/

    Contract Diff Checker

    Contract Name:
    StablePool

    Contract Source Code:

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import { IBasePool } from "../vault/IBasePool.sol";
    
    /**
     * @notice Full state of any ongoing or scheduled amplification parameter update.
     * @dev If there is an ongoing or scheduled update, `startTime` and/or `endTime` will be in the future.
     * On initialization, startTime == endTime, and both startValue and endValue will reflect the initial amp setting.
     * Balancer timestamps are 32 bits.
     *
     * @return startValue The amplification parameter at the start of the update
     * @return endValue The final value of the amplification parameter
     * @return startTime The timestamp when the update begins
     * @return endTime The timestamp when the update ends
     */
    struct AmplificationState {
        uint64 startValue;
        uint64 endValue;
        uint32 startTime;
        uint32 endTime;
    }
    
    /**
     * @notice Stable Pool data that cannot change after deployment.
     * @param tokens Pool tokens, sorted in token registration order
     * @param decimalScalingFactors Conversion factor used to adjust for token decimals for uniform precision in
     * calculations. FP(1) for 18-decimal tokens
     * @param amplificationParameterPrecision Scaling factor used to increase the precision of calculations involving the
     * `amplificationParameter`. (See StableMath `MIN_AMP`, `MAX_AMP`, `AMP_PRECISION`)
     */
    struct StablePoolImmutableData {
        IERC20[] tokens;
        uint256[] decimalScalingFactors;
        uint256 amplificationParameterPrecision;
    }
    
    /**
     * @notice Snapshot of current Stable Pool data that can change.
     * @dev Note that live balances will not necessarily be accurate if the pool is in Recovery Mode. Withdrawals
     * in Recovery Mode do not make external calls (including those necessary for updating live balances), so if
     * there are withdrawals, raw and live balances will be out of sync until Recovery Mode is disabled.
     *
     * @param balancesLiveScaled18 Token balances after paying yield fees, applying decimal scaling and rates
     * @param tokenRates 18-decimal FP values for rate tokens (e.g., yield-bearing), or FP(1) for standard tokens
     * @param staticSwapFeePercentage 18-decimal FP value of the static swap fee percentage
     * @param totalSupply The current total supply of the pool tokens (BPT)
     * @param bptRate The current rate of a pool token (BPT) = invariant / totalSupply
     * @param amplificationParameter Controls the "flatness" of the invariant curve. higher values = lower slippage,
     * and assumes prices are near parity. lower values = closer to the constant product curve (e.g., more like a
     * weighted pool). This has higher slippage, and accommodates greater price volatility. Note that this is the raw
     * amp value, not multiplied by `StableMath.AMP_PRECISION`
     * @param startValue The amplification parameter at the start of an update
     * @param endValue The final value of the amplification parameter
     * @param startTime The timestamp when the update begins
     * @param endTime The timestamp when the update ends
     * @param isAmpUpdating True if an amplification parameter update is in progress
     * @param isPoolInitialized If false, the pool has not been seeded with initial liquidity, so operations will revert
     * @param isPoolPaused If true, the pool is paused, and all non-recovery-mode state-changing operations will revert
     * @param isPoolInRecoveryMode If true, Recovery Mode withdrawals are enabled, and live balances may be inaccurate
     */
    struct StablePoolDynamicData {
        uint256[] balancesLiveScaled18;
        uint256[] tokenRates;
        uint256 staticSwapFeePercentage;
        uint256 totalSupply;
        uint256 bptRate;
        uint256 amplificationParameter;
        uint256 startValue;
        uint256 endValue;
        uint32 startTime;
        uint32 endTime;
        bool isAmpUpdating;
        bool isPoolInitialized;
        bool isPoolPaused;
        bool isPoolInRecoveryMode;
    }
    
    /// @notice Full Stable Pool interface.
    interface IStablePool is IBasePool {
        /**
         * @notice Begins changing the amplification parameter to `rawEndValue` over time.
         * @dev The value will change linearly until `endTime` is reached, when it will equal `rawEndValue`.
         * NOTE: Internally, the amplification parameter is represented using higher precision. The values returned by
         * `getAmplificationParameter` have to be corrected to account for this when comparing to `rawEndValue`.
         *
         * @param rawEndValue The desired ending value of the amplification parameter
         * @param endTime The timestamp when the amplification parameter update is complete
         */
        function startAmplificationParameterUpdate(uint256 rawEndValue, uint256 endTime) external;
    
        /// @dev Stops the amplification parameter change process, keeping the current value.
        function stopAmplificationParameterUpdate() external;
    
        /**
         * @notice Get all the amplification parameters.
         * @return value Current amplification parameter value (could be in the middle of an update)
         * @return isUpdating True if an amplification parameter update is in progress
         * @return precision The raw value is multiplied by this number for greater precision during updates
         */
        function getAmplificationParameter() external view returns (uint256 value, bool isUpdating, uint256 precision);
    
        /**
         * @notice Get the full state of any ongoing or scheduled amplification parameter update.
         * @dev Starting and ending values are returned in their full precision state.
         * @return amplificationState Struct containing the update data
         * @return precision The raw parameter value is multiplied by this number for greater precision during updates
         */
        function getAmplificationState()
            external
            view
            returns (AmplificationState memory amplificationState, uint256 precision);
    
        /**
         * @notice Get dynamic pool data relevant to swap/add/remove calculations.
         * @return data A struct containing all dynamic stable pool parameters
         */
        function getStablePoolDynamicData() external view returns (StablePoolDynamicData memory data);
    
        /**
         * @notice Get immutable pool data relevant to swap/add/remove calculations.
         * @return data A struct containing all immutable stable pool parameters
         */
        function getStablePoolImmutableData() external view returns (StablePoolImmutableData memory data);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import { TokenInfo } from "../vault/VaultTypes.sol";
    
    /**
     * @notice Convenience interface for pools, to get easy access to information stored in the Vault.
     * Intended mostly for off-chain requests; pools do not need to implement this to work properly.
     */
    interface IPoolInfo {
        /**
         * @notice Gets the tokens registered in the pool.
         * @return tokens List of tokens in the pool, sorted in registration order
         */
        function getTokens() external view returns (IERC20[] memory tokens);
    
        /**
         * @notice Gets the raw data for the pool: tokens, token info, raw balances, and last live balances.
         * @return tokens Pool tokens, sorted in token registration order
         * @return tokenInfo Token info structs (type, rate provider, yield flag), sorted in token registration order
         * @return balancesRaw Current native decimal balances of the pool tokens, sorted in token registration order
         * @return lastBalancesLiveScaled18 Last saved live balances, sorted in token registration order
         */
        function getTokenInfo()
            external
            view
            returns (
                IERC20[] memory tokens,
                TokenInfo[] memory tokenInfo,
                uint256[] memory balancesRaw,
                uint256[] memory lastBalancesLiveScaled18
            );
    
        /**
         * @notice Gets the current live balances of the pool as fixed point, 18-decimal numbers.
         * @dev Note that live balances will not necessarily be accurate if the pool is in Recovery Mode.
         * Withdrawals in Recovery Mode do not make external calls (including those necessary for updating live balances),
         * so if there are withdrawals, raw and live balances will be out of sync until Recovery Mode is disabled.
         *
         * @return balancesLiveScaled18 Token balances after paying yield fees, applying decimal scaling and rates
         */
        function getCurrentLiveBalances() external view returns (uint256[] memory balancesLiveScaled18);
    
        /**
         * @notice Fetches the static swap fee percentage for the pool.
         * @return staticSwapFeePercentage 18-decimal FP value of the static swap fee percentage
         */
        function getStaticSwapFeePercentage() external view returns (uint256 staticSwapFeePercentage);
    
        /**
         * @notice Gets the aggregate swap and yield fee percentages for a pool.
         * @dev These are determined by the current protocol and pool creator fees, set in the `ProtocolFeeController`.
         * @return aggregateSwapFeePercentage The aggregate percentage fee applied to swaps
         * @return aggregateYieldFeePercentage The aggregate percentage fee applied to yield
         */
        function getAggregateFeePercentages()
            external
            view
            returns (uint256 aggregateSwapFeePercentage, uint256 aggregateYieldFeePercentage);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    /// @notice Simple interface for permissioned calling of external functions.
    interface IAuthentication {
        /// @notice The sender does not have permission to call a function.
        error SenderNotAllowed();
    
        /**
         * @notice Returns the action identifier associated with the external function described by `selector`.
         * @param selector The 4-byte selector of the permissioned function
         * @return actionId The computed actionId
         */
        function getActionId(bytes4 selector) external view returns (bytes32 actionId);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    /// @notice General interface for token exchange rates.
    interface IRateProvider {
        /**
         * @notice An 18 decimal fixed point number representing the exchange rate of one token to another related token.
         * @dev The meaning of this rate depends on the context. Note that there may be an error associated with a token
         * rate, and the caller might require a certain rounding direction to ensure correctness. This (legacy) interface
         * does not take a rounding direction or return an error, so great care must be taken when interpreting and using
         * rates in downstream computations.
         *
         * @return rate The current token rate
         */
        function getRate() external view returns (uint256 rate);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    /// @notice Simple interface to retrieve the version of a deployed contract.
    interface IVersion {
        /**
         * @notice Return arbitrary text representing the version of a contract.
         * @dev For standard Balancer contracts, returns a JSON representation of the contract version containing name,
         * version number and task ID. See real examples in the deployment repo; local tests just use plain text strings.
         *
         * @return version The version string corresponding to the current deployed contract
         */
        function version() external view returns (string memory);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    /// @notice Interface to the Vault's permission system.
    interface IAuthorizer {
        /**
         * @notice Returns true if `account` can perform the action described by `actionId` in the contract `where`.
         * @param actionId Identifier for the action to be performed
         * @param account Account trying to perform the action
         * @param where Target contract for the action
         * @return success True if the action is permitted
         */
        function canPerform(bytes32 actionId, address account, address where) external view returns (bool success);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IUnbalancedLiquidityInvariantRatioBounds } from "./IUnbalancedLiquidityInvariantRatioBounds.sol";
    import { ISwapFeePercentageBounds } from "./ISwapFeePercentageBounds.sol";
    import { PoolSwapParams, Rounding, SwapKind } from "./VaultTypes.sol";
    
    /**
     * @notice Base interface for a Balancer Pool.
     * @dev All pool types should implement this interface. Note that it also requires implementation of:
     * - `ISwapFeePercentageBounds` to specify the minimum and maximum swap fee percentages.
     * - `IUnbalancedLiquidityInvariantRatioBounds` to specify how much the invariant can change during an unbalanced
     * liquidity operation.
     */
    interface IBasePool is ISwapFeePercentageBounds, IUnbalancedLiquidityInvariantRatioBounds {
        /***************************************************************************
                                       Invariant
        ***************************************************************************/
    
        /**
         * @notice Computes the pool's invariant.
         * @dev This function computes the invariant based on current balances (and potentially other pool state).
         * The rounding direction must be respected for the Vault to round in the pool's favor when calling this function.
         * If the invariant computation involves no precision loss (e.g. simple sum of balances), the same result can be
         * returned for both rounding directions.
         *
         * You can think of the invariant as a measure of the "value" of the pool, which is related to the total liquidity
         * (i.e., the "BPT rate" is `invariant` / `totalSupply`). Two critical properties must hold:
         *
         * 1) The invariant should not change due to a swap. In practice, it can *increase* due to swap fees, which
         * effectively add liquidity after the swap - but it should never decrease.
         *
         * 2) The invariant must be "linear"; i.e., increasing the balances proportionally must increase the invariant in
         * the same proportion: inv(a * n, b * n, c * n) = inv(a, b, c) * n
         *
         * Property #1 is required to prevent "round trip" paths that drain value from the pool (and all LP shareholders).
         * Intuitively, an accurate pricing algorithm ensures the user gets an equal value of token out given token in, so
         * the total value should not change.
         *
         * Property #2 is essential for the "fungibility" of LP shares. If it did not hold, then different users depositing
         * the same total value would get a different number of LP shares. In that case, LP shares would not be
         * interchangeable, as they must be in a fair DEX.
         *
         * @param balancesLiveScaled18 Token balances after paying yield fees, applying decimal scaling and rates
         * @param rounding Rounding direction to consider when computing the invariant
         * @return invariant The calculated invariant of the pool, represented as a uint256
         */
        function computeInvariant(
            uint256[] memory balancesLiveScaled18,
            Rounding rounding
        ) external view returns (uint256 invariant);
    
        /**
         * @notice Computes a new token balance, given the invariant growth ratio and all other balances.
         * @dev Similar to V2's `_getTokenBalanceGivenInvariantAndAllOtherBalances` in StableMath.
         * The pool must round up for the Vault to round in the protocol's favor when calling this function.
         *
         * @param balancesLiveScaled18 Token balances after paying yield fees, applying decimal scaling and rates
         * @param tokenInIndex The index of the token we're computing the balance for, sorted in token registration order
         * @param invariantRatio The ratio of the new invariant (after an operation) to the old
         * @return newBalance The new balance of the selected token, after the operation
         */
        function computeBalance(
            uint256[] memory balancesLiveScaled18,
            uint256 tokenInIndex,
            uint256 invariantRatio
        ) external view returns (uint256 newBalance);
    
        /***************************************************************************
                                           Swaps
        ***************************************************************************/
    
        /**
         * @notice Execute a swap in the pool.
         * @param params Swap parameters (see above for struct definition)
         * @return amountCalculatedScaled18 Calculated amount for the swap operation
         */
        function onSwap(PoolSwapParams calldata params) external returns (uint256 amountCalculatedScaled18);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    // Explicitly import VaultTypes structs because we expect this interface to be heavily used by external developers.
    // Internally, when this list gets too long, we usually just do a simple import to keep things tidy.
    import {
        TokenConfig,
        LiquidityManagement,
        PoolSwapParams,
        AfterSwapParams,
        HookFlags,
        AddLiquidityKind,
        RemoveLiquidityKind,
        SwapKind
    } from "./VaultTypes.sol";
    
    /**
     * @notice Interface for pool hooks.
     * @dev Hooks are functions invoked by the Vault at specific points in the flow of each operation. This guarantees that
     * they are called in the correct order, and with the correct arguments. To maintain this security, these functions
     * should only be called by the Vault. The recommended way to do this is to derive the hook contract from `BaseHooks`,
     * then use the `onlyVault` modifier from `VaultGuard`. (See the examples in /pool-hooks.)
     */
    interface IHooks {
        /***************************************************************************
                                       Register
        ***************************************************************************/
    
        /**
         * @notice Hook executed when a pool is registered with a non-zero hooks contract.
         * @dev Returns true if registration was successful, and false to revert the pool registration.
         * Make sure this function is properly implemented (e.g. check the factory, and check that the
         * given pool is from the factory). The Vault address will be msg.sender.
         *
         * @param factory Address of the pool factory (contract deploying the pool)
         * @param pool Address of the pool
         * @param tokenConfig An array of descriptors for the tokens the pool will manage
         * @param liquidityManagement Liquidity management flags indicating which functions are enabled
         * @return success True if the hook allowed the registration, false otherwise
         */
        function onRegister(
            address factory,
            address pool,
            TokenConfig[] memory tokenConfig,
            LiquidityManagement calldata liquidityManagement
        ) external returns (bool success);
    
        /**
         * @notice Return the set of hooks implemented by the contract.
         * @dev The Vault will only call hooks the pool says it supports, and of course only if a hooks contract is defined
         * (i.e., the `poolHooksContract` in `PoolRegistrationParams` is non-zero).
         * `onRegister` is the only "mandatory" hook.
         *
         * @return hookFlags Flags indicating which hooks the contract supports
         */
        function getHookFlags() external view returns (HookFlags memory hookFlags);
    
        /***************************************************************************
                                       Initialize
        ***************************************************************************/
    
        /**
         * @notice Hook executed before pool initialization.
         * @dev Called if the `shouldCallBeforeInitialize` flag is set in the configuration. Hook contracts should use
         * the `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param exactAmountsIn Exact amounts of input tokens
         * @param userData Optional, arbitrary data sent with the encoded request
         * @return success True if the pool wishes to proceed with initialization
         */
        function onBeforeInitialize(uint256[] memory exactAmountsIn, bytes memory userData) external returns (bool success);
    
        /**
         * @notice Hook to be executed after pool initialization.
         * @dev Called if the `shouldCallAfterInitialize` flag is set in the configuration. Hook contracts should use
         * the `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param exactAmountsIn Exact amounts of input tokens
         * @param bptAmountOut Amount of pool tokens minted during initialization
         * @param userData Optional, arbitrary data sent with the encoded request
         * @return success True if the pool accepts the initialization results
         */
        function onAfterInitialize(
            uint256[] memory exactAmountsIn,
            uint256 bptAmountOut,
            bytes memory userData
        ) external returns (bool success);
    
        /***************************************************************************
                                       Add Liquidity
        ***************************************************************************/
    
        /**
         * @notice Hook to be executed before adding liquidity.
         * @dev Called if the `shouldCallBeforeAddLiquidity` flag is set in the configuration. Hook contracts should use
         * the `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param router The address (usually a router contract) that initiated an add liquidity operation on the Vault
         * @param pool Pool address, used to fetch pool information from the Vault (pool config, tokens, etc.)
         * @param kind The add liquidity operation type (e.g., proportional, custom)
         * @param maxAmountsInScaled18 Maximum amounts of input tokens
         * @param minBptAmountOut Minimum amount of output pool tokens
         * @param balancesScaled18 Current pool balances, sorted in token registration order
         * @param userData Optional, arbitrary data sent with the encoded request
         * @return success True if the pool wishes to proceed with settlement
         */
        function onBeforeAddLiquidity(
            address router,
            address pool,
            AddLiquidityKind kind,
            uint256[] memory maxAmountsInScaled18,
            uint256 minBptAmountOut,
            uint256[] memory balancesScaled18,
            bytes memory userData
        ) external returns (bool success);
    
        /**
         * @notice Hook to be executed after adding liquidity.
         * @dev Called if the `shouldCallAfterAddLiquidity` flag is set in the configuration. The Vault will ignore
         * `hookAdjustedAmountsInRaw` unless `enableHookAdjustedAmounts` is true. Hook contracts should use the
         * `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param router The address (usually a router contract) that initiated an add liquidity operation on the Vault
         * @param pool Pool address, used to fetch pool information from the Vault (pool config, tokens, etc.)
         * @param kind The add liquidity operation type (e.g., proportional, custom)
         * @param amountsInScaled18 Actual amounts of tokens added, sorted in token registration order
         * @param amountsInRaw Actual amounts of tokens added, sorted in token registration order
         * @param bptAmountOut Amount of pool tokens minted
         * @param balancesScaled18 Current pool balances, sorted in token registration order
         * @param userData Additional (optional) data provided by the user
         * @return success True if the pool wishes to proceed with settlement
         * @return hookAdjustedAmountsInRaw New amountsInRaw, potentially modified by the hook
         */
        function onAfterAddLiquidity(
            address router,
            address pool,
            AddLiquidityKind kind,
            uint256[] memory amountsInScaled18,
            uint256[] memory amountsInRaw,
            uint256 bptAmountOut,
            uint256[] memory balancesScaled18,
            bytes memory userData
        ) external returns (bool success, uint256[] memory hookAdjustedAmountsInRaw);
    
        /***************************************************************************
                                     Remove Liquidity
        ***************************************************************************/
    
        /**
         * @notice Hook to be executed before removing liquidity.
         * @dev Called if the `shouldCallBeforeRemoveLiquidity` flag is set in the configuration. Hook contracts should use
         * the `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param router The address (usually a router contract) that initiated a remove liquidity operation on the Vault
         * @param pool Pool address, used to fetch pool information from the Vault (pool config, tokens, etc.)
         * @param kind The type of remove liquidity operation (e.g., proportional, custom)
         * @param maxBptAmountIn Maximum amount of input pool tokens
         * @param minAmountsOutScaled18 Minimum output amounts, sorted in token registration order
         * @param balancesScaled18 Current pool balances, sorted in token registration order
         * @param userData Optional, arbitrary data sent with the encoded request
         * @return success True if the pool wishes to proceed with settlement
         */
        function onBeforeRemoveLiquidity(
            address router,
            address pool,
            RemoveLiquidityKind kind,
            uint256 maxBptAmountIn,
            uint256[] memory minAmountsOutScaled18,
            uint256[] memory balancesScaled18,
            bytes memory userData
        ) external returns (bool success);
    
        /**
         * @notice Hook to be executed after removing liquidity.
         * @dev Called if the `shouldCallAfterRemoveLiquidity` flag is set in the configuration. The Vault will ignore
         * `hookAdjustedAmountsOutRaw` unless `enableHookAdjustedAmounts` is true. Hook contracts should use the
         * `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param router The address (usually a router contract) that initiated a remove liquidity operation on the Vault
         * @param pool Pool address, used to fetch pool information from the Vault (pool config, tokens, etc.)
         * @param kind The type of remove liquidity operation (e.g., proportional, custom)
         * @param bptAmountIn Amount of pool tokens to burn
         * @param amountsOutScaled18 Scaled amount of tokens to receive, sorted in token registration order
         * @param amountsOutRaw Actual amount of tokens to receive, sorted in token registration order
         * @param balancesScaled18 Current pool balances, sorted in token registration order
         * @param userData Additional (optional) data provided by the user
         * @return success True if the pool wishes to proceed with settlement
         * @return hookAdjustedAmountsOutRaw New amountsOutRaw, potentially modified by the hook
         */
        function onAfterRemoveLiquidity(
            address router,
            address pool,
            RemoveLiquidityKind kind,
            uint256 bptAmountIn,
            uint256[] memory amountsOutScaled18,
            uint256[] memory amountsOutRaw,
            uint256[] memory balancesScaled18,
            bytes memory userData
        ) external returns (bool success, uint256[] memory hookAdjustedAmountsOutRaw);
    
        /***************************************************************************
                                        Swap
        ***************************************************************************/
    
        /**
         * @notice Called before a swap to give the Pool an opportunity to perform actions.
         * @dev Called if the `shouldCallBeforeSwap` flag is set in the configuration. Hook contracts should use the
         * `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param params Swap parameters (see PoolSwapParams for struct definition)
         * @param pool Pool address, used to get pool information from the Vault (poolData, token config, etc.)
         * @return success True if the pool wishes to proceed with settlement
         */
        function onBeforeSwap(PoolSwapParams calldata params, address pool) external returns (bool success);
    
        /**
         * @notice Called after a swap to perform further actions once the balances have been updated by the swap.
         * @dev Called if the `shouldCallAfterSwap` flag is set in the configuration. The Vault will ignore
         * `hookAdjustedAmountCalculatedRaw` unless `enableHookAdjustedAmounts` is true. Hook contracts should
         * use the `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param params Swap parameters (see above for struct definition)
         * @return success True if the pool wishes to proceed with settlement
         * @return hookAdjustedAmountCalculatedRaw New amount calculated, potentially modified by the hook
         */
        function onAfterSwap(
            AfterSwapParams calldata params
        ) external returns (bool success, uint256 hookAdjustedAmountCalculatedRaw);
    
        /**
         * @notice Called after `onBeforeSwap` and before the main swap operation, if the pool has dynamic fees.
         * @dev Called if the `shouldCallComputeDynamicSwapFee` flag is set in the configuration. Hook contracts should use
         * the `onlyVault` modifier to guarantee this is only called by the Vault.
         *
         * @param params Swap parameters (see PoolSwapParams for struct definition)
         * @param pool Pool address, used to get pool information from the Vault (poolData, token config, etc.)
         * @param staticSwapFeePercentage 18-decimal FP value of the static swap fee percentage, for reference
         * @return success True if the pool wishes to proceed with settlement
         * @return dynamicSwapFeePercentage Value of the swap fee percentage, as an 18-decimal FP value
         */
        function onComputeDynamicSwapFeePercentage(
            PoolSwapParams calldata params,
            address pool,
            uint256 staticSwapFeePercentage
        ) external view returns (bool success, uint256 dynamicSwapFeePercentage);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import { IVault } from "./IVault.sol";
    
    /// @notice Contract that handles protocol and pool creator fees for the Vault.
    interface IProtocolFeeController {
        /**
         * @notice Emitted when the protocol swap fee percentage is updated.
         * @param swapFeePercentage The updated protocol swap fee percentage
         */
        event GlobalProtocolSwapFeePercentageChanged(uint256 swapFeePercentage);
    
        /**
         * @notice Emitted when the protocol yield fee percentage is updated.
         * @param yieldFeePercentage The updated protocol yield fee percentage
         */
        event GlobalProtocolYieldFeePercentageChanged(uint256 yieldFeePercentage);
    
        /**
         * @notice Emitted when the protocol swap fee percentage is updated for a specific pool.
         * @param pool The pool whose protocol swap fee will be changed
         * @param swapFeePercentage The updated protocol swap fee percentage
         */
        event ProtocolSwapFeePercentageChanged(address indexed pool, uint256 swapFeePercentage);
    
        /**
         * @notice Emitted when the protocol yield fee percentage is updated for a specific pool.
         * @param pool The pool whose protocol yield fee will be changed
         * @param yieldFeePercentage The updated protocol yield fee percentage
         */
        event ProtocolYieldFeePercentageChanged(address indexed pool, uint256 yieldFeePercentage);
    
        /**
         * @notice Emitted when the pool creator swap fee percentage of a pool is updated.
         * @param pool The pool whose pool creator swap fee will be changed
         * @param poolCreatorSwapFeePercentage The new pool creator swap fee percentage for the pool
         */
        event PoolCreatorSwapFeePercentageChanged(address indexed pool, uint256 poolCreatorSwapFeePercentage);
    
        /**
         * @notice Emitted when the pool creator yield fee percentage of a pool is updated.
         * @param pool The pool whose pool creator yield fee will be changed
         * @param poolCreatorYieldFeePercentage The new pool creator yield fee percentage for the pool
         */
        event PoolCreatorYieldFeePercentageChanged(address indexed pool, uint256 poolCreatorYieldFeePercentage);
    
        /**
         * @notice Logs the collection of protocol swap fees in a specific token and amount.
         * @dev Note that since charging protocol fees (i.e., distributing tokens between pool and fee balances) occurs
         * in the Vault, but fee collection happens in the ProtocolFeeController, the swap fees reported here may encompass
         * multiple operations.
         *
         * @param pool The pool on which the swap fee was charged
         * @param token The token in which the swap fee was charged
         * @param amount The amount of the token collected in fees
         */
        event ProtocolSwapFeeCollected(address indexed pool, IERC20 indexed token, uint256 amount);
    
        /**
         * @notice Logs the collection of protocol yield fees in a specific token and amount.
         * @dev Note that since charging protocol fees (i.e., distributing tokens between pool and fee balances) occurs
         * in the Vault, but fee collection happens in the ProtocolFeeController, the yield fees reported here may encompass
         * multiple operations.
         *
         * @param pool The pool on which the yield fee was charged
         * @param token The token in which the yield fee was charged
         * @param amount The amount of the token collected in fees
         */
        event ProtocolYieldFeeCollected(address indexed pool, IERC20 indexed token, uint256 amount);
    
        /**
         * @notice Logs the withdrawal of protocol fees in a specific token and amount.
         * @param pool The pool from which protocol fees are being withdrawn
         * @param token The token being withdrawn
         * @param recipient The recipient of the funds
         * @param amount The amount of the fee token that was withdrawn
         */
        event ProtocolFeesWithdrawn(address indexed pool, IERC20 indexed token, address indexed recipient, uint256 amount);
    
        /**
         * @notice Logs the withdrawal of pool creator fees in a specific token and amount.
         * @param pool The pool from which pool creator fees are being withdrawn
         * @param token The token being withdrawn
         * @param recipient The recipient of the funds (the pool creator if permissionless, or another account)
         * @param amount The amount of the fee token that was withdrawn
         */
        event PoolCreatorFeesWithdrawn(
            address indexed pool,
            IERC20 indexed token,
            address indexed recipient,
            uint256 amount
        );
    
        /**
         * @notice Error raised when the protocol swap fee percentage exceeds the maximum allowed value.
         * @dev Note that this is checked for both the global and pool-specific protocol swap fee percentages.
         */
        error ProtocolSwapFeePercentageTooHigh();
    
        /**
         * @notice Error raised when the protocol yield fee percentage exceeds the maximum allowed value.
         * @dev Note that this is checked for both the global and pool-specific protocol yield fee percentages.
         */
        error ProtocolYieldFeePercentageTooHigh();
    
        /**
         * @notice Error raised if there is no pool creator on a withdrawal attempt from the given pool.
         * @param pool The pool with no creator
         */
        error PoolCreatorNotRegistered(address pool);
    
        /**
         * @notice Error raised if the wrong account attempts to withdraw pool creator fees.
         * @param caller The account attempting to withdraw pool creator fees
         * @param pool The pool the caller tried to withdraw from
         */
        error CallerIsNotPoolCreator(address caller, address pool);
    
        /// @notice Error raised when the pool creator swap or yield fee percentage exceeds the maximum allowed value.
        error PoolCreatorFeePercentageTooHigh();
    
        /**
         * @notice Get the address of the main Vault contract.
         * @return vault The Vault address
         */
        function vault() external view returns (IVault);
    
        /**
         * @notice Collects aggregate fees from the Vault for a given pool.
         * @param pool The pool with aggregate fees
         */
        function collectAggregateFees(address pool) external;
    
        /**
         * @notice Getter for the current global protocol swap fee.
         * @return protocolSwapFeePercentage The global protocol swap fee percentage
         */
        function getGlobalProtocolSwapFeePercentage() external view returns (uint256 protocolSwapFeePercentage);
    
        /**
         * @notice Getter for the current global protocol yield fee.
         * @return protocolYieldFeePercentage The global protocol yield fee percentage
         */
        function getGlobalProtocolYieldFeePercentage() external view returns (uint256 protocolYieldFeePercentage);
    
        /**
         * @notice Getter for the current protocol swap fee for a given pool.
         * @param pool The address of the pool
         * @return protocolSwapFeePercentage The global protocol swap fee percentage
         * @return isOverride True if the protocol fee has been overridden
         */
        function getPoolProtocolSwapFeeInfo(
            address pool
        ) external view returns (uint256 protocolSwapFeePercentage, bool isOverride);
    
        /**
         * @notice Getter for the current protocol yield fee for a given pool.
         * @param pool The address of the pool
         * @return protocolYieldFeePercentage The global protocol yield fee percentage
         * @return isOverride True if the protocol fee has been overridden
         */
        function getPoolProtocolYieldFeeInfo(
            address pool
        ) external view returns (uint256 protocolYieldFeePercentage, bool isOverride);
    
        /**
         * @notice Returns the amount of each pool token allocated to the protocol for withdrawal.
         * @dev Includes both swap and yield fees.
         * @param pool The address of the pool on which fees were collected
         * @return feeAmounts The total amounts of each token available for withdrawal, sorted in token registration order
         */
        function getProtocolFeeAmounts(address pool) external view returns (uint256[] memory feeAmounts);
    
        /**
         * @notice Returns the amount of each pool token allocated to the pool creator for withdrawal.
         * @dev Includes both swap and yield fees.
         * @param pool The address of the pool on which fees were collected
         * @return feeAmounts The total amounts of each token available for withdrawal, sorted in token registration order
         */
        function getPoolCreatorFeeAmounts(address pool) external view returns (uint256[] memory feeAmounts);
    
        /**
         * @notice Returns a calculated aggregate percentage from protocol and pool creator fee percentages.
         * @dev Not tied to any particular pool; this just performs the low-level "additive fee" calculation. Note that
         * pool creator fees are calculated based on creatorAndLpFees, and not in totalFees. Since aggregate fees are
         * stored in the Vault with 24-bit precision, this will truncate any values that require greater precision.
         * It is expected that pool creators will negotiate with the DAO and agree on reasonable values for these fee
         * components, but the truncation ensures it will not revert for any valid set of fee percentages.
         *
         * See example below:
         *
         * tokenOutAmount = 10000; poolSwapFeePct = 10%; protocolFeePct = 40%; creatorFeePct = 60%
         * totalFees = tokenOutAmount * poolSwapFeePct = 10000 * 10% = 1000
         * protocolFees = totalFees * protocolFeePct = 1000 * 40% = 400
         * creatorAndLpFees = totalFees - protocolFees = 1000 - 400 = 600
         * creatorFees = creatorAndLpFees * creatorFeePct = 600 * 60% = 360
         * lpFees (will stay in the pool) = creatorAndLpFees - creatorFees = 600 - 360 = 240
         *
         * @param protocolFeePercentage The protocol portion of the aggregate fee percentage
         * @param poolCreatorFeePercentage The pool creator portion of the aggregate fee percentage
         * @return aggregateFeePercentage The computed aggregate percentage
         */
        function computeAggregateFeePercentage(
            uint256 protocolFeePercentage,
            uint256 poolCreatorFeePercentage
        ) external pure returns (uint256 aggregateFeePercentage);
    
        /**
         * @notice Override the protocol swap fee percentage for a specific pool.
         * @dev This is a permissionless call, and will set the pool's fee to the current global fee, if it is different
         * from the current value, and the fee is not controlled by governance (i.e., has never been overridden).
         *
         * @param pool The pool for which we are setting the protocol swap fee
         */
        function updateProtocolSwapFeePercentage(address pool) external;
    
        /**
         * @notice Override the protocol yield fee percentage for a specific pool.
         * @dev This is a permissionless call, and will set the pool's fee to the current global fee, if it is different
         * from the current value, and the fee is not controlled by governance (i.e., has never been overridden).
         *
         * @param pool The pool for which we are setting the protocol yield fee
         */
        function updateProtocolYieldFeePercentage(address pool) external;
    
        /***************************************************************************
                                    Permissioned Functions
        ***************************************************************************/
    
        /**
         * @notice Add pool-specific entries to the protocol swap and yield percentages.
         * @dev This must be called from the Vault during pool registration. It will initialize the pool to the global
         * protocol fee percentage values (or 0, if the `protocolFeeExempt` flags is set), and return the initial aggregate
         * fee percentages, based on an initial pool creator fee of 0.
         *
         * @param pool The address of the pool being registered
         * @param poolCreator The address of the pool creator (or 0 if there won't be a pool creator fee)
         * @param protocolFeeExempt If true, the pool is initially exempt from protocol fees
         * @return aggregateSwapFeePercentage The initial aggregate swap fee percentage
         * @return aggregateYieldFeePercentage The initial aggregate yield fee percentage
         */
        function registerPool(
            address pool,
            address poolCreator,
            bool protocolFeeExempt
        ) external returns (uint256 aggregateSwapFeePercentage, uint256 aggregateYieldFeePercentage);
    
        /**
         * @notice Set the global protocol swap fee percentage, used by standard pools.
         * @param newProtocolSwapFeePercentage The new protocol swap fee percentage
         */
        function setGlobalProtocolSwapFeePercentage(uint256 newProtocolSwapFeePercentage) external;
    
        /**
         * @notice Set the global protocol yield fee percentage, used by standard pools.
         * @param newProtocolYieldFeePercentage The new protocol yield fee percentage
         */
        function setGlobalProtocolYieldFeePercentage(uint256 newProtocolYieldFeePercentage) external;
    
        /**
         * @notice Override the protocol swap fee percentage for a specific pool.
         * @param pool The address of the pool for which we are setting the protocol swap fee
         * @param newProtocolSwapFeePercentage The new protocol swap fee percentage for the pool
         */
        function setProtocolSwapFeePercentage(address pool, uint256 newProtocolSwapFeePercentage) external;
    
        /**
         * @notice Override the protocol yield fee percentage for a specific pool.
         * @param pool The address of the pool for which we are setting the protocol yield fee
         * @param newProtocolYieldFeePercentage The new protocol yield fee percentage for the pool
         */
        function setProtocolYieldFeePercentage(address pool, uint256 newProtocolYieldFeePercentage) external;
    
        /**
         * @notice Assigns a new pool creator swap fee percentage to the specified pool.
         * @dev Fees are divided between the protocol, pool creator, and LPs. The pool creator percentage is applied to
         * the "net" amount after protocol fees, and divides the remainder between the pool creator and LPs. If the
         * pool creator fee is near 100%, almost none of the fee amount remains in the pool for LPs.
         *
         * @param pool The address of the pool for which the pool creator fee will be changed
         * @param poolCreatorSwapFeePercentage The new pool creator swap fee percentage to apply to the pool
         */
        function setPoolCreatorSwapFeePercentage(address pool, uint256 poolCreatorSwapFeePercentage) external;
    
        /**
         * @notice Assigns a new pool creator yield fee percentage to the specified pool.
         * @dev Fees are divided between the protocol, pool creator, and LPs. The pool creator percentage is applied to
         * the "net" amount after protocol fees, and divides the remainder between the pool creator and LPs. If the
         * pool creator fee is near 100%, almost none of the fee amount remains in the pool for LPs.
         *
         * @param pool The address of the pool for which the pool creator fee will be changed
         * @param poolCreatorYieldFeePercentage The new pool creator yield fee percentage to apply to the pool
         */
        function setPoolCreatorYieldFeePercentage(address pool, uint256 poolCreatorYieldFeePercentage) external;
    
        /**
         * @notice Withdraw collected protocol fees for a given pool (all tokens). This is a permissioned function.
         * @dev Sends swap and yield protocol fees to the recipient.
         * @param pool The pool on which fees were collected
         * @param recipient Address to send the tokens
         */
        function withdrawProtocolFees(address pool, address recipient) external;
    
        /**
         * @notice Withdraw collected protocol fees for a given pool and a given token. This is a permissioned function.
         * @dev Sends swap and yield protocol fees to the recipient.
         * @param pool The pool on which fees were collected
         * @param recipient Address to send the tokens
         * @param token Token to withdraw
         */
        function withdrawProtocolFeesForToken(address pool, address recipient, IERC20 token) external;
    
        /**
         * @notice Withdraw collected pool creator fees for a given pool. This is a permissioned function.
         * @dev Sends swap and yield pool creator fees to the recipient.
         * @param pool The pool on which fees were collected
         * @param recipient Address to send the tokens
         */
        function withdrawPoolCreatorFees(address pool, address recipient) external;
    
        /**
         * @notice Withdraw collected pool creator fees for a given pool.
         * @dev Sends swap and yield pool creator fees to the registered poolCreator. Since this is a known and immutable
         * value, this function is permissionless.
         *
         * @param pool The pool on which fees were collected
         */
        function withdrawPoolCreatorFees(address pool) external;
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    /**
     * @notice Return the minimum/maximum swap fee percentages for a pool.
     * @dev The Vault does not enforce bounds on swap fee percentages; `IBasePool` implements this interface to ensure
     * that new pool developers think about and set these bounds according to their specific pool type.
     *
     * A minimum swap fee might be necessary to ensure mathematical soundness (e.g., Weighted Pools, which use the power
     * function in the invariant). A maximum swap fee is general protection for users. With no limits at the Vault level,
     * a pool could specify a near 100% swap fee, effectively disabling trading. Though there are some use cases, such as
     * LVR/MEV strategies, where a very high fee makes sense.
     *
     * Note that the Vault does ensure that dynamic and aggregate fees are less than 100% to prevent attempting to allocate
     * more fees than were collected by the operation. The true `MAX_FEE_PERCENTAGE` is defined in VaultTypes.sol, and is
     * the highest value below 100% that satisfies the precision requirements.
     */
    interface ISwapFeePercentageBounds {
        /// @return minimumSwapFeePercentage The minimum swap fee percentage for a pool
        function getMinimumSwapFeePercentage() external view returns (uint256 minimumSwapFeePercentage);
    
        /// @return maximumSwapFeePercentage The maximum swap fee percentage for a pool
        function getMaximumSwapFeePercentage() external view returns (uint256 maximumSwapFeePercentage);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    /**
     * @notice Return the minimum/maximum invariant ratios allowed during an unbalanced liquidity operation.
     * @dev The Vault does not enforce any "baseline" bounds on invariant ratios, since such bounds are highly specific
     * and dependent on the math of each pool type. Instead, the Vault reads invariant ratio bounds from the pools.
     * `IBasePool` implements this interface to ensure that new pool developers think about and set these bounds according
     * to their pool type's math.
     *
     * For instance, Balancer Weighted Pool math involves exponentiation (the `pow` function), which uses natural
     * logarithms and a discrete Taylor series expansion to compute x^y values for the 18-decimal floating point numbers
     * used in all Vault computations. See `LogExpMath` and `WeightedMath` for a derivation of the bounds for these pools.
     */
    interface IUnbalancedLiquidityInvariantRatioBounds {
        /// @return minimumInvariantRatio The minimum invariant ratio for a pool during unbalanced remove liquidity
        function getMinimumInvariantRatio() external view returns (uint256 minimumInvariantRatio);
    
        /// @return maximumInvariantRatio The maximum invariant ratio for a pool during unbalanced add liquidity
        function getMaximumInvariantRatio() external view returns (uint256 maximumInvariantRatio);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IAuthentication } from "../solidity-utils/helpers/IAuthentication.sol";
    import { IVaultExtension } from "./IVaultExtension.sol";
    import { IVaultErrors } from "./IVaultErrors.sol";
    import { IVaultEvents } from "./IVaultEvents.sol";
    import { IVaultAdmin } from "./IVaultAdmin.sol";
    import { IVaultMain } from "./IVaultMain.sol";
    
    /// @notice Composite interface for all Vault operations: swap, add/remove liquidity, and associated queries.
    interface IVault is IVaultMain, IVaultExtension, IVaultAdmin, IVaultErrors, IVaultEvents, IAuthentication {
        /// @return vault The main Vault address.
        function vault() external view override(IVaultAdmin, IVaultExtension) returns (IVault);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
    
    import { IProtocolFeeController } from "./IProtocolFeeController.sol";
    import { IAuthorizer } from "./IAuthorizer.sol";
    import { IVault } from "./IVault.sol";
    
    /**
     * @notice Interface for functions defined on the `VaultAdmin` contract.
     * @dev `VaultAdmin` is the Proxy extension of `VaultExtension`, and handles the least critical operations,
     * as two delegate calls add gas to each call. Most of the permissioned calls are here.
     */
    interface IVaultAdmin {
        /*******************************************************************************
                                   Constants and immutables
        *******************************************************************************/
    
        /**
         * @notice Returns the main Vault address.
         * @dev The main Vault contains the entrypoint and main liquidity operation implementations.
         * @return vault The address of the main Vault
         */
        function vault() external view returns (IVault);
    
        /**
         * @notice Returns the Vault's pause window end time.
         * @dev This value is immutable, and represents the timestamp after which the Vault can no longer be paused
         * by governance. Balancer timestamps are 32 bits.
         *
         * @return pauseWindowEndTime The timestamp when the Vault's pause window ends
         */
        function getPauseWindowEndTime() external view returns (uint32 pauseWindowEndTime);
    
        /**
         * @notice Returns the Vault's buffer period duration.
         * @dev This value is immutable. It represents the period during which, if paused, the Vault will remain paused.
         * This ensures there is time available to address whatever issue caused the Vault to be paused. Balancer
         * timestamps are 32 bits.
         *
         * @return bufferPeriodDuration The length of the buffer period in seconds
         */
        function getBufferPeriodDuration() external view returns (uint32 bufferPeriodDuration);
    
        /**
         * @notice Returns the Vault's buffer period end time.
         * @dev This value is immutable. If already paused, the Vault can be unpaused until this timestamp. Balancer
         * timestamps are 32 bits.
         *
         * @return bufferPeriodEndTime The timestamp after which the Vault remains permanently unpaused
         */
        function getBufferPeriodEndTime() external view returns (uint32 bufferPeriodEndTime);
    
        /**
         * @notice Get the minimum number of tokens in a pool.
         * @dev We expect the vast majority of pools to be 2-token.
         * @return minTokens The minimum token count of a pool
         */
        function getMinimumPoolTokens() external pure returns (uint256 minTokens);
    
        /**
         * @notice Get the maximum number of tokens in a pool.
         * @return maxTokens The maximum token count of a pool
         */
        function getMaximumPoolTokens() external pure returns (uint256 maxTokens);
    
        /**
         * @notice Get the minimum total supply of pool tokens (BPT) for an initialized pool.
         * @dev This prevents pools from being completely drained. When the pool is initialized, this minimum amount of BPT
         * is minted to the zero address. This is an 18-decimal floating point number; BPT are always 18 decimals.
         *
         * @return poolMinimumTotalSupply The minimum total supply a pool can have after initialization
         */
        function getPoolMinimumTotalSupply() external pure returns (uint256 poolMinimumTotalSupply);
    
        /**
         * @notice Get the minimum total supply of an ERC4626 wrapped token buffer in the Vault.
         * @dev This prevents buffers from being completely drained. When the buffer is initialized, this minimum number
         * of shares is added to the shares resulting from the initial deposit. Buffer total supply accounting is internal
         * to the Vault, as buffers are not tokenized.
         *
         * @return bufferMinimumTotalSupply The minimum total supply a buffer can have after initialization
         */
        function getBufferMinimumTotalSupply() external pure returns (uint256 bufferMinimumTotalSupply);
    
        /**
         * @notice Get the minimum trade amount in a pool operation.
         * @dev This limit is applied to the 18-decimal "upscaled" amount in any operation (swap, add/remove liquidity).
         * @return minimumTradeAmount The minimum trade amount as an 18-decimal floating point number
         */
        function getMinimumTradeAmount() external view returns (uint256 minimumTradeAmount);
    
        /**
         * @notice Get the minimum wrap amount in a buffer operation.
         * @dev This limit is applied to the wrap operation amount, in native underlying token decimals.
         * @return minimumWrapAmount The minimum wrap amount in native underlying token decimals
         */
        function getMinimumWrapAmount() external view returns (uint256 minimumWrapAmount);
    
        /*******************************************************************************
                                        Vault Pausing
        *******************************************************************************/
    
        /**
         * @notice Indicates whether the Vault is paused.
         * @dev If the Vault is paused, all non-Recovery Mode state-changing operations on pools will revert. Note that
         * ERC4626 buffers and the Vault have separate and independent pausing mechanisms. Pausing the Vault does not
         * also pause buffers (though we anticipate they would likely be paused and unpaused together). Call
         * `areBuffersPaused` to check the pause state of the buffers.
         *
         * @return vaultPaused True if the Vault is paused
         */
        function isVaultPaused() external view returns (bool vaultPaused);
    
        /**
         * @notice Returns the paused status, and end times of the Vault's pause window and buffer period.
         * @dev Balancer timestamps are 32 bits.
         * @return vaultPaused True if the Vault is paused
         * @return vaultPauseWindowEndTime The timestamp of the end of the Vault's pause window
         * @return vaultBufferPeriodEndTime The timestamp of the end of the Vault's buffer period
         */
        function getVaultPausedState()
            external
            view
            returns (bool vaultPaused, uint32 vaultPauseWindowEndTime, uint32 vaultBufferPeriodEndTime);
    
        /**
         * @notice Pause the Vault: an emergency action which disables all operational state-changing functions on pools.
         * @dev This is a permissioned function that will only work during the Pause Window set during deployment.
         * Note that ERC4626 buffer operations have an independent pause mechanism, which is not affected by pausing
         * the Vault. Custom routers could still wrap/unwrap using buffers while the Vault is paused, unless buffers
         * are also paused (with `pauseVaultBuffers`).
         */
        function pauseVault() external;
    
        /**
         * @notice Reverse a `pause` operation, and restore Vault pool operations to normal functionality.
         * @dev This is a permissioned function that will only work on a paused Vault within the Buffer Period set during
         * deployment. Note that the Vault will automatically unpause after the Buffer Period expires. As noted above,
         * ERC4626 buffers and Vault operations on pools are independent. Unpausing the Vault does not reverse
         * `pauseVaultBuffers`. If buffers were also paused, they will remain in that state until explicitly unpaused.
         */
        function unpauseVault() external;
    
        /*******************************************************************************
                                        Pool Pausing
        *******************************************************************************/
    
        /**
         * @notice Pause the Pool: an emergency action which disables all pool functions.
         * @dev This is a permissioned function that will only work during the Pause Window set during pool factory
         * deployment.
         *
         * @param pool The pool being paused
         */
        function pausePool(address pool) external;
    
        /**
         * @notice Reverse a `pause` operation, and restore the Pool to normal functionality.
         * @dev This is a permissioned function that will only work on a paused Pool within the Buffer Period set during
         * deployment. Note that the Pool will automatically unpause after the Buffer Period expires.
         *
         * @param pool The pool being unpaused
         */
        function unpausePool(address pool) external;
    
        /*******************************************************************************
                                             Fees
        *******************************************************************************/
    
        /**
         * @notice Assigns a new static swap fee percentage to the specified pool.
         * @dev This is a permissioned function, disabled if the pool is paused. The swap fee percentage must be within
         * the bounds specified by the pool's implementation of `ISwapFeePercentageBounds`.
         * Emits the SwapFeePercentageChanged event.
         *
         * @param pool The address of the pool for which the static swap fee will be changed
         * @param swapFeePercentage The new swap fee percentage to apply to the pool
         */
        function setStaticSwapFeePercentage(address pool, uint256 swapFeePercentage) external;
    
        /**
         * @notice Collects accumulated aggregate swap and yield fees for the specified pool.
         * @dev Fees are sent to the ProtocolFeeController address.
         * @param pool The pool on which all aggregate fees should be collected
         * @return swapFeeAmounts An array with the total swap fees collected, sorted in token registration order
         * @return yieldFeeAmounts An array with the total yield fees collected, sorted in token registration order
         */
        function collectAggregateFees(
            address pool
        ) external returns (uint256[] memory swapFeeAmounts, uint256[] memory yieldFeeAmounts);
    
        /**
         * @notice Update an aggregate swap fee percentage.
         * @dev Can only be called by the current protocol fee controller. Called when governance overrides a protocol fee
         * for a specific pool, or to permissionlessly update a pool to a changed global protocol fee value (if the pool's
         * fee has not previously been set by governance). Ensures the aggregate percentage <= FixedPoint.ONE, and also
         * that the final value does not lose precision when stored in 24 bits (see `FEE_BITLENGTH` in VaultTypes.sol).
         * Emits an `AggregateSwapFeePercentageChanged` event.
         *
         * @param pool The pool whose swap fee percentage will be updated
         * @param newAggregateSwapFeePercentage The new aggregate swap fee percentage
         */
        function updateAggregateSwapFeePercentage(address pool, uint256 newAggregateSwapFeePercentage) external;
    
        /**
         * @notice Update an aggregate yield fee percentage.
         * @dev Can only be called by the current protocol fee controller. Called when governance overrides a protocol fee
         * for a specific pool, or to permissionlessly update a pool to a changed global protocol fee value (if the pool's
         * fee has not previously been set by governance). Ensures the aggregate percentage <= FixedPoint.ONE, and also
         * that the final value does not lose precision when stored in 24 bits (see `FEE_BITLENGTH` in VaultTypes.sol).
         * Emits an `AggregateYieldFeePercentageChanged` event.
         *
         * @param pool The pool whose yield fee percentage will be updated
         * @param newAggregateYieldFeePercentage The new aggregate yield fee percentage
         */
        function updateAggregateYieldFeePercentage(address pool, uint256 newAggregateYieldFeePercentage) external;
    
        /**
         * @notice Sets a new Protocol Fee Controller for the Vault.
         * @dev This is a permissioned call. Emits a `ProtocolFeeControllerChanged` event.
         * @param newProtocolFeeController The address of the new Protocol Fee Controller
         */
        function setProtocolFeeController(IProtocolFeeController newProtocolFeeController) external;
    
        /*******************************************************************************
                                        Recovery Mode
        *******************************************************************************/
    
        /**
         * @notice Enable recovery mode for a pool.
         * @dev This is a permissioned function. It enables a safe proportional withdrawal, with no external calls.
         * Since there are no external calls, ensuring that entering Recovery Mode cannot fail, we cannot compute and so
         * must forfeit any yield fees between the last operation and enabling Recovery Mode. For the same reason, live
         * balances cannot be updated while in Recovery Mode, as doing so might cause withdrawals to fail.
         *
         * @param pool The address of the pool
         */
        function enableRecoveryMode(address pool) external;
    
        /**
         * @notice Disable recovery mode for a pool.
         * @dev This is a permissioned function. It re-syncs live balances (which could not be updated during
         * Recovery Mode), forfeiting any yield fees that accrued while enabled. It makes external calls, and could
         * potentially fail if there is an issue with any associated Rate Providers.
         *
         * @param pool The address of the pool
         */
        function disableRecoveryMode(address pool) external;
    
        /*******************************************************************************
                                      Query Functionality
        *******************************************************************************/
    
        /**
         * @notice Disables query functionality on the Vault. Can only be called by governance.
         * @dev The query functions rely on a specific EVM feature to detect static calls. Query operations are exempt from
         * settlement constraints, so it's critical that no state changes can occur. We retain the ability to disable
         * queries in the unlikely event that EVM changes violate its assumptions (perhaps on an L2).
         * This function can be acted upon as an emergency measure in ambiguous contexts where it's not 100% clear whether
         * disabling queries is completely necessary; queries can still be re-enabled after this call.
         */
        function disableQuery() external;
    
        /**
         * @notice Disables query functionality permanently on the Vault. Can only be called by governance.
         * @dev Shall only be used when there is no doubt that queries pose a fundamental threat to the system.
         */
        function disableQueryPermanently() external;
    
        /**
         * @notice Enables query functionality on the Vault. Can only be called by governance.
         * @dev Only works if queries are not permanently disabled.
         */
        function enableQuery() external;
    
        /*******************************************************************************
                                      ERC4626 Buffers
        *******************************************************************************/
    
        /**
         * @notice Indicates whether the Vault buffers are paused.
         * @dev When buffers are paused, all buffer operations (i.e., calls on the Router with `isBuffer` true)
         * will revert. Pausing buffers is reversible. Note that ERC4626 buffers and the Vault have separate and
         * independent pausing mechanisms. Pausing the Vault does not also pause buffers (though we anticipate they
         * would likely be paused and unpaused together). Call `isVaultPaused` to check the pause state of the Vault.
         *
         * @return buffersPaused True if the Vault buffers are paused
         */
        function areBuffersPaused() external view returns (bool buffersPaused);
    
        /**
         * @notice Pauses native vault buffers globally.
         * @dev When buffers are paused, it's not possible to add liquidity or wrap/unwrap tokens using the Vault's
         * `erc4626BufferWrapOrUnwrap` primitive. However, it's still possible to remove liquidity. Currently it's not
         * possible to pause vault buffers individually.
         *
         * This is a permissioned call, and is reversible (see `unpauseVaultBuffers`). Note that the Vault has a separate
         * and independent pausing mechanism. It is possible to pause the Vault (i.e. pool operations), without affecting
         * buffers, and vice versa.
         */
        function pauseVaultBuffers() external;
    
        /**
         * @notice Unpauses native vault buffers globally.
         * @dev When buffers are paused, it's not possible to add liquidity or wrap/unwrap tokens using the Vault's
         * `erc4626BufferWrapOrUnwrap` primitive. However, it's still possible to remove liquidity. As noted above,
         * ERC4626 buffers and Vault operations on pools are independent. Unpausing buffers does not reverse `pauseVault`.
         * If the Vault was also paused, it will remain in that state until explicitly unpaused.
         *
         * This is a permissioned call.
         */
        function unpauseVaultBuffers() external;
    
        /**
         * @notice Initializes buffer for the given wrapped token.
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @param amountUnderlyingRaw Amount of underlying tokens that will be deposited into the buffer
         * @param amountWrappedRaw Amount of wrapped tokens that will be deposited into the buffer
         * @param minIssuedShares Minimum amount of shares to receive from the buffer, expressed in underlying token
         * native decimals
         * @param sharesOwner Address that will own the deposited liquidity. Only this address will be able to remove
         * liquidity from the buffer
         * @return issuedShares the amount of tokens sharesOwner has in the buffer, expressed in underlying token amounts.
         * (it is the BPT of an internal ERC4626 buffer). It is expressed in underlying token native decimals.
         */
        function initializeBuffer(
            IERC4626 wrappedToken,
            uint256 amountUnderlyingRaw,
            uint256 amountWrappedRaw,
            uint256 minIssuedShares,
            address sharesOwner
        ) external returns (uint256 issuedShares);
    
        /**
         * @notice Adds liquidity to an internal ERC4626 buffer in the Vault, proportionally.
         * @dev The buffer needs to be initialized beforehand.
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @param maxAmountUnderlyingInRaw Maximum amount of underlying tokens to add to the buffer. It is expressed in
         * underlying token native decimals
         * @param maxAmountWrappedInRaw Maximum amount of wrapped tokens to add to the buffer. It is expressed in wrapped
         * token native decimals
         * @param exactSharesToIssue The value in underlying tokens that `sharesOwner` wants to add to the buffer,
         * in underlying token decimals
         * @param sharesOwner Address that will own the deposited liquidity. Only this address will be able to remove
         * liquidity from the buffer
         * @return amountUnderlyingRaw Amount of underlying tokens deposited into the buffer
         * @return amountWrappedRaw Amount of wrapped tokens deposited into the buffer
         */
        function addLiquidityToBuffer(
            IERC4626 wrappedToken,
            uint256 maxAmountUnderlyingInRaw,
            uint256 maxAmountWrappedInRaw,
            uint256 exactSharesToIssue,
            address sharesOwner
        ) external returns (uint256 amountUnderlyingRaw, uint256 amountWrappedRaw);
    
        /**
         * @notice Removes liquidity from an internal ERC4626 buffer in the Vault.
         * @dev Only proportional exits are supported, and the sender has to be the owner of the shares.
         * This function unlocks the Vault just for this operation; it does not work with a Router as an entrypoint.
         *
         * Pre-conditions:
         * - The buffer needs to be initialized.
         * - sharesOwner is the original msg.sender, it needs to be checked in the Router. That's why
         *   this call is authenticated; only routers approved by the DAO can remove the liquidity of a buffer.
         * - The buffer needs to have some liquidity and have its asset registered in `_bufferAssets` storage.
         *
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @param sharesToRemove Amount of shares to remove from the buffer. Cannot be greater than sharesOwner's
         * total shares. It is expressed in underlying token native decimals
         * @param minAmountUnderlyingOutRaw Minimum amount of underlying tokens to receive from the buffer. It is expressed
         * in underlying token native decimals
         * @param minAmountWrappedOutRaw Minimum amount of wrapped tokens to receive from the buffer. It is expressed in
         * wrapped token native decimals
         * @return removedUnderlyingBalanceRaw Amount of underlying tokens returned to the user
         * @return removedWrappedBalanceRaw Amount of wrapped tokens returned to the user
         */
        function removeLiquidityFromBuffer(
            IERC4626 wrappedToken,
            uint256 sharesToRemove,
            uint256 minAmountUnderlyingOutRaw,
            uint256 minAmountWrappedOutRaw
        ) external returns (uint256 removedUnderlyingBalanceRaw, uint256 removedWrappedBalanceRaw);
    
        /**
         * @notice Returns the asset registered for a given wrapped token.
         * @dev The asset can never change after buffer initialization.
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @return underlyingToken Address of the underlying token registered for the wrapper; `address(0)` if the buffer
         * has not been initialized.
         */
        function getBufferAsset(IERC4626 wrappedToken) external view returns (address underlyingToken);
    
        /**
         * @notice Returns the shares (internal buffer BPT) of a liquidity owner: a user that deposited assets
         * in the buffer.
         *
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @param liquidityOwner Address of the user that owns liquidity in the wrapped token's buffer
         * @return ownerShares Amount of shares allocated to the liquidity owner, in native underlying token decimals
         */
        function getBufferOwnerShares(
            IERC4626 wrappedToken,
            address liquidityOwner
        ) external view returns (uint256 ownerShares);
    
        /**
         * @notice Returns the supply shares (internal buffer BPT) of the ERC4626 buffer.
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @return bufferShares Amount of supply shares of the buffer, in native underlying token decimals
         */
        function getBufferTotalShares(IERC4626 wrappedToken) external view returns (uint256 bufferShares);
    
        /**
         * @notice Returns the amount of underlying and wrapped tokens deposited in the internal buffer of the Vault.
         * @dev All values are in native token decimals of the wrapped or underlying tokens.
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @return underlyingBalanceRaw Amount of underlying tokens deposited into the buffer, in native token decimals
         * @return wrappedBalanceRaw Amount of wrapped tokens deposited into the buffer, in native token decimals
         */
        function getBufferBalance(
            IERC4626 wrappedToken
        ) external view returns (uint256 underlyingBalanceRaw, uint256 wrappedBalanceRaw);
    
        /*******************************************************************************
                                    Authentication
        *******************************************************************************/
    
        /**
         * @notice Sets a new Authorizer for the Vault.
         * @dev This is a permissioned call. Emits an `AuthorizerChanged` event.
         * @param newAuthorizer The address of the new authorizer
         */
        function setAuthorizer(IAuthorizer newAuthorizer) external;
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    /// @notice Errors are declared inside an interface (namespace) to improve DX with Typechain.
    interface IVaultErrors {
        /*******************************************************************************
                                Registration and Initialization
        *******************************************************************************/
    
        /**
         * @notice A pool has already been registered. `registerPool` may only be called once.
         * @param pool The already registered pool
         */
        error PoolAlreadyRegistered(address pool);
    
        /**
         * @notice A pool has already been initialized. `initialize` may only be called once.
         * @param pool The already initialized pool
         */
        error PoolAlreadyInitialized(address pool);
    
        /**
         * @notice A pool has not been registered.
         * @param pool The unregistered pool
         */
        error PoolNotRegistered(address pool);
    
        /**
         * @notice A referenced pool has not been initialized.
         * @param pool The uninitialized pool
         */
        error PoolNotInitialized(address pool);
    
        /**
         * @notice A hook contract rejected a pool on registration.
         * @param poolHooksContract Address of the hook contract that rejected the pool registration
         * @param pool Address of the rejected pool
         * @param poolFactory Address of the pool factory
         */
        error HookRegistrationFailed(address poolHooksContract, address pool, address poolFactory);
    
        /**
         * @notice A token was already registered (i.e., it is a duplicate in the pool).
         * @param token The duplicate token
         */
        error TokenAlreadyRegistered(IERC20 token);
    
        /// @notice The token count is below the minimum allowed.
        error MinTokens();
    
        /// @notice The token count is above the maximum allowed.
        error MaxTokens();
    
        /// @notice Invalid tokens (e.g., zero) cannot be registered.
        error InvalidToken();
    
        /// @notice The token type given in a TokenConfig during pool registration is invalid.
        error InvalidTokenType();
    
        /// @notice The data in a TokenConfig struct is inconsistent or unsupported.
        error InvalidTokenConfiguration();
    
        /// @notice Tokens with more than 18 decimals are not supported.
        error InvalidTokenDecimals();
    
        /**
         * @notice The token list passed into an operation does not match the pool tokens in the pool.
         * @param pool Address of the pool
         * @param expectedToken The correct token at a given index in the pool
         * @param actualToken The actual token found at that index
         */
        error TokensMismatch(address pool, address expectedToken, address actualToken);
    
        /*******************************************************************************
                                     Transient Accounting
        *******************************************************************************/
    
        /// @notice A transient accounting operation completed with outstanding token deltas.
        error BalanceNotSettled();
    
        /// @notice A user called a Vault function (swap, add/remove liquidity) outside the lock context.
        error VaultIsNotUnlocked();
    
        /// @notice The pool has returned false to the beforeSwap hook, indicating the transaction should revert.
        error DynamicSwapFeeHookFailed();
    
        /// @notice The pool has returned false to the beforeSwap hook, indicating the transaction should revert.
        error BeforeSwapHookFailed();
    
        /// @notice The pool has returned false to the afterSwap hook, indicating the transaction should revert.
        error AfterSwapHookFailed();
    
        /// @notice The pool has returned false to the beforeInitialize hook, indicating the transaction should revert.
        error BeforeInitializeHookFailed();
    
        /// @notice The pool has returned false to the afterInitialize hook, indicating the transaction should revert.
        error AfterInitializeHookFailed();
    
        /// @notice The pool has returned false to the beforeAddLiquidity hook, indicating the transaction should revert.
        error BeforeAddLiquidityHookFailed();
    
        /// @notice The pool has returned false to the afterAddLiquidity hook, indicating the transaction should revert.
        error AfterAddLiquidityHookFailed();
    
        /// @notice The pool has returned false to the beforeRemoveLiquidity hook, indicating the transaction should revert.
        error BeforeRemoveLiquidityHookFailed();
    
        /// @notice The pool has returned false to the afterRemoveLiquidity hook, indicating the transaction should revert.
        error AfterRemoveLiquidityHookFailed();
    
        /// @notice An unauthorized Router tried to call a permissioned function (i.e., using the Vault's token allowance).
        error RouterNotTrusted();
    
        /*******************************************************************************
                                            Swaps
        *******************************************************************************/
    
        /// @notice The user tried to swap zero tokens.
        error AmountGivenZero();
    
        /// @notice The user attempted to swap a token for itself.
        error CannotSwapSameToken();
    
        /**
         * @notice The user attempted to operate with a token that is not in the pool.
         * @param token The unregistered token
         */
        error TokenNotRegistered(IERC20 token);
    
        /**
         * @notice An amount in or out has exceeded the limit specified in the swap request.
         * @param amount The total amount in or out
         * @param limit The amount of the limit that has been exceeded
         */
        error SwapLimit(uint256 amount, uint256 limit);
    
        /**
         * @notice A hook adjusted amount in or out has exceeded the limit specified in the swap request.
         * @param amount The total amount in or out
         * @param limit The amount of the limit that has been exceeded
         */
        error HookAdjustedSwapLimit(uint256 amount, uint256 limit);
    
        /// @notice The amount given or calculated for an operation is below the minimum limit.
        error TradeAmountTooSmall();
    
        /*******************************************************************************
                                        Add Liquidity
        *******************************************************************************/
    
        /// @notice Add liquidity kind not supported.
        error InvalidAddLiquidityKind();
    
        /**
         * @notice A required amountIn exceeds the maximum limit specified for the operation.
         * @param tokenIn The incoming token
         * @param amountIn The total token amount in
         * @param maxAmountIn The amount of the limit that has been exceeded
         */
        error AmountInAboveMax(IERC20 tokenIn, uint256 amountIn, uint256 maxAmountIn);
    
        /**
         * @notice A hook adjusted amountIn exceeds the maximum limit specified for the operation.
         * @param tokenIn The incoming token
         * @param amountIn The total token amount in
         * @param maxAmountIn The amount of the limit that has been exceeded
         */
        error HookAdjustedAmountInAboveMax(IERC20 tokenIn, uint256 amountIn, uint256 maxAmountIn);
    
        /**
         * @notice The BPT amount received from adding liquidity is below the minimum specified for the operation.
         * @param amountOut The total BPT amount out
         * @param minAmountOut The amount of the limit that has been exceeded
         */
        error BptAmountOutBelowMin(uint256 amountOut, uint256 minAmountOut);
    
        /// @notice Pool does not support adding liquidity with a customized input.
        error DoesNotSupportAddLiquidityCustom();
    
        /// @notice Pool does not support adding liquidity through donation.
        error DoesNotSupportDonation();
    
        /*******************************************************************************
                                        Remove Liquidity
        *******************************************************************************/
    
        /// @notice Remove liquidity kind not supported.
        error InvalidRemoveLiquidityKind();
    
        /**
         * @notice The actual amount out is below the minimum limit specified for the operation.
         * @param tokenOut The outgoing token
         * @param amountOut The total BPT amount out
         * @param minAmountOut The amount of the limit that has been exceeded
         */
        error AmountOutBelowMin(IERC20 tokenOut, uint256 amountOut, uint256 minAmountOut);
    
        /**
         * @notice The hook adjusted amount out is below the minimum limit specified for the operation.
         * @param tokenOut The outgoing token
         * @param amountOut The total BPT amount out
         * @param minAmountOut The amount of the limit that has been exceeded
         */
        error HookAdjustedAmountOutBelowMin(IERC20 tokenOut, uint256 amountOut, uint256 minAmountOut);
    
        /**
         * @notice The required BPT amount in exceeds the maximum limit specified for the operation.
         * @param amountIn The total BPT amount in
         * @param maxAmountIn The amount of the limit that has been exceeded
         */
        error BptAmountInAboveMax(uint256 amountIn, uint256 maxAmountIn);
    
        /// @notice Pool does not support removing liquidity with a customized input.
        error DoesNotSupportRemoveLiquidityCustom();
    
        /*******************************************************************************
                                         Fees
        *******************************************************************************/
    
        /**
         * @notice Error raised when there is an overflow in the fee calculation.
         * @dev This occurs when the sum of the parts (aggregate swap or yield fee) is greater than the whole
         * (total swap or yield fee). Also validated when the protocol fee controller updates aggregate fee
         * percentages in the Vault.
         */
        error ProtocolFeesExceedTotalCollected();
    
        /**
         * @notice Error raised when the swap fee percentage is less than the minimum allowed value.
         * @dev The Vault itself does not impose a universal minimum. Rather, it validates against the
         * range specified by the `ISwapFeePercentageBounds` interface. and reverts with this error
         * if it is below the minimum value returned by the pool.
         *
         * Pools with dynamic fees do not check these limits.
         */
        error SwapFeePercentageTooLow();
    
        /**
         * @notice Error raised when the swap fee percentage is greater than the maximum allowed value.
         * @dev The Vault itself does not impose a universal minimum. Rather, it validates against the
         * range specified by the `ISwapFeePercentageBounds` interface. and reverts with this error
         * if it is above the maximum value returned by the pool.
         *
         * Pools with dynamic fees do not check these limits.
         */
        error SwapFeePercentageTooHigh();
    
        /**
         * @notice Primary fee percentages result in an aggregate fee that cannot be stored with the required precision.
         * @dev Primary fee percentages are 18-decimal values, stored here in 64 bits, and calculated with full 256-bit
         * precision. However, the resulting aggregate fees are stored in the Vault with 24-bit precision, which
         * corresponds to 0.00001% resolution (i.e., a fee can be 1%, 1.00001%, 1.00002%, but not 1.000005%).
         * Disallow setting fees such that there would be precision loss in the Vault, leading to a discrepancy between
         * the aggregate fee calculated here and that stored in the Vault.
         */
        error FeePrecisionTooHigh();
    
        /// @notice A given percentage is above the maximum (usually a value close to FixedPoint.ONE, or 1e18 wei).
        error PercentageAboveMax();
    
        /*******************************************************************************
                                        Queries
        *******************************************************************************/
    
        /// @notice A user tried to execute a query operation when they were disabled.
        error QueriesDisabled();
    
        /// @notice An admin tried to re-enable queries, but they were disabled permanently.
        error QueriesDisabledPermanently();
    
        /*******************************************************************************
                                    Recovery Mode
        *******************************************************************************/
    
        /**
         * @notice Cannot enable recovery mode when already enabled.
         * @param pool The pool
         */
        error PoolInRecoveryMode(address pool);
    
        /**
         * @notice Cannot disable recovery mode when not enabled.
         * @param pool The pool
         */
        error PoolNotInRecoveryMode(address pool);
    
        /*******************************************************************************
                                    Authentication
        *******************************************************************************/
    
        /**
         * @notice Error indicating the sender is not the Vault (e.g., someone is trying to call a permissioned function).
         * @param sender The account attempting to call a permissioned function
         */
        error SenderIsNotVault(address sender);
    
        /*******************************************************************************
                                            Pausing
        *******************************************************************************/
    
        /// @notice The caller specified a pause window period longer than the maximum.
        error VaultPauseWindowDurationTooLarge();
    
        /// @notice The caller specified a buffer period longer than the maximum.
        error PauseBufferPeriodDurationTooLarge();
    
        /// @notice A user tried to perform an operation while the Vault was paused.
        error VaultPaused();
    
        /// @notice Governance tried to unpause the Vault when it was not paused.
        error VaultNotPaused();
    
        /// @notice Governance tried to pause the Vault after the pause period expired.
        error VaultPauseWindowExpired();
    
        /**
         * @notice A user tried to perform an operation involving a paused Pool.
         * @param pool The paused pool
         */
        error PoolPaused(address pool);
    
        /**
         * @notice Governance tried to unpause the Pool when it was not paused.
         * @param pool The unpaused pool
         */
        error PoolNotPaused(address pool);
    
        /**
         * @notice Governance tried to pause a Pool after the pause period expired.
         * @param pool The pool
         */
        error PoolPauseWindowExpired(address pool);
    
        /*******************************************************************************
                                    ERC4626 token buffers
        *******************************************************************************/
    
        /**
         * @notice The buffer for the given wrapped token was already initialized.
         * @param wrappedToken The wrapped token corresponding to the buffer
         */
        error BufferAlreadyInitialized(IERC4626 wrappedToken);
    
        /**
         * @notice The buffer for the given wrapped token was not initialized.
         * @param wrappedToken The wrapped token corresponding to the buffer
         */
        error BufferNotInitialized(IERC4626 wrappedToken);
    
        /// @notice The user is trying to remove more than their allocated shares from the buffer.
        error NotEnoughBufferShares();
    
        /**
         * @notice The wrapped token asset does not match the underlying token.
         * @dev This should never happen, but a malicious wrapper contract might not return the correct address.
         * Legitimate wrapper contracts should make the asset a constant or immutable value.
         *
         * @param wrappedToken The wrapped token corresponding to the buffer
         * @param underlyingToken The underlying token returned by `asset`
         */
        error WrongUnderlyingToken(IERC4626 wrappedToken, address underlyingToken);
    
        /**
         * @notice A wrapped token reported the zero address as its underlying token asset.
         * @dev This should never happen, but a malicious wrapper contract might do this (e.g., in an attempt to
         * re-initialize the buffer).
         *
         * @param wrappedToken The wrapped token corresponding to the buffer
         */
        error InvalidUnderlyingToken(IERC4626 wrappedToken);
    
        /**
         * @notice The amount given to wrap/unwrap was too small, which can introduce rounding issues.
         * @param wrappedToken The wrapped token corresponding to the buffer
         */
        error WrapAmountTooSmall(IERC4626 wrappedToken);
    
        /// @notice Buffer operation attempted while vault buffers are paused.
        error VaultBuffersArePaused();
    
        /// @notice Buffer shares were minted to the zero address.
        error BufferSharesInvalidReceiver();
    
        /// @notice Buffer shares were burned from the zero address.
        error BufferSharesInvalidOwner();
    
        /**
         * @notice The total supply of a buffer can't be lower than the absolute minimum.
         * @param totalSupply The total supply value that was below the minimum
         */
        error BufferTotalSupplyTooLow(uint256 totalSupply);
    
        /// @dev A wrap/unwrap operation consumed more or returned less underlying tokens than it should.
        error NotEnoughUnderlying(IERC4626 wrappedToken, uint256 expectedUnderlyingAmount, uint256 actualUnderlyingAmount);
    
        /// @dev A wrap/unwrap operation consumed more or returned less wrapped tokens than it should.
        error NotEnoughWrapped(IERC4626 wrappedToken, uint256 expectedWrappedAmount, uint256 actualWrappedAmount);
    
        /// @dev Shares issued during initialization are below the requested amount.
        error IssuedSharesBelowMin(uint256 issuedShares, uint256 minIssuedShares);
    
        /*******************************************************************************
                                        Miscellaneous
        *******************************************************************************/
    
        /// @notice Pool does not support adding / removing liquidity with an unbalanced input.
        error DoesNotSupportUnbalancedLiquidity();
    
        /// @notice The contract should not receive ETH.
        error CannotReceiveEth();
    
        /**
         * @notice The `VaultExtension` contract was called by an account directly.
         * @dev It can only be called by the Vault via delegatecall.
         */
        error NotVaultDelegateCall();
    
        /// @notice The `VaultExtension` contract was configured with an incorrect Vault address.
        error WrongVaultExtensionDeployment();
    
        /// @notice The `ProtocolFeeController` contract was configured with an incorrect Vault address.
        error WrongProtocolFeeControllerDeployment();
    
        /// @notice The `VaultAdmin` contract was configured with an incorrect Vault address.
        error WrongVaultAdminDeployment();
    
        /// @notice Quote reverted with a reserved error code.
        error QuoteResultSpoofed();
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import { IProtocolFeeController } from "./IProtocolFeeController.sol";
    import { IAuthorizer } from "./IAuthorizer.sol";
    import { IHooks } from "./IHooks.sol";
    import "./VaultTypes.sol";
    
    /// @dev Events are declared inside an interface (namespace) to improve DX with Typechain.
    interface IVaultEvents {
        /**
         * @notice A Pool was registered by calling `registerPool`.
         * @param pool The pool being registered
         * @param factory The factory creating the pool
         * @param tokenConfig An array of descriptors for the tokens the pool will manage
         * @param swapFeePercentage The static swap fee of the pool
         * @param pauseWindowEndTime The pool's pause window end time
         * @param roleAccounts Addresses the Vault will allow to change certain pool settings
         * @param hooksConfig Flags indicating which hooks the pool supports and address of hooks contract
         * @param liquidityManagement Supported liquidity management hook flags
         */
        event PoolRegistered(
            address indexed pool,
            address indexed factory,
            TokenConfig[] tokenConfig,
            uint256 swapFeePercentage,
            uint32 pauseWindowEndTime,
            PoolRoleAccounts roleAccounts,
            HooksConfig hooksConfig,
            LiquidityManagement liquidityManagement
        );
    
        /**
         * @notice A Pool was initialized by calling `initialize`.
         * @param pool The pool being initialized
         */
        event PoolInitialized(address indexed pool);
    
        /**
         * @notice A swap has occurred.
         * @param pool The pool with the tokens being swapped
         * @param tokenIn The token entering the Vault (balance increases)
         * @param tokenOut The token leaving the Vault (balance decreases)
         * @param amountIn Number of tokenIn tokens
         * @param amountOut Number of tokenOut tokens
         * @param swapFeePercentage Swap fee percentage applied (can differ if dynamic)
         * @param swapFeeAmount Swap fee amount paid
         */
        event Swap(
            address indexed pool,
            IERC20 indexed tokenIn,
            IERC20 indexed tokenOut,
            uint256 amountIn,
            uint256 amountOut,
            uint256 swapFeePercentage,
            uint256 swapFeeAmount
        );
    
        /**
         * @notice A wrap operation has occurred.
         * @param wrappedToken The wrapped token address
         * @param depositedUnderlying Number of underlying tokens deposited
         * @param mintedShares Number of shares (wrapped tokens) minted
         * @param bufferBalances The final buffer balances, packed in 128-bit words (underlying, wrapped)
         */
        event Wrap(
            IERC4626 indexed wrappedToken,
            uint256 depositedUnderlying,
            uint256 mintedShares,
            bytes32 bufferBalances
        );
    
        /**
         * @notice An unwrap operation has occurred.
         * @param wrappedToken The wrapped token address
         * @param burnedShares Number of shares (wrapped tokens) burned
         * @param withdrawnUnderlying Number of underlying tokens withdrawn
         * @param bufferBalances The final buffer balances, packed in 128-bit words (underlying, wrapped)
         */
        event Unwrap(
            IERC4626 indexed wrappedToken,
            uint256 burnedShares,
            uint256 withdrawnUnderlying,
            bytes32 bufferBalances
        );
    
        /**
         * @notice Liquidity has been added to a pool (including initialization).
         * @param pool The pool with liquidity added
         * @param liquidityProvider The user performing the operation
         * @param kind The add liquidity operation type (e.g., proportional, custom)
         * @param totalSupply The total supply of the pool after the operation
         * @param amountsAddedRaw The amount of each token that was added, sorted in token registration order
         * @param swapFeeAmountsRaw The total swap fees charged, sorted in token registration order
         */
        event LiquidityAdded(
            address indexed pool,
            address indexed liquidityProvider,
            AddLiquidityKind indexed kind,
            uint256 totalSupply,
            uint256[] amountsAddedRaw,
            uint256[] swapFeeAmountsRaw
        );
    
        /**
         * @notice Liquidity has been removed from a pool.
         * @param pool The pool with liquidity removed
         * @param liquidityProvider The user performing the operation
         * @param kind The remove liquidity operation type (e.g., proportional, custom)
         * @param totalSupply The total supply of the pool after the operation
         * @param amountsRemovedRaw The amount of each token that was removed, sorted in token registration order
         * @param swapFeeAmountsRaw The total swap fees charged, sorted in token registration order
         */
        event LiquidityRemoved(
            address indexed pool,
            address indexed liquidityProvider,
            RemoveLiquidityKind indexed kind,
            uint256 totalSupply,
            uint256[] amountsRemovedRaw,
            uint256[] swapFeeAmountsRaw
        );
    
        /**
         * @notice The Vault's pause status has changed.
         * @param paused True if the Vault was paused
         */
        event VaultPausedStateChanged(bool paused);
    
        /// @notice `disableQuery` has been called on the Vault, disabling query functionality.
        event VaultQueriesDisabled();
    
        /// @notice `enableQuery` has been called on the Vault, enabling query functionality.
        event VaultQueriesEnabled();
    
        /**
         * @notice A Pool's pause status has changed.
         * @param pool The pool that was just paused or unpaused
         * @param paused True if the pool was paused
         */
        event PoolPausedStateChanged(address indexed pool, bool paused);
    
        /**
         * @notice Emitted when the swap fee percentage of a pool is updated.
         * @param swapFeePercentage The new swap fee percentage for the pool
         */
        event SwapFeePercentageChanged(address indexed pool, uint256 swapFeePercentage);
    
        /**
         * @notice Recovery mode has been enabled or disabled for a pool.
         * @param pool The pool
         * @param recoveryMode True if recovery mode was enabled
         */
        event PoolRecoveryModeStateChanged(address indexed pool, bool recoveryMode);
    
        /**
         * @notice A protocol or pool creator fee has changed, causing an update to the aggregate swap fee.
         * @dev The `ProtocolFeeController` will emit an event with the underlying change.
         * @param pool The pool whose aggregate swap fee percentage changed
         * @param aggregateSwapFeePercentage The new aggregate swap fee percentage
         */
        event AggregateSwapFeePercentageChanged(address indexed pool, uint256 aggregateSwapFeePercentage);
    
        /**
         * @notice A protocol or pool creator fee has changed, causing an update to the aggregate yield fee.
         * @dev The `ProtocolFeeController` will emit an event with the underlying change.
         * @param pool The pool whose aggregate yield fee percentage changed
         * @param aggregateYieldFeePercentage The new aggregate yield fee percentage
         */
        event AggregateYieldFeePercentageChanged(address indexed pool, uint256 aggregateYieldFeePercentage);
    
        /**
         * @notice A new authorizer is set by `setAuthorizer`.
         * @param newAuthorizer The address of the new authorizer
         */
        event AuthorizerChanged(IAuthorizer indexed newAuthorizer);
    
        /**
         * @notice A new protocol fee controller is set by `setProtocolFeeController`.
         * @param newProtocolFeeController The address of the new protocol fee controller
         */
        event ProtocolFeeControllerChanged(IProtocolFeeController indexed newProtocolFeeController);
    
        /**
         * @notice Liquidity was added to an ERC4626 buffer corresponding to the given wrapped token.
         * @dev The underlying token can be derived from the wrapped token, so it's not included here.
         *
         * @param wrappedToken The wrapped token that identifies the buffer
         * @param amountUnderlying The amount of the underlying token that was deposited
         * @param amountWrapped The amount of the wrapped token that was deposited
         * @param bufferBalances The final buffer balances, packed in 128-bit words (underlying, wrapped)
         */
        event LiquidityAddedToBuffer(
            IERC4626 indexed wrappedToken,
            uint256 amountUnderlying,
            uint256 amountWrapped,
            bytes32 bufferBalances
        );
    
        /**
         * @notice Buffer shares were minted for an ERC4626 buffer corresponding to a given wrapped token.
         * @dev The shares are not tokenized like pool BPT, but accounted for in the Vault. `getBufferOwnerShares`
         * retrieves the current total shares for a given buffer and address, and `getBufferTotalShares` returns the
         * "totalSupply" of a buffer.
         *
         * @param wrappedToken The wrapped token that identifies the buffer
         * @param to The owner of the minted shares
         * @param issuedShares The amount of "internal BPT" shares created
         */
        event BufferSharesMinted(IERC4626 indexed wrappedToken, address indexed to, uint256 issuedShares);
    
        /**
         * @notice Buffer shares were burned for an ERC4626 buffer corresponding to a given wrapped token.
         * @dev The shares are not tokenized like pool BPT, but accounted for in the Vault. `getBufferOwnerShares`
         * retrieves the current total shares for a given buffer and address, and `getBufferTotalShares` returns the
         * "totalSupply" of a buffer.
         *
         * @param wrappedToken The wrapped token that identifies the buffer
         * @param from The owner of the burned shares
         * @param burnedShares The amount of "internal BPT" shares burned
         */
        event BufferSharesBurned(IERC4626 indexed wrappedToken, address indexed from, uint256 burnedShares);
    
        /**
         * @notice Liquidity was removed from an ERC4626 buffer.
         * @dev The underlying token can be derived from the wrapped token, so it's not included here.
         * @param wrappedToken The wrapped token that identifies the buffer
         * @param amountUnderlying The amount of the underlying token that was withdrawn
         * @param amountWrapped The amount of the wrapped token that was withdrawn
         * @param bufferBalances The final buffer balances, packed in 128-bit words (underlying, wrapped)
         */
        event LiquidityRemovedFromBuffer(
            IERC4626 indexed wrappedToken,
            uint256 amountUnderlying,
            uint256 amountWrapped,
            bytes32 bufferBalances
        );
    
        /**
         * @notice The Vault buffers pause status has changed.
         * @dev If buffers all paused, all buffer operations (i.e., all calls through the Router with `isBuffer`
         * set to true) will revert.
         *
         * @param paused True if the Vault buffers were paused
         */
        event VaultBuffersPausedStateChanged(bool paused);
    
        /**
         * @notice Pools can use this event to emit event data from the Vault.
         * @param pool Pool address
         * @param eventKey Event key
         * @param eventData Encoded event data
         */
        event VaultAuxiliary(address indexed pool, bytes32 indexed eventKey, bytes eventData);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import { IAuthorizer } from "./IAuthorizer.sol";
    import { IProtocolFeeController } from "./IProtocolFeeController.sol";
    import { IVault } from "./IVault.sol";
    import { IHooks } from "./IHooks.sol";
    import "./VaultTypes.sol";
    
    /**
     * @notice Interface for functions defined on the `VaultExtension` contract.
     * @dev `VaultExtension` handles less critical or frequently used functions, since delegate calls through
     * the Vault are more expensive than direct calls. The main Vault contains the core code for swaps and
     * liquidity operations.
     */
    interface IVaultExtension {
        /*******************************************************************************
                                  Constants and immutables
        *******************************************************************************/
    
        /**
         * @notice Returns the main Vault address.
         * @dev The main Vault contains the entrypoint and main liquidity operation implementations.
         * @return vault The address of the main Vault
         */
        function vault() external view returns (IVault);
    
        /**
         * @notice Returns the VaultAdmin contract address.
         * @dev The VaultAdmin contract mostly implements permissioned functions.
         * @return vaultAdmin The address of the Vault admin
         */
        function getVaultAdmin() external view returns (address vaultAdmin);
    
        /*******************************************************************************
                                  Transient Accounting
        *******************************************************************************/
    
        /**
         * @notice Returns whether the Vault is unlocked (i.e., executing an operation).
         * @dev The Vault must be unlocked to perform state-changing liquidity operations.
         * @return unlocked True if the Vault is unlocked, false otherwise
         */
        function isUnlocked() external view returns (bool unlocked);
    
        /**
         *  @notice Returns the count of non-zero deltas.
         *  @return nonzeroDeltaCount The current value of `_nonzeroDeltaCount`
         */
        function getNonzeroDeltaCount() external view returns (uint256 nonzeroDeltaCount);
    
        /**
         * @notice Retrieves the token delta for a specific token.
         * @dev This function allows reading the value from the `_tokenDeltas` mapping.
         * @param token The token for which the delta is being fetched
         * @return tokenDelta The delta of the specified token
         */
        function getTokenDelta(IERC20 token) external view returns (int256 tokenDelta);
    
        /**
         * @notice Retrieves the reserve (i.e., total Vault balance) of a given token.
         * @param token The token for which to retrieve the reserve
         * @return reserveAmount The amount of reserves for the given token
         */
        function getReservesOf(IERC20 token) external view returns (uint256 reserveAmount);
    
        /**
         * @notice This flag is used to detect and tax "round-trip" interactions (adding and removing liquidity in the
         * same pool).
         * @dev Taxing remove liquidity proportional whenever liquidity was added in the same `unlock` call adds an extra
         * layer of security, discouraging operations that try to undo others for profit. Remove liquidity proportional
         * is the only standard way to exit a position without fees, and this flag is used to enable fees in that case.
         * It also discourages indirect swaps via unbalanced add and remove proportional, as they are expected to be worse
         * than a simple swap for every pool type.
         *
         * @param pool Address of the pool to check
         * @return liquidityAdded True if liquidity has been added to this pool in the current transaction
         
         * Note that there is no `sessionId` argument; it always returns the value for the current (i.e., latest) session.
         */
        function getAddLiquidityCalledFlag(address pool) external view returns (bool liquidityAdded);
    
        /*******************************************************************************
                                        Pool Registration
        *******************************************************************************/
    
        /**
         * @notice Registers a pool, associating it with its factory and the tokens it manages.
         * @dev A pool can opt-out of pausing by providing a zero value for the pause window, or allow pausing indefinitely
         * by providing a large value. (Pool pause windows are not limited by the Vault maximums.) The vault defines an
         * additional buffer period during which a paused pool will stay paused. After the buffer period passes, a paused
         * pool will automatically unpause. Balancer timestamps are 32 bits.
         *
         * A pool can opt out of Balancer governance pausing by providing a custom `pauseManager`. This might be a
         * multi-sig contract or an arbitrary smart contract with its own access controls, that forwards calls to
         * the Vault.
         *
         * If the zero address is provided for the `pauseManager`, permissions for pausing the pool will default to the
         * authorizer.
         *
         * @param pool The address of the pool being registered
         * @param tokenConfig An array of descriptors for the tokens the pool will manage
         * @param swapFeePercentage The initial static swap fee percentage of the pool
         * @param pauseWindowEndTime The timestamp after which it is no longer possible to pause the pool
         * @param protocolFeeExempt If true, the pool's initial aggregate fees will be set to 0
         * @param roleAccounts Addresses the Vault will allow to change certain pool settings
         * @param poolHooksContract Contract that implements the hooks for the pool
         * @param liquidityManagement Liquidity management flags with implemented methods
         */
        function registerPool(
            address pool,
            TokenConfig[] memory tokenConfig,
            uint256 swapFeePercentage,
            uint32 pauseWindowEndTime,
            bool protocolFeeExempt,
            PoolRoleAccounts calldata roleAccounts,
            address poolHooksContract,
            LiquidityManagement calldata liquidityManagement
        ) external;
    
        /**
         * @notice Checks whether a pool is registered.
         * @param pool Address of the pool to check
         * @return registered True if the pool is registered, false otherwise
         */
        function isPoolRegistered(address pool) external view returns (bool registered);
    
        /**
         * @notice Initializes a registered pool by adding liquidity; mints BPT tokens for the first time in exchange.
         * @param pool Address of the pool to initialize
         * @param to Address that will receive the output BPT
         * @param tokens Tokens used to seed the pool (must match the registered tokens)
         * @param exactAmountsIn Exact amounts of input tokens
         * @param minBptAmountOut Minimum amount of output pool tokens
         * @param userData Additional (optional) data required for adding initial liquidity
         * @return bptAmountOut Output pool token amount
         */
        function initialize(
            address pool,
            address to,
            IERC20[] memory tokens,
            uint256[] memory exactAmountsIn,
            uint256 minBptAmountOut,
            bytes memory userData
        ) external returns (uint256 bptAmountOut);
    
        /*******************************************************************************
                                        Pool Information
        *******************************************************************************/
    
        /**
         * @notice Checks whether a pool is initialized.
         * @dev An initialized pool can be considered registered as well.
         * @param pool Address of the pool to check
         * @return initialized True if the pool is initialized, false otherwise
         */
        function isPoolInitialized(address pool) external view returns (bool initialized);
    
        /**
         * @notice Gets the tokens registered to a pool.
         * @param pool Address of the pool
         * @return tokens List of tokens in the pool
         */
        function getPoolTokens(address pool) external view returns (IERC20[] memory tokens);
    
        /**
         * @notice Gets pool token rates.
         * @dev This function performs external calls if tokens are yield-bearing. All returned arrays are in token
         * registration order.
         *
         * @param pool Address of the pool
         * @return decimalScalingFactors Conversion factor used to adjust for token decimals for uniform precision in
         * calculations. FP(1) for 18-decimal tokens
         * @return tokenRates 18-decimal FP values for rate tokens (e.g., yield-bearing), or FP(1) for standard tokens
         */
        function getPoolTokenRates(
            address pool
        ) external view returns (uint256[] memory decimalScalingFactors, uint256[] memory tokenRates);
    
        /**
         * @notice Returns comprehensive pool data for the given pool.
         * @dev This contains the pool configuration (flags), tokens and token types, rates, scaling factors, and balances.
         * @param pool The address of the pool
         * @return poolData The `PoolData` result
         */
        function getPoolData(address pool) external view returns (PoolData memory poolData);
    
        /**
         * @notice Gets the raw data for a pool: tokens, raw balances, scaling factors.
         * @param pool Address of the pool
         * @return tokens The pool tokens, sorted in registration order
         * @return tokenInfo Token info structs (type, rate provider, yield flag), sorted in token registration order
         * @return balancesRaw Current native decimal balances of the pool tokens, sorted in token registration order
         * @return lastBalancesLiveScaled18 Last saved live balances, sorted in token registration order
         */
        function getPoolTokenInfo(
            address pool
        )
            external
            view
            returns (
                IERC20[] memory tokens,
                TokenInfo[] memory tokenInfo,
                uint256[] memory balancesRaw,
                uint256[] memory lastBalancesLiveScaled18
            );
    
        /**
         * @notice Gets current live balances of a given pool (fixed-point, 18 decimals), corresponding to its tokens in
         * registration order.
         *
         * @param pool Address of the pool
         * @return balancesLiveScaled18 Token balances after paying yield fees, applying decimal scaling and rates
         */
        function getCurrentLiveBalances(address pool) external view returns (uint256[] memory balancesLiveScaled18);
    
        /**
         * @notice Gets the configuration parameters of a pool.
         * @dev The `PoolConfig` contains liquidity management and other state flags, fee percentages, the pause window.
         * @param pool Address of the pool
         * @return poolConfig The pool configuration as a `PoolConfig` struct
         */
        function getPoolConfig(address pool) external view returns (PoolConfig memory poolConfig);
    
        /**
         * @notice Gets the hooks configuration parameters of a pool.
         * @dev The `HooksConfig` contains flags indicating which pool hooks are implemented.
         * @param pool Address of the pool
         * @return hooksConfig The hooks configuration as a `HooksConfig` struct
         */
        function getHooksConfig(address pool) external view returns (HooksConfig memory hooksConfig);
    
        /**
         * @notice The current rate of a pool token (BPT) = invariant / totalSupply.
         * @param pool Address of the pool
         * @return rate BPT rate
         */
        function getBptRate(address pool) external view returns (uint256 rate);
    
        /*******************************************************************************
                                     Balancer Pool Tokens
        *******************************************************************************/
    
        /**
         * @notice Gets the total supply of a given ERC20 token.
         * @param token The token address
         * @return tokenTotalSupply Total supply of the token
         */
        function totalSupply(address token) external view returns (uint256 tokenTotalSupply);
    
        /**
         * @notice Gets the balance of an account for a given ERC20 token.
         * @param token Address of the token
         * @param account Address of the account
         * @return tokenBalance Token balance of the account
         */
        function balanceOf(address token, address account) external view returns (uint256 tokenBalance);
    
        /**
         * @notice Gets the allowance of a spender for a given ERC20 token and owner.
         * @param token Address of the token
         * @param owner Address of the owner
         * @param spender Address of the spender
         * @return tokenAllowance Amount of tokens the spender is allowed to spend
         */
        function allowance(address token, address owner, address spender) external view returns (uint256 tokenAllowance);
    
        /**
         * @notice Approves a spender to spend pool tokens on behalf of sender.
         * @dev Notice that the pool token address is not included in the params. This function is exclusively called by
         * the pool contract, so msg.sender is used as the token address.
         *
         * @param owner Address of the owner
         * @param spender Address of the spender
         * @param amount Amount of tokens to approve
         * @return success True if successful, false otherwise
         */
        function approve(address owner, address spender, uint256 amount) external returns (bool success);
    
        /*******************************************************************************
                                         Pool Pausing
        *******************************************************************************/
    
        /**
         * @notice Indicates whether a pool is paused.
         * @dev If a pool is paused, all non-Recovery Mode state-changing operations will revert.
         * @param pool The pool to be checked
         * @return poolPaused True if the pool is paused
         */
        function isPoolPaused(address pool) external view returns (bool poolPaused);
    
        /**
         * @notice Returns the paused status, and end times of the Pool's pause window and buffer period.
         * @dev Note that even when set to a paused state, the pool will automatically unpause at the end of
         * the buffer period. Balancer timestamps are 32 bits.
         *
         * @param pool The pool whose data is requested
         * @return poolPaused True if the Pool is paused
         * @return poolPauseWindowEndTime The timestamp of the end of the Pool's pause window
         * @return poolBufferPeriodEndTime The timestamp after which the Pool unpauses itself (if paused)
         * @return pauseManager The pause manager, or the zero address
         */
        function getPoolPausedState(
            address pool
        )
            external
            view
            returns (bool poolPaused, uint32 poolPauseWindowEndTime, uint32 poolBufferPeriodEndTime, address pauseManager);
    
        /*******************************************************************************
                                       ERC4626 Buffers
        *******************************************************************************/
    
        /**
         * @notice Checks if the wrapped token has an initialized buffer in the Vault.
         * @dev An initialized buffer should have an asset registered in the Vault.
         * @param wrappedToken Address of the wrapped token that implements IERC4626
         * @return isBufferInitialized True if the ERC4626 buffer is initialized
         */
        function isERC4626BufferInitialized(IERC4626 wrappedToken) external view returns (bool isBufferInitialized);
    
        /**
         * @notice Gets the registered asset for a given buffer.
         * @dev To avoid malicious wrappers (e.g., that might potentially change their asset after deployment), routers
         * should never call `wrapper.asset()` directly, at least without checking it against the asset registered with
         * the Vault on initialization.
         *
         * @param wrappedToken The wrapped token specifying the buffer
         * @return asset The underlying asset of the wrapped token
         */
        function getERC4626BufferAsset(IERC4626 wrappedToken) external view returns (address asset);
    
        /*******************************************************************************
                                              Fees
        *******************************************************************************/
    
        /**
         * @notice Returns the accumulated swap fees (including aggregate fees) in `token` collected by the pool.
         * @param pool The address of the pool for which aggregate fees have been collected
         * @param token The address of the token in which fees have been accumulated
         * @return swapFeeAmount The total amount of fees accumulated in the specified token
         */
        function getAggregateSwapFeeAmount(address pool, IERC20 token) external view returns (uint256 swapFeeAmount);
    
        /**
         * @notice Returns the accumulated yield fees (including aggregate fees) in `token` collected by the pool.
         * @param pool The address of the pool for which aggregate fees have been collected
         * @param token The address of the token in which fees have been accumulated
         * @return yieldFeeAmount The total amount of fees accumulated in the specified token
         */
        function getAggregateYieldFeeAmount(address pool, IERC20 token) external view returns (uint256 yieldFeeAmount);
    
        /**
         * @notice Fetches the static swap fee percentage for a given pool.
         * @param pool The address of the pool whose static swap fee percentage is being queried
         * @return swapFeePercentage The current static swap fee percentage for the specified pool
         */
        function getStaticSwapFeePercentage(address pool) external view returns (uint256 swapFeePercentage);
    
        /**
         * @notice Fetches the role accounts for a given pool (pause manager, swap manager, pool creator)
         * @param pool The address of the pool whose roles are being queried
         * @return roleAccounts A struct containing the role accounts for the pool (or 0 if unassigned)
         */
        function getPoolRoleAccounts(address pool) external view returns (PoolRoleAccounts memory roleAccounts);
    
        /**
         * @notice Query the current dynamic swap fee percentage of a pool, given a set of swap parameters.
         * @dev Reverts if the hook doesn't return the success flag set to `true`.
         * @param pool The pool
         * @param swapParams The swap parameters used to compute the fee
         * @return dynamicSwapFeePercentage The dynamic swap fee percentage
         */
        function computeDynamicSwapFeePercentage(
            address pool,
            PoolSwapParams memory swapParams
        ) external view returns (uint256 dynamicSwapFeePercentage);
    
        /**
         * @notice Returns the Protocol Fee Controller address.
         * @return protocolFeeController Address of the ProtocolFeeController
         */
        function getProtocolFeeController() external view returns (IProtocolFeeController protocolFeeController);
    
        /*******************************************************************************
                                         Recovery Mode
        *******************************************************************************/
    
        /**
         * @notice Checks whether a pool is in Recovery Mode.
         * @dev Recovery Mode enables a safe proportional withdrawal path, with no external calls.
         * @param pool Address of the pool to check
         * @return inRecoveryMode True if the pool is in Recovery Mode, false otherwise
         */
        function isPoolInRecoveryMode(address pool) external view returns (bool inRecoveryMode);
    
        /**
         * @notice Remove liquidity from a pool specifying exact pool tokens in, with proportional token amounts out.
         * The request is implemented by the Vault without any interaction with the pool, ensuring that
         * it works the same for all pools, and cannot be disabled by a new pool type.
         *
         * @param pool Address of the pool
         * @param from Address of user to burn pool tokens from
         * @param exactBptAmountIn Input pool token amount
         * @param minAmountsOut Minimum amounts of tokens to be received, sorted in token registration order
         * @return amountsOut Actual calculated amounts of output tokens, sorted in token registration order
         */
        function removeLiquidityRecovery(
            address pool,
            address from,
            uint256 exactBptAmountIn,
            uint256[] memory minAmountsOut
        ) external returns (uint256[] memory amountsOut);
    
        /*******************************************************************************
                                        Queries
        *******************************************************************************/
    
        /**
         * @notice Performs a callback on msg.sender with arguments provided in `data`.
         * @dev Used to query a set of operations on the Vault. Only off-chain eth_call are allowed,
         * anything else will revert.
         *
         * Allows querying any operation on the Vault that has the `onlyWhenUnlocked` modifier.
         *
         * Allows the external calling of a function via the Vault contract to
         * access Vault's functions guarded by `onlyWhenUnlocked`.
         * `transient` modifier ensuring balances changes within the Vault are settled.
         *
         * @param data Contains function signature and args to be passed to the msg.sender
         * @return result Resulting data from the call
         */
        function quote(bytes calldata data) external returns (bytes memory result);
    
        /**
         * @notice Performs a callback on msg.sender with arguments provided in `data`.
         * @dev Used to query a set of operations on the Vault. Only off-chain eth_call are allowed,
         * anything else will revert.
         *
         * Allows querying any operation on the Vault that has the `onlyWhenUnlocked` modifier.
         *
         * Allows the external calling of a function via the Vault contract to
         * access Vault's functions guarded by `onlyWhenUnlocked`.
         * `transient` modifier ensuring balances changes within the Vault are settled.
         *
         * This call always reverts, returning the result in the revert reason.
         *
         * @param data Contains function signature and args to be passed to the msg.sender
         */
        function quoteAndRevert(bytes calldata data) external;
    
        /**
         * @notice Returns true if queries are disabled on the Vault.
         * @dev If true, queries might either be disabled temporarily or permanently.
         * @return queryDisabled True if query functionality is reversibly disabled
         */
        function isQueryDisabled() external view returns (bool queryDisabled);
    
        /**
         * @notice Returns true if queries are disabled permanently; false if they are enabled.
         * @dev This is a one-way switch. Once queries are disabled permanently, they can never be re-enabled.
         * @return queryDisabledPermanently True if query functionality is permanently disabled
         */
        function isQueryDisabledPermanently() external view returns (bool queryDisabledPermanently);
    
        /**
         * @notice Pools can use this event to emit event data from the Vault.
         * @param eventKey Event key
         * @param eventData Encoded event data
         */
        function emitAuxiliaryEvent(bytes32 eventKey, bytes calldata eventData) external;
    
        /*******************************************************************************
                                    Authentication
        *******************************************************************************/
    
        /**
         * @notice Returns the Authorizer address.
         * @dev The authorizer holds the permissions granted by governance. It is set on Vault deployment,
         * and can be changed through a permissioned call.
         *
         * @return authorizer Address of the authorizer contract
         */
        function getAuthorizer() external view returns (IAuthorizer authorizer);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import "./VaultTypes.sol";
    
    /**
     * @notice Interface for functions defined on the main Vault contract.
     * @dev These are generally "critical path" functions (swap, add/remove liquidity) that are in the main contract
     * for technical or performance reasons.
     */
    interface IVaultMain {
        /*******************************************************************************
                                  Transient Accounting
        *******************************************************************************/
    
        /**
         * @notice Creates a context for a sequence of operations (i.e., "unlocks" the Vault).
         * @dev Performs a callback on msg.sender with arguments provided in `data`. The Callback is `transient`,
         * meaning all balances for the caller have to be settled at the end.
         *
         * @param data Contains function signature and args to be passed to the msg.sender
         * @return result Resulting data from the call
         */
        function unlock(bytes calldata data) external returns (bytes memory result);
    
        /**
         * @notice Settles deltas for a token; must be successful for the current lock to be released.
         * @dev Protects the caller against leftover dust in the Vault for the token being settled. The caller
         * should know in advance how many tokens were paid to the Vault, so it can provide it as a hint to discard any
         * excess in the Vault balance.
         *
         * If the given hint is equal to or higher than the difference in reserves, the difference in reserves is given as
         * credit to the caller. If it's higher, the caller sent fewer tokens than expected, so settlement would fail.
         *
         * If the given hint is lower than the difference in reserves, the hint is given as credit to the caller.
         * In this case, the excess would be absorbed by the Vault (and reflected correctly in the reserves), but would
         * not affect settlement.
         *
         * The credit supplied by the Vault can be calculated as `min(reserveDifference, amountHint)`, where the reserve
         * difference equals current balance of the token minus existing reserves of the token when the function is called.
         *
         * @param token Address of the token
         * @param amountHint Amount paid as reported by the caller
         * @return credit Credit received in return of the payment
         */
        function settle(IERC20 token, uint256 amountHint) external returns (uint256 credit);
    
        /**
         * @notice Sends tokens to a recipient.
         * @dev There is no inverse operation for this function. Transfer funds to the Vault and call `settle` to cancel
         * debts.
         *
         * @param token Address of the token
         * @param to Recipient address
         * @param amount Amount of tokens to send
         */
        function sendTo(IERC20 token, address to, uint256 amount) external;
    
        /***************************************************************************
                                           Swaps
        ***************************************************************************/
    
        /**
         * @notice Swaps tokens based on provided parameters.
         * @dev All parameters are given in raw token decimal encoding.
         * @param vaultSwapParams Parameters for the swap (see above for struct definition)
         * @return amountCalculatedRaw Calculated swap amount
         * @return amountInRaw Amount of input tokens for the swap
         * @return amountOutRaw Amount of output tokens from the swap
         */
        function swap(
            VaultSwapParams memory vaultSwapParams
        ) external returns (uint256 amountCalculatedRaw, uint256 amountInRaw, uint256 amountOutRaw);
    
        /***************************************************************************
                                       Add Liquidity
        ***************************************************************************/
    
        /**
         * @notice Adds liquidity to a pool.
         * @dev Caution should be exercised when adding liquidity because the Vault has the capability
         * to transfer tokens from any user, given that it holds all allowances.
         *
         * @param params Parameters for the add liquidity (see above for struct definition)
         * @return amountsIn Actual amounts of input tokens
         * @return bptAmountOut Output pool token amount
         * @return returnData Arbitrary (optional) data with an encoded response from the pool
         */
        function addLiquidity(
            AddLiquidityParams memory params
        ) external returns (uint256[] memory amountsIn, uint256 bptAmountOut, bytes memory returnData);
    
        /***************************************************************************
                                     Remove Liquidity
        ***************************************************************************/
    
        /**
         * @notice Removes liquidity from a pool.
         * @dev Trusted routers can burn pool tokens belonging to any user and require no prior approval from the user.
         * Untrusted routers require prior approval from the user. This is the only function allowed to call
         * _queryModeBalanceIncrease (and only in a query context).
         *
         * @param params Parameters for the remove liquidity (see above for struct definition)
         * @return bptAmountIn Actual amount of BPT burned
         * @return amountsOut Actual amounts of output tokens
         * @return returnData Arbitrary (optional) data with an encoded response from the pool
         */
        function removeLiquidity(
            RemoveLiquidityParams memory params
        ) external returns (uint256 bptAmountIn, uint256[] memory amountsOut, bytes memory returnData);
    
        /*******************************************************************************
                                        Pool Information
        *******************************************************************************/
    
        /**
         * @notice Gets the index of a token in a given pool.
         * @dev Reverts if the pool is not registered, or if the token does not belong to the pool.
         * @param pool Address of the pool
         * @param token Address of the token
         * @return tokenCount Number of tokens in the pool
         * @return index Index corresponding to the given token in the pool's token list
         */
        function getPoolTokenCountAndIndexOfToken(
            address pool,
            IERC20 token
        ) external view returns (uint256 tokenCount, uint256 index);
    
        /*******************************************************************************
                                     Balancer Pool Tokens
        *******************************************************************************/
    
        /**
         * @notice Transfers pool token from owner to a recipient.
         * @dev Notice that the pool token address is not included in the params. This function is exclusively called by
         * the pool contract, so msg.sender is used as the token address.
         *
         * @param owner Address of the owner
         * @param to Address of the recipient
         * @param amount Amount of tokens to transfer
         * @return success True if successful, false otherwise
         */
        function transfer(address owner, address to, uint256 amount) external returns (bool);
    
        /**
         * @notice Transfers pool token from a sender to a recipient using an allowance.
         * @dev Notice that the pool token address is not included in the params. This function is exclusively called by
         * the pool contract, so msg.sender is used as the token address.
         *
         * @param spender Address allowed to perform the transfer
         * @param from Address of the sender
         * @param to Address of the recipient
         * @param amount Amount of tokens to transfer
         * @return success True if successful, false otherwise
         */
        function transferFrom(address spender, address from, address to, uint256 amount) external returns (bool success);
    
        /*******************************************************************************
                                      ERC4626 Buffers
        *******************************************************************************/
    
        /**
         * @notice Wraps/unwraps tokens based on the parameters provided.
         * @dev All parameters are given in raw token decimal encoding. It requires the buffer to be initialized,
         * and uses the internal wrapped token buffer when it has enough liquidity to avoid external calls.
         *
         * @param params Parameters for the wrap/unwrap operation (see struct definition)
         * @return amountCalculatedRaw Calculated swap amount
         * @return amountInRaw Amount of input tokens for the swap
         * @return amountOutRaw Amount of output tokens from the swap
         */
        function erc4626BufferWrapOrUnwrap(
            BufferWrapOrUnwrapParams memory params
        ) external returns (uint256 amountCalculatedRaw, uint256 amountInRaw, uint256 amountOutRaw);
    
        /*******************************************************************************
                                         Miscellaneous
        *******************************************************************************/
    
        /**
         * @notice Returns the VaultExtension contract address.
         * @dev Function is in the main Vault contract. The VaultExtension handles less critical or frequently used
         * functions, since delegate calls through the Vault are more expensive than direct calls.
         *
         * @return vaultExtension Address of the VaultExtension
         */
        function getVaultExtension() external view returns (address vaultExtension);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
    
    import { IRateProvider } from "../solidity-utils/helpers/IRateProvider.sol";
    
    /**
     * @notice Represents a pool's liquidity management configuration.
     * @param disableUnbalancedLiquidity If set, liquidity can only be added or removed proportionally
     * @param enableAddLiquidityCustom If set, the pool has implemented `onAddLiquidityCustom`
     * @param enableRemoveLiquidityCustom If set, the pool has implemented `onRemoveLiquidityCustom`
     * @param enableDonation If set, the pool will not revert if liquidity is added with AddLiquidityKind.DONATION
     */
    struct LiquidityManagement {
        bool disableUnbalancedLiquidity;
        bool enableAddLiquidityCustom;
        bool enableRemoveLiquidityCustom;
        bool enableDonation;
    }
    
    // @notice Custom type to store the entire configuration of the pool.
    type PoolConfigBits is bytes32;
    
    /**
     * @notice Represents a pool's configuration (hooks configuration are separated in another struct).
     * @param liquidityManagement Flags related to adding/removing liquidity
     * @param staticSwapFeePercentage The pool's native swap fee
     * @param aggregateSwapFeePercentage The total swap fee charged, including protocol and pool creator components
     * @param aggregateYieldFeePercentage The total swap fee charged, including protocol and pool creator components
     * @param tokenDecimalDiffs Compressed storage of the token decimals of each pool token
     * @param pauseWindowEndTime Timestamp after which the pool cannot be paused
     * @param isPoolRegistered If true, the pool has been registered with the Vault
     * @param isPoolInitialized If true, the pool has been initialized with liquidity, and is available for trading
     * @param isPoolPaused If true, the pool has been paused (by governance or the pauseManager)
     * @param isPoolInRecoveryMode If true, the pool has been placed in recovery mode, enabling recovery mode withdrawals
     */
    struct PoolConfig {
        LiquidityManagement liquidityManagement;
        uint256 staticSwapFeePercentage;
        uint256 aggregateSwapFeePercentage;
        uint256 aggregateYieldFeePercentage;
        uint40 tokenDecimalDiffs;
        uint32 pauseWindowEndTime;
        bool isPoolRegistered;
        bool isPoolInitialized;
        bool isPoolPaused;
        bool isPoolInRecoveryMode;
    }
    
    /**
     * @notice The flag portion of the `HooksConfig`.
     * @dev `enableHookAdjustedAmounts` must be true for all contracts that modify the `amountCalculated`
     * in after hooks. Otherwise, the Vault will ignore any "hookAdjusted" amounts. Setting any "shouldCall"
     * flags to true will cause the Vault to call the corresponding hook during operations.
     */
    struct HookFlags {
        bool enableHookAdjustedAmounts;
        bool shouldCallBeforeInitialize;
        bool shouldCallAfterInitialize;
        bool shouldCallComputeDynamicSwapFee;
        bool shouldCallBeforeSwap;
        bool shouldCallAfterSwap;
        bool shouldCallBeforeAddLiquidity;
        bool shouldCallAfterAddLiquidity;
        bool shouldCallBeforeRemoveLiquidity;
        bool shouldCallAfterRemoveLiquidity;
    }
    
    /// @notice Represents a hook contract configuration for a pool (HookFlags + hooksContract address).
    struct HooksConfig {
        bool enableHookAdjustedAmounts;
        bool shouldCallBeforeInitialize;
        bool shouldCallAfterInitialize;
        bool shouldCallComputeDynamicSwapFee;
        bool shouldCallBeforeSwap;
        bool shouldCallAfterSwap;
        bool shouldCallBeforeAddLiquidity;
        bool shouldCallAfterAddLiquidity;
        bool shouldCallBeforeRemoveLiquidity;
        bool shouldCallAfterRemoveLiquidity;
        address hooksContract;
    }
    
    /**
     * @notice Represents temporary state used during a swap operation.
     * @param indexIn The zero-based index of tokenIn
     * @param indexOut The zero-based index of tokenOut
     * @param amountGivenScaled18 The amountGiven (i.e., tokenIn for ExactIn), adjusted for token decimals
     * @param swapFeePercentage The swap fee to be applied (might be static or dynamic)
     */
    struct SwapState {
        uint256 indexIn;
        uint256 indexOut;
        uint256 amountGivenScaled18;
        uint256 swapFeePercentage;
    }
    
    /**
     * @notice Represents the Vault's configuration.
     * @param isQueryDisabled If set to true, disables query functionality of the Vault. Can be modified by governance
     * @param isVaultPaused If set to true, swaps and add/remove liquidity operations are halted
     * @param areBuffersPaused If set to true, the Vault wrap/unwrap primitives associated with buffers will be disabled
     */
    struct VaultState {
        bool isQueryDisabled;
        bool isVaultPaused;
        bool areBuffersPaused;
    }
    
    /**
     * @notice Represents the accounts holding certain roles for a given pool. This is passed in on pool registration.
     * @param pauseManager Account empowered to pause/unpause the pool (note that governance can always pause a pool)
     * @param swapFeeManager Account empowered to set static swap fees for a pool (or 0 to delegate to governance)
     * @param poolCreator Account empowered to set the pool creator fee (or 0 if all fees go to the protocol and LPs)
     */
    struct PoolRoleAccounts {
        address pauseManager;
        address swapFeeManager;
        address poolCreator;
    }
    
    /*******************************************************************************
                                       Tokens
    *******************************************************************************/
    
    // Note that the following tokens are unsupported by the Vault. This list is not meant to be exhaustive, but covers
    // many common types of tokens that will not work with the Vault architecture. (See https://github.com/d-xo/weird-erc20
    // for examples of token features that are problematic for many protocols.)
    //
    // * Rebasing tokens (e.g., aDAI). The Vault keeps track of token balances in its internal accounting; any token whose
    //   balance changes asynchronously (i.e., outside a swap or liquidity operation), would get out-of-sync with this
    //   internal accounting. This category would also include "airdrop" tokens, whose balances can change unexpectedly.
    //
    // * Double entrypoint (e.g., old Synthetix tokens, now fixed). These could likewise bypass internal accounting by
    //   registering the token under one address, then accessing it through another. This is especially troublesome
    //   in v3, with the introduction of ERC4626 buffers.
    //
    // * Fee on transfer (e.g., PAXG). The Vault issues credits and debits according to given and calculated token amounts,
    //   and settlement assumes that the send/receive transfer functions transfer exactly the given number of tokens.
    //   If this is not the case, transactions will not settle. Unlike with the other types, which are fundamentally
    //   incompatible, it would be possible to design a Router to handle this - but we didn't try it. In any case, it's
    //   not supported in the current Routers.
    //
    // * Tokens with more than 18 decimals (e.g., YAM-V2). The Vault handles token scaling: i.e., handling I/O for
    //   amounts in native token decimals, but doing calculations with full 18-decimal precision. This requires reading
    //   and storing the decimals for each token. Since virtually all tokens are 18 or fewer decimals, and we have limited
    //   storage space, 18 was a reasonable maximum. Unlike the other types, this is enforceable by the Vault. Attempting
    //   to register such tokens will revert with `InvalidTokenDecimals`. Of course, we must also be able to read the token
    //   decimals, so the Vault only supports tokens that implement `IERC20Metadata.decimals`, and return a value less than
    //   or equal to 18.
    //
    //  * Token decimals are checked and stored only once, on registration. Valid tokens store their decimals as immutable
    //    variables or constants. Malicious tokens that don't respect this basic property would not work anywhere in DeFi.
    //
    // These types of tokens are supported but discouraged, as they don't tend to play well with AMMs generally.
    //
    // * Very low-decimal tokens (e.g., GUSD). The Vault has been extensively tested with 6-decimal tokens (e.g., USDC),
    //   but going much below that may lead to unanticipated effects due to precision loss, especially with smaller trade
    //   values.
    //
    // * Revert on zero value approval/transfer. The Vault has been tested against these, but peripheral contracts, such
    //   as hooks, might not have been designed with this in mind.
    //
    // * Other types from "weird-erc20," such as upgradeable, pausable, or tokens with blocklists. We have seen cases
    //   where a token upgrade fails, "bricking" the token - and many operations on pools containing that token. Any
    //   sort of "permissioned" token that can make transfers fail can cause operations on pools containing them to
    //   revert. Even Recovery Mode cannot help then, as it does a proportional withdrawal of all tokens. If one of
    //   them is bricked, the whole operation will revert. Since v3 does not have "internal balances" like v2, there
    //   is no recourse.
    //
    //   Of course, many tokens in common use have some of these "features" (especially centralized stable coins), so
    //   we have to support them anyway. Working with common centralized tokens is a risk common to all of DeFi.
    
    /**
     * @notice Token types supported by the Vault.
     * @dev In general, pools may contain any combination of these tokens.
     *
     * STANDARD tokens (e.g., BAL, WETH) have no rate provider.
     * WITH_RATE tokens (e.g., wstETH) require a rate provider. These may be tokens like wstETH, which need to be wrapped
     * because the underlying stETH token is rebasing, and such tokens are unsupported by the Vault. They may also be
     * tokens like sEUR, which track an underlying asset, but are not yield-bearing. Finally, this encompasses
     * yield-bearing ERC4626 tokens, which can be used to facilitate swaps without requiring wrapping or unwrapping
     * in most cases. The `paysYieldFees` flag can be used to indicate whether a token is yield-bearing (e.g., waDAI),
     * not yield-bearing (e.g., sEUR), or yield-bearing but exempt from fees (e.g., in certain nested pools, where
     * yield fees are charged elsewhere).
     *
     * NB: STANDARD must always be the first enum element, so that newly initialized data structures default to Standard.
     */
    enum TokenType {
        STANDARD,
        WITH_RATE
    }
    
    /**
     * @notice Encapsulate the data required for the Vault to support a token of the given type.
     * @dev For STANDARD tokens, the rate provider address must be 0, and paysYieldFees must be false. All WITH_RATE tokens
     * need a rate provider, and may or may not be yield-bearing.
     *
     * At registration time, it is useful to include the token address along with the token parameters in the structure
     * passed to `registerPool`, as the alternative would be parallel arrays, which would be error prone and require
     * validation checks. `TokenConfig` is only used for registration, and is never put into storage (see `TokenInfo`).
     *
     * @param token The token address
     * @param tokenType The token type (see the enum for supported types)
     * @param rateProvider The rate provider for a token (see further documentation above)
     * @param paysYieldFees Flag indicating whether yield fees should be charged on this token
     */
    struct TokenConfig {
        IERC20 token;
        TokenType tokenType;
        IRateProvider rateProvider;
        bool paysYieldFees;
    }
    
    /**
     * @notice This data structure is stored in `_poolTokenInfo`, a nested mapping from pool -> (token -> TokenInfo).
     * @dev Since the token is already the key of the nested mapping, it would be redundant (and an extra SLOAD) to store
     * it again in the struct. When we construct PoolData, the tokens are separated into their own array.
     *
     * @param tokenType The token type (see the enum for supported types)
     * @param rateProvider The rate provider for a token (see further documentation above)
     * @param paysYieldFees Flag indicating whether yield fees should be charged on this token
     */
    struct TokenInfo {
        TokenType tokenType;
        IRateProvider rateProvider;
        bool paysYieldFees;
    }
    
    /**
     * @notice Data structure used to represent the current pool state in memory
     * @param poolConfigBits Custom type to store the entire configuration of the pool.
     * @param tokens Pool tokens, sorted in token registration order
     * @param tokenInfo Configuration data for each token, sorted in token registration order
     * @param balancesRaw Token balances in native decimals
     * @param balancesLiveScaled18 Token balances after paying yield fees, applying decimal scaling and rates
     * @param tokenRates 18-decimal FP values for rate tokens (e.g., yield-bearing), or FP(1) for standard tokens
     * @param decimalScalingFactors Conversion factor used to adjust for token decimals for uniform precision in
     * calculations. It is 1e18 (FP 1) for 18-decimal tokens
     */
    struct PoolData {
        PoolConfigBits poolConfigBits;
        IERC20[] tokens;
        TokenInfo[] tokenInfo;
        uint256[] balancesRaw;
        uint256[] balancesLiveScaled18;
        uint256[] tokenRates;
        uint256[] decimalScalingFactors;
    }
    
    enum Rounding {
        ROUND_UP,
        ROUND_DOWN
    }
    
    /*******************************************************************************
                                        Swaps
    *******************************************************************************/
    
    enum SwapKind {
        EXACT_IN,
        EXACT_OUT
    }
    
    // There are two "SwapParams" structs defined below. `VaultSwapParams` corresponds to the external swap API defined
    // in the Router contracts, which uses explicit token addresses, the amount given and limit on the calculated amount
    // expressed in native token decimals, and optional user data passed in from the caller.
    //
    // `PoolSwapParams` passes some of this information through (kind, userData), but "translates" the parameters to fit
    // the internal swap API used by `IBasePool`. It scales amounts to full 18-decimal precision, adds the token balances,
    // converts the raw token addresses to indices, and adds the address of the Router originating the request. It does
    // not need the limit, since this is checked at the Router level.
    
    /**
     * @notice Data passed into primary Vault `swap` operations.
     * @param kind Type of swap (Exact In or Exact Out)
     * @param pool The pool with the tokens being swapped
     * @param tokenIn The token entering the Vault (balance increases)
     * @param tokenOut The token leaving the Vault (balance decreases)
     * @param amountGivenRaw Amount specified for tokenIn or tokenOut (depending on the type of swap)
     * @param limitRaw Minimum or maximum value of the calculated amount (depending on the type of swap)
     * @param userData Additional (optional) user data
     */
    struct VaultSwapParams {
        SwapKind kind;
        address pool;
        IERC20 tokenIn;
        IERC20 tokenOut;
        uint256 amountGivenRaw;
        uint256 limitRaw;
        bytes userData;
    }
    
    /**
     * @notice Data for a swap operation, used by contracts implementing `IBasePool`.
     * @param kind Type of swap (exact in or exact out)
     * @param amountGivenScaled18 Amount given based on kind of the swap (e.g., tokenIn for EXACT_IN)
     * @param balancesScaled18 Current pool balances
     * @param indexIn Index of tokenIn
     * @param indexOut Index of tokenOut
     * @param router The address (usually a router contract) that initiated a swap operation on the Vault
     * @param userData Additional (optional) data required for the swap
     */
    struct PoolSwapParams {
        SwapKind kind;
        uint256 amountGivenScaled18;
        uint256[] balancesScaled18;
        uint256 indexIn;
        uint256 indexOut;
        address router;
        bytes userData;
    }
    
    /**
     * @notice Data for the hook after a swap operation.
     * @param kind Type of swap (exact in or exact out)
     * @param tokenIn Token to be swapped from
     * @param tokenOut Token to be swapped to
     * @param amountInScaled18 Amount of tokenIn (entering the Vault)
     * @param amountOutScaled18 Amount of tokenOut (leaving the Vault)
     * @param tokenInBalanceScaled18 Updated (after swap) balance of tokenIn
     * @param tokenOutBalanceScaled18 Updated (after swap) balance of tokenOut
     * @param amountCalculatedScaled18 Token amount calculated by the swap
     * @param amountCalculatedRaw Token amount calculated by the swap
     * @param router The address (usually a router contract) that initiated a swap operation on the Vault
     * @param pool Pool address
     * @param userData Additional (optional) data required for the swap
     */
    struct AfterSwapParams {
        SwapKind kind;
        IERC20 tokenIn;
        IERC20 tokenOut;
        uint256 amountInScaled18;
        uint256 amountOutScaled18;
        uint256 tokenInBalanceScaled18;
        uint256 tokenOutBalanceScaled18;
        uint256 amountCalculatedScaled18;
        uint256 amountCalculatedRaw;
        address router;
        address pool;
        bytes userData;
    }
    
    /*******************************************************************************
                                    Add liquidity
    *******************************************************************************/
    
    enum AddLiquidityKind {
        PROPORTIONAL,
        UNBALANCED,
        SINGLE_TOKEN_EXACT_OUT,
        DONATION,
        CUSTOM
    }
    
    /**
     * @notice Data for an add liquidity operation.
     * @param pool Address of the pool
     * @param to Address of user to mint to
     * @param maxAmountsIn Maximum amounts of input tokens
     * @param minBptAmountOut Minimum amount of output pool tokens
     * @param kind Add liquidity kind
     * @param userData Optional user data
     */
    struct AddLiquidityParams {
        address pool;
        address to;
        uint256[] maxAmountsIn;
        uint256 minBptAmountOut;
        AddLiquidityKind kind;
        bytes userData;
    }
    
    /*******************************************************************************
                                    Remove liquidity
    *******************************************************************************/
    
    enum RemoveLiquidityKind {
        PROPORTIONAL,
        SINGLE_TOKEN_EXACT_IN,
        SINGLE_TOKEN_EXACT_OUT,
        CUSTOM
    }
    
    /**
     * @notice Data for an remove liquidity operation.
     * @param pool Address of the pool
     * @param from Address of user to burn from
     * @param maxBptAmountIn Maximum amount of input pool tokens
     * @param minAmountsOut Minimum amounts of output tokens
     * @param kind Remove liquidity kind
     * @param userData Optional user data
     */
    struct RemoveLiquidityParams {
        address pool;
        address from;
        uint256 maxBptAmountIn;
        uint256[] minAmountsOut;
        RemoveLiquidityKind kind;
        bytes userData;
    }
    
    /*******************************************************************************
                                    Remove liquidity
    *******************************************************************************/
    
    enum WrappingDirection {
        WRAP,
        UNWRAP
    }
    
    /**
     * @notice Data for a wrap/unwrap operation.
     * @param kind Type of swap (Exact In or Exact Out)
     * @param direction Direction of the wrapping operation (Wrap or Unwrap)
     * @param wrappedToken Wrapped token, compatible with interface ERC4626
     * @param amountGivenRaw Amount specified for tokenIn or tokenOut (depends on the type of swap and wrapping direction)
     * @param limitRaw Minimum or maximum amount specified for the other token (depends on the type of swap and wrapping
     * direction)
     */
    struct BufferWrapOrUnwrapParams {
        SwapKind kind;
        WrappingDirection direction;
        IERC4626 wrappedToken;
        uint256 amountGivenRaw;
        uint256 limitRaw;
    }
    
    // Protocol Fees are 24-bit values. We transform them by multiplying by 1e11, so that they can be set to any value
    // between 0% and 100% (step 0.00001%). Protocol and pool creator fees are set in the `ProtocolFeeController`, and
    // ensure both constituent and aggregate fees do not exceed this precision.
    uint256 constant FEE_BITLENGTH = 24;
    uint256 constant FEE_SCALING_FACTOR = 1e11;
    // Used to ensure the safety of fee-related math (e.g., pools or hooks don't set it greater than 100%).
    // This value should work for practical purposes and is well within the max precision requirements.
    uint256 constant MAX_FEE_PERCENTAGE = 99.9999e16; // 99.9999%

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IVault } from "@balancer-labs/v3-interfaces/contracts/vault/IVault.sol";
    
    import { Authentication } from "@balancer-labs/v3-solidity-utils/contracts/helpers/Authentication.sol";
    
    /// @dev Base contract for performing access control on external functions within pools.
    abstract contract BasePoolAuthentication is Authentication {
        IVault private immutable _vault;
    
        /**
         * @dev Pools should use the pool factory as the disambiguator passed into the base Authentication contract.
         * Otherwise, permissions would conflict if different pools reused function names.
         */
        constructor(IVault vault, address factory) Authentication(bytes32(uint256(uint160(factory)))) {
            _vault = vault;
        }
    
        // Access control is delegated to the Authorizer in the `_canPerform` functions.
    
        function _canPerform(bytes32 actionId, address user) internal view override returns (bool) {
            return _vault.getAuthorizer().canPerform(actionId, user, address(this));
        }
    
        function _canPerform(bytes32 actionId, address account, address where) internal view returns (bool) {
            return _vault.getAuthorizer().canPerform(actionId, account, where);
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    
    import { TokenInfo, PoolConfig } from "@balancer-labs/v3-interfaces/contracts/vault/VaultTypes.sol";
    import { IPoolInfo } from "@balancer-labs/v3-interfaces/contracts/pool-utils/IPoolInfo.sol";
    import { IVault } from "@balancer-labs/v3-interfaces/contracts/vault/IVault.sol";
    
    /**
     * @notice Standard implementation of the `IPoolInfo` interface.
     * @dev Balancer standard pools inherit from this optional interface to provide a standard off-chain interface for
     * commonly requested data.
     */
    contract PoolInfo is IPoolInfo {
        IVault private immutable _vault;
    
        constructor(IVault vault) {
            _vault = vault;
        }
    
        /// @inheritdoc IPoolInfo
        function getTokens() external view returns (IERC20[] memory tokens) {
            return _vault.getPoolTokens(address(this));
        }
    
        /// @inheritdoc IPoolInfo
        function getTokenInfo()
            external
            view
            returns (
                IERC20[] memory tokens,
                TokenInfo[] memory tokenInfo,
                uint256[] memory balancesRaw,
                uint256[] memory lastBalancesLiveScaled18
            )
        {
            return _vault.getPoolTokenInfo(address(this));
        }
    
        /// @inheritdoc IPoolInfo
        function getCurrentLiveBalances() external view returns (uint256[] memory balancesLiveScaled18) {
            return _vault.getCurrentLiveBalances(address(this));
        }
    
        /// @inheritdoc IPoolInfo
        function getStaticSwapFeePercentage() external view returns (uint256) {
            return _vault.getStaticSwapFeePercentage((address(this)));
        }
    
        /// @inheritdoc IPoolInfo
        function getAggregateFeePercentages()
            external
            view
            returns (uint256 aggregateSwapFeePercentage, uint256 aggregateYieldFeePercentage)
        {
            PoolConfig memory poolConfig = _vault.getPoolConfig(address(this));
    
            aggregateSwapFeePercentage = poolConfig.aggregateSwapFeePercentage;
            aggregateYieldFeePercentage = poolConfig.aggregateYieldFeePercentage;
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IAuthentication } from "@balancer-labs/v3-interfaces/contracts/solidity-utils/helpers/IAuthentication.sol";
    
    /**
     * @notice Building block for performing access control on external functions.
     * @dev This contract is used via the `authenticate` modifier (or the `_authenticateCaller` function), which can be
     * applied to external functions to make them only callable by authorized accounts.
     *
     * Derived contracts must implement the `_canPerform` function, which holds the actual access control logic.
     */
    abstract contract Authentication is IAuthentication {
        bytes32 private immutable _actionIdDisambiguator;
    
        /**
         * @dev The main purpose of the `actionIdDisambiguator` is to prevent accidental function selector collisions in
         * multi-contract systems.
         *
         * There are two main uses for it:
         *  - if the contract is a singleton, any unique identifier can be used to make the associated action identifiers
         *    unique. The contract's own address is a good option.
         *  - if the contract belongs to a family that shares action identifiers for the same functions, an identifier
         *    shared by the entire family (and no other contract) should be used instead.
         */
        constructor(bytes32 actionIdDisambiguator) {
            _actionIdDisambiguator = actionIdDisambiguator;
        }
    
        /// @dev Reverts unless the caller is allowed to call this function. Should only be applied to external functions.
        modifier authenticate() {
            _authenticateCaller();
            _;
        }
    
        /// @dev Reverts unless the caller is allowed to call the entry point function.
        function _authenticateCaller() internal view {
            bytes32 actionId = getActionId(msg.sig);
    
            if (!_canPerform(actionId, msg.sender)) {
                revert SenderNotAllowed();
            }
        }
    
        /// @inheritdoc IAuthentication
        function getActionId(bytes4 selector) public view override returns (bytes32) {
            // Each external function is dynamically assigned an action identifier as the hash of the disambiguator and the
            // function selector. Disambiguation is necessary to avoid potential collisions in the function selectors of
            // multiple contracts.
            return keccak256(abi.encodePacked(_actionIdDisambiguator, selector));
        }
    
        /**
         * @dev Derived contracts must implement this function to perform the actual access control logic.
         * @param actionId The action identifier associated with an external function
         * @param user The account performing the action
         * @return success True if the action is permitted
         */
        function _canPerform(bytes32 actionId, address user) internal view virtual returns (bool);
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IVersion } from "@balancer-labs/v3-interfaces/contracts/solidity-utils/helpers/IVersion.sol";
    
    /**
     * @notice Retrieves a contract's version from storage.
     * @dev The version is set at deployment time and cannot be changed. It would be immutable, but immutable strings
     * are not yet supported.
     *
     * Contracts like factories and pools should have versions. These typically take the form of JSON strings containing
     * detailed information about the deployment. For instance:
     *
     * `{name: 'ChildChainGaugeFactory', version: 2, deployment: '20230316-child-chain-gauge-factory-v2'}`
     */
    contract Version is IVersion {
        string private _version;
    
        constructor(string memory version_) {
            _setVersion(version_);
        }
    
        /**
         * @notice Getter for the version.
         * @return version The stored contract version
         */
        function version() external view returns (string memory) {
            return _version;
        }
    
        /// @dev Internal setter that allows this contract to be used in proxies.
        function _setVersion(string memory newVersion) internal {
            _version = newVersion;
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { LogExpMath } from "./LogExpMath.sol";
    
    /// @notice Support 18-decimal fixed point arithmetic. All Vault calculations use this for high and uniform precision.
    library FixedPoint {
        /// @notice Attempted division by zero.
        error ZeroDivision();
    
        // solhint-disable no-inline-assembly
        // solhint-disable private-vars-leading-underscore
    
        uint256 internal constant ONE = 1e18; // 18 decimal places
        uint256 internal constant TWO = 2 * ONE;
        uint256 internal constant FOUR = 4 * ONE;
        uint256 internal constant MAX_POW_RELATIVE_ERROR = 10000; // 10^(-14)
    
        function mulDown(uint256 a, uint256 b) internal pure returns (uint256) {
            // Multiplication overflow protection is provided by Solidity 0.8.x.
            uint256 product = a * b;
    
            return product / ONE;
        }
    
        function mulUp(uint256 a, uint256 b) internal pure returns (uint256 result) {
            // Multiplication overflow protection is provided by Solidity 0.8.x.
            uint256 product = a * b;
    
            // Equivalent to:
            // result = product == 0 ? 0 : ((product - 1) / FixedPoint.ONE) + 1
            assembly ("memory-safe") {
                result := mul(iszero(iszero(product)), add(div(sub(product, 1), ONE), 1))
            }
        }
    
        function divDown(uint256 a, uint256 b) internal pure returns (uint256) {
            // Solidity 0.8 reverts with a Panic code (0x11) if the multiplication overflows.
            uint256 aInflated = a * ONE;
    
            // Solidity 0.8 reverts with a "Division by Zero" Panic code (0x12) if b is zero
            return aInflated / b;
        }
    
        function divUp(uint256 a, uint256 b) internal pure returns (uint256 result) {
            return mulDivUp(a, ONE, b);
        }
    
        /// @dev Return (a * b) / c, rounding up.
        function mulDivUp(uint256 a, uint256 b, uint256 c) internal pure returns (uint256 result) {
            // This check is required because Yul's `div` doesn't revert on c==0.
            if (c == 0) {
                revert ZeroDivision();
            }
    
            // Multiple overflow protection is done by Solidity 0.8.x.
            uint256 product = a * b;
    
            // The traditional divUp formula is:
            // divUp(x, y) := (x + y - 1) / y
            // To avoid intermediate overflow in the addition, we distribute the division and get:
            // divUp(x, y) := (x - 1) / y + 1
            // Note that this requires x != 0, if x == 0 then the result is zero
            //
            // Equivalent to:
            // result = a == 0 ? 0 : (a * b - 1) / c + 1
            assembly ("memory-safe") {
                result := mul(iszero(iszero(product)), add(div(sub(product, 1), c), 1))
            }
        }
    
        /**
         * @dev Version of divUp when the input is raw (i.e., already "inflated"). For instance,
         * invariant * invariant (36 decimals) vs. invariant.mulDown(invariant) (18 decimal FP).
         * This can occur in calculations with many successive multiplications and divisions, and
         * we want to minimize the number of operations by avoiding unnecessary scaling by ONE.
         */
        function divUpRaw(uint256 a, uint256 b) internal pure returns (uint256 result) {
            // This check is required because Yul's `div` doesn't revert on b==0.
            if (b == 0) {
                revert ZeroDivision();
            }
    
            // Equivalent to:
            // result = a == 0 ? 0 : 1 + (a - 1) / b
            assembly ("memory-safe") {
                result := mul(iszero(iszero(a)), add(1, div(sub(a, 1), b)))
            }
        }
    
        /**
         * @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above
         * the true value (that is, the error function expected - actual is always positive).
         */
        function powDown(uint256 x, uint256 y) internal pure returns (uint256) {
            // Optimize for when y equals 1.0, 2.0 or 4.0, as those are very simple to implement and occur often in 50/50
            // and 80/20 Weighted Pools
            if (y == ONE) {
                return x;
            } else if (y == TWO) {
                return mulDown(x, x);
            } else if (y == FOUR) {
                uint256 square = mulDown(x, x);
                return mulDown(square, square);
            } else {
                uint256 raw = LogExpMath.pow(x, y);
                uint256 maxError = mulUp(raw, MAX_POW_RELATIVE_ERROR) + 1;
    
                if (raw < maxError) {
                    return 0;
                } else {
                    unchecked {
                        return raw - maxError;
                    }
                }
            }
        }
    
        /**
         * @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below
         * the true value (that is, the error function expected - actual is always negative).
         */
        function powUp(uint256 x, uint256 y) internal pure returns (uint256) {
            // Optimize for when y equals 1.0, 2.0 or 4.0, as those are very simple to implement and occur often in 50/50
            // and 80/20 Weighted Pools
            if (y == ONE) {
                return x;
            } else if (y == TWO) {
                return mulUp(x, x);
            } else if (y == FOUR) {
                uint256 square = mulUp(x, x);
                return mulUp(square, square);
            } else {
                uint256 raw = LogExpMath.pow(x, y);
                uint256 maxError = mulUp(raw, MAX_POW_RELATIVE_ERROR) + 1;
    
                return raw + maxError;
            }
        }
    
        /**
         * @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1.
         *
         * Useful when computing the complement for values with some level of relative error, as it strips this error and
         * prevents intermediate negative values.
         */
        function complement(uint256 x) internal pure returns (uint256 result) {
            // Equivalent to:
            // result = (x < ONE) ? (ONE - x) : 0
            assembly ("memory-safe") {
                result := mul(lt(x, ONE), sub(ONE, x))
            }
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.24;
    
    // solhint-disable
    
    /**
     * @dev Exponentiation and logarithm functions for 18 decimal fixed point numbers (both base and exponent/argument).
     *
     * Exponentiation and logarithm with arbitrary bases (x^y and log_x(y)) are implemented by conversion to natural
     * exponentiation and logarithm (where the base is Euler's number).
     *
     * All math operations are unchecked in order to save gas.
     *
     * @author Fernando Martinelli - @fernandomartinelli
     * @author Sergio Yuhjtman     - @sergioyuhjtman
     * @author Daniel Fernandez    - @dmf7z
     */
    library LogExpMath {
        /// @notice This error is thrown when a base is not within an acceptable range.
        error BaseOutOfBounds();
    
        /// @notice This error is thrown when a exponent is not within an acceptable range.
        error ExponentOutOfBounds();
    
        /// @notice This error is thrown when the exponent * ln(base) is not within an acceptable range.
        error ProductOutOfBounds();
    
        /// @notice This error is thrown when an exponent used in the exp function is not within an acceptable range.
        error InvalidExponent();
    
        /// @notice This error is thrown when a variable or result is not within the acceptable bounds defined in the function.
        error OutOfBounds();
    
        // All fixed point multiplications and divisions are inlined. This means we need to divide by ONE when multiplying
        // two numbers, and multiply by ONE when dividing them.
    
        // All arguments and return values are 18 decimal fixed point numbers.
        int256 constant ONE_18 = 1e18;
    
        // Internally, intermediate values are computed with higher precision as 20 decimal fixed point numbers, and in the
        // case of ln36, 36 decimals.
        int256 constant ONE_20 = 1e20;
        int256 constant ONE_36 = 1e36;
    
        // The domain of natural exponentiation is bound by the word size and number of decimals used.
        //
        // Because internally the result will be stored using 20 decimals, the largest possible result is
        // (2^255 - 1) / 10^20, which makes the largest exponent ln((2^255 - 1) / 10^20) = 130.700829182905140221.
        // The smallest possible result is 10^(-18), which makes largest negative argument
        // ln(10^(-18)) = -41.446531673892822312.
        // We use 130.0 and -41.0 to have some safety margin.
        int256 constant MAX_NATURAL_EXPONENT = 130e18;
        int256 constant MIN_NATURAL_EXPONENT = -41e18;
    
        // Bounds for ln_36's argument. Both ln(0.9) and ln(1.1) can be represented with 36 decimal places in a fixed point
        // 256 bit integer.
        int256 constant LN_36_LOWER_BOUND = ONE_18 - 1e17;
        int256 constant LN_36_UPPER_BOUND = ONE_18 + 1e17;
    
        uint256 constant MILD_EXPONENT_BOUND = 2 ** 254 / uint256(ONE_20);
    
        // 18 decimal constants
        int256 constant x0 = 128000000000000000000; // 2ˆ7
        int256 constant a0 = 38877084059945950922200000000000000000000000000000000000; // eˆ(x0) (no decimals)
        int256 constant x1 = 64000000000000000000; // 2ˆ6
        int256 constant a1 = 6235149080811616882910000000; // eˆ(x1) (no decimals)
    
        // 20 decimal constants
        int256 constant x2 = 3200000000000000000000; // 2ˆ5
        int256 constant a2 = 7896296018268069516100000000000000; // eˆ(x2)
        int256 constant x3 = 1600000000000000000000; // 2ˆ4
        int256 constant a3 = 888611052050787263676000000; // eˆ(x3)
        int256 constant x4 = 800000000000000000000; // 2ˆ3
        int256 constant a4 = 298095798704172827474000; // eˆ(x4)
        int256 constant x5 = 400000000000000000000; // 2ˆ2
        int256 constant a5 = 5459815003314423907810; // eˆ(x5)
        int256 constant x6 = 200000000000000000000; // 2ˆ1
        int256 constant a6 = 738905609893065022723; // eˆ(x6)
        int256 constant x7 = 100000000000000000000; // 2ˆ0
        int256 constant a7 = 271828182845904523536; // eˆ(x7)
        int256 constant x8 = 50000000000000000000; // 2ˆ-1
        int256 constant a8 = 164872127070012814685; // eˆ(x8)
        int256 constant x9 = 25000000000000000000; // 2ˆ-2
        int256 constant a9 = 128402541668774148407; // eˆ(x9)
        int256 constant x10 = 12500000000000000000; // 2ˆ-3
        int256 constant a10 = 113314845306682631683; // eˆ(x10)
        int256 constant x11 = 6250000000000000000; // 2ˆ-4
        int256 constant a11 = 106449445891785942956; // eˆ(x11)
    
        /**
         * @dev Exponentiation (x^y) with unsigned 18 decimal fixed point base and exponent.
         *
         * Reverts if ln(x) * y is smaller than `MIN_NATURAL_EXPONENT`, or larger than `MAX_NATURAL_EXPONENT`.
         */
        function pow(uint256 x, uint256 y) internal pure returns (uint256) {
            if (y == 0) {
                // We solve the 0^0 indetermination by making it equal one.
                return uint256(ONE_18);
            }
    
            if (x == 0) {
                return 0;
            }
    
            // Instead of computing x^y directly, we instead rely on the properties of logarithms and exponentiation to
            // arrive at that result. In particular, exp(ln(x)) = x, and ln(x^y) = y * ln(x). This means
            // x^y = exp(y * ln(x)).
    
            // The ln function takes a signed value, so we need to make sure x fits in the signed 256 bit range.
            if (x >> 255 != 0) {
                revert BaseOutOfBounds();
            }
            int256 x_int256 = int256(x);
    
            // We will compute y * ln(x) in a single step. Depending on the value of x, we can either use ln or ln_36. In
            // both cases, we leave the division by ONE_18 (due to fixed point multiplication) to the end.
    
            // This prevents y * ln(x) from overflowing, and at the same time guarantees y fits in the signed 256 bit range.
            if (y >= MILD_EXPONENT_BOUND) {
                revert ExponentOutOfBounds();
            }
            int256 y_int256 = int256(y);
    
            int256 logx_times_y;
            unchecked {
                if (LN_36_LOWER_BOUND < x_int256 && x_int256 < LN_36_UPPER_BOUND) {
                    int256 ln_36_x = _ln_36(x_int256);
    
                    // ln_36_x has 36 decimal places, so multiplying by y_int256 isn't as straightforward, since we can't just
                    // bring y_int256 to 36 decimal places, as it might overflow. Instead, we perform two 18 decimal
                    // multiplications and add the results: one with the first 18 decimals of ln_36_x, and one with the
                    // (downscaled) last 18 decimals.
                    logx_times_y = ((ln_36_x / ONE_18) * y_int256 + ((ln_36_x % ONE_18) * y_int256) / ONE_18);
                } else {
                    logx_times_y = _ln(x_int256) * y_int256;
                }
                logx_times_y /= ONE_18;
            }
    
            // Finally, we compute exp(y * ln(x)) to arrive at x^y
            if (!(MIN_NATURAL_EXPONENT <= logx_times_y && logx_times_y <= MAX_NATURAL_EXPONENT)) {
                revert ProductOutOfBounds();
            }
    
            return uint256(exp(logx_times_y));
        }
    
        /**
         * @dev Natural exponentiation (e^x) with signed 18 decimal fixed point exponent.
         *
         * Reverts if `x` is smaller than MIN_NATURAL_EXPONENT, or larger than `MAX_NATURAL_EXPONENT`.
         */
        function exp(int256 x) internal pure returns (int256) {
            if (!(x >= MIN_NATURAL_EXPONENT && x <= MAX_NATURAL_EXPONENT)) {
                revert InvalidExponent();
            }
    
            // We avoid using recursion here because zkSync doesn't support it.
            bool negativeExponent = false;
    
            if (x < 0) {
                // We only handle positive exponents: e^(-x) is computed as 1 / e^x. We can safely make x positive since it
                // fits in the signed 256 bit range (as it is larger than MIN_NATURAL_EXPONENT). In the negative
                // exponent case, compute e^x, then return 1 / result.
                unchecked {
                    x = -x;
                }
                negativeExponent = true;
            }
    
            // First, we use the fact that e^(x+y) = e^x * e^y to decompose x into a sum of powers of two, which we call x_n,
            // where x_n == 2^(7 - n), and e^x_n = a_n has been precomputed. We choose the first x_n, x0, to equal 2^7
            // because all larger powers are larger than MAX_NATURAL_EXPONENT, and therefore not present in the
            // decomposition.
            // At the end of this process we will have the product of all e^x_n = a_n that apply, and the remainder of this
            // decomposition, which will be lower than the smallest x_n.
            // exp(x) = k_0 * a_0 * k_1 * a_1 * ... + k_n * a_n * exp(remainder), where each k_n equals either 0 or 1.
            // We mutate x by subtracting x_n, making it the remainder of the decomposition.
    
            // The first two a_n (e^(2^7) and e^(2^6)) are too large if stored as 18 decimal numbers, and could cause
            // intermediate overflows. Instead we store them as plain integers, with 0 decimals.
            // Additionally, x0 + x1 is larger than MAX_NATURAL_EXPONENT, which means they will not both be present in the
            // decomposition.
    
            // For each x_n, we test if that term is present in the decomposition (if x is larger than it), and if so deduct
            // it and compute the accumulated product.
    
            int256 firstAN;
            unchecked {
                if (x >= x0) {
                    x -= x0;
                    firstAN = a0;
                } else if (x >= x1) {
                    x -= x1;
                    firstAN = a1;
                } else {
                    firstAN = 1; // One with no decimal places
                }
    
                // We now transform x into a 20 decimal fixed point number, to have enhanced precision when computing the
                // smaller terms.
                x *= 100;
            }
    
            // `product` is the accumulated product of all a_n (except a0 and a1), which starts at 20 decimal fixed point
            // one. Recall that fixed point multiplication requires dividing by ONE_20.
            int256 product = ONE_20;
    
            unchecked {
                if (x >= x2) {
                    x -= x2;
                    product = (product * a2) / ONE_20;
                }
                if (x >= x3) {
                    x -= x3;
                    product = (product * a3) / ONE_20;
                }
                if (x >= x4) {
                    x -= x4;
                    product = (product * a4) / ONE_20;
                }
                if (x >= x5) {
                    x -= x5;
                    product = (product * a5) / ONE_20;
                }
                if (x >= x6) {
                    x -= x6;
                    product = (product * a6) / ONE_20;
                }
                if (x >= x7) {
                    x -= x7;
                    product = (product * a7) / ONE_20;
                }
                if (x >= x8) {
                    x -= x8;
                    product = (product * a8) / ONE_20;
                }
                if (x >= x9) {
                    x -= x9;
                    product = (product * a9) / ONE_20;
                }
            }
    
            // x10 and x11 are unnecessary here since we have high enough precision already.
    
            // Now we need to compute e^x, where x is small (in particular, it is smaller than x9). We use the Taylor series
            // expansion for e^x: 1 + x + (x^2 / 2!) + (x^3 / 3!) + ... + (x^n / n!).
    
            int256 seriesSum = ONE_20; // The initial one in the sum, with 20 decimal places.
            int256 term; // Each term in the sum, where the nth term is (x^n / n!).
    
            // The first term is simply x.
            term = x;
            unchecked {
                seriesSum += term;
    
                // Each term (x^n / n!) equals the previous one times x, divided by n. Since x is a fixed point number,
                // multiplying by it requires dividing by ONE_20, but dividing by the non-fixed point n values does not.
    
                term = ((term * x) / ONE_20) / 2;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 3;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 4;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 5;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 6;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 7;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 8;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 9;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 10;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 11;
                seriesSum += term;
    
                term = ((term * x) / ONE_20) / 12;
                seriesSum += term;
    
                // 12 Taylor terms are sufficient for 18 decimal precision.
    
                // We now have the first a_n (with no decimals), and the product of all other a_n present, and the Taylor
                // approximation of the exponentiation of the remainder (both with 20 decimals). All that remains is to multiply
                // all three (one 20 decimal fixed point multiplication, dividing by ONE_20, and one integer multiplication),
                // and then drop two digits to return an 18 decimal value.
    
                int256 result = (((product * seriesSum) / ONE_20) * firstAN) / 100;
    
                // We avoid using recursion here because zkSync doesn't support it.
                return negativeExponent ? (ONE_18 * ONE_18) / result : result;
            }
        }
    
        /// @dev Logarithm (log(arg, base), with signed 18 decimal fixed point base and argument.
        function log(int256 arg, int256 base) internal pure returns (int256) {
            // This performs a simple base change: log(arg, base) = ln(arg) / ln(base).
    
            // Both logBase and logArg are computed as 36 decimal fixed point numbers, either by using ln_36, or by
            // upscaling.
    
            int256 logBase;
            unchecked {
                if (LN_36_LOWER_BOUND < base && base < LN_36_UPPER_BOUND) {
                    logBase = _ln_36(base);
                } else {
                    logBase = _ln(base) * ONE_18;
                }
            }
    
            int256 logArg;
            unchecked {
                if (LN_36_LOWER_BOUND < arg && arg < LN_36_UPPER_BOUND) {
                    logArg = _ln_36(arg);
                } else {
                    logArg = _ln(arg) * ONE_18;
                }
    
                // When dividing, we multiply by ONE_18 to arrive at a result with 18 decimal places
                return (logArg * ONE_18) / logBase;
            }
        }
    
        /// @dev Natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
        function ln(int256 a) internal pure returns (int256) {
            // The real natural logarithm is not defined for negative numbers or zero.
            if (a <= 0) {
                revert OutOfBounds();
            }
            if (LN_36_LOWER_BOUND < a && a < LN_36_UPPER_BOUND) {
                unchecked {
                    return _ln_36(a) / ONE_18;
                }
            } else {
                return _ln(a);
            }
        }
    
        /// @dev Internal natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
        function _ln(int256 a) private pure returns (int256) {
            // We avoid using recursion here because zkSync doesn't support it.
            bool negativeExponent = false;
    
            if (a < ONE_18) {
                // Since ln(a^k) = k * ln(a), we can compute ln(a) as ln(a) = ln((1/a)^(-1)) = - ln((1/a)). If a is less
                // than one, 1/a will be greater than one, so in this case we compute ln(1/a) and negate the final result.
                unchecked {
                    a = (ONE_18 * ONE_18) / a;
                }
                negativeExponent = true;
            }
    
            // First, we use the fact that ln^(a * b) = ln(a) + ln(b) to decompose ln(a) into a sum of powers of two, which
            // we call x_n, where x_n == 2^(7 - n), which are the natural logarithm of precomputed quantities a_n (that is,
            // ln(a_n) = x_n). We choose the first x_n, x0, to equal 2^7 because the exponential of all larger powers cannot
            // be represented as 18 fixed point decimal numbers in 256 bits, and are therefore larger than a.
            // At the end of this process we will have the sum of all x_n = ln(a_n) that apply, and the remainder of this
            // decomposition, which will be lower than the smallest a_n.
            // ln(a) = k_0 * x_0 + k_1 * x_1 + ... + k_n * x_n + ln(remainder), where each k_n equals either 0 or 1.
            // We mutate a by subtracting a_n, making it the remainder of the decomposition.
    
            // For reasons related to how `exp` works, the first two a_n (e^(2^7) and e^(2^6)) are not stored as fixed point
            // numbers with 18 decimals, but instead as plain integers with 0 decimals, so we need to multiply them by
            // ONE_18 to convert them to fixed point.
            // For each a_n, we test if that term is present in the decomposition (if a is larger than it), and if so divide
            // by it and compute the accumulated sum.
    
            int256 sum = 0;
            unchecked {
                if (a >= a0 * ONE_18) {
                    a /= a0; // Integer, not fixed point division
                    sum += x0;
                }
    
                if (a >= a1 * ONE_18) {
                    a /= a1; // Integer, not fixed point division
                    sum += x1;
                }
    
                // All other a_n and x_n are stored as 20 digit fixed point numbers, so we convert the sum and a to this format.
                sum *= 100;
                a *= 100;
    
                // Because further a_n are  20 digit fixed point numbers, we multiply by ONE_20 when dividing by them.
    
                if (a >= a2) {
                    a = (a * ONE_20) / a2;
                    sum += x2;
                }
    
                if (a >= a3) {
                    a = (a * ONE_20) / a3;
                    sum += x3;
                }
    
                if (a >= a4) {
                    a = (a * ONE_20) / a4;
                    sum += x4;
                }
    
                if (a >= a5) {
                    a = (a * ONE_20) / a5;
                    sum += x5;
                }
    
                if (a >= a6) {
                    a = (a * ONE_20) / a6;
                    sum += x6;
                }
    
                if (a >= a7) {
                    a = (a * ONE_20) / a7;
                    sum += x7;
                }
    
                if (a >= a8) {
                    a = (a * ONE_20) / a8;
                    sum += x8;
                }
    
                if (a >= a9) {
                    a = (a * ONE_20) / a9;
                    sum += x9;
                }
    
                if (a >= a10) {
                    a = (a * ONE_20) / a10;
                    sum += x10;
                }
    
                if (a >= a11) {
                    a = (a * ONE_20) / a11;
                    sum += x11;
                }
            }
    
            // a is now a small number (smaller than a_11, which roughly equals 1.06). This means we can use a Taylor series
            // that converges rapidly for values of `a` close to one - the same one used in ln_36.
            // Let z = (a - 1) / (a + 1).
            // ln(a) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))
    
            // Recall that 20 digit fixed point division requires multiplying by ONE_20, and multiplication requires
            // division by ONE_20.
            unchecked {
                int256 z = ((a - ONE_20) * ONE_20) / (a + ONE_20);
                int256 z_squared = (z * z) / ONE_20;
    
                // num is the numerator of the series: the z^(2 * n + 1) term
                int256 num = z;
    
                // seriesSum holds the accumulated sum of each term in the series, starting with the initial z
                int256 seriesSum = num;
    
                // In each step, the numerator is multiplied by z^2
                num = (num * z_squared) / ONE_20;
                seriesSum += num / 3;
    
                num = (num * z_squared) / ONE_20;
                seriesSum += num / 5;
    
                num = (num * z_squared) / ONE_20;
                seriesSum += num / 7;
    
                num = (num * z_squared) / ONE_20;
                seriesSum += num / 9;
    
                num = (num * z_squared) / ONE_20;
                seriesSum += num / 11;
    
                // 6 Taylor terms are sufficient for 36 decimal precision.
    
                // Finally, we multiply by 2 (non fixed point) to compute ln(remainder)
                seriesSum *= 2;
    
                // We now have the sum of all x_n present, and the Taylor approximation of the logarithm of the remainder (both
                // with 20 decimals). All that remains is to sum these two, and then drop two digits to return a 18 decimal
                // value.
    
                int256 result = (sum + seriesSum) / 100;
    
                // We avoid using recursion here because zkSync doesn't support it.
                return negativeExponent ? -result : result;
            }
        }
    
        /**
         * @dev Internal high precision (36 decimal places) natural logarithm (ln(x)) with signed 18 decimal fixed point argument,
         * for x close to one.
         *
         * Should only be used if x is between LN_36_LOWER_BOUND and LN_36_UPPER_BOUND.
         */
        function _ln_36(int256 x) private pure returns (int256) {
            // Since ln(1) = 0, a value of x close to one will yield a very small result, which makes using 36 digits
            // worthwhile.
    
            // First, we transform x to a 36 digit fixed point value.
            unchecked {
                x *= ONE_18;
    
                // We will use the following Taylor expansion, which converges very rapidly. Let z = (x - 1) / (x + 1).
                // ln(x) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))
    
                // Recall that 36 digit fixed point division requires multiplying by ONE_36, and multiplication requires
                // division by ONE_36.
                int256 z = ((x - ONE_36) * ONE_36) / (x + ONE_36);
                int256 z_squared = (z * z) / ONE_36;
    
                // num is the numerator of the series: the z^(2 * n + 1) term
                int256 num = z;
    
                // seriesSum holds the accumulated sum of each term in the series, starting with the initial z
                int256 seriesSum = num;
    
                // In each step, the numerator is multiplied by z^2
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 3;
    
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 5;
    
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 7;
    
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 9;
    
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 11;
    
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 13;
    
                num = (num * z_squared) / ONE_36;
                seriesSum += num / 15;
    
                // 8 Taylor terms are sufficient for 36 decimal precision.
    
                // All that remains is multiplying by 2 (non fixed point).
                return seriesSum * 2;
            }
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { FixedPoint } from "./FixedPoint.sol";
    
    /**
     * @notice Stable Pool math library based on Curve's `StableSwap`.
     * @dev See https://docs.curve.fi/references/whitepapers/stableswap/
     *
     * For security reasons, to help ensure that for all possible "round trip" paths the caller always receives the same
     * or fewer tokens than supplied, we have used precise math (i.e., '*', '/' vs. FixedPoint) whenever possible, and
     * chosen the rounding direction to favor the protocol elsewhere.
     *
     * `computeInvariant` does not use the rounding direction from `IBasePool`, effectively always rounding down to match
     * the Curve implementation.
     */
    library StableMath {
        using FixedPoint for uint256;
    
        // Some variables have non mixed case names (e.g. P_D) that relate to the mathematical derivations.
        // solhint-disable private-vars-leading-underscore, var-name-mixedcase
    
        /// @notice The iterations to calculate the invariant didn't converge.
        error StableInvariantDidNotConverge();
    
        /// @notice The iterations to calculate the balance didn't converge.
        error StableComputeBalanceDidNotConverge();
    
        // The max token count is limited by the math, and is less than the Vault's maximum.
        uint256 public constant MAX_STABLE_TOKENS = 5;
    
        uint256 internal constant MIN_AMP = 1;
        uint256 internal constant MAX_AMP = 5000;
        uint256 internal constant AMP_PRECISION = 1e3;
    
        // Invariant growth limit: non-proportional add cannot cause the invariant to increase by more than this ratio.
        uint256 internal constant MIN_INVARIANT_RATIO = 60e16; // 60%
        // Invariant shrink limit: non-proportional remove cannot cause the invariant to decrease by less than this ratio.
        uint256 internal constant MAX_INVARIANT_RATIO = 500e16; // 500%
    
        // Note on unchecked arithmetic:
        // This contract performs a large number of additions, subtractions, multiplications and divisions, often inside
        // loops. Since many of these operations are gas-sensitive (as they happen e.g. during a swap), it is important to
        // not make any unnecessary checks. We rely on a set of invariants to avoid having to use checked arithmetic,
        // including:
        //  - the amplification parameter is bounded by MAX_AMP * AMP_PRECISION, which fits in 23 bits
        //
        // This means e.g. we can safely multiply a balance by the amplification parameter without worrying about overflow.
    
        // About swap fees on add and remove liquidity:
        // Any add or remove that is not perfectly balanced (e.g. all single token operations) is mathematically
        // equivalent to a perfectly balanced add or remove followed by a series of swaps. Since these swaps would charge
        // swap fees, it follows that unbalanced adds and removes should as well.
        //
        // On these operations, we split the token amounts in 'taxable' and 'non-taxable' portions, where the 'taxable' part
        // is the one to which swap fees are applied.
    
        // See: https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L206
        // solhint-disable-previous-line max-line-length
    
        /**
         * @notice Computes the invariant given the current balances.
         * @dev It uses the Newton-Raphson approximation. The amplification parameter is given by: A n^(n-1).
         * There is no closed-form solution, so the calculation is iterative and may revert.
         *
         * @param amplificationParameter The current amplification parameter
         * @param balances The current balances
         * @return invariant The calculated invariant of the pool
         */
        function computeInvariant(
            uint256 amplificationParameter,
            uint256[] memory balances
        ) internal pure returns (uint256) {
            /**********************************************************************************************
            // invariant                                                                                 //
            // D = invariant                                                  D^(n+1)                    //
            // A = amplification coefficient      A  n^n S + D = A D n^n + -----------                   //
            // S = sum of balances                                             n^n P                     //
            // P = product of balances                                                                   //
            // n = number of tokens                                                                      //
            **********************************************************************************************/
    
            uint256 sum = 0; // S in the Curve version
            uint256 numTokens = balances.length;
            for (uint256 i = 0; i < numTokens; ++i) {
                sum = sum + balances[i];
            }
            if (sum == 0) {
                return 0;
            }
    
            uint256 prevInvariant; // Dprev in the Curve version
            uint256 invariant = sum; // D in the Curve version
            uint256 ampTimesTotal = amplificationParameter * numTokens; // Ann in the Curve version
    
            for (uint256 i = 0; i < 255; ++i) {
                uint256 D_P = invariant;
                for (uint256 j = 0; j < numTokens; ++j) {
                    D_P = (D_P * invariant) / (balances[j] * numTokens);
                }
    
                prevInvariant = invariant;
    
                invariant =
                    ((((ampTimesTotal * sum) / AMP_PRECISION) + (D_P * numTokens)) * invariant) /
                    ((((ampTimesTotal - AMP_PRECISION) * invariant) / AMP_PRECISION) + ((numTokens + 1) * D_P));
    
                unchecked {
                    // We are explicitly checking the magnitudes here, so can use unchecked math.
                    if (invariant > prevInvariant) {
                        if (invariant - prevInvariant <= 1) {
                            return invariant;
                        }
                    } else if (prevInvariant - invariant <= 1) {
                        return invariant;
                    }
                }
            }
    
            revert StableInvariantDidNotConverge();
        }
    
        /**
         * @notice Computes the required `amountOut` of tokenOut, for `tokenAmountIn` of tokenIn.
         * @dev The calculation uses the Newton-Raphson approximation. The amplification parameter is given by: A n^(n-1).
         * @param amplificationParameter The current amplification factor
         * @param balances The current pool balances
         * @param tokenIndexIn The index of tokenIn
         * @param tokenIndexOut The index of tokenOut
         * @param tokenAmountIn The exact amount of tokenIn specified for the swap
         * @param invariant The current invariant
         * @return amountOut The calculated amount of tokenOut required for the swap
         */
        function computeOutGivenExactIn(
            uint256 amplificationParameter,
            uint256[] memory balances,
            uint256 tokenIndexIn,
            uint256 tokenIndexOut,
            uint256 tokenAmountIn,
            uint256 invariant
        ) internal pure returns (uint256) {
            /**************************************************************************************************************
            // outGivenExactIn token x for y - polynomial equation to solve                                              //
            // ay = amount out to calculate                                                                              //
            // by = balance token out                                                                                    //
            // y = by - ay (finalBalanceOut)                                                                             //
            // D = invariant                                               D                     D^(n+1)                 //
            // A = amplification coefficient               y^2 + ( S + ----------  - D) * y -  ------------- = 0         //
            // n = number of tokens                                    (A * n^n)               A * n^2n * P              //
            // S = sum of final balances but y                                                                           //
            // P = product of final balances but y                                                                       //
            **************************************************************************************************************/
    
            balances[tokenIndexIn] += tokenAmountIn;
    
            // `computeBalance` rounds up.
            uint256 finalBalanceOut = computeBalance(amplificationParameter, balances, invariant, tokenIndexOut);
    
            // No need to use checked arithmetic since `tokenAmountIn` was actually added to the same balance right before
            // calling `computeBalance`, which doesn't alter the balances array.
            unchecked {
                balances[tokenIndexIn] -= tokenAmountIn;
            }
    
            // Amount out, so we round down overall.
            return balances[tokenIndexOut] - finalBalanceOut - 1;
        }
    
        /**
         * @notice Computes the required `amountIn` of tokenIn, for `tokenAmountOut` of tokenOut.
         * @dev The calculation uses the Newton-Raphson approximation. The amplification parameter is given by: A n^(n-1).
         * @param amplificationParameter The current amplification factor
         * @param balances The current pool balances
         * @param tokenIndexIn The index of tokenIn
         * @param tokenIndexOut The index of tokenOut
         * @param tokenAmountOut The exact amount of tokenOut specified for the swap
         * @param invariant The current invariant
         * @return amountIn The calculated amount of tokenIn required for the swap
         */
        function computeInGivenExactOut(
            uint256 amplificationParameter,
            uint256[] memory balances,
            uint256 tokenIndexIn,
            uint256 tokenIndexOut,
            uint256 tokenAmountOut,
            uint256 invariant
        ) internal pure returns (uint256) {
            /**************************************************************************************************************
            // inGivenExactOut token x for y - polynomial equation to solve                                              //
            // ax = amount in to calculate                                                                               //
            // bx = balance token in                                                                                     //
            // x = bx + ax (finalBalanceIn)                                                                              //
            // D = invariant                                                D                     D^(n+1)                //
            // A = amplification coefficient               x^2 + ( S + ----------  - D) * x -  ------------- = 0         //
            // n = number of tokens                                     (A * n^n)               A * n^2n * P             //
            // S = sum of final balances but x                                                                           //
            // P = product of final balances but x                                                                       //
            **************************************************************************************************************/
    
            balances[tokenIndexOut] -= tokenAmountOut;
    
            // `computeBalance` rounds up.
            uint256 finalBalanceIn = computeBalance(amplificationParameter, balances, invariant, tokenIndexIn);
    
            // No need to use checked arithmetic since `tokenAmountOut` was actually subtracted from the same balance right
            // before calling `computeBalance`, which doesn't alter the balances array.
            unchecked {
                balances[tokenIndexOut] += tokenAmountOut;
            }
    
            // Amount in, so we round up overall.
            return finalBalanceIn - balances[tokenIndexIn] + 1;
        }
    
        /**
         * @notice Calculate the balance of a given token (at tokenIndex), given all other balances and the invariant.
         * @dev Rounds result up overall. There is no closed-form solution, so the calculation is iterative and may revert.
         * @param amplificationParameter The current amplification factor
         * @param balances The current pool balances
         * @param invariant The current invariant
         * @param tokenIndex The index of the token balance we are calculating
         * @return tokenBalance The adjusted balance of the token at `tokenIn` that matches the given invariant
         */
        function computeBalance(
            uint256 amplificationParameter,
            uint256[] memory balances,
            uint256 invariant,
            uint256 tokenIndex
        ) internal pure returns (uint256) {
            uint256 numTokens = balances.length;
            uint256 ampTimesTotal = amplificationParameter * numTokens;
            uint256 sum = balances[0];
            uint256 P_D = balances[0] * numTokens;
            for (uint256 j = 1; j < numTokens; ++j) {
                P_D = (P_D * balances[j] * numTokens) / invariant;
                sum = sum + balances[j];
            }
            sum = sum - balances[tokenIndex];
    
            // Use divUpRaw with inv2, as it is a "raw" 36 decimal value.
            uint256 inv2 = invariant * invariant;
            // We remove the balance from c by multiplying it.
            uint256 c = (inv2 * AMP_PRECISION).divUpRaw(ampTimesTotal * P_D) * balances[tokenIndex];
            uint256 b = sum + ((invariant * AMP_PRECISION) / ampTimesTotal);
            // We iterate to find the balance.
            uint256 prevTokenBalance = 0;
            // We multiply the first iteration outside the loop with the invariant to set the value of the
            // initial approximation.
            uint256 tokenBalance = (inv2 + c).divUpRaw(invariant + b);
    
            for (uint256 i = 0; i < 255; ++i) {
                prevTokenBalance = tokenBalance;
    
                // Use divUpRaw with tokenBalance, as it is a "raw" 36 decimal value.
                tokenBalance = ((tokenBalance * tokenBalance) + c).divUpRaw((tokenBalance * 2) + b - invariant);
    
                // We are explicitly checking the magnitudes here, so can use unchecked math.
                unchecked {
                    if (tokenBalance > prevTokenBalance) {
                        if (tokenBalance - prevTokenBalance <= 1) {
                            return tokenBalance;
                        }
                    } else if (prevTokenBalance - tokenBalance <= 1) {
                        return tokenBalance;
                    }
                }
            }
    
            revert StableComputeBalanceDidNotConverge();
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IERC20Metadata } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
    import { IERC20Permit } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol";
    import { ERC165 } from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
    import { EIP712 } from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
    import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
    import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
    import { Nonces } from "@openzeppelin/contracts/utils/Nonces.sol";
    
    import { IRateProvider } from "@balancer-labs/v3-interfaces/contracts/solidity-utils/helpers/IRateProvider.sol";
    import { IVault } from "@balancer-labs/v3-interfaces/contracts/vault/IVault.sol";
    
    import { VaultGuard } from "./VaultGuard.sol";
    
    /**
     * @notice `BalancerPoolToken` is a fully ERC20-compatible token to be used as the base contract for Balancer Pools,
     * with all the data and implementation delegated to the ERC20Multitoken contract.
    
     * @dev Implementation of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in
     * https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].
     */
    contract BalancerPoolToken is IERC20, IERC20Metadata, IERC20Permit, IRateProvider, EIP712, Nonces, ERC165, VaultGuard {
        bytes32 public constant PERMIT_TYPEHASH =
            keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
    
        /**
         * @notice Operation failed due to an expired permit signature.
         * @param deadline The permit deadline that expired
         */
        error ERC2612ExpiredSignature(uint256 deadline);
    
        /**
         * @notice Operation failed due to a non-matching signature.
         * @param signer The address corresponding to the signature provider
         * @param owner The address of the owner (expected value of the signature provider)
         */
        error ERC2612InvalidSigner(address signer, address owner);
    
        // EIP712 also defines _name.
        string private _bptName;
        string private _bptSymbol;
    
        constructor(IVault vault_, string memory bptName, string memory bptSymbol) EIP712(bptName, "1") VaultGuard(vault_) {
            _bptName = bptName;
            _bptSymbol = bptSymbol;
        }
    
        /// @inheritdoc IERC20Metadata
        function name() external view returns (string memory) {
            return _bptName;
        }
    
        /// @inheritdoc IERC20Metadata
        function symbol() external view returns (string memory) {
            return _bptSymbol;
        }
    
        /// @inheritdoc IERC20Metadata
        function decimals() external pure returns (uint8) {
            // Always 18 decimals for BPT.
            return 18;
        }
    
        /// @inheritdoc IERC20
        function totalSupply() public view returns (uint256) {
            return _vault.totalSupply(address(this));
        }
    
        function getVault() public view returns (IVault) {
            return _vault;
        }
    
        /// @inheritdoc IERC20
        function balanceOf(address account) external view returns (uint256) {
            return _vault.balanceOf(address(this), account);
        }
    
        /// @inheritdoc IERC20
        function transfer(address to, uint256 amount) external returns (bool) {
            // Vault will perform the transfer and call emitTransfer to emit the event from this contract.
            _vault.transfer(msg.sender, to, amount);
            return true;
        }
    
        /// @inheritdoc IERC20
        function allowance(address owner, address spender) external view returns (uint256) {
            return _vault.allowance(address(this), owner, spender);
        }
    
        /// @inheritdoc IERC20
        function approve(address spender, uint256 amount) external returns (bool) {
            // Vault will perform the approval and call emitApproval to emit the event from this contract.
            _vault.approve(msg.sender, spender, amount);
            return true;
        }
    
        /// @inheritdoc IERC20
        function transferFrom(address from, address to, uint256 amount) external returns (bool) {
            // Vault will perform the transfer and call emitTransfer to emit the event from this contract.
            _vault.transferFrom(msg.sender, from, to, amount);
            return true;
        }
    
        /**
         * Accounting is centralized in the MultiToken contract, and the actual transfers and approvals are done there.
         * Operations can be initiated from either the token contract or the MultiToken.
         *
         * To maintain compliance with the ERC-20 standard, and conform to the expectations of off-chain processes,
         * the MultiToken calls `emitTransfer` and `emitApproval` during those operations, so that the event is emitted
         * only from the token contract. These events are NOT defined in the MultiToken contract.
         */
    
        /// @dev Emit the Transfer event. This function can only be called by the MultiToken.
        function emitTransfer(address from, address to, uint256 amount) external onlyVault {
            emit Transfer(from, to, amount);
        }
    
        /// @dev Emit the Approval event. This function can only be called by the MultiToken.
        function emitApproval(address owner, address spender, uint256 amount) external onlyVault {
            emit Approval(owner, spender, amount);
        }
    
        // @inheritdoc IERC20Permit
        function permit(
            address owner,
            address spender,
            uint256 amount,
            uint256 deadline,
            uint8 v,
            bytes32 r,
            bytes32 s
        ) public virtual {
            // solhint-disable-next-line not-rely-on-time
            if (block.timestamp > deadline) {
                revert ERC2612ExpiredSignature(deadline);
            }
    
            bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, amount, _useNonce(owner), deadline));
    
            bytes32 hash = _hashTypedDataV4(structHash);
    
            address signer = ECDSA.recover(hash, v, r, s);
            if (signer != owner) {
                revert ERC2612InvalidSigner(signer, owner);
            }
    
            _vault.approve(owner, spender, amount);
        }
    
        // @inheritdoc IERC20Permit
        function nonces(address owner) public view virtual override(IERC20Permit, Nonces) returns (uint256) {
            return super.nonces(owner);
        }
    
        /// @notice Increment the sender's nonce to revoke any currently granted (but not yet executed) `permit`.
        function incrementNonce() external {
            _useNonce(msg.sender);
        }
    
        // @inheritdoc IERC20Permit
        // solhint-disable-next-line func-name-mixedcase
        function DOMAIN_SEPARATOR() external view virtual returns (bytes32) {
            return _domainSeparatorV4();
        }
    
        /**
         * @notice Get the BPT rate, which is defined as: pool invariant/total supply.
         * @dev The VaultExtension contract defines a default implementation (`getBptRate`) to calculate the rate
         * of any given pool, which should be sufficient in nearly all cases.
         *
         * @return rate Rate of the pool's BPT
         */
        function getRate() public view virtual returns (uint256) {
            return getVault().getBptRate(address(this));
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { IVaultErrors } from "@balancer-labs/v3-interfaces/contracts/vault/IVaultErrors.sol";
    import { IVault } from "@balancer-labs/v3-interfaces/contracts/vault/IVault.sol";
    
    /// @notice Contract that shares the modifier `onlyVault`.
    contract VaultGuard {
        IVault internal immutable _vault;
    
        constructor(IVault vault) {
            _vault = vault;
        }
    
        modifier onlyVault() {
            _ensureOnlyVault();
            _;
        }
    
        function _ensureOnlyVault() private view {
            if (msg.sender != address(_vault)) {
                revert IVaultErrors.SenderIsNotVault(msg.sender);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4626.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC20} from "../token/ERC20/IERC20.sol";
    import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol";
    
    /**
     * @dev Interface of the ERC4626 "Tokenized Vault Standard", as defined in
     * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
     */
    interface IERC4626 is IERC20, IERC20Metadata {
        event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);
    
        event Withdraw(
            address indexed sender,
            address indexed receiver,
            address indexed owner,
            uint256 assets,
            uint256 shares
        );
    
        /**
         * @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing.
         *
         * - MUST be an ERC-20 token contract.
         * - MUST NOT revert.
         */
        function asset() external view returns (address assetTokenAddress);
    
        /**
         * @dev Returns the total amount of the underlying asset that is “managed” by Vault.
         *
         * - SHOULD include any compounding that occurs from yield.
         * - MUST be inclusive of any fees that are charged against assets in the Vault.
         * - MUST NOT revert.
         */
        function totalAssets() external view returns (uint256 totalManagedAssets);
    
        /**
         * @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal
         * scenario where all the conditions are met.
         *
         * - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
         * - MUST NOT show any variations depending on the caller.
         * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
         * - MUST NOT revert.
         *
         * NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
         * “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
         * from.
         */
        function convertToShares(uint256 assets) external view returns (uint256 shares);
    
        /**
         * @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal
         * scenario where all the conditions are met.
         *
         * - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
         * - MUST NOT show any variations depending on the caller.
         * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
         * - MUST NOT revert.
         *
         * NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
         * “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
         * from.
         */
        function convertToAssets(uint256 shares) external view returns (uint256 assets);
    
        /**
         * @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver,
         * through a deposit call.
         *
         * - MUST return a limited value if receiver is subject to some deposit limit.
         * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited.
         * - MUST NOT revert.
         */
        function maxDeposit(address receiver) external view returns (uint256 maxAssets);
    
        /**
         * @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given
         * current on-chain conditions.
         *
         * - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit
         *   call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called
         *   in the same transaction.
         * - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the
         *   deposit would be accepted, regardless if the user has enough tokens approved, etc.
         * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
         * - MUST NOT revert.
         *
         * NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in
         * share price or some other type of condition, meaning the depositor will lose assets by depositing.
         */
        function previewDeposit(uint256 assets) external view returns (uint256 shares);
    
        /**
         * @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens.
         *
         * - MUST emit the Deposit event.
         * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
         *   deposit execution, and are accounted for during deposit.
         * - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not
         *   approving enough underlying tokens to the Vault contract, etc).
         *
         * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
         */
        function deposit(uint256 assets, address receiver) external returns (uint256 shares);
    
        /**
         * @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call.
         * - MUST return a limited value if receiver is subject to some mint limit.
         * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted.
         * - MUST NOT revert.
         */
        function maxMint(address receiver) external view returns (uint256 maxShares);
    
        /**
         * @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given
         * current on-chain conditions.
         *
         * - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call
         *   in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the
         *   same transaction.
         * - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint
         *   would be accepted, regardless if the user has enough tokens approved, etc.
         * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
         * - MUST NOT revert.
         *
         * NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in
         * share price or some other type of condition, meaning the depositor will lose assets by minting.
         */
        function previewMint(uint256 shares) external view returns (uint256 assets);
    
        /**
         * @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens.
         *
         * - MUST emit the Deposit event.
         * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint
         *   execution, and are accounted for during mint.
         * - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not
         *   approving enough underlying tokens to the Vault contract, etc).
         *
         * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
         */
        function mint(uint256 shares, address receiver) external returns (uint256 assets);
    
        /**
         * @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the
         * Vault, through a withdraw call.
         *
         * - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
         * - MUST NOT revert.
         */
        function maxWithdraw(address owner) external view returns (uint256 maxAssets);
    
        /**
         * @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block,
         * given current on-chain conditions.
         *
         * - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw
         *   call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if
         *   called
         *   in the same transaction.
         * - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though
         *   the withdrawal would be accepted, regardless if the user has enough shares, etc.
         * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
         * - MUST NOT revert.
         *
         * NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in
         * share price or some other type of condition, meaning the depositor will lose assets by depositing.
         */
        function previewWithdraw(uint256 assets) external view returns (uint256 shares);
    
        /**
         * @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver.
         *
         * - MUST emit the Withdraw event.
         * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
         *   withdraw execution, and are accounted for during withdraw.
         * - MUST revert if all of assets cannot be withdrawn (due to withdrawal limit being reached, slippage, the owner
         *   not having enough shares, etc).
         *
         * Note that some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
         * Those methods should be performed separately.
         */
        function withdraw(uint256 assets, address receiver, address owner) external returns (uint256 shares);
    
        /**
         * @dev Returns the maximum amount of Vault shares that can be redeemed from the owner balance in the Vault,
         * through a redeem call.
         *
         * - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
         * - MUST return balanceOf(owner) if owner is not subject to any withdrawal limit or timelock.
         * - MUST NOT revert.
         */
        function maxRedeem(address owner) external view returns (uint256 maxShares);
    
        /**
         * @dev Allows an on-chain or off-chain user to simulate the effects of their redeemption at the current block,
         * given current on-chain conditions.
         *
         * - MUST return as close to and no more than the exact amount of assets that would be withdrawn in a redeem call
         *   in the same transaction. I.e. redeem should return the same or more assets as previewRedeem if called in the
         *   same transaction.
         * - MUST NOT account for redemption limits like those returned from maxRedeem and should always act as though the
         *   redemption would be accepted, regardless if the user has enough shares, etc.
         * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
         * - MUST NOT revert.
         *
         * NOTE: any unfavorable discrepancy between convertToAssets and previewRedeem SHOULD be considered slippage in
         * share price or some other type of condition, meaning the depositor will lose assets by redeeming.
         */
        function previewRedeem(uint256 shares) external view returns (uint256 assets);
    
        /**
         * @dev Burns exactly shares from owner and sends assets of underlying tokens to receiver.
         *
         * - MUST emit the Withdraw event.
         * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
         *   redeem execution, and are accounted for during redeem.
         * - MUST revert if all of shares cannot be redeemed (due to withdrawal limit being reached, slippage, the owner
         *   not having enough shares, etc).
         *
         * NOTE: some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
         * Those methods should be performed separately.
         */
        function redeem(uint256 shares, address receiver, address owner) external returns (uint256 assets);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5267.sol)
    
    pragma solidity ^0.8.20;
    
    interface IERC5267 {
        /**
         * @dev MAY be emitted to signal that the domain could have changed.
         */
        event EIP712DomainChanged();
    
        /**
         * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
         * signature.
         */
        function eip712Domain()
            external
            view
            returns (
                bytes1 fields,
                string memory name,
                string memory version,
                uint256 chainId,
                address verifyingContract,
                bytes32 salt,
                uint256[] memory extensions
            );
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC20} from "../IERC20.sol";
    
    /**
     * @dev Interface for the optional metadata functions from the ERC20 standard.
     */
    interface IERC20Metadata is IERC20 {
        /**
         * @dev Returns the name of the token.
         */
        function name() external view returns (string memory);
    
        /**
         * @dev Returns the symbol of the token.
         */
        function symbol() external view returns (string memory);
    
        /**
         * @dev Returns the decimals places of the token.
         */
        function decimals() external view returns (uint8);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
     * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
     *
     * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
     * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
     * need to send a transaction, and thus is not required to hold Ether at all.
     *
     * ==== Security Considerations
     *
     * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
     * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
     * considered as an intention to spend the allowance in any specific way. The second is that because permits have
     * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
     * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
     * generally recommended is:
     *
     * ```solidity
     * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
     *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
     *     doThing(..., value);
     * }
     *
     * function doThing(..., uint256 value) public {
     *     token.safeTransferFrom(msg.sender, address(this), value);
     *     ...
     * }
     * ```
     *
     * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
     * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
     * {SafeERC20-safeTransferFrom}).
     *
     * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
     * contracts should have entry points that don't rely on permit.
     */
    interface IERC20Permit {
        /**
         * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
         * given ``owner``'s signed approval.
         *
         * IMPORTANT: The same issues {IERC20-approve} has related to transaction
         * ordering also apply here.
         *
         * Emits an {Approval} event.
         *
         * Requirements:
         *
         * - `spender` cannot be the zero address.
         * - `deadline` must be a timestamp in the future.
         * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
         * over the EIP712-formatted function arguments.
         * - the signature must use ``owner``'s current nonce (see {nonces}).
         *
         * For more information on the signature format, see the
         * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
         * section].
         *
         * CAUTION: See Security Considerations above.
         */
        function permit(
            address owner,
            address spender,
            uint256 value,
            uint256 deadline,
            uint8 v,
            bytes32 r,
            bytes32 s
        ) external;
    
        /**
         * @dev Returns the current nonce for `owner`. This value must be
         * included whenever a signature is generated for {permit}.
         *
         * Every successful call to {permit} increases ``owner``'s nonce by one. This
         * prevents a signature from being used multiple times.
         */
        function nonces(address owner) external view returns (uint256);
    
        /**
         * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
         */
        // solhint-disable-next-line func-name-mixedcase
        function DOMAIN_SEPARATOR() external view returns (bytes32);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Interface of the ERC20 standard as defined in the EIP.
     */
    interface IERC20 {
        /**
         * @dev Emitted when `value` tokens are moved from one account (`from`) to
         * another (`to`).
         *
         * Note that `value` may be zero.
         */
        event Transfer(address indexed from, address indexed to, uint256 value);
    
        /**
         * @dev Emitted when the allowance of a `spender` for an `owner` is set by
         * a call to {approve}. `value` is the new allowance.
         */
        event Approval(address indexed owner, address indexed spender, uint256 value);
    
        /**
         * @dev Returns the value of tokens in existence.
         */
        function totalSupply() external view returns (uint256);
    
        /**
         * @dev Returns the value of tokens owned by `account`.
         */
        function balanceOf(address account) external view returns (uint256);
    
        /**
         * @dev Moves a `value` amount of tokens from the caller's account to `to`.
         *
         * Returns a boolean value indicating whether the operation succeeded.
         *
         * Emits a {Transfer} event.
         */
        function transfer(address to, uint256 value) external returns (bool);
    
        /**
         * @dev Returns the remaining number of tokens that `spender` will be
         * allowed to spend on behalf of `owner` through {transferFrom}. This is
         * zero by default.
         *
         * This value changes when {approve} or {transferFrom} are called.
         */
        function allowance(address owner, address spender) external view returns (uint256);
    
        /**
         * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
         * caller's tokens.
         *
         * Returns a boolean value indicating whether the operation succeeded.
         *
         * IMPORTANT: Beware that changing an allowance with this method brings the risk
         * that someone may use both the old and the new allowance by unfortunate
         * transaction ordering. One possible solution to mitigate this race
         * condition is to first reduce the spender's allowance to 0 and set the
         * desired value afterwards:
         * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
         *
         * Emits an {Approval} event.
         */
        function approve(address spender, uint256 value) external returns (bool);
    
        /**
         * @dev Moves a `value` amount of tokens from `from` to `to` using the
         * allowance mechanism. `value` is then deducted from the caller's
         * allowance.
         *
         * Returns a boolean value indicating whether the operation succeeded.
         *
         * Emits a {Transfer} event.
         */
        function transferFrom(address from, address to, uint256 value) external returns (bool);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/ECDSA.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
     *
     * These functions can be used to verify that a message was signed by the holder
     * of the private keys of a given address.
     */
    library ECDSA {
        enum RecoverError {
            NoError,
            InvalidSignature,
            InvalidSignatureLength,
            InvalidSignatureS
        }
    
        /**
         * @dev The signature derives the `address(0)`.
         */
        error ECDSAInvalidSignature();
    
        /**
         * @dev The signature has an invalid length.
         */
        error ECDSAInvalidSignatureLength(uint256 length);
    
        /**
         * @dev The signature has an S value that is in the upper half order.
         */
        error ECDSAInvalidSignatureS(bytes32 s);
    
        /**
         * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
         * return address(0) without also returning an error description. Errors are documented using an enum (error type)
         * and a bytes32 providing additional information about the error.
         *
         * If no error is returned, then the address can be used for verification purposes.
         *
         * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
         * this function rejects them by requiring the `s` value to be in the lower
         * half order, and the `v` value to be either 27 or 28.
         *
         * IMPORTANT: `hash` _must_ be the result of a hash operation for the
         * verification to be secure: it is possible to craft signatures that
         * recover to arbitrary addresses for non-hashed data. A safe way to ensure
         * this is by receiving a hash of the original message (which may otherwise
         * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
         *
         * Documentation for signature generation:
         * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
         * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
         */
        function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError, bytes32) {
            if (signature.length == 65) {
                bytes32 r;
                bytes32 s;
                uint8 v;
                // ecrecover takes the signature parameters, and the only way to get them
                // currently is to use assembly.
                /// @solidity memory-safe-assembly
                assembly {
                    r := mload(add(signature, 0x20))
                    s := mload(add(signature, 0x40))
                    v := byte(0, mload(add(signature, 0x60)))
                }
                return tryRecover(hash, v, r, s);
            } else {
                return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
            }
        }
    
        /**
         * @dev Returns the address that signed a hashed message (`hash`) with
         * `signature`. This address can then be used for verification purposes.
         *
         * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
         * this function rejects them by requiring the `s` value to be in the lower
         * half order, and the `v` value to be either 27 or 28.
         *
         * IMPORTANT: `hash` _must_ be the result of a hash operation for the
         * verification to be secure: it is possible to craft signatures that
         * recover to arbitrary addresses for non-hashed data. A safe way to ensure
         * this is by receiving a hash of the original message (which may otherwise
         * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
         */
        function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
            (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
            _throwError(error, errorArg);
            return recovered;
        }
    
        /**
         * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
         *
         * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
         */
        function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError, bytes32) {
            unchecked {
                bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
                // We do not check for an overflow here since the shift operation results in 0 or 1.
                uint8 v = uint8((uint256(vs) >> 255) + 27);
                return tryRecover(hash, v, r, s);
            }
        }
    
        /**
         * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
         */
        function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
            (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
            _throwError(error, errorArg);
            return recovered;
        }
    
        /**
         * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
         * `r` and `s` signature fields separately.
         */
        function tryRecover(
            bytes32 hash,
            uint8 v,
            bytes32 r,
            bytes32 s
        ) internal pure returns (address, RecoverError, bytes32) {
            // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
            // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
            // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
            // signatures from current libraries generate a unique signature with an s-value in the lower half order.
            //
            // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
            // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
            // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
            // these malleable signatures as well.
            if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
                return (address(0), RecoverError.InvalidSignatureS, s);
            }
    
            // If the signature is valid (and not malleable), return the signer address
            address signer = ecrecover(hash, v, r, s);
            if (signer == address(0)) {
                return (address(0), RecoverError.InvalidSignature, bytes32(0));
            }
    
            return (signer, RecoverError.NoError, bytes32(0));
        }
    
        /**
         * @dev Overload of {ECDSA-recover} that receives the `v`,
         * `r` and `s` signature fields separately.
         */
        function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
            (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
            _throwError(error, errorArg);
            return recovered;
        }
    
        /**
         * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
         */
        function _throwError(RecoverError error, bytes32 errorArg) private pure {
            if (error == RecoverError.NoError) {
                return; // no error: do nothing
            } else if (error == RecoverError.InvalidSignature) {
                revert ECDSAInvalidSignature();
            } else if (error == RecoverError.InvalidSignatureLength) {
                revert ECDSAInvalidSignatureLength(uint256(errorArg));
            } else if (error == RecoverError.InvalidSignatureS) {
                revert ECDSAInvalidSignatureS(errorArg);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/EIP712.sol)
    
    pragma solidity ^0.8.20;
    
    import {MessageHashUtils} from "./MessageHashUtils.sol";
    import {ShortStrings, ShortString} from "../ShortStrings.sol";
    import {IERC5267} from "../../interfaces/IERC5267.sol";
    
    /**
     * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
     *
     * The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose
     * encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract
     * does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to
     * produce the hash of their typed data using a combination of `abi.encode` and `keccak256`.
     *
     * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
     * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
     * ({_hashTypedDataV4}).
     *
     * The implementation of the domain separator was designed to be as efficient as possible while still properly updating
     * the chain id to protect against replay attacks on an eventual fork of the chain.
     *
     * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
     * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
     *
     * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
     * separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the
     * separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
     *
     * @custom:oz-upgrades-unsafe-allow state-variable-immutable
     */
    abstract contract EIP712 is IERC5267 {
        using ShortStrings for *;
    
        bytes32 private constant TYPE_HASH =
            keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
    
        // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
        // invalidate the cached domain separator if the chain id changes.
        bytes32 private immutable _cachedDomainSeparator;
        uint256 private immutable _cachedChainId;
        address private immutable _cachedThis;
    
        bytes32 private immutable _hashedName;
        bytes32 private immutable _hashedVersion;
    
        ShortString private immutable _name;
        ShortString private immutable _version;
        string private _nameFallback;
        string private _versionFallback;
    
        /**
         * @dev Initializes the domain separator and parameter caches.
         *
         * The meaning of `name` and `version` is specified in
         * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
         *
         * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
         * - `version`: the current major version of the signing domain.
         *
         * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
         * contract upgrade].
         */
        constructor(string memory name, string memory version) {
            _name = name.toShortStringWithFallback(_nameFallback);
            _version = version.toShortStringWithFallback(_versionFallback);
            _hashedName = keccak256(bytes(name));
            _hashedVersion = keccak256(bytes(version));
    
            _cachedChainId = block.chainid;
            _cachedDomainSeparator = _buildDomainSeparator();
            _cachedThis = address(this);
        }
    
        /**
         * @dev Returns the domain separator for the current chain.
         */
        function _domainSeparatorV4() internal view returns (bytes32) {
            if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
                return _cachedDomainSeparator;
            } else {
                return _buildDomainSeparator();
            }
        }
    
        function _buildDomainSeparator() private view returns (bytes32) {
            return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
        }
    
        /**
         * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
         * function returns the hash of the fully encoded EIP712 message for this domain.
         *
         * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
         *
         * ```solidity
         * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
         *     keccak256("Mail(address to,string contents)"),
         *     mailTo,
         *     keccak256(bytes(mailContents))
         * )));
         * address signer = ECDSA.recover(digest, signature);
         * ```
         */
        function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
            return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash);
        }
    
        /**
         * @dev See {IERC-5267}.
         */
        function eip712Domain()
            public
            view
            virtual
            returns (
                bytes1 fields,
                string memory name,
                string memory version,
                uint256 chainId,
                address verifyingContract,
                bytes32 salt,
                uint256[] memory extensions
            )
        {
            return (
                hex"0f", // 01111
                _EIP712Name(),
                _EIP712Version(),
                block.chainid,
                address(this),
                bytes32(0),
                new uint256[](0)
            );
        }
    
        /**
         * @dev The name parameter for the EIP712 domain.
         *
         * NOTE: By default this function reads _name which is an immutable value.
         * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).
         */
        // solhint-disable-next-line func-name-mixedcase
        function _EIP712Name() internal view returns (string memory) {
            return _name.toStringWithFallback(_nameFallback);
        }
    
        /**
         * @dev The version parameter for the EIP712 domain.
         *
         * NOTE: By default this function reads _version which is an immutable value.
         * It only reads from storage if necessary (in case the value is too large to fit in a ShortString).
         */
        // solhint-disable-next-line func-name-mixedcase
        function _EIP712Version() internal view returns (string memory) {
            return _version.toStringWithFallback(_versionFallback);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/cryptography/MessageHashUtils.sol)
    
    pragma solidity ^0.8.20;
    
    import {Strings} from "../Strings.sol";
    
    /**
     * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
     *
     * The library provides methods for generating a hash of a message that conforms to the
     * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
     * specifications.
     */
    library MessageHashUtils {
        /**
         * @dev Returns the keccak256 digest of an EIP-191 signed data with version
         * `0x45` (`personal_sign` messages).
         *
         * The digest is calculated by prefixing a bytes32 `messageHash` with
         * `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the
         * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
         *
         * NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
         * keccak256, although any bytes32 value can be safely used because the final digest will
         * be re-hashed.
         *
         * See {ECDSA-recover}.
         */
        function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
            /// @solidity memory-safe-assembly
            assembly {
                mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash
                mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
                digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
            }
        }
    
        /**
         * @dev Returns the keccak256 digest of an EIP-191 signed data with version
         * `0x45` (`personal_sign` messages).
         *
         * The digest is calculated by prefixing an arbitrary `message` with
         * `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the
         * hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
         *
         * See {ECDSA-recover}.
         */
        function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
            return
                keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message));
        }
    
        /**
         * @dev Returns the keccak256 digest of an EIP-191 signed data with version
         * `0x00` (data with intended validator).
         *
         * The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended
         * `validator` address. Then hashing the result.
         *
         * See {ECDSA-recover}.
         */
        function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
            return keccak256(abi.encodePacked(hex"19_00", validator, data));
        }
    
        /**
         * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
         *
         * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
         * `\x19\x01` and hashing the result. It corresponds to the hash signed by the
         * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
         *
         * See {ECDSA-recover}.
         */
        function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
            /// @solidity memory-safe-assembly
            assembly {
                let ptr := mload(0x40)
                mstore(ptr, hex"19_01")
                mstore(add(ptr, 0x02), domainSeparator)
                mstore(add(ptr, 0x22), structHash)
                digest := keccak256(ptr, 0x42)
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC165} from "./IERC165.sol";
    
    /**
     * @dev Implementation of the {IERC165} interface.
     *
     * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
     * for the additional interface id that will be supported. For example:
     *
     * ```solidity
     * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
     *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
     * }
     * ```
     */
    abstract contract ERC165 is IERC165 {
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
            return interfaceId == type(IERC165).interfaceId;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Interface of the ERC165 standard, as defined in the
     * https://eips.ethereum.org/EIPS/eip-165[EIP].
     *
     * Implementers can declare support of contract interfaces, which can then be
     * queried by others ({ERC165Checker}).
     *
     * For an implementation, see {ERC165}.
     */
    interface IERC165 {
        /**
         * @dev Returns true if this contract implements the interface defined by
         * `interfaceId`. See the corresponding
         * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
         * to learn more about how these ids are created.
         *
         * This function call must use less than 30 000 gas.
         */
        function supportsInterface(bytes4 interfaceId) external view returns (bool);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Standard math utilities missing in the Solidity language.
     */
    library Math {
        /**
         * @dev Muldiv operation overflow.
         */
        error MathOverflowedMulDiv();
    
        enum Rounding {
            Floor, // Toward negative infinity
            Ceil, // Toward positive infinity
            Trunc, // Toward zero
            Expand // Away from zero
        }
    
        /**
         * @dev Returns the addition of two unsigned integers, with an overflow flag.
         */
        function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                uint256 c = a + b;
                if (c < a) return (false, 0);
                return (true, c);
            }
        }
    
        /**
         * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
         */
        function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                if (b > a) return (false, 0);
                return (true, a - b);
            }
        }
    
        /**
         * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
         */
        function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
                // benefit is lost if 'b' is also tested.
                // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
                if (a == 0) return (true, 0);
                uint256 c = a * b;
                if (c / a != b) return (false, 0);
                return (true, c);
            }
        }
    
        /**
         * @dev Returns the division of two unsigned integers, with a division by zero flag.
         */
        function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                if (b == 0) return (false, 0);
                return (true, a / b);
            }
        }
    
        /**
         * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
         */
        function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                if (b == 0) return (false, 0);
                return (true, a % b);
            }
        }
    
        /**
         * @dev Returns the largest of two numbers.
         */
        function max(uint256 a, uint256 b) internal pure returns (uint256) {
            return a > b ? a : b;
        }
    
        /**
         * @dev Returns the smallest of two numbers.
         */
        function min(uint256 a, uint256 b) internal pure returns (uint256) {
            return a < b ? a : b;
        }
    
        /**
         * @dev Returns the average of two numbers. The result is rounded towards
         * zero.
         */
        function average(uint256 a, uint256 b) internal pure returns (uint256) {
            // (a + b) / 2 can overflow.
            return (a & b) + (a ^ b) / 2;
        }
    
        /**
         * @dev Returns the ceiling of the division of two numbers.
         *
         * This differs from standard division with `/` in that it rounds towards infinity instead
         * of rounding towards zero.
         */
        function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
            if (b == 0) {
                // Guarantee the same behavior as in a regular Solidity division.
                return a / b;
            }
    
            // (a + b - 1) / b can overflow on addition, so we distribute.
            return a == 0 ? 0 : (a - 1) / b + 1;
        }
    
        /**
         * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
         * denominator == 0.
         * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
         * Uniswap Labs also under MIT license.
         */
        function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
            unchecked {
                // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
                // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
                // variables such that product = prod1 * 2^256 + prod0.
                uint256 prod0 = x * y; // Least significant 256 bits of the product
                uint256 prod1; // Most significant 256 bits of the product
                assembly {
                    let mm := mulmod(x, y, not(0))
                    prod1 := sub(sub(mm, prod0), lt(mm, prod0))
                }
    
                // Handle non-overflow cases, 256 by 256 division.
                if (prod1 == 0) {
                    // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                    // The surrounding unchecked block does not change this fact.
                    // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                    return prod0 / denominator;
                }
    
                // Make sure the result is less than 2^256. Also prevents denominator == 0.
                if (denominator <= prod1) {
                    revert MathOverflowedMulDiv();
                }
    
                ///////////////////////////////////////////////
                // 512 by 256 division.
                ///////////////////////////////////////////////
    
                // Make division exact by subtracting the remainder from [prod1 prod0].
                uint256 remainder;
                assembly {
                    // Compute remainder using mulmod.
                    remainder := mulmod(x, y, denominator)
    
                    // Subtract 256 bit number from 512 bit number.
                    prod1 := sub(prod1, gt(remainder, prod0))
                    prod0 := sub(prod0, remainder)
                }
    
                // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
                // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
    
                uint256 twos = denominator & (0 - denominator);
                assembly {
                    // Divide denominator by twos.
                    denominator := div(denominator, twos)
    
                    // Divide [prod1 prod0] by twos.
                    prod0 := div(prod0, twos)
    
                    // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                    twos := add(div(sub(0, twos), twos), 1)
                }
    
                // Shift in bits from prod1 into prod0.
                prod0 |= prod1 * twos;
    
                // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
                // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
                // four bits. That is, denominator * inv = 1 mod 2^4.
                uint256 inverse = (3 * denominator) ^ 2;
    
                // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
                // works in modular arithmetic, doubling the correct bits in each step.
                inverse *= 2 - denominator * inverse; // inverse mod 2^8
                inverse *= 2 - denominator * inverse; // inverse mod 2^16
                inverse *= 2 - denominator * inverse; // inverse mod 2^32
                inverse *= 2 - denominator * inverse; // inverse mod 2^64
                inverse *= 2 - denominator * inverse; // inverse mod 2^128
                inverse *= 2 - denominator * inverse; // inverse mod 2^256
    
                // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
                // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
                // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
                // is no longer required.
                result = prod0 * inverse;
                return result;
            }
        }
    
        /**
         * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
         */
        function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
            uint256 result = mulDiv(x, y, denominator);
            if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
                result += 1;
            }
            return result;
        }
    
        /**
         * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
         * towards zero.
         *
         * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
         */
        function sqrt(uint256 a) internal pure returns (uint256) {
            if (a == 0) {
                return 0;
            }
    
            // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
            //
            // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
            // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
            //
            // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
            // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
            // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
            //
            // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
            uint256 result = 1 << (log2(a) >> 1);
    
            // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
            // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
            // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
            // into the expected uint128 result.
            unchecked {
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                return min(result, a / result);
            }
        }
    
        /**
         * @notice Calculates sqrt(a), following the selected rounding direction.
         */
        function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = sqrt(a);
                return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
            }
        }
    
        /**
         * @dev Return the log in base 2 of a positive value rounded towards zero.
         * Returns 0 if given 0.
         */
        function log2(uint256 value) internal pure returns (uint256) {
            uint256 result = 0;
            unchecked {
                if (value >> 128 > 0) {
                    value >>= 128;
                    result += 128;
                }
                if (value >> 64 > 0) {
                    value >>= 64;
                    result += 64;
                }
                if (value >> 32 > 0) {
                    value >>= 32;
                    result += 32;
                }
                if (value >> 16 > 0) {
                    value >>= 16;
                    result += 16;
                }
                if (value >> 8 > 0) {
                    value >>= 8;
                    result += 8;
                }
                if (value >> 4 > 0) {
                    value >>= 4;
                    result += 4;
                }
                if (value >> 2 > 0) {
                    value >>= 2;
                    result += 2;
                }
                if (value >> 1 > 0) {
                    result += 1;
                }
            }
            return result;
        }
    
        /**
         * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
         * Returns 0 if given 0.
         */
        function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = log2(value);
                return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
            }
        }
    
        /**
         * @dev Return the log in base 10 of a positive value rounded towards zero.
         * Returns 0 if given 0.
         */
        function log10(uint256 value) internal pure returns (uint256) {
            uint256 result = 0;
            unchecked {
                if (value >= 10 ** 64) {
                    value /= 10 ** 64;
                    result += 64;
                }
                if (value >= 10 ** 32) {
                    value /= 10 ** 32;
                    result += 32;
                }
                if (value >= 10 ** 16) {
                    value /= 10 ** 16;
                    result += 16;
                }
                if (value >= 10 ** 8) {
                    value /= 10 ** 8;
                    result += 8;
                }
                if (value >= 10 ** 4) {
                    value /= 10 ** 4;
                    result += 4;
                }
                if (value >= 10 ** 2) {
                    value /= 10 ** 2;
                    result += 2;
                }
                if (value >= 10 ** 1) {
                    result += 1;
                }
            }
            return result;
        }
    
        /**
         * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
         * Returns 0 if given 0.
         */
        function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = log10(value);
                return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
            }
        }
    
        /**
         * @dev Return the log in base 256 of a positive value rounded towards zero.
         * Returns 0 if given 0.
         *
         * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
         */
        function log256(uint256 value) internal pure returns (uint256) {
            uint256 result = 0;
            unchecked {
                if (value >> 128 > 0) {
                    value >>= 128;
                    result += 16;
                }
                if (value >> 64 > 0) {
                    value >>= 64;
                    result += 8;
                }
                if (value >> 32 > 0) {
                    value >>= 32;
                    result += 4;
                }
                if (value >> 16 > 0) {
                    value >>= 16;
                    result += 2;
                }
                if (value >> 8 > 0) {
                    result += 1;
                }
            }
            return result;
        }
    
        /**
         * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
         * Returns 0 if given 0.
         */
        function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = log256(value);
                return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
            }
        }
    
        /**
         * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
         */
        function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
            return uint8(rounding) % 2 == 1;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SafeCast.sol)
    // This file was procedurally generated from scripts/generate/templates/SafeCast.js.
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
     * checks.
     *
     * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
     * easily result in undesired exploitation or bugs, since developers usually
     * assume that overflows raise errors. `SafeCast` restores this intuition by
     * reverting the transaction when such an operation overflows.
     *
     * Using this library instead of the unchecked operations eliminates an entire
     * class of bugs, so it's recommended to use it always.
     */
    library SafeCast {
        /**
         * @dev Value doesn't fit in an uint of `bits` size.
         */
        error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);
    
        /**
         * @dev An int value doesn't fit in an uint of `bits` size.
         */
        error SafeCastOverflowedIntToUint(int256 value);
    
        /**
         * @dev Value doesn't fit in an int of `bits` size.
         */
        error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);
    
        /**
         * @dev An uint value doesn't fit in an int of `bits` size.
         */
        error SafeCastOverflowedUintToInt(uint256 value);
    
        /**
         * @dev Returns the downcasted uint248 from uint256, reverting on
         * overflow (when the input is greater than largest uint248).
         *
         * Counterpart to Solidity's `uint248` operator.
         *
         * Requirements:
         *
         * - input must fit into 248 bits
         */
        function toUint248(uint256 value) internal pure returns (uint248) {
            if (value > type(uint248).max) {
                revert SafeCastOverflowedUintDowncast(248, value);
            }
            return uint248(value);
        }
    
        /**
         * @dev Returns the downcasted uint240 from uint256, reverting on
         * overflow (when the input is greater than largest uint240).
         *
         * Counterpart to Solidity's `uint240` operator.
         *
         * Requirements:
         *
         * - input must fit into 240 bits
         */
        function toUint240(uint256 value) internal pure returns (uint240) {
            if (value > type(uint240).max) {
                revert SafeCastOverflowedUintDowncast(240, value);
            }
            return uint240(value);
        }
    
        /**
         * @dev Returns the downcasted uint232 from uint256, reverting on
         * overflow (when the input is greater than largest uint232).
         *
         * Counterpart to Solidity's `uint232` operator.
         *
         * Requirements:
         *
         * - input must fit into 232 bits
         */
        function toUint232(uint256 value) internal pure returns (uint232) {
            if (value > type(uint232).max) {
                revert SafeCastOverflowedUintDowncast(232, value);
            }
            return uint232(value);
        }
    
        /**
         * @dev Returns the downcasted uint224 from uint256, reverting on
         * overflow (when the input is greater than largest uint224).
         *
         * Counterpart to Solidity's `uint224` operator.
         *
         * Requirements:
         *
         * - input must fit into 224 bits
         */
        function toUint224(uint256 value) internal pure returns (uint224) {
            if (value > type(uint224).max) {
                revert SafeCastOverflowedUintDowncast(224, value);
            }
            return uint224(value);
        }
    
        /**
         * @dev Returns the downcasted uint216 from uint256, reverting on
         * overflow (when the input is greater than largest uint216).
         *
         * Counterpart to Solidity's `uint216` operator.
         *
         * Requirements:
         *
         * - input must fit into 216 bits
         */
        function toUint216(uint256 value) internal pure returns (uint216) {
            if (value > type(uint216).max) {
                revert SafeCastOverflowedUintDowncast(216, value);
            }
            return uint216(value);
        }
    
        /**
         * @dev Returns the downcasted uint208 from uint256, reverting on
         * overflow (when the input is greater than largest uint208).
         *
         * Counterpart to Solidity's `uint208` operator.
         *
         * Requirements:
         *
         * - input must fit into 208 bits
         */
        function toUint208(uint256 value) internal pure returns (uint208) {
            if (value > type(uint208).max) {
                revert SafeCastOverflowedUintDowncast(208, value);
            }
            return uint208(value);
        }
    
        /**
         * @dev Returns the downcasted uint200 from uint256, reverting on
         * overflow (when the input is greater than largest uint200).
         *
         * Counterpart to Solidity's `uint200` operator.
         *
         * Requirements:
         *
         * - input must fit into 200 bits
         */
        function toUint200(uint256 value) internal pure returns (uint200) {
            if (value > type(uint200).max) {
                revert SafeCastOverflowedUintDowncast(200, value);
            }
            return uint200(value);
        }
    
        /**
         * @dev Returns the downcasted uint192 from uint256, reverting on
         * overflow (when the input is greater than largest uint192).
         *
         * Counterpart to Solidity's `uint192` operator.
         *
         * Requirements:
         *
         * - input must fit into 192 bits
         */
        function toUint192(uint256 value) internal pure returns (uint192) {
            if (value > type(uint192).max) {
                revert SafeCastOverflowedUintDowncast(192, value);
            }
            return uint192(value);
        }
    
        /**
         * @dev Returns the downcasted uint184 from uint256, reverting on
         * overflow (when the input is greater than largest uint184).
         *
         * Counterpart to Solidity's `uint184` operator.
         *
         * Requirements:
         *
         * - input must fit into 184 bits
         */
        function toUint184(uint256 value) internal pure returns (uint184) {
            if (value > type(uint184).max) {
                revert SafeCastOverflowedUintDowncast(184, value);
            }
            return uint184(value);
        }
    
        /**
         * @dev Returns the downcasted uint176 from uint256, reverting on
         * overflow (when the input is greater than largest uint176).
         *
         * Counterpart to Solidity's `uint176` operator.
         *
         * Requirements:
         *
         * - input must fit into 176 bits
         */
        function toUint176(uint256 value) internal pure returns (uint176) {
            if (value > type(uint176).max) {
                revert SafeCastOverflowedUintDowncast(176, value);
            }
            return uint176(value);
        }
    
        /**
         * @dev Returns the downcasted uint168 from uint256, reverting on
         * overflow (when the input is greater than largest uint168).
         *
         * Counterpart to Solidity's `uint168` operator.
         *
         * Requirements:
         *
         * - input must fit into 168 bits
         */
        function toUint168(uint256 value) internal pure returns (uint168) {
            if (value > type(uint168).max) {
                revert SafeCastOverflowedUintDowncast(168, value);
            }
            return uint168(value);
        }
    
        /**
         * @dev Returns the downcasted uint160 from uint256, reverting on
         * overflow (when the input is greater than largest uint160).
         *
         * Counterpart to Solidity's `uint160` operator.
         *
         * Requirements:
         *
         * - input must fit into 160 bits
         */
        function toUint160(uint256 value) internal pure returns (uint160) {
            if (value > type(uint160).max) {
                revert SafeCastOverflowedUintDowncast(160, value);
            }
            return uint160(value);
        }
    
        /**
         * @dev Returns the downcasted uint152 from uint256, reverting on
         * overflow (when the input is greater than largest uint152).
         *
         * Counterpart to Solidity's `uint152` operator.
         *
         * Requirements:
         *
         * - input must fit into 152 bits
         */
        function toUint152(uint256 value) internal pure returns (uint152) {
            if (value > type(uint152).max) {
                revert SafeCastOverflowedUintDowncast(152, value);
            }
            return uint152(value);
        }
    
        /**
         * @dev Returns the downcasted uint144 from uint256, reverting on
         * overflow (when the input is greater than largest uint144).
         *
         * Counterpart to Solidity's `uint144` operator.
         *
         * Requirements:
         *
         * - input must fit into 144 bits
         */
        function toUint144(uint256 value) internal pure returns (uint144) {
            if (value > type(uint144).max) {
                revert SafeCastOverflowedUintDowncast(144, value);
            }
            return uint144(value);
        }
    
        /**
         * @dev Returns the downcasted uint136 from uint256, reverting on
         * overflow (when the input is greater than largest uint136).
         *
         * Counterpart to Solidity's `uint136` operator.
         *
         * Requirements:
         *
         * - input must fit into 136 bits
         */
        function toUint136(uint256 value) internal pure returns (uint136) {
            if (value > type(uint136).max) {
                revert SafeCastOverflowedUintDowncast(136, value);
            }
            return uint136(value);
        }
    
        /**
         * @dev Returns the downcasted uint128 from uint256, reverting on
         * overflow (when the input is greater than largest uint128).
         *
         * Counterpart to Solidity's `uint128` operator.
         *
         * Requirements:
         *
         * - input must fit into 128 bits
         */
        function toUint128(uint256 value) internal pure returns (uint128) {
            if (value > type(uint128).max) {
                revert SafeCastOverflowedUintDowncast(128, value);
            }
            return uint128(value);
        }
    
        /**
         * @dev Returns the downcasted uint120 from uint256, reverting on
         * overflow (when the input is greater than largest uint120).
         *
         * Counterpart to Solidity's `uint120` operator.
         *
         * Requirements:
         *
         * - input must fit into 120 bits
         */
        function toUint120(uint256 value) internal pure returns (uint120) {
            if (value > type(uint120).max) {
                revert SafeCastOverflowedUintDowncast(120, value);
            }
            return uint120(value);
        }
    
        /**
         * @dev Returns the downcasted uint112 from uint256, reverting on
         * overflow (when the input is greater than largest uint112).
         *
         * Counterpart to Solidity's `uint112` operator.
         *
         * Requirements:
         *
         * - input must fit into 112 bits
         */
        function toUint112(uint256 value) internal pure returns (uint112) {
            if (value > type(uint112).max) {
                revert SafeCastOverflowedUintDowncast(112, value);
            }
            return uint112(value);
        }
    
        /**
         * @dev Returns the downcasted uint104 from uint256, reverting on
         * overflow (when the input is greater than largest uint104).
         *
         * Counterpart to Solidity's `uint104` operator.
         *
         * Requirements:
         *
         * - input must fit into 104 bits
         */
        function toUint104(uint256 value) internal pure returns (uint104) {
            if (value > type(uint104).max) {
                revert SafeCastOverflowedUintDowncast(104, value);
            }
            return uint104(value);
        }
    
        /**
         * @dev Returns the downcasted uint96 from uint256, reverting on
         * overflow (when the input is greater than largest uint96).
         *
         * Counterpart to Solidity's `uint96` operator.
         *
         * Requirements:
         *
         * - input must fit into 96 bits
         */
        function toUint96(uint256 value) internal pure returns (uint96) {
            if (value > type(uint96).max) {
                revert SafeCastOverflowedUintDowncast(96, value);
            }
            return uint96(value);
        }
    
        /**
         * @dev Returns the downcasted uint88 from uint256, reverting on
         * overflow (when the input is greater than largest uint88).
         *
         * Counterpart to Solidity's `uint88` operator.
         *
         * Requirements:
         *
         * - input must fit into 88 bits
         */
        function toUint88(uint256 value) internal pure returns (uint88) {
            if (value > type(uint88).max) {
                revert SafeCastOverflowedUintDowncast(88, value);
            }
            return uint88(value);
        }
    
        /**
         * @dev Returns the downcasted uint80 from uint256, reverting on
         * overflow (when the input is greater than largest uint80).
         *
         * Counterpart to Solidity's `uint80` operator.
         *
         * Requirements:
         *
         * - input must fit into 80 bits
         */
        function toUint80(uint256 value) internal pure returns (uint80) {
            if (value > type(uint80).max) {
                revert SafeCastOverflowedUintDowncast(80, value);
            }
            return uint80(value);
        }
    
        /**
         * @dev Returns the downcasted uint72 from uint256, reverting on
         * overflow (when the input is greater than largest uint72).
         *
         * Counterpart to Solidity's `uint72` operator.
         *
         * Requirements:
         *
         * - input must fit into 72 bits
         */
        function toUint72(uint256 value) internal pure returns (uint72) {
            if (value > type(uint72).max) {
                revert SafeCastOverflowedUintDowncast(72, value);
            }
            return uint72(value);
        }
    
        /**
         * @dev Returns the downcasted uint64 from uint256, reverting on
         * overflow (when the input is greater than largest uint64).
         *
         * Counterpart to Solidity's `uint64` operator.
         *
         * Requirements:
         *
         * - input must fit into 64 bits
         */
        function toUint64(uint256 value) internal pure returns (uint64) {
            if (value > type(uint64).max) {
                revert SafeCastOverflowedUintDowncast(64, value);
            }
            return uint64(value);
        }
    
        /**
         * @dev Returns the downcasted uint56 from uint256, reverting on
         * overflow (when the input is greater than largest uint56).
         *
         * Counterpart to Solidity's `uint56` operator.
         *
         * Requirements:
         *
         * - input must fit into 56 bits
         */
        function toUint56(uint256 value) internal pure returns (uint56) {
            if (value > type(uint56).max) {
                revert SafeCastOverflowedUintDowncast(56, value);
            }
            return uint56(value);
        }
    
        /**
         * @dev Returns the downcasted uint48 from uint256, reverting on
         * overflow (when the input is greater than largest uint48).
         *
         * Counterpart to Solidity's `uint48` operator.
         *
         * Requirements:
         *
         * - input must fit into 48 bits
         */
        function toUint48(uint256 value) internal pure returns (uint48) {
            if (value > type(uint48).max) {
                revert SafeCastOverflowedUintDowncast(48, value);
            }
            return uint48(value);
        }
    
        /**
         * @dev Returns the downcasted uint40 from uint256, reverting on
         * overflow (when the input is greater than largest uint40).
         *
         * Counterpart to Solidity's `uint40` operator.
         *
         * Requirements:
         *
         * - input must fit into 40 bits
         */
        function toUint40(uint256 value) internal pure returns (uint40) {
            if (value > type(uint40).max) {
                revert SafeCastOverflowedUintDowncast(40, value);
            }
            return uint40(value);
        }
    
        /**
         * @dev Returns the downcasted uint32 from uint256, reverting on
         * overflow (when the input is greater than largest uint32).
         *
         * Counterpart to Solidity's `uint32` operator.
         *
         * Requirements:
         *
         * - input must fit into 32 bits
         */
        function toUint32(uint256 value) internal pure returns (uint32) {
            if (value > type(uint32).max) {
                revert SafeCastOverflowedUintDowncast(32, value);
            }
            return uint32(value);
        }
    
        /**
         * @dev Returns the downcasted uint24 from uint256, reverting on
         * overflow (when the input is greater than largest uint24).
         *
         * Counterpart to Solidity's `uint24` operator.
         *
         * Requirements:
         *
         * - input must fit into 24 bits
         */
        function toUint24(uint256 value) internal pure returns (uint24) {
            if (value > type(uint24).max) {
                revert SafeCastOverflowedUintDowncast(24, value);
            }
            return uint24(value);
        }
    
        /**
         * @dev Returns the downcasted uint16 from uint256, reverting on
         * overflow (when the input is greater than largest uint16).
         *
         * Counterpart to Solidity's `uint16` operator.
         *
         * Requirements:
         *
         * - input must fit into 16 bits
         */
        function toUint16(uint256 value) internal pure returns (uint16) {
            if (value > type(uint16).max) {
                revert SafeCastOverflowedUintDowncast(16, value);
            }
            return uint16(value);
        }
    
        /**
         * @dev Returns the downcasted uint8 from uint256, reverting on
         * overflow (when the input is greater than largest uint8).
         *
         * Counterpart to Solidity's `uint8` operator.
         *
         * Requirements:
         *
         * - input must fit into 8 bits
         */
        function toUint8(uint256 value) internal pure returns (uint8) {
            if (value > type(uint8).max) {
                revert SafeCastOverflowedUintDowncast(8, value);
            }
            return uint8(value);
        }
    
        /**
         * @dev Converts a signed int256 into an unsigned uint256.
         *
         * Requirements:
         *
         * - input must be greater than or equal to 0.
         */
        function toUint256(int256 value) internal pure returns (uint256) {
            if (value < 0) {
                revert SafeCastOverflowedIntToUint(value);
            }
            return uint256(value);
        }
    
        /**
         * @dev Returns the downcasted int248 from int256, reverting on
         * overflow (when the input is less than smallest int248 or
         * greater than largest int248).
         *
         * Counterpart to Solidity's `int248` operator.
         *
         * Requirements:
         *
         * - input must fit into 248 bits
         */
        function toInt248(int256 value) internal pure returns (int248 downcasted) {
            downcasted = int248(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(248, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int240 from int256, reverting on
         * overflow (when the input is less than smallest int240 or
         * greater than largest int240).
         *
         * Counterpart to Solidity's `int240` operator.
         *
         * Requirements:
         *
         * - input must fit into 240 bits
         */
        function toInt240(int256 value) internal pure returns (int240 downcasted) {
            downcasted = int240(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(240, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int232 from int256, reverting on
         * overflow (when the input is less than smallest int232 or
         * greater than largest int232).
         *
         * Counterpart to Solidity's `int232` operator.
         *
         * Requirements:
         *
         * - input must fit into 232 bits
         */
        function toInt232(int256 value) internal pure returns (int232 downcasted) {
            downcasted = int232(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(232, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int224 from int256, reverting on
         * overflow (when the input is less than smallest int224 or
         * greater than largest int224).
         *
         * Counterpart to Solidity's `int224` operator.
         *
         * Requirements:
         *
         * - input must fit into 224 bits
         */
        function toInt224(int256 value) internal pure returns (int224 downcasted) {
            downcasted = int224(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(224, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int216 from int256, reverting on
         * overflow (when the input is less than smallest int216 or
         * greater than largest int216).
         *
         * Counterpart to Solidity's `int216` operator.
         *
         * Requirements:
         *
         * - input must fit into 216 bits
         */
        function toInt216(int256 value) internal pure returns (int216 downcasted) {
            downcasted = int216(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(216, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int208 from int256, reverting on
         * overflow (when the input is less than smallest int208 or
         * greater than largest int208).
         *
         * Counterpart to Solidity's `int208` operator.
         *
         * Requirements:
         *
         * - input must fit into 208 bits
         */
        function toInt208(int256 value) internal pure returns (int208 downcasted) {
            downcasted = int208(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(208, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int200 from int256, reverting on
         * overflow (when the input is less than smallest int200 or
         * greater than largest int200).
         *
         * Counterpart to Solidity's `int200` operator.
         *
         * Requirements:
         *
         * - input must fit into 200 bits
         */
        function toInt200(int256 value) internal pure returns (int200 downcasted) {
            downcasted = int200(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(200, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int192 from int256, reverting on
         * overflow (when the input is less than smallest int192 or
         * greater than largest int192).
         *
         * Counterpart to Solidity's `int192` operator.
         *
         * Requirements:
         *
         * - input must fit into 192 bits
         */
        function toInt192(int256 value) internal pure returns (int192 downcasted) {
            downcasted = int192(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(192, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int184 from int256, reverting on
         * overflow (when the input is less than smallest int184 or
         * greater than largest int184).
         *
         * Counterpart to Solidity's `int184` operator.
         *
         * Requirements:
         *
         * - input must fit into 184 bits
         */
        function toInt184(int256 value) internal pure returns (int184 downcasted) {
            downcasted = int184(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(184, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int176 from int256, reverting on
         * overflow (when the input is less than smallest int176 or
         * greater than largest int176).
         *
         * Counterpart to Solidity's `int176` operator.
         *
         * Requirements:
         *
         * - input must fit into 176 bits
         */
        function toInt176(int256 value) internal pure returns (int176 downcasted) {
            downcasted = int176(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(176, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int168 from int256, reverting on
         * overflow (when the input is less than smallest int168 or
         * greater than largest int168).
         *
         * Counterpart to Solidity's `int168` operator.
         *
         * Requirements:
         *
         * - input must fit into 168 bits
         */
        function toInt168(int256 value) internal pure returns (int168 downcasted) {
            downcasted = int168(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(168, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int160 from int256, reverting on
         * overflow (when the input is less than smallest int160 or
         * greater than largest int160).
         *
         * Counterpart to Solidity's `int160` operator.
         *
         * Requirements:
         *
         * - input must fit into 160 bits
         */
        function toInt160(int256 value) internal pure returns (int160 downcasted) {
            downcasted = int160(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(160, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int152 from int256, reverting on
         * overflow (when the input is less than smallest int152 or
         * greater than largest int152).
         *
         * Counterpart to Solidity's `int152` operator.
         *
         * Requirements:
         *
         * - input must fit into 152 bits
         */
        function toInt152(int256 value) internal pure returns (int152 downcasted) {
            downcasted = int152(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(152, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int144 from int256, reverting on
         * overflow (when the input is less than smallest int144 or
         * greater than largest int144).
         *
         * Counterpart to Solidity's `int144` operator.
         *
         * Requirements:
         *
         * - input must fit into 144 bits
         */
        function toInt144(int256 value) internal pure returns (int144 downcasted) {
            downcasted = int144(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(144, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int136 from int256, reverting on
         * overflow (when the input is less than smallest int136 or
         * greater than largest int136).
         *
         * Counterpart to Solidity's `int136` operator.
         *
         * Requirements:
         *
         * - input must fit into 136 bits
         */
        function toInt136(int256 value) internal pure returns (int136 downcasted) {
            downcasted = int136(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(136, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int128 from int256, reverting on
         * overflow (when the input is less than smallest int128 or
         * greater than largest int128).
         *
         * Counterpart to Solidity's `int128` operator.
         *
         * Requirements:
         *
         * - input must fit into 128 bits
         */
        function toInt128(int256 value) internal pure returns (int128 downcasted) {
            downcasted = int128(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(128, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int120 from int256, reverting on
         * overflow (when the input is less than smallest int120 or
         * greater than largest int120).
         *
         * Counterpart to Solidity's `int120` operator.
         *
         * Requirements:
         *
         * - input must fit into 120 bits
         */
        function toInt120(int256 value) internal pure returns (int120 downcasted) {
            downcasted = int120(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(120, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int112 from int256, reverting on
         * overflow (when the input is less than smallest int112 or
         * greater than largest int112).
         *
         * Counterpart to Solidity's `int112` operator.
         *
         * Requirements:
         *
         * - input must fit into 112 bits
         */
        function toInt112(int256 value) internal pure returns (int112 downcasted) {
            downcasted = int112(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(112, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int104 from int256, reverting on
         * overflow (when the input is less than smallest int104 or
         * greater than largest int104).
         *
         * Counterpart to Solidity's `int104` operator.
         *
         * Requirements:
         *
         * - input must fit into 104 bits
         */
        function toInt104(int256 value) internal pure returns (int104 downcasted) {
            downcasted = int104(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(104, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int96 from int256, reverting on
         * overflow (when the input is less than smallest int96 or
         * greater than largest int96).
         *
         * Counterpart to Solidity's `int96` operator.
         *
         * Requirements:
         *
         * - input must fit into 96 bits
         */
        function toInt96(int256 value) internal pure returns (int96 downcasted) {
            downcasted = int96(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(96, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int88 from int256, reverting on
         * overflow (when the input is less than smallest int88 or
         * greater than largest int88).
         *
         * Counterpart to Solidity's `int88` operator.
         *
         * Requirements:
         *
         * - input must fit into 88 bits
         */
        function toInt88(int256 value) internal pure returns (int88 downcasted) {
            downcasted = int88(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(88, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int80 from int256, reverting on
         * overflow (when the input is less than smallest int80 or
         * greater than largest int80).
         *
         * Counterpart to Solidity's `int80` operator.
         *
         * Requirements:
         *
         * - input must fit into 80 bits
         */
        function toInt80(int256 value) internal pure returns (int80 downcasted) {
            downcasted = int80(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(80, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int72 from int256, reverting on
         * overflow (when the input is less than smallest int72 or
         * greater than largest int72).
         *
         * Counterpart to Solidity's `int72` operator.
         *
         * Requirements:
         *
         * - input must fit into 72 bits
         */
        function toInt72(int256 value) internal pure returns (int72 downcasted) {
            downcasted = int72(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(72, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int64 from int256, reverting on
         * overflow (when the input is less than smallest int64 or
         * greater than largest int64).
         *
         * Counterpart to Solidity's `int64` operator.
         *
         * Requirements:
         *
         * - input must fit into 64 bits
         */
        function toInt64(int256 value) internal pure returns (int64 downcasted) {
            downcasted = int64(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(64, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int56 from int256, reverting on
         * overflow (when the input is less than smallest int56 or
         * greater than largest int56).
         *
         * Counterpart to Solidity's `int56` operator.
         *
         * Requirements:
         *
         * - input must fit into 56 bits
         */
        function toInt56(int256 value) internal pure returns (int56 downcasted) {
            downcasted = int56(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(56, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int48 from int256, reverting on
         * overflow (when the input is less than smallest int48 or
         * greater than largest int48).
         *
         * Counterpart to Solidity's `int48` operator.
         *
         * Requirements:
         *
         * - input must fit into 48 bits
         */
        function toInt48(int256 value) internal pure returns (int48 downcasted) {
            downcasted = int48(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(48, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int40 from int256, reverting on
         * overflow (when the input is less than smallest int40 or
         * greater than largest int40).
         *
         * Counterpart to Solidity's `int40` operator.
         *
         * Requirements:
         *
         * - input must fit into 40 bits
         */
        function toInt40(int256 value) internal pure returns (int40 downcasted) {
            downcasted = int40(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(40, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int32 from int256, reverting on
         * overflow (when the input is less than smallest int32 or
         * greater than largest int32).
         *
         * Counterpart to Solidity's `int32` operator.
         *
         * Requirements:
         *
         * - input must fit into 32 bits
         */
        function toInt32(int256 value) internal pure returns (int32 downcasted) {
            downcasted = int32(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(32, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int24 from int256, reverting on
         * overflow (when the input is less than smallest int24 or
         * greater than largest int24).
         *
         * Counterpart to Solidity's `int24` operator.
         *
         * Requirements:
         *
         * - input must fit into 24 bits
         */
        function toInt24(int256 value) internal pure returns (int24 downcasted) {
            downcasted = int24(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(24, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int16 from int256, reverting on
         * overflow (when the input is less than smallest int16 or
         * greater than largest int16).
         *
         * Counterpart to Solidity's `int16` operator.
         *
         * Requirements:
         *
         * - input must fit into 16 bits
         */
        function toInt16(int256 value) internal pure returns (int16 downcasted) {
            downcasted = int16(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(16, value);
            }
        }
    
        /**
         * @dev Returns the downcasted int8 from int256, reverting on
         * overflow (when the input is less than smallest int8 or
         * greater than largest int8).
         *
         * Counterpart to Solidity's `int8` operator.
         *
         * Requirements:
         *
         * - input must fit into 8 bits
         */
        function toInt8(int256 value) internal pure returns (int8 downcasted) {
            downcasted = int8(value);
            if (downcasted != value) {
                revert SafeCastOverflowedIntDowncast(8, value);
            }
        }
    
        /**
         * @dev Converts an unsigned uint256 into a signed int256.
         *
         * Requirements:
         *
         * - input must be less than or equal to maxInt256.
         */
        function toInt256(uint256 value) internal pure returns (int256) {
            // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
            if (value > uint256(type(int256).max)) {
                revert SafeCastOverflowedUintToInt(value);
            }
            return int256(value);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Standard signed math utilities missing in the Solidity language.
     */
    library SignedMath {
        /**
         * @dev Returns the largest of two signed numbers.
         */
        function max(int256 a, int256 b) internal pure returns (int256) {
            return a > b ? a : b;
        }
    
        /**
         * @dev Returns the smallest of two signed numbers.
         */
        function min(int256 a, int256 b) internal pure returns (int256) {
            return a < b ? a : b;
        }
    
        /**
         * @dev Returns the average of two signed numbers without overflow.
         * The result is rounded towards zero.
         */
        function average(int256 a, int256 b) internal pure returns (int256) {
            // Formula from the book "Hacker's Delight"
            int256 x = (a & b) + ((a ^ b) >> 1);
            return x + (int256(uint256(x) >> 255) & (a ^ b));
        }
    
        /**
         * @dev Returns the absolute unsigned value of a signed value.
         */
        function abs(int256 n) internal pure returns (uint256) {
            unchecked {
                // must be unchecked in order to support `n = type(int256).min`
                return uint256(n >= 0 ? n : -n);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/Nonces.sol)
    pragma solidity ^0.8.20;
    
    /**
     * @dev Provides tracking nonces for addresses. Nonces will only increment.
     */
    abstract contract Nonces {
        /**
         * @dev The nonce used for an `account` is not the expected current nonce.
         */
        error InvalidAccountNonce(address account, uint256 currentNonce);
    
        mapping(address account => uint256) private _nonces;
    
        /**
         * @dev Returns the next unused nonce for an address.
         */
        function nonces(address owner) public view virtual returns (uint256) {
            return _nonces[owner];
        }
    
        /**
         * @dev Consumes a nonce.
         *
         * Returns the current value and increments nonce.
         */
        function _useNonce(address owner) internal virtual returns (uint256) {
            // For each account, the nonce has an initial value of 0, can only be incremented by one, and cannot be
            // decremented or reset. This guarantees that the nonce never overflows.
            unchecked {
                // It is important to do x++ and not ++x here.
                return _nonces[owner]++;
            }
        }
    
        /**
         * @dev Same as {_useNonce} but checking that `nonce` is the next valid for `owner`.
         */
        function _useCheckedNonce(address owner, uint256 nonce) internal virtual {
            uint256 current = _useNonce(owner);
            if (nonce != current) {
                revert InvalidAccountNonce(owner, current);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/ShortStrings.sol)
    
    pragma solidity ^0.8.20;
    
    import {StorageSlot} from "./StorageSlot.sol";
    
    // | string  | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   |
    // | length  | 0x                                                              BB |
    type ShortString is bytes32;
    
    /**
     * @dev This library provides functions to convert short memory strings
     * into a `ShortString` type that can be used as an immutable variable.
     *
     * Strings of arbitrary length can be optimized using this library if
     * they are short enough (up to 31 bytes) by packing them with their
     * length (1 byte) in a single EVM word (32 bytes). Additionally, a
     * fallback mechanism can be used for every other case.
     *
     * Usage example:
     *
     * ```solidity
     * contract Named {
     *     using ShortStrings for *;
     *
     *     ShortString private immutable _name;
     *     string private _nameFallback;
     *
     *     constructor(string memory contractName) {
     *         _name = contractName.toShortStringWithFallback(_nameFallback);
     *     }
     *
     *     function name() external view returns (string memory) {
     *         return _name.toStringWithFallback(_nameFallback);
     *     }
     * }
     * ```
     */
    library ShortStrings {
        // Used as an identifier for strings longer than 31 bytes.
        bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
    
        error StringTooLong(string str);
        error InvalidShortString();
    
        /**
         * @dev Encode a string of at most 31 chars into a `ShortString`.
         *
         * This will trigger a `StringTooLong` error is the input string is too long.
         */
        function toShortString(string memory str) internal pure returns (ShortString) {
            bytes memory bstr = bytes(str);
            if (bstr.length > 31) {
                revert StringTooLong(str);
            }
            return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
        }
    
        /**
         * @dev Decode a `ShortString` back to a "normal" string.
         */
        function toString(ShortString sstr) internal pure returns (string memory) {
            uint256 len = byteLength(sstr);
            // using `new string(len)` would work locally but is not memory safe.
            string memory str = new string(32);
            /// @solidity memory-safe-assembly
            assembly {
                mstore(str, len)
                mstore(add(str, 0x20), sstr)
            }
            return str;
        }
    
        /**
         * @dev Return the length of a `ShortString`.
         */
        function byteLength(ShortString sstr) internal pure returns (uint256) {
            uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
            if (result > 31) {
                revert InvalidShortString();
            }
            return result;
        }
    
        /**
         * @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
         */
        function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
            if (bytes(value).length < 32) {
                return toShortString(value);
            } else {
                StorageSlot.getStringSlot(store).value = value;
                return ShortString.wrap(FALLBACK_SENTINEL);
            }
        }
    
        /**
         * @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
         */
        function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
            if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {
                return toString(value);
            } else {
                return store;
            }
        }
    
        /**
         * @dev Return the length of a string that was encoded to `ShortString` or written to storage using
         * {setWithFallback}.
         *
         * WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
         * actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
         */
        function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
            if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {
                return byteLength(value);
            } else {
                return bytes(store).length;
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
    // This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Library for reading and writing primitive types to specific storage slots.
     *
     * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
     * This library helps with reading and writing to such slots without the need for inline assembly.
     *
     * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
     *
     * Example usage to set ERC1967 implementation slot:
     * ```solidity
     * contract ERC1967 {
     *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
     *
     *     function _getImplementation() internal view returns (address) {
     *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
     *     }
     *
     *     function _setImplementation(address newImplementation) internal {
     *         require(newImplementation.code.length > 0);
     *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
     *     }
     * }
     * ```
     */
    library StorageSlot {
        struct AddressSlot {
            address value;
        }
    
        struct BooleanSlot {
            bool value;
        }
    
        struct Bytes32Slot {
            bytes32 value;
        }
    
        struct Uint256Slot {
            uint256 value;
        }
    
        struct StringSlot {
            string value;
        }
    
        struct BytesSlot {
            bytes value;
        }
    
        /**
         * @dev Returns an `AddressSlot` with member `value` located at `slot`.
         */
        function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `BooleanSlot` with member `value` located at `slot`.
         */
        function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
         */
        function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `Uint256Slot` with member `value` located at `slot`.
         */
        function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `StringSlot` with member `value` located at `slot`.
         */
        function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
         */
        function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := store.slot
            }
        }
    
        /**
         * @dev Returns an `BytesSlot` with member `value` located at `slot`.
         */
        function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
         */
        function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := store.slot
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)
    
    pragma solidity ^0.8.20;
    
    import {Math} from "./math/Math.sol";
    import {SignedMath} from "./math/SignedMath.sol";
    
    /**
     * @dev String operations.
     */
    library Strings {
        bytes16 private constant HEX_DIGITS = "0123456789abcdef";
        uint8 private constant ADDRESS_LENGTH = 20;
    
        /**
         * @dev The `value` string doesn't fit in the specified `length`.
         */
        error StringsInsufficientHexLength(uint256 value, uint256 length);
    
        /**
         * @dev Converts a `uint256` to its ASCII `string` decimal representation.
         */
        function toString(uint256 value) internal pure returns (string memory) {
            unchecked {
                uint256 length = Math.log10(value) + 1;
                string memory buffer = new string(length);
                uint256 ptr;
                /// @solidity memory-safe-assembly
                assembly {
                    ptr := add(buffer, add(32, length))
                }
                while (true) {
                    ptr--;
                    /// @solidity memory-safe-assembly
                    assembly {
                        mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
                    }
                    value /= 10;
                    if (value == 0) break;
                }
                return buffer;
            }
        }
    
        /**
         * @dev Converts a `int256` to its ASCII `string` decimal representation.
         */
        function toStringSigned(int256 value) internal pure returns (string memory) {
            return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
        }
    
        /**
         * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
         */
        function toHexString(uint256 value) internal pure returns (string memory) {
            unchecked {
                return toHexString(value, Math.log256(value) + 1);
            }
        }
    
        /**
         * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
         */
        function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
            uint256 localValue = value;
            bytes memory buffer = new bytes(2 * length + 2);
            buffer[0] = "0";
            buffer[1] = "x";
            for (uint256 i = 2 * length + 1; i > 1; --i) {
                buffer[i] = HEX_DIGITS[localValue & 0xf];
                localValue >>= 4;
            }
            if (localValue != 0) {
                revert StringsInsufficientHexLength(value, length);
            }
            return string(buffer);
        }
    
        /**
         * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
         * representation.
         */
        function toHexString(address addr) internal pure returns (string memory) {
            return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
        }
    
        /**
         * @dev Returns true if the two strings are equal.
         */
        function equal(string memory a, string memory b) internal pure returns (bool) {
            return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
        }
    }

    // SPDX-License-Identifier: GPL-3.0-or-later
    
    pragma solidity ^0.8.24;
    
    import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";
    
    import { ISwapFeePercentageBounds } from "@balancer-labs/v3-interfaces/contracts/vault/ISwapFeePercentageBounds.sol";
    import {
        IUnbalancedLiquidityInvariantRatioBounds
    } from "@balancer-labs/v3-interfaces/contracts/vault/IUnbalancedLiquidityInvariantRatioBounds.sol";
    import { IBasePool } from "@balancer-labs/v3-interfaces/contracts/vault/IBasePool.sol";
    import { IVault } from "@balancer-labs/v3-interfaces/contracts/vault/IVault.sol";
    import {
        IStablePool,
        StablePoolDynamicData,
        StablePoolImmutableData,
        AmplificationState
    } from "@balancer-labs/v3-interfaces/contracts/pool-stable/IStablePool.sol";
    import "@balancer-labs/v3-interfaces/contracts/vault/VaultTypes.sol";
    
    import { BasePoolAuthentication } from "@balancer-labs/v3-pool-utils/contracts/BasePoolAuthentication.sol";
    import { BalancerPoolToken } from "@balancer-labs/v3-vault/contracts/BalancerPoolToken.sol";
    import { FixedPoint } from "@balancer-labs/v3-solidity-utils/contracts/math/FixedPoint.sol";
    import { StableMath } from "@balancer-labs/v3-solidity-utils/contracts/math/StableMath.sol";
    import { Version } from "@balancer-labs/v3-solidity-utils/contracts/helpers/Version.sol";
    import { PoolInfo } from "@balancer-labs/v3-pool-utils/contracts/PoolInfo.sol";
    
    /**
     * @notice Standard Balancer Stable Pool.
     * @dev Stable Pools are designed for assets that are either expected to consistently swap at near parity,
     * or at a known exchange rate. Stable Pools use `StableMath` (based on StableSwap, popularized by Curve),
     * which allows for swaps of significant size before encountering substantial price impact, vastly
     * increasing capital efficiency for like-kind and correlated-kind swaps.
     *
     * The `amplificationParameter` determines the "flatness" of the price curve. Higher values "flatten" the
     * curve, meaning there is a larger range of balances over which tokens will trade near parity, with very low
     * slippage. Generally, the `amplificationParameter` can be higher for tokens with lower volatility, and pools
     * with higher liquidity. Lower values more closely approximate the "weighted" math curve, handling greater
     * volatility at the cost of higher slippage. This parameter can be changed through permissioned calls
     * (see below for details).
     *
     * The swap fee percentage is bounded by minimum and maximum values (same as were used in v2).
     */
    contract StablePool is IStablePool, BalancerPoolToken, BasePoolAuthentication, PoolInfo, Version {
        using FixedPoint for uint256;
        using SafeCast for *;
    
        // This contract uses timestamps to slowly update its Amplification parameter over time. These changes must occur
        // over a minimum time period much larger than the block time, making timestamp manipulation a non-issue.
        // solhint-disable not-rely-on-time
    
        // Amplification factor changes must happen over a minimum period of one day, and can at most divide or multiple the
        // current value by 2 every day.
        // WARNING: this only limits *a single* amplification change to have a maximum rate of change of twice the original
        // value daily. It is possible to perform multiple amplification changes in sequence to increase this value more
        // rapidly: for example, by doubling the value every day it can increase by a factor of 8 over three days (2^3).
        uint256 private constant _MIN_UPDATE_TIME = 1 days;
        uint256 private constant _MAX_AMP_UPDATE_DAILY_RATE = 2;
    
        // Fees are 18-decimal, floating point values, which will be stored in the Vault using 24 bits.
        // This means they have 0.00001% resolution (i.e., any non-zero bits < 1e11 will cause precision loss).
        // Minimum values help make the math well-behaved (i.e., the swap fee should overwhelm any rounding error).
        // Maximum values protect users by preventing permissioned actors from setting excessively high swap fees.
        uint256 private constant _MIN_SWAP_FEE_PERCENTAGE = 1e12; // 0.0001%
        uint256 private constant _MAX_SWAP_FEE_PERCENTAGE = 10e16; // 10%
    
        /// @notice Store amplification state.
        AmplificationState private _amplificationState;
    
        /**
         * @notice An amplification update has started.
         * @param startValue Starting value of the amplification parameter
         * @param endValue Ending value of the amplification parameter
         * @param startTime Timestamp when the update starts
         * @param endTime Timestamp when the update is complete
         */
        event AmpUpdateStarted(uint256 startValue, uint256 endValue, uint256 startTime, uint256 endTime);
    
        /**
         * @notice An amplification update has been stopped.
         * @param currentValue The value at which it stopped
         */
        event AmpUpdateStopped(uint256 currentValue);
    
        /// @notice The amplification factor is below the minimum of the range (1 - 5000).
        error AmplificationFactorTooLow();
    
        /// @notice The amplification factor is above the maximum of the range (1 - 5000).
        error AmplificationFactorTooHigh();
    
        /// @notice The amplification change duration is too short.
        error AmpUpdateDurationTooShort();
    
        /// @notice The amplification change rate is too fast.
        error AmpUpdateRateTooFast();
    
        /// @notice Amplification update operations must be done one at a time.
        error AmpUpdateAlreadyStarted();
    
        /// @notice Cannot stop an amplification update before it starts.
        error AmpUpdateNotStarted();
    
        /**
         * @notice Parameters used to deploy a new Stable Pool.
         * @param name ERC20 token name
         * @param symbol ERC20 token symbol
         * @param amplificationParameter Controls the "flatness" of the invariant curve. higher values = lower slippage,
         * and assumes prices are near parity. lower values = closer to the constant product curve (e.g., more like a
         * weighted pool). This has higher slippage, and accommodates greater price volatility
         * @param version The stable pool version
         */
        struct NewPoolParams {
            string name;
            string symbol;
            uint256 amplificationParameter;
            string version;
        }
    
        constructor(
            NewPoolParams memory params,
            IVault vault
        )
            BalancerPoolToken(vault, params.name, params.symbol)
            BasePoolAuthentication(vault, msg.sender)
            PoolInfo(vault)
            Version(params.version)
        {
            if (params.amplificationParameter < StableMath.MIN_AMP) {
                revert AmplificationFactorTooLow();
            }
            if (params.amplificationParameter > StableMath.MAX_AMP) {
                revert AmplificationFactorTooHigh();
            }
    
            uint256 initialAmp = params.amplificationParameter * StableMath.AMP_PRECISION;
            _stopAmplification(initialAmp);
        }
    
        /// @inheritdoc IBasePool
        function computeInvariant(uint256[] memory balancesLiveScaled18, Rounding rounding) public view returns (uint256) {
            (uint256 currentAmp, ) = _getAmplificationParameter();
    
            uint256 invariant = StableMath.computeInvariant(currentAmp, balancesLiveScaled18);
            if (invariant > 0) {
                invariant = rounding == Rounding.ROUND_DOWN ? invariant : invariant + 1;
            }
    
            return invariant;
        }
    
        /// @inheritdoc IBasePool
        function computeBalance(
            uint256[] memory balancesLiveScaled18,
            uint256 tokenInIndex,
            uint256 invariantRatio
        ) external view returns (uint256 newBalance) {
            (uint256 currentAmp, ) = _getAmplificationParameter();
    
            return
                StableMath.computeBalance(
                    currentAmp,
                    balancesLiveScaled18,
                    computeInvariant(balancesLiveScaled18, Rounding.ROUND_UP).mulUp(invariantRatio),
                    tokenInIndex
                );
        }
    
        /// @inheritdoc IBasePool
        function onSwap(PoolSwapParams memory request) public view virtual onlyVault returns (uint256) {
            uint256 invariant = computeInvariant(request.balancesScaled18, Rounding.ROUND_DOWN);
            (uint256 currentAmp, ) = _getAmplificationParameter();
    
            if (request.kind == SwapKind.EXACT_IN) {
                uint256 amountOutScaled18 = StableMath.computeOutGivenExactIn(
                    currentAmp,
                    request.balancesScaled18,
                    request.indexIn,
                    request.indexOut,
                    request.amountGivenScaled18,
                    invariant
                );
    
                return amountOutScaled18;
            } else {
                uint256 amountInScaled18 = StableMath.computeInGivenExactOut(
                    currentAmp,
                    request.balancesScaled18,
                    request.indexIn,
                    request.indexOut,
                    request.amountGivenScaled18,
                    invariant
                );
    
                return amountInScaled18;
            }
        }
    
        /// @inheritdoc IStablePool
        function startAmplificationParameterUpdate(uint256 rawEndValue, uint256 endTime) external authenticate {
            if (rawEndValue < StableMath.MIN_AMP) {
                revert AmplificationFactorTooLow();
            }
            if (rawEndValue > StableMath.MAX_AMP) {
                revert AmplificationFactorTooHigh();
            }
    
            uint256 duration = endTime - block.timestamp;
            if (duration < _MIN_UPDATE_TIME) {
                revert AmpUpdateDurationTooShort();
            }
    
            (uint256 currentValue, bool isUpdating) = _getAmplificationParameter();
            if (isUpdating) {
                revert AmpUpdateAlreadyStarted();
            }
    
            uint256 endValue = rawEndValue * StableMath.AMP_PRECISION;
    
            // daily rate = (endValue / currentValue) / duration * 1 day
            // We perform all multiplications first to not reduce precision, and round the division up as we want to avoid
            // large rates. Note that these are regular integer multiplications and divisions, not fixed point.
            uint256 dailyRate = endValue > currentValue
                ? (endValue * 1 days).divUpRaw(currentValue * duration)
                : (currentValue * 1 days).divUpRaw(endValue * duration);
    
            if (dailyRate > _MAX_AMP_UPDATE_DAILY_RATE) {
                revert AmpUpdateRateTooFast();
            }
    
            // Values are 18 decimal floating point, which fits in 64 bits. Timestamps are 32 bits.
            uint64 currentValueUint64 = currentValue.toUint64();
            uint64 endValueUint64 = endValue.toUint64();
            uint32 startTimeUint32 = block.timestamp.toUint32();
            uint32 endTimeUint32 = endTime.toUint32();
    
            _amplificationState.startValue = currentValueUint64;
            _amplificationState.endValue = endValueUint64;
            _amplificationState.startTime = startTimeUint32;
            _amplificationState.endTime = endTimeUint32;
    
            emit AmpUpdateStarted(currentValueUint64, endValueUint64, startTimeUint32, endTimeUint32);
            _vault.emitAuxiliaryEvent(
                "AmpUpdateStarted",
                abi.encode(currentValueUint64, endValueUint64, startTimeUint32, endTimeUint32)
            );
        }
    
        /// @inheritdoc IStablePool
        function stopAmplificationParameterUpdate() external authenticate {
            (uint256 currentValue, bool isUpdating) = _getAmplificationParameter();
    
            if (isUpdating == false) {
                revert AmpUpdateNotStarted();
            }
    
            _stopAmplification(currentValue);
            _vault.emitAuxiliaryEvent("AmpUpdateStopped", abi.encode(currentValue));
        }
    
        /// @inheritdoc IStablePool
        function getAmplificationParameter() external view returns (uint256 value, bool isUpdating, uint256 precision) {
            (value, isUpdating) = _getAmplificationParameter();
            precision = StableMath.AMP_PRECISION;
        }
    
        /// @inheritdoc IStablePool
        function getAmplificationState()
            external
            view
            returns (AmplificationState memory amplificationState, uint256 precision)
        {
            amplificationState = _amplificationState;
            precision = StableMath.AMP_PRECISION;
        }
    
        function _getAmplificationParameter() internal view returns (uint256 value, bool isUpdating) {
            AmplificationState memory state = _amplificationState;
    
            (uint256 startValue, uint256 endValue, uint256 startTime, uint256 endTime) = (
                state.startValue,
                state.endValue,
                state.startTime,
                state.endTime
            );
    
            // Note that block.timestamp >= startTime, since startTime is set to the current time when an update starts
    
            if (block.timestamp < endTime) {
                isUpdating = true;
    
                // We can skip checked arithmetic as:
                //  - block.timestamp is always larger or equal to startTime
                //  - endTime is always larger than startTime
                //  - the value delta is bounded by the largest amplification parameter, which never causes the
                //    multiplication to overflow.
                // This also means that the following computation will never revert nor yield invalid results.
                unchecked {
                    if (endValue > startValue) {
                        value =
                            startValue +
                            ((endValue - startValue) * (block.timestamp - startTime)) /
                            (endTime - startTime);
                    } else {
                        value =
                            startValue -
                            ((startValue - endValue) * (block.timestamp - startTime)) /
                            (endTime - startTime);
                    }
                }
            } else {
                isUpdating = false;
                value = endValue;
            }
        }
    
        function _stopAmplification(uint256 value) internal {
            uint64 currentValueUint64 = value.toUint64();
            _amplificationState.startValue = currentValueUint64;
            _amplificationState.endValue = currentValueUint64;
    
            uint32 currentTime = block.timestamp.toUint32();
            _amplificationState.startTime = currentTime;
            _amplificationState.endTime = currentTime;
    
            emit AmpUpdateStopped(currentValueUint64);
        }
    
        /// @inheritdoc ISwapFeePercentageBounds
        function getMinimumSwapFeePercentage() external pure returns (uint256) {
            return _MIN_SWAP_FEE_PERCENTAGE;
        }
    
        /// @inheritdoc ISwapFeePercentageBounds
        function getMaximumSwapFeePercentage() external pure returns (uint256) {
            return _MAX_SWAP_FEE_PERCENTAGE;
        }
    
        /// @inheritdoc IUnbalancedLiquidityInvariantRatioBounds
        function getMinimumInvariantRatio() external pure returns (uint256) {
            return StableMath.MIN_INVARIANT_RATIO;
        }
    
        /// @inheritdoc IUnbalancedLiquidityInvariantRatioBounds
        function getMaximumInvariantRatio() external pure returns (uint256) {
            return StableMath.MAX_INVARIANT_RATIO;
        }
    
        /// @inheritdoc IStablePool
        function getStablePoolDynamicData() external view returns (StablePoolDynamicData memory data) {
            data.balancesLiveScaled18 = _vault.getCurrentLiveBalances(address(this));
            (, data.tokenRates) = _vault.getPoolTokenRates(address(this));
            data.staticSwapFeePercentage = _vault.getStaticSwapFeePercentage((address(this)));
            data.totalSupply = totalSupply();
            data.bptRate = getRate();
            (data.amplificationParameter, data.isAmpUpdating) = _getAmplificationParameter();
    
            AmplificationState memory state = _amplificationState;
            data.startValue = state.startValue;
            data.endValue = state.endValue;
            data.startTime = state.startTime;
            data.endTime = state.endTime;
    
            PoolConfig memory poolConfig = _vault.getPoolConfig(address(this));
            data.isPoolInitialized = poolConfig.isPoolInitialized;
            data.isPoolPaused = poolConfig.isPoolPaused;
            data.isPoolInRecoveryMode = poolConfig.isPoolInRecoveryMode;
        }
    
        /// @inheritdoc IStablePool
        function getStablePoolImmutableData() external view returns (StablePoolImmutableData memory data) {
            data.tokens = _vault.getPoolTokens(address(this));
            (data.decimalScalingFactors, ) = _vault.getPoolTokenRates(address(this));
            data.amplificationParameterPrecision = StableMath.AMP_PRECISION;
        }
    }

    Please enter a contract address above to load the contract details and source code.

    Context size (optional):