200 or\\n * greater than largest int200).\\n *\\n * Counterpart to Solidity's `int200` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 200 bits\\n */\\n function toInt200(int256 value) internal pure returns (int200 downcasted) {\\n downcasted = int200(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(200, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int192 from int256, reverting on\\n * overflow (when the input is less than smallest int192 or\\n * greater than largest int192).\\n *\\n * Counterpart to Solidity's `int192` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 192 bits\\n */\\n function toInt192(int256 value) internal pure returns (int192 downcasted) {\\n downcasted = int192(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(192, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int184 from int256, reverting on\\n * overflow (when the input is less than smallest int184 or\\n * greater than largest int184).\\n *\\n * Counterpart to Solidity's `int184` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 184 bits\\n */\\n function toInt184(int256 value) internal pure returns (int184 downcasted) {\\n downcasted = int184(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(184, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int176 from int256, reverting on\\n * overflow (when the input is less than smallest int176 or\\n * greater than largest int176).\\n *\\n * Counterpart to Solidity's `int176` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 176 bits\\n */\\n function toInt176(int256 value) internal pure returns (int176 downcasted) {\\n downcasted = int176(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(176, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int168 from int256, reverting on\\n * overflow (when the input is less than smallest int168 or\\n * greater than largest int168).\\n *\\n * Counterpart to Solidity's `int168` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 168 bits\\n */\\n function toInt168(int256 value) internal pure returns (int168 downcasted) {\\n downcasted = int168(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(168, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int160 from int256, reverting on\\n * overflow (when the input is less than smallest int160 or\\n * greater than largest int160).\\n *\\n * Counterpart to Solidity's `int160` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 160 bits\\n */\\n function toInt160(int256 value) internal pure returns (int160 downcasted) {\\n downcasted = int160(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(160, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int152 from int256, reverting on\\n * overflow (when the input is less than smallest int152 or\\n * greater than largest int152).\\n *\\n * Counterpart to Solidity's `int152` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 152 bits\\n */\\n function toInt152(int256 value) internal pure returns (int152 downcasted) {\\n downcasted = int152(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(152, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int144 from int256, reverting on\\n * overflow (when the input is less than smallest int144 or\\n * greater than largest int144).\\n *\\n * Counterpart to Solidity's `int144` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 144 bits\\n */\\n function toInt144(int256 value) internal pure returns (int144 downcasted) {\\n downcasted = int144(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(144, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int136 from int256, reverting on\\n * overflow (when the input is less than smallest int136 or\\n * greater than largest int136).\\n *\\n * Counterpart to Solidity's `int136` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 136 bits\\n */\\n function toInt136(int256 value) internal pure returns (int136 downcasted) {\\n downcasted = int136(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(136, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int128 from int256, reverting on\\n * overflow (when the input is less than smallest int128 or\\n * greater than largest int128).\\n *\\n * Counterpart to Solidity's `int128` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 128 bits\\n */\\n function toInt128(int256 value) internal pure returns (int128 downcasted) {\\n downcasted = int128(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(128, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int120 from int256, reverting on\\n * overflow (when the input is less than smallest int120 or\\n * greater than largest int120).\\n *\\n * Counterpart to Solidity's `int120` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 120 bits\\n */\\n function toInt120(int256 value) internal pure returns (int120 downcasted) {\\n downcasted = int120(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(120, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int112 from int256, reverting on\\n * overflow (when the input is less than smallest int112 or\\n * greater than largest int112).\\n *\\n * Counterpart to Solidity's `int112` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 112 bits\\n */\\n function toInt112(int256 value) internal pure returns (int112 downcasted) {\\n downcasted = int112(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(112, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int104 from int256, reverting on\\n * overflow (when the input is less than smallest int104 or\\n * greater than largest int104).\\n *\\n * Counterpart to Solidity's `int104` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 104 bits\\n */\\n function toInt104(int256 value) internal pure returns (int104 downcasted) {\\n downcasted = int104(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(104, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int96 from int256, reverting on\\n * overflow (when the input is less than smallest int96 or\\n * greater than largest int96).\\n *\\n * Counterpart to Solidity's `int96` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 96 bits\\n */\\n function toInt96(int256 value) internal pure returns (int96 downcasted) {\\n downcasted = int96(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(96, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int88 from int256, reverting on\\n * overflow (when the input is less than smallest int88 or\\n * greater than largest int88).\\n *\\n * Counterpart to Solidity's `int88` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 88 bits\\n */\\n function toInt88(int256 value) internal pure returns (int88 downcasted) {\\n downcasted = int88(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(88, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int80 from int256, reverting on\\n * overflow (when the input is less than smallest int80 or\\n * greater than largest int80).\\n *\\n * Counterpart to Solidity's `int80` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 80 bits\\n */\\n function toInt80(int256 value) internal pure returns (int80 downcasted) {\\n downcasted = int80(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(80, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int72 from int256, reverting on\\n * overflow (when the input is less than smallest int72 or\\n * greater than largest int72).\\n *\\n * Counterpart to Solidity's `int72` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 72 bits\\n */\\n function toInt72(int256 value) internal pure returns (int72 downcasted) {\\n downcasted = int72(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(72, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int64 from int256, reverting on\\n * overflow (when the input is less than smallest int64 or\\n * greater than largest int64).\\n *\\n * Counterpart to Solidity's `int64` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 64 bits\\n */\\n function toInt64(int256 value) internal pure returns (int64 downcasted) {\\n downcasted = int64(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(64, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int56 from int256, reverting on\\n * overflow (when the input is less than smallest int56 or\\n * greater than largest int56).\\n *\\n * Counterpart to Solidity's `int56` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 56 bits\\n */\\n function toInt56(int256 value) internal pure returns (int56 downcasted) {\\n downcasted = int56(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(56, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int48 from int256, reverting on\\n * overflow (when the input is less than smallest int48 or\\n * greater than largest int48).\\n *\\n * Counterpart to Solidity's `int48` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 48 bits\\n */\\n function toInt48(int256 value) internal pure returns (int48 downcasted) {\\n downcasted = int48(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(48, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int40 from int256, reverting on\\n * overflow (when the input is less than smallest int40 or\\n * greater than largest int40).\\n *\\n * Counterpart to Solidity's `int40` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 40 bits\\n */\\n function toInt40(int256 value) internal pure returns (int40 downcasted) {\\n downcasted = int40(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(40, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int32 from int256, reverting on\\n * overflow (when the input is less than smallest int32 or\\n * greater than largest int32).\\n *\\n * Counterpart to Solidity's `int32` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 32 bits\\n */\\n function toInt32(int256 value) internal pure returns (int32 downcasted) {\\n downcasted = int32(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(32, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int24 from int256, reverting on\\n * overflow (when the input is less than smallest int24 or\\n * greater than largest int24).\\n *\\n * Counterpart to Solidity's `int24` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 24 bits\\n */\\n function toInt24(int256 value) internal pure returns (int24 downcasted) {\\n downcasted = int24(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(24, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int16 from int256, reverting on\\n * overflow (when the input is less than smallest int16 or\\n * greater than largest int16).\\n *\\n * Counterpart to Solidity's `int16` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 16 bits\\n */\\n function toInt16(int256 value) internal pure returns (int16 downcasted) {\\n downcasted = int16(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(16, value);\\n }\\n }\\n\\n /**\\n * @dev Returns the downcasted int8 from int256, reverting on\\n * overflow (when the input is less than smallest int8 or\\n * greater than largest int8).\\n *\\n * Counterpart to Solidity's `int8` operator.\\n *\\n * Requirements:\\n *\\n * - input must fit into 8 bits\\n */\\n function toInt8(int256 value) internal pure returns (int8 downcasted) {\\n downcasted = int8(value);\\n if (downcasted != value) {\\n revert SafeCastOverflowedIntDowncast(8, value);\\n }\\n }\\n\\n /**\\n * @dev Converts an unsigned uint256 into a signed int256.\\n *\\n * Requirements:\\n *\\n * - input must be less than or equal to maxInt256.\\n */\\n function toInt256(uint256 value) internal pure returns (int256) {\\n // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive\\n if (value > uint256(type(int256).max)) {\\n revert SafeCastOverflowedUintToInt(value);\\n }\\n return int256(value);\\n }\\n\\n /**\\n * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.\\n */\\n function toUint(bool b) internal pure returns (uint256 u) {\\n assembly (\\\"memory-safe\\\") {\\n u := iszero(iszero(b))\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/math/SignedMath.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SignedMath.sol)\\n\\npragma solidity ^0.8.20;\\n\\nimport {SafeCast} from \\\"./SafeCast.sol\\\";\\n\\n/**\\n * @dev Standard signed math utilities missing in the Solidity language.\\n */\\nlibrary SignedMath {\\n /**\\n * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.\\n *\\n * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.\\n * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute\\n * one branch when needed, making this function more expensive.\\n */\\n function ternary(bool condition, int256 a, int256 b) internal pure returns (int256) {\\n unchecked {\\n // branchless ternary works because:\\n // b ^ (a ^ b) == a\\n // b ^ 0 == b\\n return b ^ ((a ^ b) * int256(SafeCast.toUint(condition)));\\n }\\n }\\n\\n /**\\n * @dev Returns the largest of two signed numbers.\\n */\\n function max(int256 a, int256 b) internal pure returns (int256) {\\n return ternary(a > b, a, b);\\n }\\n\\n /**\\n * @dev Returns the smallest of two signed numbers.\\n */\\n function min(int256 a, int256 b) internal pure returns (int256) {\\n return ternary(a < b, a, b);\\n }\\n\\n /**\\n * @dev Returns the average of two signed numbers without overflow.\\n * The result is rounded towards zero.\\n */\\n function average(int256 a, int256 b) internal pure returns (int256) {\\n // Formula from the book \\\"Hacker's Delight\\\"\\n int256 x = (a & b) + ((a ^ b) >> 1);\\n return x + (int256(uint256(x) >> 255) & (a ^ b));\\n }\\n\\n /**\\n * @dev Returns the absolute unsigned value of a signed value.\\n */\\n function abs(int256 n) internal pure returns (uint256) {\\n unchecked {\\n // Formula from the \\\"Bit Twiddling Hacks\\\" by Sean Eron Anderson.\\n // Since `n` is a signed integer, the generated bytecode will use the SAR opcode to perform the right shift,\\n // taking advantage of the most significant (or \\\"sign\\\" bit) in two's complement representation.\\n // This opcode adds new most significant bits set to the value of the previous most significant bit. As a result,\\n // the mask will either be `bytes32(0)` (if n is positive) or `~bytes32(0)` (if n is negative).\\n int256 mask = n >> 255;\\n\\n // A `bytes32(0)` mask leaves the input unchanged, while a `~bytes32(0)` mask complements it.\\n return uint256((n + mask) ^ mask);\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/cryptography/ECDSA.sol)\\n\\npragma solidity ^0.8.20;\\n\\n/**\\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\\n *\\n * These functions can be used to verify that a message was signed by the holder\\n * of the private keys of a given address.\\n */\\nlibrary ECDSA {\\n enum RecoverError {\\n NoError,\\n InvalidSignature,\\n InvalidSignatureLength,\\n InvalidSignatureS\\n }\\n\\n /**\\n * @dev The signature is invalid.\\n */\\n error ECDSAInvalidSignature();\\n\\n /**\\n * @dev The signature has an invalid length.\\n */\\n error ECDSAInvalidSignatureLength(uint256 length);\\n\\n /**\\n * @dev The signature has an S value that is in the upper half order.\\n */\\n error ECDSAInvalidSignatureS(bytes32 s);\\n\\n /**\\n * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not\\n * return address(0) without also returning an error description. Errors are documented using an enum (error type)\\n * and a bytes32 providing additional information about the error.\\n *\\n * If no error is returned, then the address can be used for verification purposes.\\n *\\n * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:\\n * this function rejects them by requiring the `s` value to be in the lower\\n * half order, and the `v` value to be either 27 or 28.\\n *\\n * NOTE: This function only supports 65-byte signatures. ERC-2098 short signatures are rejected. This restriction\\n * is DEPRECATED and will be removed in v6.0. Developers SHOULD NOT use signatures as unique identifiers; use hash\\n * invalidation or nonces for replay protection.\\n *\\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\\n * verification to be secure: it is possible to craft signatures that\\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\\n * this is by receiving a hash of the original message (which may otherwise\\n * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.\\n *\\n * Documentation for signature generation:\\n *\\n * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]\\n * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]\\n */\\n function tryRecover(\\n bytes32 hash,\\n bytes memory signature\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n if (signature.length == 65) {\\n bytes32 r;\\n bytes32 s;\\n uint8 v;\\n // ecrecover takes the signature parameters, and the only way to get them\\n // currently is to use assembly.\\n assembly (\\\"memory-safe\\\") {\\n r := mload(add(signature, 0x20))\\n s := mload(add(signature, 0x40))\\n v := byte(0, mload(add(signature, 0x60)))\\n }\\n return tryRecover(hash, v, r, s);\\n } else {\\n return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));\\n }\\n }\\n\\n /**\\n * @dev Variant of {tryRecover} that takes a signature in calldata\\n */\\n function tryRecoverCalldata(\\n bytes32 hash,\\n bytes calldata signature\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n if (signature.length == 65) {\\n bytes32 r;\\n bytes32 s;\\n uint8 v;\\n // ecrecover takes the signature parameters, calldata slices would work here, but are\\n // significantly more expensive (length check) than using calldataload in assembly.\\n assembly (\\\"memory-safe\\\") {\\n r := calldataload(signature.offset)\\n s := calldataload(add(signature.offset, 0x20))\\n v := byte(0, calldataload(add(signature.offset, 0x40)))\\n }\\n return tryRecover(hash, v, r, s);\\n } else {\\n return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));\\n }\\n }\\n\\n /**\\n * @dev Returns the address that signed a hashed message (`hash`) with\\n * `signature`. This address can then be used for verification purposes.\\n *\\n * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:\\n * this function rejects them by requiring the `s` value to be in the lower\\n * half order, and the `v` value to be either 27 or 28.\\n *\\n * NOTE: This function only supports 65-byte signatures. ERC-2098 short signatures are rejected. This restriction\\n * is DEPRECATED and will be removed in v6.0. Developers SHOULD NOT use signatures as unique identifiers; use hash\\n * invalidation or nonces for replay protection.\\n *\\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\\n * verification to be secure: it is possible to craft signatures that\\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\\n * this is by receiving a hash of the original message (which may otherwise\\n * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.\\n */\\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Variant of {recover} that takes a signature in calldata\\n */\\n function recoverCalldata(bytes32 hash, bytes calldata signature) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecoverCalldata(hash, signature);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.\\n *\\n * See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]\\n */\\n function tryRecover(\\n bytes32 hash,\\n bytes32 r,\\n bytes32 vs\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n unchecked {\\n bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);\\n // We do not check for an overflow here since the shift operation results in 0 or 1.\\n uint8 v = uint8((uint256(vs) >> 255) + 27);\\n return tryRecover(hash, v, r, s);\\n }\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-recover} that receives the `r` and `vs` short-signature fields separately.\\n */\\n function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-tryRecover} that receives the `v`,\\n * `r` and `s` signature fields separately.\\n */\\n function tryRecover(\\n bytes32 hash,\\n uint8 v,\\n bytes32 r,\\n bytes32 s\\n ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {\\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\\n // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most\\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\\n //\\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\\n // these malleable signatures as well.\\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\\n return (address(0), RecoverError.InvalidSignatureS, s);\\n }\\n\\n // If the signature is valid (and not malleable), return the signer address\\n address signer = ecrecover(hash, v, r, s);\\n if (signer == address(0)) {\\n return (address(0), RecoverError.InvalidSignature, bytes32(0));\\n }\\n\\n return (signer, RecoverError.NoError, bytes32(0));\\n }\\n\\n /**\\n * @dev Overload of {ECDSA-recover} that receives the `v`,\\n * `r` and `s` signature fields separately.\\n */\\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\\n (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);\\n _throwError(error, errorArg);\\n return recovered;\\n }\\n\\n /**\\n * @dev Parse a signature into its `v`, `r` and `s` components. Supports 65-byte and 64-byte (ERC-2098)\\n * formats. Returns (0,0,0) for invalid signatures.\\n *\\n * For 64-byte signatures, `v` is automatically normalized to 27 or 28.\\n * For 65-byte signatures, `v` is returned as-is and MUST already be 27 or 28 for use with ecrecover.\\n *\\n * Consider validating the result before use, or use {tryRecover}/{recover} which perform full validation.\\n */\\n function parse(bytes memory signature) internal pure returns (uint8 v, bytes32 r, bytes32 s) {\\n assembly (\\\"memory-safe\\\") {\\n // Check the signature length\\n switch mload(signature)\\n // - case 65: r,s,v signature (standard)\\n case 65 {\\n r := mload(add(signature, 0x20))\\n s := mload(add(signature, 0x40))\\n v := byte(0, mload(add(signature, 0x60)))\\n }\\n // - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098)\\n case 64 {\\n let vs := mload(add(signature, 0x40))\\n r := mload(add(signature, 0x20))\\n s := and(vs, shr(1, not(0)))\\n v := add(shr(255, vs), 27)\\n }\\n default {\\n r := 0\\n s := 0\\n v := 0\\n }\\n }\\n }\\n\\n /**\\n * @dev Variant of {parse} that takes a signature in calldata\\n */\\n function parseCalldata(bytes calldata signature) internal pure returns (uint8 v, bytes32 r, bytes32 s) {\\n assembly (\\\"memory-safe\\\") {\\n // Check the signature length\\n switch signature.length\\n // - case 65: r,s,v signature (standard)\\n case 65 {\\n r := calldataload(signature.offset)\\n s := calldataload(add(signature.offset, 0x20))\\n v := byte(0, calldataload(add(signature.offset, 0x40)))\\n }\\n // - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098)\\n case 64 {\\n let vs := calldataload(add(signature.offset, 0x20))\\n r := calldataload(signature.offset)\\n s := and(vs, shr(1, not(0)))\\n v := add(shr(255, vs), 27)\\n }\\n default {\\n r := 0\\n s := 0\\n v := 0\\n }\\n }\\n }\\n\\n /**\\n * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.\\n */\\n function _throwError(RecoverError error, bytes32 errorArg) private pure {\\n if (error == RecoverError.NoError) {\\n return; // no error: do nothing\\n } else if (error == RecoverError.InvalidSignature) {\\n revert ECDSAInvalidSignature();\\n } else if (error == RecoverError.InvalidSignatureLength) {\\n revert ECDSAInvalidSignatureLength(uint256(errorArg));\\n } else if (error == RecoverError.InvalidSignatureS) {\\n revert ECDSAInvalidSignatureS(errorArg);\\n }\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/cryptography/EIP712.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.5.0) (utils/cryptography/EIP712.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {MessageHashUtils} from \\\"./MessageHashUtils.sol\\\";\\nimport {ShortStrings, ShortString} from \\\"../ShortStrings.sol\\\";\\nimport {IERC5267} from \\\"../../interfaces/IERC5267.sol\\\";\\n\\n/**\\n * @dev https://eips.ethereum.org/EIPS/eip-712[EIP-712] is a standard for hashing and signing of typed structured data.\\n *\\n * The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose\\n * encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract\\n * does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to\\n * produce the hash of their typed data using a combination of `abi.encode` and `keccak256`.\\n *\\n * This contract implements the EIP-712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding\\n * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA\\n * ({_hashTypedDataV4}).\\n *\\n * The implementation of the domain separator was designed to be as efficient as possible while still properly updating\\n * the chain id to protect against replay attacks on an eventual fork of the chain.\\n *\\n * NOTE: This contract implements the version of the encoding known as \\\"v4\\\", as implemented by the JSON RPC method\\n * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].\\n *\\n * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain\\n * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the\\n * separator from the immutable values, which is cheaper than accessing a cached version in cold storage.\\n *\\n * @custom:oz-upgrades-unsafe-allow state-variable-immutable\\n */\\nabstract contract EIP712 is IERC5267 {\\n using ShortStrings for *;\\n\\n bytes32 private constant TYPE_HASH =\\n keccak256(\\\"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)\\\");\\n\\n // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to\\n // invalidate the cached domain separator if the chain id changes.\\n bytes32 private immutable _cachedDomainSeparator;\\n uint256 private immutable _cachedChainId;\\n address private immutable _cachedThis;\\n\\n bytes32 private immutable _hashedName;\\n bytes32 private immutable _hashedVersion;\\n\\n ShortString private immutable _name;\\n ShortString private immutable _version;\\n // slither-disable-next-line constable-states\\n string private _nameFallback;\\n // slither-disable-next-line constable-states\\n string private _versionFallback;\\n\\n /**\\n * @dev Initializes the domain separator and parameter caches.\\n *\\n * The meaning of `name` and `version` is specified in\\n * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP-712]:\\n *\\n * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.\\n * - `version`: the current major version of the signing domain.\\n *\\n * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart\\n * contract upgrade].\\n */\\n constructor(string memory name, string memory version) {\\n _name = name.toShortStringWithFallback(_nameFallback);\\n _version = version.toShortStringWithFallback(_versionFallback);\\n _hashedName = keccak256(bytes(name));\\n _hashedVersion = keccak256(bytes(version));\\n\\n _cachedChainId = block.chainid;\\n _cachedDomainSeparator = _buildDomainSeparator();\\n _cachedThis = address(this);\\n }\\n\\n /**\\n * @dev Returns the domain separator for the current chain.\\n */\\n function _domainSeparatorV4() internal view returns (bytes32) {\\n if (address(this) == _cachedThis && block.chainid == _cachedChainId) {\\n return _cachedDomainSeparator;\\n } else {\\n return _buildDomainSeparator();\\n }\\n }\\n\\n function _buildDomainSeparator() private view returns (bytes32) {\\n return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));\\n }\\n\\n /**\\n * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this\\n * function returns the hash of the fully encoded EIP712 message for this domain.\\n *\\n * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:\\n *\\n * ```solidity\\n * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(\\n * keccak256(\\\"Mail(address to,string contents)\\\"),\\n * mailTo,\\n * keccak256(bytes(mailContents))\\n * )));\\n * address signer = ECDSA.recover(digest, signature);\\n * ```\\n */\\n function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {\\n return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash);\\n }\\n\\n /// @inheritdoc IERC5267\\n function eip712Domain()\\n public\\n view\\n virtual\\n returns (\\n bytes1 fields,\\n string memory name,\\n string memory version,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt,\\n uint256[] memory extensions\\n )\\n {\\n return (\\n hex\\\"0f\\\", // 01111\\n _EIP712Name(),\\n _EIP712Version(),\\n block.chainid,\\n address(this),\\n bytes32(0),\\n new uint256[](0)\\n );\\n }\\n\\n /**\\n * @dev The name parameter for the EIP712 domain.\\n *\\n * NOTE: By default this function reads _name which is an immutable value.\\n * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).\\n */\\n // solhint-disable-next-line func-name-mixedcase\\n function _EIP712Name() internal view returns (string memory) {\\n return _name.toStringWithFallback(_nameFallback);\\n }\\n\\n /**\\n * @dev The version parameter for the EIP712 domain.\\n *\\n * NOTE: By default this function reads _version which is an immutable value.\\n * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).\\n */\\n // solhint-disable-next-line func-name-mixedcase\\n function _EIP712Version() internal view returns (string memory) {\\n return _version.toStringWithFallback(_versionFallback);\\n }\\n}\\n\"},\"lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol\":{\"content\":\"// SPDX-License-Identifier: MIT\\n// OpenZeppelin Contracts (last updated v5.6.0) (utils/cryptography/MessageHashUtils.sol)\\n\\npragma solidity ^0.8.24;\\n\\nimport {Strings} from \\\"../Strings.sol\\\";\\n\\n/**\\n * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.\\n *\\n * The library provides methods for generating a hash of a message that conforms to the\\n * https://eips.ethereum.org/EIPS/eip-191[ERC-191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]\\n * specifications.\\n */\\nlibrary MessageHashUtils {\\n error ERC5267ExtensionsNotSupported();\\n\\n /**\\n * @dev Returns the keccak256 digest of an ERC-191 signed data with version\\n * `0x45` (`personal_sign` messages).\\n *\\n * The digest is calculated by prefixing a bytes32 `messageHash` with\\n * `\\\"\\\\x19Ethereum Signed Message:\\\\n32\\\"` and hashing the result. It corresponds with the\\n * hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.\\n *\\n * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with\\n * keccak256, although any bytes32 value can be safely used because the final digest will\\n * be re-hashed.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {\\n assembly (\\\"memory-safe\\\") {\\n mstore(0x00, \\\"\\\\x19Ethereum Signed Message:\\\\n32\\\") // 32 is the bytes-length of messageHash\\n mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix\\n digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)\\n }\\n }\\n\\n /**\\n * @dev Returns the keccak256 digest of an ERC-191 signed data with version\\n * `0x45` (`personal_sign` messages).\\n *\\n * The digest is calculated by prefixing an arbitrary `message` with\\n * `\\\"\\\\x19Ethereum Signed Message:\\\\n\\\" + len(message)` and hashing the result. It corresponds with the\\n * hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {\\n return\\n keccak256(bytes.concat(\\\"\\\\x19Ethereum Signed Message:\\\\n\\\", bytes(Strings.toString(message.length)), message));\\n }\\n\\n /**\\n * @dev Returns the keccak256 digest of an ERC-191 signed data with version\\n * `0x00` (data with intended validator).\\n *\\n * The digest is calculated by prefixing an arbitrary `data` with `\\\"\\\\x19\\\\x00\\\"` and the intended\\n * `validator` address. Then hashing the result.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {\\n return keccak256(abi.encodePacked(hex\\\"19_00\\\", validator, data));\\n }\\n\\n /**\\n * @dev Variant of {toDataWithIntendedValidatorHash-address-bytes} optimized for cases where `data` is a bytes32.\\n */\\n function toDataWithIntendedValidatorHash(\\n address validator,\\n bytes32 messageHash\\n ) internal pure returns (bytes32 digest) {\\n assembly (\\\"memory-safe\\\") {\\n mstore(0x00, hex\\\"19_00\\\")\\n mstore(0x02, shl(96, validator))\\n mstore(0x16, messageHash)\\n digest := keccak256(0x00, 0x36)\\n }\\n }\\n\\n /**\\n * @dev Returns the keccak256 digest of an EIP-712 typed data (ERC-191 version `0x01`).\\n *\\n * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with\\n * `\\\\x19\\\\x01` and hashing the result. It corresponds to the hash signed by the\\n * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.\\n *\\n * See {ECDSA-recover}.\\n */\\n function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {\\n assembly (\\\"memory-safe\\\") {\\n let ptr := mload(0x40)\\n mstore(ptr, hex\\\"19_01\\\")\\n mstore(add(ptr, 0x02), domainSeparator)\\n mstore(add(ptr, 0x22), structHash)\\n digest := keccak256(ptr, 0x42)\\n }\\n }\\n\\n /**\\n * @dev Returns the EIP-712 domain separator constructed from an `eip712Domain`. See {IERC5267-eip712Domain}\\n *\\n * This function dynamically constructs the domain separator based on which fields are present in the\\n * `fields` parameter. It contains flags that indicate which domain fields are present:\\n *\\n * * Bit 0 (0x01): name\\n * * Bit 1 (0x02): version\\n * * Bit 2 (0x04): chainId\\n * * Bit 3 (0x08): verifyingContract\\n * * Bit 4 (0x10): salt\\n *\\n * Arguments that correspond to fields which are not present in `fields` are ignored. For example, if `fields` is\\n * `0x0f` (`0b01111`), then the `salt` parameter is ignored.\\n */\\n function toDomainSeparator(\\n bytes1 fields,\\n string memory name,\\n string memory version,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt\\n ) internal pure returns (bytes32 hash) {\\n return\\n toDomainSeparator(\\n fields,\\n keccak256(bytes(name)),\\n keccak256(bytes(version)),\\n chainId,\\n verifyingContract,\\n salt\\n );\\n }\\n\\n /// @dev Variant of {toDomainSeparator-bytes1-string-string-uint256-address-bytes32} that uses hashed name and version.\\n function toDomainSeparator(\\n bytes1 fields,\\n bytes32 nameHash,\\n bytes32 versionHash,\\n uint256 chainId,\\n address verifyingContract,\\n bytes32 salt\\n ) internal pure returns (bytes32 hash) {\\n bytes32 domainTypeHash = toDomainTypeHash(fields);\\n\\n assembly (\\\"memory-safe\\\") {\\n // align fields to the right for easy processing\\n fields := shr(248, fields)\\n\\n // FMP used as scratch space\\n let fmp := mload(0x40)\\n mstore(fmp, domainTypeHash)\\n\\n let ptr := add(fmp, 0x20)\\n if and(fields, 0x01) {\\n mstore(ptr, nameHash)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x02) {\\n mstore(ptr, versionHash)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x04) {\\n mstore(ptr, chainId)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x08) {\\n mstore(ptr, verifyingContract)\\n ptr := add(ptr, 0x20)\\n }\\n if and(fields, 0x10) {\\n mstore(ptr, salt)\\n ptr := add(ptr, 0x20)\\n }\\n\\n hash := keccak256(fmp, sub(ptr, fmp))\\n }\\n }\\n\\n /// @dev Builds an EIP-712 domain type hash depending on the `fields` provided, following https://eips.ethereum.org/EIPS/eip-5267[ERC-5267]\\n function toDomainTypeHash(bytes1 fields) internal pure returns (bytes32 hash) {\\n if (fields & 0x20 == 0x20) revert ERC5267ExtensionsNotSupported();\\n\\n assembly (\\\"memory-safe\\\") {\\n // align fields to the right for easy processing\\n fields := shr(248, fields)\\n\\n // FMP used as scratch space\\n let fmp := mload(0x40)\\n mstore(fmp, \\\"EIP712Domain(\\\")\\n\\n let ptr := add(fmp, 0x0d)\\n // name field\\n if and(fields, 0x01) {\\n mstore(ptr, \\\"string name,\\\")\\n ptr := add(ptr, 0x0c)\\n }\\n // version field\\n if and(fields, 0x02) {\\n mstore(ptr, \\\"string version,\\\")\\n ptr := add(ptr, 0x0f)\\n }\\n // chainId field\\n if and(fields, 0x04) {\\n mstore(ptr, \\\"uint256 chainId,\\\")\\n ptr := add(ptr, 0x10)\\n }\\n // verifyingContract field\\n if and(fields, 0x08) {\\n mstore(ptr, \\\"address verifyingContract,\\\")\\n ptr := add(ptr, 0x1a)\\n }\\n // salt field\\n if and(fields, 0x10) {\\n mstore(ptr, \\\"bytes32 salt,\\\")\\n ptr := add(ptr, 0x0d)\\n }\\n // if any field is enabled, remove the trailing comma\\n ptr := sub(ptr, iszero(iszero(and(fields, 0x1f))))\\n // add the closing brace\\n mstore8(ptr, 0x29) // add closing brace\\n ptr := add(ptr, 1)\\n\\n hash := keccak256(fmp, sub(ptr, fmp))\\n }\\n }\\n}\\n\"}},\"language\":\"Solidity\",\"settings\":{\"viaIR\":true,\"metadata\":{\"appendCBOR\":true,\"bytecodeHash\":\"ipfs\",\"useLiteralContent\":false},\"libraries\":{},\"optimizer\":{\"runs\":200,\"enabled\":true},\"evmVersion\":\"cancun\",\"remappings\":[\"@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/\",\"ens-contracts/=lib/ens-contracts/contracts/\",\"forge-std/=lib/forge-std/src/\",\"erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/\",\"halmos-cheatcodes/=lib/openzeppelin-contracts/lib/halmos-cheatcodes/src/\",\"openzeppelin-contracts/=lib/openzeppelin-contracts/\"]}}","abi":"[{\"type\":\"constructor\",\"inputs\":[{\"name\":\"initialOwner\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"initialAttestor\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"nonpayable\"},{\"name\":\"AttestationExpired\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"AttestorNotSet\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"ECDSAInvalidSignature\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"ECDSAInvalidSignatureLength\",\"type\":\"error\",\"inputs\":[{\"name\":\"length\",\"type\":\"uint256\",\"internalType\":\"uint256\"}]},{\"name\":\"ECDSAInvalidSignatureS\",\"type\":\"error\",\"inputs\":[{\"name\":\"s\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"}]},{\"name\":\"InvalidOracleProof\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"InvalidProofFormat\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"InvalidShortString\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"InvalidSignature\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"OwnableInvalidOwner\",\"type\":\"error\",\"inputs\":[{\"name\":\"owner\",\"type\":\"address\",\"internalType\":\"address\"}]},{\"name\":\"OwnableUnauthorizedAccount\",\"type\":\"error\",\"inputs\":[{\"name\":\"account\",\"type\":\"address\",\"internalType\":\"address\"}]},{\"name\":\"StringTooLong\",\"type\":\"error\",\"inputs\":[{\"name\":\"str\",\"type\":\"string\",\"internalType\":\"string\"}]},{\"name\":\"ZeroAddress\",\"type\":\"error\",\"inputs\":[]},{\"name\":\"AttestorUpdated\",\"type\":\"event\",\"inputs\":[{\"name\":\"oldAttestor\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"},{\"name\":\"newAttestor\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"}],\"anonymous\":false},{\"name\":\"EIP712DomainChanged\",\"type\":\"event\",\"inputs\":[],\"anonymous\":false},{\"name\":\"OwnershipTransferStarted\",\"type\":\"event\",\"inputs\":[{\"name\":\"previousOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"},{\"name\":\"newOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"}],\"anonymous\":false},{\"name\":\"OwnershipTransferred\",\"type\":\"event\",\"inputs\":[{\"name\":\"previousOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"},{\"name\":\"newOwner\",\"type\":\"address\",\"indexed\":true,\"internalType\":\"address\"}],\"anonymous\":false},{\"name\":\"TRANSFER_ATTESTATION_TYPEHASH\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"}],\"stateMutability\":\"view\"},{\"name\":\"acceptOwnership\",\"type\":\"function\",\"inputs\":[],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"attestor\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"view\"},{\"name\":\"eip712Domain\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"fields\",\"type\":\"bytes1\",\"internalType\":\"bytes1\"},{\"name\":\"name\",\"type\":\"string\",\"internalType\":\"string\"},{\"name\":\"version\",\"type\":\"string\",\"internalType\":\"string\"},{\"name\":\"chainId\",\"type\":\"uint256\",\"internalType\":\"uint256\"},{\"name\":\"verifyingContract\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"salt\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"},{\"name\":\"extensions\",\"type\":\"uint256[]\",\"internalType\":\"uint256[]\"}],\"stateMutability\":\"view\"},{\"name\":\"hashTransferAttestation\",\"type\":\"function\",\"inputs\":[{\"name\":\"tokenId\",\"type\":\"uint256\",\"internalType\":\"uint256\"},{\"name\":\"from\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"to\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"sealedKeyHash\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"},{\"name\":\"deadline\",\"type\":\"uint64\",\"internalType\":\"uint64\"}],\"outputs\":[{\"name\":\"\",\"type\":\"bytes32\",\"internalType\":\"bytes32\"}],\"stateMutability\":\"view\"},{\"name\":\"owner\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"view\"},{\"name\":\"pendingOwner\",\"type\":\"function\",\"inputs\":[],\"outputs\":[{\"name\":\"\",\"type\":\"address\",\"internalType\":\"address\"}],\"stateMutability\":\"view\"},{\"name\":\"renounceOwnership\",\"type\":\"function\",\"inputs\":[],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"setAttestor\",\"type\":\"function\",\"inputs\":[{\"name\":\"newAttestor\",\"type\":\"address\",\"internalType\":\"address\"}],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"transferOwnership\",\"type\":\"function\",\"inputs\":[{\"name\":\"newOwner\",\"type\":\"address\",\"internalType\":\"address\"}],\"outputs\":[],\"stateMutability\":\"nonpayable\"},{\"name\":\"verifyProof\",\"type\":\"function\",\"inputs\":[{\"name\":\"proof\",\"type\":\"bytes\",\"internalType\":\"bytes\"},{\"name\":\"tokenId\",\"type\":\"uint256\",\"internalType\":\"uint256\"},{\"name\":\"from\",\"type\":\"address\",\"internalType\":\"address\"},{\"name\":\"to\",\"type\":\"address\",\"internalType\":\"address\"}],\"outputs\":[{\"name\":\"\",\"type\":\"bool\",\"internalType\":\"bool\"}],\"stateMutability\":\"view\"}]","version":"0.8.30+commit.73712a01","evmVersion":"cancun","optimization":1,"runs":200,"libraries":[],"license":"None","constructorArgs":"0x000000000000000000000000d24e06f0dbada268314dbcb97f48f87b85b6dd30000000000000000000000000d24e06f0dbada268314dbcb97f48f87b85b6dd30","similarMatchAddress":null,"exactMatch":true,"similarMatchNetworkId":null,"crossSpace":false},"proxy":{},"beacon":{"verify":{}},"implementation":{"verify":{}},"destroy":{"status":0,"message":"deployed"},"isRegistered":true,"accountInfo":{"total":0,"map":{}}}}